matrix-docker-ansible-deploy/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml

---

- set_fact:
    well_known_url_matrix: "https://{{ hostname_matrix }}{{ well_known_file_check.path }}"
    well_known_url_identity: "https://{{ hostname_identity }}{{ well_known_file_check.path }}"

# These well-known files may be served without a `Content-Type: application/json` header,
# so we can't rely on the uri module's automatic parsing of JSON.
- name: Check .well-known on the matrix hostname
  uri:
    url: "{{ well_known_url_matrix }}"
    follow_redirects: false
    return_content: true
  register: result_well_known_matrix
  ignore_errors: true

- name: Fail if .well-known not working on the matrix hostname
  fail:
    msg: "Failed checking that the well-known file for {{ well_known_file_check.purpose }} is configured at `{{ hostname_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`). Is port 443 open in your firewall? Full error: {{ result_well_known_matrix }}"
  when: "result_well_known_matrix.failed"

- name: Parse JSON for well-known payload at the matrix hostname
  set_fact:
    well_known_matrix_payload: "{{ result_well_known_matrix.content|from_json }}"

- name: Fail if .well-known not CORS-aware on the matrix hostname
  fail:
    msg: "The well-known file for {{ well_known_file_check.purpose }} on `{{ hostname_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`) is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set."
  when: "well_known_file_check.cors and 'access_control_allow_origin' not in result_well_known_matrix"

- name: Report working .well-known on the matrix hostname
  debug:
    msg: "well-known for {{ well_known_file_check.purpose }} is configured correctly for `{{ hostname_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`)"

- name: Check .well-known on the identity hostname
  uri:
    url: "{{ well_known_url_identity }}"
    follow_redirects: "{{ well_known_file_check.follow_redirects }}"
    return_content: true
  register: result_well_known_identity
  ignore_errors: true

- name: Fail if .well-known not working on the identity hostname
  fail:
    msg: "Failed checking that the well-known file for {{ well_known_file_check.purpose }} is configured at `{{ hostname_identity }}` (checked endpoint: `{{ well_known_url_identity }}`). Is port 443 open in your firewall? Full error: {{ result_well_known_identity }}"
  when: "result_well_known_identity.failed"

- name: Parse JSON for well-known payload at the identity hostname
  set_fact:
    well_known_identity_payload: "{{ result_well_known_identity.content|from_json }}"

- name: Fail if .well-known not CORS-aware on the identity hostname
  fail:
    msg: "The well-known file for {{ well_known_file_check.purpose }} on `{{ hostname_identity }}` (checked endpoint: `{{ well_known_url_identity }}`) is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set. See docs/configuring-well-known.md"
  when: "well_known_file_check.cors and 'access_control_allow_origin' not in result_well_known_identity"

# For people who manually copy the well-known file, try to detect if it's outdated
- name: Fail if well-known is different on matrix hostname and identity hostname
  fail:
    msg: "The well-known files for {{ well_known_file_check.purpose }} at `{{ hostname_matrix }}` and `{{ hostname_identity }}` are different. Perhaps you copied the file ({{ well_known_file_check.path }}) manually before and now it's outdated?"
  when: "well_known_matrix_payload != well_known_identity_payload"

- name: Report working .well-known on the identity hostname
  debug:
    msg: "well-known for {{ well_known_file_check.purpose }} ({{ well_known_file_check.path }}) is configured correctly for `{{ hostname_identity }}` (checked endpoint: `{{ well_known_url_identity }}`)"
Initial work on Synapse 0.99/1.0 preparation 2019-02-05 10:07:08 +01:00			`---`

			`- set_fact:`
			`well_known_url_matrix: "https://{{ hostname_matrix }}{{ well_known_file_check.path }}"`
			`well_known_url_identity: "https://{{ hostname_identity }}{{ well_known_file_check.path }}"`

			# These well-known files may be served without a `Content-Type: application/json` header,
			`# so we can't rely on the uri module's automatic parsing of JSON.`
			`- name: Check .well-known on the matrix hostname`
			`uri:`
			`url: "{{ well_known_url_matrix }}"`
			`follow_redirects: false`
			`return_content: true`
			`register: result_well_known_matrix`
			`ignore_errors: true`

			`- name: Fail if .well-known not working on the matrix hostname`
			`fail:`
			msg: "Failed checking that the well-known file for {{ well_known_file_check.purpose }} is configured at `{{ hostname_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`). Is port 443 open in your firewall? Full error: {{ result_well_known_matrix }}"
			`when: "result_well_known_matrix.failed"`

			`- name: Parse JSON for well-known payload at the matrix hostname`
			`set_fact:`
			`well_known_matrix_payload: "{{ result_well_known_matrix.content\|from_json }}"`

			`- name: Fail if .well-known not CORS-aware on the matrix hostname`
			`fail:`
			msg: "The well-known file for {{ well_known_file_check.purpose }} on `{{ hostname_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`) is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set."
			`when: "well_known_file_check.cors and 'access_control_allow_origin' not in result_well_known_matrix"`

			`- name: Report working .well-known on the matrix hostname`
			`debug:`
			msg: "well-known for {{ well_known_file_check.purpose }} is configured correctly for `{{ hostname_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`)"

			`- name: Check .well-known on the identity hostname`
			`uri:`
			`url: "{{ well_known_url_identity }}"`
Follow redirects for some well-known files The Server spec says that redirects should be followed for `/.well-known/matrix/server`. So we follow them. The Client-Server specs doesn't mention redirects, so we don't follow redirects there. 2019-02-25 20:01:52 +01:00			`follow_redirects: "{{ well_known_file_check.follow_redirects }}"`
Initial work on Synapse 0.99/1.0 preparation 2019-02-05 10:07:08 +01:00			`return_content: true`
			`register: result_well_known_identity`
			`ignore_errors: true`

			`- name: Fail if .well-known not working on the identity hostname`
			`fail:`
			msg: "Failed checking that the well-known file for {{ well_known_file_check.purpose }} is configured at `{{ hostname_identity }}` (checked endpoint: `{{ well_known_url_identity }}`). Is port 443 open in your firewall? Full error: {{ result_well_known_identity }}"
			`when: "result_well_known_identity.failed"`

			`- name: Parse JSON for well-known payload at the identity hostname`
			`set_fact:`
			`well_known_identity_payload: "{{ result_well_known_identity.content\|from_json }}"`

			`- name: Fail if .well-known not CORS-aware on the identity hostname`
			`fail:`
			msg: "The well-known file for {{ well_known_file_check.purpose }} on `{{ hostname_identity }}` (checked endpoint: `{{ well_known_url_identity }}`) is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set. See docs/configuring-well-known.md"
			`when: "well_known_file_check.cors and 'access_control_allow_origin' not in result_well_known_identity"`

			`# For people who manually copy the well-known file, try to detect if it's outdated`
			`- name: Fail if well-known is different on matrix hostname and identity hostname`
			`fail:`
			msg: "The well-known files for {{ well_known_file_check.purpose }} at `{{ hostname_matrix }}` and `{{ hostname_identity }}` are different. Perhaps you copied the file ({{ well_known_file_check.path }}) manually before and now it's outdated?"
			`when: "well_known_matrix_payload != well_known_identity_payload"`

			`- name: Report working .well-known on the identity hostname`
			`debug:`
			msg: "well-known for {{ well_known_file_check.purpose }} ({{ well_known_file_check.path }}) is configured correctly for `{{ hostname_identity }}` (checked endpoint: `{{ well_known_url_identity }}`)"