mirror of
https://github.com/spantaleev/matrix-docker-ansible-deploy.git
synced 2024-11-10 20:57:41 +01:00
f4f06ae068
The matrix-nginx-proxy role can now be used independently. This makes it consistent with all other roles, with the `matrix-base` role remaining as their only dependency. Separating matrix-nginx-proxy was relatively straightforward, with the exception of the Mautrix Telegram reverse-proxying configuration. Mautrix Telegram, being an extension/bridge, does not feel important enough to justify its own special handling in matrix-nginx-proxy. Thus, we've introduced the concept of "additional configuration blocks" (`matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks`), where any module can register its own custom nginx server blocks. For such dynamic registration to work, the order of role execution becomes important. To make it possible for each module participating in dynamic registration to verify that the order of execution is correct, we've also introduced a `matrix_nginx_proxy_role_executed` variable. It should be noted that this doesn't make the matrix-synapse role dependent on matrix-nginx-proxy. It's optional runtime detection and registration, and it only happens in the matrix-synapse role when `matrix_mautrix_telegram_enabled: true`.
78 lines
4.1 KiB
YAML
78 lines
4.1 KiB
YAML
matrix_nginx_proxy_enabled: true
|
|
|
|
matrix_nginx_proxy_docker_image: "nginx:1.15.8-alpine"
|
|
|
|
matrix_nginx_proxy_data_path: "{{ matrix_base_data_path }}/nginx-proxy"
|
|
matrix_nginx_proxy_confd_path: "{{ matrix_nginx_proxy_data_path }}/conf.d"
|
|
|
|
# List of systemd services that matrix-nginx-proxy.service depends on
|
|
matrix_nginx_proxy_systemd_required_services_list: ['docker.service']
|
|
|
|
# List of systemd services that matrix-nginx-proxy.service wants
|
|
matrix_nginx_proxy_systemd_wanted_services_list: []
|
|
|
|
# Controls whether proxying the riot domain should be done.
|
|
matrix_nginx_proxy_proxy_riot_enabled: false
|
|
matrix_nginx_proxy_proxy_riot_hostname: "{{ hostname_riot }}"
|
|
|
|
# Controls whether proxying the matrix domain should be done.
|
|
matrix_nginx_proxy_proxy_matrix_enabled: false
|
|
matrix_nginx_proxy_proxy_matrix_hostname: "{{ hostname_matrix }}"
|
|
|
|
# Controls whether proxying for the matrix-corporal API (`/_matrix/corporal`) should be done (on the matrix domain)
|
|
matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: false
|
|
matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081"
|
|
matrix_nginx_proxy_proxy_matrix_corporal_api_addr_sans_container: "localhost:41081"
|
|
|
|
# Controls whether proxying for the Identity API (`/_matrix/identity`) should be done (on the matrix domain)
|
|
matrix_nginx_proxy_proxy_matrix_identity_api_enabled: false
|
|
matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-mxisd:8090"
|
|
matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container: "localhost:8090"
|
|
|
|
# The addresses where the Matrix Client API is.
|
|
# Certain extensions (like matrix-corporal) may override this in order to capture all traffic.
|
|
matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container: "matrix-synapse:8008"
|
|
matrix_nginx_proxy_proxy_matrix_client_api_addr_sans_container: "localhost:8008"
|
|
# This needs to be equal or higher than the maximum upload size accepted by Synapse.
|
|
matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size: "25M"
|
|
|
|
# A list of strings containing additional configuration blocks to add to the matrix domain's server configuration.
|
|
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: []
|
|
|
|
# Specifies when to reload the matrix-nginx-proxy service so that
|
|
# a new SSL certificate could go into effect.
|
|
matrix_nginx_proxy_reload_cron_time_definition: "20 4 */5 * *"
|
|
|
|
# Specifies which SSL protocols to use when serving Riot and Synapse
|
|
# Note TLSv1.3 is not yet available in dockerized nginx
|
|
# See: https://github.com/nginxinc/docker-nginx/issues/190
|
|
matrix_nginx_proxy_ssl_protocols: "TLSv1.1 TLSv1.2"
|
|
|
|
# By default, this playbook automatically retrieves and auto-renews
|
|
# free SSL certificates from Let's Encrypt.
|
|
#
|
|
# The following retrieval methods are supported:
|
|
# - "lets-encrypt" - the playbook obtains free SSL certificates from Let's Encrypt
|
|
# - "self-signed" - the playbook generates and self-signs certificates
|
|
# - "manually-managed" - lets you manage certificates by yourself (manually; see below)
|
|
#
|
|
# If you decide to manage certificates by yourself (`matrix_ssl_retrieval_method: manually-managed`),
|
|
# you'd need to drop them into the directory specified by `matrix_ssl_config_dir_path`
|
|
# obeying the following hierarchy:
|
|
# - <matrix_ssl_config_dir_path>/live/<domain>/fullchain.pem
|
|
# - <matrix_ssl_config_dir_path>/live/<domain>/privkey.pem
|
|
# where <domain> refers to the domains that you need (usually `hostname_matrix` and `hostname_riot`).
|
|
matrix_ssl_retrieval_method: "lets-encrypt"
|
|
|
|
# The list of domains that this role will obtain certificates for.
|
|
matrix_ssl_domains_to_obtain_certificates_for: []
|
|
|
|
# Controls whether to obtain production or staging certificates from Let's Encrypt.
|
|
matrix_ssl_lets_encrypt_staging: false
|
|
matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:v0.30.0"
|
|
matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
|
|
matrix_ssl_lets_encrypt_support_email: "{{ host_specific_matrix_ssl_lets_encrypt_support_email }}"
|
|
|
|
matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl"
|
|
matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config"
|
|
matrix_ssl_log_dir_path: "{{ matrix_ssl_base_path }}/log" |