Pains-Perdus/ansible
3
1
Fork 0
Code Issues Pull requests 1 Releases Wiki Activity

fix the rp

Browse source
This commit is contained in:
histausse 2021-08-02 17:10:18 +02:00
parent 9036f2da77
commit 4d692796f2
Signed by: histausse
GPG key ID: 67486F107F62E9E9
3 changed files with 32 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
books/matrix.yml
View file

@ -4,3 +4,6 @@
roles: roles:
- synapse - synapse
- hosts: proxy
roles:
- rp_synapse

36
roles/rp_synapse/tasks/main.yml
View file

@ -19,20 +19,6 @@
path: /etc/nginx/certs path: /etc/nginx/certs
state: directory state: directory
- name: Copy reverse proxy sites
template:
src: nginx/config_synapse
dest: /etc/nginx/sites-available/synapse
notify: Reload nginx
- name: Activate sites
file:
src: "/etc/nginx/sites-available/synapse"
dest: "/etc/nginx/sites-enabled/synapse"
state: link
force: yes
notify: Reload nginx
- name: Generate Certificate for Domains - name: Generate Certificate for Domains
shell: certbot certonly --standalone -d {{ matrix_server_name }} -m {{ vault_email }} --noninteractive --agree-tos --redirect --pre-hook "sudo systemctl stop nginx" --post-hook "sudo systemctl start nginx" shell: certbot certonly --standalone -d {{ matrix_server_name }} -m {{ vault_email }} --noninteractive --agree-tos --redirect --pre-hook "sudo systemctl stop nginx" --post-hook "sudo systemctl start nginx"
args: args:
@ -44,3 +30,25 @@
dest: "/etc/nginx/certs/{{ matrix_server_name }}.crt" dest: "/etc/nginx/certs/{{ matrix_server_name }}.crt"
state: link state: link
force: yes force: yes
- name: Copy certificates key
file:
src: "/etc/letsencrypt/live/{{ matrix_server_name }}/privkey.pem"
dest: "/etc/nginx/certs/{{ matrix_server_name }}.key"
state: link
force: yes
- name: Copy reverse proxy sites
template:
src: reverse_proxy
dest: /etc/nginx/sites-available/synapse
notify: Reload nginx
- name: Activate sites
file:
src: "/etc/nginx/sites-available/synapse"
dest: "/etc/nginx/sites-enabled/synapse"
state: link
force: yes
notify: Reload nginx

10
roles/rp_synapse/templates/reverse_proxy
View file

@ -10,11 +10,15 @@ server {
server_name {{ matrix_server_name }}; server_name {{ matrix_server_name }};
ssl_certificate /var/certificates/{{ matrix_server_name }}_cert.pem; ssl_certificate /etc/nginx/certs/{{ matrix_server_name }}.crt;
ssl_certificate_key /var/certificates/{{ matrix_server_name }}_privkey.pem; ssl_certificate_key /etc/nginx/certs/{{ matrix_server_name }}.key;
# Logs
access_log /var/log/nginx/synapse_rp_{{ matrix_server_name }}.log;
error_log /var/log/nginx/synapse_rp_{{ matrix_server_name }}_error.log;
location ~* ^(\/_matrix|\/_synapse\/client) { location ~* ^(\/_matrix|\/_synapse\/client) {
proxy_pass http://{{ matrix_local_server_name }}:80; proxy_pass https://{{ matrix_local_server_name }};
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host; proxy_set_header Host $host;