Configure encodedCharacters for the web Traefik entrypoint (if matrix_playbook_ssl_enabled is false) to fix Traefik 3.6.3+ regression in those cases

Continuation of e7cb9eee79 Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/4798
Configure encodedCharacters for various Traefik entrypoints to fix Traefik 3.6.3+ regression
2026-04-19 03:46:11 +03:00 · 2025-12-15 17:00:49 +02:00 · 2025-12-15 13:00:53 +02:00 · 2025-12-15 12:34:43 +02:00
3 changed files with 60 additions and 2 deletions
@@ -5836,6 +5836,20 @@ traefik_gid: "{{ matrix_user_gid }}"
 # This override (for the `web` entrypoint) also cascades to overriding the `web-secure` entrypoint and the `matrix-federation` entrypoint.
 traefik_config_entrypoint_web_transport_respondingTimeouts_readTimeout: 300s
 # Traefik v3.6.3+ blocks encoded characters in request paths by default for security.
 # Matrix API endpoints require encoded slashes (e.g., in room keys URLs) and encoded hashes (e.g., in room directory URLs).
 # Ref:
 # - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/4798
 # - https://doc.traefik.io/traefik/migrate/v3/#v364
 traefik_config_entrypoint_web_secure_http_encodedCharacters_enabled: true
 traefik_config_entrypoint_web_secure_http_encodedCharacters_allowEncodedSlash: true
 traefik_config_entrypoint_web_secure_http_encodedCharacters_allowEncodedHash: true
 # Doing the same for the `web` entrypoint, for people who disable SSL for the playbook
 # and actually go through this entrypoint.
 traefik_config_entrypoint_web_http_encodedCharacters_enabled: "{{ not matrix_playbook_ssl_enabled }}"
 traefik_config_entrypoint_web_http_encodedCharacters_allowEncodedSlash: "{{ not matrix_playbook_ssl_enabled }}"
 traefik_config_entrypoint_web_http_encodedCharacters_allowEncodedHash: "{{ not matrix_playbook_ssl_enabled }}"
 traefik_additional_entrypoints_auto: |
  {{
    ([matrix_playbook_public_matrix_federation_api_traefik_entrypoint_definition] if matrix_playbook_public_matrix_federation_api_traefik_entrypoint_enabled else [])
@@ -67,7 +67,7 @@
  version: v1.1.0-1
  name: timesync
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik.git
-  version: v3.6.4-0
+  version: v3.6.4-1
  name: traefik
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik-certs-dumper.git
  version: v2.10.0-3
@@ -321,6 +321,13 @@ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_port: "{{ matrix
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_host_bind_port: "{{ matrix_federation_public_port }}"
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_host_bind_port_udp: "{{ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_advertisedPort if matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_enabled else '' }}"
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config: "{{ (matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_default | combine(matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_auto)) | combine(matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_custom, recursive=True) }}"
 # Traefik v3.6.3+ blocks encoded characters in request paths by default for security.
 # Matrix API endpoints require encoded slashes and hashes in endpoints containing room IDs, room aliases, etc.
 # Ref:
 # - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/4798
 # - https://doc.traefik.io/traefik/migrate/v3/#v364
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http_encodedCharacters_allowEncodedSlash: true
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http_encodedCharacters_allowEncodedHash: true
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_enabled: true
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_advertisedPort: "{{ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_port }}"  # noqa var-naming
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_transport_respondingTimeouts_readTimeout: "{{ traefik_config_entrypoint_web_secure_transport_respondingTimeouts_readTimeout }}"  # noqa var-naming
@@ -330,6 +337,19 @@ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_default:
  {{
    {}
    | combine(
      (
        {
          'http': {
            'encodedCharacters': {
              'allowEncodedSlash': matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http_encodedCharacters_allowEncodedSlash,
              'allowEncodedHash': matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http_encodedCharacters_allowEncodedHash,
            }
          }
        }
      )
    )
    | combine(
      (
        (
@@ -391,7 +411,31 @@ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled: "{{ matri
 matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name: matrix-internal-matrix-client-api
 matrix_playbook_internal_matrix_client_api_traefik_entrypoint_port: 8008
 matrix_playbook_internal_matrix_client_api_traefik_entrypoint_host_bind_port: ''
-matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config_auto | combine(matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config_custom, recursive=True) }}"
+matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config: "{{ (matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config_default | combine(matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config_auto)) | combine(matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config_custom, recursive=True) }}"
 # Traefik v3.6.3+ blocks encoded characters in request paths by default for security.
 # Matrix API endpoints require encoded slashes and hashes in endpoints containing room IDs, room aliases, etc.
 # Ref:
 # - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/4798
 # - https://doc.traefik.io/traefik/migrate/v3/#v364
 matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config_http_encodedCharacters_allowEncodedSlash: true
 matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config_http_encodedCharacters_allowEncodedHash: true
 matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config_default: |
  {{
    {}
    | combine(
      (
        {
          'http': {
            'encodedCharacters': {
              'allowEncodedSlash': matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config_http_encodedCharacters_allowEncodedSlash,
              'allowEncodedHash': matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config_http_encodedCharacters_allowEncodedHash,
            }
          }
        }
      )
    )
  }}
 matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config_auto: {}
 matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config_custom: {}
Author	SHA1	Message	Date
Slavi Pantaleev	12bee503e0	Configure `encodedCharacters` for the `web` Traefik entrypoint (if `matrix_playbook_ssl_enabled` is `false`) to fix Traefik 3.6.3+ regression in those cases Continuation of `e7cb9eee79` Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/4798	2025-12-15 17:00:49 +02:00
Slavi Pantaleev	e7cb9eee79	Configure `encodedCharacters` for various Traefik entrypoints to fix Traefik 3.6.3+ regression Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/4798 Ref: https://doc.traefik.io/traefik/migrate/v3/#v364	2025-12-15 13:00:53 +02:00
Slavi Pantaleev	e813932240	Upgrade Traefik (v3.6.4-0 -> v3.6.4-1)	2025-12-15 12:34:43 +02:00