From b257c7ab199f8c800254764d2ac5d4a9708ceaa2 Mon Sep 17 00:00:00 2001
From: Eric Eastwood <erice@element.io>
Date: Tue, 3 Dec 2024 06:54:25 -0600
Subject: [PATCH] Be able to test `/login/sso/redirect` in Complement (#17986)

Be able to test `/login/sso/redirect` in Complement

Spawning from
https://github.com/element-hq/sbg/pull/421#discussion_r1854926218 where
we have a proxy that intercepts responses to
`/_matrix/client/v3/login/sso/redirect(/{idpId})` in order to upgrade
them to use OAuth 2.0 Pushed Authorization Requests (PAR). We have some
Complement tests in that codebase that go over this flow and these
changes are required [in order for the URL's to line
up](https://github.com/element-hq/synapse/blob/d648c8ce3f4cbf61191b9f5302e405f7b0288677/synapse/rest/client/login.py#L652-L673).
---
 changelog.d/17986.misc                              | 1 +
 docker/complement/conf/workers-shared-extra.yaml.j2 | 1 +
 docker/conf-workers/nginx.conf.j2                   | 2 +-
 scripts-dev/complement.sh                           | 4 ++++
 synapse/config/logger.py                            | 1 +
 5 files changed, 8 insertions(+), 1 deletion(-)
 create mode 100644 changelog.d/17986.misc

diff --git a/changelog.d/17986.misc b/changelog.d/17986.misc
new file mode 100644
index 000000000..c062f3ecd
--- /dev/null
+++ b/changelog.d/17986.misc
@@ -0,0 +1 @@
+Fix Docker and Complement config to be able to use `public_baseurl`.
diff --git a/docker/complement/conf/workers-shared-extra.yaml.j2 b/docker/complement/conf/workers-shared-extra.yaml.j2
index 9a74c617b..c5228af72 100644
--- a/docker/complement/conf/workers-shared-extra.yaml.j2
+++ b/docker/complement/conf/workers-shared-extra.yaml.j2
@@ -7,6 +7,7 @@
 #}
 
 ## Server ##
+public_baseurl: http://127.0.0.1:8008/
 report_stats: False
 trusted_key_servers: []
 enable_registration: true
diff --git a/docker/conf-workers/nginx.conf.j2 b/docker/conf-workers/nginx.conf.j2
index d1e02af72..c3f9b584d 100644
--- a/docker/conf-workers/nginx.conf.j2
+++ b/docker/conf-workers/nginx.conf.j2
@@ -42,6 +42,6 @@ server {
 {% endif %}
         proxy_set_header X-Forwarded-For $remote_addr;
         proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_set_header Host $host;
+        proxy_set_header Host $host:$server_port;
     }
 }
diff --git a/scripts-dev/complement.sh b/scripts-dev/complement.sh
index b6dcb96e2..6be9177f1 100755
--- a/scripts-dev/complement.sh
+++ b/scripts-dev/complement.sh
@@ -195,6 +195,10 @@ if [ -z "$skip_docker_build" ]; then
         # Build the unified Complement image (from the worker Synapse image we just built).
         echo_if_github "::group::Build Docker image: complement/Dockerfile"
         $CONTAINER_RUNTIME build -t complement-synapse \
+            `# This is the tag we end up pushing to the registry (see` \
+            `# .github/workflows/push_complement_image.yml) so let's just label it now` \
+            `# so people can reference it by the same name locally.` \
+            -t ghcr.io/element-hq/synapse/complement-synapse \
             -f "docker/complement/Dockerfile" "docker/complement"
         echo_if_github "::endgroup::"
 
diff --git a/synapse/config/logger.py b/synapse/config/logger.py
index cfc1a5710..e5aca36b7 100644
--- a/synapse/config/logger.py
+++ b/synapse/config/logger.py
@@ -360,5 +360,6 @@ def setup_logging(
         "Licensed under the AGPL 3.0 license. Website: https://github.com/element-hq/synapse"
     )
     logging.info("Server hostname: %s", config.server.server_name)
+    logging.info("Public Base URL: %s", config.server.public_baseurl)
     logging.info("Instance name: %s", hs.get_instance_name())
     logging.info("Twisted reactor: %s", type(reactor).__name__)