From ac8d2652c9992fb54702d63e22ed2f40bad1b33c Mon Sep 17 00:00:00 2001 From: "Alexander \"Ace\" Olofsson" Date: Mon, 25 Jul 2022 11:24:08 +0200 Subject: [PATCH] matrix-synapse: Use anchors on worker paths The Nginx ingress seems to handle these correctly now, so use them where possible. --- charts/matrix-synapse/Chart.yaml | 2 +- charts/matrix-synapse/templates/ingress.yaml | 8 +- charts/matrix-synapse/values.yaml | 98 ++++++++++---------- 3 files changed, 54 insertions(+), 54 deletions(-) diff --git a/charts/matrix-synapse/Chart.yaml b/charts/matrix-synapse/Chart.yaml index b60e97b..cdac021 100644 --- a/charts/matrix-synapse/Chart.yaml +++ b/charts/matrix-synapse/Chart.yaml @@ -6,7 +6,7 @@ icon: https://matrix.org/images/matrix-logo.svg appVersion: 1.63.1 type: application -version: 2.4.0 +version: 2.5.0 maintainers: - name: Alexander Olofsson email: ace@haxalot.com diff --git a/charts/matrix-synapse/templates/ingress.yaml b/charts/matrix-synapse/templates/ingress.yaml index 16ca21a..f786a9d 100644 --- a/charts/matrix-synapse/templates/ingress.yaml +++ b/charts/matrix-synapse/templates/ingress.yaml @@ -66,7 +66,7 @@ spec: name: {{ $service }} port: number: 8083 - pathType: Exact + pathType: ImplementationSpecific {{- else }} serviceName: {{ $service }} servicePort: 8083 @@ -79,7 +79,7 @@ spec: name: {{ $service }} port: number: 8083 - pathType: Exact + pathType: ImplementationSpecific {{- else }} serviceName: {{ $service }} servicePort: 8083 @@ -97,7 +97,7 @@ spec: name: {{ $service }} port: number: 8083 - pathType: Exact + pathType: ImplementationSpecific {{- else }} serviceName: {{ $service }} servicePort: 8083 @@ -110,7 +110,7 @@ spec: name: {{ $service }} port: number: 8083 - pathType: Exact + pathType: ImplementationSpecific {{- else }} serviceName: {{ $service }} servicePort: 8083 diff --git a/charts/matrix-synapse/values.yaml b/charts/matrix-synapse/values.yaml index fd6b7dc..bff9e4a 100644 --- a/charts/matrix-synapse/values.yaml +++ b/charts/matrix-synapse/values.yaml @@ -393,48 +393,48 @@ workers: listeners: [client, federation] csPaths: ## Sync requests - # - "/_matrix/client/(r0|v3)/sync" - - "/_matrix/client/(api/v1|r0|v3)/events" - # - "/_matrix/client/(api/v1|r0|v3)/initialSync" - # - "/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync" + # - "/_matrix/client/(r0|v3)/sync$" + - "/_matrix/client/(api/v1|r0|v3)/events$" + # - "/_matrix/client/(api/v1|r0|v3)/initialSync$" + # - "/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$" ## Client API requests - - "/_matrix/client/(api/v1|r0|v3|unstable)/createRoom" - - "/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms" - - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members" - - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*" - - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members" - - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state" - - "/_matrix/client/v1/rooms/.*/hierarchy" - - "/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send" - - "/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary" - - "/_matrix/client/(r0|v3|unstable)/account/3pid" - - "/_matrix/client/(r0|v3|unstable)/account/whoami" - - "/_matrix/client/(r0|v3|unstable)/devices" - - "/_matrix/client/versions" - - "/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer" - - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/.*" - - "/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms" - - "/_matrix/client/(api/v1|r0|v3|unstable)/search" + - "/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$" + - "/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$" + - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$" + - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/" + - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$" + - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$" + - "/_matrix/client/v1/rooms/.*/hierarchy$" + - "/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$" + - "/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$" + - "/_matrix/client/(r0|v3|unstable)/account/3pid$" + - "/_matrix/client/(r0|v3|unstable)/account/whoami$" + - "/_matrix/client/(r0|v3|unstable)/devices$" + - "/_matrix/client/versions$" + - "/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$" + - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/" + - "/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$" + - "/_matrix/client/(api/v1|r0|v3|unstable)/search$" ## Encryption requests - - "/_matrix/client/(r0|v3|unstable)/keys/query" - - "/_matrix/client/(r0|v3|unstable)/keys/changes" - - "/_matrix/client/(r0|v3|unstable)/keys/claim" - - "/_matrix/client/(r0|v3|unstable)/room_keys/.*" + - "/_matrix/client/(r0|v3|unstable)/keys/query$" + - "/_matrix/client/(r0|v3|unstable)/keys/changes$" + - "/_matrix/client/(r0|v3|unstable)/keys/claim$" + - "/_matrix/client/(r0|v3|unstable)/room_keys/" ## Registration/login requests - - "/_matrix/client/(api/v1|r0|v3|unstable)/login" - - "/_matrix/client/(r0|v3|unstable)/register" - - "/_matrix/client/v1/register/m.login.registration_token/validity" + - "/_matrix/client/(api/v1|r0|v3|unstable)/login$" + - "/_matrix/client/(r0|v3|unstable)/register$" + - "/_matrix/client/v1/register/m.login.registration_token/validity$" ## Event sending requests - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact" - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send" - - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/.*" - - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)" - - "/_matrix/client/(api/v1|r0|v3|unstable)/join/.*" - - "/_matrix/client/(api/v1|r0|v3|unstable)/profile/.*" + - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/" + - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$" + - "/_matrix/client/(api/v1|r0|v3|unstable)/join/" + - "/_matrix/client/(api/v1|r0|v3|unstable)/profile/" ## Account data requests - "/_matrix/client/(r0|v3|unstable)/.*/tags" @@ -445,33 +445,33 @@ workers: - "/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers" ## Presence requests - - "/_matrix/client/(api/v1|r0|v3|unstable)/presence/.*" + - "/_matrix/client/(api/v1|r0|v3|unstable)/presence/" ## User directory search requests - "/_matrix/client/(r0|v3|unstable)/user_directory/search" paths: ## Federation requests - - "/_matrix/federation/v1/event/.*" - - "/_matrix/federation/v1/state/.*" - - "/_matrix/federation/v1/state_ids/.*" - - "/_matrix/federation/v1/backfill/.*" - - "/_matrix/federation/v1/get_missing_events/.*" + - "/_matrix/federation/v1/event/" + - "/_matrix/federation/v1/state/" + - "/_matrix/federation/v1/state_ids/" + - "/_matrix/federation/v1/backfill/" + - "/_matrix/federation/v1/get_missing_events/" - "/_matrix/federation/v1/publicRooms" - - "/_matrix/federation/v1/query/.*" - - "/_matrix/federation/v1/make_join/.*" - - "/_matrix/federation/v1/make_leave/.*" - - "/_matrix/federation/(v1|v2)/send_join/.*" - - "/_matrix/federation/(v1|v2)/send_leave/.*" - - "/_matrix/federation/(v1|v2)/invite/.*" - - "/_matrix/federation/v1/event_auth/.*" - - "/_matrix/federation/v1/exchange_third_party_invite/.*" - - "/_matrix/federation/v1/user/devices/.*" + - "/_matrix/federation/v1/query/" + - "/_matrix/federation/v1/make_join/" + - "/_matrix/federation/v1/make_leave/" + - "/_matrix/federation/(v1|v2)/send_join/" + - "/_matrix/federation/(v1|v2)/send_leave/" + - "/_matrix/federation/(v1|v2)/invite/" + - "/_matrix/federation/v1/event_auth/" + - "/_matrix/federation/v1/exchange_third_party_invite/" + - "/_matrix/federation/v1/user/devices/" - "/_matrix/key/v2/query" - - "/_matrix/federation/v1/hierarchy/.*" + - "/_matrix/federation/v1/hierarchy/" ## Inbound federation transaction request - - "/_matrix/federation/v1/send/.*" + - "/_matrix/federation/v1/send/" ## To separate the generic worker into specific concerns - for example federation transaction receiving; ## NB; This worker should have incoming traffic routed based on source IP, which is