-
-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Is it possible to automatically add matrix-nginx-proxy to an extra network with a specific alias? #1498
Comments
Perhaps Unfortunately, this exposes all Matrix services (not just Maybe ideally, you'd have The problem with |
This is precisely what I'd like to do. I already have a network set up for my front facing nginx proxy that allows it to access just the services it needs to. What I'm looking for is a way to have running |
I think you could try if modifying
---network={{ matrix_docker_network }}
+--network=matrix-public This makes the You can adjust the name of this
This connects the I wonder if running the
Let me know what you find and we can turn this into a PR! |
Option 2 with sleeping does seem to work! I set it up so that the matrix-nginx-proxy role has an additional variable named The one thing that worried me was that there could be an error starting matrix-nginx-proxy is it takes longer than 3 seconds for it to start up for some reason. So I did a bit of bash-fu to have it poll the container to see if it's up for up to 30 seconds before connecting it to the extra network. So what I'm proposing is that we add the following to
This is the first time I've ever worked with ansible and jinja directly so I'm not sure if I made an error or formatted it in a daft way. But it does seem to work. Let me know what you think, and if it looks good, I'll submit a PR. |
Ouch, that bash sleep loop is a little scary.. But I guess it could work. I think we should rethink the network situation some more (instead of just having I'm thinking we should introduce this change (2 separate |
Yes I'm not a fan of obtuse bash one-liners, but it felt like more of a correct solution than assuming the container will be up and running in three seconds. Written out in multiple lines makes it much more readable and less scary looking too. Are you thinking that |
You can now use Example: matrix_nginx_proxy_container_additional_networks: [traefik] Initially, I had created a # The container network (`--network` to use for matrix-nginx-proxy).
# This can be different than the network used for the other Matrix services.
# For background, see:
# - `matrix_nginx_proxy_container_network_to_connect`.
# - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1498
#
# Use this with caution.
#
# Using a different network may cause various breakage in certain configurations.
# For example, when Synapse works with workers enabled, bridges internally connect to Synapse
# via matrix-nginx-proxy, which ensures requests are forwarded to the correct worker process.
# A bridge that's part of another network (than matrix-nginx-proxy) may fail to reach matrix-nginx-proxy. .. but decided against it. As that comment says, making It's better to leave This "Synapse in workers mode is special and bridges need matrix-nginx-proxy's help to reach Synapse anyway" thing likely points out another problem with our setup. Perhaps there should be a reverse-proxy that is part of the Right now the That role would ideally expose Other roles would then only need to care about these 2 endpoints ( The |
I'm using an external nginx forward proxy running in another docker container to handle routing and https among all of my web services. Consequently for matrix I have my
vars.yml
set up with:What I'd like to do is add the
matrix-nginx-proxy
container and my external proxy's container to a different docker network than used by the rest of matrix, and assignmatrix-nginx-proxy
a specific alias on that network so that my proxy has a reliable hostname to use for it.I know I can use
matrix_docker_network
to assign a network for all of the matrix related docker containers, and could use the network that my external proxy is using, but then I think that's going against proper separation of concerns. The external nginx container shouldn't be on the same network and therefore have access to every matrix docker container. It should only be able to communicate withmatrix-nginx-proxy
.I can set this up manually after running
start
, and have confirmed that it works, but of course every time I restart matrix then I'd have to manually set it up again. It needs to be automated.Is there any way to do this?
The text was updated successfully, but these errors were encountered: