Do not hardcode https:// in all remaining places, refer to matrix_static_files_scheme

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3333

group_vars/matrix_servers

@@ -506,7 +506,7 @@ docker_daemon_options: "{{ matrix_playbook_docker_installation_daemon_options }}
 #
 ######################################################################
 
-matrix_identity_server_url: "{{ ('https://' + matrix_server_fqn_matrix) if matrix_ma1sd_enabled else None }}"
+matrix_identity_server_url: "{{ (('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_matrix) if matrix_ma1sd_enabled else None }}"
 
 matrix_homeserver_systemd_services_list: |-
   {{
@@ -1913,8 +1913,8 @@ matrix_hookshot_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_p
 matrix_hookshot_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
 matrix_hookshot_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
 
+matrix_hookshot_public_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
 matrix_hookshot_public_hostname: "{{ matrix_server_fqn_matrix }}"
-matrix_hookshot_urlprefix: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}://{{ matrix_server_fqn_matrix }}"
 
 ######################################################################
 #
@@ -2923,6 +2923,8 @@ matrix_corporal_container_labels_traefik_docker_network: "{{ matrix_playbook_rev
 matrix_corporal_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
 matrix_corporal_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
 
+matrix_corporal_matrix_homeserver_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
+
 matrix_corporal_matrix_homeserver_api_endpoint: "{{ matrix_homeserver_container_url }}"
 
 matrix_corporal_matrix_auth_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
@@ -3080,7 +3082,7 @@ matrix_dimension_container_labels_traefik_tls_certResolver: "{{ devture_traefik_
 
 matrix_dimension_homeserver_clientServerUrl: "{{ matrix_addons_homeserver_client_api_url }}"
 matrix_dimension_homeserver_federationUrl: "{{ matrix_homeserver_container_federation_url }}"
-matrix_dimension_homeserver_mediaUrl: "https://{{ matrix_server_fqn_matrix }}"
+matrix_dimension_homeserver_mediaUrl: "{{ ('https' if matrix_playbook_ssl_enabled else 'http') }}://{{ matrix_server_fqn_matrix }}"
 
 # Dimension depends both on `matrix_addons_homeserver_systemd_services_list` and on the homeserver service,
 # because `matrix_dimension_homeserver_clientServerUrl` and `matrix_dimension_homeserver_federationUrl` are potentially
@@ -4019,6 +4021,8 @@ keydb_arch: |-
 # If you wish to connect to your Matrix server by other means, you may wish to disable this.
 matrix_client_element_enabled: true
 
+matrix_client_element_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
+
 matrix_client_element_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
 
 matrix_client_element_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8765') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
@@ -4081,6 +4085,8 @@ matrix_client_hydrogen_container_labels_traefik_docker_network: "{{ matrix_playb
 matrix_client_hydrogen_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
 matrix_client_hydrogen_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
 
+matrix_client_hydrogen_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
+
 matrix_client_hydrogen_default_hs_url: "{{ matrix_homeserver_url }}"
 
 matrix_client_hydrogen_self_check_validate_certificates: "{{ matrix_playbook_ssl_enabled }}"
@@ -4112,6 +4118,8 @@ matrix_client_cinny_container_labels_traefik_docker_network: "{{ matrix_playbook
 matrix_client_cinny_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
 matrix_client_cinny_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
 
+matrix_client_cinny_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
+
 matrix_client_cinny_default_hs_url: "{{ matrix_homeserver_url }}"
 
 matrix_client_cinny_self_check_validate_certificates: "{{ matrix_playbook_ssl_enabled }}"
@@ -4130,6 +4138,8 @@ matrix_client_cinny_self_check_validate_certificates: "{{ matrix_playbook_ssl_en
 
 matrix_client_schildichat_enabled: false
 
+matrix_client_schildichat_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
+
 matrix_client_schildichat_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
 
 matrix_client_schildichat_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8765') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
@@ -4804,7 +4814,7 @@ matrix_registration_container_labels_traefik_docker_network: "{{ matrix_playbook
 matrix_registration_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
 matrix_registration_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
 
-matrix_registration_riot_instance: "{{ ('https://' + matrix_server_fqn_element) if matrix_client_element_enabled else 'https://element.io/app/' }}"
+matrix_registration_riot_instance: "{{ (('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element) if matrix_client_element_enabled else 'https://element.io/app/' }}"
 
 matrix_registration_shared_secret: |-
   {{
@@ -5171,17 +5181,19 @@ matrix_static_files_container_labels_base_domain_traefik_hostname: "{{ matrix_do
 
 # If we're not serving a static webpage, serve a redirect instead of a 404.
 matrix_static_files_container_labels_base_domain_root_path_redirection_enabled: "{{ not matrix_static_files_file_index_html_enabled }}"
-matrix_static_files_container_labels_base_domain_root_path_redirection_url: "https://{{ matrix_server_fqn_matrix }}"
+matrix_static_files_container_labels_base_domain_root_path_redirection_url: "{{ ('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_matrix }}"
 
 matrix_static_files_file_matrix_client_property_io_element_jitsi_preferred_domain: "{{ matrix_server_fqn_jitsi if jitsi_enabled else '' }}"
 
 matrix_static_files_file_matrix_client_property_org_matrix_msc3575_proxy_url: "{{ matrix_homeserver_sliding_sync_url }}"
 
 matrix_static_files_file_matrix_client_property_m_tile_server_entries_enabled: "{{ matrix_client_element_location_sharing_enabled }}"
-matrix_static_files_file_matrix_client_property_m_tile_server_map_style_url: "https://{{ matrix_server_fqn_element }}/map_style.json"
+matrix_static_files_file_matrix_client_property_m_tile_server_map_style_url: "{{ ('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element }}/map_style.json"
 
 matrix_static_files_file_matrix_server_property_m_server: "{{ matrix_server_fqn_matrix_federation }}:{{ matrix_federation_public_port }}"
 
+matrix_static_files_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
+
 matrix_static_files_self_check_hostname_matrix: "{{ matrix_server_fqn_matrix }}"
 matrix_static_files_self_check_hostname_identity: "{{ matrix_domain }}"
 

roles/custom/matrix-base/defaults/main.yml

@@ -154,7 +154,7 @@ matrix_host_command_chown: "/usr/bin/env chown"
 matrix_host_command_fusermount: "/usr/bin/env fusermount"
 matrix_host_command_openssl: "/usr/bin/env openssl"
 
-matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}"
+matrix_homeserver_url: "{{ ('https' if matrix_playbook_ssl_enabled else 'http') }}://{{ matrix_server_fqn_matrix }}"
 
 # Specifies on which container network the homeserver is.
 matrix_homeserver_container_network: "matrix-homeserver"

roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml

@@ -19,8 +19,8 @@ matrix_bot_matrix_registration_bot_base_path: "{{ matrix_base_data_path }}/matri
 matrix_bot_matrix_registration_bot_config_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/config"
 matrix_bot_matrix_registration_bot_data_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/data"
 
-matrix_bot_matrix_registration_bot_bot_server: "https://{{ matrix_server_fqn_matrix }}"
-matrix_bot_matrix_registration_bot_api_base_url: "https://{{ matrix_server_fqn_matrix }}"
+matrix_bot_matrix_registration_bot_bot_server: "{{ matrix_homeserver_url }}"
+matrix_bot_matrix_registration_bot_api_base_url: "{{ matrix_homeserver_url }}"
 
 
 # The bot's password (can also be used to login via a client like element)

roles/custom/matrix-bridge-appservice-irc/defaults/main.yml

@@ -23,7 +23,7 @@ matrix_appservice_irc_config_path: "{{ matrix_appservice_irc_base_path }}/config
 matrix_appservice_irc_data_path: "{{ matrix_appservice_irc_base_path }}/data"
 
 matrix_appservice_irc_homeserver_url: ""
-matrix_appservice_irc_homeserver_media_url: 'https://{{ matrix_server_fqn_matrix }}'
+matrix_appservice_irc_homeserver_media_url: '{{ matrix_homeserver_url }}'
 matrix_appservice_irc_homeserver_domain: '{{ matrix_domain }}'
 matrix_appservice_irc_homeserver_enablePresence: true  # noqa var-naming
 matrix_appservice_irc_appservice_address: 'http://matrix-appservice-irc:9999'

roles/custom/matrix-bridge-hookshot/defaults/main.yml

@@ -30,10 +30,11 @@ matrix_hookshot_docker_src_files_path: "{{ matrix_hookshot_base_path }}/docker-s
 matrix_hookshot_homeserver_address: ""
 matrix_hookshot_container_url: 'matrix-hookshot'
 
+matrix_hookshot_public_scheme: https
 matrix_hookshot_public_hostname: "{{ matrix_server_fqn_matrix }}"
 matrix_hookshot_public_endpoint: /hookshot
 
-matrix_hookshot_urlprefix: "https://{{ matrix_hookshot_public_hostname }}{{ matrix_hookshot_public_endpoint }}"
+matrix_hookshot_urlprefix: "{{ matrix_hookshot_public_scheme }}://{{ matrix_hookshot_public_hostname }}{{ matrix_hookshot_public_endpoint }}"
 
 # There is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead.
 matrix_hookshot_appservice_port: 9993

roles/custom/matrix-bridge-mx-puppet-discord/defaults/main.yml

@@ -31,7 +31,7 @@ matrix_mx_puppet_discord_homeserver_address: ""
 matrix_mx_puppet_discord_homeserver_domain: '{{ matrix_domain }}'
 matrix_mx_puppet_discord_appservice_address: 'http://matrix-mx-puppet-discord:{{ matrix_mx_puppet_discord_appservice_port }}'
 
-matrix_mx_puppet_discord_bridge_mediaUrl: "https://{{ matrix_server_fqn_matrix }}"  # noqa var-naming
+matrix_mx_puppet_discord_bridge_mediaUrl: "{{ matrix_homeserver_url }}"  # noqa var-naming
 
 # "@user:server.com" to allow specific user
 # "@.*:yourserver.com" to allow users on a specific homeserver

roles/custom/matrix-bridge-mx-puppet-twitter/defaults/main.yml

@@ -40,7 +40,7 @@ matrix_mx_puppet_twitter_access_token: ''
 matrix_mx_puppet_twitter_access_token_secret: ''
 matrix_mx_puppet_twitter_environment: ''
 matrix_mx_puppet_twitter_server_path: "{{ matrix_mx_puppet_twitter_path_prefix }}"
-matrix_mx_puppet_twitter_server_url: 'https://{{ matrix_server_fqn_matrix }}{{ matrix_mx_puppet_twitter_server_path }}'
+matrix_mx_puppet_twitter_server_url: '{{ matrix_homeserver_url }}{{ matrix_mx_puppet_twitter_server_path }}'
 
 # "@user:server.com" to allow specific user
 # "@.*:yourserver.com" to allow users on a specific homeserver

roles/custom/matrix-client-cinny/defaults/main.yml

@@ -125,6 +125,8 @@ matrix_client_cinny_floc_optout_enabled: true
 # See: `matrix_client_cinny_http_header_strict_transport_security`
 matrix_client_cinny_hsts_preload_enabled: false
 
+matrix_client_cinny_scheme: https
+
 # The hostname at which Cinny is served.
 # Only works with with Traefik reverse-proxying.
 matrix_client_cinny_hostname: "{{ matrix_server_fqn_cinny }}"

roles/custom/matrix-client-cinny/tasks/self_check.yml

@@ -1,7 +1,7 @@
 ---
 
 - ansible.builtin.set_fact:
-    matrix_client_cinny_url_endpoint_public: "https://{{ matrix_client_cinny_hostname }}{{ matrix_client_cinny_path_prefix }}/config.json"
+    matrix_client_cinny_url_endpoint_public: "{{ matrix_client_cinny_scheme }}://{{ matrix_client_cinny_hostname }}{{ matrix_client_cinny_path_prefix }}/config.json"
 
 - name: Check Cinny
   ansible.builtin.uri:

roles/custom/matrix-client-element/defaults/main.yml

@@ -129,6 +129,7 @@ matrix_client_element_floc_optout_enabled: true
 # See: `matrix_client_element_http_header_strict_transport_security`
 matrix_client_element_hsts_preload_enabled: false
 
+matrix_client_element_scheme: https
 # The hostname at which Element is served.
 matrix_client_element_hostname: "{{ matrix_server_fqn_element }}"
 
