From 8b146f083ef3bf78c0bf0cc27658631d96ea30dd Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 2 Jul 2021 17:00:10 +0300 Subject: [PATCH] Disable turns when Let's Encrypt is used Supersedes https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1145 --- group_vars/matrix_servers | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 9883abf08..c99286077 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1474,7 +1474,7 @@ matrix_postgres_additional_databases: | 'username': matrix_prometheus_postgres_exporter_database_username, 'password': matrix_prometheus_postgres_exporter_database_password, }] if (matrix_prometheus_postgres_exporter_enabled and matrix_prometheus_postgres_exporter_database_hostname == 'matrix-postgres') else []) - + }} matrix_postgres_import_roles_to_ignore: | @@ -1671,16 +1671,23 @@ matrix_synapse_email_notif_from: "Matrix <{{ matrix_mailer_sender_address }}>" # Even if TURN doesn't support TLS (it does by default), # it doesn't hurt to try a secure connection anyway. +# +# When Let's Encrypt certificates are used (the default case), +# we don't enable `turns` endpoints, because WebRTC in Element can't talk to them. +# Learn more here: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1145 matrix_synapse_turn_uris: | {{ + [] + + [ 'turns:' + matrix_server_fqn_matrix + '?transport=udp', 'turns:' + matrix_server_fqn_matrix + '?transport=tcp', + ] if matrix_coturn_enabled and matrix_ssl_retrieval_method != 'lets-encrypt' else [] + + + [ 'turn:' + matrix_server_fqn_matrix + '?transport=udp', 'turn:' + matrix_server_fqn_matrix + '?transport=tcp', - ] - if matrix_coturn_enabled - else [] + ] if matrix_coturn_enabled else [] }} matrix_synapse_turn_shared_secret: "{{ matrix_coturn_turn_static_auth_secret if matrix_coturn_enabled else '' }}"