cheshire
/
hscloud
forked from hswaw/hscloud
1
0
Fork 0
Code Pull Requests Activity
hscloud/app/matrix/media-repo-proxy
History
q3k ebe6075556 app/matrix: media repo proxy init 
This implements media-repo-proxy, a lil' bit of Go to make our
infrastructure work with matrix-media-repo's concept of Host headers.

For some reason, MMR really wants Host: hackerspace.pl instead of Host:
matrix.hackerspace.pl. We'd fix that in their code, but with no tests
and with complex config reload logic it looks very daunting. We'd just
fix that in our Ingress, but that's not easy (no per-rule host
overrides).

So, we commit a tiny little itty bitty war crime and implement a piece
of Go code that serves as a rewriter for this.

This works, tested on boston:

    $ curl -H "Host: matrix.hackerspace.pl" 10.10.12.46:8080/_matrix/media/r0/download/hackerspace.pl/EwVBulPgCWDWNGMKjcOKGGbk | file -
    /dev/stdin: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 650x300, components 3

(this address is media-repo.matrix.svc.k0.hswaw.net)

But hey, at least it has tests.

Change-Id: Ib6af1988fe8e112c9f3a5577506b18b48d80af62
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1143
Reviewed-by: q3k <q3k@hackerspace.pl>
 		2021-09-16 18:57:08 +00:00
..
BUILD.bazel app/matrix: media repo proxy init 2021-09-16 18:57:08 +00:00
README.md app/matrix: media repo proxy init 2021-09-16 18:57:08 +00:00
main.go app/matrix: media repo proxy init 2021-09-16 18:57:08 +00:00
main_test.go app/matrix: media repo proxy init 2021-09-16 18:57:08 +00:00

README.md

Matrix-Media-Repository Proxy

This is A Saurceful Of Go that between Matrix Media Repo instances and Ingresses.

It has one job: rewrite Host headers. The reason for this is that matrix-media-repo wants Host: hackerspace.pl (MXID domain) while our traffic comes in with Host: matrix.hackerspace.pl (actual Host at which we serve Matrix).

Alternatives considered

  1. Rewriting this in Nginx Ingress Controller: not easy to do on a per-rule basis, would require some extra ingresses and dumb loopbacks.
  2. Fixing matrix-media-repo: not easy with the assumptions their code makes and with no tests that we can run.

Running

Locally:

$ bazel run //app/matrix/media-repo-proxy -- -downstream_host=matrix.hackerspace.pl -upstream_host=hackerspace.pl -upstream=foo.bar.svc.cluster.local:8080

In prod, should be part of jsonnet infra and be brought up as needed.