diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index fe0f66fdb..d5dafb598 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -198,6 +198,13 @@ matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_enc matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402 matrix_ssl_lets_encrypt_support_email: ~ +# Tells which interface and port the Let's Encrypt (certbot) container should try to bind to +# when it tries to obtain initial certificates in standalone mode. +# +# This should normally be a public interface and port. +# If you'd like to not bind on all IP addresses, specify one explicitly (e.g. `a.b.c.d:80`) +matrix_ssl_lets_encrypt_container_standalone_http_host_bind_port: '80' + matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl" matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config" matrix_ssl_log_dir_path: "{{ matrix_ssl_base_path }}/log" diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml index 85afce2c9..19500b154 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml @@ -21,7 +21,7 @@ --name=matrix-certbot --user={{ matrix_user_uid }}:{{ matrix_user_gid }} --cap-drop=ALL - -p 80:8080 + -p {{ matrix_ssl_lets_encrypt_container_standalone_http_host_bind_port }}:8080 -v {{ matrix_ssl_config_dir_path }}:/etc/letsencrypt -v {{ matrix_ssl_log_dir_path }}:/var/log/letsencrypt {{ matrix_ssl_lets_encrypt_certbot_docker_image }}