Add synapse-admin back
This commit is contained in:
parent
86ec56b5e9
commit
e2cf43ce77
|
@ -1,3 +1,17 @@
|
|||
FROM danielberteaud/alpine:24.4-1 AS builder
|
||||
MAINTAINER Daniel Berteaud <dbd@ehtrace.com>
|
||||
|
||||
ARG SYNAPSE_ADMIN_VERSION=0.10.1
|
||||
|
||||
RUN set -euxo pipefail &&\
|
||||
apk --no-cache update &&\
|
||||
apk --no-cache add yarn git &&\
|
||||
cd /tmp &&\
|
||||
git clone --depth=1 --branch=${SYNAPSE_ADMIN_VERSION} https://github.com/Awesome-Technologies/synapse-admin.git &&\
|
||||
cd synapse-admin &&\
|
||||
yarn install &&\
|
||||
yarn build --base=./
|
||||
|
||||
FROM nginxinc/nginx-unprivileged:alpine
|
||||
MAINTAINER Daniel Berteaud <dbd@ehtrace.com>
|
||||
|
||||
|
@ -14,6 +28,7 @@ RUN set -eux &&\
|
|||
curl -sSL https://github.com/element-hq/element-web/releases/download/v${ELEMENT_VERSION}/element-v${ELEMENT_VERSION}.tar.gz |\
|
||||
tar xvz -C /opt/element/ --strip-components 1 &&\
|
||||
chown -R root: /opt/element
|
||||
COPY --from=builder /tmp/synapse-admin/dist /opt/synapse-admin
|
||||
|
||||
USER nginx
|
||||
EXPOSE ${ELEMENT_BIND_PORT}
|
||||
|
|
|
@ -67,6 +67,13 @@ job "matrix" {
|
|||
"traefik.http.middlewares.csp-matrix-admin.headers.contentsecuritypolicy=connect-src 'self' https://scalar.vector.im https://api.maptiler.com;default-src 'self';font-src 'self' data:;frame-src 'self' blob: https://scalar.vector.im/ https://meet.element.io;img-src 'self' data: blob: https://img.youtube.com https://*.ytimg.com;script-src 'self' https://usercontent.riot.im https://scalar.vector.im;style-src 'self' 'unsafe-inline';worker-src 'self' blob:;",
|
||||
"traefik.http.routers.matrix-admin.middlewares=security-headers@file,rate-limit-std@file,forward-proto@file,inflight-std@file,hsts@file,compression@file,csp-matrix-admin",
|
||||
|
||||
"traefik.http.routers.matrix-admin.rule=Host(`matrix.consul`) && PathPrefix(`/_admin`)",
|
||||
|
||||
"traefik.enable=true",
|
||||
"traefik.http.routers.matrix-synapse-admin.entrypoints=https",
|
||||
"traefik.http.middlewares.csp-matrix-synapse-admin.headers.contentsecuritypolicy=connect-src 'self' https://scalar.vector.im https://api.maptiler.com;default-src 'self';font-src 'self' data:;frame-src 'self' blob: https://scalar.vector.im/ https://meet.element.io;img-src 'self' data: blob: https://img.youtube.com https://*.ytimg.com;script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';worker-src 'self' blob:;",
|
||||
"traefik.http.routers.matrix-synapse-admin.middlewares=security-headers@file,rate-limit-std@file,forward-proto@file,inflight-std@file,hsts@file,compression@file,csp-matrix-synapse-admin",
|
||||
|
||||
"traefik.http.routers.matrix.rule=Host(`matrix.consul`) || (Host(`matrix.consul`) && PathRegexp(`^/(_(synapse|matrix)|\\.well-known/matrix)/.*`))",
|
||||
|
||||
"traefik.enable=true",
|
||||
|
@ -326,7 +333,7 @@ _EOT
|
|||
driver = "docker"
|
||||
|
||||
config {
|
||||
image = "danielberteaud/matrix-element:1.11.65-2"
|
||||
image = "danielberteaud/matrix-element:1.11.65-3"
|
||||
readonly_rootfs = true
|
||||
pids_limit = 100
|
||||
volumes = [
|
||||
|
|
|
@ -1,3 +1,17 @@
|
|||
FROM [[ .docker.repo ]][[ .docker.base_images.alpine.image ]] AS builder
|
||||
MAINTAINER [[ .docker.maintainer ]]
|
||||
|
||||
ARG SYNAPSE_ADMIN_VERSION=[[ .matrix.synapse_admin.version ]]
|
||||
|
||||
RUN set -euxo pipefail &&\
|
||||
apk --no-cache update &&\
|
||||
apk --no-cache add yarn git &&\
|
||||
cd /tmp &&\
|
||||
git clone --depth=1 --branch=${SYNAPSE_ADMIN_VERSION} https://github.com/Awesome-Technologies/synapse-admin.git &&\
|
||||
cd synapse-admin &&\
|
||||
yarn install &&\
|
||||
yarn build --base=./
|
||||
|
||||
FROM nginxinc/nginx-unprivileged:alpine
|
||||
MAINTAINER [[ .docker.maintainer ]]
|
||||
|
||||
|
@ -14,6 +28,7 @@ RUN set -eux &&\
|
|||
curl -sSL https://github.com/element-hq/element-web/releases/download/v${ELEMENT_VERSION}/element-v${ELEMENT_VERSION}.tar.gz |\
|
||||
tar xvz -C /opt/element/ --strip-components 1 &&\
|
||||
chown -R root: /opt/element
|
||||
COPY --from=builder /tmp/synapse-admin/dist /opt/synapse-admin
|
||||
|
||||
USER nginx
|
||||
EXPOSE ${ELEMENT_BIND_PORT}
|
||||
|
|
|
@ -40,8 +40,11 @@ job "[[ .instance ]]" {
|
|||
tags = [
|
||||
[[- $w := merge .matrix.nginx .matrix . ]]
|
||||
[[- $a := merge .matrix.nginx.admin $w ]]
|
||||
[[- $sa := merge .matrix.nginx.synapse_admin $w ]]
|
||||
"[[ $a.traefik.instance ]].http.routers.[[ .instance ]]-admin[[ .consul.suffix ]].rule=Host(`[[ (urlParse .matrix.public_url).Hostname ]]`) && PathPrefix(`/_synapse/admin`)",
|
||||
[[ template "common/traefik_tags" $a ]]
|
||||
"[[ $a.traefik.instance ]].http.routers.[[ .instance ]]-admin[[ .consul.suffix ]].rule=Host(`[[ (urlParse .matrix.public_url).Hostname ]]`) && PathPrefix(`/_admin`)",
|
||||
[[ template "common/traefik_tags" $sa ]]
|
||||
"[[ $w.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].rule=Host(`[[ (urlParse .matrix.public_url).Hostname ]]`) || (Host(`[[ .matrix.server_name ]]`) && PathRegexp(`^/(_(synapse|matrix)|\\.well-known/matrix)/.*`))",
|
||||
[[ template "common/traefik_tags" $w ]]
|
||||
]
|
||||
|
|
|
@ -112,11 +112,15 @@ matrix:
|
|||
map_style_url: https://api.maptiler.com/maps/streets/style.json?key=fU3vlMsMn4Jb6dnEIFsx
|
||||
version: 1.11.65
|
||||
|
||||
# Synapse Admin is the admin interface for Synapse
|
||||
synapse_admin:
|
||||
version: 0.10.1
|
||||
|
||||
# Nginx will servce static files (well-known, element, synapse-admin), and proxy requests to synapse
|
||||
nginx:
|
||||
|
||||
# The image to use
|
||||
image: '[[ .docker.repo ]]matrix-element:[[ .matrix.element.version ]]-2'
|
||||
image: '[[ .docker.repo ]]matrix-element:[[ .matrix.element.version ]]-3'
|
||||
|
||||
# Resource allocation
|
||||
resources:
|
||||
|
@ -144,6 +148,14 @@ matrix:
|
|||
auto_rule: false
|
||||
router: admin
|
||||
|
||||
# Synapse admin
|
||||
synapse_admin:
|
||||
traefik:
|
||||
auto_rule: false
|
||||
router: synapse-admin
|
||||
csp:
|
||||
script-src: "'self' 'unsafe-inline'"
|
||||
|
||||
# Volumes used for data persistance
|
||||
volumes:
|
||||
# Synapse will use this volume to store media, signing keys etc.
|
||||
|
|
Loading…
Reference in New Issue