Serve matrix well-known files from apache

So that we can set the CORS header Change-Id: I49eab2bda9a6b636a30384f7590c765079d31b20
2021-08-20 14:28:57 -07:00 · 2021-08-20 14:28:57 -07:00 · 2a697f8ecd
parent 690c8ec24e
commit 2a697f8ecd
5 changed files with 63 additions and 1 deletions
--- a/playbooks/roles/gitea/files/matrix-client
+++ b/playbooks/roles/gitea/files/matrix-client
@ -0,0 +1,8 @@
+{
+    "m.homeserver": {
+        "base_url": "https://opendev.ems.host"
+    },
+    "m.identity_server": {
+        "base_url": "https://vector.im"
+    }
+}
--- a/playbooks/roles/gitea/files/matrix-server
+++ b/playbooks/roles/gitea/files/matrix-server
@ -0,0 +1,3 @@
+{
+    "m.server": "opendev.ems.host:443"
+}
--- a/playbooks/roles/gitea/tasks/proxy.yaml
+++ b/playbooks/roles/gitea/tasks/proxy.yaml
@ -33,3 +33,28 @@
    group: root
    mode: 0644
  notify: gitea Restart apache2
+
+- name: Create matrix well-known directory
+  file:
+    path: /var/www/opendev.org/.well-known/matrix
+    state: directory
+    owner: root
+    group: root
+    mode: 0775
+    recurse: yes
+
+- name: Copy matrix client config
+  copy:
+    src: matrix-client
+    dest: /var/www/opendev.org/.well-known/matrix/client
+    owner: root
+    group: root
+    mode: 0644
+
+- name: Copy matrix server config
+  copy:
+    src: matrix-server
+    dest: /var/www/opendev.org/.well-known/matrix/server
+    owner: root
+    group: root
+    mode: 0644
--- a/playbooks/roles/gitea/templates/gitea.vhost.j2
+++ b/playbooks/roles/gitea/templates/gitea.vhost.j2
@ -3,6 +3,13 @@ Listen 3081
 <VirtualHost *:3081>
  ServerName {{ inventory_hostname }}
  ServerAdmin infra-root@opendev.org
+  DocumentRoot /var/www/opendev.org
+
+  <Directory /var/www/opendev.org/>
+    Require all granted
+    Order allow,deny
+    Allow from all
+  </Directory>

  AllowEncodedSlashes On

@ -25,9 +32,14 @@ Listen 3081

  SSLProxyEngine on

-  Use UserAgentFilter
+  <Location /.well-known/matrix/client>
+    Header set Access-Control-Allow-Origin "*"
+  </Location>

+  Use UserAgentFilter
+  ProxyPass  /.well-known/ !
  ProxyPass  / https://{{ gitea_reverse_proxy_hostname }}:3000/ retry=0
  ProxyPassReverse / https://{{ gitea_reverse_proxy_hostname }}:3000/

+
 </VirtualHost>
--- a/testinfra/test_gitea.py
+++ b/testinfra/test_gitea.py
@ -38,6 +38,20 @@ def test_robots(host):
                   'https://gitea99.opendev.org:3000/robots.txt')
    assert 'Disallow: /' in cmd.stdout

+def test_matrix_server(host):
+    cmd = host.run('curl --insecure -v '
+                   '--resolve gitea99.opendev.org:3081:127.0.0.1 '
+                   'https://gitea99.opendev.org:3081/.well-known/matrix/server')
+    assert '"m.server": "opendev.ems.host:443"' in cmd.stdout
+    assert 'Access-Control-Allow-Origin' not in cmd.stderr
+
+def test_matrix_client(host):
+    cmd = host.run('curl --insecure -v '
+                   '--resolve gitea99.opendev.org:3081:127.0.0.1 '
+                   'https://gitea99.opendev.org:3081/.well-known/matrix/client')
+    assert '"base_url": "https://opendev.ems.host"' in cmd.stdout
+    assert 'Access-Control-Allow-Origin' in cmd.stderr
+
 def test_proxy(host):
    cmd = host.run('curl --insecure '
                   '--resolve gitea99.opendev.org:3081:127.0.0.1 '