DevX: Add another Matrix site to docker-compose (#3511)

* remove redis, since we dont use it * update localhost TLS certificat to add *.othersite.m.localhost wildcard * allow for federation * Add services and config files for Matrix site othersite.m.localhost * add element web instance app.othersite.m.localhost * update README * exclude synapse database for othersite.m.localhost * linting
2026-01-18 02:32:27 +00:00 · 2025-09-22 21:14:12 +02:00
parent b2c594d36c
commit 342dd2e7d7
18 changed files with 553 additions and 138 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -8,6 +8,7 @@ dist-ssr
 .idea/
 public/config.json
 backend/synapse_tmp/*
 backend/synapse_tmp_othersite/*
 /coverage
 config.json
@@ -28,4 +29,4 @@ yarn-error.log
 /test-results/
 /playwright-report/
 /blob-report/
-/playwright/.cache/
+/playwright/.cache/
--- a/README.md
+++ b/README.md
@@ -206,22 +206,22 @@ See also:
 ### Backend
 A docker compose file `dev-backend-docker-compose.yml` is provided to start the
-whole stack of components which is required for a local development environment:
+whole stack of components which is required for a local development environment
 including federation:
- Minimum Synapse Setup (servername: `synapse.m.localhost`)
+- Minimum Synapse Setup (servernameis: `synapse.m.localhost`, `synapse.othersite.m.localhost`)
 - MatrixRTC Authorization Service (Note requires Federation API and hence a TLS reverse proxy)
- Minimum LiveKit SFU Setup using dev defaults for config
+- Minimum LiveKit SFU setup using dev defaults for config
 - Redis db for completeness
 - Minimum `localhost` Certificate Authority (CA) for Transport Layer Security (TLS)
-  - Hostnames: `m.localhost`, `*.m.localhost`
+  - Hostnames: `m.localhost`, `*.m.localhost`, `*.othersite.m.localhost`
  - Add [./backend/dev_tls_local-ca.crt](./backend/dev_tls_local-ca.crt) to your web browsers trusted
    certificates
 - Minimum TLS reverse proxy for
-  - Synapse homeserver: `synapse.m.localhost`
+  - Synapse homeserver: `synapse.m.localhost` and `synapse.othersite.m.localhost`
-  - MatrixRTC backend: `matrix-rtc.m.localhost`
+  - MatrixRTC backend: `matrix-rtc.m.localhost` and `matrix-rtc.othersite.m.localhost`
  - Local Element Call development `call.m.localhost` via `yarn dev --host `
-  - Element Web `app.m.localhost`
+  - Element Web `app.m.localhost` and `app.othersite.m.localhost`
-  - Note certificates will expire on Thu, 03 May 2035 10:32:02 GMT
+  - Note certificates will expire on Thr, 20 September 2035 14:27:35 CEST
 These use a test 'secret' published in this repository, so this must be used
 only for local development and **_never be exposed to the public Internet._**
--- a/backend/dev_homeserver-othersite.yaml
+++ b/backend/dev_homeserver-othersite.yaml
@@ -0,0 +1,64 @@
 server_name: "synapse.othersite.m.localhost"
 public_baseurl: https://synapse.othersite.m.localhost/
 pid_file: /data/homeserver.pid
 listeners:
  - port: 18008
    tls: false
    type: http
    x_forwarded: true
    resources:
      - names: [client, federation, openid]
        compress: false
 database:
  name: sqlite3
  args:
    database: /data/homeserver.db
 media_store_path: /data/media_store
 signing_key_path: "/data/SERVERNAME.signing.key"
 # Due to custom TLS certificate with domains
 # - m.localhost, localhost
 # - *.m.localhost
 # - *.othersite.m.localhost
 # we disable certificate verification to allow for federation
 # WARNING: DO NOT USE IN PRODUCTION!!!
 federation_verify_certificates: false
 ip_range_blacklist: []
 trusted_key_servers:
  - server_name: "synapse.m.localhost"
    accept_keys_insecurely: true
 experimental_features:
  # MSC3266: Room summary API. Used for knocking over federation
  msc3266_enabled: true
  # MSC4222 needed for syncv2 state_after. This allow clients to
  # correctly track the state of the room.
  msc4222_enabled: true
 # The maximum allowed duration by which sent events can be delayed, as
 # per MSC4140. Must be a positive value if set.  Defaults to no
 # duration (null), which disallows sending delayed events.
 max_event_delay_duration: 24h
 # Required for Element Call in Single Page Mode due to on-the-fly user registration
 enable_registration: true
 enable_registration_without_verification: true
 report_stats: false
 serve_server_wellknown: true
 # Ratelimiting settings for client actions (registration, login, messaging).
 #
 # Each ratelimiting configuration is made of two parameters:
 #   - per_second: number of requests a client can send per second.
 #   - burst_count: number of requests a client can send before being throttled.
 rc_message:
  # This needs to match at least the heart-beat frequency plus a bit of headroom
  # Currently the heart-beat is every 5 seconds which translates into a rate of 0.2s
  per_second: 0.5
  burst_count: 30
--- a/backend/dev_homeserver.yaml
+++ b/backend/dev_homeserver.yaml
@@ -19,8 +19,18 @@ database:
 media_store_path: /data/media_store
 signing_key_path: "/data/SERVERNAME.signing.key"
 # Due to custom TLS certificate with domains
 # - m.localhost, localhost
 # - *.m.localhost
 # - *.othersite.m.localhost
 # we disable certificate verification to allow for federation.
 # WARNING: DO NOT USE IN PRODUCTION!!!
 federation_verify_certificates: false
 ip_range_blacklist: []
 trusted_key_servers:
-  - server_name: "matrix.org"
+  - server_name: "synapse.othersite.m.localhost"
    accept_keys_insecurely: true
 experimental_features:
  # MSC3266: Room summary API. Used for knocking over federation
@@ -34,6 +44,13 @@ experimental_features:
