finallycoffee/matrix-docker-ansible-deploy
5
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add 'none' SSL certificate retrieval method

Browse Source
This commit is contained in:
Slavi Pantaleev
2019-02-01 16:50:02 +02:00
parent e09b7435d1
commit 8681a5dc69
3 changed files with 22 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
roles/matrix-nginx-proxy/defaults/main.yml
View File

@ -66,6 +66,7 @@ matrix_nginx_proxy_ssl_protocols: "TLSv1.1 TLSv1.2 TLSv1.3"
# - "lets-encrypt" - the playbook obtains free SSL certificates from Let's Encrypt
# - "self-signed" - the playbook generates and self-signs certificates
# - "manually-managed" - lets you manage certificates by yourself (manually; see below)
# - "none" - like "manually-managed", but doesn't care if you don't drop certificates in the location it expects
#
# If you decide to manage certificates by yourself (`matrix_ssl_retrieval_method: manually-managed`),
# you'd need to drop them into the directory specified by `matrix_ssl_config_dir_path`
@ -73,6 +74,10 @@ matrix_nginx_proxy_ssl_protocols: "TLSv1.1 TLSv1.2 TLSv1.3"
# - <matrix_ssl_config_dir_path>/live/<domain>/fullchain.pem
# - <matrix_ssl_config_dir_path>/live/<domain>/privkey.pem
# where <domain> refers to the domains that you need (usually `hostname_matrix` and `hostname_riot`).
#
# The "none" type (`matrix_ssl_retrieval_method: none`), simply means that no certificate retrieval will happen.
# It's useful for when you've disabled the nginx proxy (`matrix_nginx_proxy_enabled: false`)
# and you'll be using another reverse-proxy server (like Apache) with your own certificates, managed by yourself.
matrix_ssl_retrieval_method: "lets-encrypt"
# The list of domains that this role will obtain certificates for.

5
roles/matrix-nginx-proxy/tasks/ssl/main.yml
View File

@ -3,10 +3,10 @@
- name: Fail if using unsupported SSL certificate retrieval method
fail:
msg: "The `matrix_ssl_retrieval_method` variable contains an unsupported value"
when: "matrix_ssl_retrieval_method not in ['lets-encrypt', 'self-signed', 'manually-managed']"
when: "matrix_ssl_retrieval_method not in ['lets-encrypt', 'self-signed', 'manually-managed', 'none']"
# Common tasks, required by any method below.
# Common tasks, required by almost any method below.
- name: Ensure SSL certificate paths exists
file:
@ -19,6 +19,7 @@
with_items:
- "{{ matrix_ssl_log_dir_path }}"
- "{{ matrix_ssl_config_dir_path }}"
when: "matrix_ssl_retrieval_method != 'none'"
# Method specific tasks follow