Enable (Traefik compression middleware)-assisted compression for Synapse

This likely breaks QR code login for non-worker Synapse setups. See #3749
spantaleev · Nov 14, 2024 · 609cf59 · 609cf59
1 parent 4a61bd4
commit 609cf59
Show file tree

Hide file tree

Showing 4 changed files with 58 additions and 0 deletions.
diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
@@ -4676,6 +4676,9 @@ matrix_synapse_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_prim
 matrix_synapse_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
 matrix_synapse_container_labels_traefik_hostname: "{{ matrix_server_fqn_matrix }}"
 
+matrix_synapse_container_labels_traefik_compression_middleware_enabled: "{{ matrix_playbook_reverse_proxy_traefik_middleware_compession_enabled }}"
+matrix_synapse_container_labels_traefik_compression_middleware_name: "{{ matrix_playbook_reverse_proxy_traefik_middleware_compession_name if matrix_playbook_reverse_proxy_traefik_middleware_compession_enabled else '' }}"
+
 matrix_synapse_container_labels_matrix_labels_enabled: "{{ not matrix_synapse_workers_enabled }}"
 
 matrix_synapse_container_labels_public_client_root_redirection_enabled: "{{ matrix_synapse_container_labels_public_client_root_redirection_url != '' }}"

diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml
@@ -186,6 +186,11 @@ matrix_synapse_container_labels_traefik_entrypoints: web-secure
 matrix_synapse_container_labels_traefik_tls_certResolver: default  # noqa var-naming
 matrix_synapse_container_labels_traefik_hostname: ''
 
+# Controls whether a compression middleware will be injected into the middlewares list.
+# This compression middleware is supposed to be defined elsewhere (using labels or a File provider, etc.) and is merely referenced by this router.
+matrix_synapse_container_labels_traefik_compression_middleware_enabled: false
+matrix_synapse_container_labels_traefik_compression_middleware_name: ""
+
 # Controls whether Matrix-related labels will be added.
 #
 # When set to false, variables like the following take no effect:

diff --git a/roles/custom/matrix-synapse/tasks/validate_config.yml b/roles/custom/matrix-synapse/tasks/validate_config.yml
@@ -39,6 +39,8 @@
     - {'name': 'matrix_synapse_experimental_features_msc3861_admin_token', when: "{{ matrix_synapse_experimental_features_msc3861_enabled }}"}
     - {'name': 'matrix_synapse_experimental_features_msc3861_account_management_url', when: "{{ matrix_synapse_experimental_features_msc3861_enabled }}"}
 
+    - {'name': 'matrix_synapse_container_labels_traefik_compression_middleware_name', when: "{{ matrix_synapse_container_labels_traefik_compression_middleware_enabled }}"}
+
 - name: Fail if asking for more than 1 instance of single-instance workers
   ansible.builtin.fail:
     msg: >-

diff --git a/roles/custom/matrix-synapse/templates/synapse/labels.j2 b/roles/custom/matrix-synapse/templates/synapse/labels.j2
@@ -19,6 +19,10 @@ traefik.http.services.matrix-synapse-metrics.loadbalancer.server.port={{ matrix_
 
 {% set client_root_middlewares = [] %}
 
+{% if matrix_synapse_container_labels_traefik_compression_middleware_enabled %}
+{% set client_root_middlewares = client_root_middlewares + [matrix_synapse_container_labels_traefik_compression_middleware_name] %}
+{% endif %}
+
 {% if matrix_synapse_container_labels_public_client_root_redirection_enabled %}
 {% set client_root_middlewares = client_root_middlewares + ['matrix-synapse-public-client-root-redirect'] %}
 traefik.http.middlewares.matrix-synapse-public-client-root-redirect.redirectregex.regex=(.*)
@@ -66,8 +70,18 @@ traefik.http.routers.matrix-synapse-public-client-root.tls.certResolver={{ matri
 #                                                          #
 ############################################################
 
+{% set client_api_middlewares = [] %}
+
+{% if matrix_synapse_container_labels_traefik_compression_middleware_enabled %}
+{% set client_api_middlewares = client_api_middlewares + [matrix_synapse_container_labels_traefik_compression_middleware_name] %}
+{% endif %}
+
 traefik.http.routers.matrix-synapse-public-client-api.rule={{ matrix_synapse_container_labels_public_client_api_traefik_rule }}
 
