synapse. Adding Sliding Sync Proxy. (#90)

Closes #89.

Co-authored-by: Alexey Skobkin <skobkin-ru@ya.ru>
Reviewed-on: #90

synapse/.env.dist

@@ -27,5 +27,17 @@ SYNAPSE_REPORT_STATS=no
 #UID=991
 #GID=991
 
+# Sliding sync settings
+SS_PROXY_IMAGE_TAG=latest
+
+SYNCV3_SERVER=https://skobk.in
+SYNCV3_DB='user=matrix-ss dbname=matrix-ss sslmode=disable host=host.docker.internal password=database_password'
+SYNCV3_SECRET=very_long_and_random_secret
+SS_BIND_ADDR=0.0.0.0
+SS_BIND_PORT=8889
+
+SS_EXT_ADR=127.0.0.1
+SS_EXT_PORT=8889
+
 LOG_MAX_SIZE=5m
 LOG_MAX_FILE=5

synapse/docker-compose.yml

@@ -29,6 +29,29 @@ services:
         max-size: "${LOG_MAX_SIZE:-5m}"
         max-file: "${LOG_MAX_FILE:-5}"
 
+  sliding-sync:
+    # https://github.com/matrix-org/sliding-sync
+    image: "ghcr.io/matrix-org/sliding-sync:${SS_PROXY_IMAGE_TAG:-latest}"
+    container_name: matrix-ss
+    depends_on:
+      - synapse
+    extra_hosts:
+      - 'host.docker.internal:host-gateway'
+    ports:
+      - "${SS_EXT_ADR:-127.0.0.1}:${SS_EXT_PORT:-8889}:${SS_BIND_PORT:-8889}"
+    environment:
+      # https://github.com/matrix-org/sliding-sync?tab=readme-ov-file#setup
+      - "SYNCV3_SERVER=${SYNCV3_SERVER}"
+      - "SYNCV3_DB=${SYNCV3_DB}"
+      - "SYNCV3_SECRET=${SYNCV3_SECRET}"
+      - "SYNCV3_BINDADDR=${SS_BIND_ADDR:-0.0.0.0}:${SS_BIND_PORT:-8889}"
+    restart: unless-stopped
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "${LOG_MAX_SIZE:-5m}"
+        max-file: "${LOG_MAX_FILE:-5}"
+
 networks:
   matrix:
     external: true

synapse/nginx/site-and-matrix-example.conf

@@ -0,0 +1,74 @@
+# HTTP with HTTPS redirect
+server {
+  listen       80;
+  server_name  www.domain.tld domain.tld;
+  return       301 https://domain.tld$request_uri;
+}
+
+# Main domain
+server {
+  listen 443 ssl http2;
+
+  # Matrix server
+  # For the federation port
+  listen 8448 ssl default_server;
+  listen [::]:8448 ssl default_server;
+
+  server_name domain.tld;
+
+  access_log /var/log/nginx/domain.tld.access;
+  error_log /var/log/nginx/domain.tld.error;
+
+  # Certificate config
+  include ssl/domain.tld.conf;
+
+  # ========= Web-site section =========
+
+  # Site files directory
+  root /var/www/domain.tld/web;
+
+  charset utf-8;
+
+  include config/wordpress.conf;
+  #include config/static_max_cache.conf;
+  #include config/gzip.conf;
+
+  # ========= Matrix server section =========
+
+  # Sliding Sync Proxy
+  location ~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync) {
+    proxy_pass http://localhost:8889;
+    proxy_set_header X-Forwarded-For $remote_addr;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header Host $host;
+  }
+
+  # Synapse
+  # https://github.com/matrix-org/sliding-sync?tab=readme-ov-file#same-hostname
+  location ~ ^(\/_matrix|\/_synapse\/client) {
+    proxy_set_header X-Forwarded-For $remote_addr;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header Host $host;
+
+    # Nginx by default only allows file uploads up to 1M in size
+    # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
+    client_max_body_size 50M;
+
+    proxy_pass http://localhost:8008;
+  }
+
+  # Matrix WKD
+  # Client
+  location /.well-known/matrix/client {
+    add_header Content-Type application/json;
+    return 200 '{"m.homeserver": {"base_url":"https://domain.tld/"}, "org.matrix.msc3575.proxy": {"url": "https://domain.tld"}}';
+  }
+
+  # Server
+  # https://matrix-org.github.io/synapse/latest/delegate.html#well-known-delegation
+  # https://spec.matrix.org/latest/server-server-api/#server-discovery
+  location /.well-known/matrix/server {
+    add_header Content-Type application/json;
+    return 200 '{"m.server": "domain.tld:8448"}';
+  }
+}