Add support for 2 more SSL certificate retrieval methods

Adds support for managing certificates manually and for having the playbook generate self-signed certificates for you. With this, Let's Encrypt usage is no longer required. Fixes Github issue #50.
2018-12-23 11:00:12 +02:00
parent bfcba5256e
commit d28bdb3258
21 changed files with 296 additions and 86 deletions
--- a/roles/matrix-server/templates/usr-local-bin/matrix-ssl-certificates-renew.j2
+++ b/roles/matrix-server/templates/usr-local-bin/matrix-ssl-certificates-renew.j2
@ -4,23 +4,23 @@
 # need to forward requests for `/.well-known/acme-challenge` to the certbot container.
 #
 # This can happen inside the container network by proxying to `http://matrix-certbot:80`
-# or outside (on the host) by proxying to `http://localhost:{{ matrix_ssl_certbot_standalone_http_port }}`.
+# or outside (on the host) by proxying to `http://localhost:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }}`.

 docker run \
 	--rm \
 	--name=matrix-certbot \
 	--network="{{ matrix_docker_network }}" \
-	-p 127.0.0.1:{{ matrix_ssl_certbot_standalone_http_port }}:80 \
+	-p 127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }}:80 \
 	-v {{ matrix_ssl_config_dir_path }}:/etc/letsencrypt \
 	-v {{ matrix_ssl_log_dir_path }}:/var/log/letsencrypt \
-	{{ matrix_ssl_certbot_docker_image }} \
+	{{ matrix_ssl_lets_encrypt_certbot_docker_image }} \
 	renew \
 		--non-interactive \
-		{% if matrix_ssl_use_staging %}
+		{% if matrix_ssl_lets_encrypt_staging %}
 			--staging \
 		{% endif %}
 		--quiet \
 		--standalone \
 		--preferred-challenges http \
 		--agree-tos \
-		--email={{ matrix_ssl_support_email }}
+		--email={{ matrix_ssl_lets_encrypt_support_email }}