Add support for serving the base domain via matrix-static-files
This commit is contained in:
Slavi Pantaleev
parent
da48a605bb
commit
cc75be9c65
@ -17,7 +17,7 @@ This documentation page tells you how to do the latter. With some easy changes,
|
||||
Just **adjust your DNS records**, so that your base domain is pointed to the Matrix server's IP address (using a DNS `A` record) **and then use the following configuration**:
|
||||
|
||||
```yaml
|
||||
matrix_nginx_proxy_base_domain_serving_enabled: true
|
||||
matrix_static_files_container_labels_base_domain_enabled: true
|
||||
```
|
||||
|
||||
Doing this, the playbook will:
|
||||
@ -26,27 +26,46 @@ Doing this, the playbook will:
|
||||
|
||||
- serve the `/.well-known/matrix/*` files which are necessary for [Federation Server Discovery](configuring-well-known.md#introduction-to-client-server-discovery) (also see [Server Delegation](howto-server-delegation.md)) and [Client-Server discovery](configuring-well-known.md#introduction-to-client-server-discovery)
|
||||
|
||||
- serve a simple homepage at `https://DOMAIN` with content `Hello from DOMAIN` (configurable via the `matrix_nginx_proxy_base_domain_homepage_template` variable). You can also [serve a more complicated static website](#serving-a-static-website-at-the-base-domain).
|
||||
- serve a simple homepage at `https://DOMAIN` with content `Hello from DOMAIN` (configurable via the `matrix_static_files_file_index_html_template` variable). You can also [serve a more complicated static website](#serving-a-static-website-at-the-base-domain).
|
||||
|
||||
|
||||
## Serving a static website at the base domain
|
||||
|
||||
By default, when "serving the base domain" is enabled, the playbook hosts a simple `index.html` webpage in `/matrix/nginx-proxy/data/matrix-domain`.
|
||||
The content of this page is taken from the `matrix_nginx_proxy_base_domain_homepage_template` variable.
|
||||
By default, when "serving the base domain" is enabled, the playbook hosts a simple `index.html` webpage at `/matrix/static-files/public/index.html`.
|
||||
The content of this page is taken from the `matrix_static_files_file_index_html_template` variable.
|
||||
|
||||
If you'd like to host your own static website (more than a single `index.html` page) at the base domain, you can disable the creation of this default `index.html` page like this:
|
||||
|
||||
```yaml
|
||||
matrix_nginx_proxy_base_domain_homepage_enabled: false
|
||||
# Enable base-domain serving
|
||||
matrix_static_files_container_labels_base_domain_enabled: true
|
||||
|
||||
# Prevent the default index.html file from being installed
|
||||
matrix_static_files_file_index_html_enabled: false
|
||||
```
|
||||
|
||||
With this configuration, Ansible will no longer mess around with the `/matrix/nginx-proxy/data/matrix-domain/index.html` file.
|
||||
With this configuration, Ansible will no longer mess around with the `/matrix/static-files/public/index.html` file.
|
||||
|
||||
You are then free to upload any static website files to `/matrix/nginx-proxy/data/matrix-domain` and they will get served at the base domain.
|
||||
You are then free to upload any static website files to `/matrix/static-files/public` and they will get served at the base domain.
|
||||
You can do so manually or by using the [ansible-role-aux](https://github.com/mother-of-all-self-hosting/ansible-role-aux) Ansible role, which is part of this playbook already.
|
||||
|
||||
|
||||
## Serving a more complicated website at the base domain
|
||||
|
||||
If you'd like to serve an even more complicated (dynamic) website from the Matrix server, relying on the playbook to serve the base domain is not the best choice.
|
||||
|
||||
Instead, we recommend that you switch to [using your own webserver](configuring-playbook-own-webserver.md) (preferrably nginx). You can then make that webserver host anything you wish, and still easily plug in Matrix services into it.
|
||||
You have 2 options.
