--- nginx_upstreams: synapse_main: servers: - 8008 locations: - name: '/_matrix' - name: '/_synapse/client' - name: "{{ '/_matrix/media/' if matrix_media_repo_server is not defined and 'media_repository' not in synapse_workers | default('') else '' }}" additional_options: - "client_max_body_size {{ matrix_max_upload_size_mb }}M" matrix_media_repo: servers: - "{{ matrix_media_repo_server + ':9000' if matrix_media_repo_server is defined else '' }}" locations: - name: '/_matrix/media' proxy_headers: Host: "{{ matrix_domain }}" additional_options: - "client_max_body_size {{ matrix_max_upload_size_mb }}M" synapse_generic_sync: servers: "{{ synapse_workers.generic_sync | default('') }}" method: 'hash $mxid_localpart' locations: - name: '~ ^/_matrix/client/(api/v1|r0|v3)/events$' - name: "{{ '^/_matrix/client/(v2_alpha|r0|v3)/sync$' if 'generic_init_sync' not in synapse_workers | default('') else '' }}" synapse_generic_init_sync: servers: "{{ synapse_workers.generic_init_sync | default('') }}" method: 'hash $mxid_localpart' locations: - name: '~ ^/_matrix/client/(api/v1|r0|v3)/initialSync$' - name: '~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$' synapse_generic_client: servers: "{{ synapse_workers.generic_client | default('') }}" locations: - name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$' - name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$' - name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$' - name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$' - name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$' - name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$' - name: '~ ^/_matrix/client/v1/rooms/.*/hierarchy$' - name: '~ ^/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$' - name: '~ ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$' - name: '~ ^/_matrix/client/(r0|v3|unstable)/account/3pid$' - name: '~ ^/_matrix/client/(r0|v3|unstable)/account/whoami$' - name: '~ ^/_matrix/client/(r0|v3|unstable)/devices$' - name: '~ ^/_matrix/client/versions$' - name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$' - name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/' - name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$' - name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/search$' - name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/query$' additional_options: - 'proxy_read_timeout 1h' - name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/changes$' - name: '~ ^/_matrix/client/(r0|v3|unstable)/keys/claim$' - name: '~ ^/_matrix/client/(r0|v3|unstable)/room_keys/' - name: '~ ^/_matrix/client/(r0|v3|unstable)/keys/upload/' synapse_generic_login: servers: "{{ synapse_workers.generic_login | default('') }}" locations: - name: '~ ^/_matrix/client/(api/v1|r0|unstable|v3)/login$' - name: '~ ^/_matrix/client/(r0|unstable|v3)/register$' - name: '~ ^/_matrix/client/v1/register/m.login.registration_token/validity$' # SSO - name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/login/sso/redirect' - name: '~ ^/_synapse/client/pick_idp$' - name: '~ ^/_synapse/client/pick_username' - name: '~ ^/_synapse/client/new_user_consent$' - name: '~ ^/_synapse/client/sso_register$' # OIDC - name: '~ ^/_synapse/client/oidc/callback$' # SAML - name: '~ ^/_synapse/client/saml2/authn_response$' # CAS - name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/login/cas/ticket$' synapse_generic_federation: servers: "{{ synapse_workers.generic_federation | default('') }}" locations: - name: '~ ^/_matrix/federation/v1/event/' - name: '~ ^/_matrix/federation/v1/state/' - name: '~ ^/_matrix/federation/v1/state_ids/' additional_options: - 'proxy_read_timeout 1h' - name: '~ ^/_matrix/federation/v1/backfill/' - name: '~ ^/_matrix/federation/v1/get_missing_events/' - name: '~ ^/_matrix/federation/v1/publicRooms' - name: '~ ^/_matrix/federation/v1/query/' - name: '~ ^/_matrix/federation/v1/make_join/' - name: '~ ^/_matrix/federation/v1/make_leave/' - name: '~ ^/_matrix/federation/(v1|v2)/send_join/' - name: '~ ^/_matrix/federation/(v1|v2)/send_leave/' - name: '~ ^/_matrix/federation/(v1|v2)/invite/' - name: '~ ^/_matrix/federation/v1/event_auth/' - name: '~ ^/_matrix/federation/v1/exchange_third_party_invite/' - name: '~ ^/_matrix/federation/v1/user/devices/' - name: '~ ^/_matrix/key/v2/query' - name: '~ ^/_matrix/federation/v1/hierarchy/' synapse_generic_federation_send: servers: "{{ synapse_workers.generic_federation_send | default('') }}" method: 'ip_hash' locations: - name: '~ ^/_matrix/federation/v1/send/' additional_options: - 'proxy_read_timeout 1h' synapse_generic_event_send: servers: "{{ synapse_workers.generic_event_send | default('') }}" method: 