From 2a697f8ecdc0bb77c20ced5f4d57fda08daf3272 Mon Sep 17 00:00:00 2001 From: "James E. Blair" Date: Fri, 20 Aug 2021 14:28:57 -0700 Subject: [PATCH] Serve matrix well-known files from apache So that we can set the CORS header Change-Id: I49eab2bda9a6b636a30384f7590c765079d31b20 --- playbooks/roles/gitea/files/matrix-client | 8 ++++++ playbooks/roles/gitea/files/matrix-server | 3 +++ playbooks/roles/gitea/tasks/proxy.yaml | 25 +++++++++++++++++++ .../roles/gitea/templates/gitea.vhost.j2 | 14 ++++++++++- testinfra/test_gitea.py | 14 +++++++++++ 5 files changed, 63 insertions(+), 1 deletion(-) create mode 100644 playbooks/roles/gitea/files/matrix-client create mode 100644 playbooks/roles/gitea/files/matrix-server diff --git a/playbooks/roles/gitea/files/matrix-client b/playbooks/roles/gitea/files/matrix-client new file mode 100644 index 0000000000..a720714315 --- /dev/null +++ b/playbooks/roles/gitea/files/matrix-client @@ -0,0 +1,8 @@ +{ + "m.homeserver": { + "base_url": "https://opendev.ems.host" + }, + "m.identity_server": { + "base_url": "https://vector.im" + } +} diff --git a/playbooks/roles/gitea/files/matrix-server b/playbooks/roles/gitea/files/matrix-server new file mode 100644 index 0000000000..43d9a9de04 --- /dev/null +++ b/playbooks/roles/gitea/files/matrix-server @@ -0,0 +1,3 @@ +{ + "m.server": "opendev.ems.host:443" +} diff --git a/playbooks/roles/gitea/tasks/proxy.yaml b/playbooks/roles/gitea/tasks/proxy.yaml index a1268929ce..cfe1fa7baa 100644 --- a/playbooks/roles/gitea/tasks/proxy.yaml +++ b/playbooks/roles/gitea/tasks/proxy.yaml @@ -33,3 +33,28 @@ group: root mode: 0644 notify: gitea Restart apache2 + +- name: Create matrix well-known directory + file: + path: /var/www/opendev.org/.well-known/matrix + state: directory + owner: root + group: root + mode: 0775 + recurse: yes + +- name: Copy matrix client config + copy: + src: matrix-client + dest: /var/www/opendev.org/.well-known/matrix/client + owner: root + group: root + mode: 0644 + +- name: Copy matrix server config + copy: + src: matrix-server + dest: /var/www/opendev.org/.well-known/matrix/server + owner: root + group: root + mode: 0644 diff --git a/playbooks/roles/gitea/templates/gitea.vhost.j2 b/playbooks/roles/gitea/templates/gitea.vhost.j2 index d65b10e654..589b55e5d1 100644 --- a/playbooks/roles/gitea/templates/gitea.vhost.j2 +++ b/playbooks/roles/gitea/templates/gitea.vhost.j2 @@ -3,6 +3,13 @@ Listen 3081 ServerName {{ inventory_hostname }} ServerAdmin infra-root@opendev.org + DocumentRoot /var/www/opendev.org + + + Require all granted + Order allow,deny + Allow from all + AllowEncodedSlashes On @@ -25,9 +32,14 @@ Listen 3081 SSLProxyEngine on - Use UserAgentFilter + + Header set Access-Control-Allow-Origin "*" + + Use UserAgentFilter + ProxyPass /.well-known/ ! ProxyPass / https://{{ gitea_reverse_proxy_hostname }}:3000/ retry=0 ProxyPassReverse / https://{{ gitea_reverse_proxy_hostname }}:3000/ + diff --git a/testinfra/test_gitea.py b/testinfra/test_gitea.py index d05bc9981d..cd7b4b7428 100644 --- a/testinfra/test_gitea.py +++ b/testinfra/test_gitea.py @@ -38,6 +38,20 @@ def test_robots(host): 'https://gitea99.opendev.org:3000/robots.txt') assert 'Disallow: /' in cmd.stdout +def test_matrix_server(host): + cmd = host.run('curl --insecure -v ' + '--resolve gitea99.opendev.org:3081:127.0.0.1 ' + 'https://gitea99.opendev.org:3081/.well-known/matrix/server') + assert '"m.server": "opendev.ems.host:443"' in cmd.stdout + assert 'Access-Control-Allow-Origin' not in cmd.stderr + +def test_matrix_client(host): + cmd = host.run('curl --insecure -v ' + '--resolve gitea99.opendev.org:3081:127.0.0.1 ' + 'https://gitea99.opendev.org:3081/.well-known/matrix/client') + assert '"base_url": "https://opendev.ems.host"' in cmd.stdout + assert 'Access-Control-Allow-Origin' in cmd.stderr + def test_proxy(host): cmd = host.run('curl --insecure ' '--resolve gitea99.opendev.org:3081:127.0.0.1 '