diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 2a6a0211666fd7a1fcf188c6b736e295705ea97d..5d3c14c72fab9fe2d1d6f98c904a3de319661e8c 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -101,3 +101,29 @@ web-proxy host01 run:
WORKDIR: Compose/web-proxy/host01
when: manual
rules: *compose-rules
+
+# Matrix Compose deployment.
+
+matrix-build:
+ extends: .compose-build
+ tags: &matrix-tags [host01.shore.co.il]
+ variables: &matrix-vars
+ WORKDIR: Compose/matrix
+
+matrix-pull:
+ extends: .compose-pull
+ tags: *matrix-tags
+ variables: *matrix-vars
+
+matrix-run:
+ extends: .compose-run
+ tags: *matrix-tags
+ variables: *matrix-vars
+ needs:
+ - job: matrix-build
+ - job: matrix-pull
+ after_script:
+ # yamllint disable rule:line-length
+ - docker-compose exec synapse sh -c "while [ ! -f /conf/homeserver.yaml ]; do echo Waiting for the config file.; sleep 1; done"
+ - docker-compose exec synapse update_synapse_database --run-background-updates --database-config /conf/homeserver.yaml
+ # yamllint enable rule:line-length
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index c234cb76026a6ad4d48833d962898f6f39a033af..4bad376e51cc6760c4ff84bec610102315c3daf0 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -12,7 +12,8 @@ repos:
- id: check-toml
- id: check-xml
- id: check-yaml
- exclude: ^Ansible/roles/(wap|router)/vars/main\.yaml$
+ # yamllint disable-line rule:line-length
+ exclude: ^Ansible/roles/(wap|router)/vars/main\.yaml$|^Compose/matrix/synapse/homeserver\.yaml$
- id: detect-private-key
- id: end-of-file-fixer
- id: trailing-whitespace
@@ -50,6 +51,7 @@ repos:
rev: v1.26.3
hooks:
- id: yamllint
+ exclude: ^Compose/matrix/synapse/homeserver\.yaml$$
- repo: https://github.com/executablebooks/mdformat.git
rev: 0.7.10
diff --git a/Ansible/renew-certs.yaml b/Ansible/renew-certs.yaml
index e02af56ef9aa9c9a84f4e249e1735ec88c6f3d0e..4b5c6bbb36c77c95f7ea62eec4d872bc87f80575 100644
--- a/Ansible/renew-certs.yaml
+++ b/Ansible/renew-certs.yaml
@@ -69,6 +69,7 @@
- nextcloud.shore.co.il
- ns1.shore.co.il
- notify.shore.co.il
+ - matrix.shore.co.il
- sogo.shore.co.il
- vouch.shore.co.il
- zpush.shore.co.il
diff --git a/Ansible/roles/router/files/nsd/shore.co.il b/Ansible/roles/router/files/nsd/shore.co.il
index 35c6b8b962700195ddf46b188c39e59b4da027b1..14e6fda873ff1ef70d23479a3f6ce477d747334a 100644
--- a/Ansible/roles/router/files/nsd/shore.co.il
+++ b/Ansible/roles/router/files/nsd/shore.co.il
@@ -2,11 +2,12 @@
$TTL 1h
$ORIGIN shore.co.il.
@ IN SOA ns1 hostmaster (
- 2023040801
- 4h
- 1h
- 4w
- 3h )
+ 2023121501 ; Serial
+ 4h ; Refresh
+ 1h ; Retry
+ 4w ; Expire
+ 3h ; Negative response cache TTL
+)
IN NS ns1
IN NS ns4
@@ -63,6 +64,7 @@ kibana IN CNAME ns4
kodi IN CNAME ns1
lam IN CNAME ns1
library IN CNAME ns1
+matrix IN CNAME ns1
mta-sts IN CNAME smtp
myip IN CNAME ns4
nextcloud IN CNAME ns1
diff --git a/Compose/matrix/.env b/Compose/matrix/.env
new file mode 100644
index 0000000000000000000000000000000000000000..9b5468ba5da69ef54ff262b4f8c7471ad5ca558e
--- /dev/null
+++ b/Compose/matrix/.env
@@ -0,0 +1 @@
+COMPOSE_PROJECT_NAME=matrix
diff --git a/Compose/matrix/README.md b/Compose/matrix/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..7805c7cfc4459b44513ef2fffbf076e7b159cf59
--- /dev/null
+++ b/Compose/matrix/README.md
@@ -0,0 +1,4 @@
+# Matrix
+
+Deploy a Matrix homeserver using
+[Synapse](https://element-hq.github.io/synapse/latest/).
