Commit Graph

46 Commits

Author SHA1 Message Date
Slavi Pantaleev
c6ab1c6a90 Riot is now Element
Fixes  (Github Issue)
2020-07-17 11:31:20 +03:00
Slavi Pantaleev
f18037ae42 Disable TLSv1.1 by default 2020-01-30 12:56:20 +02:00
Aaron Raimist
5366aef0da
Fix Caddy example config for Dimension 2019-12-05 17:33:08 -06:00
Marcel Ackermann
cb900d64dd
Listen 8448 required for apache
Listen 8448 directive makes apache listen on that port, without it federation does not work.
2019-10-23 15:12:31 +02:00
Slavi Pantaleev
d90e11213f
Update comment to make it accurate 2019-09-02 09:47:33 +03:00
liquidat
72d3514408 Move pipelining option to ansible.cfg 2019-09-01 01:56:02 +02:00
Julian Foad
3b69db3c1e
More Apache ProxyPass directives need 'nocanon'
Invitations weren't working for me until I added 'nocanon' to these additional places. Until then, invitations failed with "Invalid signature for server ..." errors, as in https://github.com/matrix-org/synapse/issues/3294 .

I didn't check whether the user_directory/search proxy line also needs it, I just assumed it should have it too.

The other two proxy lines in this example also include a 'retry=0' parameter. That's a separate issue; I haven't touched it here.
2019-08-30 12:22:08 +01:00
muccid
2793e24b5b Addresses comments in PR. Fixes typo in docker-compose. Changes mount of static files to RO. Adds example and brief explaination for haproxy certificates. Fixes whitespaces in nginx.conf 2019-08-26 09:04:47 +03:00
sudneo
7f0b52e9e1 Formatting of haproxy.cfg 2019-08-25 22:59:47 +03:00
sudneo
f1a64df339 Formatting of haproxy.cfg 2019-08-25 22:58:55 +03:00
sudneo
06e8056173 Formatting of haproxy.cfg 2019-08-25 22:56:32 +03:00
sudneo
3dfa6a28f9 Typo 2019-08-25 22:55:27 +03:00
sudneo
b2e0e4efe3 Adds doc for HAproxy 2019-08-25 22:53:34 +03:00
Slavi Pantaleev
fcd96b5dee Add missing options to ProxyPass 2019-08-17 10:14:40 +03:00
Slavi Pantaleev
3cb34e6998 Improve Synapse reverse-proxying Apache examples
Thanks to @ralfi!
2019-08-17 10:13:45 +03:00
Slavi Pantaleev
e22672911d Add Server-Server API proxying to Apache example configuration
Contributed by @ralfi.
2019-08-16 10:08:09 +03:00
Slavi Pantaleev
d675cb3d4b
Serve /.well-known/matrix/server with proper Content-Type 2019-08-16 10:00:26 +03:00
Marcel Ackermann
d55db2bee2
quotes, simplify 2019-08-14 08:49:06 +02:00
Marcel Ackermann
18a2377472
missing Map /.well-known/matrix/server for server discovery 2019-08-13 20:40:04 +02:00
Slavi Pantaleev
b88db88cec Mention ansible_connection=local 2019-06-04 19:24:39 +03:00
Slavi Pantaleev
5bfd22d13b Fix incorrect inventory host_vars paths 2019-05-24 08:06:42 +09:00
Dan Arnfield
093859d926 Fix TRANSFORM_INVALID_GROUP_CHARS deprecation warning 2019-05-21 10:39:33 -05:00
Brendan Abolivier
cdac997ddb Improve comments for Caddy's TLS instructions 2019-05-09 13:22:23 +01:00
Brendan Abolivier
e067db613c Fix exception to proxying 2019-05-09 13:20:26 +01:00
084be8a194
Added comments noting that the TLS Certs might differ when using own certs 2019-04-16 19:41:38 +02:00
6d49fdea21
Remove single all-host config file (used as source for examples) 2019-04-16 19:38:43 +02:00
265dc2949d
Added example Caddyfiles for the containers 2019-04-16 19:36:03 +02:00
Slavi Pantaleev
c1a9549d54 Mention matrix_coturn_turn_external_ip_address in examples/hosts 2019-04-16 13:10:31 +03:00
Slavi Pantaleev
382e53bdee Make examples/hosts look cleaner
Putting a lot of comments inbetween `[matrix-servers]` and the example
host line may make someone decide to clean up the comment
and accidentally skip-over the `[matrix-servers]` part.
2019-04-11 09:54:42 +03:00
Slavi Pantaleev
841b525e7f Suggest ansible_ssh_pipelining=yes for hosts 2019-04-05 11:06:49 +03:00
Slavi Pantaleev
8660cd421e Add example Apache configuration for Dimension
Discussed in  (Github Issue).
2019-03-18 21:17:42 +02:00
Slavi Pantaleev
d18fe3610f Fix syntax problems in example Apache configuration
Related to  (Github Issue)
2019-03-18 20:45:20 +02:00
Slavi Pantaleev
a43bcd81fe Rename some variables 2019-02-28 11:51:09 +02:00
Slavi Pantaleev
9a251e4e46 Remove some more references to localhost
Continuation of 1f0cc92b33.

As an explanation for the problem:
when saying `localhost` on the host, it sometimes gets resolved to `::1`
and sometimes to `127.0.0.1`. On the unfortunate occassions that
it gets resolved to `::1`, the container won't be able to serve the
request, because Docker containers don't have IPv6 enabled by default.

To avoid this problem, we simply prevent any lookups from happening
and explicitly use `127.0.0.1`.
2019-02-05 11:11:28 +02:00
Slavi Pantaleev
5e8a7fd05b Update own-webserver guide and add sample Apache configuration
This supersedes  (Github Pull Request),
which was greatly beneficial in creating our sample Apache configuration.
2019-02-01 16:58:11 +02:00
Slavi Pantaleev
e09b7435d1 Update documentation a bit 2019-02-01 12:26:43 +02:00
Slavi Pantaleev
c10182e5a6 Make roles more independent of one another
With this change, the following roles are now only dependent
on the minimal `matrix-base` role:
- `matrix-corporal`
- `matrix-coturn`
- `matrix-mailer`
- `matrix-mxisd`
- `matrix-postgres`
- `matrix-riot-web`
- `matrix-synapse`

The `matrix-nginx-proxy` role still does too much and remains
dependent on the others.

Wiring up the various (now-independent) roles happens
via a glue variables file (`group_vars/matrix-servers`).
It's triggered for all hosts in the `matrix-servers` group.

According to Ansible's rules of priority, we have the following
chain of inclusion/overriding now:
- role defaults (mostly empty or good for independent usage)
- playbook glue variables (`group_vars/matrix-servers`)
- inventory host variables (`inventory/host_vars/matrix.<your-domain>`)

All roles default to enabling their main component
(e.g. `matrix_mxisd_enabled: true`, `matrix_riot_web_enabled: true`).
Reasoning: if a role is included in a playbook (especially separately,
in another playbook), it should "work" by default.

Our playbook disables some of those if they are not generally useful
(e.g. `matrix_corporal_enabled: false`).
2019-01-16 18:05:48 +02:00
Slavi Pantaleev
d28bdb3258 Add support for 2 more SSL certificate retrieval methods
Adds support for managing certificates manually and for
having the playbook generate self-signed certificates for you.

With this, Let's Encrypt usage is no longer required.

Fixes Github issue .
2018-12-23 11:00:12 +02:00
anadahz
792bed3f5a Fix add/config based on comments by @spantaleev 2018-11-23 00:42:54 +00:00
anadahz
3cb3f17a90 Add more configured options for riot-web and homeserver. 2018-11-18 02:00:08 +00:00
Hugues Morisset
45fb2df43f Fix some problem with permissions
Fix typo
Move mautrix variable in `defaults/main.yml` exclusively
2018-09-07 20:02:46 +02:00
Hugues Morisset
7b5f68c431 Add mautrix-telegram to bridge with telegram services 2018-09-07 20:02:46 +02:00
Slavi Pantaleev
839b401b28 Set up Synapse configuration using a template (not line/regexp replacements)
Until now, we were starting from a fresh configuration, as generated
by Synapse and manipulating it with regex and line replacements,
until we made it work.

This is more fragile and less predictable, so we're moving to a static
configuration file generated from a Jinja template.

The upside is that configuration will be stable and predictable.

The downside of this new approach is that any manual configuration changes
after the playbook is done, will be thrown away on future playbook
invocations.

There are 2 ways to work around the need for manual configuration
changes though:
- making them part of this playbook and its default template
configuration files (which benefits everyone)
- going your own way for a given host and overriding the template files
that gets used (that is, the
`matrix_synapse_template_synapse_homeserver` or
`matrix_synapse_template_synapse_log` variables)
2018-06-26 21:05:59 +03:00
Slavi Pantaleev
b3e62126db Switch Docker image to official one
Switching from from avhost/docker-matrix (silviof/docker-matrix)
to matrixdotorg/synapse.

The avhost/docker-matrix (silviof/docker-matrix) image used to bundle
in the coturn STUN/TURN server, so as part of the move,
we're separating this to a separately-ran service
(matrix-coturn.service, powered by instrumentisto/coturn-docker-image)
2018-05-25 21:58:53 +03:00
Slavi Pantaleev
cb323f5b4c Move SSL certificates from /etc/pki/acmetool-certs to /matrix/ssl
Moving keeps everything in the /matrix directory, so that we
wouldn't contaminate anything else on the system or risk
clashing with something else.

Also retrieving certificates separately for the Riot and Matrix domains,
which should help in multiple ways:

- allows them to be very different (completely separate base domain..)

- allows for Riot to be disabled for the playbook some time later
  and still have the code not break
2017-09-11 23:50:14 +03:00
Slavi Pantaleev
87f5883f24 Initial commit 2017-07-31 23:08:20 +03:00