+{% if client_api_middlewares | length > 0 %}
+traefik.http.routers.matrix-synapse-public-client-api.middlewares={{ client_api_middlewares | join(',') }}
+{% endif %}
+
 {% if matrix_synapse_container_labels_public_client_api_traefik_priority | int > 0 %}
 traefik.http.routers.matrix-synapse-public-client-api.priority={{ matrix_synapse_container_labels_public_client_api_traefik_priority }}
 {% endif %}
@@ -120,8 +134,18 @@ traefik.http.routers.matrix-synapse-internal-client-api.entrypoints={{ matrix_sy
 #                                                          #
 ############################################################
 
+{% set synapse_client_api_middlewares = [] %}
+
+{% if matrix_synapse_container_labels_traefik_compression_middleware_enabled %}
+{% set synapse_client_api_middlewares = synapse_client_api_middlewares + [matrix_synapse_container_labels_traefik_compression_middleware_name] %}
+{% endif %}
+
 traefik.http.routers.matrix-synapse-public-client-synapse-client-api.rule={{ matrix_synapse_container_labels_public_client_synapse_client_api_traefik_rule }}
 
+{% if synapse_client_api_middlewares | length > 0 %}
+traefik.http.routers.matrix-synapse-public-client-synapse-client-api.middlewares={{ synapse_client_api_middlewares | join(',') }}
+{% endif %}
+
 {% if matrix_synapse_container_labels_public_client_synapse_client_api_traefik_priority | int > 0 %}
 traefik.http.routers.matrix-synapse-public-client-synapse-client-api.priority={{ matrix_synapse_container_labels_public_client_synapse_client_api_traefik_priority }}
 {% endif %}
@@ -149,8 +173,18 @@ traefik.http.routers.matrix-synapse-public-client-synapse-client-api.tls.certRes
 #                                                          #
 ############################################################
 
+{% set synapse_admin_api_middlewares = [] %}
+
+{% if matrix_synapse_container_labels_traefik_compression_middleware_enabled %}
+{% set synapse_admin_api_middlewares = synapse_admin_api_middlewares + [matrix_synapse_container_labels_traefik_compression_middleware_name] %}
+{% endif %}
+
 traefik.http.routers.matrix-synapse-public-client-synapse-admin-api.rule={{ matrix_synapse_container_labels_public_client_synapse_admin_api_traefik_rule }}
 
+{% if synapse_admin_api_middlewares | length > 0 %}
+traefik.http.routers.matrix-synapse-public-client-synapse-admin-api.middlewares={{ synapse_admin_api_middlewares | join(',') }}
+{% endif %}
+
 {% if matrix_synapse_container_labels_public_client_synapse_admin_api_traefik_priority | int > 0 %}
 traefik.http.routers.matrix-synapse-public-client-synapse-admin-api.priority={{ matrix_synapse_container_labels_public_client_synapse_admin_api_traefik_priority }}
 {% endif %}
@@ -178,8 +212,18 @@ traefik.http.routers.matrix-synapse-public-client-synapse-admin-api.tls.certReso
 #                                                          #
 ############################################################
 
+{% set federation_api_middlewares = [] %}
+
+{% if matrix_synapse_container_labels_traefik_compression_middleware_enabled %}
+{% set federation_api_middlewares = federation_api_middlewares + [matrix_synapse_container_labels_traefik_compression_middleware_name] %}
+{% endif %}
+
 traefik.http.routers.matrix-synapse-public-federation-api.rule={{ matrix_synapse_container_labels_public_federation_api_traefik_rule }}
 
+{% if federation_api_middlewares | length > 0 %}
+traefik.http.routers.matrix-synapse-public-federation-api.middlewares={{ federation_api_middlewares | join(',') }}
+{% endif %}
+
 {% if matrix_synapse_container_labels_public_federation_api_traefik_priority | int > 0 %}
 traefik.http.routers.matrix-synapse-public-federation-api.priority={{ matrix_synapse_container_labels_public_federation_api_traefik_priority }}
 {% endif %}
@@ -216,6 +260,10 @@ traefik.http.routers.matrix-synapse-public-federation-api.tls.certResolver={{ ma
 
 {% set metrics_middlewares = [] %}
 
+{% if matrix_synapse_container_labels_traefik_compression_middleware_enabled %}
+{% set metrics_middlewares = metrics_middlewares + [matrix_synapse_container_labels_traefik_compression_middleware_name] %}
+{% endif %}
+
 {% if matrix_synapse_container_labels_public_metrics_middleware_basic_auth_enabled %}
 {% set metrics_middlewares = metrics_middlewares + ['matrix-synapse-metrics-basic-auth'] %}
 traefik.http.middlewares.matrix-synapse-metrics-basic-auth.basicauth.users={{ matrix_synapse_container_labels_public_metrics_middleware_basic_auth_users }}