|
||||
|
||||
**One way is to host your base domain elsewhere**. This involves:
|
||||
- you stopping to serve it from the Matrix server: remove `matrix_static_files_container_labels_base_domain_enabled` from your configuration
|
||||
- [configuring Matrix Delegation via well-known](./configuring-well-known.md)
|
||||
|
||||
**Another way is to serve the base domain from another (your own) container on the Matrix server**. This involves:
|
||||
- telling the playbook to only serve `BASE_DOMAIN/.well-known/matrix` files by adjusting your `vars.yml` configuration like this:
|
||||
- keep `matrix_static_files_container_labels_base_domain_enabled: true`
|
||||
- add an extra: `matrix_static_files_container_labels_base_domain_traefik_path_prefix: /.well-known/matrix`
|
||||
- building and running a new container on the Matrix server:
|
||||
- it should be connected to the `traefik` network, so that Traefik can reverse-proxy to it
|
||||
- it should have appropriate [container labels](https://docs.docker.com/config/labels-custom-metadata/), which instruct Traefik to reverse-proxy to it
|
||||
|
||||
How you'll be managing building and running this container is up-to-you. You may use of the primitives from [ansible-role-aux](https://github.com/mother-of-all-self-hosting/ansible-role-aux) Ansible role to organize it yourself, or you can set it up in another way.
|
||||
|
||||
@ -3080,8 +3080,6 @@ matrix_ssl_domains_to_obtain_certificates_for: |
|
||||
+
|
||||
(matrix_bot_postmoogle_domains if matrix_bot_postmoogle_enabled else [])
|
||||
+
|
||||
([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else [])
|
||||
+
|
||||
matrix_ssl_additional_domains_to_obtain_certificates_for
|
||||
}}
|
||||
|
||||
@ -4590,13 +4588,17 @@ matrix_static_files_enabled: true
|
||||
|
||||
matrix_static_files_container_network: "{{ devture_traefik_container_network if matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' else matrix_well_known_ident }}"
|
||||
|
||||
matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_hostname: "{{ matrix_server_fqn_matrix }}"
|
||||
|
||||
matrix_static_files_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
|
||||
matrix_static_files_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
|
||||
matrix_static_files_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
|
||||
matrix_static_files_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
|
||||
|
||||
matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_hostname: "{{ matrix_server_fqn_matrix }}"
|
||||
|
||||
# Base domain serving is not enabled by default (see `matrix_static_files_container_labels_base_domain_enabled`),
|
||||
# but we pass the hostname, so that enabling it is easy.
|
||||
matrix_static_files_container_labels_base_domain_traefik_hostname: "{{ matrix_domain }}"
|
||||
|
||||
matrix_static_files_file_matrix_client_property_io_element_jitsi_preferred_domain: "{{ matrix_server_fqn_jitsi if jitsi_enabled else '' }}"
|
||||
|
||||
matrix_static_files_file_matrix_client_property_org_matrix_msc3575_proxy_url: "{{ matrix_homeserver_sliding_sync_url }}"
|
||||
|
||||
@ -50,11 +50,6 @@ matrix_nginx_proxy_container_labels_traefik_docker_network: "{{ matrix_nginx_pro
|
||||
matrix_nginx_proxy_container_labels_traefik_entrypoints: web-secure
|
||||
matrix_nginx_proxy_container_labels_traefik_tls_certResolver: default # noqa var-naming
|
||||
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_base_domain_enabled: "{{ matrix_nginx_proxy_base_domain_serving_enabled }}"
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_base_domain_hostname: "{{ matrix_nginx_proxy_base_domain_hostname }}"
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_base_domain_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_base_domain_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_base_domain_hostname }}`)"
|
||||
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_matrix_enabled: false
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_matrix_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
|
||||
matrix_nginx_proxy_container_labels_traefik_proxy_matrix_client_hostname: "{{ matrix_server_fqn_matrix }}"
|
||||
@ -119,40 +114,6 @@ matrix_nginx_proxy_container_https_host_bind_port: '443'
|
||||
# When HTTPS is disabled, you'd likely want to only expose the port locally, and front it with another HTTPS-enabled reverse-proxy.
