Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Add domain specific matching for haproxy config #11128

Merged
merged 3 commits into from
Nov 1, 2021
Merged

Add domain specific matching for haproxy config #11128

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
149c3db
Add domain specific matching for haproxy config
bb4242 Oct 19, 2021
4450553
Switch to a different matching syntax
bb4242 Oct 21, 2021
cabc389
Update changelog.d/11128.doc
reivilibre Nov 1, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.d/11128.doc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Improve example HAProxy config in the docs to properly handle host headers with port information. This is required for federation to work correctly.
reivilibre marked this conversation as resolved.
Show resolved Hide resolved
2 changes: 1 addition & 1 deletion docs/reverse_proxy.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -188,7 +188,7 @@ frontend https
http-request set-header X-Forwarded-For %[src]

# Matrix client traffic
acl matrix-host hdr(host) -i matrix.example.com
acl matrix-host hdr(host) -i matrix.example.com matrix.example.com:443
Copy link
Member

@richvdh richvdh Oct 21, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

although this is needed if you have your matrix federation traffic pointed to point :443, it's not required for matrix client traffic, which is what this frontend is trying to cover, per the comment on the line above.

Note the text at lines 32-33:

Let's assume that we expect ... other servers to connect at https://example.com:8448.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, that's a good point! I had set up my federation traffic to point to :443 quite a while ago and kind of forgot it was configured that way. I believe I set it up that way following the example here:

{
    "m.server": "synapse.example.com:443"
}

but without fully realizing that this was a bit of a non-standard configuration. My previous relayd configuration was happily ignoring the extra port information, so federation only broke when I switched over to HAProxy and it was stricter about that. I'm happy to chalk this up to my misunderstanding and close this PR, unless anyone thinks there's anything useful to discuss further here. Sorry for the confusion!

acl matrix-path path_beg /_matrix
acl matrix-path path_beg /_synapse/client

Expand Down