overmind
/
matrix-docker-ansible-deploy
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy
1
0
Fork 0
Code Issues 0 Releases 0 Wiki Activity
Matrix Docker Ansible eploy
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
323 Commits
12 Branches
923 MiB
 
 
Tree: a2cab1bc0f
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a2cab1bc0f'
${ noResults }
matrix-docker-ansible-deploy/roles/matrix-nginx-proxy/defaults/main.yml

53 lines
2.6 KiB
Raw Blame History 

  1. # By default, this playbook sets up its own nginx proxy server on port 80/443.

  2. # This is fine if you're dedicating the whole server to Matrix.

  3. # But in case that's not the case, you may wish to prevent that

  4. # and take care of proxying by yourself.

  5. matrix_nginx_proxy_enabled: true

  6. matrix_riot_web_enabled: true

  7. matrix_corporal_enabled: false

  8. 

  9. matrix_nginx_proxy_docker_image: "nginx:1.15.8-alpine"

  10. 

  11. matrix_nginx_proxy_data_path: "{{ matrix_base_data_path }}/nginx-proxy"

  12. matrix_nginx_proxy_confd_path: "{{ matrix_nginx_proxy_data_path }}/conf.d"

  13. 

  14. # The addresses where the Matrix Client API is.

  15. # Certain extensions (like matrix-corporal) may override this in order to capture all traffic.

  16. matrix_nginx_proxy_matrix_client_api_addr_with_proxy_container: "matrix-synapse:8008"

  17. matrix_nginx_proxy_matrix_client_api_addr_sans_proxy_container: "localhost:8008"

  18. 

  19. # Specifies when to reload the matrix-nginx-proxy service so that

  20. # a new SSL certificate could go into effect.

  21. matrix_nginx_proxy_reload_cron_time_definition: "20 4 */5 * *"

  22. 

  23. # Specifies which SSL protocols to use when serving Riot and Synapse

  24. # Note TLSv1.3 is not yet available in dockerized nginx

  25. # See: https://github.com/nginxinc/docker-nginx/issues/190

  26. matrix_nginx_proxy_ssl_protocols: "TLSv1.1 TLSv1.2"

  27. 

  28. # By default, this playbook automatically retrieves and auto-renews

  29. # free SSL certificates from Let's Encrypt.

  30. #

  31. # The following retrieval methods are supported:

  32. # - "lets-encrypt" - the playbook obtains free SSL certificates from Let's Encrypt

  33. # - "self-signed" - the playbook generates and self-signs certificates

  34. # - "manually-managed" - lets you manage certificates by yourself (manually; see below)

  35. #

  36. # If you decide to manage certificates by yourself (`matrix_ssl_retrieval_method: manually-managed`),

  37. # you'd need to drop them into the directory specified by `matrix_ssl_config_dir_path`

  38. # obeying the following hierarchy:

  39. # - <matrix_ssl_config_dir_path>/live/<domain>/fullchain.pem

  40. # - <matrix_ssl_config_dir_path>/live/<domain>/privkey.pem

  41. # where <domain> refers to the domains that you need (usually `hostname_matrix` and `hostname_riot`).

  42. matrix_ssl_retrieval_method: "lets-encrypt"

  43. 

  44. # Controls whether to obtain production or staging certificates from Let's Encrypt.

  45. matrix_ssl_lets_encrypt_staging: false

  46. matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:v0.30.0"

  47. matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402

  48. matrix_ssl_lets_encrypt_support_email: "{{ host_specific_matrix_ssl_lets_encrypt_support_email }}"

  49. 

  50. matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl"

  51. matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config"

  52. matrix_ssl_log_dir_path: "{{ matrix_ssl_base_path }}/log"