|
||||
matrix_nginx_proxy_container_federation_host_bind_port: '8448'
|
||||
|
||||
# Controls whether matrix-nginx-proxy should serve the base domain.
|
||||
#
|
||||
# This is useful for when you only have your Matrix server, but you need to serve
|
||||
# to serve `/.well-known/matrix/*` files from the base domain for the needs of
|
||||
# Server-Discovery (Federation) and for Client-Discovery.
|
||||
#
|
||||
# Besides serving these Matrix files, a homepage would be served with content
|
||||
# as specified in the `matrix_nginx_proxy_base_domain_homepage_template` variable.
|
||||
# You can also put additional files to use for this webpage
|
||||
# in the `{{ matrix_nginx_proxy_data_path }}/matrix-domain` (`/matrix/nginx-proxy/data/matrix-domain`) directory.
|
||||
matrix_nginx_proxy_base_domain_serving_enabled: false
|
||||
|
||||
# Controls whether the base domain directory and default index.html file are created.
|
||||
matrix_nginx_proxy_base_domain_create_directory: true
|
||||
|
||||
matrix_nginx_proxy_base_domain_hostname: "{{ matrix_domain }}"
|
||||
|
||||
# Controls whether `matrix_nginx_proxy_base_domain_homepage_template` would be dumped to an `index.html` file
|
||||
# in the `/matrix/nginx-proxy/data/matrix-domain` directory.
|
||||
#
|
||||
# If you would instead like to serve a static website by yourself, you can disable this.
|
||||
# When disabled, you're expected to put website files in `/matrix/nginx-proxy/data/matrix-domain` manually
|
||||
# and can expect that the playbook won't intefere with the `index.html` file.
|
||||
matrix_nginx_proxy_base_domain_homepage_enabled: true
|
||||
|
||||
matrix_nginx_proxy_base_domain_homepage_template: |-
|
||||
<!doctype html>
|
||||
<meta charset="utf-8" />
|
||||
<html>
|
||||
<body>
|
||||
Hello from {{ matrix_domain }}!
|
||||
</body>
|
||||
</html>
|
||||
|
||||
# Option to disable the access log
|
||||
matrix_nginx_proxy_access_log_enabled: true
|
||||
|
||||
|
||||
@ -198,31 +198,6 @@
|
||||
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-domain.conf"
|
||||
mode: 0644
|
||||
|
||||
- name: Ensure Matrix nginx-proxy data directory for base domain exists
|
||||
ansible.builtin.file:
|
||||
path: "{{ matrix_nginx_proxy_data_path }}/matrix-domain"
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
when: matrix_nginx_proxy_base_domain_serving_enabled | bool and matrix_nginx_proxy_base_domain_create_directory | bool
|
||||
|
||||
- name: Ensure Matrix nginx-proxy homepage for base domain exists
|
||||
ansible.builtin.copy:
|
||||
content: "{{ matrix_nginx_proxy_base_domain_homepage_template }}"
|
||||
dest: "{{ matrix_nginx_proxy_data_path }}/matrix-domain/index.html"
|
||||
mode: 0644
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
when: matrix_nginx_proxy_base_domain_serving_enabled | bool and matrix_nginx_proxy_base_domain_homepage_enabled | bool and matrix_nginx_proxy_base_domain_create_directory | bool
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for base domain exists
|
||||
ansible.builtin.template:
|
||||
src: "{{ role_path }}/templates/nginx/conf.d/matrix-base-domain.conf.j2"
|
||||
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-base-domain.conf"
|
||||
mode: 0644
|
||||
when: matrix_nginx_proxy_base_domain_serving_enabled | bool
|
||||
|
||||
#
|
||||
# Tasks related to setting up matrix-nginx-proxy
|
||||
#
|
||||
@ -366,18 +341,6 @@
|
||||
state: absent
|
||||
when: "not matrix_nginx_proxy_proxy_etherpad_enabled | bool"
|
||||
|
||||
- name: Ensure Matrix nginx-proxy homepage for base domain deleted
|
||||
ansible.builtin.file:
|
||||
path: "{{ matrix_nginx_proxy_data_path }}/matrix-domain/index.html"
|
||||
state: absent
|
||||
when: "not matrix_nginx_proxy_base_domain_serving_enabled | bool"
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for base domain deleted
|
||||
ansible.builtin.file:
|
||||
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-base-domain.conf"
|
||||