 # duration (null), which disallows sending delayed events.
 max_event_delay_duration: 24h
 # Required for Element Call in Single Page Mode due to on-the-fly user registration
 enable_registration: true
 enable_registration_without_verification: true
 report_stats: false
 serve_server_wellknown: true
 # Ratelimiting settings for client actions (registration, login, messaging).
 #
 # Each ratelimiting configuration is made of two parameters:
@@ -45,10 +62,3 @@ rc_message:
  # Currently the heart-beat is every 5 seconds which translates into a rate of 0.2s
  per_second: 0.5
  burst_count: 30
 # Required for Element Call in Single Page Mode due to on-the-fly user registration
 enable_registration: true
 enable_registration_without_verification: true
 report_stats: false
 serve_server_wellknown: true
--- a/backend/dev_livekit-othersite.yaml
+++ b/backend/dev_livekit-othersite.yaml
@@ -0,0 +1,20 @@
 port: 17880
 bind_addresses:
  - "0.0.0.0"
 rtc:
  tcp_port: 17881
  port_range_start: 50300
  port_range_end: 50400
  use_external_ip: false
 turn:
  enabled: false
  domain: localhost
  cert_file: ""
  key_file: ""
  tls_port: 5349
  udp_port: 443
  external_tls: true
 keys:
  devkey: secret
 room:
  auto_create: false
--- a/backend/dev_livekit.yaml
+++ b/backend/dev_livekit.yaml
@@ -6,11 +6,6 @@ rtc:
  port_range_start: 50100
  port_range_end: 50200
  use_external_ip: false
 #redis:
 #    address: redis:6379
 #    username: ""
 #    password: ""
 #    db: 0
 turn:
  enabled: false
  domain: localhost
--- a/backend/dev_nginx.conf
+++ b/backend/dev_nginx.conf
@@ -1,4 +1,5 @@
 # Synapse reverse proxy including .well-known/matrix/client
 # domain synapse.m.localhost
 server {
    listen                  80;
    listen                  [::]:80;
@@ -26,14 +27,53 @@ server {
    # This is also required for development environment.
    # Reason: the lk-jwt-service uses the federation API for the openid token
    #         verification, which requires TLS
-    location / {
+    location ~ ^(/_matrix|/_synapse/client)  {
-        proxy_pass "http://homeserver:8008";
+        proxy_pass "http://homeserver:8008";       
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $host;                
    }
    error_page   500 502 503 504  /50x.html;
 }
 # Synapse reverse proxy including .well-known/matrix/client
 # domain synapse.othersite.m.localhost
 server {
    listen                  80;
    listen                  [::]:80;
    listen                  443 ssl;
    listen                  8448 ssl;
    listen                  [::]:443 ssl;
    listen                  [::]:8448 ssl;
    server_name             synapse.othersite.m.localhost;
    ssl_certificate         /root/ssl/cert.pem;
    ssl_certificate_key     /root/ssl/key.pem;
    # well-known config adding rtc_foci backend
    # Note well-known is currently not effective due to:
    # https://spec.matrix.org/v1.12/client-server-api/#well-known-uri the spec
    # says it must be at https://$server_name/... (implied port 443) Hence, we
    # currently rely for local development environment on deprecated config.json
    # setting for livekit_service_url
    location /.well-known/matrix/client {
        add_header Access-Control-Allow-Origin *;
        return 200 '{"m.homeserver": {"base_url": "https://synapse.othersite.m.localhost"}, "org.matrix.msc4143.rtc_foci": [{"type": "livekit", "livekit_service_url": "https://matrix-rtc.othersite.m.localhost/livekit/jwt"}]}';
        default_type application/json;
    }
    # Reverse proxy for Matrix Synapse Homeserver
    # This is also required for development environment.
    # Reason: the lk-jwt-service uses the federation API for the openid token
    #         verification, which requires TLS
    location ~ ^(/_matrix|/_synapse/client)  {
        proxy_pass "http://homeserver-1:18008";
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $host;                
    }
    error_page   500 502 503 504  /50x.html;
@@ -41,6 +81,7 @@ server {
 }
 # MatrixRTC reverse proxy
 # domain matrix-rtc.m.localhost
 # - MatrixRTC Authorization Service
 # - LiveKit SFU websocket signaling connection
 upstream jwt-auth-services {
@@ -49,12 +90,8 @@ upstream jwt-auth-services {
 }
 server {
    listen                  80;
    listen                  [::]:80;
    listen                  443 ssl;
    listen                  [::]:443 ssl;
    listen                  8448 ssl;
    listen                  [::]:8448 ssl;
    server_name             matrix-rtc.m.localhost;
    ssl_certificate         /root/ssl/cert.pem;
    ssl_certificate_key     /root/ssl/key.pem;
@@ -96,6 +133,54 @@ server {
 }
 # MatrixRTC reverse proxy
 # domain matrix-rtc.othersite.m.localhost
 # - MatrixRTC Authorization Service
 # - LiveKit SFU websocket signaling connection
 server {
    listen                  443 ssl;
    listen                  [::]:443 ssl;
    server_name             matrix-rtc.othersite.m.localhost;
    ssl_certificate         /root/ssl/cert.pem;
    ssl_certificate_key     /root/ssl/key.pem;
    http2 on;
    location ^~ /livekit/jwt/ {
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      # JWT Service running at port 16080
      proxy_pass http://auth-service-1:16080/;
    }
    location ^~ /livekit/sfu/ {
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_send_timeout 120;
      proxy_read_timeout 120;
      proxy_buffering off;
      proxy_set_header Accept-Encoding gzip;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      # LiveKit SFU websocket connection running at port 17880
      proxy_pass http://livekit-sfu-1:17880/;
    }
    error_page   500 502 503 504  /50x.html;
 }
 # Convenience reverse proxy for the call.m.localhost domain to yarn dev --host
 server {
    listen                  80;
@@ -161,3 +246,36 @@ server {
    error_page   500 502 503 504  /50x.html;
 }
 # Convenience reverse proxy app.othersite.m.localhost for element web
 server {
    listen                  80;
    listen                  [::]:80;
    server_name             app.othersite.m.localhost;
    return 301 https://$host$request_uri;
 }
 server {
    listen                  443 ssl;
    listen                  [::]:443 ssl;
    server_name             app.othersite.m.localhost;
    ssl_certificate         /root/ssl/cert.pem;
    ssl_certificate_key     /root/ssl/key.pem;
    location ^~ / {
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_pass http://element-web-1:18081;
      proxy_ssl_verify              off;
    }
    error_page   500 502 503 504  /50x.html;
 }
--- a/backend/dev_tls_local-ca.crt
+++ b/backend/dev_tls_local-ca.crt
@@ -1,19 +1,19 @@
 -----BEGIN CERTIFICATE-----
-MIIDGjCCAgKgAwIBAgIUGdiFHhH4KL2pqBjMQHQ+PVIkSV8wDQYJKoZIhvcNAQEL
+MIIDGjCCAgKgAwIBAgIUbSbx+1UGptOTGefqEn7Zh3yoChIwDQYJKoZIhvcNAQEL
-BQAwHjEcMBoGA1UEAwwTRWxlbWVudCBDYWxsIERldiBDQTAeFw0yNTA1MDUxMDMy
+BQAwHjEcMBoGA1UEAwwTRWxlbWVudCBDYWxsIERldiBDQTAeFw0yNTA5MjIxMjI3
-MDJaFw0zNTA1MDMxMDMyMDJaMB4xHDAaBgNVBAMME0VsZW1lbnQgQ2FsbCBEZXYg
+MzVaFw0zNTA5MjAxMjI3MzVaMB4xHDAaBgNVBAMME0VsZW1lbnQgQ2FsbCBEZXYg
-Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA2y0hjmNn1vRsVSdy
+Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHODfkrFsOkqCnXnTb
-8IOfo8N1q9UgkhQWpGKXzPh+D5d1fnuJEmHIVwtDEtS/PwQ43LTmegChPtKH9jdT
+QWz3LkUtNCoVvM7wFouirRnITJYG+lFwF+zNl89Eaq+uUN4bwd8ml1ZuR9p+1azC
-tG0IihW9Ja5YNG+9xAwaoA/sB3CGCBYsz+2/XjVUpXoBJXIPoFBWsn+K0oeFw9fw
+SlklD5adhCR/ErknfUWamQEf6amSs3p0NnqnhXbnDEEbQOwNaPU/aGc6aw0+I9O6
-eRO1z9abM4cl+LjKzMNM8CCyu9uI1MaGjYez2YIWvG854VucLxX7HSlMJxZNWnie
+NQ/H830GlVuKd24Bfv0mx6Imo0Hi9jxKYhqFh80nmltk2uyXefaJxuo1jXBhwLyC
-Ui7fMakuJhB2+aiIQjdKxy4E5RHNhzYG/LXhvP+wBYBDPNRsP3rtzEaE9HAveL9K
+DW8RVj55QvkZyBUzid8yslxrlo0LHKCCjZflwJJv5f+jaubkH5c0qxVaoR4+Liyt
-FGqd3R4cBia6r1WIXmpAzyu5RGP5Eou0TZlGkal96/bF0I7q/pKlL23Jt1BLPiQU
+X/4viIwt3Mhj04ppudTvt973mTbjRG5haCz9y7OkT1mMWhc0xrdMFX+gjPERYS2H
-KGKrAgMBAAGjUDBOMB0GA1UdDgQWBBQJqBjMu61c1p24txw/y+kv3D+V6DAfBgNV
+Ru/RAgMBAAGjUDBOMB0GA1UdDgQWBBTXNfLAKVayGQda/JZLPszrpz6LVzAfBgNV
-HSMEGDAWgBQJqBjMu61c1p24txw/y+kv3D+V6DAMBgNVHRMEBTADAQH/MA0GCSqG
+HSMEGDAWgBTXNfLAKVayGQda/JZLPszrpz6LVzAMBgNVHRMEBTADAQH/MA0GCSqG
-SIb3DQEBCwUAA4IBAQB8m2YfFGLugNt5vAAOvNxVqDA8c72yCVYr3CBCpmTIEY5Z
+SIb3DQEBCwUAA4IBAQCvGfyopHHgZB+horGH6i/Xg41V+r4d0o092F1Lfr4vh86e
-d3qVGhG9//ux6+J8ntkSwd9nV5GJyYXHukCG1VavnAWolWdNF/WAllf0jhLuz7kD
+XMakRw92vsyk/iWOnLPNPcpVWzPcvINaCs/bahgnGSOAnrA4jjcXqymyGIy/6xc5
-/cJnuI1By4tBsBmSz851i6HJ4t5k99Be+6GQVzi0e7zzfxTHZE4xP2J6Ox8QbPsP
+1EeZAxehiL9E5q4LQ841HDX0gps4ZzUO1BRYQcjG9Rdts83JO2ekkfHkZdNj2eQr
-n0m76nIp/WbWaJqzvIIjJhmUUPPv+4wN+eOArgjiGLzptM2qTtGZtd0c9nS5gvep
+KOrr92Na1/w+EQdo/T9Rs2ES623xKEOxPqb8d/rx5Z4DdeuGx1u+3AfS76Lpo4ni
-+mEbSUN9zkhAroZf80wf+hEvy+fJ94VbZ9QjTzTg7odZLrsXGIe8DaG63EYRQ25b
+EJ0g1ImqdSUtiOLzeCQh6pqqb+vuFbxAyeyYSAJ49847EtFBvZCmWmPL2JICg9uq
-W5iYBAreln5fGSt7qHsGfqwZibTEk/Lx3dydO1Kg
+7rKW/qDfEK9GUs0GWCs3+mJkNvOOxBwtMuQrL7ZF
 -----END CERTIFICATE-----
--- a/backend/dev_tls_local-ca.key
+++ b/backend/dev_tls_local-ca.key
@@ -1,28 +1,28 @@
 -----BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDA2y0hjmNn1vRs
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDHODfkrFsOkqCn
-VSdy8IOfo8N1q9UgkhQWpGKXzPh+D5d1fnuJEmHIVwtDEtS/PwQ43LTmegChPtKH
+XnTbQWz3LkUtNCoVvM7wFouirRnITJYG+lFwF+zNl89Eaq+uUN4bwd8ml1ZuR9p+
-9jdTtG0IihW9Ja5YNG+9xAwaoA/sB3CGCBYsz+2/XjVUpXoBJXIPoFBWsn+K0oeF
+1azCSlklD5adhCR/ErknfUWamQEf6amSs3p0NnqnhXbnDEEbQOwNaPU/aGc6aw0+
-w9fweRO1z9abM4cl+LjKzMNM8CCyu9uI1MaGjYez2YIWvG854VucLxX7HSlMJxZN
+I9O6NQ/H830GlVuKd24Bfv0mx6Imo0Hi9jxKYhqFh80nmltk2uyXefaJxuo1jXBh
-WnieUi7fMakuJhB2+aiIQjdKxy4E5RHNhzYG/LXhvP+wBYBDPNRsP3rtzEaE9HAv
+wLyCDW8RVj55QvkZyBUzid8yslxrlo0LHKCCjZflwJJv5f+jaubkH5c0qxVaoR4+
-eL9KFGqd3R4cBia6r1WIXmpAzyu5RGP5Eou0TZlGkal96/bF0I7q/pKlL23Jt1BL
+LiytX/4viIwt3Mhj04ppudTvt973mTbjRG5haCz9y7OkT1mMWhc0xrdMFX+gjPER
-PiQUKGKrAgMBAAECggEAAPX2kxi5AQ7ul82SzT1KgpSXyDHLdYaUyAoYnaX9RO+B
+YS2HRu/RAgMBAAECggEABhB9CxYAE5p9D3s9nWsJcSDUdELRQSYlOoPFLmeMkF9c
-8ylmpyeqygs4+KQS4EMJm9jpo85Oy37bIKdG3kljU6wQcKlL5Y+ZUOo1nzpV6fid
+dcvq7LmduMh1Q8TnoivOBxRIwbj7pZHEYfYJM0TmH82wrQzXu5KLVltm4gTkVt9b
-hGVs6ts8VXw8KshKQ9AyccZ8L/pirUfgOffgTwfjY7/90zceAL/s98GuZWc62nkX
+DR8vjBgYdb8HVpM17Cl2xhW62XpJIiseFRUsHc/9sf2Egc3MIpPuIleGR0budbSW
-55joQv/OikqYfAGP/U6Bp2Zyf23DwJB09Z3B6NnZj/ZyAbDrDEHuA15LhCOcCczp
+ybBkqEokTYTSiAztcu3G+VN0U9MsJgLMa8HApya7M48ojdrhzngVHZRUOXul9o7u
-IU/mFEywBPHT9Tg4w4Beq78PeAETvku2UalYRLhP3RLlXr2oEbwUtINRVt2QjZ85
+zYJWSxPHIIYp5C4pYQBAx8OttThwKK1A9lwbQ2EJx0KnTbBC6O5Gna/jENpGd1h2
-Esps4uCqL/mgQluIebtudD9HL/YMlNPXue1mDXFxJQKBgQDgZZY4yJBcf488T1V6
+rzK/9MONtsjln7IejP+4mDlNupS6SF3zzHPBHjqKAQKBgQDtXUIKPiVTFS45yWtK
-HNm06b/LvVGj253pKgw14hpY1xQu3Ymgzv1GEqzhSYdzxhpmj0tMUNHxAp+YdGQu
+XD62s3j8jfIi+22b/C30fCPtppn0cm/0zY+vovgWVUBnQXkExafRthZCuxnE8ry7
-SZ0wcPKhw0aYVkIjDRYDC3Wn5GJhyIEYHGYMo/n4l49UzHRBPOTDzp49DkHTKBgh
+E29S40+4z9yivAC9dz7vHZUbyIFP6VG9WyhUYo+/WqOIePyh+iBISQ9TA1DneIYz
-XgIIazYT3CkjTIMRrkUv+qfIPQKBgQDcBGu/mqbjxs4sN3zqPS4aB21o6t6W0sXs
+VZ8iU5GvdybUPl2C5WN8seaoQKBgQDW3EwVN2EEkChLRJbQYN2qpjn+0vYESMJ8
-ZP9w6RlTPQi5U2oRbftjZtYc0bbEgkMUImB1HwYPQT5pJ+MyC414xDvSc2exBr5d
+K0sgMRtgh4+/T2Xb9b8O/dd87Fi/4oaUqWZ2E2sdsXq8P/IEo0cv6SRfHMy7GyxL
-To6yyPIy78Tf5PHM12fpKV92nSvoz/pSjYcGxxDtKfPqu+t8mOJfjCV1lLLA+xuB
+RM7ztwUfMC4LVWi0ZIXMrm4gRDGN2XjGvhkX6fU2lSf6azWL1K3wI3amNV2b7P7d
-DDaE4p8dBwKBgQCdAne6A5v/HMH8UQZeCxHJpESvKiiVnnU/UEx651nID7XvlNNX
+ItpvdkH3MQKBgQCXf29YJEQkXB9t6J3fDzND3xb4cwy5wSo7ZeBa7CTuWOhoeeX1
-0X0mKqsMd4ZvW43ddSYan/JF0LAa3FW8jYWO/3jF9vzOWoysOdvNBZetgf/Uq5ao
+JIJyAp0/e9goT0SThChRlFtu6gZPivJkoMnr6IOInLrg7we15fc4HPR/kCDgxTVT
-aDZ/YbzmVCXWD7jIbPMkjs3pqrAkL0mzDzQc7+dGviWKrV6IYIfIqnn7gQKBgDCz
+m2wJOAMxigNYZogwRfn2yRLL1BD+PBHD+H936xcX1bSJOUyPSGOC/xLhIQKBgQCb
-vdIk/qpO+JZrFfiX4Fucp0hhLTJ/p5ZDaRPqVVPKn+K+Jy2ChfIj8mNgvK9VEloj
+kCDd85ygyycBaAWxlZCor3WqFF/fNjbp5Aaepi9mMoBXSUs8eK7+UbelURHozEAY
-nexvGJ1J2PHYBX+vdPp1nbRhHWPfVUY8PHQw7QP/dToGaMvqJrNDGEGeWvjnCMc7
+fpYaw3B4rTlp9vppdTZjb+/PlXB9v+zQCl+0gTyKGj4cIpiOk4F0co51eipOw7f4
-UtdaO1H0Rm0AegkTopB56lTTvJnhO95eALd7nrMDAoGAEPdzJtWoKafp49svhSj0
+XUaZ0+CgxlmNq/W26iONjH+pU1YVQQA+Z6+zp/GW4QKBgQCrzYgeugxxqgJzyIRu
-hiXQv2SPBwVUN4LZ4SOWiXUcmYYm80aNpYKLkBxYjrfqFWhE7NUHLGp8YorQWKY2
+0njJkIg+T5gHvsQrtpzq7LVob+HBiBiT7eDOeGDXTK8F//sk969QVrDMQsTMvGW9
-acD9AReHk/xku0ABy6jeYmSCmCxASxst5liKD+l12sk0gB0rk5MBxB4Uu1MIbQZ2
+sG1oTqxciALTMqkJTf8+hT9Uogir0/iTbJUzTt5vPYpQOEQwQHIXMUTjZ9C6NDKT
-aCASX3AVD2/XyC2MKkzc8Eg=
+QlmeMCxeWyPYqoMfwKmdtDP/Iw==
 -----END PRIVATE KEY-----
--- a/backend/dev_tls_m.localhost.crt
+++ b/backend/dev_tls_m.localhost.crt
@@ -1,21 +1,21 @@
 -----BEGIN CERTIFICATE-----
-MIIDZzCCAk+gAwIBAgIUXizLjwkdqepX0bh0K3abeJxj68IwDQYJKoZIhvcNAQEL
+MIIDgDCCAmigAwIBAgIUT9NYpZbrAKokSPSTE3zzsAMowvEwDQYJKoZIhvcNAQEL
-BQAwHjEcMBoGA1UEAwwTRWxlbWVudCBDYWxsIERldiBDQTAeFw0yNTA1MDUxMzU5
+BQAwHjEcMBoGA1UEAwwTRWxlbWVudCBDYWxsIERldiBDQTAeFw0yNTA5MjIxMjI3
-MTFaFw0zNTA1MDMxMzU5MTFaMBgxFjAUBgNVBAMMDSoubS5sb2NhbGhvc3QwggEi
+MzVaFw0zNTA5MjAxMjI3MzVaMBgxFjAUBgNVBAMMDSoubS5sb2NhbGhvc3QwggEi
-MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrzGSScSgaQuZdELGFYiLiYRwr
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK1DNwTQWmyK71Ar56NvmSMQ8s
-LKyUdNr0rsPcOo0bvbeZ3zQMeUMRNlA69zGFdarumiDRXUoAmZI39WmH95aX3d+A
+qUY3jGqqPVORjfDUtDCrPPdCxT+ZlnsAgdonElWoWqczMrSyBRgfJlZMd4lEvt6V
-U7EFnWev7xpWSVhSYj8T0d4rke8HjGk3LpaffJ93tbJuagBIH1ouuN6AOdzWs8hp
+EEiZGUvA/lG1XIVgrx1kMSHKBoJj7lCBN6r3IWmYe6CxgfZurgp+7Z22i6cGMOnQ
-RYIomWleEeeuVnnfaMwaXOdc+ihJJ6wzm2hwQSfdpjZPWBDd/DFft1ZXxIZOCjDs
+0XduX5Asup6zk5V7AE6i9eKrJsUjYmRBXtk099IitkER4TMqh6WxJmFF+eV9P/ax
-rEIiI7uU8iZPLB3QEM/tgxSSAOxrcKvQvxZokk+FD7aMJFP71IfieLCEzMTP1VXa
+fxkon+bQWITwP1PLC1UOTK7lR0EcVan5aY6WMs/6RfO4Gw/dvuiVG1jCrVcaKNGT
-tP7UTAKAqB2NyDJ8m3IHbOINiqcdFvFR3R1D9bXOYE4oRynNvYZrQUGnL2RtAgMB
+PYqmQqs+MOvyIqJ9kYELRZu+6bhPWSXk2ESpSIUIPH9twfnmWrncneIJR24/AgMB
-AAGjgaIwgZ8wHwYDVR0jBBgwFoAUCagYzLutXNaduLccP8vpL9w/legwCQYDVR0T
+AAGjgbswgbgwHwYDVR0jBBgwFoAU1zXywClWshkHWvyWSz7M66c+i1cwCQYDVR0T
-BAIwADALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwMAYDVR0RBCkw
+BAIwADALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwSQYDVR0RBEIw
-J4IJbG9jYWxob3N0ggttLmxvY2FsaG9zdIINKi5tLmxvY2FsaG9zdDAdBgNVHQ4E
+QIIJbG9jYWxob3N0ggttLmxvY2FsaG9zdIINKi5tLmxvY2FsaG9zdIIXKi5vdGhl
-FgQUfdh1p52ZgWyZcBgBXGwKi4EnUE0wDQYJKoZIhvcNAQELBQADggEBAKrHEuB6
+cnNpdGUubS5sb2NhbGhvc3QwHQYDVR0OBBYEFIkGX+cEJ1ISKIwuT1zzp7uHJ90e
-33j8+EwSHw3zrvt/DRXK2BDHI1Ir9JcztSunaKAjZXVvf/dvZp0Xs1dEdJIdnv6G
+MA0GCSqGSIb3DQEBCwUAA4IBAQBnnnfB7KmyYo16ZYUCmoqGhbM4p8npeYTh5ySb
-iZYhBbOqDqpQZbf2h/h0kuu5yZSBUdnQXnYNxlhp2UaC/UEgw5iZT/p1rm7RjVie
+K01YwGCnMU1qGfJnKHaRwQ2+KtVGZnpBdjmsHcOUetA3V2BirPaYowMCMtaI36LD
-y4Dp2WytV5iZOLmLj6xDvd3DXazgJPWIRX8p8qJZbKTkwCjTr7nDIj8jjG1sVFf7
+LnxvboSZLX0mgEYuN7HmxW4a7fSelDecTYa7xti1sNhE/w8xW7Lky046/DousyUy
-1RJBO5/6WSnImrpDmlLUrvjiKvbxcdseDJyBOhTwdRdSk4S2M+s5tR5j2I1gXLOq
+d9x3wJ183GGj1W2p6bR1E4sqTr/VbmoULQxnqA3GUNOxW3lRL5e8lQ6jJVRmMF4k
-J5ioN76+SCrTY0K0WKRy9oOXWO1/X3+VYcekp+0F3SGkd5w17jylCv1XIGHAdEsQ
+92BtMPrI/m7jwHj0f/WBLI8mdJ/O/W/NxQOG475FZePDfrg+MkeXPChPggf42/ou
-v2z2/aMI/7sAD2Q=
+AMm56FNB7e1l0b1Fots730RfpCPuXpiAxL4pisS0X1dMVeeM
 -----END CERTIFICATE-----
--- a/backend/dev_tls_m.localhost.key
+++ b/backend/dev_tls_m.localhost.key
@@ -1,28 +1,28 @@
 -----BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCrzGSScSgaQuZd
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDK1DNwTQWmyK71
-ELGFYiLiYRwrLKyUdNr0rsPcOo0bvbeZ3zQMeUMRNlA69zGFdarumiDRXUoAmZI3
+Ar56NvmSMQ8sqUY3jGqqPVORjfDUtDCrPPdCxT+ZlnsAgdonElWoWqczMrSyBRgf
-9WmH95aX3d+AU7EFnWev7xpWSVhSYj8T0d4rke8HjGk3LpaffJ93tbJuagBIH1ou
+JlZMd4lEvt6VEEiZGUvA/lG1XIVgrx1kMSHKBoJj7lCBN6r3IWmYe6CxgfZurgp+
-uN6AOdzWs8hpRYIomWleEeeuVnnfaMwaXOdc+ihJJ6wzm2hwQSfdpjZPWBDd/DFf
+7Z22i6cGMOnQ0XduX5Asup6zk5V7AE6i9eKrJsUjYmRBXtk099IitkER4TMqh6Wx
-t1ZXxIZOCjDsrEIiI7uU8iZPLB3QEM/tgxSSAOxrcKvQvxZokk+FD7aMJFP71Ifi
+JmFF+eV9P/axfxkon+bQWITwP1PLC1UOTK7lR0EcVan5aY6WMs/6RfO4Gw/dvuiV
-eLCEzMTP1VXatP7UTAKAqB2NyDJ8m3IHbOINiqcdFvFR3R1D9bXOYE4oRynNvYZr
+G1jCrVcaKNGTPYqmQqs+MOvyIqJ9kYELRZu+6bhPWSXk2ESpSIUIPH9twfnmWrnc
-QUGnL2RtAgMBAAECggEAJaFQii8U/KOYt9vXNoMnZvSkaeSQLLhn2V6Kciu1CtWE
+neIJR24/AgMBAAECggEANRp6vzfDN4gKWoaV5TyYegCTNv+4rRl74cd9pjmx6Jam
-aMTWLsFE6nk+G5xXkYcTmM3T0GghtH3u5CjyI6EcsEkeEorCZJt0wbmayDmqiekR
+uWaUXCx1etpNqPPWcG1Z9OKLLRnk+kjgKGOqq4mObGvGreNeBot7bHOJZADtwMMI
-LfMzOdHuTHX5+edPgMGYYG1BFyRKyYFsjH1b5zRFZhXdGQnrl5760GsVlz9D1KZQ
+YG+Gp7StlclS1YoEHoDmezA/AcqDgTXa9KF0rdMBb1sGFJCLAuBNSJCxtVV6CQIz
-iHcT+q1S2tmZeoUukQnADENKXUMCyTGM5FCddgNtsWnGDsTDayh7hUdvDkB+mW4G
+X26uT0m+Wx8MQyQWA7Sqy6DQNJo++IZkvr7a3cidqBOUPs+QvnIV5JsUb2gp5tGn
-lSp+BZuc3PCwpbD6qkXvfugWs6CUAAtXoV3ceWgxQ+TEnNlwxaG1AyugfgNUBolk
+zk+ObeRjoFFWYAN/NK7bneRenkP40m3MSL8ZfaEuuonui7CrxM1SiQyq2N1u/Aoy
-8xgeZt4r5QId03jsHDf7hpBAofcaCd5EMIIQYFvWoQKBgQDlbAvAzEFPTZZn2nRV
+OE1JtNaVPbLBo6kG5al7Sj4Z0zhRt+iv93S2lZMkBQKBgQD2+FpLTqyLO1NDOFkE
-Xagw4xjqVc1LLEKLCWq0N5rEkwn0h90Dz5N7/3NuonP/sIDsDHCbyiOYBI1Ck6Xi
+kxU+LdLOx0OV9wASC0ApPOu1dHMG6ksByr7TWeiu6GJDgajusPB7NVPOt2cm4iWU
-0WuB+OyKDh+xeF2mekN9G9ywPahdK5lT/TVsxXFyZlwtVv1x/6KBO4yv5URizxqU
+xPxXPO5l87uiSvu80h5uG4Qdj8KEijHkdap2wbVkU/mm8lBKC36jyBQIlJKySyXY
-gyAPDDxfD/KcNjkOBaodWEwQGQKBgQC/s2gPDBtQkjLwkHXchBomLww5eLlVrac1
+zSEMfLK9jQPKz5cKKT3dVj/fAwKBgQDSPq9oks6K96MAB66o6cm214otQlnTQkPM
-WK4UX6uSdOgrjJ375OOgMTxe8NVZdOuAKytGXRWDwgH3nVWvuZhe7dGlX3JMuSer
+xgjtjddX+Lp9tgihGvtSfPbyy89oUDHCfKvW/AHG52e5dec5YUi6mVdHEWbk33Kt
-e9VwDpBESrvqcR4ruL6wm8wej6BXyjH0wD3FHb0S5HfuBDxTn+4bDwrbRzOUMNgy
+BoQuxeK3XseIDlD/JD9Dd7KfUyO5w2jtYLfNdqez41O4qj2N52m1KwJYTwMsc8Kq
-lSppuflxdQKBgQDiZcIfazFT8evn5nMAvuC4BZNTxIJHmZC9JfjPiUPIkpWzYtOe
+izVgkC5hFQKBgBFAc/5CtqbbNAvECePZ6mf3h3xOSxhUsrqP8qFu0gBQ7CAVibvM
-7BvNtKOT3Op9uw8uYYRKqKqBXJSNy6ha8XCXHS9HeXKbLn20SFkLQBCDNwVLlDfF
+T9wvsaNWNFcG3age0A2rQfl0sk3zCjEEOaRWa0jP59GEb2VXQCzs2yO9gRcFGEsf
-40zyXtF6JDr4XyzSb4NM5pgKCER5AYloXxGm59s3sEQpFXUuOjbKqJS/GQKBgAoI
+NRMqoOMrQos47gbeGrCSL2QSDNVLjo9AdQiMRWgcS6GFMsXQ77NgbQHFAoGBAI4a
-c7vF4HAZFr1sch62cz/oWnVvkhOf4Q5zs7ixQSOLJtOQqnwSgK9TpFs7s47ZBbJR
