deploy: 3e95c19911
This commit is contained in:
parent
e6c5b3479a
commit
e422e054d4
|
@ -10850,14 +10850,73 @@ may wish to run multiple groups of workers handling different endpoints so that
|
||||||
load balancing can be done in different ways.</p>
|
load balancing can be done in different ways.</p>
|
||||||
<p>For <code>/sync</code> and <code>/initialSync</code> requests it will be more efficient if all
|
<p>For <code>/sync</code> and <code>/initialSync</code> requests it will be more efficient if all
|
||||||
requests from a particular user are routed to a single instance. This can
|
requests from a particular user are routed to a single instance. This can
|
||||||
be done e.g. in nginx via IP <code>hash $http_x_forwarded_for;</code> or via
|
be done in reverse proxy by extracting username part from the users access token.</p>
|
||||||
<code>hash $http_authorization consistent;</code> which contains the users access token.</p>
|
|
||||||
<p>Admins may additionally wish to separate out <code>/sync</code>
|
<p>Admins may additionally wish to separate out <code>/sync</code>
|
||||||
requests that have a <code>since</code> query parameter from those that don't (and
|
requests that have a <code>since</code> query parameter from those that don't (and
|
||||||
<code>/initialSync</code>), as requests that don't are known as "initial sync" that happens
|
<code>/initialSync</code>), as requests that don't are known as "initial sync" that happens
|
||||||
when a user logs in on a new device and can be <em>very</em> resource intensive, so
|
when a user logs in on a new device and can be <em>very</em> resource intensive, so
|
||||||
isolating these requests will stop them from interfering with other users ongoing
|
isolating these requests will stop them from interfering with other users ongoing
|
||||||
syncs.</p>
|
syncs.</p>
|
||||||
|
<p>Example <code>nginx</code> configuration snippet that handles the cases above. This is just an
|
||||||
|
example and probably requires some changes according to your particular setup:</p>
|
||||||
|
<pre><code class="language-nginx"># Choose sync worker based on the existence of "since" query parameter
|
||||||
|
map $arg_since $sync {
|
||||||
|
default synapse_sync;
|
||||||
|
'' synapse_initial_sync;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Extract username from access token passed as URL parameter
|
||||||
|
map $arg_access_token $accesstoken_from_urlparam {
|
||||||
|
# Defaults to just passing back the whole accesstoken
|
||||||
|
default $arg_access_token;
|
||||||
|
# Try to extract username part from accesstoken URL parameter
|
||||||
|
"~syt_(?<username>.*?)_.*" $username;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Extract username from access token passed as authorization header
|
||||||
|
map $http_authorization $mxid_localpart {
|
||||||
|
# Defaults to just passing back the whole accesstoken
|
||||||
|
default $http_authorization;
|
||||||
|
# Try to extract username part from accesstoken header
|
||||||
|
"~Bearer syt_(?<username>.*?)_.*" $username;
|
||||||
|
# if no authorization-header exist, try mapper for URL parameter "access_token"
|
||||||
|
"" $accesstoken_from_urlparam;
|
||||||
|
}
|
||||||
|
|
||||||
|
upstream synapse_initial_sync {
|
||||||
|
# Use the username mapper result for hash key
|
||||||
|
hash $mxid_localpart consistent;
|
||||||
|
server 127.0.0.1:8016;
|
||||||
|
server 127.0.0.1:8036;
|
||||||
|
}
|
||||||
|
|
||||||
|
upstream synapse_sync {
|
||||||
|
# Use the username mapper result for hash key
|
||||||
|
hash $mxid_localpart consistent;
|
||||||
|
server 127.0.0.1:8013;
|
||||||
|
server 127.0.0.1:8037;
|
||||||
|
server 127.0.0.1:8038;
|
||||||
|
server 127.0.0.1:8039;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Sync initial/normal
|
||||||
|
location ~ ^/_matrix/client/(r0|v3)/sync$ {
|
||||||
|
proxy_pass http://$sync;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Normal sync
|
||||||
|
location ~ ^/_matrix/client/(api/v1|r0|v3)/events$ {
|
||||||
|
proxy_pass http://synapse_sync;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Initial_sync
|
||||||
|
location ~ ^/_matrix/client/(api/v1|r0|v3)/initialSync$ {
|
||||||
|
proxy_pass http://synapse_initial_sync;
|
||||||
|
}
|
||||||
|
location ~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$ {
|
||||||
|
proxy_pass http://synapse_initial_sync;
|
||||||
|
}
|
||||||
|
</code></pre>
|
||||||
<p>Federation and client requests can be balanced via simple round robin.</p>
|
<p>Federation and client requests can be balanced via simple round robin.</p>
|
||||||
<p>The inbound federation transaction request <code>^/_matrix/federation/v1/send/</code>
|
<p>The inbound federation transaction request <code>^/_matrix/federation/v1/send/</code>
|
||||||
should be balanced by source IP so that transactions from the same remote server
|
should be balanced by source IP so that transactions from the same remote server
|
