mirrors/dendrite
1
0
Fork 0
mirror of https://github.com/matrix-org/dendrite.git synced 2026-01-01 11:13:12 -06:00
Code Issues Packages Projects Releases Wiki Activity
dendrite/build/docker
History
Alexander Wuerstlein fa1676f4f0 documentation improvements for docker setup 
Mention the need to disable the external NATS server or start it.

Describe how dendrite can be proxied and what might break there.

Signed-off-by: Alexander Wuerstlein <arw@arw.name>
2022-04-17 21:13:06 +02:00
..
config Add presence module V2 (#2312) 2022-04-06 13:11:19 +02:00
postgres Remove references to userapi_devices (fixes #2259) 2022-03-09 16:38:50 +00:00
DendriteJS.Dockerfile Fix DendriteJS dockerfile 2022-02-08 16:18:16 +00:00
docker-compose.monolith.yml Add NATS JetStream support (#1866) 2022-01-05 17:44:49 +00:00
docker-compose.polylith.yml Remove eduserver (#2306) 2022-03-29 14:14:35 +02:00
Dockerfile.monolith Upload Docker images for releases to both Docker Hub and GitHub Container Registry (#2299) 2022-03-24 15:22:06 +00:00
Dockerfile.polylith Upload Docker images for releases to both Docker Hub and GitHub Container Registry (#2299) 2022-03-24 15:22:06 +00:00
images-build.sh Update GHA Docker Hub builds 2021-01-18 12:24:23 +00:00
images-pull.sh Multi-personality polylith binary (#1552) 2020-10-20 16:11:24 +01:00
images-push.sh Multi-personality polylith binary (#1552) 2020-10-20 16:11:24 +01:00
README.md documentation improvements for docker setup 2022-04-17 21:13:06 +02:00

README.md

Docker images

These are Docker images for Dendrite!

They can be found on Docker Hub:

Dockerfiles

The Dockerfile builds the base image which contains all of the Dendrite components. The Dockerfile.component file takes the given component, as specified with --buildarg component= from the base image and produce smaller component-specific images, which are substantially smaller and do not contain the Go toolchain etc.

Compose files

There are three sample docker-compose files:

  • docker-compose.monolith.yml which runs a monolith Dendrite deployment
  • docker-compose.polylith.yml which runs a polylith Dendrite deployment

Configuration

The docker-compose files refer to the /etc/dendrite volume as where the runtime config should come from. The mounted folder must contain:

  • dendrite.yaml configuration file (from the Docker config folder sample in the build/docker/config folder of this repository.)
  • matrix_key.pem server key, as generated using cmd/generate-keys
  • server.crt certificate file
  • server.key private key file for the above certificate

To generate keys:

docker run --rm --entrypoint="" \
  -v $(pwd):/mnt \
  matrixdotorg/dendrite-monolith:latest \
  /usr/bin/generate-keys \
  -private-key /mnt/matrix_key.pem \
  -tls-cert /mnt/server.crt \
  -tls-key /mnt/server.key

The key files will now exist in your current working directory, and can be mounted into place.

Starting Dendrite as a monolith deployment

Create your config based on the dendrite.yaml configuration file in the build/docker/config folder of this repository.

If you intend to run a separate NATS server, start it now. Otherwise make sure that [dendrite.yaml] is configured to use the in-process NATS server.

Then start the deployment:

docker-compose -f docker-compose.monolith.yml up

Starting Dendrite as a polylith deployment

Create your config based on the dendrite-config.yaml configuration file in the build/docker/config folder of this repository.

Then start the deployment:

docker-compose -f docker-compose.polylith.yml up

Building the images

The build/docker/images-build.sh script will build the base image, followed by all of the component images.

The build/docker/images-push.sh script will push them to Docker Hub (subject to permissions).

If you wish to build and push your own images, rename matrixdotorg/dendrite to the name of another Docker Hub repository in images-build.sh and images-push.sh.

Proxying dendrite

Container deployments do often use a proxying webserver e.g. to implement various vhosts such as example.com, www.example.com, images.example.com and matrix.example.com on the same IP address. It is possible to use dendrite in such a setup.

If you intend to use a webserver such as Apache as a frontend proxy, make sure that it does not canonicalize URLs. Otherwise chats might fail because signatures on federated requests will not match (see https://github.com/matrix-org/synapse/issues/3294 ). An example vhost configuration might look as follows:

<VirtualHost matrix.example.com:443>
        ServerName matrix.example.com

        SSLEngine on
        SSLCertificateFile      /etc/ssl/matrix.example.com/cert.pem
        SSLCertificateKeyFile   /etc/ssl/matrix.example.com/privkey.pem
        SSLCertificateChainFile /etc/ssl/matrix.example.com/chain.pem

        # Container uses a unique non-signed certificate. 
        SSLProxyEngine On
        SSLProxyVerify None
        SSLProxyCheckPeerCN Off
        SSLProxyCheckPeerName Off

        SetEnvIf Host "^(.*)$" THE_HOST=$1
        RequestHeader setifempty X-Forwarded-Proto https
        RequestHeader setifempty X-Forwarded-Host %{THE_HOST}e
        ProxyAddHeaders Off

        ProxyPass           / https://127.0.0.1:8448/ nocanon
        ProxyPassReverse    / https://127.0.0.1:8448/
</VirtualHost>

The certificates specified need to at least be valid for matrix.example.com (or whatever your homeserver hostname/vhost should be).