andreas/synapse-app-mas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Postgres, LDAP, etc, check changelog

Browse Source
This commit is contained in:
msbt
2018-02-12 15:56:24 +01:00
parent 226eee4355
commit 5cd5b8dc2e
5 changed files with 125 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
CHANGELOG
View File

@@ -1,2 +1,10 @@
[0.1.1]
* Removed the Riot part of the installation due to security
* Changed from Sqlite to Postgres
* Added LDAP support
* Fixed upload limit in nginx_matrix.conf
* Added bogus index.html so cloudron recognizes the matrix server as online
* Added coturn as TURN server
[0.1.0] [0.1.0]
* Initial version * Initial version

24
CloudronManifest.json
View File

@@ -1,29 +1,37 @@
{ {
"id": "org.matrix.synapse_riot", "id": "org.matrix.synapse",
"title": "Matrix synapse with Riot", "title": "Synapse: Matrix homeserver without Riot",
"author": "Matrix synapse & Riot authors", "author": "Matrix synapse authors",
"description": "file://DESCRIPTION.md", "description": "file://DESCRIPTION.md",
"changelog": "file://CHANGELOG", "changelog": "file://CHANGELOG",
"tagline": "matrix server and web client", "tagline": "standalone matrix server",
"version": "0.1.0", "version": "0.1.1",
"healthCheckPath": "/", "healthCheckPath": "/",
"httpPort": 8000, "httpPort": 8000,
"memoryLimit": 536870912,
"tcpPorts": { "tcpPorts": {
"FEDERATION_PORT": { "FEDERATION_PORT": {
"title": "Federation Port", "title": "Federation Port",
"description": "Federation Port", "description": "Federation Port",
"defaultValue": 8448 "defaultValue": 8448
},
"TURN_TLS_PORT": {
"title": "TURN TLS port",
"description": "TURN TLS listening port for Voip",
"defaultValue": 5349
} }
}, },
"addons": { "addons": {
"localstorage": {} "localstorage": {},
"ldap": {},
"postgresql": {}
}, },
"manifestVersion": 1, "manifestVersion": 1,
"website": "https://matrix.org", "website": "https://matrix.org",
"contactEmail": "support@cloudron.io", "contactEmail": "support@cloudron.io",
"icon": "logo.png", "icon": "logo.png",
"tags": [ "tags": [
"im", "collaboration" "im", "collaboration", "voip", "videochat"
], ],
"mediaLinks": [ ] "mediaLinks": [ ]
} }

24
Dockerfile
View File

@@ -2,27 +2,39 @@ FROM cloudron/base:0.10.0
MAINTAINER Authors name <support@cloudron.io> MAINTAINER Authors name <support@cloudron.io>
RUN mkdir -p /app/code RUN mkdir -p /app/code
RUN mkdir -p /app/data
WORKDIR /app/code WORKDIR /app/code
EXPOSE 8000 EXPOSE 8000
# Riot web
RUN curl -L https://github.com/vector-im/riot-web/releases/download/v0.9.7/vector-v0.9.7.tar.gz | tar -xz --strip-components 1 -f -
RUN ln -sf /app/data/riot_config.json /app/code/config.json
# Nginx # Nginx
RUN rm /etc/nginx/sites-enabled/* RUN rm /etc/nginx/sites-enabled/*
ADD nginx_matrix.conf /etc/nginx/sites-enabled/ ADD nginx_matrix.conf /etc/nginx/sites-enabled/
RUN rm -rf /var/lib/nginx && ln -sf /app/data/nginx /var/lib/nginx RUN rm -rf /var/lib/nginx && ln -sf /app/data/nginx /var/lib/nginx
RUN rm -rf /var/log/nginx && ln -sf /app/data/nginx_log /var/log/nginx RUN rm -rf /var/log/nginx && ln -sf /app/data/nginx_log /var/log/nginx
# TURN
RUN apt update && apt-get install -y coturn
RUN sed -e 's,#TURNSERVER_ENABLED=1,TURNSERVER_ENABLED=1,' -i /etc/default/coturn \
&& rm /etc/turnserver.conf \
&& ln -s /app/data/turnserver.conf /etc/turnserver.conf
# Synapse # Synapse
RUN apt update && apt-get install -y build-essential python2.7-dev libffi-dev \ RUN apt-get install -y build-essential python2.7-dev libffi-dev \
python-wheel python-pip python-setuptools sqlite3 \ python-pip python-setuptools sqlite3 \
libssl-dev libjpeg-dev libxslt1-dev libssl-dev libjpeg-dev libxslt1-dev
RUN pip install --upgrade pip
RUN pip install --upgrade setuptools RUN pip install --upgrade setuptools
RUN pip install psycopg2-binary py-bcrypt
RUN pip install https://github.com/matrix-org/synapse/tarball/master RUN pip install https://github.com/matrix-org/synapse/tarball/master
# copy index.html
COPY index.html /app/code
RUN chown -R www-data.www-data /app/code RUN chown -R www-data.www-data /app/code
ADD start_matrix.sh /app/ ADD start_matrix.sh /app/

