search

element-hq / matrix-authentication-service

https://element-hq.github.io/matrix-authentication-service/
GNU Affero General Public License v3.0
43 stars 10 forks source link

Sample caddyfile for synapse and mas #3614

Open ghostklart opened 1 day ago

ghostklart commented 1 day ago

Describe the bug Directly adding directives to caddyfile does not work.

To Reproduce Steps to reproduce the behavior:

  1. Setup MAS and Synapse
  2. Add new directives to caddyfile
  3. Restart caddy
  4. Authentication and redirection does not work with 404

Expected behavior For example, element web logs in successfully.

Additional context Caddyfile

matrix.{$INTERNALDOMAIN} {

    # special headers say
    import matrix-synapse yes

    #redir / /_matrix/static

    reverse_proxy /_matrix/* synapse-server:8008

        # mas
        reverse_proxy /_matrix/client/*/login synapse-auth:8080
        reverse_proxy /_matrix/client/*/logout synapse-auth:8080
        reverse_proxy /_matrix/client/*/refresh synapse-auth:8080

    # protected admin endpoint
        redir /_synapse/admin /_synapse/admin/
    handle_path /_synapse/admin/* {
        reverse_proxy synapse-server:8008
        import internal-access yes
    }

    # # # add sliding sync for element x
    reverse_proxy /sliding-sync/* sliding-sync:8009

    # part for worker redirect
    reverse_proxy /_synapse/client/* {
        to synapse-worker-1:8081 synapse-background-1:8081

        lb_policy ip_hash {
            fallback first
        }

        health_uri /health
        health_port 8081
        health_interval 15m
        health_timeout 15s
        health_follow_redirects
    }
    # redirect for admin page
    redir /admin /admin/
    handle_path /admin/* {
        reverse_proxy synapse-admin:80
        import internal-access yes
    }
}
ghostklart commented 20 hours ago

and solved again by the following example:

matrix.{$INTERNALDOMAIN} {

    # special headers say
    import matrix-synapse yes

    @mas-login {
        path_regexp /_matrix/client/(.*)/login
    }
    @mas-logout {
        path_regexp /_matrix/client/(.*)/logout
    }
    @mas-refresh {
        path_regexp /_matrix/client/(.*)/refresh
    }

    @federation {
        path_regexp /_matrix/federation/(v1|v2|v3)/(send|event|state|state_ids|backfill|get_missing_events|publicRooms|query|make_join|make_leave|send_join|send_leave|invite|query_auth|event_auth|exchange_third_party_invite|user/devices|get_groups_publicised|groups)(/?(.*)?)$
    }

    @federation1 {
        path_regexp /_matrix/key/v2/query/?$
    }

    @matrix-admin {
        path_regexp /_matrix/admin/(.*)
    }

    route @mas-login {
        reverse_proxy synapse-auth:8080
    }

    route @mas-logout {
        reverse_proxy synapse-auth:8080
    }

    route @mas-refresh {
        reverse_proxy synapse-auth:8080
    }

    route @federation {
        reverse_proxy synapse-federation:8081
    }

    route @federation1 {
        reverse_proxy synapse-federation:8081
    }

    reverse_proxy /_matrix/* synapse-server:8008
    # protected admin endpoint
    route @matrix-admin {
        reverse_proxy synapse-server:8008
        import internal-access yes
    }

    # # # add sliding sync for element x
    reverse_proxy /sliding-sync/* sliding-sync:8009

    # part for worker redirect
    reverse_proxy /_synapse/client/* {
        to synapse-worker-1:8081 synapse-background-1:8081

        lb_policy ip_hash {
            fallback first
        }

        health_uri /health
        health_port 8081
        health_interval 15m
        health_timeout 15s
        health_follow_redirects
    }
    # redirect for admin page
    redir /admin /admin/
    handle_path /admin/* {
        reverse_proxy synapse-admin:80
        import internal-access yes
    }
}