merge master #2
Merged
merge master #2
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The SSL certificates should be accessible to the nginx proxy container, not the synapse container.
Fixes #685 (Github Issue).
Fix docker mount instruction in documentation
While v1.22.0 supposedly has multi-arch Docker images (thanks to matrix-org/synapse#7921), I can't them on Docker Hub yet, so I'm backing out of this change for now and letting people fall back to self-building there.
The regex introduced in 63a49bb seems to take precedence over the bare location blocks, causing a regression. > It is important to understand that, by default, Nginx will serve regular expression matches in preference to prefix matches. > However, it evaluates prefix locations first, allowing for the administer to override this tendency by specifying locations using the = and ^~ modifiers. Source: https://www.digitalocean.com/community/tutorials/understanding-nginx-server-and-location-block-selection-algorithms
We do this to match Synapse's new default "max_upload_size" (50MB). This `matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb` default value only affects standalone usage of the `matrix-nginx-proxy` role. When the role is used in the context of the playbook, the value is dynamically assigned from `group_vars/matrix_servers`. Somewhat related to #692 (Github Issue).
Fixes #696 (Github Issue)
Switch to the new vectorim/element-web Docker image
Upgrade Element (1.7.13 -> 1.7.14)
Also switches to using `docker system prune -a` for a less invasive cleanup of Docker images and related resources.
`-v` magically creates the source destination as a directory, if it doesn't exist already. We'd like to avoid this magic and the potential breakage that it might cause. We'd rather fail while Docker tries to find things to `--mount` than have it automatically create directories and fail anyway, while having contaminated the filesystem. There's a lot more `-v` instances remaining to be fixed later on. This is just some start. Things like `matrix_synapse_container_additional_volumes` and `matrix_nginx_proxy_container_additional_volumes` were not changed to use `--mount`, as options for each one are passed differently (`ro` is `ro`, but `rw` doesn't exist and `slave` is `bind-propagation=slave`). To avoid breaking people's custom volume mounts, we keep it as it is for now. A deficiency with `--mount` is that it lacks the `z` option (SELinux ownership changes), and some of our `-v` instances use that. I'm not sure how supported SELinux is for us right now, but it might be, and breaking that would not be a good idea.
updates matrix-sms-bridge (changed SMS provider)
Update configuring-playbook-bridge-matrix-bridge-sms.md
Note about the max length of the postgres password
…none' Since the switch from `-v` to `--mount` (in 1fca917), we've regressed when `matrix_ssl_retrieval_method == 'none'`. In such a case, we don't create `/matrix/ssl` directories at all and shouldn't be trying to mount them into the `matrix-nginx-proxy` container. Previously, with `-v`, Docker would auto-create them, effectively hiding our mistake. Now that `--mount` doesn't do such auto-creation magic, the `matrix-nginx-proxy` container was failing to start. Fixes #734
updated matrix-sms-bridge
This supersedes/fixes-up this Pull Request: #719 The Jitsi Web and JVB containers now (in build 5142) always start by bulding their own default configuration (`config.js` and `sip-communicator.properties`, respectively). The fact that we were generating these files ourselves was no longer of use, because our configuration was thrown away in favor of the one created by the containers on startup. With this commit, we're completely redoing things. We no longer generate these configuration files. We try to pass the proper environment variables, so that Jitsi services can generate the configuration files themselves. Besides that, we try to use the "custom configuration" mechanism provided by Jitsi Web and Jitsi JVB (`custom-config.js` and `custom-sip-communicator.properties`, respectively), so that we and our users can inject additional configuration. Some configuration options we had are gone now. Others are no longer controllable via variables and need to be injected using the `_config_extension` variables that we provide. The validation logic that is part of the role should take care to inform people about how to upgrade (if they're using some custom configuration, which needs special care now). Most users should not have to do anything special though.
It's not like it worked anyway, because we don't have the necessary services installed for transcription (Jigasi), nor recording (Jibri). Disabling these, should hopefully disable their related elements in the Jitsi Web UI. Fixes #726
laszabine
pushed a commit
that referenced
this pull request
Apr 21, 2021
We have a flow like this: 1. matrix.DOMAIN vhost (matrix-domain.conf) 2. matrix-synapse vhost (matrix-synapse.conf); or matrix-corporal container, if enabled 3. (optional) matrix-synapse vhost (matrix-synapse.conf), if matrix-corporal enabled 4. matrix-synapse container We are setting `X-Forwarded-For` correctly in step #1, but were overwriting it in step #2 with something inaccurate. Not doing anything in step #2 is better than doing the wrong thing. It's probably best if we append another reverse-proxy address there though, although what we're doing now (with this patch) seems to yield the correct result (when matrix-corporal is not enabled). When matrix-corporal is enabled, we still seem to do the wrong thing for some reason. It's something to be fixed later on.
laszabine
pushed a commit
that referenced
this pull request
May 28, 2022
laszabine
pushed a commit
that referenced
this pull request
Nov 20, 2022
add option to change filter_mode
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.