begin certificate integration for hosts
This commit is contained in:
Nico Schottelius
parent
6dba4ddf7c
commit
ca8e55e56d
6 changed files with 72 additions and 1 deletions
|
|
@ -12,6 +12,11 @@
|
||||||
tags:
|
tags:
|
||||||
- synapse
|
- synapse
|
||||||
when: '"synapse" in docker_compose'
|
when: '"synapse" in docker_compose'
|
||||||
|
- name: SSL Certs
|
||||||
|
include_role:
|
||||||
|
name: ssl-certificates
|
||||||
|
tags:
|
||||||
|
- ssl
|
||||||
- name: Add docker-compose
|
- name: Add docker-compose
|
||||||
include_role:
|
include_role:
|
||||||
name: docker-compose
|
name: docker-compose
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
SYNAPSE_VERSION=v1.92.3
|
SYNAPSE_VERSION=v1.92.3
|
||||||
|
NGINX_VERSION=1.25.2-alpine
|
||||||
|
|
||||||
SYNAPSE_SERVER_NAME=corp-serv.net
|
SYNAPSE_SERVER_NAME=corp-serv.net
|
||||||
NGINX_SYNAPSE_FQDN=synapse.corp-apps.com
|
NGINX_SYNAPSE_FQDN=synapse.corp-apps.com
|
||||||
|
|
|
||||||
|
|
@ -12,3 +12,11 @@ services:
|
||||||
- --config-path=/config/homeserver.yaml
|
- --config-path=/config/homeserver.yaml
|
||||||
# - --config-path=/config/generic_worker.yaml
|
# - --config-path=/config/generic_worker.yaml
|
||||||
restart: always
|
restart: always
|
||||||
|
nginx:
|
||||||
|
image: nginx:${NGINX_VERSION}
|
||||||
|
ports:
|
||||||
|
- "80:80/tcp"
|
||||||
|
- "443:443/tcp"
|
||||||
|
volumes:
|
||||||
|
- ./nginx:/etc/nginx/conf.d
|
||||||
|
- /ssl:/ssl
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,39 @@
|
||||||
|
server {
|
||||||
|
|
||||||
|
listen 443 ssl http2;
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
|
||||||
|
ssl_certificate /ssl/chain.crt;
|
||||||
|
ssl_certificate_key /ssl/certificate.keyplain;
|
||||||
|
|
||||||
|
client_max_body_size 100m;
|
||||||
|
|
||||||
|
error_page 403 404 /403_404.html;
|
||||||
|
location = /403_404.html {
|
||||||
|
default_type application/json;
|
||||||
|
return 200 'You are not authorized to access this page.';
|
||||||
|
}
|
||||||
|
|
||||||
|
location /.well-known/matrix/server {
|
||||||
|
default_type application/json;
|
||||||
|
return 200 '{"m.server": "ungleich.matrix.ungleich.cloud:443" }';
|
||||||
|
}
|
||||||
|
location /.well-known/matrix/client {
|
||||||
|
default_type application/json;
|
||||||
|
return 200 '{ "m.homeserver": { "base_url": "https://ungleich.matrix.ungleich.cloud" } }';
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
location ~ /_matrix|/_synapse {
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header Host $http_host;
|
||||||
|
|
||||||
|
proxy_connect_timeout 600s;
|
||||||
|
proxy_send_timeout 600s;
|
||||||
|
proxy_read_timeout 600s;
|
||||||
|
send_timeout 600s;
|
||||||
|
|
||||||
|
proxy_pass http://localhost:8008;
|
||||||
|
}
|
||||||
|
}
|
||||||
18
ansible/roles/ssl-certificates/tasks/main.yml
Normal file
18
ansible/roles/ssl-certificates/tasks/main.yml
Normal file
|
|
@ -0,0 +1,18 @@
|
||||||
|
- name: Create ssl directory
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /ssl
|
||||||
|
state: directory
|
||||||
|
mode: '0755'
|
||||||
|
owner: root
|
||||||
|
tags:
|
||||||
|
- dir
|
||||||
|
- ssl
|
||||||
|
- name: Copy SSL certificate
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: files/{{ inventory_hostname }}/
|
||||||
|
dest: /ssl
|
||||||
|
owner: root
|
||||||
|
mode: '0644'
|
||||||
|
tags:
|
||||||
|
- files
|
||||||
|
- ssl
|
||||||
|
|
@ -9,7 +9,7 @@
|
||||||
path: /mnt/synapse_data
|
path: /mnt/synapse_data
|
||||||
state: directory
|
state: directory
|
||||||
mode: '0700'
|
mode: '0700'
|
||||||
owner: "{{ ansible_user }}"
|
owner: 991
|
||||||
tags:
|
tags:
|
||||||
- directory
|
- directory
|
||||||
# - name: Create homeserver.yaml file
|
# - name: Create homeserver.yaml file
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue