aboutsummaryrefslogtreecommitdiffstats
path: root/matrix-server
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--matrix-server/certbot/scripts/concatenate-certificates.sh1
-rw-r--r--matrix-server/certbot/scripts/create-certificates.sh9
-rw-r--r--matrix-server/certbot/scripts/renew-certificates.sh9
-rw-r--r--matrix-server/certbot/scripts/update-haproxy-certificates.sh6
-rw-r--r--matrix-server/docker-compose.yml55
-rw-r--r--matrix-server/element/config.json54
-rw-r--r--matrix-server/haproxy/Dockerfile2
-rw-r--r--matrix-server/haproxy/error.html10
-rw-r--r--matrix-server/haproxy/haproxy.cfg36
-rw-r--r--matrix-server/postgres/Dockerfile3
-rw-r--r--matrix-server/postgres/pg_hba.conf7
-rw-r--r--matrix-server/postgres/pg_pass_secret2
-rw-r--r--matrix-server/synapse/Dockerfile5
-rw-r--r--matrix-server/synapse/homeserver.yaml8
14 files changed, 166 insertions, 41 deletions
diff --git a/matrix-server/certbot/scripts/concatenate-certificates.sh b/matrix-server/certbot/scripts/concatenate-certificates.sh
index 242f5e5..29e75ea 100644
--- a/matrix-server/certbot/scripts/concatenate-certificates.sh
+++ b/matrix-server/certbot/scripts/concatenate-certificates.sh
@@ -2,6 +2,5 @@
echo "running concat certs..."
if [ -f /etc/letsencrypt/live/terminaldweller.com/fullchain.pem -a -f /etc/letsencrypt/live/terminaldweller.com/privkey.pem ]; then
- echo "when you're out, we're in...''"
cat /etc/letsencrypt/live/terminaldweller.com/fullchain.pem /etc/letsencrypt/live/terminaldweller.com/privkey.pem > /etc/certificates/terminaldweller.com.pem
fi
diff --git a/matrix-server/certbot/scripts/create-certificates.sh b/matrix-server/certbot/scripts/create-certificates.sh
index 1bc1094..804e542 100644
--- a/matrix-server/certbot/scripts/create-certificates.sh
+++ b/matrix-server/certbot/scripts/create-certificates.sh
@@ -2,9 +2,14 @@
echo "running create certs..."
# Request certificates
certbot certonly --standalone \
- --non-interactive --agree-tos --email thabogre@gmail.com --http-01-port=380 \
+ --non-interactive \
+ --agree-tos \
+ --email thabogre@gmail.com \
+ --http-01-port=380 \
--cert-name terminaldweller.com \
- -d terminaldweller.com
+ -d terminaldweller.com,mail.terminaldweller.com,www.terminaldweller.com,matrix.terminaldweller.com,element.terminaldweller.com,blog.terminaldweller.com \
+ --dry-run
+ # --server https://acme-v02.api.letsencrypt.org/directory \
# Concatenate certificates
. /etc/scripts/concatenate-certificates.sh
# Update certificates in HAProxy
diff --git a/matrix-server/certbot/scripts/renew-certificates.sh b/matrix-server/certbot/scripts/renew-certificates.sh
index ff56115..032486a 100644
--- a/matrix-server/certbot/scripts/renew-certificates.sh
+++ b/matrix-server/certbot/scripts/renew-certificates.sh
@@ -1,19 +1,10 @@
#!/bin/sh
echo "running renew certs..."
-# Certificates exist
if [ -d /etc/letsencrypt/live/terminaldweller.com ]; then
- # Check certificates and renew them
certbot renew --http-01-port=380
-
- # Concatenate certificates
. /etc/scripts/concatenate-certificates.sh
-
- # Update certificates in HAProxy
. /etc/scripts/update-haproxy-certificates.sh
-
-# Certificates don't exist
else
- # Execute certificate creation script
. /etc/scripts/create-certificates.sh
fi
diff --git a/matrix-server/certbot/scripts/update-haproxy-certificates.sh b/matrix-server/certbot/scripts/update-haproxy-certificates.sh
index 9eaae7c..4fad7df 100644
--- a/matrix-server/certbot/scripts/update-haproxy-certificates.sh
+++ b/matrix-server/certbot/scripts/update-haproxy-certificates.sh
@@ -1,11 +1,7 @@
#!/bin/sh
echo "running update certs..."
-# Start transaction
-echo -e "set ssl cert /etc/letsencrypt/live/terminaldweller.com/fullchain.pem <<\n$(cat /etc/certificates/terminaldweller.com.pem)\n" | socat tcp-connect:haproxy:9999 -
-# Commit transaction
+echo -e "set ssl cert /etc/letsencrypt/live/terminaldweller.com/fullchain.pem <<\n$(cat /etc/certificates/terminaldweller.com.pem)\n" | socat tcp-connect:haproxy:9999 -
echo "commit ssl cert /etc/letsencrypt/live/terminaldweller.com/fullchain.pem" | socat tcp-connect:haproxy:9999 -
-
-# Show certification info (not essential)
echo "show ssl cert /etc/letsencrypt/live/terminaldweller.com/fullchain.pem" | socat tcp-connect:haproxy:9999 -
diff --git a/matrix-server/docker-compose.yml b/matrix-server/docker-compose.yml
index eb0f354..add4cd8 100644
--- a/matrix-server/docker-compose.yml
+++ b/matrix-server/docker-compose.yml
@@ -1,7 +1,17 @@
version: "3.4"
services:
+ element:
+ image: vectorim/element-web:v1.7.21-rc.1
+ networks:
+ - clientnet
+ volumes:
+ - ./element/config.json:/app/config.json
+ depends_on:
+ - haproxy
postgres:
- image: postgres:13-alpine
+ image: postgres
+ build:
+ context: ./postgres/
networks:
- dbnet
volumes:
@@ -9,10 +19,14 @@ services:
ports:
- "5432:5432"
environment:
- - POSTGRES_PASSWORD_FILE=/run/secrets/pg_pass_secret
- - POSTGRES_USER_FILE=/run/secrets/pg_user_secret
- - POSTGRES_INITDB_ARGS_FILE=/run/secrets/pg_initdb_args_secret
- - POSTGRES_DB_FILE=/run/secrets/pg_db_secret
+ # - POSTGRES_PASSWORD_FILE=/run/secrets/pg_pass_secret
+ # - POSTGRES_USER_FILE=/run/secrets/pg_user_secret
+ # - POSTGRES_INITDB_ARGS_FILE=/run/secrets/pg_initdb_args_secret
+ # - POSTGRES_DB_FILE=/run/secrets/pg_db_secret
+ - POSTGRES_PASSWORD=El3ph@nt#13
+ - POSTGRES_USER=postgres
+ - POSTGRES_INITDB_ARGS=--encoding='UTF-8' --lc-collate='C' --lc-ctype='C'
+ - POSTGRES_DB=synapse
secrets:
- pg_pass_secret
- pg_user_secret
@@ -24,14 +38,9 @@ services:
context: ./synapse/
networks:
- matrixnet
- - certnet
- dbnet
volumes:
- synapse-data:/data/
- # - cert-data:/etc/letsencrypt/live/
- # - ./synapse/homeserver.yaml:/data/homeserver.yaml
- # - ./synapse/terminaldweller.com.signing.key:/data/terminaldweller.com.signing.key
- # - ./synapse/terminaldweller.com.log.config:/data/terminaldweller.com.log.config
# entrypoint: ["tail", "-f", "/dev/null"]
# command: ["generate"]
depends_on:
@@ -47,6 +56,8 @@ services:
- SYNAPSE_DATA_DIR=/data/
- SYNAPSE_CONFIG_DIR=/data/
- SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
+ # - SYNAPSE_CONFIG_DIR=/data/
+ # - SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
# - TZ=Tehran/Asia
healthcheck:
test: ["CMD", "curl", "-fSs", "http://localhost:8008/health"]
@@ -54,7 +65,9 @@ services:
timeout: 10s
retries: 3
haproxy:
- image: haproxy:lts-alpine
+ image: haproxy
+ build:
+ context: ./haproxy/
ports:
- "80:80"
- "443:443"
@@ -64,14 +77,19 @@ services:
- matrixnet
- turnnet
- certnet
+ - clientnet
volumes:
- ./haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro
# - cert-data:/usr/local/etc/haproxy/certificates:ro
# - cert-data:/etc/certificates:ro
- certificates:/etc/certificates
- depends_on:
- - certbot
+ - ./haproxy/error.html:/srv/error.html
# restart: on-failure
+ healthcheck:
+ test: ["CMD", "curl", "-fSs", "http://localhost:80/health"]
+ interval: 1m
+ timeout: 10s
+ retries: 3
certbot:
image: certbot
build:
@@ -88,6 +106,8 @@ services:
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do . /etc/scripts/renew-certificates.sh ; sleep 12h & wait $${!}; done;'"
restart: always
command: ["certonly"]
+ depends_on:
+ - haproxy
# coturn:
# image: coturn/coturn:latest
# networks:
@@ -99,15 +119,22 @@ services:
# - "5349:5349"
# depends_on:
# - synapse
+ # - haproxy
+ debugger:
+ image: alpine:3.13
+ volumes:
+ - synapse-data:/data/
+ entrypoint: ["tail", "-f", "/dev/null"]
networks:
matrixnet:
certnet:
dbnet:
turnnet:
+ clientnet:
volumes:
db-data:
synapse-data:
- cert-data:
+ # cert-data:
certificates:
certbot-data:
secrets:
diff --git a/matrix-server/element/config.json b/matrix-server/element/config.json
new file mode 100644
index 0000000..795e104
--- /dev/null
+++ b/matrix-server/element/config.json
@@ -0,0 +1,54 @@
+{
+ "default_server_config": {
+ "m.homeserver": {
+ "base_url": "https://element.terminaldweller.com",
+ "server_name": "terminaldweller.com"
+ },
+ "m.identity_server": {
+ "base_url": "https://vector.im"
+ }
+ },
+ "disable_custom_urls": false,
+ "disable_guests": true,
+ "disable_login_language_selector": true,
+ "disable_3pid_login": true,
+ "brand": "Element",
+ "integrations_ui_url": "https://scalar.vector.im/",
+ "integrations_rest_url": "https://scalar.vector.im/api",
+ "integrations_widgets_urls": [
+ "https://scalar.vector.im/_matrix/integrations/v1",
+ "https://scalar.vector.im/api",
+ "https://scalar-staging.vector.im/_matrix/integrations/v1",
+ "https://scalar-staging.vector.im/api",
+ "https://scalar-staging.riot.im/scalar/api"
+ ],
+ "bug_report_endpoint_url": "https://element.io/bugreports/submit",
+ "defaultCountryCode": "IR",
+ "showLabsSettings": false,
+ "features": {
+ "feature_new_spinner": false
+ },
+ "default_federate": true,
+ "default_theme": "dark",
+ "roomDirectory": {
+ "servers": [
+ "terminaldweller.com"
+ ]
+ },
+ "piwik": {
+ "url": "https://piwik.riot.im/",
+ "whitelistedHSUrls": ["https://matrix.org"],
+ "whitelistedISUrls": ["https://vector.im", "https://matrix.org"],
+ "siteId": 1
+ },
+ "enable_presence_by_hs_url": {
+ "https://matrix.org": false,
+ "https://matrix-client.matrix.org": false
+ },
+ "settingDefaults": {
+ "breadcrumbs": true
+ },
+ "jitsi": {
+ "preferredDomain": "jitsi.riot.im"
+ }
+}
diff --git a/matrix-server/haproxy/Dockerfile b/matrix-server/haproxy/Dockerfile
new file mode 100644
index 0000000..c7dc38f
--- /dev/null
+++ b/matrix-server/haproxy/Dockerfile
@@ -0,0 +1,2 @@
+FROM haproxy:lts-alpine
+RUN apk update && apk upgrade && apk add curl
diff --git a/matrix-server/haproxy/error.html b/matrix-server/haproxy/error.html
new file mode 100644
index 0000000..85a807e
--- /dev/null
+++ b/matrix-server/haproxy/error.html
@@ -0,0 +1,10 @@
+HTTP/1.0 200 OK
+
+Cache-Control: no-cache
+
+Connection: close
+
+Content-Type: text/plain
+
+
+up
diff --git a/matrix-server/haproxy/haproxy.cfg b/matrix-server/haproxy/haproxy.cfg
index c619259..09e387c 100644
--- a/matrix-server/haproxy/haproxy.cfg
+++ b/matrix-server/haproxy/haproxy.cfg
@@ -1,6 +1,7 @@
global
stats socket :9999 level admin expose-fd listeners
-log stdout format raw local0
+#log stdout format raw local0
+log stdout format raw local0 info
ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
defaults
@@ -10,22 +11,37 @@ timeout server 50000ms
default-server init-addr last,libc,none
frontend http
+mode http
+option httplog
+log global
bind *:80
http-request redirect scheme https unless { ssl_fc }
acl certbot path_beg /.well-known/acme-challenge/
use_backend certbot if certbot
+use_backend health if { path_beg /health }
frontend https
#uncomment this to get ssl certificate for the first run
-bind *:443 v4v6 ssl crt /etc/certificates/terminaldweller.com.pem strict-sni alpn h2,http/1.1
-acl matrix-host hdr(host) -i terminaldweller.com
+#bind :::443 v4v6 ssl crt /etc/certificates/matrix.terminaldweller.com.pem strict-sni alpn h2,http/1.1
+acl matrix-host hdr(host) -i matrix.terminaldweller.com
acl matrix-path path_beg /_matrix
acl matrix-path path_beg /_synpase/client
use_backend matrix if matrix-host matrix-path
+#frontend element
+#bind *:80
+#acl element hdr_end(host) -i element.terminaldweller.com
+#use_backend element if element
+
+frontend mail
+bind *:993
+bind *:587
+acl mail hdr_end(host) -i mail.terminaldweller.com
+use_backend mail if mail
+
frontend matrix-federation
#uncomment this to get ssl certificate for the first run
-bind *:8448 v4v6 ssl crt /etc/certificates/terminaldweller.com.pem alpn h2,http/1.1
+#bind :::8448 v4v6 ssl crt /etc/certificates/matrix.terminaldweller.com.pem alpn h2,http/1.1
default_backend matrix
resolvers docker
@@ -35,4 +51,16 @@ backend matrix
server matrix synapse:8008
backend certbot
+mode http
server certbot certbot:380
+
+backend element
+server element element:80
+
+backend mail
+server mail mail:993
+
+backend health
+mode http
+server disabled-server 127.0.0.1:1 disabled
+errorfile 503 /srv/error.html
diff --git a/matrix-server/postgres/Dockerfile b/matrix-server/postgres/Dockerfile
new file mode 100644
index 0000000..028d2fb
--- /dev/null
+++ b/matrix-server/postgres/Dockerfile
@@ -0,0 +1,3 @@
+FROM postgres:13-alpine
+
+COPY ./pg_hba.conf /var/lib/postgres/data/
diff --git a/matrix-server/postgres/pg_hba.conf b/matrix-server/postgres/pg_hba.conf
new file mode 100644
index 0000000..1a0a1a9
--- /dev/null
+++ b/matrix-server/postgres/pg_hba.conf
@@ -0,0 +1,7 @@
+host all all all md5
+local all all trust
+host all all 127.0.0.1/32 trust
+host all all ::1/128 trust
+local replication all trust
+host replication all 127.0.0.1/32 trust
+host replication all ::1/128 trust
diff --git a/matrix-server/postgres/pg_pass_secret b/matrix-server/postgres/pg_pass_secret
index f35f326..7779b9c 100644
--- a/matrix-server/postgres/pg_pass_secret
+++ b/matrix-server/postgres/pg_pass_secret
@@ -1 +1 @@
-El3ph@ant#13
+El3ph@nt#13
diff --git a/matrix-server/synapse/Dockerfile b/matrix-server/synapse/Dockerfile
index afba29d..425c11b 100644
--- a/matrix-server/synapse/Dockerfile
+++ b/matrix-server/synapse/Dockerfile
@@ -1,2 +1,5 @@
-FROM matrixdotorg/synapse:v1.25.0
+FROM matrixdotorg/synapse:v1.26.0
RUN mkdir -p /data/media_store && chown -R 991:991 /data/media_store
+COPY ./homeserver.yaml /data/
+RUN chmod 554 /data/homeserver.yaml
+# RUN chown synapse /var/log/synapse
diff --git a/matrix-server/synapse/homeserver.yaml b/matrix-server/synapse/homeserver.yaml
index d75c7af..7c98bd5 100644
--- a/matrix-server/synapse/homeserver.yaml
+++ b/matrix-server/synapse/homeserver.yaml
@@ -607,7 +607,7 @@ acme:
#
# If not set, defaults to your 'server_name'.
#
- domain: matrix.example.com
+ domain: terminaldweller.com
# file to use for the account key. This will be generated if it doesn't
# exist.
@@ -743,10 +743,10 @@ caches:
database:
name: psycopg2
args:
- user: synapse_user
- password: secretpassword
+ user: postgres
+ password: El3ph@nt#13
database: synapse
- host: localhost
+ host: postgres
cp_min: 5
cp_max: 10
#