4
nginx_matrix.conf
View File

@@ -4,6 +4,9 @@ server {
server_name _; server_name _;
# required, else the limit is 1mb
client_max_body_size 20M;
location /_matrix { location /_matrix {
proxy_pass http://localhost:8008; proxy_pass http://localhost:8008;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For $remote_addr;
@@ -14,3 +17,4 @@ server {
index index.html; index index.html;
} }
} }

83
start_matrix.sh
View File

@@ -4,6 +4,14 @@ set -eux
if [[ ! -d /app/data/synapse ]]; then if [[ ! -d /app/data/synapse ]]; then
echo "=> Detected first run" echo "=> Detected first run"
# copy turn config
cp /usr/share/coturn/examples/etc/turnserver.conf /app/data/turnserver.conf
#set default TURN listening port
if [ -z ${TURN_TLS_PORT+x} ]; then TURN_TLS_PORT="5349"; else echo "TURN_TLS_PORT is set to '$TURN_TLS_PORT'"; fi
mkdir -p /app/data/synapse mkdir -p /app/data/synapse
cd /app/data/synapse cd /app/data/synapse
python -m synapse.app.homeserver \ python -m synapse.app.homeserver \
@@ -11,19 +19,86 @@ if [[ ! -d /app/data/synapse ]]; then
--config-path homeserver.yaml \ --config-path homeserver.yaml \
--report-stats=no \ --report-stats=no \
--generate-config --generate-config
# synapse config
sed -i "s/server_name:.*/server_name: ${APP_DOMAIN}/" homeserver.yaml
sed -i "s/web_client:.*/web_client: False/" homeserver.yaml
sed -i "s,- webclient .*,# - webclient # The bundled webclient," homeserver.yaml
sed -i "s/client, webclient/client/" homeserver.yaml
sed -i "s/sqlite3/psycopg2/" homeserver.yaml
sed -i "s/ database: .*/ user: ${POSTGRESQL_USERNAME}\n password: ${POSTGRESQL_PASSWORD}\n database: ${POSTGRESQL_DATABASE}\n host: ${POSTGRESQL_HOST}\n cp_min: 5\n cp_max: 10/" homeserver.yaml
sed -i "s/enable_registration: .*/enable_registration: True/" homeserver.yaml
sed -i "s/# password_providers:/password_providers:/" homeserver.yaml
sed -i 's/# - module: "ldap_auth_provider.LdapAuthProvider"/ - module: "ldap_auth_provider.LdapAuthProvider"/' homeserver.yaml
sed -i 's/# config:/ config:/' homeserver.yaml
sed -i 's/# enabled: true/ enabled: true/' homeserver.yaml
sed -i 's,# uri: .*, uri: "ldap://172.18.0.1:3002",' homeserver.yaml
sed -i 's/# start_tls: true/ start_tls: false/' homeserver.yaml
sed -i 's/# base: "ou=users,dc=example,dc=com"/ base: "ou=users,dc=cloudron"/' homeserver.yaml
sed -i 's/# attributes:/ attributes:/' homeserver.yaml
sed -i 's/# uid: "cn"/ uid: "username"/' homeserver.yaml
sed -i 's/# mail: "email"/ mail: "mail"/' homeserver.yaml
sed -i 's/# name: "givenName"/ name: "username"/' homeserver.yaml
sed -i 's/max_upload_size:.*/max_upload_size: "20M"/' homeserver.yaml
sed -i 's/#auto_join_rooms:/auto_join_rooms:/' homeserver.yaml
sed -i 's/# - "#example:example.com"/ - "#example:example.com"/' homeserver.yaml
sed -i "s/example:example.com/discuss:${APP_DOMAIN}/" homeserver.yaml
sed -i "s/turn_allow_guests:.*/turn_allow_guests: False/" homeserver.yaml
sed -i "s/enable_group_creation:.*/enable_group_creation: True/" homeserver.yaml
sed -i "s/enable_group_creation:.*/enable_group_creation: True/" homeserver.yaml
