More work on Synapse + Element + Synapse admin
This commit is contained in:
parent
c6a728fa70
commit
d20774f507
|
@ -10,6 +10,12 @@ Sources = [
|
||||||
PathRegex = "^/_(matrix|synapse)/.*"
|
PathRegex = "^/_(matrix|synapse)/.*"
|
||||||
Methods = ["GET", "HEAD", "POST", "OPTIONS", "PUT", "DELETE"]
|
Methods = ["GET", "HEAD", "POST", "OPTIONS", "PUT", "DELETE"]
|
||||||
}
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Action = "allow"
|
||||||
|
HTTP {
|
||||||
|
Methods = ["GET", "HEAD"]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,7 +1,8 @@
|
||||||
FROM nginxinc/nginx-unprivileged:alpine
|
FROM nginxinc/nginx-unprivileged:alpine
|
||||||
MAINTAINER [[ .docker.maintainer ]]
|
MAINTAINER [[ .docker.maintainer ]]
|
||||||
|
|
||||||
ARG ELEMENT_VERSION=1.11.51
|
ARG ELEMENT_VERSION=1.11.52 \
|
||||||
|
SYNAPSE_ADMIN_VERSION=0.8.7
|
||||||
|
|
||||||
ENV ELEMENT_NGINX_BIND_ADDR=0.0.0.0 \
|
ENV ELEMENT_NGINX_BIND_ADDR=0.0.0.0 \
|
||||||
ELEMENT_NGINX_BIND_PORT=8710
|
ELEMENT_NGINX_BIND_PORT=8710
|
||||||
|
@ -10,8 +11,13 @@ USER root
|
||||||
|
|
||||||
RUN set -eux &&\
|
RUN set -eux &&\
|
||||||
mkdir -p /opt/element &&\
|
mkdir -p /opt/element &&\
|
||||||
|
mkdir -p /opt/synapse-admin &&\
|
||||||
curl -sSL https://github.com/element-hq/element-web/releases/download/v${ELEMENT_VERSION}/element-v${ELEMENT_VERSION}.tar.gz |\
|
curl -sSL https://github.com/element-hq/element-web/releases/download/v${ELEMENT_VERSION}/element-v${ELEMENT_VERSION}.tar.gz |\
|
||||||
tar xvz -C /opt/element/ --strip-components 1
|
tar xvz -C /opt/element/ --strip-components 1 &&\
|
||||||
|
curl -sSL https://github.com/Awesome-Technologies/synapse-admin/releases/download/${SYNAPSE_ADMIN_VERSION}/synapse-admin-${SYNAPSE_ADMIN_VERSION}-dirty.tar.gz |\
|
||||||
|
tar xvz -C /opt/synapse-admin --strip-components 1 &&\
|
||||||
|
rm -rf /opt/synapse-admin/data/* &&\
|
||||||
|
chown -R root: /opt/element /opt/synapse-admin
|
||||||
|
|
||||||
USER nginx
|
USER nginx
|
||||||
EXPOSE ${ELEMENT_BIND_PORT}
|
EXPOSE ${ELEMENT_BIND_PORT}
|
||||||
|
|
|
@ -4,6 +4,8 @@ set -euo pipefail
|
||||||
|
|
||||||
source /opt/synapse/venv/bin/activate
|
source /opt/synapse/venv/bin/activate
|
||||||
|
|
||||||
|
umask 007
|
||||||
|
|
||||||
if [ ! -e "${SYNAPSE_CONFIG}" ]; then
|
if [ ! -e "${SYNAPSE_CONFIG}" ]; then
|
||||||
echo "Generating a default ${SYNAPSE_CONFIG}"
|
echo "Generating a default ${SYNAPSE_CONFIG}"
|
||||||
if [ -z "${SYNAPSE_SERVER_NAME}" ]; then
|
if [ -z "${SYNAPSE_SERVER_NAME}" ]; then
|
||||||
|
|
|
@ -3,4 +3,8 @@
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
source /opt/synapse/venv/bin/activate
|
source /opt/synapse/venv/bin/activate
|
||||||
exec python3 -m synapse.app.homeserver -c ${SYNAPSE_CONFIG}
|
exec python3 -m synapse.app.homeserver \
|
||||||
|
--config-path ${SYNAPSE_CONFIG} \
|
||||||
|
--config-directory=/data/conf \
|
||||||
|
--keys-directory=/data/conf \
|
||||||
|
--data-directory=/data
|
||||||
|
|
|
@ -29,6 +29,21 @@ job [[ .instance | toJSON ]] {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
tags = [
|
||||||
|
[[- $w := merge .matrix.nginx . ]]
|
||||||
|
"[[ $w.traefik.instance ]].enable=[[ $w.traefik.enabled ]]",
|
||||||
|
|
||||||
|
"[[ $c.traefik.instance ]].http.middlewares.[[ .instance ]]-headers[[ .consul.suffix ]].headers.contentsecuritypolicy=[[ range $k, $v := $w.traefik.csp ]][[ $k ]] [[ $v ]];[[ end ]]",
|
||||||
|
|
||||||
|
"[[ $w.traefik.instance ]].http.routers.[[ .instance ]]-admin[[ .consul.suffix ]].rule=Host(`[[ (urlParse .matrix.public_url).Hostname ]]`) && (PathPrefix(`/_admin/`) || PathPrefix(`/_synapse/admin`))",
|
||||||
|
"[[ $w.traefik.instance ]].http.routers.[[ .instance ]]-admin[[ .consul.suffix ]].entrypoints=[[ join $w.traefik.entrypoints "," ]]",
|
||||||
|
"[[ $w.traefik.instance ]].http.routers.[[ .instance ]]-admin[[ .consul.suffix ]].middlewares=[[ template "common/traefik_middlewares" $w.traefik.admin ]]",
|
||||||
|
|
||||||
|
"[[ $w.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].rule=Host(`[[ (urlParse .matrix.public_url).Hostname ]]`) || (Host(`[[ .matrix.server_name ]]`) && PathRegexp(`^/(_(synapse|matrix)|\\.well-known/matrix)/.*`))",
|
||||||
|
"[[ $w.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].entrypoints=[[ join $w.traefik.entrypoints "," ]]",
|
||||||
|
"[[ $w.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].middlewares=[[ template "common/traefik_middlewares" $w.traefik ]]",
|
||||||
|
]
|
||||||
|
|
||||||
[[ template "common/connect" merge .matrix . ]]
|
[[ template "common/connect" merge .matrix . ]]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -67,6 +82,13 @@ _EOT
|
||||||
perms = 0640
|
perms = 0640
|
||||||
}
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data =<<_EOT
|
||||||
|
[[ template "matrix/logging.conf.tpl" . ]]
|
||||||
|
_EOT
|
||||||
|
destination = "secrets/logging.conf"
|
||||||
|
}
|
||||||
|
|
||||||
volume_mount {
|
volume_mount {
|
||||||
volume = "data"
|
volume = "data"
|
||||||
destination = "/data"
|
destination = "/data"
|
||||||
|
@ -75,55 +97,34 @@ _EOT
|
||||||
[[ template "common/resources" $c.resources ]]
|
[[ template "common/resources" $c.resources ]]
|
||||||
}
|
}
|
||||||
|
|
||||||
[[ $c = merge .matrix.element . ]]
|
|
||||||
task "element" {
|
|
||||||
driver = [[ $c.nomad.driver | toJSON ]]
|
|
||||||
|
|
||||||
lifecycle {
|
|
||||||
hook = "prestart"
|
|
||||||
sidecar = true
|
|
||||||
}
|
|
||||||
|
|
||||||
config {
|
|
||||||
image = [[ $c.image | toJSON ]]
|
|
||||||
readonly_rootfs = true
|
|
||||||
pids_limit = 100
|
|
||||||
[[ template "common/tmpfs" dict "size" "5000000" "target" "/tmp" ]]
|
|
||||||
}
|
|
||||||
|
|
||||||
env {
|
|
||||||
ELEMENT_BIND_ADDR = "127.0.0.1"
|
|
||||||
ELEMENT_NGINX_BIND_PORT = "8710"
|
|
||||||
}
|
|
||||||
|
|
||||||
[[ template "common/resources" $c.resources ]]
|
|
||||||
}
|
|
||||||
|
|
||||||
[[ $c = merge .matrix.nginx . ]]
