-
-
Save brknkfr/5c60f969c8a11c81b990822826e3cb35 to your computer and use it in GitHub Desktop.
Nginx config for scaling matrix synapse server via workers
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Matrix Synapse workers example config | |
| # backends | |
| upstream synapse_main { | |
| server 192.168.11.19:8008; | |
| } | |
| upstream synapse_client { | |
| hash $mxid_localpart consistent; | |
| server 192.168.11.19:8010; | |
| server 192.168.11.19:8011; | |
| } | |
| upstream synapse_media { | |
| server 192.168.11.19:8012; | |
| } | |
| upstream synapse_federation { | |
| server 192.168.11.19:8016; | |
| } | |
| upstream synapse_stream { | |
| server 192.168.11.19:8018; | |
| } | |
| # map urls to backend | |
| # based on list from | |
| # https://github.com/matrix-org/synapse/blob/develop/docs/workers.md | |
| map $request_uri $synapse_backend { | |
| default synapse_main; | |
| # Sync requests | |
| ~*^/_matrix/client/(r0|v3)/sync$ synapse_client; | |
| ~*^/_matrix/client/(api/v1|r0|v3)/events$ synapse_client; | |
| ~*^/_matrix/client/(api/v1|r0|v3)/initialSync$ synapse_client; | |
| ~*^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$ synapse_client; | |
| # Federation requests | |
| ~*^/_matrix/federation/v1/event/ synapse_federation; | |
| ~*^/_matrix/federation/v1/state/ synapse_federation; | |
| ~*^/_matrix/federation/v1/state_ids/ synapse_federation; | |
| ~*^/_matrix/federation/v1/backfill/ synapse_federation; | |
| ~*^/_matrix/federation/v1/get_missing_events/ synapse_federation; | |
| ~*^/_matrix/federation/v1/publicRooms synapse_federation; | |
| ~*^/_matrix/federation/v1/query/ synapse_federation; | |
| ~*^/_matrix/federation/v1/make_join/ synapse_federation; | |
| ~*^/_matrix/federation/v1/make_leave/ synapse_federation; | |
| ~*^/_matrix/federation/(v1|v2)/send_join/ synapse_federation; | |
| ~*^/_matrix/federation/(v1|v2)/send_leave/ synapse_federation; | |
| ~*^/_matrix/federation/(v1|v2)/invite/ synapse_federation; | |
| ~*^/_matrix/federation/v1/event_auth/ synapse_federation; | |
| ~*^/_matrix/federation/v1/timestamp_to_event/ synapse_federation; | |
| ~*^/_matrix/federation/v1/exchange_third_party_invite/ synapse_federation; | |
| ~*^/_matrix/federation/v1/user/devices/ synapse_federation; | |
| ~*^/_matrix/key/v2/query synapse_federation; | |
| ~*^/_matrix/federation/v1/hierarchy/ synapse_federation; | |
| # Inbound federation transaction request | |
| ~*^/_matrix/federation/v1/send/ synapse_federation; | |
| # Client API requests | |
| ~*^/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$ synapse_client; | |
| ~*^/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$ synapse_client; | |
| ~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$ synapse_client; | |
| ~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$ synapse_client; | |
| ~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$ synapse_client; | |
| ~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$ synapse_client; | |
| ~*^/_matrix/client/v1/rooms/.*/hierarchy$ synapse_client; | |
| ~*^/_matrix/client/v1/rooms/.*/threads$ synapse_client; | |
| ~*^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$ synapse_client; | |
| ~*^/_matrix/client/(r0|v3|unstable)/account/3pid$ synapse_client; | |
| ~*^/_matrix/client/(r0|v3|unstable)/account/whoami$ synapse_client; | |
| ~*^/_matrix/client/(r0|v3|unstable)/devices$ synapse_client; | |
| ~*^/_matrix/client/versions$ synapse_client; | |
| ~*^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$ synapse_client; | |
| ~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/ synapse_client; | |
| ~*^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$ synapse_client; | |
| ~*^/_matrix/client/(api/v1|r0|v3|unstable)/search$ synapse_client; | |
| ~*^/_matrix/client/(r0|v3|unstable)/user/.*/filter(/|$) synapse_client; | |
| ~*^/_matrix/client/(api/v1|r0|v3|unstable)/directory/room/.*$ synapse_client; | |
| ~*^/_matrix/client/(r0|v3|unstable)/capabilities$ synapse_client; | |
| ~*^/_matrix/client/(r0|v3|unstable)/notifications$ synapse_client; | |
| # Encryption requests | |
| ~*^/_matrix/client/(r0|v3|unstable)/keys/query$ synapse_client; | |
| ~*^/_matrix/client/(r0|v3|unstable)/keys/changes$ synapse_client; | |
| ~*^/_matrix/client/(r0|v3|unstable)/keys/claim$ synapse_client; | |
| ~*^/_matrix/client/(r0|v3|unstable)/room_keys/ synapse_client; | |