sed -i "s/#user_directory:/user_directory:/" homeserver.yaml
sed -i "s/# search_all_users:.*/ search_all_users: True/" homeserver.yaml
# coturn
TURNPWD=$(pwgen -s 64 1)
sed -i "s/#tls-listening-port=5349/tls-listening-port=5349/" /app/data/turnserver.conf
sed -i "s/#realm=mycompany.org/realm=${APP_DOMAIN}/" /app/data/turnserver.conf
sed -i "s/#lt-cred-mech/lt-cred-mech/" /app/data/turnserver.conf
sed -i "s/#use-auth-secret/use-auth-secret/" /app/data/turnserver.conf
sed -i "s/#lt-cred-mech/lt-cred-mech/" /app/data/turnserver.conf
sed -i "s/#static-auth-secret=.*/static-auth-secret=${TURNPWD}/" /app/data/turnserver.conf
sed -i "s/turn_uris: .*/turn_uris: [\"turn:${APP_DOMAIN}:${TURN_TLS_PORT}?transport=udp\", \"turn:${APP_DOMAIN}:${TURN_TLS_PORT}?transport=tcp\"]/" homeserver.yaml
sed -i "s/turn_shared_secret: .*/turn_shared_secret: \"${TURNPWD}\"/" homeserver.yaml
sed -i "s/#cipher-list=.*/cipher-list=\"HIGH\"/" /app/data/turnserver.conf
sed -i "s/#log-file=.*/log-file=\/app\/data\/turn_log\/turn.log/" /app/data/turnserver.conf
# get cert names from synapse
TLS_CRT=$(ls *.tls.crt)
TLS_KEY=$(ls *.tls.key)
TLS_DH=$(ls *.tls.dh)
sed -i "s,#cert=.*,cert=/app/data/synapse/${TLS_CRT}," /app/data/turnserver.conf
sed -i "s,#pkey=.*,pkey=/app/data/synapse/${TLS_KEY}," /app/data/turnserver.conf
sed -i "s,#dh-file=.*,dh-file=/app/data/synapse/${TLS_DH}," /app/data/turnserver.conf
fi fi
if [[ ! -e /app/data/riot_config.json ]]; then
cp /app/code/config.sample.json /app/data/riot_config.json
sed -i "s#https://matrix.org#https://$APP_DOMAIN#" /app/data/riot_config.json
fi
mkdir -p /app/data/nginx mkdir -p /app/data/nginx
mkdir -p /app/data/nginx_log mkdir -p /app/data/nginx_log
mkdir -p /app/data/turn_log
chown -R www-data.www-data /app/data chown -R www-data.www-data /app/data
cd /app/data/synapse cd /app/data/synapse
# check if TURN port has changed and update it
if [ -z ${TURN_TLS_PORT+x} ]; then TURN_TLS_PORT="5349"; fi
sed -i "s/turn_uris: .*/turn_uris: [\"turn:${APP_DOMAIN}:${TURN_TLS_PORT}?transport=udp\", \"turn:${APP_DOMAIN}:${TURN_TLS_PORT}?transport=tcp\"]/" homeserver.yaml
sed -i "s/tls-listening-port=.*/tls-listening-port=${TURN_TLS_PORT}/" /app/data/turnserver.conf
# check if certificate changed and update fingerprint
TLS_FINGERPRINT=$(openssl s_client -connect ${APP_DOMAIN}:${TURN_TLS_PORT} < /dev/null 2> /dev/null | openssl x509 -outform DER | openssl sha256 -binary | base64 | tr -d '=')
sed -i "s,^tls_fingerprints:.*,tls_fingerprints: [{sha256: \"${TLS_FINGERPRINT}\"}]," homeserver.yaml
gosu www-data turnserver -c /app/data/turnserver.conf --daemon -v
# update user and pass in case they changed
sed -i "s/ user: .*/ user: ${POSTGRESQL_USERNAME}/" homeserver.yaml
sed -i "s/ password: .*/ password: ${POSTGRESQL_PASSWORD}/" homeserver.yaml
sed -i "s/ database: .*/ database: ${POSTGRESQL_DATABASE}/" homeserver.yaml
gosu www-data python -m synapse.app.homeserver --config-path homeserver.yaml &> /dev/null & gosu www-data python -m synapse.app.homeserver --config-path homeserver.yaml &> /dev/null &
exec /usr/sbin/nginx -g 'daemon off;' exec /usr/sbin/nginx -g 'daemon off;'