diff --git a/DEPLOY.md b/DEPLOY.md index 85f3f07b..b058418d 100644 --- a/DEPLOY.md +++ b/DEPLOY.md @@ -44,7 +44,7 @@ This also allows you to make sure that the file permissions are correctly set up In Debian you can use this command to create a Conduit user: -``` +```bash sudo adduser --system conduit --no-create-home ``` @@ -131,13 +131,13 @@ address = "127.0.0.1" # This makes sure Conduit can only be reached using the re As we are using a Conduit specific user we need to allow it to read the config. To do that you can run this command on Debian: -``` +```bash sudo chown -R conduit:nogroup /etc/matrix-conduit ``` If you use the default database path you also need to run this: -``` +```bash sudo mkdir -p /var/lib/matrix-conduit/conduit_db sudo chown -R conduit:nogroup /var/lib/matrix-conduit/conduit_db ``` @@ -151,7 +151,7 @@ This depends on whether you use Apache, Nginx or another web server. Create `/etc/apache2/sites-enabled/050-conduit.conf` and copy-and-paste this: -``` +```apache Listen 8448 @@ -180,7 +180,7 @@ $ sudo systemctl reload apache2 If you use Nginx and not Apache, add the following server section inside the http section of `/etc/nginx/nginx.conf` -``` +```nginx server { listen 443 ssl http2; listen [::]:443 ssl http2; diff --git a/README.md b/README.md index fde762ca..836f9c6d 100644 --- a/README.md +++ b/README.md @@ -80,7 +80,7 @@ Pull and run the docker image with ``` bash docker pull matrixconduit/matrix-conduit:latest -docker run -d -p 8448:8000 -v ~/conduit.toml:/srv/conduit/conduit.toml -v db:/srv/conduit/.local/share/conduit matrixconduit/matrix-conduit:latest +docker run -d -p 8448:6167 -v ~/conduit.toml:/srv/conduit/conduit.toml -v db:/srv/conduit/.local/share/conduit matrixconduit/matrix-conduit:latest ``` > Note: You also need to supply a `conduit.toml` config file, you can find an example [here](./conduit-example.toml). diff --git a/docker/README.md b/docker/README.md index 499d1adb..0e834820 100644 --- a/docker/README.md +++ b/docker/README.md @@ -40,18 +40,27 @@ which also will tag the resulting image as `matrixconduit/matrix-conduit:latest` After building the image you can simply run it with ``` bash -docker run -d -p 8448:8000 -v ~/conduit.toml:/srv/conduit/conduit.toml -v db:/srv/conduit/.local/share/conduit matrixconduit/matrix-conduit:latest +docker run -d -p 8448:6167 -v ~/conduit.toml:/srv/conduit/conduit.toml -v db:/srv/conduit/.local/share/conduit matrixconduit/matrix-conduit:latest ``` -For detached mode, you also need to use the `-d` flag. You also need to supply a `conduit.toml` config file, you can find an example [here](../conduit-example.toml). +or you can skip the build step and pull the image from one of the following registries: + +| Registry | Image | Size | +| --------------- | ------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------- | +| Docker Hub | [matrixconduit/matrix-conduit:latest](https://hub.docker.com/r/matrixconduit/matrix-conduit) | ![Image Size](https://img.shields.io/docker/image-size/matrixconduit/matrix-conduit/latest) | +| GitLab Registry | [registry.gitlab.com/famedly/conduit/conduit:latest](https://gitlab.com/famedly/conduit/container_registry/2134341) | ![Image Size](https://img.shields.io/docker/image-size/matrixconduit/matrix-conduit/latest) | + +The `-d` flag lets the container run in detached mode. You now need to supply a `conduit.toml` config file, an example can be found [here](../conduit-example.toml). You can pass in different env vars to change config values on the fly. You can even configure Conduit completely by using env vars, but for that you need -too pass `-e CONDUIT_CONFIG=""` into your container. For an overview of possible values, please take a look at the `docker-compose.yml` file. +to pass `-e CONDUIT_CONFIG=""` into your container. For an overview of possible values, please take a look at the `docker-compose.yml` file. + If you just want to test Conduit for a short time, you can use the `--rm` flag, which will clean up everything related to your container after you stop it. ## Docker-compose -If the docker command is not for you or your setup, you can also use one of the provided `docker-compose` files. Depending on your proxy setup, use the [`docker-compose.traefik.yml`](docker-compose.traefik.yml) including [`docker-compose.override.traefik.yml`](docker-compose.override.traefik.yml) or the normal [`docker-compose.yml`](../docker-compose.yml) for every other reverse proxy. +If the docker command is not for you or your setup, you can also use one of the provided `docker-compose` files. Depending on your proxy setup, use the [`docker-compose.traefik.yml`](docker-compose.traefik.yml) and [`docker-compose.override.traefik.yml`](docker-compose.override.traefik.yml) for Traefik (don't forget to remove `.traefik` from the filenames) or the normal [`docker-compose.yml`](../docker-compose.yml) for every other reverse proxy. Additional info about deploying +Conduit can be found [here](../DEPLOY.md). ### Build @@ -67,8 +76,57 @@ This will also start the container right afterwards, so if want it to run in det ### Run -If you already have built the image, you can just start the container and everything else in the compose file in detached mode with: +If you already have built the image or want to use one from the registries, you can just start the container and everything else in the compose file in detached mode with: ``` bash docker-compose up -d ``` + +> **Note:** Don't forget to modify and adjust the compose file to your needs. + +### Use Traefik as Proxy + +As a container user, you probably know about Traefik. It is a easy to use reverse proxy for making containerized app and services available through the web. With the +two provided files, [`docker-compose.traefik.yml`](docker-compose.traefik.yml) and [`docker-compose.override.traefik.yml`](docker-compose.override.traefik.yml), it is +equally easy to deploy and use Conduit, with a little caveat. If you already took a look at the files, then you should have seen the `well-known` service, and that is +the little caveat. Traefik is simply a proxy and loadbalancer and is not able to serve any kind of content, but for Conduit to federate, we need to either expose ports +`443` and `8448` or serve two endpoints `.well-known/matrix/client` and `.well-known/matrix/server`. + +With the service `well-known` we use a single `nginx` container that will serve those two files. + +So...step by step: + +1. Copy [`docker-compose.traefik.yml`](docker-compose.traefik.yml) and [`docker-compose.override.traefik.yml`](docker-compose.override.traefik.yml) from the repository and remove `.traefik` from the filenames. +2. Open both files and modify/adjust them to your needs. Meaning, change the `CONDUIT_SERVER_NAME` and the volume host mappings according to your needs. +3. Create the `conduit.toml` config file, an example can be found [here](../conduit-example.toml), or set `CONDUIT_CONFIG=""` and configure Conduit per env vars. +4. Uncomment the `element-web` service if you want to host your own Element Web Client and create a `element_config.json`. +5. Create the files needed by the `well-known` service. + - `./nginx/matrix.conf` (relative to the compose file, you can change this, but then also need to change the volume mapping) + ```nginx + server { + server_name .; + listen 80 default_server; + + location /.well-known/matrix/ { + root /var/www; + default_type application/json; + add_header Access-Control-Allow-Origin *; + } + } + ``` + - `./nginx/www/.well-known/matrix/client` (relative to the compose file, you can change this, but then also need to change the volume mapping) + ```json + { + "m.homeserver": { + "base_url": "https://." + } + } + ``` + - `./nginx/www/.well-known/matrix/server` (relative to the compose file, you can change this, but then also need to change the volume mapping) + ```json + { + "m.server": ".:443" + } + ``` +6. Run `docker-compose up -d` +7. Connect to your homeserver with your preferred client and create a user. You should do this immediatly after starting Conduit, because the first created user is the admin. diff --git a/docker/docker-compose.override.traefik.yml b/docker/docker-compose.override.traefik.yml index 2096d792..56333483 100644 --- a/docker/docker-compose.override.traefik.yml +++ b/docker/docker-compose.override.traefik.yml @@ -10,6 +10,29 @@ services: - "traefik.http.routers.to-conduit.rule=Host(`.`)" # Change to the address on which Conduit is hosted - "traefik.http.routers.to-conduit.tls=true" - "traefik.http.routers.to-conduit.tls.certresolver=letsencrypt" + - "traefik.http.routers.to-conduit.middlewares=cors-headers@docker" + + - "traefik.http.middlewares.cors-headers.headers.accessControlAllowOrigin=*" + - "traefik.http.middlewares.cors-headers.headers.accessControlAllowHeaders=Origin, X-Requested-With, Content-Type, Accept, Authorization" + - "traefik.http.middlewares.cors-headers.headers.accessControlAllowMethods=GET, POST, PUT, DELETE, OPTIONS" + + # We need some way to server the client and server .well-known json. The simplest way is to use a nginx container + # to serve those two as static files. If you want to use a different way, delete or comment the below service, here + # and in the docker-compose file. + well-known: + labels: + - "traefik.enable=true" + - "traefik.docker.network=proxy" + + - "traefik.http.routers.to-matrix-wellknown.rule=Host(`.`) && PathPrefix(`/.well-known/matrix`)" + - "traefik.http.routers.to-matrix-wellknown.tls=true" + - "traefik.http.routers.to-matrix-wellknown.tls.certresolver=letsencrypt" + - "traefik.http.routers.to-matrix-wellknown.middlewares=cors-headers@docker" + + - "traefik.http.middlewares.cors-headers.headers.accessControlAllowOrigin=*" + - "traefik.http.middlewares.cors-headers.headers.accessControlAllowHeaders=Origin, X-Requested-With, Content-Type, Accept, Authorization" + - "traefik.http.middlewares.cors-headers.headers.accessControlAllowMethods=GET, POST, PUT, DELETE, OPTIONS" + ### Uncomment this if you uncommented Element-Web App in the docker-compose.yml # element-web: diff --git a/docker/docker-compose.traefik.yml b/docker/docker-compose.traefik.yml index 58fa3ed8..c2c024a6 100644 --- a/docker/docker-compose.traefik.yml +++ b/docker/docker-compose.traefik.yml @@ -41,6 +41,16 @@ services: # CONDUIT_WORKERS: 10 # CONDUIT_MAX_REQUEST_SIZE: 20_000_000 # in bytes, ~20 MB + # We need some way to server the client and server .well-known json. The simplest way is to use a nginx container + # to serve those two as static files. If you want to use a different way, delete or comment the below service, here + # and in the docker-compose override file. + well-known: + image: nginx:latest + restart: unless-stopped + volumes: + - ./nginx/matrix.conf:/etc/nginx/conf.d/matrix.conf # the config to serve the .well-known/matrix files + - ./nginx/www:/var/www/ # location of the client and server .well-known-files + ### Uncomment if you want to use your own Element-Web App. ### Note: You need to provide a config.json for Element and you also need a second ### Domain or Subdomain for the communication between Element and Conduit