'hash $request_uri' locations: - name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact' - name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send' - name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/' - name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$' - name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/join/' additional_options: - 'proxy_read_timeout 1h' - name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/' synapse_generic_pagination: servers: "{{ synapse_workers.generic_pagination | default('') }}" method: 'hash $request_uri' locations: - name: '~/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/messages$' synapse_user_dir: servers: "{{ synapse_workers.user_dir | default('') }}" locations: - name: '~ ^/_matrix/client/(r0|v3|unstable)/user_directory/search$' synapse_media_repository: servers: "{{ synapse_workers.media_repository | default('') }}" locations: - name: '/_matrix/media/' additional_options: - "client_max_body_size {{ matrix_max_upload_size_mb }}M" - name: '~ ^/_synapse/admin/v1/purge_media_cache$' - name: '~ ^/_synapse/admin/v1/room/.*/media.*$' - name: '~ ^/_synapse/admin/v1/user/.*/media.*$' - name: '~ ^/_synapse/admin/v1/media/.*$' - name: '~ ^/_synapse/admin/v1/quarantine_media/.*$' - name: '~ ^/_synapse/admin/v1/users/.*/media$' synapse_typing_persister: servers: "{{ synapse_workers.typing_persister | default('') }}" locations: - name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/typing' synapse_device_persister: servers: "{{ synapse_workers.device_persister | default('') }}" locations: - name: '~ ^/_matrix/client/(r0|v3|unstable)/sendToDevice/' synapse_account_persister: servers: "{{ synapse_workers.account_persister | default('') }}" locations: - name: '~ ^/_matrix/client/(r0|v3|unstable)/.*/tags' - name: '~ ^/_matrix/client/(r0|v3|unstable)/.*/account_data' synapse_receipt_persister: servers: "{{ synapse_workers.receipt_persister | default('') }}" locations: - name: '~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt' - name: '~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers' synapse_presence_persister: servers: "{{ synapse_workers.presence_persister | default('') }}" locations: - name: '^/_matrix/client/(api/v1|r0|v3|unstable)/presence/' maubot: servers: "{{ ['29316'] if 'maubot' in matrix_extras | default('') else '' }}" locations: - name: '/_matrix/maubot' mautrix_telegram: servers: "{{ ['29317'] if 'mautrix-telegram' in matrix_extras | default('') else '' }}" locations: - name: '/telegram' mautrix_facebook: servers: "{{ ['29319'] if 'mautrix-facebook' in matrix_extras | default('') else '' }}" locations: - name: '/facebook' mautrix_googlechat: servers: "{{ ['29320'] if 'mautrix-googlechat' in matrix_extras | default('') else '' }}" locations: - name: '/googlechat' mx_puppet_slack: servers: "{{ ['8432'] if 'mx-puppet-slack' in matrix_extras | default('') else '' }}" locations: - name: '/_matrix/slack' nginx_maps: sync: var: "{{ 'arg_since' if synapse_workers.generic_sync is defined and synapse_workers.generic_init_sync is defined else '' }}" rules: default: synapse_generic_sync "''": synapse_generic_init_sync locations: - name: '~ ^/_matrix/client/(r0|v3)/sync$' additional_options: - 'proxy_read_timeout 1h' mxid_localpart_urlparam: var: arg_access_token rules: default: $arg_access_token "'~syt_(?.*?)_.*'": $username mxid_localpart: var: http_authorization rules: default: $http_authorization "'~Bearer syt_(?.*?)_.*'": $username "''": $mxid_localpart_urlparam nginx_servers: - listen: - ip: 'all' - ip: "{{ 'localhost' if matrix_extras is defined and synapse_workers is defined else '' }}" port: 8009 return: - location: '/' type: 301 content: "{{ nginx_matrix_website_redirect }}" - location: '/.well-known/matrix/server' content_type: json content: m.server: "{{ matrix_server_domain }}" - location: '/.well-known/matrix/client' content_type: json content: m.homeserver: base_url: "{{ matrix_external_url }}" headers: Access-Control-Allow-Origin: "'*'" reverse_proxy: - synapse_main - matrix_media_repo - synapse_media_repository - synapse_generic_sync - synapse_generic_init_sync - synapse_generic_client - synapse_generic_login - synapse_generic_event_send - synapse_generic_pagination - synapse_user_dir - synapse_device_persister - synapse_typing_persister - synapse_account_persister - synapse_receipt_persister - synapse_presence_persister - maubot - mautrix_telegram - mautrix_facebook - mautrix_googlechat - mx_puppet_slack reverse_proxy_map: - sync - listen: - port: 8448 reverse_proxy: - synapse_main - matrix_media_repo - synapse_media_repository - synapse_generic_federation - synapse_generic_federation_send