Slavi Pantaleev
@ -1,6 +1,6 @@
|
||||
# Adjusting SSL certificate retrieval (optional, advanced)
|
||||
|
||||
By default, this playbook retrieves and auto-renews free SSL certificates from [Let's Encrypt](https://letsencrypt.org/) for the domains it needs (`matrix.<your-domain>` and possibly `riot.<your-domain>`)
|
||||
By default, this playbook retrieves and auto-renews free SSL certificates from [Let's Encrypt](https://letsencrypt.org/) for the domains it needs (`matrix.<your-domain>` and possibly `element.<your-domain>`)
|
||||
|
||||
Those certificates are used when configuring the nginx reverse proxy installed by this playbook.
|
||||
They can also be used for configuring [your own webserver](docs/configuring-playbook-own-webserver.md), in case you're not using the integrated nginx server provided by the playbook.
|
||||
@ -42,7 +42,7 @@ With such a configuration, the playbook would expect you to drop the SSL certifi
|
||||
- `<matrix_ssl_config_dir_path>/live/<domain>/fullchain.pem`
|
||||
- `<matrix_ssl_config_dir_path>/live/<domain>/privkey.pem`
|
||||
|
||||
where `<domain>` refers to the domains that you need (usually `matrix.<your-domain>` and `riot.<your-domain>`).
|
||||
where `<domain>` refers to the domains that you need (usually `matrix.<your-domain>` and `element.<your-domain>`).
|
||||
|
||||
|
||||
## Not bothering with SSL certificates
|
||||
@ -62,7 +62,8 @@ The playbook tries to be smart about the certificates it will obtain for you.
|
||||
|
||||
By default, it obtains certificates for:
|
||||
- `matrix.<your-domain>` (`matrix_server_fqn_matrix`)
|
||||
- possibly for `riot.<your-domain>`, unless you have disabled the Riot component using `matrix_riot_web_enabled: false`
|
||||
- possibly for `element.<your-domain>`, unless you have disabled the [Element client component](configuring-playbook-client-element.md) using `matrix_client_element_enabled: false`
|
||||
- possibly for `riot.<your-domain>`, if you have explicitly enabled Riot to Element redirection (for background compatibility) using `matrix_nginx_proxy_proxy_riot_compat_redirect_enabled: true`
|
||||
- possibly for `dimension.<your-domain>`, if you have explicitly [set up Dimension](configuring-playbook-dimension.md).
|
||||
- possibly for your base domain (`<your-domain>`), if you have explicitly configured [Serving the base domain](configuring-playbook-base-domain-serving.md)
|
||||
|
||||
@ -70,12 +71,12 @@ If you are hosting other domains on the Matrix machine, you can make the playboo
|
||||
To do that, simply define your own custom configuration like this:
|
||||
|
||||
```yaml
|
||||
# Note: we need to explicitly list the aforementioned Matrix domains that you use (Matrix, Riot, Dimension).
|
||||
# Note: we need to explicitly list the aforementioned Matrix domains that you use (Matrix, Element, Dimension).
|
||||
# In this example, we retrieve an extra certificate - one for the base domain (in the `matrix_domain` variable).
|
||||
# Adding any other additional domains (hosted on the same machine) is possible.
|
||||
matrix_ssl_domains_to_obtain_certificates_for:
|
||||
- '{{ matrix_server_fqn_matrix }}'
|
||||
- '{{ matrix_server_fqn_riot }}'
|
||||
- '{{ matrix_server_fqn_element }}'
|
||||
- '{{ matrix_server_fqn_dimension }}'
|
||||
- '{{ matrix_domain }}'
|
||||
```
|
||||
|
||||
Reference in New Issue
Block a user