Add matrix_playbook_reverse_proxy_type variable which influences all other services
This commit is contained in:
		| @@ -265,6 +265,48 @@ matrix_well_known_matrix_support_enabled: false | ||||
| matrix_homeserver_container_extra_arguments_auto: [] | ||||
| matrix_homeserver_app_service_config_files_auto: [] | ||||
|  | ||||
| # Specifies the type of reverse-proxy used by the playbook. | ||||
| # | ||||
| # Changing this has an effect on whether a reverse-proxy is installed at all and what its type is, | ||||
| # as well as how all other services are configured. | ||||
| # | ||||
| # Valid options and a description of their behavior: | ||||
| # | ||||
| # - `playbook-installed-traefik` | ||||
| #     - the playbook will install devture-traefik for SSL termination | ||||
| #     - it will also install matrix-nginx-proxy in local-only mode, while we migrate the rest of the services to a Traefik-native mode of working | ||||
| # | ||||
| # - `playbook-installed-nginx` | ||||
| #     - the playbook will install matrix-nginx-proxy and do SSL termination with Certbot | ||||
| # | ||||
| # - `other-traefik-container` | ||||
| #     - Traefik will be used, but it's not installed by this playbook. | ||||
| #     - you should make sure it's compatible with what the playbook would have configured (web, web-secure, matrix-federation entrypoints, etc.) | ||||
| #     - you may wish to set `matrix_playbook_reverse_proxyable_services_additional_network` to the name of your Traefik network | ||||
| #     - you may wish to enable `devture_traefik_certs_dumper_enabled` and point it to your Traefik's SSL certificates (`devture_traefik_certs_dumper_ssl_dir_path`) | ||||
| # | ||||
| # - `other-nginx-non-container` | ||||
| #     - the playbook will not install matrix-nginx-proxy | ||||
| #     - however, it will still dump some nginx configuration in /matrix/nginx/conf.d | ||||
| #     - these configs are meant to be included into a locally-installed (without a container) nginx server | ||||
| #     - all container services are exposed locally (e.g. `-p 127.0.0.1:8080:8080`) | ||||
| # | ||||
| # - `other-on-same-host` | ||||
| #     - like other-nginx-non-container, but supposedly won't generate useless configuration in /matrix/nginx/conf.d in the future | ||||
| # | ||||
| # - `other-on-another-host` | ||||
| #     - like other-on-same-host, but services are exposed on all interfaces (e.g. `-p 0.0.0.0:8080:8080`) | ||||
| #     - configurable via `matrix_playbook_service_host_bind_interface_prefix` | ||||
| # | ||||
| # - `none` | ||||
| #     - no reverse-proxy will be installed | ||||
| #     - no nginx configuration will be dumped in /matrix/nginx/conf.d | ||||
| #     - no port exposure will be done for any of the container services | ||||
| #     - it's up to you to expose the ports you want, etc. | ||||
| matrix_playbook_reverse_proxy_type: playbook-installed-nginx | ||||
|  | ||||
| matrix_playbook_service_host_bind_interface_prefix: "{{ '' if matrix_playbook_reverse_proxy_type not in ['other-nginx-non-container', 'other-on-same-host', 'other-on-another-host'] else ('0.0.0.0:' if matrix_playbook_reverse_proxy_type == 'other-on-another-host' else '127.0.0.1:') }}" | ||||
|  | ||||
| # Variables to Control which parts of our roles run. | ||||
| run_postgres_import: true | ||||
| run_postgres_upgrade: true | ||||
|   | ||||
		Reference in New Issue
	
	Block a user