Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

HAProxy guide update #12279

Merged
merged 9 commits into from
Mar 28, 2022
Merged

HAProxy guide update #12279

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
e3cf849
Update reverse_proxy.md
villepeh Mar 23, 2022
6599074
Create 12124.doc
villepeh Mar 23, 2022
c13bfbe
Rename 12124.doc to 12279.doc
villepeh Mar 24, 2022
aee54e6
Merge branch 'develop' into patch-1
villepeh Mar 24, 2022
fdffc05
Merge branch 'develop' into patch-1
villepeh Mar 25, 2022
1065473
Made the doc edit a bit less extensive
villepeh Mar 25, 2022
ea6e428
Update 12279.doc
villepeh Mar 26, 2022
6fb686b
Update reverse_proxy.md
villepeh Mar 26, 2022
d04f4fb
Update changelog.d/12279.doc
richvdh Mar 28, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.d/12279.doc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
HAProxy guide update. Code cleanup and new config that stops sending IPv4-mapped address to homeserver. Also added a simple Delegation guide.
28 changes: 16 additions & 12 deletions docs/reverse_proxy.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -182,11 +182,9 @@ matrix.example.com {

```
frontend https
bind :::443 v4v6 ssl crt /etc/ssl/haproxy/ strict-sni alpn h2,http/1.1
villepeh marked this conversation as resolved.
Show resolved Hide resolved
http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
http-request set-header X-Forwarded-For %[src]

# Uncomment the line in the end to disable TLS <= v1.2
villepeh marked this conversation as resolved.
Show resolved Hide resolved
bind *:443,[::]:443 ssl crt /path/to/certificate.pem alpn h2,http/1.1 # ssl-min-ver TLSv1.2

# Matrix client traffic
acl matrix-host hdr(host) -i matrix.example.com matrix.example.com:443
acl matrix-path path_beg /_matrix
Expand All @@ -195,17 +193,23 @@ frontend https
use_backend matrix if matrix-host matrix-path

frontend matrix-federation
bind :::8448 v4v6 ssl crt /etc/ssl/haproxy/synapse.pem alpn h2,http/1.1
http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
http-request set-header X-Forwarded-For %[src]

# Uncomment the line in the end to disable TLS <= v1.2
bind *:8448,[::]:8448 ssl crt /path/to/certificate.pem alpn h2,http/1.1 # ssl-min-ver TLSv1.2

default_backend matrix

backend matrix
server matrix 127.0.0.1:8008
option forwardfor
villepeh marked this conversation as resolved.
Show resolved Hide resolved
http-request set-header X-Forwarded-Proto https
server matrix localhost:8008 # 127.0.0.1:8008 or [::1]:8008 should also work
villepeh marked this conversation as resolved.
Show resolved Hide resolved
```
[Delegation](delegate.md) example:
```
frontend https
# Add this anywhere in your frontend config
http-request return status 200 content-type application/json lf-string '{"m.server": "matrix.example.com:443"}' if { path -i -m str /.well-known/matrix/server }
http-request return status 200 content-type application/json lf-string '{"m.server": {"base_url": "matrix.example.com:443"}}' if { path -i -m str /.well-known/matrix/client }
villepeh marked this conversation as resolved.
Show resolved Hide resolved
```

### Relayd

```
Expand Down