mirror of
https://github.com/element-hq/synapse.git
synced 2024-12-14 11:57:44 +00:00
b257c7ab19
Some checks are pending
Build docker images / build (push) Waiting to run
Deploy the documentation / Calculate variables for GitHub Pages deployment (push) Waiting to run
Deploy the documentation / GitHub Pages (push) Blocked by required conditions
Build release artifacts / Build sdist (push) Waiting to run
Build release artifacts / Calculate list of debian distros (push) Waiting to run
Build release artifacts / Build .deb packages (push) Blocked by required conditions
Build release artifacts / Build wheels on ubuntu-22.04 for aarch64 (push) Waiting to run
Build release artifacts / Build wheels on macos-13 for x86_64 (push) Waiting to run
Build release artifacts / Build wheels on ubuntu-22.04 for x86_64 (push) Waiting to run
Build release artifacts / Attach assets to release (push) Blocked by required conditions
Tests / check-schema-delta (push) Blocked by required conditions
Tests / check-lockfile (push) Waiting to run
Tests / lint (push) Blocked by required conditions
Tests / Typechecking (push) Blocked by required conditions
Tests / lint-crlf (push) Waiting to run
Tests / lint-newsfile (push) Waiting to run
Tests / lint-pydantic (push) Blocked by required conditions
Tests / lint-clippy (push) Blocked by required conditions
Tests / lint-clippy-nightly (push) Blocked by required conditions
Tests / lint-rustfmt (push) Blocked by required conditions
Tests / lint-readme (push) Blocked by required conditions
Tests / linting-done (push) Blocked by required conditions
Tests / calculate-test-jobs (push) Blocked by required conditions
Tests / trial (push) Blocked by required conditions
Tests / cargo-bench (push) Blocked by required conditions
Tests / tests-done (push) Blocked by required conditions
Tests / changes (push) Waiting to run
Tests / check-sampleconfig (push) Blocked by required conditions
Tests / trial-olddeps (push) Blocked by required conditions
Tests / trial-pypy (all, pypy-3.9) (push) Blocked by required conditions
Tests / sytest (push) Blocked by required conditions
Tests / export-data (push) Blocked by required conditions
Tests / portdb (11, 3.9) (push) Blocked by required conditions
Tests / portdb (17, 3.13) (push) Blocked by required conditions
Tests / complement (monolith, Postgres) (push) Blocked by required conditions
Tests / complement (monolith, SQLite) (push) Blocked by required conditions
Tests / complement (workers, Postgres) (push) Blocked by required conditions
Tests / cargo-test (push) Blocked by required conditions
Be able to test `/login/sso/redirect` in Complement
Spawning from
https://github.com/element-hq/sbg/pull/421#discussion_r1854926218 where
we have a proxy that intercepts responses to
`/_matrix/client/v3/login/sso/redirect(/{idpId})` in order to upgrade
them to use OAuth 2.0 Pushed Authorization Requests (PAR). We have some
Complement tests in that codebase that go over this flow and these
changes are required [in order for the URL's to line
up](d648c8ce3f/synapse/rest/client/login.py (L652-L673)).
47 lines
1.6 KiB
Django/Jinja
47 lines
1.6 KiB
Django/Jinja
# This file contains the base config for the reverse proxy, as part of ../Dockerfile-workers.
|
|
# configure_workers_and_start.py uses and amends to this file depending on the workers
|
|
# that have been selected.
|
|
|
|
{{ upstream_directives }}
|
|
|
|
server {
|
|
# Listen on an unoccupied port number
|
|
listen 8008;
|
|
listen [::]:8008;
|
|
|
|
{% if tls_cert_path is not none and tls_key_path is not none %}
|
|
listen 8448 ssl;
|
|
listen [::]:8448 ssl;
|
|
|
|
ssl_certificate {{ tls_cert_path }};
|
|
ssl_certificate_key {{ tls_key_path }};
|
|
|
|
# Some directives from cipherlist.eu (fka cipherli.st):
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
|
|
ssl_prefer_server_ciphers on;
|
|
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
|
|
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
|
|
ssl_session_cache shared:SSL:10m;
|
|
ssl_session_tickets off; # Requires nginx >= 1.5.9
|
|
{% endif %}
|
|
|
|
server_name localhost;
|
|
|
|
# Nginx by default only allows file uploads up to 1M in size
|
|
# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
|
|
client_max_body_size 100M;
|
|
|
|
{{ worker_locations }}
|
|
|
|
# Send all other traffic to the main process
|
|
location ~* ^(\\/_matrix|\\/_synapse) {
|
|
{% if using_unix_sockets %}
|
|
proxy_pass http://unix:/run/main_public.sock;
|
|
{% else %}
|
|
proxy_pass http://localhost:8080;
|
|
{% endif %}
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header Host $host:$server_port;
|
|
}
|
|
}
|