state: absent
|
||||
when: "not matrix_nginx_proxy_base_domain_serving_enabled | bool"
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for main config override deleted
|
||||
ansible.builtin.file:
|
||||
path: "{{ matrix_nginx_proxy_base_path }}/nginx.conf"
|
||||
|
||||
@ -5,19 +5,6 @@ traefik.enable=true
|
||||
traefik.docker.network={{ matrix_nginx_proxy_container_labels_traefik_docker_network }}
|
||||
{% endif %}
|
||||
|
||||
|
||||
{% if matrix_nginx_proxy_container_labels_traefik_proxy_base_domain_enabled %}
|
||||
# Base domain
|
||||
traefik.http.routers.matrix-nginx-proxy-base-domain.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_base_domain_rule }}
|
||||
traefik.http.routers.matrix-nginx-proxy-base-domain.service=matrix-nginx-proxy-web
|
||||
traefik.http.routers.matrix-nginx-proxy-base-domain.tls={{ matrix_nginx_proxy_container_labels_traefik_proxy_base_domain_tls | to_json }}
|
||||
{% if matrix_nginx_proxy_container_labels_traefik_proxy_base_domain_tls %}
|
||||
traefik.http.routers.matrix-nginx-proxy-base-domain.tls.certResolver={{ matrix_nginx_proxy_container_labels_traefik_tls_certResolver }}
|
||||
{% endif %}
|
||||
traefik.http.routers.matrix-nginx-proxy-base-domain.entrypoints={{ matrix_nginx_proxy_container_labels_traefik_entrypoints }}
|
||||
{% endif %}
|
||||
|
||||
|
||||
{% if matrix_nginx_proxy_container_labels_traefik_proxy_matrix_enabled %}
|
||||
# Matrix Client
|
||||
traefik.http.routers.matrix-nginx-proxy-matrix-client.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_matrix_client_rule }}
|
||||
|
||||
@ -1,88 +0,0 @@
|
||||
#jinja2: lstrip_blocks: "True"
|
||||
|
||||
{% macro render_vhost_directives() %}
|
||||
absolute_redirect off;
|
||||
root {{ matrix_nginx_proxy_data_path_in_container if matrix_nginx_proxy_enabled else matrix_nginx_proxy_data_path }}{{ matrix_nginx_proxy_data_path_extension }};
|
||||
index index.html index.htm;
|
||||
try_files $uri $uri/ =404;
|
||||
|
||||
gzip on;
|
||||
gzip_types text/plain application/json;
|
||||
|
||||
{% if matrix_nginx_proxy_floc_optout_enabled %}
|
||||
add_header Permissions-Policy interest-cohort=() always;
|
||||
{% endif %}
|
||||
|
||||
{% if matrix_nginx_proxy_hsts_preload_enabled %}
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
||||
{% else %}
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||
{% endif %}
|
||||
|
||||
add_header X-XSS-Protection "{{ matrix_nginx_proxy_xss_protection }}";
|
||||
|
||||
{% for configuration_block in matrix_nginx_proxy_proxy_domain_additional_server_configuration_blocks %}
|
||||
{{- configuration_block }}
|
||||
{% endfor %}
|
||||
{% endmacro %}
|
||||
|
||||
server {
|
||||
listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }};
|
||||
listen [::]:{{ 8080 if matrix_nginx_proxy_enabled else 80 }};
|
||||
|
||||
server_name {{ matrix_nginx_proxy_base_domain_hostname }};
|
||||
server_tokens off;
|
||||
|
||||
{% if matrix_nginx_proxy_https_enabled %}
|
||||
location /.well-known/acme-challenge {
|
||||
{% if matrix_nginx_proxy_enabled %}
|
||||
{# Use the embedded DNS resolver in Docker containers to discover the service #}
|
||||
resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s;
|
||||
set $backend "matrix-certbot:8080";
|
||||
proxy_pass http://$backend;
|
||||
{% else %}
|
||||
{# Generic configuration for use outside of our container setup #}
|
||||
proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }};
|
||||
{% endif %}
|
||||
}
|
||||
|
||||
location / {
|
||||
return 301 https://$http_host$request_uri;
|
||||
}
|
||||
{% else %}
|
||||
{{ render_vhost_directives() }}
|
||||
{% endif %}
|
||||
}
|
||||
|
||||
{% if matrix_nginx_proxy_https_enabled %}
|
||||
server {
|
||||
listen {{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
|
||||
listen [::]:{{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
|
||||
|
||||
server_name {{ matrix_nginx_proxy_base_domain_hostname }};
|
||||
server_tokens off;
|
||||
|
||||
ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_base_domain_hostname }}/fullchain.pem;
|
||||
ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_base_domain_hostname }}/privkey.pem;
|
||||
|
||||
ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }};
|
||||
{% if matrix_nginx_proxy_ssl_ciphers != '' %}
|
||||
ssl_ciphers {{ matrix_nginx_proxy_ssl_ciphers }};
|
||||
{% endif %}
|
||||
ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_prefer_server_ciphers }};
|
||||
|
||||
{% if matrix_nginx_proxy_ocsp_stapling_enabled %}
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
ssl_trusted_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_base_domain_hostname }}/chain.pem;
|
||||
{% endif %}
|
||||
|
||||
{% if matrix_nginx_proxy_ssl_session_tickets_off %}
|
||||
ssl_session_tickets off;
|
||||
{% endif %}
|
||||
ssl_session_cache {{ matrix_nginx_proxy_ssl_session_cache }};
|
||||
ssl_session_timeout {{ matrix_nginx_proxy_ssl_session_timeout }};
|
||||
|
||||
{{ render_vhost_directives() }}
|
||||
}
|
||||
{% endif %}
|
||||
@ -48,7 +48,7 @@ matrix_static_files_container_labels_traefik_docker_network: "{{ matrix_static_f
|
||||
matrix_static_files_container_labels_traefik_entrypoints: web-secure
|
||||
matrix_static_files_container_labels_traefik_tls_certResolver: default
|
||||
|
||||
# Controls whether labels will be added that expose the well-known public endpoint
|
||||
# Controls whether labels will be added that expose the well-known public endpoint on the matrix domain.
|
||||
matrix_static_files_container_labels_well_known_matrix_endpoint_enabled: true
|
||||
matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_hostname: ''
|
||||
matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_path_prefix: /.well-known/matrix
|
||||
@ -58,6 +58,26 @@ matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_entrypoi
|
||||
matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_tls: "{{ matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_entrypoints != 'web' }}"
|
||||
matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_tls_certResolver: "{{ matrix_static_files_container_labels_traefik_tls_certResolver }}" # noqa var-naming
|
||||
|
||||
# Controls whether labels will be added that serve the base domain.
|
||||
#
|
||||
# This is similar to `matrix_static_files_container_labels_well_known_matrix_endpoint_*`, but does more.
|
||||
#
|
||||
# It's useful when you'd like to avoid setting up `/.well-known/matrix` redirects and can afford to point the base domain to the Matrix server.
|
||||
#
|
||||
# By default, these labels are configured to handle all paths for the provided base domain
|
||||
# (see `matrix_static_files_container_labels_base_domain_traefik_path_prefix`), not just the `/.well-known/matrix` prefix.
|
||||
#
|
||||
# By default, an index.html page is also served (see `matrix_static_files_file_index_html_enabled`).
|
||||
matrix_static_files_container_labels_base_domain_enabled: false
|
||||
matrix_static_files_container_labels_base_domain_traefik_hostname: ''
|
||||
matrix_static_files_container_labels_base_domain_traefik_path_prefix: /
|
||||
matrix_static_files_container_labels_base_domain_traefik_rule: "Host(`{{ matrix_static_files_container_labels_base_domain_traefik_hostname }}`){% if matrix_static_files_container_labels_base_domain_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_path_prefix }}`){% endif %}"
|
||||
matrix_static_files_container_labels_base_domain_traefik_priority: 0
|
||||
matrix_static_files_container_labels_base_domain_traefik_entrypoints: "{{ matrix_static_files_container_labels_traefik_entrypoints }}"
|
||||
matrix_static_files_container_labels_base_domain_traefik_tls: "{{ matrix_static_files_container_labels_base_domain_traefik_entrypoints != 'web' }}"
|
||||
matrix_static_files_container_labels_base_domain_traefik_tls_certResolver: "{{ matrix_static_files_container_labels_traefik_tls_certResolver }}" # noqa var-naming
