finallycoffee/matrix-docker-ansible-deploy
5
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix SSL-renewal problem caused by incorrect permissions

Browse Source
This commit is contained in:
Slavi Pantaleev
2017-10-01 11:26:20 +03:00
parent 3a5f82267b
commit 2906ec3045
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
roles/matrix-server/tasks/setup_ssl.yml
View File

@@ -24,11 +24,18 @@
docker_image:
name: willwill/acme-docker
# Granting +rx to others as well, because the `nginx` user from within
# matrix-nginx-proxy needs to be able to read the acme-challenge files inside
# for renewal purposes.
#
# This should not be causing security trouble outside of the container,
# as the parent directory (/matrix) does not allow "others" to access it or any of its children.
# Still, it works when the /ssl subtree is mounted in the container.
- name: Ensure SSL certificates path exists
file:
path: "{{ matrix_ssl_certs_path }}"
state: directory
mode: 0770
mode: 0775
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_username }}"