diff --git a/deployer/README.md b/deployer/README.md index d689742..1c60c84 100644 --- a/deployer/README.md +++ b/deployer/README.md @@ -102,6 +102,10 @@ This block will never run unless `/path/to/backup/dir/db-backup.sql.gz` exists. Someone advised me to install matrix-media-repo to enable animated thumbnails as people's avatar (https://github.com/turt2live/matrix-media-repo/blob/master/config.sample.yaml#L394), and to setup https://github.com/ma1uta/ma1sd which is a federated identity server. +#### TODO + +* Finer logging (remove useless federation warnings): https://github.com/matrix-org/synapse/issues/9170 + ### NextCloud Steps to dockerization: diff --git a/deployer/group_vars/all/vars.yml b/deployer/group_vars/all/vars.yml index 560d4d1..169373a 100644 --- a/deployer/group_vars/all/vars.yml +++ b/deployer/group_vars/all/vars.yml @@ -17,7 +17,7 @@ wordpress: gitea: version: 1.13.0 synapse: - version: v1.25.0 + version: v1.26.0 drupal: version: 8.9.7-apache nextcloud: diff --git a/deployer/roles/build/tasks/synapse.yml b/deployer/roles/build/tasks/synapse.yml index d0fab21..847a0b9 100644 --- a/deployer/roles/build/tasks/synapse.yml +++ b/deployer/roles/build/tasks/synapse.yml @@ -67,6 +67,7 @@ rule: allow comment: "coturn TCP/UDP" become: true + tags: firewall - name: "Allow inbound ports {{ site.coturn.min_port }}-{{ site.coturn.max_port }}/UDP for coturn un UFW" ufw: @@ -79,6 +80,7 @@ with_sequence: start="{{ site.coturn.min_port }}" end="{{ site.coturn.max_port }}" #loop: "{{ range({{ site.coturn.min_port }}, {{ site.coturn.max_port }} + 1)|list }}" become: true + tags: firewall ################# diff --git a/deployer/roles/build/templates/synapse/nginx.host.j2 b/deployer/roles/build/templates/synapse/nginx.host.j2 index 62ac185..78a2d08 100644 --- a/deployer/roles/build/templates/synapse/nginx.host.j2 +++ b/deployer/roles/build/templates/synapse/nginx.host.j2 @@ -29,19 +29,23 @@ server { ssl_certificate /etc/letsencrypt/live/{{ site.url }}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/{{ site.url }}/privkey.pem; -{% if site.custom_landing %} - location / { - root {{ site.custom_landing }}; - } -{% endif %} - include snippets/header-params_server.conf; - location /_matrix { + location ~* ^(\/_matrix|\/_synapse\/client) { include snippets/header-params_location.conf; client_max_body_size {{ site.max_upload_size }}; proxy_pass http://{{ site.subnet_site_ip }}:8008; } + + location /.well-known/ { + log_not_found off; + } + +{% if site.custom_landing %} + location / { + root {{ site.custom_landing }}; + } +{% endif %} } server { diff --git a/deployer/roles/deploy/tasks/nginx.yml b/deployer/roles/deploy/tasks/nginx.yml index eb22ef1..ef92c4d 100644 --- a/deployer/roles/deploy/tasks/nginx.yml +++ b/deployer/roles/deploy/tasks/nginx.yml @@ -7,6 +7,7 @@ src: "{{ sites_path }}/{{ site.slug }}/nginx.host" dest: "/etc/nginx/sites-available/{{ site.url }}" become: yes + notify: Restart nginx - name: "Symlink nginx configuration to sites-enabled" file: