7 files changed, 82 insertions, 53 deletions
diff --git a/matrix-server/certbot/Dockerfile b/matrix-server/certbot/Dockerfile
index dc6369b..cd1c6bd 100644
--- a/matrix-server/certbot/Dockerfile
+++ b/matrix-server/certbot/Dockerfile
@@ -1,4 +1,5 @@
 FROM certbot/certbot:v1.11.0
 RUN apk update && apk add socat
 COPY ./scripts/ /etc/scripts/
+RUN chmod +x /etc/scripts/*.sh
 EXPOSE 380
diff --git a/matrix-server/certbot/scripts/concatenate-certificates.sh b/matrix-server/certbot/scripts/concatenate-certificates.sh
index 5238a9b..242f5e5 100644
--- a/matrix-server/certbot/scripts/concatenate-certificates.sh
+++ b/matrix-server/certbot/scripts/concatenate-certificates.sh
@@ -1,5 +1,7 @@
-#!/bin/bash
+#!/bin/sh
 
-if [ -f /etc/letsencrypt/live/davole.com/fullchain.pem -a -f /etc/letsencrypt/live/davole.com/privkey.pem ]; then
-  cat /etc/letsencrypt/live/davole.com/fullchain.pem /etc/letsencrypt/live/davole.com/privkey.pem > /etc/certificates/davole.com.pem
+echo "running concat certs..."
+if [ -f /etc/letsencrypt/live/terminaldweller.com/fullchain.pem -a -f /etc/letsencrypt/live/terminaldweller.com/privkey.pem ]; then
+  echo "when you're out, we're in...''"
+  cat /etc/letsencrypt/live/terminaldweller.com/fullchain.pem /etc/letsencrypt/live/terminaldweller.com/privkey.pem > /etc/certificates/terminaldweller.com.pem
 fi
diff --git a/matrix-server/certbot/scripts/create-certificates.sh b/matrix-server/certbot/scripts/create-certificates.sh
index 5fb6345..1bc1094 100644
--- a/matrix-server/certbot/scripts/create-certificates.sh
+++ b/matrix-server/certbot/scripts/create-certificates.sh
@@ -1,9 +1,10 @@
-#!/bin/bash
+#!/bin/sh
+echo "running create certs..."
 # Request certificates
 certbot certonly --standalone \
-  --non-interactive --agree-tos --email info@davole.com --http-01-port=380 \
-  --cert-name davole.com \
-  -d davole.com
+  --non-interactive --agree-tos --email thabogre@gmail.com --http-01-port=380 \
+  --cert-name terminaldweller.com \
+  -d terminaldweller.com
 # Concatenate certificates
 . /etc/scripts/concatenate-certificates.sh
 # Update certificates in HAProxy
diff --git a/matrix-server/certbot/scripts/renew-certificates.sh b/matrix-server/certbot/scripts/renew-certificates.sh
index e46d412..ff56115 100644
--- a/matrix-server/certbot/scripts/renew-certificates.sh
+++ b/matrix-server/certbot/scripts/renew-certificates.sh
@@ -1,7 +1,8 @@
-#!/bin/bash
+#!/bin/sh
 
+echo "running renew certs..."
 # Certificates exist
-if [ -d /etc/letsencrypt/live/davole.com ]; then
+if [ -d /etc/letsencrypt/live/terminaldweller.com ]; then
   # Check certificates and renew them
   certbot renew --http-01-port=380
 
diff --git a/matrix-server/certbot/scripts/update-haproxy-certificates.sh b/matrix-server/certbot/scripts/update-haproxy-certificates.sh
index a1f9fc6..9eaae7c 100644
--- a/matrix-server/certbot/scripts/update-haproxy-certificates.sh
+++ b/matrix-server/certbot/scripts/update-haproxy-certificates.sh
@@ -1,10 +1,11 @@
-#!/bin/bash
+#!/bin/sh
 
+echo "running update certs..."
 # Start transaction
-echo -e "set ssl cert /usr/local/etc/haproxy/certificates/davole.com.pem <<\n$(cat /etc/certificates/davole.com.pem)\n" | socat tcp-connect:haproxy:9999 -
+echo -e "set ssl cert /etc/letsencrypt/live/terminaldweller.com/fullchain.pem <<\n$(cat /etc/certificates/terminaldweller.com.pem)\n" | socat tcp-connect:haproxy:9999 -
 
 # Commit transaction
-echo "commit ssl cert /usr/local/etc/haproxy/certificates/davole.com.pem" | socat tcp-connect:haproxy:9999 -
+echo "commit ssl cert /etc/letsencrypt/live/terminaldweller.com/fullchain.pem" | socat tcp-connect:haproxy:9999 -
 
 # Show certification info (not essential)
-echo "show ssl cert /usr/local/etc/haproxy/certificates/davole.com.pem" | socat tcp-connect:haproxy:9999 -
+echo "show ssl cert /etc/letsencrypt/live/terminaldweller.com/fullchain.pem" | socat tcp-connect:haproxy:9999 -
diff --git a/matrix-server/docker-compose.yml b/matrix-server/docker-compose.yml
index 42083c2..eb0f354 100644
--- a/matrix-server/docker-compose.yml
+++ b/matrix-server/docker-compose.yml
@@ -1,4 +1,4 @@
-version: "3.8"
+version: "3.4"
 services:
   postgres:
     image: postgres:13-alpine
@@ -28,20 +28,26 @@ services:
       - dbnet
     volumes:
       - synapse-data:/data/
-      - cert-data:/etc/letsencrypt/live/
-      - ./synapse/homeserver.yaml:/data/homeserver.yaml:ro
+      # - cert-data:/etc/letsencrypt/live/
+      # - ./synapse/homeserver.yaml:/data/homeserver.yaml
+      # - ./synapse/terminaldweller.com.signing.key:/data/terminaldweller.com.signing.key
+      # - ./synapse/terminaldweller.com.log.config:/data/terminaldweller.com.log.config
+    # entrypoint: ["tail", "-f", "/dev/null"]
+    # command: ["generate"]
     depends_on:
       - postgres
       - haproxy
     ports:
       - "8008:8008"
-      - "8484:8484/tcp"
-      - "8443:443"
+      # - "8484:8484/tcp"
+      # - "443:443"
     environment:
+      - SYNAPSE_SERVER_NAME=terminaldweller.com
+      - SYNAPSE_REPORT_STATS=yes
       - SYNAPSE_DATA_DIR=/data/
       - SYNAPSE_CONFIG_DIR=/data/
       - SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
-      - TZ=Tehran/Asia
+      # - TZ=Tehran/Asia
     healthcheck:
       test: ["CMD", "curl", "-fSs", "http://localhost:8008/health"]
       interval: 1m
@@ -50,42 +56,49 @@ services:
   haproxy:
     image: haproxy:lts-alpine
     ports:
-      - "9080:80"
+      - "80:80"
       - "443:443"
       - "9999:9999"
+      - "8448:8448/tcp"
     networks:
       - matrixnet
       - turnnet
+      - certnet
     volumes:
       - ./haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro
-      - cert-data:/usr/local/etc/haproxy/certificates:ro
+      # - cert-data:/usr/local/etc/haproxy/certificates:ro
+      # - cert-data:/etc/certificates:ro
+      - certificates:/etc/certificates
     depends_on:
       - certbot
-    restart: on-failure
+    # restart: on-failure
   certbot:
     image: certbot
     build:
       context: ./certbot
     ports:
-      - "80:80"
+      - "9080:80"
       - "9443:443"
     networks:
       - certnet
     volumes:
-      - cert-data:/etc/certificates
+      # - cert-data:/etc/certificates
+      - certificates:/etc/certificates
+      - certbot-data:/etc/letsencrypt
     entrypoint: "/bin/sh -c 'trap exit TERM; while :; do . /etc/scripts/renew-certificates.sh ; sleep 12h & wait $${!}; done;'"
     restart: always
-  coturn:
-    image: coturn/coturn:latest
-    networks:
-      - turnnet
-    volumes:
-      - ./coturn/turnserver.conf:/etc/turnserver.conf:ro
-    ports:
-      - "3478:3478"
-      - "5349:5349"
-    depends_on:
-      - synapse
+    command: ["certonly"]
+  # coturn:
+  #   image: coturn/coturn:latest
+  #   networks:
+  #     - turnnet
+  #   volumes:
+  #     - ./coturn/turnserver.conf:/etc/turnserver.conf:ro
+  #   ports:
+  #     - "3478:3478"
+  #     - "5349:5349"
+  #   depends_on:
+  #     - synapse
 networks:
   matrixnet:
   certnet:
@@ -95,6 +108,8 @@ volumes:
   db-data:
   synapse-data:
   cert-data:
+  certificates:
+  certbot-data:
 secrets:
   pg_pass_secret:
     file: ./postgres/pg_pass_secret
diff --git a/matrix-server/haproxy/haproxy.cfg b/matrix-server/haproxy/haproxy.cfg
index 2afa3fb..c619259 100644
--- a/matrix-server/haproxy/haproxy.cfg
+++ b/matrix-server/haproxy/haproxy.cfg
@@ -1,30 +1,38 @@
 global
-  stats socket :9999 level admin expose-fd listeners
-  log stdout format raw local0
-  ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
+stats socket :9999 level admin expose-fd listeners
+log stdout format raw local0
+ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
+
+defaults
+timeout connect 5000ms
+timeout client 50000ms
+timeout server 50000ms
+default-server init-addr last,libc,none
 
 frontend http
-  bind :80
-  http-request redirect scheme https unless { ssl_fc }
-  acl certbot path_beg /.well-known/acme-challenge/
-  use_backend certbot if certbot
+bind *:80
+http-request redirect scheme https unless { ssl_fc }
+acl certbot path_beg /.well-known/acme-challenge/
+use_backend certbot if certbot
 
 frontend https
-  bind :::443 v4v6 ssl crt /etc/certificates strict-sni alpn h2.http/1.1
-  acl matrix-host hdr(host) -i matrix.example.com
-  acl matrix-path path_beg /_matrix
-  acl matrix-path path_beg /_synpase/client
-  use_backend matrix if matrix-host matrix-path
+#uncomment this to get ssl certificate for the first run
+bind *:443 v4v6 ssl crt /etc/certificates/terminaldweller.com.pem strict-sni alpn h2,http/1.1
+acl matrix-host hdr(host) -i terminaldweller.com
+acl matrix-path path_beg /_matrix
+acl matrix-path path_beg /_synpase/client
+use_backend matrix if matrix-host matrix-path
 
 frontend matrix-federation
- bind :::8448 v4v6 ssl crt /etc/certificates alpn h2.http/1.1
- default_backend matrix
+#uncomment this to get ssl certificate for the first run
+bind *:8448 v4v6 ssl crt /etc/certificates/terminaldweller.com.pem alpn h2,http/1.1
+default_backend matrix
 
-resolvers docker_resolver
-  nameserver dns 127.0.0.11:53
+resolvers docker
+nameserver dns1 127.0.0.11:53
 
 backend matrix
-  server matrix synapse:8008
+server matrix synapse:8008
 
 backend certbot
-  server certbot certbot:380
+server certbot certbot:380