diff --git a/Compose/matrix/docker-compose.yaml b/Compose/matrix/docker-compose.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..c955fded15207a4b821ae4dc9ce63342c64ed559
--- /dev/null
+++ b/Compose/matrix/docker-compose.yaml
@@ -0,0 +1,50 @@
+---
+version: '3.5'
+
+services:
+ postgres:
+ environment:
+ POSTGRES_DB: &postgres_db synapse
+ POSTGRES_INITDB_ARGS: --encoding=UTF-8 --lc-collate=C --lc-ctype=C
+ POSTGRES_PASSWORD: &postgres_password "${SYNAPSE_DB_PASS}"
+ POSTGRES_USER: &postgres_user synapse
+ image: registry.shore.co.il/postgres
+ restart: always
+ volumes:
+ - postgres:/var/lib/postgresql/data
+
+ synapse:
+ build:
+ context: synapse/
+ depends_on:
+ - postgres
+ environment:
+ LDAP_URI: ldap://ldap:389
+ POSTGRES_DB: *postgres_db
+ POSTGRES_HOST: postgres
+ POSTGRES_PASSWORD: *postgres_password
+ POSTGRES_USER: *postgres_user
+ SYNAPSE_SERVER_NAME: shore.co.il
+ SIGNING_KEY: "${SYNAPSE_SIGNING_KEY}"
+ SYNAPSE_ADMIN_CONTACT: "mailto:postmaster@shore.co.il"
+ SYNAPSE_LOG_LEVEL: WARNING
+ SYNAPSE_MACAROON_SECRET_KEY: "${SYNAPSE_MACAROON_SECRET_KEY}"
+ # yamllint disable-line rule:line-length
+ SYNAPSE_REGISTRATION_SHARED_SECRET: "${SYNAPSE_REGISTRATION_SHARED_SECRET}"
+ SYNAPSE_SMTP_HOST: smtp
+ restart: always
+ volumes:
+ - data:/data
+ - _run_slapd:/run/slapd
+
+volumes:
+ data:
+ postgres:
+ _run_slapd:
+ external: true
+ name: run_slapd
+
+networks:
+ default:
+ name: shore
+ external: true
diff --git a/Compose/matrix/synapse/.dockerignore b/Compose/matrix/synapse/.dockerignore
new file mode 100644
index 0000000000000000000000000000000000000000..dd449725e188f816bcebfc05678064efcbc29a81
--- /dev/null
+++ b/Compose/matrix/synapse/.dockerignore
@@ -0,0 +1 @@
+*.md
diff --git a/Compose/matrix/synapse/Dockerfile b/Compose/matrix/synapse/Dockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..f0cd569e8316849093d9ccd07b63d6b3e14ca6aa
--- /dev/null
+++ b/Compose/matrix/synapse/Dockerfile
@@ -0,0 +1,6 @@
+FROM docker.io/matrixdotorg/synapse:v1.98.0
+ENV SYNAPSE_CONFIG_DIR=/conf
+ENV SYNAPSE_REPORT_STATS=yes
+COPY --chown=root:root entrypoint_wrapper /
+COPY --chown=root:root homeserver.yaml /conf/
+ENTRYPOINT ["/entrypoint_wrapper"]
diff --git a/Compose/matrix/synapse/README.md b/Compose/matrix/synapse/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..fe8760aee910775b5b6c715562850a388bc017f8
--- /dev/null
+++ b/Compose/matrix/synapse/README.md
@@ -0,0 +1,4 @@
+# Synapse
+
+The Synapse Matrix homeserver. Tweaked to generate the configuration and
+secret files from environment variables.
diff --git a/Compose/matrix/synapse/entrypoint_wrapper b/Compose/matrix/synapse/entrypoint_wrapper
new file mode 100755
index 0000000000000000000000000000000000000000..7c5c1461b0c5b636a2bdec6af06d0ab3556708e7
--- /dev/null
+++ b/Compose/matrix/synapse/entrypoint_wrapper
@@ -0,0 +1,19 @@
+#!/bin/sh
+set -eux
+
+# We wrap the default entrypoint script and generate the configuration file and
+# other secret files from environment variables, but only if we're running the
+# homeserver.
+if [ "$#" -eq 0 ] || [ "$1" = run ]
+then
+ if [ -n "${SIGNING_KEY:-}" ]
+ then
+ echo "$SIGNING_KEY" > "/conf/${SYNAPSE_SERVER_NAME}.signing.key"
+ chmod 644 "/conf/${SYNAPSE_SERVER_NAME}.signing.key"
+ fi
+ /start.py migrate_config
+ cat /conf/homeserver.yaml
+ python3 -m synapse.config -c /conf/homeserver.yaml
+fi
+
+exec /start.py "$@"
diff --git a/Compose/matrix/synapse/homeserver.yaml b/Compose/matrix/synapse/homeserver.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..247c028eae5b7a249b22f1c7f77d86330d1a44db
--- /dev/null
+++ b/Compose/matrix/synapse/homeserver.yaml
@@ -0,0 +1,140 @@
+# vim:ft=yaml
+---
+# For more information on how to configure Synapse, including a complete accounting of
+# each option, go to
+# https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html
+# For the original version of this file go to
+# https://github.com/element-hq/synapse/blob/master/docker/conf/homeserver.yaml
+
+server_name: "{{ SYNAPSE_SERVER_NAME }}"
+pid_file: /homeserver.pid
+web_client: false
+soft_file_limit: 0
+log_config: "{{ SYNAPSE_LOG_CONFIG }}"
+admin_contact: "{{ SYNAPSE_ADMIN_CONTACT }}"
+registration_shared_secret: "{{ SYNAPSE_REGISTRATION_SHARED_SECRET }}"
+enable_registration: false
+
+## Ports ##
+
+listeners:
+ - port: {{ SYNAPSE_HTTP_PORT or 8008 }}
+ tls: false
+ bind_addresses: ['::']
+ type: http
+ x_forwarded: true
+ resources:
+ - names: [client]
+ compress: true
+ - names: [federation]
+ compress: false
+
+## Database ##
+
+database:
+ name: "psycopg2"
+ args:
+ user: '{{ POSTGRES_USER or "synapse" }}'
+ password: '{{ POSTGRES_PASSWORD }}'
+ database: '{{ POSTGRES_DB or "synapse" }}'
+ host: '{{ POSTGRES_HOST or "db" }}'
+ port: '{{ POSTGRES_PORT or "5432" }}'
+ cp_min: {{ POSTGRES_CP_MIN or 5 }}
+ cp_max: {{ POSTGRES_CP_MAX or 10 }}
+
+## email ##
+
+email:
+ notif_from: "Your Friendly %(app)s homeserver <noreply@{{ SYNAPSE_SERVER_NAME }}>"
+ smtp_host: "{{ SYNAPSE_SMTP_HOST }}"
+ smtp_pass: "{{ SYNAPSE_SMTP_PASS }}"
+ smtp_port: "{{ SYNAPSE_SMTP_PORT }}"
+ smtp_user: "{{ SYNAPSE_SMTP_USER }}"
+
+## Performance ##
+
+event_cache_size: '{{ SYNAPSE_EVENT_CACHE_SIZE or "10K" }}'
+
+## Ratelimiting ##
+
+rc_messages_per_second: 0.2
+rc_message_burst_count: 10.0
+federation_rc_window_size: 1000
+federation_rc_sleep_limit: 10
+federation_rc_sleep_delay: 500
+federation_rc_reject_limit: 50
+federation_rc_concurrent: 3
+
+## Files ##
+
+media_store_path: "/data/media"
+max_upload_size: '{{ SYNAPSE_MAX_UPLOAD_SIZE or "50M" }}'
+max_image_pixels: "32M"
+dynamic_thumbnails: false
+
+# List of thumbnail to precalculate when an image is uploaded.
+thumbnail_sizes:
+- width: 32
+ height: 32
+ method: crop
+- width: 96
+ height: 96
+ method: crop
+- width: 320
+ height: 240
+ method: scale
+- width: 640
+ height: 480
+ method: scale
+- width: 800
+ height: 600
+ method: scale
+
+url_preview_enabled: false
+max_spider_size: "10M"
+
+
+## Metrics ###
+
+enable_metrics: '{{ SYNAPSE_REPORT_STATS.lower() == "yes" }}'
+report_stats: '{{ SYNAPSE_REPORT_STATS.lower() == "yes" }}'
+
+## API Configuration ##
+
+{% if SYNAPSE_APPSERVICES %}
+app_service_config_files:
+{% for appservice in SYNAPSE_APPSERVICES %}
+ - "{{ appservice }}"
+{% endfor %}
+{% endif %}
+
+macaroon_secret_key: "{{ SYNAPSE_MACAROON_SECRET_KEY }}"
+expire_access_token: false
+
+## Signing Keys ##
+
+signing_key_path: "/conf/{{ SYNAPSE_SERVER_NAME }}.signing.key"
+old_signing_keys: {}
+key_refresh_interval: "1d" # 1 Day.
+
+# The trusted servers to download signing keys from.
+suppress_key_server_warning: true
+trusted_key_servers:
+ - server_name: matrix.org
+ verify_keys:
+ "ed25519:auto": "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw" # pragma: allowlist secret
+
+password_config:
+ enabled: true
+
+modules:
+ - module: "ldap_auth_provider.LdapAuthProviderModule"
+ config:
+ enabled: true
+ uri: '{{ LDAP_URI or "ldapi:///run/slapd/ldapi" }}'
+ start_tls: {{ LDAP_TLS or False }}
+ base: '{{ LDAP_BASE_DN or "ou=People,dc=shore,dc=co,dc=il" }}'
+ attributes:
+ uid: "cn"
+ mail: "mail"
+ name: "givenName"
diff --git a/Compose/web-proxy/host01/conf.d/auth.shore.co.il.conf b/Compose/web-proxy/host01/conf.d/auth.shore.co.il.conf
index 8e6e33e018944a14e2f6a7ab920e37553dbb116e..e2052eeacde61e28289f954c3d6667b45a44ecc0 100644
--- a/Compose/web-proxy/host01/conf.d/auth.shore.co.il.conf
+++ b/Compose/web-proxy/host01/conf.d/auth.shore.co.il.conf
@@ -16,8 +16,9 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name auth.shore.co.il;
include snippets/robots-disallow-all.conf;
include snippets/ads-txt.conf;
diff --git a/Compose/web-proxy/host01/conf.d/code.shore.co.il.conf b/Compose/web-proxy/host01/conf.d/code.shore.co.il.conf
index 5c985d2757ca89c9e46fc6732084b6f62f09d11e..54934dffcaba852ffd78c4667bccb02644e5e1ab 100644
--- a/Compose/web-proxy/host01/conf.d/code.shore.co.il.conf
+++ b/Compose/web-proxy/host01/conf.d/code.shore.co.il.conf
@@ -13,8 +13,9 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name code.shore.co.il;
include snippets/robots-disallow-all.conf;
include snippets/ads-txt.conf;
diff --git a/Compose/web-proxy/host01/conf.d/git.shore.co.il.conf b/Compose/web-proxy/host01/conf.d/git.shore.co.il.conf
index d408b7d77c8e2aaa82a5e3647206d06ccebe0c63..ec037e50c2f094bdfcf7c0ff7810f271001e03e7 100644
--- a/Compose/web-proxy/host01/conf.d/git.shore.co.il.conf
+++ b/Compose/web-proxy/host01/conf.d/git.shore.co.il.conf
@@ -13,8 +13,9 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name git.shore.co.il;
include snippets/robots-allow-all.conf;
include snippets/ads-txt.conf;
diff --git a/Compose/web-proxy/host01/conf.d/lam.shore.co.il.conf b/Compose/web-proxy/host01/conf.d/lam.shore.co.il.conf
index 2bb9eb2399f788d18118fa29e163ec6d2c42d25f..ece1321785f16d63e3e108503cba7796d9661bf4 100644
--- a/Compose/web-proxy/host01/conf.d/lam.shore.co.il.conf
+++ b/Compose/web-proxy/host01/conf.d/lam.shore.co.il.conf
@@ -13,8 +13,9 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name lam.shore.co.il;
include snippets/robots-disallow-all.conf;
include snippets/ads-txt.conf;
diff --git a/Compose/web-proxy/host01/conf.d/mail.shore.co.il.conf b/Compose/web-proxy/host01/conf.d/mail.shore.co.il.conf
index fa99b280626b9a401c977a4fe3beedf13f83f699..e16619da9cf945601ca83138f75e145ceadc5e69 100644
--- a/Compose/web-proxy/host01/conf.d/mail.shore.co.il.conf
+++ b/Compose/web-proxy/host01/conf.d/mail.shore.co.il.conf
@@ -10,8 +10,9 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name mta-sts.shore.co.il mta-sts.nehe.sr;
root /var/www/mail.shore.co.il/;
include snippets/robots-disallow-all.conf;
diff --git a/Compose/web-proxy/host01/conf.d/matrix.shore.co.il.conf b/Compose/web-proxy/host01/conf.d/matrix.shore.co.il.conf
new file mode 100644
