overmind
/
matrix-docker-ansible-deploy
зеркало из https://github.com/spantaleev/matrix-docker-ansible-deploy
1
0
Форкнуть 0
Код Задачи 0 Релизы 0 Вики Активность
Matrix Docker Ansible eploy
Вы не можете выбрать более 25 тем Темы должны начинаться с буквы или цифры, могут содержать дефисы(-) и должны содержать не более 35 символов.
238 коммитов
13 Ветки
525 MiB
 
 
Дерево: 5533db8a28
Ветки Теги
${ item.name }
Создать ветку ${ searchTerm }
из '5533db8a28'
${ noResults }
matrix-docker-ansible-deploy/roles/matrix-server/tasks/setup/setup_ssl_for_domain.yml

70 строки
2.7 KiB
Исходник Вина История 

  1. - debug:

  2.     msg: "Dealing with SSL certificate retrieval for domain: {{ domain_name }}"

  3. 

  4. - set_fact:

  5.     domain_name_certificate_path: "{{ matrix_ssl_config_dir_path }}/live/{{ domain_name }}/cert.pem"

  6. 

  7. - name: Check if a certificate for the domain already exists

  8.   stat:

  9.     path: "{{ domain_name_certificate_path }}"

  10.   register: domain_name_certificate_path_stat

  11. 

  12. - set_fact:

  13.     domain_name_needs_cert: "{{ not domain_name_certificate_path_stat.stat.exists }}"

  14. 

  15. # This will fail if there is something running on port 80 (like matrix-nginx-proxy).

  16. # We suppress the error, as we'll try another method below.

  17. - name: Attempt initial SSL certificate retrieval with standalone authenticator (directly)

  18.   shell: >-

  19.     /usr/bin/docker run

  20.     --rm

  21.     --name=matrix-certbot

  22.     --net=host

  23.     -v {{ matrix_ssl_config_dir_path }}:/etc/letsencrypt

  24.     -v {{ matrix_ssl_log_dir_path }}:/var/log/letsencrypt

  25.     {{ matrix_ssl_certbot_docker_image }}

  26.     certonly

  27.     --non-interactive

  28.     {% if matrix_ssl_use_staging %}--staging{% endif %}

  29.     --standalone

  30.     --preferred-challenges http

  31.     --agree-tos

  32.     --email={{ matrix_ssl_support_email }}

  33.     -d {{ domain_name }}

  34.   when: "domain_name_needs_cert"

  35.   register: result_certbot_direct

  36.   ignore_errors: true

  37. 

  38. # If matrix-nginx-proxy is configured from a previous run of this playbook,

  39. # and it's running now, it may be able to proxy requests to `matrix_ssl_certbot_standalone_http_port`.

  40. - name: Attempt initial SSL certificate retrieval with standalone authenticator (via proxy)

  41.   shell: >-

  42.     /usr/bin/docker run

  43.     --rm

  44.     --name=matrix-certbot

  45.     -p 127.0.0.1:{{ matrix_ssl_certbot_standalone_http_port }}:80

  46.     --network={{ matrix_docker_network }}

  47.     -v {{ matrix_ssl_config_dir_path }}:/etc/letsencrypt

  48.     -v {{ matrix_ssl_log_dir_path }}:/var/log/letsencrypt

  49.     {{ matrix_ssl_certbot_docker_image }}

  50.     certonly

  51.     --non-interactive

  52.     {% if matrix_ssl_use_staging %}--staging{% endif %}

  53.     --standalone

  54.     --preferred-challenges http

  55.     --agree-tos

  56.     --email={{ matrix_ssl_support_email }}

  57.     -d {{ domain_name }}

  58.   when: "domain_name_needs_cert and result_certbot_direct.failed"

  59.   register: result_certbot_proxy

  60.   ignore_errors: true

  61. 

  62. - name: Fail if all SSL certificate retrieval attempts failed

  63.   fail:

  64.     msg: |

  65.       Failed to obtain a certificate directly (by listening on port 80)

  66.       and also failed to obtain by relying on the server at port 80 to proxy the request.

  67.       See above for details.

  68.       You may wish to set up proxying of /.well-known/acme-challenge to {{ matrix_ssl_certbot_standalone_http_port }} or,

  69.       more easily, stop the server on port 80 while this playbook runs.

  70.   when: "domain_name_needs_cert and result_certbot_direct.failed and result_certbot_proxy.failed"