Aaron Raimist
7 лет назад
Не найден GPG ключ соответствующий данной подписи
Идентификатор GPG ключа: 37419210002890EF
4 измененных файлов: 18 добавлений и 2 удалений
-
+11 -0CHANGELOG.md
-
+5 -0roles/matrix-server/defaults/main.yml
-
+1 -1roles/matrix-server/templates/nginx-conf.d/matrix-riot-web.conf.j2
-
+1 -1roles/matrix-server/templates/nginx-conf.d/matrix-synapse.conf.j2
+ 11
- 0
CHANGELOG.md
Просмотреть файл
| @@ -1,3 +1,14 @@ | |||||
| # 2018-11-03 | |||||
| ## SSL protocols used to serve Riot and Synapse | |||||
| There's now a new `matrix_nginx_proxy_ssl_protocols` playbook variable, which controls the SSL protocols used to serve Riot and Synapse. It's default value is `TLSv1.1 TLSv1.2`. This playbook previously used `TLSv1 TLSv1.1 TLSv1.2` to serve Riot and Synapse. | |||||
| You may wish to reenable TLSv1 if you need to access Riot in older browsers. | |||||
| Note: Currently the dockerized nginx doesn't support TLSv1.3. See https://github.com/nginxinc/docker-nginx/issues/190 for more details. | |||||
| # 2018-11-01 | # 2018-11-01 | ||||
| ## Postgres 11 support | ## Postgres 11 support | ||||
+ 5
- 0
roles/matrix-server/defaults/main.yml
Просмотреть файл
| @@ -294,6 +294,11 @@ matrix_nginx_proxy_matrix_client_api_addr_sans_proxy_container: "localhost:8008" | |||||
| # a new SSL certificate could go into effect. | # a new SSL certificate could go into effect. | ||||
| matrix_nginx_proxy_reload_cron_time_definition: "20 4 */5 * *" | matrix_nginx_proxy_reload_cron_time_definition: "20 4 */5 * *" | ||||
| # Specifies which SSL protocols to use when serving Riot and Synapse | |||||
| # Note TLSv1.3 is not yet available in dockerized nginx | |||||
| # See: https://github.com/nginxinc/docker-nginx/issues/190 | |||||
| matrix_nginx_proxy_ssl_protocols: "TLSv1.1 TLSv1.2" | |||||
| matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl" | matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl" | ||||
| matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config" | matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config" | ||||
+ 1
- 1
roles/matrix-server/templates/nginx-conf.d/matrix-riot-web.conf.j2
Просмотреть файл
| @@ -35,7 +35,7 @@ server { | |||||
| ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ hostname_riot }}/fullchain.pem; | ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ hostname_riot }}/fullchain.pem; | ||||
| ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ hostname_riot }}/privkey.pem; | ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ hostname_riot }}/privkey.pem; | ||||
| ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; | |||||
| ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }}; | |||||
| ssl_prefer_server_ciphers on; | ssl_prefer_server_ciphers on; | ||||
| ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; | ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; | ||||
+ 1
- 1
roles/matrix-server/templates/nginx-conf.d/matrix-synapse.conf.j2
Просмотреть файл
| @@ -35,7 +35,7 @@ server { | |||||
| ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ hostname_matrix }}/fullchain.pem; | ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ hostname_matrix }}/fullchain.pem; | ||||
| ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ hostname_matrix }}/privkey.pem; | ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ hostname_matrix }}/privkey.pem; | ||||
| ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; | |||||
| ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }}; | |||||
| ssl_prefer_server_ciphers on; | ssl_prefer_server_ciphers on; | ||||
| ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; | ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; | ||||