diff --git a/synapse/.env.dist b/synapse/.env.dist index f9af1fa..e0b986e 100644 --- a/synapse/.env.dist +++ b/synapse/.env.dist @@ -27,5 +27,17 @@ SYNAPSE_REPORT_STATS=no #UID=991 #GID=991 +# Sliding sync settings +SS_PROXY_IMAGE_TAG=latest + +SYNCV3_SERVER=https://skobk.in +SYNCV3_DB='user=matrix-ss dbname=matrix-ss sslmode=disable host=host.docker.internal password=database_password' +SYNCV3_SECRET=very_long_and_random_secret +SS_BIND_ADDR=0.0.0.0 +SS_BIND_PORT=8889 + +SS_EXT_ADR=127.0.0.1 +SS_EXT_PORT=8889 + LOG_MAX_SIZE=5m LOG_MAX_FILE=5 diff --git a/synapse/docker-compose.yml b/synapse/docker-compose.yml index 1da57d3..88c59ef 100644 --- a/synapse/docker-compose.yml +++ b/synapse/docker-compose.yml @@ -29,6 +29,29 @@ services: max-size: "${LOG_MAX_SIZE:-5m}" max-file: "${LOG_MAX_FILE:-5}" + sliding-sync: + # https://github.com/matrix-org/sliding-sync + image: "ghcr.io/matrix-org/sliding-sync:${SS_PROXY_IMAGE_TAG:-latest}" + container_name: matrix-ss + depends_on: + - synapse + extra_hosts: + - 'host.docker.internal:host-gateway' + ports: + - "${SS_EXT_ADR:-127.0.0.1}:${SS_EXT_PORT:-8889}:${SS_BIND_PORT:-8889}" + environment: + # https://github.com/matrix-org/sliding-sync?tab=readme-ov-file#setup + - "SYNCV3_SERVER=${SYNCV3_SERVER}" + - "SYNCV3_DB=${SYNCV3_DB}" + - "SYNCV3_SECRET=${SYNCV3_SECRET}" + - "SYNCV3_BINDADDR=${SS_BIND_ADDR:-0.0.0.0}:${SS_BIND_PORT:-8889}" + restart: unless-stopped + logging: + driver: "json-file" + options: + max-size: "${LOG_MAX_SIZE:-5m}" + max-file: "${LOG_MAX_FILE:-5}" + networks: matrix: external: true diff --git a/synapse/nginx/site-and-matrix-example.conf b/synapse/nginx/site-and-matrix-example.conf new file mode 100644 index 0000000..d5a791a --- /dev/null +++ b/synapse/nginx/site-and-matrix-example.conf @@ -0,0 +1,74 @@ +# HTTP with HTTPS redirect +server { + listen 80; + server_name www.domain.tld domain.tld; + return 301 https://domain.tld$request_uri; +} + +# Main domain +server { + listen 443 ssl http2; + + # Matrix server + # For the federation port + listen 8448 ssl default_server; + listen [::]:8448 ssl default_server; + + server_name domain.tld; + + access_log /var/log/nginx/domain.tld.access; + error_log /var/log/nginx/domain.tld.error; + + # Certificate config + include ssl/domain.tld.conf; + + # ========= Web-site section ========= + + # Site files directory + root /var/www/domain.tld/web; + + charset utf-8; + + include config/wordpress.conf; + #include config/static_max_cache.conf; + #include config/gzip.conf; + + # ========= Matrix server section ========= + + # Sliding Sync Proxy + location ~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync) { + proxy_pass http://localhost:8889; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + } + + # Synapse + # https://github.com/matrix-org/sliding-sync?tab=readme-ov-file#same-hostname + location ~ ^(\/_matrix|\/_synapse\/client) { + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + + # Nginx by default only allows file uploads up to 1M in size + # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml + client_max_body_size 50M; + + proxy_pass http://localhost:8008; + } + + # Matrix WKD + # Client + location /.well-known/matrix/client { + add_header Content-Type application/json; + return 200 '{"m.homeserver": {"base_url":"https://domain.tld/"}, "org.matrix.msc3575.proxy": {"url": "https://domain.tld"}}'; + } + + # Server + # https://matrix-org.github.io/synapse/latest/delegate.html#well-known-delegation + # https://spec.matrix.org/latest/server-server-api/#server-discovery + location /.well-known/matrix/server { + add_header Content-Type application/json; + return 200 '{"m.server": "domain.tld:8448"}'; + } +}