From 4d692796f2978a52bb39c76ed1f725fe1d3a8be7 Mon Sep 17 00:00:00 2001
From: Jean-Marie Mineau <jean-marie.mineau@protonmail.com>
Date: Mon, 2 Aug 2021 17:10:18 +0200
Subject: [PATCH] fix the rp

---
 books/matrix.yml                         |  3 +++
 roles/rp_synapse/tasks/main.yml          | 32 +++++++++++++++---------
 roles/rp_synapse/templates/reverse_proxy | 10 +++++---
 3 files changed, 30 insertions(+), 15 deletions(-)

diff --git a/books/matrix.yml b/books/matrix.yml
index 80416dd..4988864 100644
--- a/books/matrix.yml
+++ b/books/matrix.yml
@@ -4,3 +4,6 @@
   roles:
     - synapse
 
+- hosts: proxy
+  roles:
+    - rp_synapse
diff --git a/roles/rp_synapse/tasks/main.yml b/roles/rp_synapse/tasks/main.yml
index 8b721c9..1837c75 100644
--- a/roles/rp_synapse/tasks/main.yml
+++ b/roles/rp_synapse/tasks/main.yml
@@ -19,9 +19,28 @@
     path: /etc/nginx/certs
     state: directory
 
+- name: Generate Certificate for Domains
+  shell: certbot certonly --standalone -d {{ matrix_server_name }} -m {{ vault_email }}  --noninteractive --agree-tos --redirect --pre-hook "sudo systemctl stop nginx" --post-hook "sudo systemctl start nginx"
+  args:
+    creates: "/etc/letsencrypt/live/{{ matrix_server_name }}/cert.pem"
+
+- name: Copy certificates
+  file:
+    src: "/etc/letsencrypt/live/{{ matrix_server_name }}/fullchain.pem"
+    dest: "/etc/nginx/certs/{{ matrix_server_name }}.crt"
+    state: link
+    force: yes
+
+- name: Copy certificates key
+  file:
+    src: "/etc/letsencrypt/live/{{ matrix_server_name }}/privkey.pem"
+    dest: "/etc/nginx/certs/{{ matrix_server_name }}.key"
+    state: link
+    force: yes
+
 - name: Copy reverse proxy sites
   template:
-    src: nginx/config_synapse
+    src: reverse_proxy
     dest: /etc/nginx/sites-available/synapse
   notify: Reload nginx
 
@@ -33,14 +52,3 @@
     force: yes
   notify: Reload nginx
 
-- name: Generate Certificate for Domains
-  shell: certbot certonly --standalone -d {{ matrix_server_name }} -m {{ vault_email }}  --noninteractive --agree-tos --redirect --pre-hook "sudo systemctl stop nginx" --post-hook "sudo systemctl start nginx"
-  args:
-    creates: "/etc/letsencrypt/live/{{ matrix_server_name }}/cert.pem"
-
-- name: Copy certificates
-  file:
-    src: "/etc/letsencrypt/live/{{ matrix_server_name }}/fullchain.pem"
-    dest: "/etc/nginx/certs/{{ matrix_server_name }}.crt"
-    state: link
-    force: yes
diff --git a/roles/rp_synapse/templates/reverse_proxy b/roles/rp_synapse/templates/reverse_proxy
index 8c59c9c..0aae1d9 100644
--- a/roles/rp_synapse/templates/reverse_proxy
+++ b/roles/rp_synapse/templates/reverse_proxy
@@ -10,11 +10,15 @@ server {
 
     server_name {{ matrix_server_name }};
 
-	ssl_certificate /var/certificates/{{ matrix_server_name }}_cert.pem;
-	ssl_certificate_key /var/certificates/{{ matrix_server_name }}_privkey.pem;
+	ssl_certificate /etc/nginx/certs/{{ matrix_server_name }}.crt;
+	ssl_certificate_key /etc/nginx/certs/{{ matrix_server_name }}.key;
+
+    # Logs
+    access_log /var/log/nginx/synapse_rp_{{ matrix_server_name }}.log;
+    error_log /var/log/nginx/synapse_rp_{{ matrix_server_name }}_error.log;
 
     location ~* ^(\/_matrix|\/_synapse\/client) {
-        proxy_pass http://{{ matrix_local_server_name }}:80;
+        proxy_pass https://{{ matrix_local_server_name }};
         proxy_set_header X-Forwarded-For $remote_addr;
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_set_header Host $host;