|
[[ $c = merge .matrix.nginx . ]]
|
||||||
task "nginx" {
|
task "nginx" {
|
||||||
driver = [[ $c.nomad.driver | toJSON ]]
|
driver = [[ $c.nomad.driver | toJSON ]]
|
||||||
|
|
||||||
lifecycle {
|
|
||||||
hook = "prestart"
|
|
||||||
sidecar = true
|
|
||||||
}
|
|
||||||
|
|
||||||
config {
|
config {
|
||||||
image = [[ $c.image | toJSON ]]
|
image = [[ $c.image | toJSON ]]
|
||||||
readonly_rootfs = true
|
readonly_rootfs = true
|
||||||
pids_limit = 100
|
pids_limit = 100
|
||||||
volumes = [
|
volumes = [
|
||||||
"local/nginx.conf:/etc/nginx/conf.d/default.conf"
|
"local/nginx.conf:/etc/nginx/conf.d/default.conf:ro",
|
||||||
]
|
]
|
||||||
[[ template "common/tmpfs" dict "size" "5000000" "target" "/tmp" ]]
|
[[ template "common/tmpfs" dict "size" "5000000" "target" "/tmp" ]]
|
||||||
}
|
}
|
||||||
|
|
||||||
template {
|
template {
|
||||||
data =<<_EOT
|
data =<<_EOT
|
||||||
[[ template "matrix/nginx.conf.tpl" ]]
|
[[ template "matrix/nginx.conf.tpl" . ]]
|
||||||
_EOT
|
_EOT
|
||||||
destination = "local/nginx.conf"
|
destination = "local/nginx.conf"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data =<<_EOT
|
||||||
|
[[ template "matrix/element.json.tpl" . ]]
|
||||||
|
_EOT
|
||||||
|
destination = "local/element.json"
|
||||||
|
}
|
||||||
|
|
||||||
[[ template "common/resources" $c.resources ]]
|
[[ template "common/resources" $c.resources ]]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
39
templates/element.json.tpl
Normal file
39
templates/element.json.tpl
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
{
|
||||||
|
"default_server_config": {
|
||||||
|
"m.homeserver": {
|
||||||
|
"base_url": "[[ .matrix.public_url ]]",
|
||||||
|
"server_name": "[[ .matrix.server_name ]]"
|
||||||
|
},
|
||||||
|
"m.identity_server": {
|
||||||
|
"base_url": "https://vector.im"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"brand": "Element",
|
||||||
|
"integrations_ui_url": "https://scalar.vector.im/",
|
||||||
|
"integrations_rest_url": "https://scalar.vector.im/api",
|
||||||
|
"integrations_widgets_urls": [
|
||||||
|
"https://scalar.vector.im/_matrix/integrations/v1",
|
||||||
|
"https://scalar.vector.im/api",
|
||||||
|
"https://scalar-staging.vector.im/_matrix/integrations/v1",
|
||||||
|
"https://scalar-staging.vector.im/api",
|
||||||
|
"https://scalar-staging.element.im/scalar/api"
|
||||||
|
],
|
||||||
|
"show_labs_settings": true,
|
||||||
|
"roomDirectory": {
|
||||||
|
"servers": [
|
||||||
|
"matrix.org"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"disable_guests": [[ .matrix.allow_guests | ternary "false" "true" ]],
|
||||||
|
[[ if and (has .matrix "jitsi") (has .matrix.jitsi "domain") ]]
|
||||||
|
"jitsi": {
|
||||||
|
"preferredDomain": "[[ .matrix.jitsi.domain ]]"
|
||||||
|
},
|
||||||
|
[[ end ]]
|
||||||
|
"settingDefaults": {
|
||||||
|
"UIFeature.feedback": false,
|
||||||
|
"UIFeature.thirdPartyId": false
|
||||||
|
},
|
||||||
