forked from MirrorHub/synapse
Docs: Add Nginx loadbalancing example with sticky mxid for workers (#15411)
* Docs: Add Nginx loadbalancing example with sticky mxid for workers Add example nginx configuration snippet that * does load balancing for workers * respects mxid part of the token * from both url parameter and auth header * and handles since parameter Thanks to @olmari for pushing me to write this and testing the configs Signed-off-by: Tatu Wikman <tatu.wikman@gmail.com> * Add changelog entry Signed-off-by: Tatu Wikman <tatu.wikman@gmail.com> * Update codeblock formatter Co-authored-by: Dirk Klimpel <5740567+dklimpel@users.noreply.github.com> * Remove indirectly related nginx-config Signed-off-by: Sami Olmari <sami@olmari.fi> * Proper definition of action how to target username for worker Signed-off-by: Sami Olmari <sami@olmari.fi> * Change "nginx" to general "reverse proxy" as it's concept now. Signed-off-by: Sami Olmari <sami@olmari.fi> * Wording in better English Co-authored-by: Tatu Wikman <tatu.wikman@gmail.com> * rename changelog entry to have correct extension --------- Signed-off-by: Tatu Wikman <tatu.wikman@gmail.com> Signed-off-by: Sami Olmari <sami@olmari.fi> Co-authored-by: Dirk Klimpel <5740567+dklimpel@users.noreply.github.com> Co-authored-by: Sami Olmari <sami@olmari.fi> Co-authored-by: Sami Olmari <sami+github@olmari.fi>
This commit is contained in:
parent
301b4156d5
commit
3e95c19911
2 changed files with 65 additions and 2 deletions
1
changelog.d/15411.doc
Normal file
1
changelog.d/15411.doc
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Docs: Add Nginx loadbalancing example with sticky mxid for workers.
|
|
@ -325,8 +325,7 @@ load balancing can be done in different ways.
|
||||||
|
|
||||||
For `/sync` and `/initialSync` requests it will be more efficient if all
|
For `/sync` and `/initialSync` requests it will be more efficient if all
|
||||||
requests from a particular user are routed to a single instance. This can
|
requests from a particular user are routed to a single instance. This can
|
||||||
be done e.g. in nginx via IP `hash $http_x_forwarded_for;` or via
|
be done in reverse proxy by extracting username part from the users access token.
|
||||||
`hash $http_authorization consistent;` which contains the users access token.
|
|
||||||
|
|
||||||
Admins may additionally wish to separate out `/sync`
|
Admins may additionally wish to separate out `/sync`
|
||||||
requests that have a `since` query parameter from those that don't (and
|
requests that have a `since` query parameter from those that don't (and
|
||||||
|
@ -335,6 +334,69 @@ when a user logs in on a new device and can be *very* resource intensive, so
|
||||||
isolating these requests will stop them from interfering with other users ongoing
|
isolating these requests will stop them from interfering with other users ongoing
|
||||||
syncs.
|
syncs.
|
||||||
|
|
||||||
|
Example `nginx` configuration snippet that handles the cases above. This is just an
|
||||||
|
example and probably requires some changes according to your particular setup:
|
||||||
|
|
||||||
|
```nginx
|
||||||
|
# Choose sync worker based on the existence of "since" query parameter
|
||||||
|
map $arg_since $sync {
|
||||||
|
default synapse_sync;
|
||||||
|
'' synapse_initial_sync;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Extract username from access token passed as URL parameter
|
||||||
|
map $arg_access_token $accesstoken_from_urlparam {
|
||||||
|
# Defaults to just passing back the whole accesstoken
|
||||||
|
default $arg_access_token;
|
||||||
|
# Try to extract username part from accesstoken URL parameter
|
||||||
|
"~syt_(?<username>.*?)_.*" $username;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Extract username from access token passed as authorization header
|
||||||
|
map $http_authorization $mxid_localpart {
|
||||||
|
# Defaults to just passing back the whole accesstoken
|
||||||
|
default $http_authorization;
|
||||||
|
# Try to extract username part from accesstoken header
|
||||||
|
"~Bearer syt_(?<username>.*?)_.*" $username;
|
||||||
|
# if no authorization-header exist, try mapper for URL parameter "access_token"
|
||||||
|
"" $accesstoken_from_urlparam;
|
||||||
|
}
|
||||||
|
|
||||||
|
upstream synapse_initial_sync {
|
||||||
|
# Use the username mapper result for hash key
|
||||||
|
hash $mxid_localpart consistent;
|
||||||
|
server 127.0.0.1:8016;
|
||||||
|
server 127.0.0.1:8036;
|
||||||
|
}
|
||||||
|
|
||||||
|
upstream synapse_sync {
|
||||||
|
# Use the username mapper result for hash key
|
||||||
|
hash $mxid_localpart consistent;
|
||||||
|
server 127.0.0.1:8013;
|
||||||
|
server 127.0.0.1:8037;
|
||||||
|
server 127.0.0.1:8038;
|
||||||
|
server 127.0.0.1:8039;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Sync initial/normal
|
||||||
|
location ~ ^/_matrix/client/(r0|v3)/sync$ {
|
||||||
|
proxy_pass http://$sync;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Normal sync
|
||||||
|
location ~ ^/_matrix/client/(api/v1|r0|v3)/events$ {
|
||||||
|
proxy_pass http://synapse_sync;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Initial_sync
|
||||||
|
location ~ ^/_matrix/client/(api/v1|r0|v3)/initialSync$ {
|
||||||
|
proxy_pass http://synapse_initial_sync;
|
||||||
|
}
|
||||||
|
location ~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$ {
|
||||||
|
proxy_pass http://synapse_initial_sync;
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
Federation and client requests can be balanced via simple round robin.
|
Federation and client requests can be balanced via simple round robin.
|
||||||
|
|
||||||
The inbound federation transaction request `^/_matrix/federation/v1/send/`
|
The inbound federation transaction request `^/_matrix/federation/v1/send/`
|
||||||
|
|
Loading…
Reference in a new issue