| # Registration/login requests | |
| ~*^/_matrix/client/(api/v1|r0|v3|unstable)/login$ synapse_client; | |
| ~*^/_matrix/client/(r0|v3|unstable)/register$ synapse_client; | |
| ~*^/_matrix/client/v1/register/m.login.registration_token/validity$ synapse_client; | |
| ~*^/_matrix/client/(r0|v3|unstable)/keys/upload/ synapse_client; | |
| # Event sending requests | |
| ~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact synapse_client; | |
| ~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send synapse_client; | |
| ~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/ synapse_client; | |
| ~*^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$ synapse_client; | |
| ~*^/_matrix/client/(api/v1|r0|v3|unstable)/join/ synapse_client; | |
| ~*^/_matrix/client/(api/v1|r0|v3|unstable)/knock/ synapse_client; | |
| ~*^/_matrix/client/(api/v1|r0|v3|unstable)/profile/ synapse_client; | |
| # Account data requests | |
| ~*^/_matrix/client/(r0|v3|unstable)/.*/tags synapse_stream; | |
| ~*^/_matrix/client/(r0|v3|unstable)/.*/account_data synapse_stream; | |
| # Receipts requests | |
| ~*^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt synapse_stream; | |
| ~*^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers synapse_stream; | |
| # Presence requests | |
| ~*^/_matrix/client/(api/v1|r0|v3|unstable)/presence/ synapse_stream; | |
| # User directory search requests | |
| ~*^/_matrix/client/(r0|v3|unstable)/user_directory/search$ synapse_client; | |
| # Media requests | |
| ~*^/_matrix/media/ synapse_media; | |
| ~*^/_synapse/admin/v1/purge_media_cache$ synapse_media; | |
| ~*^/_synapse/admin/v1/room/.*/media.*$ synapse_media; | |
| ~*^/_synapse/admin/v1/user/.*/media.*$ synapse_media; | |
| ~*^/_synapse/admin/v1/media/.*$ synapse_media; | |
| ~*^/_synapse/admin/v1/quarantine_media/.*$ synapse_media; | |
| ~*^/_synapse/admin/v1/users/.*/media$ synapse_media; | |
| } | |
| # Move sync to client workers | |
| map $arg_since $sync { | |
| default synapse_main; | |
| '' synapse_client; | |
| } | |
| # Extract username from access token passed as URL parameter | |
| map $arg_access_token $accesstoken_from_urlparam { | |
| # Defaults to just passing back the whole accesstoken | |
| default $arg_access_token; | |
| # Try to extract username part from accesstoken URL parameter | |
| "~syt_(?<username>.*?)_.*" $username; | |
| } | |
| # Extract username from access token passed as authorization header | |
| map $http_authorization $mxid_localpart { | |
| # Defaults to just passing back the whole accesstoken | |
| default $http_authorization; | |
| # Try to extract username part from accesstoken header | |
| "~Bearer syt_(?<username>.*?)_.*" $username; | |
| # if no authorization-header exist, try mapper for URL parameter "access_token" | |
| "" $accesstoken_from_urlparam; | |
| } | |
| server { | |
| listen 443 ssl http2; | |
| listen [::]:443 ssl http2; | |
| server_name example.com; | |
| # SSL | |
| ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; | |
| ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; | |
| ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem; | |
| # security | |
| #include snippets/security.conf; | |
| location ~ ^(/_matrix|/_synapse/client) { | |
| # use whatever backend our map gives us | |
| proxy_pass http://$synapse_backend; | |
| include snippets/proxy.conf; | |
| client_max_body_size 5g; | |
| # Fuck no | |
| access_log off; | |
| log_not_found off; | |
| add_header Backend-Server $synapse_backend; | |
| } | |
| # This is also provided by synapse server | |
| location /.well-known/matrix/client { | |
| return 200 '{"m.homeserver": {"base_url": "https://example.com/"}}'; | |
| default_type application/json; | |
| add_header Access-Control-Allow-Origin *; | |
| access_log off; | |
| log_not_found off; | |
| } | |
| location /.well-known/matrix/server { | |
| return 200 '{"m.server": "example.com:443"}'; | |
| default_type application/json; | |
| add_header Access-Control-Allow-Origin *; | |
| access_log off; | |
| log_not_found off; | |
| } | |
| # additional config | |
| #include snippets/general.conf; | |
| } | |
| # HTTP redirect | |
| server { | |
| listen 80; | |
| listen [::]:80; | |
| server_name example.com; | |
| include snippets/letsencrypt.conf; | |
| location / { | |
| return 301 https://example.com$request_uri; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment