Add synapse-admin back
This commit is contained in:
parent
86ec56b5e9
commit
e2cf43ce77
|
@ -1,3 +1,17 @@
|
||||||
|
FROM danielberteaud/alpine:24.4-1 AS builder
|
||||||
|
MAINTAINER Daniel Berteaud <dbd@ehtrace.com>
|
||||||
|
|
||||||
|
ARG SYNAPSE_ADMIN_VERSION=0.10.1
|
||||||
|
|
||||||
|
RUN set -euxo pipefail &&\
|
||||||
|
apk --no-cache update &&\
|
||||||
|
apk --no-cache add yarn git &&\
|
||||||
|
cd /tmp &&\
|
||||||
|
git clone --depth=1 --branch=${SYNAPSE_ADMIN_VERSION} https://github.com/Awesome-Technologies/synapse-admin.git &&\
|
||||||
|
cd synapse-admin &&\
|
||||||
|
yarn install &&\
|
||||||
|
yarn build --base=./
|
||||||
|
|
||||||
FROM nginxinc/nginx-unprivileged:alpine
|
FROM nginxinc/nginx-unprivileged:alpine
|
||||||
MAINTAINER Daniel Berteaud <dbd@ehtrace.com>
|
MAINTAINER Daniel Berteaud <dbd@ehtrace.com>
|
||||||
|
|
||||||
|
@ -14,6 +28,7 @@ RUN set -eux &&\
|
||||||
curl -sSL https://github.com/element-hq/element-web/releases/download/v${ELEMENT_VERSION}/element-v${ELEMENT_VERSION}.tar.gz |\
|
curl -sSL https://github.com/element-hq/element-web/releases/download/v${ELEMENT_VERSION}/element-v${ELEMENT_VERSION}.tar.gz |\
|
||||||
tar xvz -C /opt/element/ --strip-components 1 &&\
|
tar xvz -C /opt/element/ --strip-components 1 &&\
|
||||||
chown -R root: /opt/element
|
chown -R root: /opt/element
|
||||||
|
COPY --from=builder /tmp/synapse-admin/dist /opt/synapse-admin
|
||||||
|
|
||||||
USER nginx
|
USER nginx
|
||||||
EXPOSE ${ELEMENT_BIND_PORT}
|
EXPOSE ${ELEMENT_BIND_PORT}
|
||||||
|
|
|
@ -67,6 +67,13 @@ job "matrix" {
|
||||||
"traefik.http.middlewares.csp-matrix-admin.headers.contentsecuritypolicy=connect-src 'self' https://scalar.vector.im https://api.maptiler.com;default-src 'self';font-src 'self' data:;frame-src 'self' blob: https://scalar.vector.im/ https://meet.element.io;img-src 'self' data: blob: https://img.youtube.com https://*.ytimg.com;script-src 'self' https://usercontent.riot.im https://scalar.vector.im;style-src 'self' 'unsafe-inline';worker-src 'self' blob:;",
|
"traefik.http.middlewares.csp-matrix-admin.headers.contentsecuritypolicy=connect-src 'self' https://scalar.vector.im https://api.maptiler.com;default-src 'self';font-src 'self' data:;frame-src 'self' blob: https://scalar.vector.im/ https://meet.element.io;img-src 'self' data: blob: https://img.youtube.com https://*.ytimg.com;script-src 'self' https://usercontent.riot.im https://scalar.vector.im;style-src 'self' 'unsafe-inline';worker-src 'self' blob:;",
|
||||||
"traefik.http.routers.matrix-admin.middlewares=security-headers@file,rate-limit-std@file,forward-proto@file,inflight-std@file,hsts@file,compression@file,csp-matrix-admin",
|
"traefik.http.routers.matrix-admin.middlewares=security-headers@file,rate-limit-std@file,forward-proto@file,inflight-std@file,hsts@file,compression@file,csp-matrix-admin",
|
||||||
|
|
||||||
|
"traefik.http.routers.matrix-admin.rule=Host(`matrix.consul`) && PathPrefix(`/_admin`)",
|
||||||
|
|
||||||
|
"traefik.enable=true",
|
||||||
|
