add a tmp rp

roles/synapse/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: Reload nginx
+  systemd:
+    name: nginx
+    state: reloaded

roles/synapse/tasks/main.yml

@@ -53,3 +53,34 @@
   register: apt_result
   retries: 3
   until: apt_result is succeeded
+
+
+# --- DRAFT ---
+- name: Install nginx
+  apt:
+    name: nginx
+    state: latest
+    update_cache: true
+  register: apt_result
+  retries: 3
+  until: apt_result is succeeded
+
+- name: Generate self signed cert
+  include_role:
+    name: generate_self_signed_certificate
+  vars:
+    server_hostname: "{{ matrix_server_name }}"
+
+- name: Copy reverse proxy sites
+  template:
+    src: "nginx/config_synapse"
+    dest: "/etc/nginx/sites-available/synapse"
+  notify: Reload nginx
+
+- name: Activate sites
+  file:
+    src: "/etc/nginx/sites-available/synapse"
+    dest: "/etc/nginx/sites-enabled/synapse"
+    state: link
+    force: yes
+  notify: Reload nginx

roles/synapse/templates/nginx/synapse

@@ -0,0 +1,26 @@
+{{ ansible_managed | comment }}
+
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    # For the federation port
+    listen 8448 ssl http2 default_server;
+    listen [::]:8448 ssl http2 default_server;
+
+    server_name {{ matrix_server_name }};
+
+	ssl_certificate /var/certificates/{{ matrix_server_name }}_cert.pem;
+	ssl_certificate_key /var/certificates/{{ matrix_server_name }}_privkey.pem;
+
+    location ~* ^(\/_matrix|\/_synapse\/client) {
+        proxy_pass http://localhost:8008;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Host $host;
+
+        # Nginx by default only allows file uploads up to 1M in size
+        # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
+        client_max_body_size {{ matrix_max_upload_size }};
+    }
+}