From 59ad89cfb46de63e0c5f4f8724e84c3c331f4c56 Mon Sep 17 00:00:00 2001
From: notplants <@notplants>
Date: Mon, 25 May 2026 15:52:16 +0000
Subject: [PATCH] add traefik labels for matrix-federation entrypoint
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Adds a second Traefik router on the web (nginx) service that listens on
the `matrix-federation` entrypoint (host port 8448 via the traefik
recipe's compose.matrix.yml) and uses Host(${SERVER_NAME}).

Lets remote homeservers reach this server's federation/key endpoints via
the standard `<server_name>:8448` fallback when no .well-known or SRV
delegation exists for SERVER_NAME — useful when SERVER_NAME differs from
DOMAIN and no external service serves /.well-known/matrix/server.

Requires MATRIX_FEDERATION_ENABLED=1 on the traefik stack.
---
 compose.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/compose.yml b/compose.yml
index a9209f6..eaab589 100644
--- a/compose.yml
+++ b/compose.yml
@@ -29,6 +29,11 @@ services:
         - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
+        - "traefik.http.routers.${STACK_NAME}-federation.rule=Host(`${SERVER_NAME}`)"
+        - "traefik.http.routers.${STACK_NAME}-federation.entrypoints=matrix-federation"
+        - "traefik.http.routers.${STACK_NAME}-federation.tls=true"
+        - "traefik.http.routers.${STACK_NAME}-federation.tls.certresolver=${LETS_ENCRYPT_ENV}"
+        - "traefik.http.routers.${STACK_NAME}-federation.service=${STACK_NAME}"
     healthcheck:
       test: curl -f http://${STACK_NAME}_app:8008/health || exit 1
       interval: 30s