Commit Graph

295 Commits

Author SHA1 Message Date
a84a24d9f5 Upgrade nginx (1.17.6 -> 1.17.7) 2020-01-11 17:32:02 +02:00
89dbe5cfc5 Add the ability to control the certbot HTTP bind port
Fixes  (Github Issue).
2019-12-19 09:07:24 +02:00
a78002f12b Upgrade certbot (0.40.1 -> 1.0.0) 2019-12-13 14:52:29 +02:00
0866f98957 Render vhost directives in https server block 2019-12-08 00:58:32 +01:00
ca3b158d94 Add support to matrix-nginx-proxy to work in HTTP-only mode 2019-12-06 11:53:15 +02:00
24646dc506 Update nginx (1.17.5 -> 1.17.6) 2019-11-21 09:38:59 -06:00
140002ed49 Update certbot (0.38.0 -> 0.40.1) 2019-11-13 15:19:38 -06:00
9b187eca8f Update nginx (1.17.4 -> 1.17.5) 2019-10-29 11:08:56 -05:00
aabb16d78b Fix spelling ngnix -> nginx 2019-10-04 11:07:37 +03:00
810d0fb0e4 Make it possible to serve static websites from the base domain 2019-10-03 11:24:04 +03:00
1dd1f9602f Merge pull request from thedanbob/certbot-0.38
Update certbot (0.37.1 -> 0.38.0)
2019-09-25 16:31:36 +03:00
c12ca8fff0 Update certbot (0.37.1 -> 0.38.0) 2019-09-25 06:17:12 -05:00
2dd9dc4882 Update nginx (1.17.3 -> 1.17.4) 2019-09-25 06:00:44 -05:00
db57618abd Update nginx and certbot 2019-08-17 10:21:23 +03:00
3e57a1463a Serve nginx status page over HTTPS as well
Continuation of  (Github Pull Request).

I had unintentionally updated the documentation for the feature,
saying the page is available at `https://matrix.DOMAIN/nginx_status`.

Looks like it wasn't the case, going against my expectations.

I'm correcting this with this patch.
The status page is being made available on both HTTP and HTTPS.
Serving over HTTP is likely necessary for services like
Longview
(https://www.linode.com/docs/platform/longview/longview-app-for-nginx/)
2019-08-07 12:53:53 +03:00
c32a3e3204 correct defaults 2019-08-07 10:56:29 +02:00
4b8190dc3f serve status page for matrix.DOMAIN only 2019-08-07 10:54:14 +02:00
51d5741bb3 Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy 2019-08-05 09:34:30 +02:00
6fc779dc83 Ensure matrix_ssl_retrieval_method value is valid
We recently had someone in the support room who set it to `false`
and the playbook ran without any issues.

This currently seems to yield the same result as 'none', but it's
better to avoid such behavior.
2019-08-02 11:59:10 +03:00
9296dfd094 Update nginx (1.17.1 -> 1.17.2) 2019-07-24 06:21:37 -05:00
5054fff88b Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy 2019-07-12 15:45:19 +02:00
1316d36f8b Fix deprecation warning (using cron module without name) 2019-07-09 09:11:38 +03:00
d88e261150 Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy 2019-07-05 16:12:29 +02:00
f83bbf8525 Bump nginx version 2019-07-04 22:59:21 -05:00
9874c3df90 Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy 2019-06-26 10:41:14 +02:00
ae3a1bb148 Update nginx to 1.17.0 2019-06-24 13:10:58 -05:00
8fcdac3738 Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy 2019-06-12 10:10:52 +02:00
7d3adc4512 Automatically force-pull :latest images
We do use some `:latest` images by default for the following services:
- matrix-dimension
- Goofys (in the matrix-synapse role)
- matrix-bridge-appservice-irc
- matrix-bridge-appservice-discord
- matrix-bridge-mautrix-facebook
- matrix-bridge-mautrix-whatsapp

It's terribly unfortunate that those software projects don't release
anything other than `:latest`, but that's how it is for now.

Updating that software requires that users manually do `docker pull`
on the server. The playbook didn't force-repull images that it already
had.

With this patch, it starts doing so. Any image tagged `:latest` will be
force re-pulled by the playbook every time it's executed.

It should be noted that even though we ask the `docker_image` module to
force-pull, it only reports "changed" when it actually pulls something
new. This is nice, because it lets people know exactly when something
gets updated, as opposed to giving the indication that it's always
updating the images (even though it isn't).
2019-06-10 14:30:28 +03:00
4b657b3822 Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy 2019-06-03 10:13:25 +02:00
7d8dde8a53 Add support for proxying /_synapse/admin APIs
Fixes  (Github Issue).
2019-05-29 08:32:24 +03:00
ab59cc50bd Add support for more flexible container port exposing
Fixes  (Github Issue).
2019-05-25 07:41:08 +09:00
0cfa73f153 Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy 2019-05-23 10:48:22 +02:00
9c23d877fe Fix docker_image option for ansible < 2.8 2019-05-22 05:43:33 -05:00
fa38c84be2 Fix casting int to string warning 2019-05-21 10:37:05 -05:00
db15791819 Add source option to docker_image to fix deprecation warning 2019-05-21 10:29:12 -05:00
3982f114af Fix CONDITIONAL_BARE_VARS deprecation warning in ansible 2.8 2019-05-21 10:25:59 -05:00
5c821b581a Check fullchain.pem, not cert.pem
While using certbot means we'll have both files retrieved,
it's actually the fullchain.pem file that we use in nginx configuration.

Using that one for the check makes more sense.
2019-05-21 11:58:18 +09:00
ae7c8d1524 Use SyslogIdentifier to improve logging
Reasoning is the same as for .

For us, the journal used to contain `docker` for all services, which
is not very helpful when looking at them all together (`journalctl -f`).
2019-05-16 09:43:46 +09:00
4315b472af Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy 2019-05-09 09:34:09 +02:00
171c6db41e Add option to proxy 3pid registration endpoints 2019-05-08 13:49:51 -05:00
c451025134 Fix indentation in templates
Use Jinja2 lstrip_blocks option in templates to ensure consistent
indentation in generated files.
2019-05-07 21:23:35 +02:00
e0b7b4dc61 Merge pull request from TheLastProject/feature/docker_add_hosts
Add the possibility to pass extra flags to the docker container
2019-05-05 10:22:59 +03:00
79ad60cf0a Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy 2019-05-02 14:31:18 +02:00
0e391b5870 Add explicit |int casting for more variables
As discussed in  (Github Pull Request), it's
a good idea to not selectively apply casting, but to do it in all
cases involving arithmetic operations.
2019-04-30 18:26:03 +03:00
75b1528d13 Add the possibility to pass extra flags to the docker container 2019-04-30 16:35:18 +02:00
db977ea584 Merge pull request from huguesdk/bugfix/nginx_proxy_tmpfs_size
Fix value of nginx-proxy tmpfs size
2019-04-29 09:00:37 +03:00
7c246b4a99 Make error about unset matrix_ssl_lets_encrypt_support_email more descriptive
Previously, we'd show an error like this:

{"changed": false, "item": null, "msg": "Detected an undefined required variable"}

.. which didn't mention the variable name
(`matrix_ssl_lets_encrypt_support_email`).
2019-04-28 11:02:17 +03:00
6aa6633ee7 Fix value of nginx-proxy tmpfs size
Use an int conversion in the computation of the value of
matrix_nginx_proxy_tmp_directory_size_mb, to have the integer value
multiplied by 50 instead of having the string repeated 50 times.
2019-04-27 21:54:21 +02:00
af8beb3627 Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy 2019-04-24 15:03:47 +02:00
ec0f936227 Try SSL renewal more frequently and reload later
It doesn't hurt to attempt renewal more frequently, as it only does
real work if it's actually necessary.

Reloading, we postpone some more, because certbot adds some random delay
(between 1 and 8 * 60 seconds) when renewing. We want to ensure
we reload at least 8 minutes later, which wasn't the case.

To make it even safer (in case future certbot versions use a longer
delay), we reload a whole hour later. We're in no rush to start using
the new certificates anyway, especially given that we attempt renewal
often.

Somewhat fixes  (Github Issue)
2019-04-23 17:59:02 +03:00