bekkalokk/ingress: proxy matrix well-known files to bicep

Redirect subpages like ./well-known, add @-domains
Prepare to replace knakelibrak
2023-11-28 10:24:18 +01:00 · 2023-11-28 10:24:18 +01:00 · 2023-11-28 10:23:02 +01:00
2 changed files with 32 additions and 12 deletions
--- a/hosts/bekkalokk/services/nginx/ingress.nix
+++ b/hosts/bekkalokk/services/nginx/ingress.nix
@@ -6,21 +6,21 @@
      addSSL = true;
      enableACME = true;

-      locations = let
-        proxy_tom = ''
+      locations = {
+        # Proxy home directories
+        "/~" = {
+          extraConfig = ''
            proxy_redirect off;
            proxy_pass https://tom.pvv.ntnu.no;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
-        '';
-      in  {
-        # Proxy home directories
-        "/~".extraConfig = proxy_tom;
+          '';
+        };

-        # Redirect old wiki entries - TODO: Move these to the main website
-        "= /disk".return = "301 https://www.pvv.ntnu.no/pvv/Diskkjøp";
+        # Redirect old wiki entries
+        "/disk".return = "301 https://www.pvv.ntnu.no/pvv/Diskkjøp";
        "/dok/boker.php".return = "301 https://www.pvv.ntnu.no/pvv/Bokhyllen";
        "/styret/lover/".return = "301 https://www.pvv.ntnu.no/pvv/Lover";
        "/styret/".return = "301 https://www.pvv.ntnu.no/pvv/Styret";
@@ -29,17 +29,25 @@
        "/medlemssider/meldinn.php".return = "301 https://www.pvv.ntnu.no/pvv/Medlemskontingent";
        "/diverse/medlems-sider.php".return = "301 https://www.pvv.ntnu.no/pvv/Medlemssider";
        "/cert/".return = "301 https://www.pvv.ntnu.no/pvv/CERT";
-        "= /drift".return = "301 https://www.pvv.ntnu.no/pvv/Drift";
+        "/drift".return = "301 https://www.pvv.ntnu.no/pvv/Drift";
        "/diverse/abuse.php".return = "301 https://www.pvv.ntnu.no/pvv/CERT/Abuse";
        "/nerds/".return = "301 https://www.pvv.ntnu.no/pvv/Nerdepizza";
-        "/pvvmud/".extraConfig = proxy_tom;
-	"= /pvvmud".return = "301 $request_uri/";

        # TODO: Redirect webmail
        "/webmail".return = "301 https://webmail.pvv.ntnu.no/squirrelmail";

        # Redirect everything else to the main website
        "/".return = "301 https://www.pvv.ntnu.no$request_uri";
+
+        # Proxy the matrix well-known files
+        # Host has be set before proxy_pass
+        # The header must be set so nginx on the other side routes it to the right place
+        "/.well-known/matrix/" = {
+          extraConfig = ''
+            proxy_set_header Host matrix.pvv.ntnu.no;
+            proxy_pass https://matrix.pvv.ntnu.no/.well-known/matrix/;
+          '';
+        };
      };
    };
  };
--- a/hosts/bicep/services/matrix/synapse.nix
+++ b/hosts/bicep/services/matrix/synapse.nix
@@ -216,7 +216,19 @@ in {

  services.redis.servers."".enable = true;
  
-  services.nginx.virtualHosts."matrix.pvv.ntnu.no" = lib.mkMerge [({
+  services.nginx.virtualHosts."matrix.pvv.ntnu.no" = lib.mkMerge [
+  ({
+    locations."/.well-known/matrix/server" = {
+      return = ''
+        200 '{"m.server": "matrix.pvv.ntnu.no:443"}'
+      '';
+      extraConfig = ''
+        default_type application/json;
+        add_header Access-Control-Allow-Origin *;
+      '';
+    };
+  })
+  ({
    locations = let
      connectionInfo = w: matrix-lib.workerConnectionResource "metrics" w;
      socketAddress = w: let c = connectionInfo w; in "${c.host}:${toString (c.port)}";
Author	SHA1	Message	Date
Daniel Olsen	1ef033c754	bekkalokk/ingress: proxy matrix well-known files to bicep	2023-11-28 10:24:18 +01:00
Felix Albrigtsen	d900dc1b1b	Redirect subpages like ./well-known, add @-domains	2023-11-28 10:24:18 +01:00
h7x4	d5985e02f3	Prepare to replace knakelibrak Co-authored-by: Felix Albrigtsen <felix@albrigtsen.it>	2023-11-28 10:23:02 +01:00