matrix-synapse: Well-known server cleanup

Now handles restarting on any kind of configuration change, as well as supporting CORS for possible browser-hosted Matrix HSes, along with forwarded IP extraction.
2020-08-11 12:48:00 +02:00 · 2020-08-11 12:48:00 +02:00 · a2b7629450
commit a2b7629450
parent fa9e40cdf4
2 changed files with 41 additions and 31 deletions
--- a/charts/matrix-synapse/templates/well-known-config.yaml
+++ b/charts/matrix-synapse/templates/well-known-config.yaml
@ -0,0 +1,40 @@
+{{- if .Values.wellknown.enabled }}
+{{- $wkName := include "matrix-synapse.externalname" (dict "global" . "external" "wellknown-lighttpd") -}}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ $wkName }}
+  labels:
+    {{- include "matrix-synapse.labels" . | nindent 4 }}
+    component: well-known
+data:
+  lighttpd.conf: |
+    server.port = 8080
+    server.modules = (
+      "mod_rewrite",
+      "mod_status",
+      "mod_accesslog",
+      "mod_extforward",
+      "mod_setenv"
+    )
+    include "mime-types.conf"
+    server.username      = "lighttpd"
+    server.groupname     = "lighttpd"
+    server.document-root = {{ .Values.wellknown.htdocsPath | quote }}
+    server.pid-file      = "/run/lighttpd.pid"
+    server.errorlog      = "/dev/stderr"
+    url.rewrite-once     = (
+      "^/\.well-known/matrix/server" => "/server.json"
+    )
+    status.status-url    = "/server-status"
+    accesslog.filename   = "/dev/stderr"
+    extforward.forwarder = ( "all" => "trust")
+    setenv.add-response-header = (
+      "access-control-allow-headers" => "Origin, X-Requested-With, Content-Type, Accept, Authorization",
+      "access-control-allow-methods" => "GET, POST, PUT, DELETE, OPTIONS",
+      "access-control-allow-origin" => "*"
+    )
+  server.json: |-
+{{ dict "m.server" (printf "%s:%d" (.Values.wellknown.host | default .Values.config.serverName) (.Values.wellknown.port | default 443)) | toJson | indent 4 }}
+{{- end }}
--- a/charts/matrix-synapse/templates/well-known.yaml
+++ b/charts/matrix-synapse/templates/well-known.yaml
@ -2,36 +2,6 @@
 {{- $wkName := include "matrix-synapse.externalname" (dict "global" . "external" "wellknown-lighttpd") -}}
 ---
 apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ $wkName }}
-  labels:
-    {{- include "matrix-synapse.labels" . | nindent 4 }}
-    component: well-known
-data:
-  lighttpd.conf: |
-    server.port = 8080
-    server.modules = (
-      "mod_rewrite",
-      "mod_status",
-      "mod_accesslog"
-    )
-    include "mime-types.conf"
-    server.username      = "lighttpd"
-    server.groupname     = "lighttpd"
-    server.document-root = {{ .Values.wellknown.htdocsPath | quote }}
-    server.pid-file      = "/run/lighttpd.pid"
-    server.errorlog      = "/dev/stderr"
-    url.rewrite-once     = (
-      "^/\.well-known/matrix/server" => "/server.json"
-    )
-    status.status-url    = "/server-status"
-    accesslog.filename   = "/dev/stderr"
-
-  server.json: |-
-{{ dict "m.server" (printf "%s:%d" (.Values.wellknown.host | default .Values.config.serverName) (.Values.wellknown.port | default 443)) | toJson | indent 4 }}
---
-apiVersion: v1
 kind: Service
 metadata:
  name: {{ $wkName }}
@ -65,7 +35,7 @@ spec:
  template:
    metadata:
      annotations:
-        checksum/server-addr: {{ sha256sum (printf "%s:%d" (default .Values.wellknown.host .Values.config.serverName) (default .Values.wellknown.port 443)) }}
+        checksum/config: {{ include (print .Template.BasePath "/well-known-config.yaml") . | sha256sum }}
      labels:
        {{- include "matrix-synapse.selectorLabels" . | nindent 8 }}
        component: well-known