From ba30cbc21ea64338a4fd466f43241329b36fc918 Mon Sep 17 00:00:00 2001 From: FarisZR <35614734+FarisZR@users.noreply.github.com> Date: Sat, 17 Feb 2024 16:19:34 +0100 Subject: [PATCH 1/2] add discord-resolver --- .github/workflows/matrix.yml | 2 ++ matrix/docker-compose.yml | 10 ++++++++++ 2 files changed, 12 insertions(+) diff --git a/.github/workflows/matrix.yml b/.github/workflows/matrix.yml index 578bf41..7997685 100644 --- a/.github/workflows/matrix.yml +++ b/.github/workflows/matrix.yml @@ -94,6 +94,7 @@ jobs: MATRIX_SLIDING_SYNC_POSTGRES_PASSWORD: ${{ secrets.MATRIX_SLIDING_SYNC_POSTGRES_PASSWORD }} MATRIX_SLIDING_SYNC_POSTGRES_CONNECTION_STRING: ${{ secrets.MATRIX_SLIDING_SYNC_POSTGRES_CONNECTION_STRING }} MATRIX_SLIDING_SYNC_SECRET: ${{ secrets.MATRIX_SLIDING_SYNC_SECRET }} + MATRIX_DISCORD_RESOLVER_ACCOUNT_TOKEN: ${{ secrets.matrix_discord_resolver_account_token }} run: | sed -i "s|(matrix_postgres_password)|$POSTGRES_PASSWORD|g" $GITHUB_WORKSPACE/matrix/docker-compose.yml sed -i "s|(matrix_telegram_postgres_password)|$MATRIX_TELEGRAM_POSTGRES_PASSWORD|g" $GITHUB_WORKSPACE/matrix/docker-compose.yml @@ -101,6 +102,7 @@ jobs: sed -i "s|(MATRIX_SLIDING_SYNC_POSTGRES_PASSWORD)|$MATRIX_SLIDING_SYNC_POSTGRES_PASSWORD|g" $GITHUB_WORKSPACE/matrix/docker-compose.yml sed -i "s|(MATRIX_SLIDING_SYNC_POSTGRES_CONNECTION_STRING)|$MATRIX_SLIDING_SYNC_POSTGRES_CONNECTION_STRING|g" $GITHUB_WORKSPACE/matrix/docker-compose.yml sed -i "s|(MATRIX_SLIDING_SYNC_SECRET)|$MATRIX_SLIDING_SYNC_SECRET|g" $GITHUB_WORKSPACE/matrix/docker-compose.yml + sed -i "s|(matrix_discord_resolver_account_token)|$MATRIX_DISCORD_RESOLVER_ACCOUNT_TOKEN|g" $GITHUB_WORKSPACE/matrix/docker-compose.yml - name: create file for secrets env: diff --git a/matrix/docker-compose.yml b/matrix/docker-compose.yml index a52ac4b..dfee5c2 100644 --- a/matrix/docker-compose.yml +++ b/matrix/docker-compose.yml @@ -108,6 +108,16 @@ services: volumes: - discord-postgres:/var/lib/postgresql/data:rw +# Discord now requires signed URLs for their CDN, this resolver fetches signed urls using a user token, and redirects the user to it. + discord-resolver: + image: ghcr.io/aosus/discord_cdn:master + # ports: + # - 3000:3000 + environment: + - TOKEN=(matrix_discord_resolver_account_token) + - CACHE=86400 # cache discord links for a day + networks: + - web eturnal: image: ghcr.io/processone/eturnal:edge@sha256:a47da8b6269b6946f154e8d00f44887ebfef9908361afc8348760ab1853b0e7c From 99d452992b78a3d7cf20f9b55bb6114b1512a6c1 Mon Sep 17 00:00:00 2001 From: FarisZR <35614734+FarisZR@users.noreply.github.com> Date: Sat, 17 Feb 2024 16:19:56 +0100 Subject: [PATCH 2/2] use discord-resolver for fetching signed discord CDN URLs --- caddy/configs/matrix.caddyfile | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/caddy/configs/matrix.caddyfile b/caddy/configs/matrix.caddyfile index ee72ece..0c2ae91 100644 --- a/caddy/configs/matrix.caddyfile +++ b/caddy/configs/matrix.caddyfile @@ -1,14 +1,14 @@ matrix.aosus.org { - # proxy direct images from discord CDN instead of uploading (https://docs.mau.fi/bridges/go/discord/direct-media.html) + # redirect image requests to discord CDN instead of uploading with a workaround for signed URL requirement (https://github.com/aosus/infrastructure-meta/issues/5) handle /_matrix/media/*/download/aosus.org/discord_* { header Access-Control-Allow-Origin * # Remove path prefix - uri path_regexp ^/_matrix/media/.+/download/aosus\.org/discord_ / - # The mxc patterns use | instead of /, so replace it first turning it into attachments/1234/5678/filename.png + uri path_regexp ^/_matrix/media/.+/download/aosus\.org/discord_ "/https://cdn.discordapp.com/" + # The mxc patterns use | instead of /, so replace it first turning it into attachments/1234/5678/filename.png, and add "https://cdn.discordapp.com" so discord-resolver could fetch a signed url. uri replace "%7C" / reverse_proxy { # reverse_proxy automatically includes the uri, so no {uri} at the end - to https://cdn.discordapp.com + to discord-resolver:3000 # Caddy doesn't set the Host header automatically when reverse proxying # (because usually reverse proxies are local and don't care about Host headers) header_up Host cdn.discordapp.com @@ -18,10 +18,10 @@ matrix.aosus.org { # Alternatively, you can point this at cdn.discordapp.com too. Clients shouldn't mind even if they get a bigger image than they asked for. handle /_matrix/media/*/thumbnail/aosus.org/discord_* { header Access-Control-Allow-Origin * - uri path_regexp ^/_matrix/media/.+/thumbnail/aosus\.org/discord_ / + uri path_regexp ^/_matrix/media/.+/thumbnail/aosus\.org/discord_ "/https://media.discordapp.net/" uri replace "%7C" / reverse_proxy { - to https://media.discordapp.net + to discord-resolver:3000 header_up Host media.discordapp.net } }