Sfoglia il codice sorgente
fix: migrate Traefik Cert Dumper configuration
Relates to 904a98d56c.
Signed-off-by: The one with the braid <info@braid.business>
pull/4793/head
The one with the braid
2 mesi fa
committed by
Slavi Pantaleev
Slavi Pantaleev
5 ha cambiato i file con 21 aggiunte e 13 eliminazioni
-
+8 -0CHANGELOG.md
-
+1 -1docs/configuring-playbook-own-webserver.md
-
+4 -4docs/howto-srv-server-delegation.md
-
+7 -7group_vars/matrix_servers
-
+1 -1roles/custom/matrix-base/defaults/main.yml
+ 8
- 0
CHANGELOG.md
Vedi File
| @@ -1,3 +1,11 @@ | |||||
| # 2025-12-09 | |||||
| ## Traefik Cert Dumper upgrade | |||||
| The variable `traefik_certs_dumper_ssl_dir_path` was renamed to `traefik_certs_dumper_ssl_path`. Users who use [their own webserver with Traefik](docs/configuring-playbook-own-webserver.md) may need to adjust their configuration. | |||||
| The variable `traefik_certs_dumper_dumped_certificates_dir_path` was renamed to `traefik_certs_dumper_dumped_certificates_path`. Users who use [SRV Server Delegation](docs/howto-srv-server-delegation.md) may need to adjust their configuration. | |||||
| # 2025-11-23 | # 2025-11-23 | ||||
| ## Matrix.to support | ## Matrix.to support | ||||
+ 1
- 1
docs/configuring-playbook-own-webserver.md
Vedi File
| @@ -51,7 +51,7 @@ matrix_playbook_reverse_proxy_type: other-traefik-container | |||||
| # Adjust to point to your Traefik container | # Adjust to point to your Traefik container | ||||
| matrix_playbook_reverse_proxy_hostname: name-of-your-traefik-container | matrix_playbook_reverse_proxy_hostname: name-of-your-traefik-container | ||||
| traefik_certs_dumper_ssl_dir_path: "/path/to/your/traefiks/acme.json/directory" | |||||
| traefik_certs_dumper_ssl_path: "/path/to/your/traefiks/acme.json/directory" | |||||
| # Uncomment and adjust the variable below if the name of your federation entrypoint is different | # Uncomment and adjust the variable below if the name of your federation entrypoint is different | ||||
| # than the default value (matrix-federation). | # than the default value (matrix-federation). | ||||
+ 4
- 4
docs/howto-srv-server-delegation.md
Vedi File
| @@ -112,12 +112,12 @@ matrix_coturn_container_additional_volumes: | | |||||
| ( | ( | ||||
| [ | [ | ||||
| { | { | ||||
| 'src': (traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/certificate.crt'), | |||||
| 'src': (traefik_certs_dumper_dumped_certificates_path + '/*.' + matrix_domain + '/certificate.crt'), | |||||
| 'dst': '/certificate.crt', | 'dst': '/certificate.crt', | ||||
| 'options': 'ro', | 'options': 'ro', | ||||
| }, | }, | ||||
| { | { | ||||
| 'src': (traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/privatekey.key'), | |||||
| 'src': (traefik_certs_dumper_dumped_certificates_path + '/*.' + matrix_domain + '/privatekey.key'), | |||||
| 'dst': '/privatekey.key', | 'dst': '/privatekey.key', | ||||
| 'options': 'ro', | 'options': 'ro', | ||||
| }, | }, | ||||
| @@ -173,12 +173,12 @@ matrix_coturn_container_additional_volumes: | | |||||
| ( | ( | ||||
| [ | [ | ||||
| { | { | ||||
| 'src': (traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/certificate.crt'), | |||||
| 'src': (traefik_certs_dumper_dumped_certificates_path + '/*.' + matrix_domain + '/certificate.crt'), | |||||
| 'dst': '/certificate.crt', | 'dst': '/certificate.crt', | ||||
| 'options': 'ro', | 'options': 'ro', | ||||
| }, | }, | ||||
| { | { | ||||
| 'src': (traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/privatekey.key'), | |||||
| 'src': (traefik_certs_dumper_dumped_certificates_path + '/*.' + matrix_domain + '/privatekey.key'), | |||||
| 'dst': '/privatekey.key', | 'dst': '/privatekey.key', | ||||
| 'options': 'ro', | 'options': 'ro', | ||||
| }, | }, | ||||
+ 7
- 7
group_vars/matrix_servers
Vedi File
| @@ -2242,8 +2242,8 @@ matrix_postmoogle_container_image_self_build: "{{ matrix_architecture not in ['a | |||||
| matrix_postmoogle_ssl_path: |- | matrix_postmoogle_ssl_path: |- | ||||
| {{ | {{ | ||||
| { | { | ||||
| 'playbook-managed-traefik': (traefik_certs_dumper_dumped_certificates_dir_path if traefik_certs_dumper_enabled else ''), | |||||
| 'other-traefik-container': (traefik_certs_dumper_dumped_certificates_dir_path if traefik_certs_dumper_enabled else ''), | |||||
| 'playbook-managed-traefik': (traefik_certs_dumper_dumped_certificates_path if traefik_certs_dumper_enabled else ''), | |||||
| 'other-traefik-container': (traefik_certs_dumper_dumped_certificates_path if traefik_certs_dumper_enabled else ''), | |||||
| 'none': '', | 'none': '', | ||||
| }[matrix_playbook_reverse_proxy_type] | }[matrix_playbook_reverse_proxy_type] | ||||
| }} | }} | ||||
| @@ -3191,12 +3191,12 @@ matrix_coturn_container_additional_volumes: | | |||||
| ( | ( | ||||
| [ | [ | ||||
| { | { | ||||
| 'src': (traefik_certs_dumper_dumped_certificates_dir_path + '/' + matrix_server_fqn_matrix + '/certificate.crt'), | |||||
| 'src': (traefik_certs_dumper_dumped_certificates_path + '/' + matrix_server_fqn_matrix + '/certificate.crt'), | |||||
| 'dst': '/certificate.crt', | 'dst': '/certificate.crt', | ||||
| 'options': 'ro', | 'options': 'ro', | ||||
| }, | }, | ||||
| { | { | ||||
| 'src': (traefik_certs_dumper_dumped_certificates_dir_path + '/' + matrix_server_fqn_matrix + '/privatekey.key'), | |||||
| 'src': (traefik_certs_dumper_dumped_certificates_path + '/' + matrix_server_fqn_matrix + '/privatekey.key'), | |||||
| 'dst': '/privatekey.key', | 'dst': '/privatekey.key', | ||||
| 'options': 'ro', | 'options': 'ro', | ||||
| }, | }, | ||||
| @@ -5881,7 +5881,7 @@ traefik_certs_dumper_base_path: "{{ matrix_base_data_path }}/traefik-certs-dumpe | |||||
| traefik_certs_dumper_uid: "{{ matrix_user_uid }}" | traefik_certs_dumper_uid: "{{ matrix_user_uid }}" | ||||
| traefik_certs_dumper_gid: "{{ matrix_user_gid }}" | traefik_certs_dumper_gid: "{{ matrix_user_gid }}" | ||||
| traefik_certs_dumper_ssl_dir_path: "{{ traefik_ssl_dir_path if traefik_enabled else '' }}" | |||||
| traefik_certs_dumper_ssl_path: "{{ traefik_ssl_dir_path if traefik_enabled else '' }}" | |||||
| traefik_certs_dumper_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else traefik_certs_dumper_container_image_registry_prefix_upstream_default }}" | traefik_certs_dumper_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else traefik_certs_dumper_container_image_registry_prefix_upstream_default }}" | ||||
| @@ -5990,12 +5990,12 @@ livekit_server_container_additional_volumes_auto: | | |||||
| ( | ( | ||||
| [ | [ | ||||
| { | { | ||||
| 'src': (traefik_certs_dumper_dumped_certificates_dir_path + '/' + livekit_server_config_turn_domain + '/certificate.crt'), | |||||
| 'src': (traefik_certs_dumper_dumped_certificates_path + '/' + livekit_server_config_turn_domain + '/certificate.crt'), | |||||
| 'dst': livekit_server_config_turn_cert_file, | 'dst': livekit_server_config_turn_cert_file, | ||||
| 'options': 'ro', | 'options': 'ro', | ||||
| }, | }, | ||||
| { | { | ||||
| 'src': (traefik_certs_dumper_dumped_certificates_dir_path + '/' + livekit_server_config_turn_domain + '/privatekey.key'), | |||||
| 'src': (traefik_certs_dumper_dumped_certificates_path + '/' + livekit_server_config_turn_domain + '/privatekey.key'), | |||||
| 'dst': livekit_server_config_turn_key_file, | 'dst': livekit_server_config_turn_key_file, | ||||
| 'options': 'ro', | 'options': 'ro', | ||||
| }, | }, | ||||
+ 1
- 1
roles/custom/matrix-base/defaults/main.yml
Vedi File
| @@ -273,7 +273,7 @@ matrix_metrics_exposure_http_basic_auth_users: '' | |||||
| # - nevertheless, the playbook expects that you would install Traefik yourself via other means | # - nevertheless, the playbook expects that you would install Traefik yourself via other means | ||||
| # - you should make sure your Traefik configuration is compatible with what the playbook would have configured (web, web-secure, matrix-federation entrypoints, etc.) | # - you should make sure your Traefik configuration is compatible with what the playbook would have configured (web, web-secure, matrix-federation entrypoints, etc.) | ||||
| # - you need to set `matrix_playbook_reverse_proxyable_services_additional_network` to the name of your Traefik network | # - you need to set `matrix_playbook_reverse_proxyable_services_additional_network` to the name of your Traefik network | ||||
| # - Traefik certs dumper will be enabled by default (`traefik_certs_dumper_enabled`). You need to point it to your Traefik's SSL certificates (`traefik_certs_dumper_ssl_dir_path`) | |||||
| # - Traefik certs dumper will be enabled by default (`traefik_certs_dumper_enabled`). You need to point it to your Traefik's SSL certificates (`traefik_certs_dumper_ssl_path`) | |||||
| # | # | ||||
| # - `none` | # - `none` | ||||
| # - no reverse-proxy will be installed | # - no reverse-proxy will be installed | ||||