Sample caddyfile for synapse and mas

[ghostklart]

Describe the bug
Directly adding directives to caddyfile does not work.

To Reproduce
Steps to reproduce the behavior:

1. Setup MAS and Synapse
2. Add new directives to caddyfile
3. Restart caddy
4. Authentication and redirection does not work with 404

Expected behavior
For example, element web logs in successfully.

Additional context
Caddyfile

matrix.{$INTERNALDOMAIN} {

	# special headers say
	import matrix-synapse yes

	#redir / /_matrix/static
	
	reverse_proxy /_matrix/* synapse-server:8008

        # mas
        reverse_proxy /_matrix/client/*/login synapse-auth:8080
        reverse_proxy /_matrix/client/*/logout synapse-auth:8080
        reverse_proxy /_matrix/client/*/refresh synapse-auth:8080

	# protected admin endpoint
        redir /_synapse/admin /_synapse/admin/
	handle_path /_synapse/admin/* {
		reverse_proxy synapse-server:8008
		import internal-access yes
	}

	# # # add sliding sync for element x
	reverse_proxy /sliding-sync/* sliding-sync:8009

	# part for worker redirect
	reverse_proxy /_synapse/client/* {
		to synapse-worker-1:8081 synapse-background-1:8081
			
		lb_policy ip_hash {
			fallback first
		}

		health_uri /health
		health_port 8081
		health_interval 15m
		health_timeout 15s
		health_follow_redirects
	}
	# redirect for admin page
	redir /admin /admin/
	handle_path /admin/* {
		reverse_proxy synapse-admin:80
		import internal-access yes
	}
}

[ghostklart]

and solved again by the following example:

matrix.{$INTERNALDOMAIN} {

	# special headers say
	import matrix-synapse yes
	
	@mas-login {
		path_regexp /_matrix/client/(.*)/login
	}
	@mas-logout {
		path_regexp /_matrix/client/(.*)/logout
	}
	@mas-refresh {
		path_regexp /_matrix/client/(.*)/refresh
	}

	@federation {
		path_regexp /_matrix/federation/(v1|v2|v3)/(send|event|state|state_ids|backfill|get_missing_events|publicRooms|query|make_join|make_leave|send_join|send_leave|invite|query_auth|event_auth|exchange_third_party_invite|user/devices|get_groups_publicised|groups)(/?(.*)?)$
	}

	@federation1 {
		path_regexp /_matrix/key/v2/query/?$
	}

	@matrix-admin {
		path_regexp /_matrix/admin/(.*)
	}

	route @mas-login {
		reverse_proxy synapse-auth:8080
	}

	route @mas-logout {
		reverse_proxy synapse-auth:8080
	}

	route @mas-refresh {
		reverse_proxy synapse-auth:8080
	}

	route @federation {
		reverse_proxy synapse-federation:8081
	}

	route @federation1 {
		reverse_proxy synapse-federation:8081
	}

	reverse_proxy /_matrix/* synapse-server:8008
	# protected admin endpoint
	route @matrix-admin {
		reverse_proxy synapse-server:8008
		import internal-access yes
	}

	# # # add sliding sync for element x
	reverse_proxy /sliding-sync/* sliding-sync:8009

	# part for worker redirect
	reverse_proxy /_synapse/client/* {
		to synapse-worker-1:8081 synapse-background-1:8081
			
		lb_policy ip_hash {
			fallback first
		}

		health_uri /health
		health_port 8081
		health_interval 15m
		health_timeout 15s
		health_follow_redirects
	}
	# redirect for admin page
	redir /admin /admin/
	handle_path /admin/* {
		reverse_proxy synapse-admin:80
		import internal-access yes
	}
}

[rriemann]

My Caddyfile (for full stack including Element Call) is much more compact: https://github.com/rriemann/element-docker-demo/blob/podman-caddy/Caddyfile

# for the federation port 8448
{$HOMESERVER_FQDN}, {$HOMESERVER_FQDN}:8448 {
	request_body {
		max_size 50MB
	}

	route {
		# pass auth to MAS
		@mas expression path_regexp('^/_matrix/client/(.*)/(login|logout|refresh)')
		reverse_proxy @mas http://mas:8080

		# use the generic worker as a synchrotron:
		# taken from https://element-hq.github.io/synapse/latest/workers.html#synapseappgeneric_worker
		@generic <<CEL
            path_regexp('^/_matrix/client/(r0|v3)/sync$') ||
            path_regexp('^/_matrix/client/(api/v1|r0|v3)/events$') ||
            path_regexp('^/_matrix/client/(api/v1|r0|v3)/initialSync$') ||
            path_regexp('^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$')
        CEL
		reverse_proxy @generic http://synapse-generic-worker-1:8081

		reverse_proxy * http://synapse:8008
	}
}

However, I am still debugging some issue with MAS. One thing I noticed is that your regexp do not start with ^, which should give you better performance.