|
"map_style_url": "[[ .matrix.element.map_style_url ]]",
|
||||||
|
"happyJson": true
|
||||||
|
}
|
|
@ -2,7 +2,6 @@
|
||||||
|
|
||||||
server_name: [[ .matrix.server_name ]]
|
server_name: [[ .matrix.server_name ]]
|
||||||
public_baseurl: [[ .matrix.public_url ]]
|
public_baseurl: [[ .matrix.public_url ]]
|
||||||
serve_server_wellknown: true
|
|
||||||
report_stats: false
|
report_stats: false
|
||||||
|
|
||||||
web_client: false
|
web_client: false
|
||||||
|
@ -52,27 +51,22 @@ media_retention:
|
||||||
local_media_lifetime: 730d
|
local_media_lifetime: 730d
|
||||||
remote_media_lifetime: 14d
|
remote_media_lifetime: 14d
|
||||||
|
|
||||||
|
[[ if .matrix.synapse.url_preview.enabled ]]
|
||||||
url_preview_enabled: true
|
url_preview_enabled: true
|
||||||
url_preview_ip_range_blacklist:
|
url_preview_ip_range_blacklist:
|
||||||
- '127.0.0.0/8'
|
[[- range $idx, $black := .matrix.synapse.url_preview.ip_range_blacklist ]]
|
||||||
- '10.0.0.0/8'
|
- [[ $black ]]
|
||||||
- '172.16.0.0/12'
|
[[- end ]]
|
||||||
- '192.168.0.0/16'
|
|
||||||
- '100.64.0.0/10'
|
|
||||||
- '192.0.0.0/24'
|
|
||||||
- '169.254.0.0/16'
|
|
||||||
- '192.88.99.0/24'
|
|
||||||
- '198.18.0.0/15'
|
|
||||||
- '192.0.2.0/24'
|
|
||||||
- '198.51.100.0/24'
|
|
||||||
- '203.0.113.0/24'
|
|
||||||
- '224.0.0.0/4'
|
|
||||||
url_preview_url_blacklist:
|
url_preview_url_blacklist:
|
||||||
- username: '*'
|
[[- range $idx, $black := .matrix.synapse.url_preview.url_blacklist ]]
|
||||||
- netloc: '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'
|
- [[ $black | toYAML ]]
|
||||||
|
[[- end ]]
|
||||||
|
[[- end ]]
|
||||||
|
|
||||||
default_identity_server: https://matrix.org
|
default_identity_server: https://matrix.org
|
||||||
|
|
||||||
|
allow_guest_access: [[ .matrix.allow_guests ]]
|
||||||
|
|
||||||
macaroon_secret_key: '[[ .matrix.synapse.macaroon_secret_key ]]'
|
macaroon_secret_key: '[[ .matrix.synapse.macaroon_secret_key ]]'
|
||||||
form_secret: '[[ .matrix.synapse.form_secret ]]'
|
form_secret: '[[ .matrix.synapse.form_secret ]]'
|
||||||
|
|
||||||
|
@ -96,3 +90,5 @@ alias_creation_rules:
|
||||||
alias: '*'
|
alias: '*'
|
||||||
action: allow
|
action: allow
|
||||||
|
|
||||||
|
log_config: /secrets/logging.conf
|
||||||
|
signing_key_path: /data/conf/[[ .matrix.server_name ]].signing.key
|
||||||
|
|
27
templates/logging.conf.tpl
Normal file
27
templates/logging.conf.tpl
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
version: 1
|
||||||
|
|
||||||
|
formatters:
|
||||||
|
precise:
|
||||||
|
format: '%(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s'
|
||||||
|
|
||||||
|
filters:
|
||||||
|
context:
|
||||||
|
(): synapse.util.logcontext.LoggingContextFilter
|
||||||
|
request: ""
|
||||||
|
|
||||||
|
handlers:
|
||||||
|
console:
|
||||||
|
class: logging.StreamHandler
|
||||||
|
formatter: precise
|
||||||
|
filters: [context]
|
||||||
|
|
||||||
|
loggers:
|
||||||
|
synapse.storage.SQL:
|
||||||
|
# beware: increasing this to DEBUG will make synapse log sensitive
|
||||||
|
# information such as access tokens.
|
||||||
|
level: INFO
|
||||||
|
|
||||||
|
root:
|
||||||
|
level: INFO
|
||||||
|
handlers: [console]
|
||||||
|
|
|
@ -2,10 +2,6 @@ upstream synapse {
|
||||||
server unix:/alloc/tmp/synapse.sock;
|
server unix:/alloc/tmp/synapse.sock;
|
||||||
}
|
}
|
||||||
|
|
||||||
upstream element {
|
|
||||||
server 127.0.0.1:8710;
|
|
||||||
}
|
|
||||||
|
|
||||||
map $http_upgrade $connection_upgrade {
|
map $http_upgrade $connection_upgrade {
|
||||||
default upgrade;
|
default upgrade;
|
||||||
'' close;
|
'' close;
|
||||||
|
@ -14,13 +10,18 @@ map $http_upgrade $connection_upgrade {
|
||||||
server {
|
server {
|
||||||
listen 127.0.0.1:8008 default_server;
|
listen 127.0.0.1:8008 default_server;
|
||||||
server_tokens off;
|
server_tokens off;
|
||||||
root /usr/share/html;
|
root /opt/element;
|
||||||
|
index index.html;
|
||||||
|
include /etc/nginx/mime.types;
|
||||||
|
default_type application/octet-stream;
|
||||||
|
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header Connection $connection_upgrade;
|
proxy_set_header Connection $connection_upgrade;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_socket_keepalive on;
|
proxy_socket_keepalive on;
|
||||||
|
proxy_buffering off;
|
||||||
|
proxy_request_buffering off;
|
||||||
client_max_body_size 100m;
|
client_max_body_size 100m;
|
||||||
set_real_ip_from 127.0.0.1;
|
set_real_ip_from 127.0.0.1;
|
||||||
real_ip_header X-Forwarded-For;
|
real_ip_header X-Forwarded-For;
|
||||||
|
@ -30,14 +31,49 @@ server {
|
||||||
proxy_pass http://synapse;
|
proxy_pass http://synapse;
|
||||||
proxy_read_timeout 600;
|
proxy_read_timeout 600;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /_synapse {
|
location /_synapse {
|
||||||
proxy_pass http://synapse;
|
proxy_pass http://synapse;
|
||||||
proxy_read_timeout 600;
|
proxy_read_timeout 600;
|
||||||
}
|
}
|
||||||
location /health {
|
|
||||||
|
location = /health {
|
||||||
proxy_pass http://synapse;
|
proxy_pass http://synapse;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
location /index.html {
|
||||||
|
add_header Cache-Control "no-cache";
|
||||||
|
}
|
||||||
|
|
||||||
|
location /version {
|
||||||
|
add_header Cache-Control "no-cache";
|
||||||
|
}
|
||||||
|
|
||||||
|
location /config.json {
|
||||||
|
add_header Cache-Control "no-cache";
|
||||||
|
alias /local/element.json;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /.well-known/matrix/server {
|
||||||
|
add_header Access-Control-Allow-Origin *;
|
||||||
|
default_type application/json;
|
||||||
|
expires 6h;
|
||||||
|
return 200 '{"m.server": "[[ (urlParse .matrix.public_url).Hostname ]]:[[ if eq (urlParse .matrix.public_url).Port "" ]]443[[ else ]][[ (urlParse .matrix.public_url).Port ]][[ end ]]"}';
|
||||||
|
}
|
||||||
|
location /.well-known/matrix/client {
|
||||||
|
add_header Access-Control-Allow-Origin *;
|
||||||
|
default_type application/json;
|
||||||
|
expires 6h;
|
||||||
|
return 200 '{"m.homeserver": {"base_url": "[[ .matrix.public_url ]]"}}';
|
||||||
|
}
|
||||||
|
|
||||||
|
# Expose synapse admin
|
||||||
|
location /_admin/ {
|
||||||
|
alias /opt/synapse-admin/;
|
||||||
|
expires 30d;
|
||||||
|
}
|
||||||
|
# default files
|
||||||
location / {
|
location / {
|
||||||
proxy_pass http://element;
|
expires 30d;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,6 +6,7 @@ matrix:
|
||||||
|
|
||||||
