diff --git a/docs/configuring-playbook-ngnix.md b/docs/configuring-playbook-ngnix.md new file mode 100644 index 000000000..cc4a64940 --- /dev/null +++ b/docs/configuring-playbook-ngnix.md @@ -0,0 +1,23 @@ +# Configure Ngnix (optional, advanced) + +By default, this playbook installs its own nginx webserver (in a Docker container) which listens on ports 80 and 443. +If that's alright, you can skip this. + + +## Using Ngnix status + +This will serve a statuspage to the hosting machine only. Useful for monitoring software like [longview](https://www.linode.com/docs/platform/longview/longview-app-for-nginx/) + +```yaml +matrix_nginx_proxy_proxy_matrix_nginx_status_enabled: true +``` + +This will serve the status page under ```https://matrix.DOMAIN/nginx_status``` + +By default, if ```matrix_nginx_proxy_nginx_status_enabled``` is enabled, access to the status page would be allowed from the local IP address of the server. If you wish to allow access from other IP addresses, you can provide them as a list: + +```yaml +matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses: +- 8.8.8.8 +- 1.1.1.1 +``` diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 5c0e665aa..e9575c626 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -44,6 +44,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Serving your base domain using this playbook's nginx server](configuring-playbook-base-domain-serving.md) (optional) +- [Configure Ngnix (optional, advanced)](configuring-playbook-ngnix.md) (optional, advanced) + - [Using your own webserver, instead of this playbook's nginx proxy](configuring-playbook-own-webserver.md) (optional, advanced) - [Adjusting TURN server configuration](configuring-playbook-turn.md) (optional, advanced) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index d0fc1f98d..82cc8d5c0 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -152,3 +152,8 @@ matrix_ssl_lets_encrypt_support_email: ~ matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl" matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config" matrix_ssl_log_dir_path: "{{ matrix_ssl_base_path }}/log" + + +# ngnix status page configurations. +matrix_nginx_proxy_proxy_matrix_nginx_status_enabled: false +matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses: ['{{ ansible_default_ipv4.address }}'] diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 index eda0929b8..356c9f3a7 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 @@ -17,6 +17,17 @@ server { {% endif %} } +{% if matrix_nginx_proxy_proxy_matrix_nginx_status_enabled %} + location /nginx_status { + stub_status on; + access_log off; +{% for address in matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses %} + allow {{ address }}; +{% endfor %} + deny all; + } +{% endif %} + location / { return 301 https://$http_host$request_uri; }