index 0000000000000000000000000000000000000000..ac2e07c8d942692f8105fd0ee951acd96f9f1af4
--- /dev/null
+++ b/Compose/web-proxy/host01/conf.d/matrix.shore.co.il.conf
@@ -0,0 +1,31 @@
+# vim: ft=nginx
+map $host $matrix { default synapse; }
+
+server {
+ listen 80;
+ listen [::]:80;
+ server_name matrix.shore.co.il;
+ include snippets/robots-disallow-all.conf;
+ include snippets/ads-txt.conf;
+ include snippets/security-txt.conf;
+ include snippets/www-acme-challenge.conf;
+ include snippets/redirect-https.conf;
+}
+
+server {
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
+ server_name matrix.shore.co.il;
+ include snippets/robots-disallow-all.conf;
+ include snippets/ads-txt.conf;
+ include snippets/security-txt.conf;
+ include snippets/ssl-modern.conf;
+
+ location / {
+ proxy_pass http://$matrix:8008$request_uri;
+ proxy_http_version 1.1;
+ include snippets/proxy-headers.conf;
+ client_max_body_size 50m;
+ }
+}
diff --git a/Compose/web-proxy/host01/conf.d/nextcloud.shore.co.il.conf b/Compose/web-proxy/host01/conf.d/nextcloud.shore.co.il.conf
index 33a9b73263b590ff728fa2cc0642ee4a05a5463d..2de292e2cfb49fc9610654827a01ae3134003a8d 100644
--- a/Compose/web-proxy/host01/conf.d/nextcloud.shore.co.il.conf
+++ b/Compose/web-proxy/host01/conf.d/nextcloud.shore.co.il.conf
@@ -13,8 +13,9 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name nextcloud.shore.co.il;
include snippets/robots-disallow-all.conf;
include snippets/ads-txt.conf;
diff --git a/Compose/web-proxy/host01/conf.d/notify.shore.co.il.conf b/Compose/web-proxy/host01/conf.d/notify.shore.co.il.conf
index db9e761a20fd8a95fdfb92c0b3f3dba29993fcad..4f0f0b96c1d127d479f0a7a5ded3a6173e7cdfe8 100644
--- a/Compose/web-proxy/host01/conf.d/notify.shore.co.il.conf
+++ b/Compose/web-proxy/host01/conf.d/notify.shore.co.il.conf
@@ -13,8 +13,9 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name notify.shore.co.il;
include snippets/robots-disallow-all.conf;
include snippets/ads-txt.conf;
diff --git a/Compose/web-proxy/host01/conf.d/sogo.shore.co.il.conf b/Compose/web-proxy/host01/conf.d/sogo.shore.co.il.conf
index 189579f4419a35d50a175bb94bd479ae00e8b458..09dcaa4874b7295f50736a4e69171e44539ae2f0 100644
--- a/Compose/web-proxy/host01/conf.d/sogo.shore.co.il.conf
+++ b/Compose/web-proxy/host01/conf.d/sogo.shore.co.il.conf
@@ -13,8 +13,9 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name sogo.shore.co.il;
include snippets/robots-disallow-all.conf;
include snippets/ads-txt.conf;
diff --git a/Compose/web-proxy/host01/conf.d/vouch.shore.co.il.conf b/Compose/web-proxy/host01/conf.d/vouch.shore.co.il.conf
index ec6ce8a9a4fefed7f40b04a83594999920039e0d..96dea202b0fc2f515abc25452e813530d25e79fa 100644
--- a/Compose/web-proxy/host01/conf.d/vouch.shore.co.il.conf
+++ b/Compose/web-proxy/host01/conf.d/vouch.shore.co.il.conf
@@ -13,8 +13,9 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name vouch.shore.co.il;
include snippets/robots-disallow-all.conf;
include snippets/ads-txt.conf;
diff --git a/Compose/web-proxy/host01/conf.d/zpush.shore.co.il.conf b/Compose/web-proxy/host01/conf.d/zpush.shore.co.il.conf
index aa251063e4fffc3c7fd91c77a600d143238a595d..7415681883aaf1d4a92d9fcdb75f851358f8340d 100644
--- a/Compose/web-proxy/host01/conf.d/zpush.shore.co.il.conf
+++ b/Compose/web-proxy/host01/conf.d/zpush.shore.co.il.conf
