finallycoffee/matrix-docker-ansible-deploy
5
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Files
b129ab77cd56f2660360b419ed983e2496916e47
matrix-docker-ansible-deploy/roles/custom/matrix-static-files/tasks/self_check_well_known_file.yml
Suguru Hirahara 68a78857b8 Add license information to files for matrix-static-files 
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
2025-03-03 17:58:55 +09:00

83 lines
4.6 KiB
YAML
Raw Blame History

# SPDX-FileCopyrightText: 2019 - 2024 Slavi Pantaleev
# SPDX-FileCopyrightText: 2020 Dan Arnfield
# SPDX-FileCopyrightText: 2020 MDAD project contributors
# SPDX-FileCopyrightText: 2021 Alexandros Afentoulis
# SPDX-FileCopyrightText: 2022 Marko Weltzer
# SPDX-FileCopyrightText: 2024 Suguru Hirahara
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
- ansible.builtin.set_fact:
well_known_url_matrix: "{{ matrix_static_files_scheme }}://{{ matrix_static_files_self_check_hostname_matrix }}{{ well_known_file_check.path }}"
well_known_url_identity: "{{ matrix_static_files_scheme }}://{{ matrix_static_files_self_check_hostname_identity }}{{ well_known_file_check.path }}"
# These well-known files may be served without a `Content-Type: application/json` header,
# so we can't rely on the uri module's automatic parsing of JSON.
- name: Check .well-known on the Matrix hostname
ansible.builtin.uri:
url: "{{ well_known_url_matrix }}"
follow_redirects: none
return_content: true
validate_certs: "{{ well_known_file_check.validate_certs }}"
headers:
Origin: example.com
check_mode: false
register: result_well_known_matrix
ignore_errors: true
- name: Fail if .well-known not working on the Matrix hostname
ansible.builtin.fail:
msg: "Failed checking that the well-known file for {{ well_known_file_check.purpose }} is configured at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`). Is port 443 open in your firewall? Full error: {{ result_well_known_matrix }}"
when: "result_well_known_matrix.failed"
- name: Parse JSON for well-known payload at the Matrix hostname
ansible.builtin.set_fact:
well_known_matrix_payload: "{{ result_well_known_matrix.content | from_json }}"
- name: Fail if .well-known not CORS-aware on the Matrix hostname
ansible.builtin.fail:
msg: "The well-known file for {{ well_known_file_check.purpose }} on `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`) is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set."
when: "well_known_file_check.cors and 'access_control_allow_origin' not in result_well_known_matrix"
- name: Report working .well-known on the Matrix hostname
ansible.builtin.debug:
msg: "well-known for {{ well_known_file_check.purpose }} is configured correctly for `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`)"
- name: Check .well-known on the identity hostname
ansible.builtin.uri:
url: "{{ well_known_url_identity }}"
follow_redirects: "{{ well_known_file_check.follow_redirects }}"
return_content: true
validate_certs: "{{ well_known_file_check.validate_certs }}"
headers:
Origin: example.com
check_mode: false
register: result_well_known_identity
ignore_errors: true
- name: Fail if .well-known not working on the identity hostname
ansible.builtin.fail:
msg: "Failed checking that the well-known file for {{ well_known_file_check.purpose }} is configured at `{{ matrix_domain }}` (checked endpoint: `{{ well_known_url_identity }}`). Is port 443 open in your firewall? Full error: {{ result_well_known_identity }}"
when: "result_well_known_identity.failed"
- name: Parse JSON for well-known payload at the identity hostname
ansible.builtin.set_fact:
well_known_identity_payload: "{{ result_well_known_identity.content | from_json }}"
- name: Fail if .well-known not CORS-aware on the identity hostname
ansible.builtin.fail:
msg: "The well-known file for {{ well_known_file_check.purpose }} on `{{ matrix_domain }}` (checked endpoint: `{{ well_known_url_identity }}`) is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set. See docs/configuring-well-known.md"
when: "well_known_file_check.cors and 'access_control_allow_origin' not in result_well_known_identity"
# For people who manually copy the well-known file, try to detect if it's outdated
- name: Fail if well-known is different on Matrix hostname and identity hostname
ansible.builtin.fail:
msg: "The well-known files for {{ well_known_file_check.purpose }} at `{{ matrix_server_fqn_matrix }}` and `{{ matrix_domain }}` are different. Perhaps you copied the file ({{ well_known_file_check.path }}) manually before and now it's outdated?"
when: "well_known_matrix_payload != well_known_identity_payload"
- name: Report working .well-known on the identity hostname
ansible.builtin.debug:
msg: "well-known for {{ well_known_file_check.purpose }} ({{ well_known_file_check.path }}) is configured correctly for `{{ matrix_domain }}` (checked endpoint: `{{ well_known_url_identity }}`)"
Reference in New Issue View Git Blame Copy Permalink