||||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -435,14 +435,73 @@ may wish to run multiple groups of workers handling different endpoints so that
|
||||||
load balancing can be done in different ways.</p>
|
load balancing can be done in different ways.</p>
|
||||||
<p>For <code>/sync</code> and <code>/initialSync</code> requests it will be more efficient if all
|
<p>For <code>/sync</code> and <code>/initialSync</code> requests it will be more efficient if all
|
||||||
requests from a particular user are routed to a single instance. This can
|
requests from a particular user are routed to a single instance. This can
|
||||||
be done e.g. in nginx via IP <code>hash $http_x_forwarded_for;</code> or via
|
be done in reverse proxy by extracting username part from the users access token.</p>
|
||||||
<code>hash $http_authorization consistent;</code> which contains the users access token.</p>
|
|
||||||
<p>Admins may additionally wish to separate out <code>/sync</code>
|
<p>Admins may additionally wish to separate out <code>/sync</code>
|
||||||
requests that have a <code>since</code> query parameter from those that don't (and
|
requests that have a <code>since</code> query parameter from those that don't (and
|
||||||
<code>/initialSync</code>), as requests that don't are known as "initial sync" that happens
|
<code>/initialSync</code>), as requests that don't are known as "initial sync" that happens
|
||||||
when a user logs in on a new device and can be <em>very</em> resource intensive, so
|
when a user logs in on a new device and can be <em>very</em> resource intensive, so
|
||||||
isolating these requests will stop them from interfering with other users ongoing
|
isolating these requests will stop them from interfering with other users ongoing
|
||||||
syncs.</p>
|
syncs.</p>
|
||||||
|
<p>Example <code>nginx</code> configuration snippet that handles the cases above. This is just an
|
||||||
|
example and probably requires some changes according to your particular setup:</p>
|
||||||
|
<pre><code class="language-nginx"># Choose sync worker based on the existence of "since" query parameter
|
||||||
|
map $arg_since $sync {
|
||||||
|
default synapse_sync;
|
||||||
|
'' synapse_initial_sync;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Extract username from access token passed as URL parameter
|
||||||
|
map $arg_access_token $accesstoken_from_urlparam {
|
||||||
|
# Defaults to just passing back the whole accesstoken
|
||||||
|
default $arg_access_token;
|
||||||
|
# Try to extract username part from accesstoken URL parameter
|
||||||
|
"~syt_(?<username>.*?)_.*" $username;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Extract username from access token passed as authorization header
|
||||||
|
map $http_authorization $mxid_localpart {
|
||||||
|
# Defaults to just passing back the whole accesstoken
|
||||||
|
default $http_authorization;
|
||||||
|
# Try to extract username part from accesstoken header
|
||||||
|
"~Bearer syt_(?<username>.*?)_.*" $username;
|
||||||
|
# if no authorization-header exist, try mapper for URL parameter "access_token"
|
||||||
|
"" $accesstoken_from_urlparam;
|
||||||
|
}
|
||||||
|
|
||||||
|
upstream synapse_initial_sync {
|
||||||
|
# Use the username mapper result for hash key
|
||||||
|
hash $mxid_localpart consistent;
|
||||||
|
server 127.0.0.1:8016;
|
||||||
|
server 127.0.0.1:8036;
|
||||||
|
}
|
||||||
|
|
||||||
|
upstream synapse_sync {
|
||||||
|
# Use the username mapper result for hash key
|
||||||
|
hash $mxid_localpart consistent;
|
||||||
|
server 127.0.0.1:8013;
|
||||||
|
server 127.0.0.1:8037;
|
||||||
|
server 127.0.0.1:8038;
|
||||||
|
server 127.0.0.1:8039;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Sync initial/normal
|
||||||
|
location ~ ^/_matrix/client/(r0|v3)/sync$ {
|
||||||
|
proxy_pass http://$sync;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Normal sync
|
||||||
|
location ~ ^/_matrix/client/(api/v1|r0|v3)/events$ {
|
||||||
|
proxy_pass http://synapse_sync;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Initial_sync
|
||||||
|
location ~ ^/_matrix/client/(api/v1|r0|v3)/initialSync$ {
|
||||||
|
proxy_pass http://synapse_initial_sync;
|
||||||
|
}
|
||||||
|
location ~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$ {
|
||||||
|
proxy_pass http://synapse_initial_sync;
|
||||||
|
}
|
||||||
|
</code></pre>
|
||||||
<p>Federation and client requests can be balanced via simple round robin.</p>
|
<p>Federation and client requests can be balanced via simple round robin.</p>
|
||||||
<p>The inbound federation transaction request <code>^/_matrix/federation/v1/send/</code>
|
<p>The inbound federation transaction request <code>^/_matrix/federation/v1/send/</code>
|
||||||
should be balanced by source IP so that transactions from the same remote server
|
should be balanced by source IP so that transactions from the same remote server
|
||||||
|
|
Loading…
Reference in New Issue