"traefik.http.routers.matrix-synapse-admin.entrypoints=https",
|
||||||
|
"traefik.http.middlewares.csp-matrix-synapse-admin.headers.contentsecuritypolicy=connect-src 'self' https://scalar.vector.im https://api.maptiler.com;default-src 'self';font-src 'self' data:;frame-src 'self' blob: https://scalar.vector.im/ https://meet.element.io;img-src 'self' data: blob: https://img.youtube.com https://*.ytimg.com;script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';worker-src 'self' blob:;",
|
||||||
|
"traefik.http.routers.matrix-synapse-admin.middlewares=security-headers@file,rate-limit-std@file,forward-proto@file,inflight-std@file,hsts@file,compression@file,csp-matrix-synapse-admin",
|
||||||
|
|
||||||
"traefik.http.routers.matrix.rule=Host(`matrix.consul`) || (Host(`matrix.consul`) && PathRegexp(`^/(_(synapse|matrix)|\\.well-known/matrix)/.*`))",
|
"traefik.http.routers.matrix.rule=Host(`matrix.consul`) || (Host(`matrix.consul`) && PathRegexp(`^/(_(synapse|matrix)|\\.well-known/matrix)/.*`))",
|
||||||
|
|
||||||
"traefik.enable=true",
|
"traefik.enable=true",
|
||||||
|
@ -326,7 +333,7 @@ _EOT
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
|
|
||||||
config {
|
config {
|
||||||
image = "danielberteaud/matrix-element:1.11.65-2"
|
image = "danielberteaud/matrix-element:1.11.65-3"
|
||||||
readonly_rootfs = true
|
readonly_rootfs = true
|
||||||
pids_limit = 100
|
pids_limit = 100
|
||||||
volumes = [
|
volumes = [
|
||||||
|
|
|
@ -1,3 +1,17 @@
|
||||||
|
FROM [[ .docker.repo ]][[ .docker.base_images.alpine.image ]] AS builder
|
||||||
|
MAINTAINER [[ .docker.maintainer ]]
|
||||||
|
|
||||||
|
ARG SYNAPSE_ADMIN_VERSION=[[ .matrix.synapse_admin.version ]]
|
||||||
|
|
||||||
|
RUN set -euxo pipefail &&\
|
||||||
|
apk --no-cache update &&\
|
||||||
|
apk --no-cache add yarn git &&\
|
||||||
|
cd /tmp &&\
|
||||||
|
git clone --depth=1 --branch=${SYNAPSE_ADMIN_VERSION} https://github.com/Awesome-Technologies/synapse-admin.git &&\
|
||||||
|
cd synapse-admin &&\
|
||||||
|
yarn install &&\
|
||||||
|
yarn build --base=./
|
||||||
|
|
||||||
FROM nginxinc/nginx-unprivileged:alpine
|
FROM nginxinc/nginx-unprivileged:alpine
|
||||||
MAINTAINER [[ .docker.maintainer ]]
|
MAINTAINER [[ .docker.maintainer ]]
|
||||||
|
|
||||||
|
@ -14,6 +28,7 @@ RUN set -eux &&\
|
||||||
curl -sSL https://github.com/element-hq/element-web/releases/download/v${ELEMENT_VERSION}/element-v${ELEMENT_VERSION}.tar.gz |\
|
curl -sSL https://github.com/element-hq/element-web/releases/download/v${ELEMENT_VERSION}/element-v${ELEMENT_VERSION}.tar.gz |\
|
||||||
tar xvz -C /opt/element/ --strip-components 1 &&\
|
tar xvz -C /opt/element/ --strip-components 1 &&\
|
||||||
chown -R root: /opt/element
|
chown -R root: /opt/element
|
||||||
|
COPY --from=builder /tmp/synapse-admin/dist /opt/synapse-admin
|
||||||
|
|
||||||
USER nginx
|
USER nginx
|
||||||
EXPOSE ${ELEMENT_BIND_PORT}
|
EXPOSE ${ELEMENT_BIND_PORT}
|
||||||
|
|
|
@ -40,8 +40,11 @@ job "[[ .instance ]]" {
|
||||||
tags = [
|
tags = [
|
||||||
[[- $w := merge .matrix.nginx .matrix . ]]
|
[[- $w := merge .matrix.nginx .matrix . ]]
|
||||||
[[- $a := merge .matrix.nginx.admin $w ]]
|
[[- $a := merge .matrix.nginx.admin $w ]]
|
||||||
|
[[- $sa := merge .matrix.nginx.synapse_admin $w ]]
|
||||||
"[[ $a.traefik.instance ]].http.routers.[[ .instance ]]-admin[[ .consul.suffix ]].rule=Host(`[[ (urlParse .matrix.public_url).Hostname ]]`) && PathPrefix(`/_synapse/admin`)",
|
"[[ $a.traefik.instance ]].http.routers.[[ .instance ]]-admin[[ .consul.suffix ]].rule=Host(`[[ (urlParse .matrix.public_url).Hostname ]]`) && PathPrefix(`/_synapse/admin`)",
|
||||||
[[ template "common/traefik_tags" $a ]]
|
[[ template "common/traefik_tags" $a ]]
|
||||||
|
"[[ $a.traefik.instance ]].http.routers.[[ .instance ]]-admin[[ .consul.suffix ]].rule=Host(`[[ (urlParse .matrix.public_url).Hostname ]]`) && PathPrefix(`/_admin`)",
|
||||||
|
[[ template "common/traefik_tags" $sa ]]
|
||||||
"[[ $w.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].rule=Host(`[[ (urlParse .matrix.public_url).Hostname ]]`) || (Host(`[[ .matrix.server_name ]]`) && PathRegexp(`^/(_(synapse|matrix)|\\.well-known/matrix)/.*`))",
|
"[[ $w.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].rule=Host(`[[ (urlParse .matrix.public_url).Hostname ]]`) || (Host(`[[ .matrix.server_name ]]`) && PathRegexp(`^/(_(synapse|matrix)|\\.well-known/matrix)/.*`))",
|
||||||
[[ template "common/traefik_tags" $w ]]
|
[[ template "common/traefik_tags" $w ]]
|
||||||
]
|
]
|
||||||
|
|
|
@ -112,11 +112,15 @@ matrix:
|
||||||
map_style_url: https://api.maptiler.com/maps/streets/style.json?key=fU3vlMsMn4Jb6dnEIFsx
|
map_style_url: https://api.maptiler.com/maps/streets/style.json?key=fU3vlMsMn4Jb6dnEIFsx
|
||||||
version: 1.11.65
|
version: 1.11.65
|
||||||
|
|
||||||
|
# Synapse Admin is the admin interface for Synapse
|
||||||
|
synapse_admin:
|
||||||
|
version: 0.10.1
|
||||||
|
|
||||||
# Nginx will servce static files (well-known, element, synapse-admin), and proxy requests to synapse
|
# Nginx will servce static files (well-known, element, synapse-admin), and proxy requests to synapse
|
||||||
nginx:
|
nginx:
|
||||||
|
|
||||||
# The image to use
|
# The image to use
|
||||||
image: '[[ .docker.repo ]]matrix-element:[[ .matrix.element.version ]]-2'
|
image: '[[ .docker.repo ]]matrix-element:[[ .matrix.element.version ]]-3'
|
||||||
|
|
||||||
# Resource allocation
|
# Resource allocation
|
||||||
resources:
|
resources:
|
||||||
|
@ -144,6 +148,14 @@ matrix:
|
||||||
auto_rule: false
|
auto_rule: false
|
||||||
router: admin
|
router: admin
|
||||||
|
|
||||||
|
# Synapse admin
|
||||||
|
synapse_admin:
|
||||||
|
traefik:
|
||||||
|
auto_rule: false
|
||||||
|
router: synapse-admin
|
||||||
|
csp:
|
||||||
|
script-src: "'self' 'unsafe-inline'"
|
||||||
|
|
||||||
# Volumes used for data persistance
|
# Volumes used for data persistance
|
||||||
volumes:
|
volumes:
|
||||||
# Synapse will use this volume to store media, signing keys etc.
|
# Synapse will use this volume to store media, signing keys etc.
|
||||||
|
|
Loading…
Reference in New Issue