server_name: matrix.[[ .consul.domain ]]
|
server_name: matrix.[[ .consul.domain ]]
|
||||||
public_url: https://matrix.[[ .consul.domain ]]
|
public_url: https://matrix.[[ .consul.domain ]]
|
||||||
|
allow_guests: false
|
||||||
|
|
||||||
consul:
|
consul:
|
||||||
connect:
|
connect:
|
||||||
|
@ -15,7 +16,7 @@ matrix:
|
||||||
|
|
||||||
synapse:
|
synapse:
|
||||||
|
|
||||||
image: '[[ .docker.repo ]]matrix-synapse:latest'
|
image: '[[ .docker.repo ]]matrix-synapse:1.98.0-1'
|
||||||
|
|
||||||
env: {}
|
env: {}
|
||||||
|
|
||||||
|
@ -23,6 +24,26 @@ matrix:
|
||||||
|
|
||||||
macaroon_secret_key: '{{ with secret "[[ .vault.prefix ]]kv/service/[[ .instance ]]" }}{{ .Data.data.macaroon_secret_key }}{{ end }}'
|
macaroon_secret_key: '{{ with secret "[[ .vault.prefix ]]kv/service/[[ .instance ]]" }}{{ .Data.data.macaroon_secret_key }}{{ end }}'
|
||||||
form_secret: '{{ with secret "[[ .vault.prefix ]]kv/service/[[ .instance ]]" }}{{ .Data.data.form_secret }}{{ end }}'
|
form_secret: '{{ with secret "[[ .vault.prefix ]]kv/service/[[ .instance ]]" }}{{ .Data.data.form_secret }}{{ end }}'
|
||||||
|
|
||||||
|
url_preview:
|
||||||
|
enabled: true
|
||||||
|
ip_range_blacklist:
|
||||||
|
- 127.0.0.0/8
|
||||||
|
- 10.0.0.0/8
|
||||||
|
- 172.16.0.0/12
|
||||||
|
- 192.168.0.0/16
|
||||||
|
- 100.64.0.0/10
|
||||||
|
- 192.0.0.0/24
|
||||||
|
- 169.254.0.0/16
|
||||||
|
- 192.88.99.0/24
|
||||||
|
- 198.18.0.0/15
|
||||||
|
- 192.0.2.0/24
|
||||||
|
- 198.51.100.0/24
|
||||||
|
- 203.0.113.0/24
|
||||||
|
- 224.0.0.0/4
|
||||||
|
url_blacklist:
|
||||||
|
- username: '*'
|
||||||
|
- netloc: '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'
|
||||||
|
|
||||||
db:
|
db:
|
||||||
host: 127.0.0.1
|
host: 127.0.0.1
|
||||||
|
@ -37,23 +58,43 @@ matrix:
|
||||||
resources:
|
resources:
|
||||||
cpu: 500
|
cpu: 500
|
||||||
memory: 384
|
memory: 384
|
||||||
|
|
||||||
element:
|
element:
|
||||||
image: '[[ .docker.repo ]]matrix-element:latest'
|
map_style_url: https://api.maptiler.com/maps/streets/style.json?key=fU3vlMsMn4Jb6dnEIFsx
|
||||||
|
|
||||||
env: {}
|
|
||||||
|
|
||||||
resources:
|
|
||||||
cpu: 20
|
|
||||||
memory: 16
|
|
||||||
|
|
||||||
nginx:
|
nginx:
|
||||||
image: nginxinc/nginx-unprivileged:alpine
|
image: '[[ .docker.repo ]]matrix-element:1.11.52-1'
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
cpu: 20
|
cpu: 20
|
||||||
memory: 16
|
memory: 16
|
||||||
|
|
||||||
|
traefik:
|
||||||
|
enabled: true
|
||||||
|
csp:
|
||||||
|
script-src: "'self' https://usercontent.riot.im https://scalar.vector.im"
|
||||||
|
worker-src: "'self' blob:"
|
||||||
|
connect-src: "'self' https://scalar.vector.im https://api.maptiler.com"
|
||||||
|
img-src: "'self' data: blob: https://img.youtube.com https://*.ytimg.com"
|
||||||
|
frame-src: "'self' blob: https://scalar.vector.im/ https://meet.element.io"
|
||||||
|
middlewares: []
|
||||||
|
# Override base_middlewares to remove csp-relaxed@file
|
||||||
|
base_middlewares:
|
||||||
|
- rate-limit-high@file
|
||||||
|
- inflight-high@file
|
||||||
|
- security-headers@file
|
||||||
|
- hsts@file
|
||||||
|
- compression@file
|
||||||
|
|
||||||
|
admin:
|
||||||
|
base_middlewares:
|
||||||
|
- rate-limit-high@file
|
||||||
|
- inflight-high@file
|
||||||
|
- security-headers@file
|
||||||
|
- hsts@file
|
||||||
|
- compression@file
|
||||||
|
middlewares: []
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
data:
|
data:
|
||||||
type: csi
|
type: csi
|
||||||
|
|
Loading…
Reference in New Issue
Block a user