@@ -13,8 +13,9 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name zpush.shore.co.il;
include snippets/robots-disallow-all.conf;
include snippets/ads-txt.conf;
diff --git a/Compose/web-proxy/host01/docker-compose.yml b/Compose/web-proxy/host01/docker-compose.yml
index 842c67f256b73e68eb9f27b43e4bbe1c6252c0df..b7f28f04ae31d32036c5254eec406a3b3efa1c8a 100644
--- a/Compose/web-proxy/host01/docker-compose.yml
+++ b/Compose/web-proxy/host01/docker-compose.yml
@@ -15,6 +15,7 @@ services:
- git.shore.co.il
- kibana.shore.co.il
- lam.shore.co.il
+ - matrix.shore.co.il
- mta-sts.shore.co.il
- sogo.shore.co.il
- vouch.shore.co.il
diff --git a/Compose/web-proxy/kodi/conf.d/kodi.shore.co.il.conf b/Compose/web-proxy/kodi/conf.d/kodi.shore.co.il.conf
index 215e67de3278d5eef7ac2d72f55cd101dab681a6..366b018b73b1669c482f422abe34eeab2c92a9c3 100644
--- a/Compose/web-proxy/kodi/conf.d/kodi.shore.co.il.conf
+++ b/Compose/web-proxy/kodi/conf.d/kodi.shore.co.il.conf
@@ -13,8 +13,9 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name kodi.shore.co.il;
include snippets/robots-disallow-all.conf;
include snippets/ads-txt.conf;
diff --git a/Compose/web-proxy/kodi/conf.d/library.shore.co.il.conf b/Compose/web-proxy/kodi/conf.d/library.shore.co.il.conf
index 99d9ed9e0eea0118b75463065c533293f27864b8..73e538457a2402ce829e96c3891a8fedd7249eaf 100644
--- a/Compose/web-proxy/kodi/conf.d/library.shore.co.il.conf
+++ b/Compose/web-proxy/kodi/conf.d/library.shore.co.il.conf
@@ -13,8 +13,9 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name library.shore.co.il;
include snippets/robots-disallow-all.conf;
include snippets/ads-txt.conf;
diff --git a/Compose/web-proxy/kodi/conf.d/transmission.shore.co.il.conf b/Compose/web-proxy/kodi/conf.d/transmission.shore.co.il.conf
index 0fb970f50d1e85dc9884fc9afbf5aba66065c479..d17bf91b5908f17a3a9daebcd4fdf966c33a44da 100644
--- a/Compose/web-proxy/kodi/conf.d/transmission.shore.co.il.conf
+++ b/Compose/web-proxy/kodi/conf.d/transmission.shore.co.il.conf
@@ -13,8 +13,9 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name transmission.shore.co.il;
include snippets/robots-disallow-all.conf;
include snippets/ads-txt.conf;
diff --git a/Compose/web-proxy/ns4/conf.d/autoconfig.shore.co.il.conf b/Compose/web-proxy/ns4/conf.d/autoconfig.shore.co.il.conf
index 9fb1103fe933c8e387a82ea1de55acddbe7ffe7b..5cc26ff22f5f70ec50fdc8fe89c71f2378b88a5d 100644
--- a/Compose/web-proxy/ns4/conf.d/autoconfig.shore.co.il.conf
+++ b/Compose/web-proxy/ns4/conf.d/autoconfig.shore.co.il.conf
@@ -11,8 +11,9 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name autoconfig.shore.co.il autoconfig.nehe.sr;
root /var/www/autoconfig.shore.co.il/;
include snippets/robots-allow-all.conf;
diff --git a/Compose/web-proxy/ns4/conf.d/elasticsearch.shore.co.il.conf b/Compose/web-proxy/ns4/conf.d/elasticsearch.shore.co.il.conf
index 6a60200604953f26846a8c9a9cedde25f1fd5851..77b517003709ece5006cc892db4f031114208c36 100644
--- a/Compose/web-proxy/ns4/conf.d/elasticsearch.shore.co.il.conf
+++ b/Compose/web-proxy/ns4/conf.d/elasticsearch.shore.co.il.conf
@@ -13,8 +13,9 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name elasticsearch.shore.co.il;
include snippets/robots-disallow-all.conf;
include snippets/ads-txt.conf;
diff --git a/Compose/web-proxy/ns4/conf.d/kibana.shore.co.il.conf b/Compose/web-proxy/ns4/conf.d/kibana.shore.co.il.conf
