Add 'none' SSL certificate retrieval method
This commit is contained in:
parent
e09b7435d1
commit
8681a5dc69
@ -2,6 +2,8 @@
|
|||||||
|
|
||||||
By default, this playbook retrieves and auto-renews free SSL certificates from [Let's Encrypt](https://letsencrypt.org/).
|
By default, this playbook retrieves and auto-renews free SSL certificates from [Let's Encrypt](https://letsencrypt.org/).
|
||||||
|
|
||||||
|
Those certificates are used when configuring the nginx reverse proxy installed by this playbook.
|
||||||
|
|
||||||
If that's alright, you can skip this.
|
If that's alright, you can skip this.
|
||||||
|
|
||||||
|
|
||||||
@ -30,3 +32,14 @@ With such a configuration, the playbook would expect you to drop the SSL certifi
|
|||||||
- `<matrix_ssl_config_dir_path>/live/<domain>/privkey.pem`
|
- `<matrix_ssl_config_dir_path>/live/<domain>/privkey.pem`
|
||||||
|
|
||||||
where `<domain>` refers to the domains that you need (usually `matrix.<your-domain>` and `riot.<your-domain>`).
|
where `<domain>` refers to the domains that you need (usually `matrix.<your-domain>` and `riot.<your-domain>`).
|
||||||
|
|
||||||
|
|
||||||
|
## Not bothering with SSL certificates
|
||||||
|
|
||||||
|
If you're [using an external web server](configuring-playbook-own-webserver.md) which is not nginx, or you would otherwise want to manage its certificates without this playbook getting in the way, you can completely disable SSL certificate management with the following configuration:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
matrix_ssl_retrieval_method: none
|
||||||
|
```
|
||||||
|
|
||||||
|
With such a configuration, no certificates will be retrieved at all. You're free to manage them however you want.
|
||||||
|
@ -66,6 +66,7 @@ matrix_nginx_proxy_ssl_protocols: "TLSv1.1 TLSv1.2 TLSv1.3"
|
|||||||
# - "lets-encrypt" - the playbook obtains free SSL certificates from Let's Encrypt
|
# - "lets-encrypt" - the playbook obtains free SSL certificates from Let's Encrypt
|
||||||
# - "self-signed" - the playbook generates and self-signs certificates
|
# - "self-signed" - the playbook generates and self-signs certificates
|
||||||
# - "manually-managed" - lets you manage certificates by yourself (manually; see below)
|
# - "manually-managed" - lets you manage certificates by yourself (manually; see below)
|
||||||
|
# - "none" - like "manually-managed", but doesn't care if you don't drop certificates in the location it expects
|
||||||
#
|
#
|
||||||
# If you decide to manage certificates by yourself (`matrix_ssl_retrieval_method: manually-managed`),
|
# If you decide to manage certificates by yourself (`matrix_ssl_retrieval_method: manually-managed`),
|
||||||
# you'd need to drop them into the directory specified by `matrix_ssl_config_dir_path`
|
# you'd need to drop them into the directory specified by `matrix_ssl_config_dir_path`
|
||||||
@ -73,6 +74,10 @@ matrix_nginx_proxy_ssl_protocols: "TLSv1.1 TLSv1.2 TLSv1.3"
|
|||||||
# - <matrix_ssl_config_dir_path>/live/<domain>/fullchain.pem
|
# - <matrix_ssl_config_dir_path>/live/<domain>/fullchain.pem
|
||||||
# - <matrix_ssl_config_dir_path>/live/<domain>/privkey.pem
|
# - <matrix_ssl_config_dir_path>/live/<domain>/privkey.pem
|
||||||
# where <domain> refers to the domains that you need (usually `hostname_matrix` and `hostname_riot`).
|
# where <domain> refers to the domains that you need (usually `hostname_matrix` and `hostname_riot`).
|
||||||
|
#
|
||||||
|
# The "none" type (`matrix_ssl_retrieval_method: none`), simply means that no certificate retrieval will happen.
|
||||||
|
# It's useful for when you've disabled the nginx proxy (`matrix_nginx_proxy_enabled: false`)
|
||||||
|
# and you'll be using another reverse-proxy server (like Apache) with your own certificates, managed by yourself.
|
||||||
matrix_ssl_retrieval_method: "lets-encrypt"
|
matrix_ssl_retrieval_method: "lets-encrypt"
|
||||||
|
|
||||||
# The list of domains that this role will obtain certificates for.
|
# The list of domains that this role will obtain certificates for.
|
||||||
|
@ -3,10 +3,10 @@
|
|||||||
- name: Fail if using unsupported SSL certificate retrieval method
|
- name: Fail if using unsupported SSL certificate retrieval method
|
||||||
fail:
|
fail:
|
||||||
msg: "The `matrix_ssl_retrieval_method` variable contains an unsupported value"
|
msg: "The `matrix_ssl_retrieval_method` variable contains an unsupported value"
|
||||||
when: "matrix_ssl_retrieval_method not in ['lets-encrypt', 'self-signed', 'manually-managed']"
|
when: "matrix_ssl_retrieval_method not in ['lets-encrypt', 'self-signed', 'manually-managed', 'none']"
|
||||||
|
|
||||||
|
|
||||||
# Common tasks, required by any method below.
|
# Common tasks, required by almost any method below.
|
||||||
|
|
||||||
- name: Ensure SSL certificate paths exists
|
- name: Ensure SSL certificate paths exists
|
||||||
file:
|
file:
|
||||||
@ -19,6 +19,7 @@
|
|||||||
with_items:
|
with_items:
|
||||||
- "{{ matrix_ssl_log_dir_path }}"
|
- "{{ matrix_ssl_log_dir_path }}"
|
||||||
- "{{ matrix_ssl_config_dir_path }}"
|
- "{{ matrix_ssl_config_dir_path }}"
|
||||||
|
when: "matrix_ssl_retrieval_method != 'none'"
|
||||||
|
|
||||||
|
|
||||||
# Method specific tasks follow
|
# Method specific tasks follow
|
||||||
|
Loading…
Reference in New Issue
Block a user