Quellcode durchsuchen

Adding Healthcheck and upgrading to latest synapse backend

master
Gattes vor 7 Monaten
Ursprung
Commit
12bef195a8
3 geänderte Dateien mit 41 neuen und 38 gelöschten Zeilen
  1. 17
    24
      docker-compose.yaml
  2. 20
    14
      install.sh
  3. 4
    0
      killall.sh

+ 17
- 24
docker-compose.yaml Datei anzeigen

@@ -2,7 +2,7 @@
2 2
 services:
3 3
 
4 4
   synapse:
5
-    image: ghcr.io/element-hq/synapse:v1.105.1
5
+    image: ghcr.io/element-hq/synapse:v1.126.0
6 6
     restart: always
7 7
     environment:
8 8
       - SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
@@ -17,9 +17,15 @@ services:
17 17
       matrix_db:
18 18
     ports:
19 19
       - 8008:8008
20
+    healthcheck:
21
+      test: ["CMD", "curl", "-fSs", "http://localhost:8008/health"]
22
+      interval: 15s
23
+      timeout: 5s
24
+      retries: 3
25
+      start_period: 5s
20 26
 
21 27
   db:
22
-    image: docker.io/postgres:16.2-alpine
28
+    image: docker.io/postgres:16-alpine
23 29
     environment:
24 30
       - POSTGRES_DB=synapse
25 31
       - POSTGRES_USER=matrix_synapse
@@ -31,7 +37,7 @@ services:
31 37
       matrix_db:
32 38
   
33 39
   element:
34
-    image: vectorim/element-web:v1.11.65
40
+    image: vectorim/element-web:v1.11.95
35 41
     restart: unless-stopped
36 42
     volumes:
37 43
       - ./config/element/element-config.json:/app/config.json
@@ -39,7 +45,8 @@ services:
39 45
       matrix_server:
40 46
         ipv4_address: 10.10.10.3
41 47
     depends_on:
42
-      - synapse
48
+      synapse:
49
+        condition: service_healthy
43 50
 
44 51
   sydent:
45 52
     image: docker.io/matrixdotorg/sydent:v2.6.1
@@ -48,35 +55,21 @@ services:
48 55
       matrix_server:
49 56
         ipv4_address: 10.10.10.5
50 57
     depends_on:
51
-      - synapse
58
+      synapse:
59
+        condition: service_healthy
52 60
 
53 61
   synapse-admin:
54
-    image: awesometechnologies/synapse-admin:0.10.1
62
+    image: awesometechnologies/synapse-admin:0.10.3
55 63
     restart: unless-stopped
56 64
     networks:
57 65
       matrix_server:
58 66
         ipv4_address: 10.10.10.6
59 67
     depends_on:
60
-      - synapse
61
-
62
-  sliding-sync:
63
-    image: ghcr.io/matrix-org/sliding-sync:v0.99.16
64
-
65
-    restart: always
66
-    environment:
67
-      - SYNCV3_BINDADDR=:8008
68
-      - SYNCV3_SERVER=https://DOMAIN
69
-      - SYNCV3_SECRET=SLIDING_SYNC_KEY
70
-      - SYNCV3_DB=user=matrix_synapse dbname=synapse sslmode=disable host=db password=PG_PASS
71
-    networks:
72
-      matrix_server:
73
-        ipv4_address: 10.10.10.7
74
-      matrix_db:
75
-    depends_on:
76
-      - synapse
68
+      synapse:
69
+        condition: service_healthy
77 70
 
78 71
   hydrogen-web:
79
-    image: ghcr.io/element-hq/hydrogen-web:v0.4.1
72
+    image: ghcr.io/element-hq/hydrogen-web:v0.5.1
80 73
     restart: unless-stopped
81 74
     environment:
82 75
       - |

+ 20
- 14
install.sh Datei anzeigen

@@ -1,6 +1,6 @@
1 1
 #!/bin/bash
2 2
 
3
-set -euo pipefail
3
+set -eo pipefail
4 4
 
5 5
 DOMAIN=$1
6 6
 if [ -z ${DOMAIN} ]; then
@@ -94,7 +94,7 @@ PG_PASS=$(pwgen -s 28 -1)
94 94
 sed -i "s|DOMAIN|${DOMAIN}|g" "${BASE_DIR}/docker-compose.yaml"
95 95
 sed -i "s|PG_PASS|${PG_PASS}|g" "${BASE_DIR}/docker-compose.yaml"
96 96
 
97
-# Generate synapse file
97
+# Generate synapse config file
98 98
 echo -e "Generating synapse file..\n"
99 99
 docker compose run --rm -e SYNAPSE_SERVER_NAME=${DOMAIN} -e SYNAPSE_REPORT_STATS=yes synapse generate
100 100
 
@@ -111,6 +111,7 @@ cp /tmp/homeserver.yaml "${BASE_DIR}/config/synapse/homeserver.yaml"
111 111
 
112 112
 # Configure User Directory and TURN
113 113
 cat <<EOF >> "${BASE_DIR}/config/synapse/homeserver.yaml"
114
+public_baseurl: "https://${DOMAIN}"
114 115
 user_directory:
115 116
     enabled: true
116 117
     search_all_users: true
@@ -121,6 +122,7 @@ turn_user_lifetime: 86400000
121 122
 turn_shared_secret: "${TURN_STATIC_SECRET}"
122 123
 turn_uris: [ "turn:${DOMAIN}?transport=udp" ]
123 124
 suppress_key_server_warning: true
125
+enable_authenticated_media: False
124 126
 retention:
125 127
   enabled: true
126 128
   default_policy:
@@ -158,14 +160,10 @@ server {
158 160
     # Hardening
159 161
     add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
160 162
     add_header Content-Security-Policy "default-src 'self' ${DOMAIN} http: https: data: blob: 'unsafe-inline' 'unsafe-eval'" always;
163
+    add_header X-XSS-Protection "1; mode=block";
164
+    add_header X-Content-Type-Options nosniff;
161 165
     add_header X-Frame-Options "SAMEORIGIN";
162 166
 
163
-    location /.well-known/matrix/client {
164
-        default_type application/json;
165
-        add_header Access-Control-Allow-Origin *;
166
-        return 200 '{"m.homeserver": {"base_url": "https://${DOMAIN}"}, "org.matrix.msc3575.proxy": {"url": "https://${DOMAIN}"}}';
167
-    }
168
-
169 167
     # Admin panel
170 168
     location /admin/ {
171 169
         proxy_pass http://10.10.10.6/;
@@ -175,21 +173,23 @@ server {
175 173
         proxy_http_version 1.1;
176 174
     }
177 175
 
178
-    # Sydent identity server
179
-    location ~ ^(/_matrix/identity) {
180
-        proxy_pass http://10.10.10.5:8090;
176
+    # Proxy for Synapse Admin Panel
177
+    location /_synapse/admin {
178
+        proxy_pass http://10.10.10.4:8008;
181 179
         proxy_set_header X-Forwarded-For \$remote_addr;
182 180
         proxy_set_header X-Forwarded-Proto \$scheme;
183 181
         proxy_set_header Host \$host;
182
+        client_max_body_size 50M;
184 183
         proxy_http_version 1.1;
185 184
     }
186 185
 
187
-    # Sliding Sync
188
-    location ~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync) {
189
-        proxy_pass http://10.10.10.7:8008;
186
+    # Sydent identity server
187
+    location ~ ^(/_matrix/identity) {
188
+        proxy_pass http://10.10.10.5:8090;
190 189
         proxy_set_header X-Forwarded-For \$remote_addr;
191 190
         proxy_set_header X-Forwarded-Proto \$scheme;
192 191
         proxy_set_header Host \$host;
192
+        proxy_http_version 1.1;
193 193
     }
194 194
 
195 195
     # Synapse Backend
@@ -214,6 +214,12 @@ server {
214 214
         proxy_http_version 1.1;
215 215
     }
216 216
 
217
+    location /.well-known/matrix/client {
218
+        default_type application/json;
219
+        add_header Access-Control-Allow-Origin *;
220
+        return 200 '{"m.homeserver": {"base_url": "https://${DOMAIN}"}, "m.identity_server": {"base_url": "https://${DOMAIN}"}}';
221
+    }
222
+
217 223
     # Element Frontend
218 224
     location / {
219 225
         # Element chat Container Network IP

+ 4
- 0
killall.sh Datei anzeigen

@@ -11,10 +11,14 @@ if [ "${answer}" != "${answer#[Yy]}" ] ;then
11 11
     systemctl disable --now nginx
12 12
     systemctl disable --now coturn
13 13
 
14
+    echo "Deleting all containers"
15
+    for container in `docker ps -a  | awk '{print $1}' | tail +2`; do docker rm -f ${container}; done
16
+
14 17
     echo "Purging containers data"
15 18
     docker system prune -a -f
16 19
 
17 20
     echo "Removing packages"
21
+    cd /tmp
18 22
     apt remove -y --purge pwgen nginx python3-certbot-nginx coturn* docker*
19 23
     systemctl daemon-reload
20 24
 

Laden…
Abbrechen
Speichern