index 46edfee2a6270975fdf8d9ba5406db537ea15fcf..3e4ba7b279493fafb87d2679d489470288396105 100644
--- a/Compose/web-proxy/ns4/conf.d/kibana.shore.co.il.conf
+++ b/Compose/web-proxy/ns4/conf.d/kibana.shore.co.il.conf
@@ -13,8 +13,9 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name kibana.shore.co.il;
include snippets/robots-disallow-all.conf;
include snippets/ads-txt.conf;
diff --git a/Compose/web-proxy/ns4/conf.d/myip.shore.co.il.conf b/Compose/web-proxy/ns4/conf.d/myip.shore.co.il.conf
index 222d2d44bb2de8159fa575a61320defc6439488b..be8757c2f0528c928cbe11f1521180d0a181035a 100644
--- a/Compose/web-proxy/ns4/conf.d/myip.shore.co.il.conf
+++ b/Compose/web-proxy/ns4/conf.d/myip.shore.co.il.conf
@@ -12,8 +12,9 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name myip.shore.co.il;
include snippets/robots-disallow-all.conf;
include snippets/ads-txt.conf;
diff --git a/Compose/web-proxy/ns4/conf.d/nehe.sr.conf b/Compose/web-proxy/ns4/conf.d/nehe.sr.conf
index 289bb2a9da44814ed3a0aeb23572a24f1076296a..eab2ecf084f63acb10bf736192a9058ce3c016c8 100644
--- a/Compose/web-proxy/ns4/conf.d/nehe.sr.conf
+++ b/Compose/web-proxy/ns4/conf.d/nehe.sr.conf
@@ -6,19 +6,22 @@ server {
include snippets/robots-allow-all.conf;
include snippets/ads-txt.conf;
include snippets/security-txt.conf;
+ include snippets/matrix-well-known.conf;
include snippets/www-acme-challenge.conf;
include snippets/redirect-www.conf;
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name nehe.sr;
include snippets/robots-allow-all.conf;
include snippets/ads-txt.conf;
include snippets/security-txt.conf;
include snippets/ssl-legacy.conf;
include snippets/nextcloud-well-known.conf;
+ include snippets/matrix-well-known.conf;
include snippets/activesync.conf;
include snippets/redirect-www.conf;
}
diff --git a/Compose/web-proxy/ns4/conf.d/nehes.co.conf b/Compose/web-proxy/ns4/conf.d/nehes.co.conf
index db751ddfaabb0c6db942e6ca6f204870bdcf0980..90b802cb4203af6b376c3706370208026efbf88a 100644
--- a/Compose/web-proxy/ns4/conf.d/nehes.co.conf
+++ b/Compose/web-proxy/ns4/conf.d/nehes.co.conf
@@ -6,18 +6,21 @@ server {
include snippets/robots-allow-all.conf;
include snippets/ads-txt.conf;
include snippets/security-txt.conf;
+ include snippets/matrix-well-known.conf;
include snippets/www-acme-challenge.conf;
include snippets/redirect-www.conf;
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name nehes.co;
include snippets/robots-allow-all.conf;
include snippets/ads-txt.conf;
include snippets/security-txt.conf;
include snippets/ssl-legacy.conf;
+ include snippets/matrix-well-known.conf;
include snippets/nextcloud-well-known.conf;
include snippets/activesync.conf;
include snippets/redirect-www.conf;
diff --git a/Compose/web-proxy/ns4/conf.d/registry.shore.co.il.conf b/Compose/web-proxy/ns4/conf.d/registry.shore.co.il.conf
index d2693728e0902cc5f68dfdfa4fb987f4ce4ab2b5..bc228fc8f0ff0f7a5fbfeecd0064cab223133e85 100644
--- a/Compose/web-proxy/ns4/conf.d/registry.shore.co.il.conf
+++ b/Compose/web-proxy/ns4/conf.d/registry.shore.co.il.conf
@@ -11,8 +11,9 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name registry.shore.co.il;
include snippets/ssl-modern.conf;
diff --git a/Compose/web-proxy/ns4/conf.d/shore.co.il.conf b/Compose/web-proxy/ns4/conf.d/shore.co.il.conf
