Upgrade Traefik (v3.6.6-0 -> v3.6.7-1) and remove all (now-unnecessary) encodedCharacters_* setting overrides

All these `encodedCharacters_*` settings default to `true` in Traefik v3.6.7,
so we don't need to override their values.

Ref: https://doc.traefik.io/traefik/v3.6/migrate/v3/#v367

Closes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/4835

group_vars/matrix_servers

@@ -5855,20 +5855,6 @@ traefik_gid: "{{ matrix_user_gid }}"
 # This override (for the `web` entrypoint) also cascades to overriding the `web-secure` entrypoint and the `matrix-federation` entrypoint.
 traefik_config_entrypoint_web_transport_respondingTimeouts_readTimeout: 300s
 
-# Traefik v3.6.3+ blocks encoded characters in request paths by default for security.
-# Matrix API endpoints require encoded slashes (e.g., in room keys URLs) and encoded hashes (e.g., in room directory URLs).
-# Ref:
-# - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/4798
-# - https://doc.traefik.io/traefik/migrate/v3/#v364
-traefik_config_entrypoint_web_secure_http_encodedCharacters_enabled: true
-traefik_config_entrypoint_web_secure_http_encodedCharacters_allowEncodedSlash: true
-traefik_config_entrypoint_web_secure_http_encodedCharacters_allowEncodedHash: true
-# Doing the same for the `web` entrypoint, for people who disable SSL for the playbook
-# and actually go through this entrypoint.
-traefik_config_entrypoint_web_http_encodedCharacters_enabled: "{{ not matrix_playbook_ssl_enabled }}"
-traefik_config_entrypoint_web_http_encodedCharacters_allowEncodedSlash: "{{ not matrix_playbook_ssl_enabled }}"
-traefik_config_entrypoint_web_http_encodedCharacters_allowEncodedHash: "{{ not matrix_playbook_ssl_enabled }}"
-
 traefik_additional_entrypoints_auto: |
   {{
     ([matrix_playbook_public_matrix_federation_api_traefik_entrypoint_definition] if matrix_playbook_public_matrix_federation_api_traefik_entrypoint_enabled else [])

requirements.yml

@@ -67,7 +67,7 @@
   version: v1.1.0-1
   name: timesync
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik.git
-  version: v3.6.6-0
+  version: v3.6.7-1
   name: traefik
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik-certs-dumper.git
   version: v2.10.0-4

roles/custom/matrix-base/defaults/main.yml

@@ -321,13 +321,6 @@ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_port: "{{ matrix
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_host_bind_port: "{{ matrix_federation_public_port }}"
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_host_bind_port_udp: "{{ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_advertisedPort if matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_enabled else '' }}"
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config: "{{ (matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_default | combine(matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_auto)) | combine(matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_custom, recursive=True) }}"
-# Traefik v3.6.3+ blocks encoded characters in request paths by default for security.
-# Matrix API endpoints require encoded slashes and hashes in endpoints containing room IDs, room aliases, etc.
-# Ref:
-# - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/4798
-# - https://doc.traefik.io/traefik/migrate/v3/#v364
-matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http_encodedCharacters_allowEncodedSlash: true  # noqa: var-naming[pattern]
-matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http_encodedCharacters_allowEncodedHash: true  # noqa: var-naming[pattern]
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_enabled: true
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_advertisedPort: "{{ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_port }}"  # noqa var-naming
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_transport_respondingTimeouts_readTimeout: "{{ traefik_config_entrypoint_web_secure_transport_respondingTimeouts_readTimeout }}"  # noqa var-naming
@@ -337,19 +330,6 @@ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_default:
   {{
     {}
 
-    | combine(
-      (
-        {
-          'http': {
-            'encodedCharacters': {
-              'allowEncodedSlash': matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http_encodedCharacters_allowEncodedSlash,
-              'allowEncodedHash': matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http_encodedCharacters_allowEncodedHash,
-            }
-          }
-        }
-      )
-    )
-
     | combine(
       (
         (
@@ -412,30 +392,7 @@ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name: matrix-inter
 matrix_playbook_internal_matrix_client_api_traefik_entrypoint_port: 8008
 matrix_playbook_internal_matrix_client_api_traefik_entrypoint_host_bind_port: ''
 matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config: "{{ (matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config_default | combine(matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config_auto)) | combine(matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config_custom, recursive=True) }}"
-# Traefik v3.6.3+ blocks encoded characters in request paths by default for security.
+matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config_default: {}
-# Matrix API endpoints require encoded slashes and hashes in endpoints containing room IDs, room aliases, etc.
-# Ref:
-# - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/4798
-# - https://doc.traefik.io/traefik/migrate/v3/#v364
-matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config_http_encodedCharacters_allowEncodedSlash: true  # noqa: var-naming[pattern]
-matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config_http_encodedCharacters_allowEncodedHash: true  # noqa: var-naming[pattern]
-matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config_default: |
-  {{
-    {}
-
-    | combine(
-      (
-        {
-          'http': {
-            'encodedCharacters': {
-              'allowEncodedSlash': matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config_http_encodedCharacters_allowEncodedSlash,
-              'allowEncodedHash': matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config_http_encodedCharacters_allowEncodedHash,
-            }
-          }
-        }
-      )
-    )
-  }}
 matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config_auto: {}
 matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config_custom: {}
 

roles/custom/matrix-base/tasks/validate_config.yml

@@ -36,6 +36,11 @@
     - {'old': 'matrix_container_global_registry_prefix', 'new': '<no global variable anymore; you need to override the `_registry_prefix` variable in each component separately>'}
     - {'old': 'matrix_user_username', 'new': 'matrix_user_name'}
     - {'old': 'matrix_user_groupname', 'new': 'matrix_group_name'}
+    - {'old': 'matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http_encodedCharacters_allowEncodedSlash', 'new': '<removed>'}
+    - {'old': 'matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http_encodedCharacters_allowEncodedHash', 'new': '<removed>'}
+    - {'old': 'matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config_http_encodedCharacters_allowEncodedSlash', 'new': '<removed>'}
+    - {'old': 'matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config_http_encodedCharacters_allowEncodedHash', 'new': '<removed>'}
+
 
 # We have a dedicated check for this variable, because we'd like to have a custom (friendlier) message.
 - name: Fail if matrix_homeserver_generic_secret_key is undefined