@@ -140,6 +141,7 @@ matrix_client_element_path_prefix: /
 matrix_client_element_default_server_name: "{{ matrix_domain }}"
 matrix_client_element_default_hs_url: ""
 matrix_client_element_default_is_url: ~
+matrix_client_element_map_style_url: "{{ matrix_client_element_scheme }}://{{ matrix_client_element_hostname }}/map_style.json"
 matrix_client_element_disable_custom_urls: true
 matrix_client_element_disable_guests: true
 matrix_client_element_integrations_ui_url: "https://scalar.vector.im/"

roles/custom/matrix-client-element/tasks/self_check.yml

@@ -1,7 +1,7 @@
 ---
 
 - ansible.builtin.set_fact:
-    matrix_client_element_url_endpoint_public: "https://{{ matrix_server_fqn_element }}/config.json"
+    matrix_client_element_url_endpoint_public: "{{ matrix_client_element_scheme }}://{{ matrix_client_element_hostname }}/config.json"
 
 - name: Check Element
   ansible.builtin.uri:

roles/custom/matrix-client-element/templates/config.json.j2

@@ -38,7 +38,7 @@
     },
 	{% endif %}
 	{% if matrix_client_element_location_sharing_enabled %}
-	"map_style_url": "https://{{ matrix_server_fqn_element }}/map_style.json",
+	"map_style_url": {{ matrix_client_element_map_style_url | to_json }},
 	{% endif %}
 	"branding": {
 		"auth_footer_links": {{ matrix_client_element_branding_auth_footer_links | to_json }},

roles/custom/matrix-client-hydrogen/defaults/main.yml

@@ -124,6 +124,8 @@ matrix_client_hydrogen_floc_optout_enabled: true
 # See: `matrix_client_hydrogen_http_header_strict_transport_security`
 matrix_client_hydrogen_hsts_preload_enabled: false
 
+matrix_client_hydrogen_scheme: https
+
 # The hostname at which Hydrogen is served.
 matrix_client_hydrogen_hostname: "{{ matrix_server_fqn_hydrogen }}"
 

roles/custom/matrix-client-hydrogen/tasks/self_check.yml

@@ -1,7 +1,7 @@
 ---
 
 - ansible.builtin.set_fact:
-    matrix_client_hydrogen_url_endpoint_public: "https://{{ matrix_client_hydrogen_hostname }}{{ matrix_client_hydrogen_path_prefix }}/config.json"
+    matrix_client_hydrogen_url_endpoint_public: "{{ matrix_client_hydrogen_scheme }}://{{ matrix_client_hydrogen_hostname }}{{ matrix_client_hydrogen_path_prefix }}/config.json"
 
 - name: Check Hydrogen
   ansible.builtin.uri:

roles/custom/matrix-client-schildichat/defaults/main.yml

@@ -123,6 +123,7 @@ matrix_client_schildichat_floc_optout_enabled: true
 # See: `matrix_client_schildichat_http_header_strict_transport_security`
 matrix_client_schildichat_hsts_preload_enabled: false
 
+matrix_client_schildichat_scheme: https
 # The hostname at which schildichat is served.
 matrix_client_schildichat_hostname: "{{ matrix_server_fqn_schildichat }}"
 
@@ -134,6 +135,7 @@ matrix_client_schildichat_path_prefix: /
 matrix_client_schildichat_default_server_name: "{{ matrix_domain }}"
 matrix_client_schildichat_default_hs_url: ""
 matrix_client_schildichat_default_is_url: ~
+matrix_client_schildichat_map_style_url: "{{ matrix_client_schildichat_scheme }}://{{ matrix_client_schildichat_hostname }}/map_style.json"
 matrix_client_schildichat_disable_custom_urls: true
 matrix_client_schildichat_disable_guests: true
 matrix_client_schildichat_integrations_ui_url: "https://scalar.vector.im/"

roles/custom/matrix-client-schildichat/tasks/self_check.yml

@@ -1,7 +1,7 @@
 ---
 
 - ansible.builtin.set_fact:
-    matrix_client_schildichat_url_endpoint_public: "https://{{ matrix_server_fqn_schildichat }}/config.json"
+    matrix_client_schildichat_url_endpoint_public: "{{ matrix_client_schildichat_scheme }}://{{ matrix_client_schildichat_hostname }}/config.json"
 
 - name: Check schildichat
   ansible.builtin.uri:

roles/custom/matrix-client-schildichat/templates/config.json.j2

@@ -38,7 +38,7 @@
     },
 	{% endif %}
 	{% if matrix_client_schildichat_location_sharing_enabled %}
-	"map_style_url": "https://{{ matrix_server_fqn_schildichat }}/map_style.json",
+	"map_style_url": {{ matrix_client_schildichat_map_style_url | to_json }},
 	{% endif %}
 	"branding": {
 		"auth_footer_links": {{ matrix_client_schildichat_branding_auth_footer_links | to_json }},

roles/custom/matrix-conduit/vars/main.yml

@@ -1,3 +1,3 @@
 ---
-matrix_conduit_client_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/client/versions"
-matrix_conduit_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}:{{ matrix_federation_public_port }}/_matrix/federation/v1/version"
+matrix_conduit_client_api_url_endpoint_public: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}://{{ matrix_conduit_hostname }}/_matrix/client/versions"
+matrix_conduit_federation_api_url_endpoint_public: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}://{{ matrix_conduit_hostname }}:{{ matrix_federation_public_port }}/_matrix/federation/v1/version"

roles/custom/matrix-corporal/defaults/main.yml

@@ -92,6 +92,7 @@ matrix_corporal_config_dir_path: "{{ matrix_corporal_base_path }}/config"
 matrix_corporal_cache_dir_path: "{{ matrix_corporal_base_path }}/cache"
 matrix_corporal_var_dir_path: "{{ matrix_corporal_base_path }}/var"
 
+matrix_corporal_matrix_homeserver_scheme: https
 matrix_corporal_matrix_homeserver_domain_name: "{{ matrix_domain }}"
 matrix_corporal_matrix_homeserver_api_domain_name: "{{ matrix_server_fqn_matrix }}"
 
@@ -164,5 +165,5 @@ matrix_corporal_configuration_extension: "{{ matrix_corporal_configuration_exten
 # You most likely don't need to touch this variable. Instead, see `matrix_corporal_configuration_default`.
 matrix_corporal_configuration: "{{ matrix_corporal_configuration_default | combine(matrix_corporal_configuration_extension, recursive=True) }}"
 
-matrix_corporal_self_check_matrix_client_api_url_endpoint_public: "https://{{ matrix_corporal_matrix_homeserver_api_domain_name }}/_matrix/client/corporal"
-matrix_corporal_self_check_corporal_api_url_endpoint_public: "https://{{ matrix_corporal_matrix_homeserver_api_domain_name }}/_matrix/corporal/policy"
+matrix_corporal_self_check_matrix_client_api_url_endpoint_public: "{{ matrix_corporal_matrix_homeserver_scheme }}://{{ matrix_corporal_matrix_homeserver_api_domain_name }}/_matrix/client/corporal"
+matrix_corporal_self_check_corporal_api_url_endpoint_public: "{{ matrix_corporal_matrix_homeserver_scheme }}://{{ matrix_corporal_matrix_homeserver_api_domain_name }}/_matrix/corporal/policy"

roles/custom/matrix-dendrite/vars/main.yml

@@ -1,6 +1,6 @@
 ---
-matrix_dendrite_client_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/client/versions"
-matrix_dendrite_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}:{{ matrix_federation_public_port }}/_matrix/federation/v1/version"
+matrix_dendrite_client_api_url_endpoint_public: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}://{{ matrix_dendrite_hostname }}/_matrix/client/versions"
+matrix_dendrite_federation_api_url_endpoint_public: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}://{{ matrix_dendrite_hostname }}:{{ matrix_federation_public_port }}/_matrix/federation/v1/version"
 
 matrix_dendrite_media_store_parent_path: "{{ matrix_dendrite_media_store_path | dirname }}"
 matrix_dendrite_media_store_directory_name: "{{ matrix_dendrite_media_store_path | basename }}"

roles/custom/matrix-static-files/defaults/main.yml

@@ -83,7 +83,7 @@ matrix_static_files_container_labels_base_domain_traefik_tls: "{{ matrix_static_
 matrix_static_files_container_labels_base_domain_traefik_tls_certResolver: "{{ matrix_static_files_container_labels_traefik_tls_certResolver }}"  # noqa var-naming
 # Controls whether the root path (/) at the base domain would respond with a redirect to some URL.
 matrix_static_files_container_labels_base_domain_root_path_redirection_enabled: false
-matrix_static_files_container_labels_base_domain_root_path_redirection_regex: "^https://{{ matrix_static_files_container_labels_base_domain_traefik_hostname }}{{ matrix_static_files_container_labels_base_domain_traefik_path_prefix }}$"
+matrix_static_files_container_labels_base_domain_root_path_redirection_regex: "^{{ matrix_static_files_scheme }}://{{ matrix_static_files_container_labels_base_domain_traefik_hostname }}{{ matrix_static_files_container_labels_base_domain_traefik_path_prefix }}$"
 matrix_static_files_container_labels_base_domain_root_path_redirection_url: ""
 
 # matrix_static_files_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
@@ -369,8 +369,10 @@ matrix_static_files_file_index_html_template: |-
 #                                                                      #
 ########################################################################
 
+matrix_static_files_scheme: https
+
 # Controls whether the self-check feature should validate SSL certificates.
-matrix_static_files_self_check_validate_certificates: true
+matrix_static_files_self_check_validate_certificates: "{{ matrix_static_files_scheme == 'https' }}"
 
 matrix_static_files_self_check_hostname_matrix: ''
 matrix_static_files_self_check_hostname_identity: ''

roles/custom/matrix-static-files/tasks/self_check_well_known_file.yml

@@ -1,8 +1,8 @@
 ---
 
 - ansible.builtin.set_fact:
-    well_known_url_matrix: "https://{{ matrix_static_files_self_check_hostname_matrix }}{{ well_known_file_check.path }}"
-    well_known_url_identity: "https://{{ matrix_static_files_self_check_hostname_identity }}{{ well_known_file_check.path }}"
+    well_known_url_matrix: "{{ matrix_static_files_scheme }}://{{ matrix_static_files_self_check_hostname_matrix }}{{ well_known_file_check.path }}"
+    well_known_url_identity: "{{ matrix_static_files_scheme }}://{{ matrix_static_files_self_check_hostname_identity }}{{ well_known_file_check.path }}"
 
 # These well-known files may be served without a `Content-Type: application/json` header,
 # so we can't rely on the uri module's automatic parsing of JSON.

roles/custom/matrix-synapse/defaults/main.yml

@@ -339,6 +339,8 @@ matrix_synapse_in_container_python_packages_path: "/usr/local/lib/python3.11/sit
 matrix_synapse_template_synapse_homeserver: "{{ role_path }}/templates/synapse/homeserver.yaml.j2"
 matrix_synapse_template_synapse_log: "{{ role_path }}/templates/synapse/synapse.log.config.j2"
 
+matrix_synapse_public_baseurl: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}://{{ matrix_server_fqn_matrix }}/"
+
 matrix_synapse_macaroon_secret_key: ""
 matrix_synapse_registration_shared_secret: "{{ matrix_synapse_macaroon_secret_key }}"
 matrix_synapse_allow_guest_access: false
@@ -1082,7 +1084,7 @@ matrix_synapse_email_smtp_pass: ""
 matrix_synapse_email_smtp_require_transport_security: false
 matrix_synapse_email_notif_from: "Matrix <matrix@{{ matrix_domain }}>"
 matrix_synapse_email_app_name: Matrix
-matrix_synapse_email_client_base_url: "https://{{ matrix_server_fqn_element }}"
+matrix_synapse_email_client_base_url: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}://{{ matrix_server_fqn_element }}"
 matrix_synapse_email_invite_client_location: "https://app.element.io"
 
 

roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2

@@ -63,7 +63,7 @@ pid_file: /homeserver.pid
 #
 # Defaults to 'https://<server_name>/'.
 #
-public_baseurl: https://{{ matrix_server_fqn_matrix }}/
+public_baseurl: {{ matrix_synapse_public_baseurl | to_json }}
 
 # Uncomment the following to tell other servers to send federation traffic on
 # port 443.

roles/custom/matrix-synapse/vars/main.yml

@@ -1,7 +1,7 @@
 ---
 
-matrix_synapse_client_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/client/versions"
-matrix_synapse_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}:{{ matrix_federation_public_port }}/_matrix/federation/v1/version"
+matrix_synapse_client_api_url_endpoint_public: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}://{{ matrix_server_fqn_matrix }}/_matrix/client/versions"
+matrix_synapse_federation_api_url_endpoint_public: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}://{{ matrix_server_fqn_matrix }}:{{ matrix_federation_public_port }}/_matrix/federation/v1/version"
 
 matrix_synapse_media_store_directory_name: "{{ matrix_synapse_media_store_path | basename }}"