index 24d3c4b5bdc90b6d59fb0a254a9027cd043f345e..f734ded50334b53b1573ee6522a368dff939a35f 100644
--- a/Compose/web-proxy/ns4/conf.d/shore.co.il.conf
+++ b/Compose/web-proxy/ns4/conf.d/shore.co.il.conf
@@ -8,6 +8,7 @@ server {
include snippets/robots-allow-all.conf;
include snippets/ads-txt.conf;
include snippets/security-txt.conf;
+ include snippets/matrix-well-known.conf;
include snippets/www-acme-challenge.conf;
include snippets/redirect-www.conf;
@@ -15,17 +16,18 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name shore.co.il;
include snippets/robots-allow-all.conf;
include snippets/ads-txt.conf;
include snippets/security-txt.conf;
include snippets/ssl-legacy.conf;
include snippets/nextcloud-well-known.conf;
+ include snippets/matrix-well-known.conf;
include snippets/activesync.conf;
include snippets/redirect-www.conf;
- include snippets/matrix-well-known.conf;
location = / { return 301 https://www.shore.co.il/blog/; }
}
diff --git a/Compose/web-proxy/ns4/conf.d/www.nehe.sr.conf b/Compose/web-proxy/ns4/conf.d/www.nehe.sr.conf
index 414cd4d0d15a048fed3ff87be1e7fa0b74f886a5..9a739965c596f646a8fa58fdd3f081d012624c15 100644
--- a/Compose/web-proxy/ns4/conf.d/www.nehe.sr.conf
+++ b/Compose/web-proxy/ns4/conf.d/www.nehe.sr.conf
@@ -11,8 +11,9 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name www.nehe.sr;
include snippets/robots-allow-all.conf;
include snippets/ads-txt.conf;
diff --git a/Compose/web-proxy/ns4/conf.d/www.nehes.co.conf b/Compose/web-proxy/ns4/conf.d/www.nehes.co.conf
index fdd0d5bbbd0e1f1b2b0b9977b78dbcaf819629a1..647b8f4f277f29f08587cb902409d7a25630a5a1 100644
--- a/Compose/web-proxy/ns4/conf.d/www.nehes.co.conf
+++ b/Compose/web-proxy/ns4/conf.d/www.nehes.co.conf
@@ -11,8 +11,9 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name www.nehes.co;
include snippets/robots-allow-all.conf;
include snippets/ads-txt.conf;
diff --git a/Compose/web-proxy/ns4/conf.d/www.shore.co.il.conf b/Compose/web-proxy/ns4/conf.d/www.shore.co.il.conf
index d496c2df656308927d98fb52a7b82486f839becb..18b5e161253af0d15577e7d2ac6a7dfdc3029ba6 100644
--- a/Compose/web-proxy/ns4/conf.d/www.shore.co.il.conf
+++ b/Compose/web-proxy/ns4/conf.d/www.shore.co.il.conf
@@ -16,8 +16,9 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name www.shore.co.il;
include snippets/robots-allow-all.conf;
include snippets/ads-txt.conf;
diff --git a/Compose/web-proxy/ns4/snippets/matrix-well-known.conf b/Compose/web-proxy/ns4/snippets/matrix-well-known.conf
new file mode 100644
index 0000000000000000000000000000000000000000..beb47c942dc93369a849351d3b9fd97b766d6a72
--- /dev/null
+++ b/Compose/web-proxy/ns4/snippets/matrix-well-known.conf
@@ -0,0 +1,21 @@
+# vim: ft=nginx
+location = /.well-known/matrix/server {
+ if ($scheme = http) {
+ return 301 https://$host$request_uri;
+ }
+ if ($scheme = https) {
+ add_header Content-Type "application/json; charset=utf-8";
+ return 200 "{\"m.server\": \"matrix.shore.co.il:443\"}";
+ }
+}
+
+location = /.well-known/matrix/client {
+ if ($scheme = http) {
+ return 301 https://$host$request_uri;
+ }
+ if ($scheme = https) {
+ add_header Content-Type "application/json; charset=utf-8";
+ add_header Access-Control-Allow-Origin *;
+ return 200 "{\"m.homeserver\": { \"base_url\": \"https://matrix.shore.co.il\" } }";
+ }
+}