finallycoffee/matrix-docker-ansible-deploy
5
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add support for 2 more SSL certificate retrieval methods

Browse Source 
Adds support for managing certificates manually and for
having the playbook generate self-signed certificates for you.

With this, Let's Encrypt usage is no longer required.

Fixes Github issue #50.
This commit is contained in:
Slavi Pantaleev
2018-12-23 11:00:12 +02:00
parent bfcba5256e
commit d28bdb3258
21 changed files with 296 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
roles/matrix-server/defaults/main.yml
View File

@ -387,17 +387,34 @@ matrix_nginx_proxy_reload_cron_time_definition: "20 4 */5 * *"
# See: https://github.com/nginxinc/docker-nginx/issues/190
matrix_nginx_proxy_ssl_protocols: "TLSv1.1 TLSv1.2"
# By default, this playbook automatically retrieves and auto-renews
# free SSL certificates from Let's Encrypt.
#
# The following retrieval methods are supported:
# - "lets-encrypt" - the playbook obtains free SSL certificates from Let's Encrypt
# - "self-signed" - the playbook generates and self-signs certificates
# - "manually-managed" - lets you manage certificates by yourself (manually; see below)
#
# If you decide to manage certificates by yourself (`matrix_ssl_retrieval_method: manually-managed`),
# you'd need to drop them into the directory specified by `matrix_ssl_config_dir_path`
# obeying the following hierarchy:
# - <matrix_ssl_config_dir_path>/live/<domain>/fullchain.pem
# - <matrix_ssl_config_dir_path>/live/<domain>/privkey.pem
# where <domain> refers to the domains that you need (usually `hostname_matrix` and `hostname_riot`).
matrix_ssl_retrieval_method: "lets-encrypt"
# Controls whether to obtain production or staging certificates from Let's Encrypt.
matrix_ssl_lets_encrypt_staging: false
matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:v0.29.1"
matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
matrix_ssl_lets_encrypt_support_email: "{{ host_specific_matrix_ssl_lets_encrypt_support_email }}"
# Specifies when to attempt to retrieve new SSL certificates from Let's Encrypt.
matrix_ssl_lets_encrypt_renew_cron_time_definition: "15 4 */5 * *"
matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl"
matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config"
matrix_ssl_log_dir_path: "{{ matrix_ssl_base_path }}/log"
matrix_ssl_support_email: "{{ host_specific_matrix_ssl_support_email }}"
matrix_ssl_certbot_docker_image: "certbot/certbot:v0.29.1"
matrix_ssl_certbot_standalone_http_port: 2402
matrix_ssl_use_staging: false
# Specifies when to attempt to retrieve new SSL certificates from Let's Encrypt.
matrix_ssl_renew_cron_time_definition: "15 4 */5 * *"
# Variables to Control which parts of the role run.
run_setup: true