|
||||
|
||||
|
||||
# matrix_static_files_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
|
||||
# See `../templates/labels.j2` for details.
|
||||
#
|
||||
@ -298,6 +318,40 @@ matrix_static_files_file_matrix_support_configuration: "{{ matrix_static_files_f
|
||||
# #
|
||||
########################################################################
|
||||
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
# Related to index.html #
|
||||
# #
|
||||
########################################################################
|
||||
|
||||
# Controls whether `matrix_static_files_file_index_html_template` would be dumped to an `index.html` file
|
||||
# in the public directory (matrix_static_files_public_path).
|
||||
#
|
||||
# This is useful if you have enabled serving of the base domain (matrix_static_files_container_labels_base_domain_enabled)
|
||||
# and wish to serve more than just the `/.well-known/matrix` files from it.
|
||||
#
|
||||
# You can also use the auxiliary role (https://github.com/mother-of-all-self-hosting/ansible-role-aux) to create files in
|
||||
# the public directory (matrix_static_files_public_path) by yourself.
|
||||
#
|
||||
# Because you may wish to manage these static files yourself, disabling this variable will intentionally not delete an already existing `index.html` file.
|
||||
matrix_static_files_file_index_html_enabled: "{{ matrix_static_files_container_labels_base_domain_enabled }}"
|
||||
|
||||
matrix_static_files_file_index_html_template: |-
|
||||
<!doctype html>
|
||||
<meta charset="utf-8" />
|
||||
<html>
|
||||
<body>
|
||||
Hello from {{ matrix_static_files_container_labels_base_domain_traefik_hostname }}!
|
||||
</body>
|
||||
</html>
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
# /Related to /index.html #
|
||||
# #
|
||||
########################################################################
|
||||
|
||||
# Controls whether the self-check feature should validate SSL certificates.
|
||||
matrix_static_files_self_check_validate_certificates: true
|
||||
|
||||
|
||||
@ -33,25 +33,31 @@
|
||||
|
||||
- name: Ensure matrix-static-files files are installed
|
||||
ansible.builtin.copy:
|
||||
content: "{{ item.content | to_nice_json }}"
|
||||
content: "{{ item.content }}"
|
||||
dest: "{{ item.dest }}"
|
||||
mode: 0644
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
when: item.when | bool
|
||||
with_items:
|
||||
- content: "{{ matrix_static_files_file_matrix_client_configuration }}"
|
||||
- content: "{{ matrix_static_files_file_matrix_client_configuration | to_nice_json }}"
|
||||
dest: "{{ matrix_static_files_public_well_known_matrix_path }}/client"
|
||||
when: true
|
||||
|
||||
- content: "{{ matrix_static_files_file_matrix_server_configuration }}"
|
||||
- content: "{{ matrix_static_files_file_matrix_server_configuration | to_nice_json }}"
|
||||
dest: "{{ matrix_static_files_public_well_known_matrix_path }}/server"
|
||||
when: "{{ matrix_static_files_file_matrix_server_enabled }}"
|
||||
|
||||
- content: "{{ matrix_static_files_file_matrix_support_configuration }}"
|
||||
- content: "{{ matrix_static_files_file_matrix_support_configuration | to_nice_json }}"
|
||||
dest: "{{ matrix_static_files_public_well_known_matrix_path }}/support"
|
||||
when: "{{ matrix_static_files_file_matrix_support_enabled }}"
