4d62a75f6f
We do this by creating one more layer of indirection. First we reach some generic vhost handling matrix.DOMAIN. A bunch of override rules are added there (capturing traffic to send to ma1sd, etc). nginx-status and similar generic things also live there. We then proxy to the homeserver on some other vhost (only Synapse being available right now, but repointing this to Dendrite or other will be possible in the future). Then that homeserver-specific vhost does its thing to proxy to the homeserver. It may or may not use workers, etc. Without matrix-corporal, the flow is now: 1. matrix.DOMAIN (matrix-nginx-proxy/matrix-domain.conf) 2. matrix-nginx-proxy/matrix-synapse.conf 3. matrix-synapse With matrix-corporal enabled, it becomes: 1. matrix.DOMAIN (matrix-nginx-proxy/matrix-domain.conf) 2. matrix-corporal 3. matrix-nginx-proxy/matrix-synapse.conf 4. matrix-synapse (matrix-corporal gets injected at step 2).
221 lines
8.5 KiB
YAML
221 lines
8.5 KiB
YAML
---
|
|
|
|
#
|
|
# Generic tasks that we always want to happen, regardless
|
|
# if the user wants matrix-nginx-proxy or not.
|
|
#
|
|
# If the user would set up their own nginx proxy server,
|
|
# the config files from matrix-nginx-proxy can be reused.
|
|
#
|
|
# It doesn't hurt to put them in place, even if they turn out
|
|
# to be unnecessary.
|
|
#
|
|
- name: Ensure Matrix nginx-proxy paths exist
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
mode: 0750
|
|
owner: "{{ matrix_user_username }}"
|
|
group: "{{ matrix_user_groupname }}"
|
|
with_items:
|
|
- "{{ matrix_nginx_proxy_base_path }}"
|
|
- "{{ matrix_nginx_proxy_data_path }}"
|
|
- "{{ matrix_nginx_proxy_confd_path }}"
|
|
|
|
- name: Ensure Matrix nginx-proxy configured (main config override)
|
|
template:
|
|
src: "{{ role_path }}/templates/nginx/nginx.conf.j2"
|
|
dest: "{{ matrix_nginx_proxy_base_path }}/nginx.conf"
|
|
mode: 0644
|
|
when: matrix_nginx_proxy_enabled|bool
|
|
|
|
- name: Ensure matrix-synapse-metrics-htpasswd is present (protecting /_synapse/metrics URI)
|
|
template:
|
|
src: "{{ role_path }}/templates/nginx/matrix-synapse-metrics-htpasswd.j2"
|
|
dest: "{{ matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd"
|
|
owner: "{{ matrix_user_username }}"
|
|
group: "{{ matrix_user_groupname }}"
|
|
mode: 0400
|
|
when: "matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled|bool and matrix_nginx_proxy_proxy_synapse_metrics|bool"
|
|
|
|
- name: Ensure Matrix nginx-proxy configured (generic)
|
|
template:
|
|
src: "{{ role_path }}/templates/nginx/conf.d/nginx-http.conf.j2"
|
|
dest: "{{ matrix_nginx_proxy_confd_path }}/nginx-http.conf"
|
|
mode: 0644
|
|
when: matrix_nginx_proxy_enabled|bool
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for matrix-synapse exists
|
|
template:
|
|
src: "{{ role_path }}/templates/nginx/conf.d/matrix-synapse.conf.j2"
|
|
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-synapse.conf"
|
|
mode: 0644
|
|
when: matrix_nginx_proxy_proxy_synapse_enabled|bool
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for matrix-synapse deleted
|
|
file:
|
|
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-synapse.conf"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_proxy_synapse_enabled|bool"
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for Element domain exists
|
|
template:
|
|
src: "{{ role_path }}/templates/nginx/conf.d/matrix-client-element.conf.j2"
|
|
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-client-element.conf"
|
|
mode: 0644
|
|
when: matrix_nginx_proxy_proxy_element_enabled|bool
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for riot domain exists
|
|
template:
|
|
src: "{{ role_path }}/templates/nginx/conf.d/matrix-riot-web.conf.j2"
|
|
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-riot-web.conf"
|
|
mode: 0644
|
|
when: matrix_nginx_proxy_proxy_riot_compat_redirect_enabled|bool
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for dimension domain exists
|
|
template:
|
|
src: "{{ role_path }}/templates/nginx/conf.d/matrix-dimension.conf.j2"
|
|
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-dimension.conf"
|
|
mode: 0644
|
|
when: matrix_nginx_proxy_proxy_dimension_enabled|bool
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for jitsi domain exists
|
|
template:
|
|
src: "{{ role_path }}/templates/nginx/conf.d/matrix-jitsi.conf.j2"
|
|
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-jitsi.conf"
|
|
mode: 0644
|
|
when: matrix_nginx_proxy_proxy_jitsi_enabled|bool
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for Matrix domain exists
|
|
template:
|
|
src: "{{ role_path }}/templates/nginx/conf.d/matrix-domain.conf.j2"
|
|
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-domain.conf"
|
|
mode: 0644
|
|
|
|
- name: Ensure Matrix nginx-proxy data directory for base domain exists
|
|
file:
|
|
path: "{{ matrix_nginx_proxy_data_path }}/matrix-domain"
|
|
state: directory
|
|
mode: 0750
|
|
owner: "{{ matrix_user_username }}"
|
|
group: "{{ matrix_user_groupname }}"
|
|
when: matrix_nginx_proxy_base_domain_serving_enabled|bool
|
|
|
|
- name: Ensure Matrix nginx-proxy homepage for base domain exists
|
|
copy:
|
|
content: "{{ matrix_nginx_proxy_base_domain_homepage_template }}"
|
|
dest: "{{ matrix_nginx_proxy_data_path }}/matrix-domain/index.html"
|
|
mode: 0644
|
|
owner: "{{ matrix_user_username }}"
|
|
group: "{{ matrix_user_groupname }}"
|
|
when: matrix_nginx_proxy_base_domain_serving_enabled|bool and matrix_nginx_proxy_base_domain_homepage_enabled|bool
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for base domain exists
|
|
template:
|
|
src: "{{ role_path }}/templates/nginx/conf.d/matrix-base-domain.conf.j2"
|
|
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-base-domain.conf"
|
|
mode: 0644
|
|
when: matrix_nginx_proxy_base_domain_serving_enabled|bool
|
|
|
|
#
|
|
# Tasks related to setting up matrix-nginx-proxy
|
|
#
|
|
- name: Ensure nginx Docker image is pulled
|
|
docker_image:
|
|
name: "{{ matrix_nginx_proxy_docker_image }}"
|
|
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
|
force_source: "{{ matrix_nginx_proxy_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
|
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_nginx_proxy_docker_image_force_pull }}"
|
|
when: matrix_nginx_proxy_enabled|bool
|
|
|
|
- name: Ensure matrix-nginx-proxy.service installed
|
|
template:
|
|
src: "{{ role_path }}/templates/systemd/matrix-nginx-proxy.service.j2"
|
|
dest: "{{ matrix_systemd_path }}/matrix-nginx-proxy.service"
|
|
mode: 0644
|
|
register: matrix_nginx_proxy_systemd_service_result
|
|
when: matrix_nginx_proxy_enabled|bool
|
|
|
|
- name: Ensure systemd reloaded after matrix-nginx-proxy.service installation
|
|
service:
|
|
daemon_reload: yes
|
|
when: "matrix_nginx_proxy_enabled and matrix_nginx_proxy_systemd_service_result.changed"
|
|
|
|
|
|
#
|
|
# Tasks related to getting rid of matrix-nginx-proxy (if it was previously enabled)
|
|
#
|
|
|
|
- name: Check existence of matrix-nginx-proxy service
|
|
stat:
|
|
path: "{{ matrix_systemd_path }}/matrix-nginx-proxy.service"
|
|
register: matrix_nginx_proxy_service_stat
|
|
when: "not matrix_nginx_proxy_enabled|bool"
|
|
|
|
- name: Ensure matrix-nginx-proxy is stopped
|
|
service:
|
|
name: matrix-nginx-proxy
|
|
state: stopped
|
|
daemon_reload: yes
|
|
register: stopping_result
|
|
when: "not matrix_nginx_proxy_enabled|bool and matrix_nginx_proxy_service_stat.stat.exists"
|
|
|
|
- name: Ensure matrix-nginx-proxy.service doesn't exist
|
|
file:
|
|
path: "{{ matrix_systemd_path }}/matrix-nginx-proxy.service"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_enabled|bool and matrix_nginx_proxy_service_stat.stat.exists"
|
|
|
|
- name: Ensure systemd reloaded after matrix-nginx-proxy.service removal
|
|
service:
|
|
daemon_reload: yes
|
|
when: "not matrix_nginx_proxy_enabled|bool and matrix_nginx_proxy_service_stat.stat.exists"
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for matrix domain deleted
|
|
file:
|
|
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-domain.conf"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_proxy_matrix_enabled|bool"
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for riot domain deleted
|
|
file:
|
|
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-riot-web.conf"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_proxy_riot_compat_redirect_enabled|bool"
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for dimension domain deleted
|
|
file:
|
|
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-dimension.conf"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_proxy_dimension_enabled|bool"
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for jitsi domain deleted
|
|
file:
|
|
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-jitsi.conf"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_proxy_jitsi_enabled|bool"
|
|
|
|
- name: Ensure Matrix nginx-proxy homepage for base domain deleted
|
|
file:
|
|
path: "{{ matrix_nginx_proxy_data_path }}/matrix-domain/index.html"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_base_domain_serving_enabled|bool"
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for base domain deleted
|
|
file:
|
|
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-base-domain.conf"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_base_domain_serving_enabled|bool"
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for main config override deleted
|
|
file:
|
|
path: "{{ matrix_nginx_proxy_base_path }}/nginx.conf"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_enabled|bool"
|
|
|
|
- name: Ensure Matrix nginx-proxy htpasswd is deleted (protecting /_synapse/metrics URI)
|
|
file:
|
|
path: "{{ matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled|bool or not matrix_nginx_proxy_proxy_synapse_metrics|bool"
|