fix the rp

2021-08-02 17:10:18 +02:00 · 2021-08-02 17:10:18 +02:00 · 4d692796f2
parent 9036f2da77
commit 4d692796f2
3 changed files with 32 additions and 17 deletions
--- a/books/matrix.yml
+++ b/books/matrix.yml
@ -4,3 +4,6 @@
  roles:
    - synapse

+- hosts: proxy
+  roles:
+    - rp_synapse
--- a/roles/rp_synapse/tasks/main.yml
+++ b/roles/rp_synapse/tasks/main.yml
@ -19,20 +19,6 @@
    path: /etc/nginx/certs
    state: directory

- name: Copy reverse proxy sites
-  template:
-    src: nginx/config_synapse
-    dest: /etc/nginx/sites-available/synapse
-  notify: Reload nginx
-
- name: Activate sites
-  file:
-    src: "/etc/nginx/sites-available/synapse"
-    dest: "/etc/nginx/sites-enabled/synapse"
-    state: link
-    force: yes
-  notify: Reload nginx
-
 - name: Generate Certificate for Domains
  shell: certbot certonly --standalone -d {{ matrix_server_name }} -m {{ vault_email }}  --noninteractive --agree-tos --redirect --pre-hook "sudo systemctl stop nginx" --post-hook "sudo systemctl start nginx"
  args:
@ -44,3 +30,25 @@
    dest: "/etc/nginx/certs/{{ matrix_server_name }}.crt"
    state: link
    force: yes
+
+- name: Copy certificates key
+  file:
+    src: "/etc/letsencrypt/live/{{ matrix_server_name }}/privkey.pem"
+    dest: "/etc/nginx/certs/{{ matrix_server_name }}.key"
+    state: link
+    force: yes
+
+- name: Copy reverse proxy sites
+  template:
+    src: reverse_proxy
+    dest: /etc/nginx/sites-available/synapse
+  notify: Reload nginx
+
+- name: Activate sites
+  file:
+    src: "/etc/nginx/sites-available/synapse"
+    dest: "/etc/nginx/sites-enabled/synapse"
+    state: link
+    force: yes
+  notify: Reload nginx
+
--- a/roles/rp_synapse/templates/reverse_proxy
+++ b/roles/rp_synapse/templates/reverse_proxy
@ -10,11 +10,15 @@ server {

    server_name {{ matrix_server_name }};

-	ssl_certificate /var/certificates/{{ matrix_server_name }}_cert.pem;
-	ssl_certificate_key /var/certificates/{{ matrix_server_name }}_privkey.pem;
+	ssl_certificate /etc/nginx/certs/{{ matrix_server_name }}.crt;
+	ssl_certificate_key /etc/nginx/certs/{{ matrix_server_name }}.key;
+
+    # Logs
+    access_log /var/log/nginx/synapse_rp_{{ matrix_server_name }}.log;
+    error_log /var/log/nginx/synapse_rp_{{ matrix_server_name }}_error.log;

    location ~* ^(\/_matrix|\/_synapse\/client) {
-        proxy_pass http://{{ matrix_local_server_name }}:80;
+        proxy_pass https://{{ matrix_local_server_name }};
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $host;