|
||||
|
||||
# This one will not be deleted if `matrix_static_files_file_index_html_enabled` flips to `false`.
|
||||
# See the comment for `matrix_static_files_file_index_html_enabled` to learn why.
|
||||
- content: "{{ matrix_static_files_file_index_html_template }}"
|
||||
dest: "{{ matrix_static_files_public_path }}/index.html"
|
||||
when: "{{ matrix_static_files_file_index_html_enabled }}"
|
||||
|
||||
- name: Ensure /.well-known/matrix/server file deleted if not enabled
|
||||
ansible.builtin.file:
|
||||
path: "{{ matrix_static_files_public_well_known_matrix_path }}/server"
|
||||
|
||||
@ -9,3 +9,6 @@
|
||||
- {'name': 'matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_hostname', when: "{{ matrix_static_files_container_labels_well_known_matrix_endpoint_enabled }}"}
|
||||
- {'name': 'matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_path_prefix', when: "{{ matrix_static_files_container_labels_well_known_matrix_endpoint_enabled }}"}
|
||||
|
||||
- {'name': 'matrix_static_files_container_labels_base_domain_traefik_hostname', when: "{{ matrix_static_files_container_labels_base_domain_enabled }}"}
|
||||
- {'name': 'matrix_static_files_container_labels_base_domain_traefik_path_prefix', when: "{{ matrix_static_files_container_labels_base_domain_enabled }}"}
|
||||
|
||||
|
||||
@ -9,7 +9,7 @@ traefik.http.services.{{ matrix_static_files_ident }}.loadbalancer.server.port={
|
||||
|
||||
|
||||
{#
|
||||
Related to /.well-known/matrix
|
||||
Related to /.well-known/matrix on the matrix domain
|
||||
#}
|
||||
{% if matrix_static_files_container_labels_well_known_matrix_endpoint_enabled %}
|
||||
|
||||
@ -33,10 +33,33 @@ traefik.http.routers.{{ matrix_static_files_ident }}-well-known-endpoint.tls.cer
|
||||
|
||||
{% endif %}
|
||||
{#
|
||||
/Related to /.well-known/matrix
|
||||
/Related to /.well-known/matrix on the matrix domain
|
||||
#}
|
||||
|
||||
|
||||
{#
|
||||
Base domain serving
|
||||
#}
|
||||
{% if matrix_static_files_container_labels_base_domain_enabled %}
|
||||
traefik.http.routers.{{ matrix_static_files_ident }}-base-domain.rule={{ matrix_static_files_container_labels_base_domain_traefik_rule }}
|
||||
|
||||
{% if matrix_static_files_container_labels_base_domain_traefik_priority | int > 0 %}
|
||||
traefik.http.routers.{{ matrix_static_files_ident }}-base-domain.priority={{ matrix_static_files_container_labels_base_domain_traefik_priority }}
|
||||
{% endif %}
|
||||
|
||||
traefik.http.routers.{{ matrix_static_files_ident }}-base-domain.service={{ matrix_static_files_ident }}
|
||||
traefik.http.routers.{{ matrix_static_files_ident }}-base-domain.entrypoints={{ matrix_static_files_container_labels_base_domain_traefik_entrypoints }}
|
||||
traefik.http.routers.{{ matrix_static_files_ident }}-base-domain.tls={{ matrix_static_files_container_labels_base_domain_traefik_tls | to_json }}
|
||||
|
||||
{% if matrix_static_files_container_labels_base_domain_traefik_tls %}
|
||||
traefik.http.routers.{{ matrix_static_files_ident }}-base-domain.tls.certResolver={{ matrix_static_files_container_labels_base_domain_traefik_tls_certResolver }}
|
||||
{% endif %}
|
||||
|
||||
{% endif %}
|
||||
{#
|
||||
/Base domain serving
|
||||
#}
|
||||
|
||||
{% endif %}
|
||||
|
||||
{{ matrix_static_files_container_labels_additional_labels }}
|
||||
|
||||
@ -77,6 +77,10 @@
|
||||
- {'old': 'matrix_well_known_matrix_support_configuration_extension_json', 'new': 'matrix_static_files_file_matrix_support_configuration_extension_json'}
|
||||
- {'old': 'matrix_nginx_proxy_self_check_validate_certificates', 'new': 'matrix_static_files_self_check_validate_certificates'}
|
||||
- {'old': 'matrix_nginx_proxy_self_check_well_known_matrix_client_follow_redirects', 'new': 'matrix_static_files_self_check_well_known_matrix_client_follow_redirects'}
|
||||
- {'old': 'matrix_nginx_proxy_base_domain_serving_enabled', 'new': 'matrix_static_files_container_labels_base_domain_enabled'}
|
||||
- {'old': 'matrix_nginx_proxy_base_domain_hostname', 'new': 'matrix_static_files_container_labels_base_domain_traefik_hostname'}
|
||||
- {'old': 'matrix_nginx_proxy_base_domain_homepage_enabled', 'new': 'matrix_static_files_file_index_html_enabled'}
|
||||
- {'old': 'matrix_nginx_proxy_base_domain_create_directory', 'new': '<no longer necessary; see matrix_static_files_file_index_html_enabled>'}
|
||||
|
||||
- name: (Deprecation) Catch and report matrix_postgres variables
|
||||
ansible.builtin.fail:
|
||||
|
||||
Loading…
Reference in New Issue
Block a user