From 73a95426255995106245c8902e10d897d162c160 Mon Sep 17 00:00:00 2001 From: Alexander Olofsson Date: Thu, 13 Aug 2020 20:36:48 +0200 Subject: [PATCH] matrix-synapse: Change config for server names This makes a lot of default setups much simpler to deploy --- charts/matrix-synapse/README.md | 24 +++++++------ .../templates/configuration.yaml | 2 +- charts/matrix-synapse/templates/ingress.yaml | 2 +- charts/matrix-synapse/templates/service.yaml | 4 +-- .../templates/well-known-config.yaml | 2 +- charts/matrix-synapse/values.yaml | 35 +++++++++++++------ 6 files changed, 43 insertions(+), 26 deletions(-) diff --git a/charts/matrix-synapse/README.md b/charts/matrix-synapse/README.md index 6bdc748..ee35ce1 100644 --- a/charts/matrix-synapse/README.md +++ b/charts/matrix-synapse/README.md @@ -28,13 +28,13 @@ Refer to [the main Synapse docs](https://github.com/matrix-org/synapse/blob/mast For the simplest possible Matrix install, you can run your Synapse install on the root of the domain you wish in your MXIDs. If you - for instance - own the domain `chosenin.space` and want to run Matrix on it, you would simply install the chart as; - helm install matrix-synapse --set config.serverName=chosenin.space --set wellknown.enabled=true + helm install matrix-synapse --set serverName=chosenin.space --set wellknown.enabled=true This would set up Synapse with client-server and federation both exposed on `chosenin.space/_matrix`, as well as a tiny lighttpd server that responds to federation lookups on `chosenin.space/.well-known/matrix/server`. You can also use this to run a Synapse on a subdomain, with said subdomain as part of your MXIDs; (`@user:matrix.chosenin.space` in this case) - helm install matrix-synapse --set config.serverName=matrix.chosenin.space --set wellknown.enabled=true + helm install matrix-synapse --set serverName=matrix.chosenin.space --set wellknown.enabled=true ### On separate subdomain @@ -42,17 +42,21 @@ If - on the other hand - you own the domain `example.com`, want your MXIDs in th For DNS, you could install the chart as; - helm install matrix-synapse --set config.serverName=example.com --set config.publicBaseUrl=https://matrix.example.com --set ingress.includeServerName=false --set ingress.hosts={example.com} --set ingress.csHosts={matrix.example.com} + helm install matrix-synapse --set serverName=example.com --set publicServerName=matrix.example.com -This will add only federation endpoints to `example.com`, along with client endpoints on `matrix.example.com`. You will also need to have valid certs for both `example.com` as well as `matrix.example.com` for your Synapse to use. -To get federation working with such a setup, you would need to add an SRV record to your DNS - for example; -`_matrix._tcp.example.com 10 1 443 matrix.example.com` +This will add federation endpoints to `example.com`, along with client endpoints on `matrix.example.com`. For this to work, you will need to have valid certs for both `example.com` as well as `matrix.example.com` for your Synapse to use. +To get federation working with such a setup, you would also need to add an SRV record to your DNS - for example; -If you want to use a well-known file for federation instead, then your install might look more like; + _matrix._tcp.example.com 10 1 443 matrix.example.com - helm install matrix-synapse --set config.serverName=example.com --set config.publicBaseUrl=https://matrix.example.com --set wellknown.enabled=true --set wellknown.host=matrix.example.com --set ingress.includeServerName=false --set ingress.hosts={matrix.example.com} --set ingress.csHosts={matrix.example.com} --set ingress.wkHosts={example.com} +If you want to use a well-known file for federation instead of an SRV record, then your install might look more like; -With well-known federation, your client-to-server/public host is the one that needs to handle both client and federation traffic. On your main domain you'll instead only need something that can respond with a JSON file on the URL `example.com/.well-known/matrix/server`, which the included wellknown server will do. -When using well-known federation, your Synapse cert would only need to be valid for `matrix.example.com`. + helm install matrix-synapse --set serverName=example.com --set publicServerName=matrix.example.com --set wellknown.enabled=true +With well-known federation, your client-to-server/public host is the one that needs to handle both client and federation traffic. On your main domain you'll instead only need something that can respond with a JSON file on the URL `example.com/.well-known/matrix/server` - which the included wellknown server will gladly do for you. +Additionally, when using well-known federation, your Synapse cert only needs to be valid for `matrix.example.com`. +  + +More advanced setups can be made using `ingress.hosts`, `ingress.csHosts`, and `ingress.wkHosts` for server-server, client-server, and well-known endpoints respectively. +Alternatively, you can use your own ingress setup, or switch the main service to `LoadBalancer` and add a TLS listener. diff --git a/charts/matrix-synapse/templates/configuration.yaml b/charts/matrix-synapse/templates/configuration.yaml index a3309f9..6a8863f 100644 --- a/charts/matrix-synapse/templates/configuration.yaml +++ b/charts/matrix-synapse/templates/configuration.yaml @@ -34,7 +34,7 @@ data: ## Server ## server_name: {{ required "You need to specify a server name" .Values.config.serverName | quote }} - public_baseurl: {{ .Values.config.publicBaseurl | default (printf "https://%s" .Values.config.serverName) | quote }} + public_baseurl: {{ .Values.config.publicBaseurl | default (printf "https://%s" (.Values.config.publicServerName | default .Values.config.serverName)) | quote }} pid_file: /homeserver.pid web_client: False soft_file_limit: 0 diff --git a/charts/matrix-synapse/templates/ingress.yaml b/charts/matrix-synapse/templates/ingress.yaml index 1772e82..e22fb10 100644 --- a/charts/matrix-synapse/templates/ingress.yaml +++ b/charts/matrix-synapse/templates/ingress.yaml @@ -29,7 +29,7 @@ spec: rules: {{- $csHosts := .Values.ingress.csHosts }} {{- if .Values.ingress.includeServerName }} - {{- $csHosts = concat (list .Values.config.serverName) $csHosts }} + {{- $csHosts = concat (list (.Values.config.publicServerName | default .Values.config.serverName)) $csHosts }} {{- end }} {{- $s2sHosts := .Values.ingress.hosts }} {{- if .Values.ingress.includeServerName }} diff --git a/charts/matrix-synapse/templates/service.yaml b/charts/matrix-synapse/templates/service.yaml index a042535..94e5dfa 100644 --- a/charts/matrix-synapse/templates/service.yaml +++ b/charts/matrix-synapse/templates/service.yaml @@ -8,8 +8,8 @@ metadata: spec: type: ClusterIP ports: - - port: 8008 - targetPort: http + - port: {{ .Values.serviceport | default 8008 }} + targetPort: {{ .Values.service.targetPort | default "http" }} protocol: TCP name: http selector: diff --git a/charts/matrix-synapse/templates/well-known-config.yaml b/charts/matrix-synapse/templates/well-known-config.yaml index 4b51758..b1b46c0 100644 --- a/charts/matrix-synapse/templates/well-known-config.yaml +++ b/charts/matrix-synapse/templates/well-known-config.yaml @@ -39,5 +39,5 @@ data: "content-type" => "application/json" ) server.json: |- -{{ dict "m.server" (printf "%s:%d" (.Values.wellknown.host | default .Values.config.serverName) (.Values.wellknown.port | default 443)) | toJson | indent 4 }} +{{ dict "m.server" (printf "%s:%d" (.Values.wellknown.host | default (.Values.config.publicServerName | default .Values.config.serverName)) (.Values.wellknown.port | default 443)) | toJson | indent 4 }} {{- end }} diff --git a/charts/matrix-synapse/values.yaml b/charts/matrix-synapse/values.yaml index 99ccf38..13725f2 100644 --- a/charts/matrix-synapse/values.yaml +++ b/charts/matrix-synapse/values.yaml @@ -36,19 +36,23 @@ signingkey: # existingSecret: # existingSecretKey: signing.key +## The Matrix domain name, this is what will be used for the domain part in +## your MXIDs. +## +# serverName: 'example.com' + +## The public Matrix server name, this will be used for any public URLs +## in config as well as for client API links in the ingress. +# publicServerName: 'matrix.example.com' + ## Common Matrix configuration values, for any value not handled by this block, ## you will want to instead set it in extraConfig. ## config: - ## The Matrix domain name, this is what will be used for the domain part in - ## your MXIDs. - ## - # serverName: 'example.com' - ## The publicly accessible URL for the Synapse instance, will default to - ## https://. + ## https://. ## - # publicBaseurl: 'https://example.com' + # publicBaseurl: 'https://matrix.example.com' ## The size of the event cache. ## @@ -143,8 +147,8 @@ synapse: # - name: SYNAPSE_CACHE_FACTOR # value: "2" - ## Configuration for the pod security policy, Synapse will by default run as its - ## own user, even if not set. + ## Configuration for the pod security policy, Synapse will by always run as + ## its own user, even if not set. ## Note that changing this may also require you to use the volumePermission ## helper depending on your storage. ## @@ -541,8 +545,17 @@ volumePermissions: # memory: 128Mi # cpu: 100m -## The K8s ingress configuration, this will be quite heavily used in order to set -## up all routing necessary for use with a sharded Synapse instance. +## Configuration for the main Synapse service. +## To use TLS inside Synapse itself, add an TLS listener, and change the ports +## configured in here. +## +service: + type: ClusterIP + port: 8008 + targetPort: http + +## The K8s ingress configuration, this will be quite heavily used in order to +## set up all routing necessary for use with a sharded Synapse instance. ## If you're not using a Ingress compatible K8s ingress, you will need to set up ## your own routing instead. ##