+YGTGFWRITJvQlXUFz5kNxg8hMaVgvILDt3UY0dxb+XDOgLajjgsK+77Pkrhmu7tA
-kBRAru2Ua9Hv1Bo8VnMxczV6h1roneDlvEf/GyHX33nnrbKQGrrXjJlU3wl5NaAf
+mMUOQAU4kxr/XfGil43H5v3Z/Tnk7ZWVOfKDPeHC5gpH4ucQkNIBLXISt6rvMRSA
-p5v3cHvapUQ5yIZ/6lBUOzc6xMJOxCHxmKSr7Rg5AoGAbEE4lt6Xh2dnBPJ81eNI
+srrk4CTuGcBPEJvBNemF0Gfvv61j8MdkoAdMbIyhAoGAfGR6yZLBmRMsW5PKmcpT
-IDrw/3ITY53qAY4Bx88CByIFuu8CEUdUZprh98jSl6ic1tMinZfUhRMwABLrUD51
+nq2oSeUpmtGZra6pWz/3XU7AgrCLcx1DmqEjm4w7y5NQJmxyMZqqdTJILCjr3Srt
-DGst8iGLPD9u83iMcUHI/L+p7AbxrKLvWXZrF5UZm440c9mSWqfhPaTBosPtNDsG
+2F0NqQL6Li+xQGibAvDj0Jxyol38RvFC0J/w2vQmuF0hTuH95yknSd7FPXK+DPG
-LfETwH1flKXMTXd2xA9RTE4=
+qYgXLjun9dht6kx9vGJ69wI=
 -----END PRIVATE KEY-----
--- a/backend/dev_tls_setup
+++ b/backend/dev_tls_setup
@@ -34,5 +34,6 @@ subjectAltName = @alt_names
 DNS.1 = localhost
 DNS.2 = m.localhost
 DNS.3 = *.m.localhost
 DNS.4 = *.othersite.m.localhost
 EOF
 )
--- a/backend/ew.test.othersite.config.json
+++ b/backend/ew.test.othersite.config.json
@@ -0,0 +1,53 @@
 {
  "default_server_config": {
    "m.homeserver": {
      "base_url": "https://synapse.othersite.m.localhost",
      "server_name": "synapse.othersite.m.localhost"
    }
  },
  "disable_custom_urls": false,
  "disable_guests": false,
  "disable_login_language_selector": false,
  "disable_3pid_login": false,
  "force_verification": false,
  "brand": "Element",
  "integrations_ui_url": "https://scalar.vector.im/",
  "integrations_rest_url": "https://scalar.vector.im/api",
  "integrations_widgets_urls": [
    "https://scalar.vector.im/_matrix/integrations/v1",
    "https://scalar.vector.im/api",
    "https://scalar-staging.vector.im/_matrix/integrations/v1",
    "https://scalar-staging.vector.im/api",
    "https://scalar-staging.riot.im/scalar/api"
  ],
  "default_widget_container_height": 280,
  "default_country_code": "GB",
  "show_labs_settings": false,
  "features": {
    "feature_element_call_video_rooms": true,
    "feature_video_rooms": true,
    "feature_group_calls": true,
    "feature_release_announcement": false
  },
  "default_federate": true,
  "default_theme": "light",
  "room_directory": {
    "servers": ["matrix.org"]
  },
  "enable_presence_by_hs_url": {
    "https://matrix.org": false,
    "https://matrix-client.matrix.org": false
  },
  "setting_defaults": {
    "breadcrumbs": true,
    "feature_group_calls": true
  },
  "jitsi": {
    "preferred_domain": "meet.element.io"
  },
  "element_call": {
    "participant_limit": 8,
    "brand": "Element Call"
  },
  "map_style_url": "https://api.maptiler.com/maps/streets/style.json?key=fU3vlMsMn4Jb6dnEIFsx"
 }
--- a/backend/playwright_homeserver-othersite.yaml
+++ b/backend/playwright_homeserver-othersite.yaml
@@ -0,0 +1,81 @@
 server_name: "synapse.othersite.m.localhost"
 public_baseurl: https://synapse.othersite.m.localhost/
 pid_file: /data/homeserver.pid
 listeners:
  - port: 18008
    tls: false
    type: http
    x_forwarded: true
    resources:
      - names: [client, federation, openid]
        compress: false
 database:
  name: sqlite3
  args:
    database: /data/homeserver.db
 media_store_path: /data/media_store
 signing_key_path: "/data/SERVERNAME.signing.key"
 # Due to custom TLS certificate with domains
 # - m.localhost, localhost
 # - *.m.localhost
 # - *.othersite.m.localhost
 # we disable certificate verification to allow for federation.
 # WARNING: DO NOT USE IN PRODUCTION!!!
 federation_verify_certificates: false
 ip_range_blacklist: []
 trusted_key_servers:
  - server_name: "synapse.m.localhost"
    accept_keys_insecurely: true
 experimental_features:
  # MSC3266: Room summary API. Used for knocking over federation
  msc3266_enabled: true
  # MSC4222 needed for syncv2 state_after. This allow clients to
  # correctly track the state of the room.
  msc4222_enabled: true
 # The maximum allowed duration by which sent events can be delayed, as
 # per MSC4140. Must be a positive value if set.  Defaults to no
 # duration (null), which disallows sending delayed events.
 max_event_delay_duration: 24h
 # Required for Element Call in Single Page Mode due to on-the-fly user registration
 enable_registration: true
 enable_registration_without_verification: true
 report_stats: false
 serve_server_wellknown: true
 # Ratelimiting settings for client actions (registration, login, messaging).
 #
 # Each ratelimiting configuration is made of two parameters:
 #   - per_second: number of requests a client can send per second.
 #   - burst_count: number of requests a client can send before being throttled.
 rc_message:
  per_second: 10000
  burst_count: 10000
 rc_delayed_event_mgmt:
  per_second: 10000
  burst_count: 10000
 rc_login:
  address:
    per_second: 10000
    burst_count: 10000
  account:
    per_second: 10000
    burst_count: 10000
  failed_attempts:
    per_second: 10000
    burst_count: 10000
 rc_registration:
  per_second: 10000
  burst_count: 10000
--- a/backend/playwright_homeserver.yaml
+++ b/backend/playwright_homeserver.yaml
@@ -19,8 +19,18 @@ database:
 media_store_path: /data/media_store
 signing_key_path: "/data/SERVERNAME.signing.key"
 # Due to custom TLS certificate with domains
 # - m.localhost, localhost
 # - *.m.localhost
 # - *.othersite.m.localhost
 # we disable certificate verification to allow for federation.
 # WARNING: DO NOT USE IN PRODUCTION!!!
 federation_verify_certificates: false
 ip_range_blacklist: []
 trusted_key_servers:
-  - server_name: "matrix.org"
+  - server_name: "synapse.othersite.m.localhost"
    accept_keys_insecurely: true
 experimental_features:
  # MSC3266: Room summary API. Used for knocking over federation
@@ -34,6 +44,13 @@ experimental_features:
 # duration (null), which disallows sending delayed events.
 max_event_delay_duration: 24h
 # Required for Element Call in Single Page Mode due to on-the-fly user registration
 enable_registration: true
 enable_registration_without_verification: true
 report_stats: false
 serve_server_wellknown: true
 # Ratelimiting settings for client actions (registration, login, messaging).
 #
 # Each ratelimiting configuration is made of two parameters:
@@ -62,10 +79,3 @@ rc_login:
 rc_registration:
  per_second: 10000
  burst_count: 10000
 # Required for Element Call in Single Page Mode due to on-the-fly user registration
 enable_registration: true
 enable_registration_without_verification: true
 report_stats: false
 serve_server_wellknown: true
--- a/backend/redis.conf
+++ b/backend/redis.conf
@@ -1,5 +0,0 @@
 bind 0.0.0.0
 protected-mode yes
 port 6379
 timeout 0
 tcp-keepalive 300
--- a/dev-backend-docker-compose.yml
+++ b/dev-backend-docker-compose.yml
@@ -24,6 +24,28 @@ services:
    networks:
      - ecbackend
  auth-service-1:
    image: ghcr.io/element-hq/lk-jwt-service:latest-ci
    pull_policy: always
    hostname: auth-server-1
    environment:
      - LIVEKIT_JWT_PORT=16080
      - LIVEKIT_URL=wss://matrix-rtc.othersite.m.localhost/livekit/sfu
      - LIVEKIT_KEY=devkey
      - LIVEKIT_SECRET=secret
      # If the configured homeserver runs on localhost, it'll probably be using
      # a self-signed certificate
      - LIVEKIT_INSECURE_SKIP_VERIFY_TLS=YES_I_KNOW_WHAT_I_AM_DOING
      - LIVEKIT_FULL_ACCESS_HOMESERVERS=*
    deploy:
      restart_policy:
        condition: on-failure
    ports:
      # HOST_PORT:CONTAINER_PORT
      - 16080:16080
    networks:
      - ecbackend
  livekit:
    image: livekit/livekit-server:latest
    pull_policy: always
@@ -44,15 +66,23 @@ services:
    networks:
      - ecbackend
-  redis:
+  livekit-1:
-    image: redis:6-alpine
+    image: livekit/livekit-server:latest
    pull_policy: always
-    command: redis-server /etc/redis.conf
+    hostname: livekit-sfu-1
    command: --dev --config /etc/livekit.yaml
    restart: unless-stopped
    # The SFU seems to work far more reliably when we let it share the host
    # network rather than opening specific ports (but why?? we're not missing
    # any…)
    ports:
      # HOST_PORT:CONTAINER_PORT
-      - 6379:6379
+      - 17880:17880/tcp
      - 17881:17881/tcp
      - 17882:17882/tcp
      - 50300-50400:50300-50400/udp
    volumes:
-      - ./backend/redis.conf:/etc/redis.conf:Z
+      - ./backend/dev_livekit-othersite.yaml:/etc/livekit.yaml:Z
    networks:
      - ecbackend
@@ -74,6 +104,24 @@ services:
    networks:
      - ecbackend
  synapse-1:
    hostname: homeserver-1
    image: docker.io/matrixdotorg/synapse:latest
    pull_policy: always
    environment:
      - SYNAPSE_CONFIG_PATH=/data/cfg/homeserver.yaml
      # Needed for rootless podman-compose such that the uid/gid mapping does
      # fit local user uid. If the container runs as root (uid 0) it is fine as
      # it actually maps to your non-root user on the host (e.g. 1000).
      # Otherwise uid mapping will not match your non-root user.
      - UID=0
      - GID=0
    volumes:
      - ./backend/synapse_tmp_othersite:/data:Z
      - ./backend/dev_homeserver-othersite.yaml:/data/cfg/homeserver.yaml:Z
    networks:
      - ecbackend
  element-web:
    image: ghcr.io/element-hq/element-web:develop
    pull_policy: always
@@ -86,6 +134,19 @@ services:
    networks:
      - ecbackend
  element-web-1:
    image: ghcr.io/element-hq/element-web:develop
    pull_policy: always
    volumes:
      - ./backend/ew.test.othersite.config.json:/app/config.json:Z
    environment:
      ELEMENT_WEB_PORT: 18081
    ports:
      # HOST_PORT:CONTAINER_PORT
      - "18081:18081"
    networks:
      - ecbackend
  nginx:
    #  see backend/dev_tls_setup for how to generate the tls certs
    hostname: synapse.m.localhost
@@ -108,4 +169,7 @@ services:
    networks:
      ecbackend:
        aliases:
          - synapse.m.localhost
          - synapse.othersite.m.localhost
          - matrix-rtc.m.localhost
          - matrix-rtc.othersite.m.localhost
--- a/playwright-backend-docker-compose.override.yml
+++ b/playwright-backend-docker-compose.override.yml
@@ -2,3 +2,6 @@ services:
  synapse:
    volumes:
      - ./backend/playwright_homeserver.yaml:/data/cfg/homeserver.yaml:Z
  synapse-1:
    volumes:
      - ./backend/playwright_homeserver-othersite.yaml:/data/cfg/homeserver.yaml:Z