From 78912688734589d67a9213201dbae45d231fad84 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 25 May 2024 16:14:26 +0300 Subject: [PATCH] Do not hardcode https:// in all remaining places, refer to matrix_static_files_scheme Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3333 --- group_vars/matrix_servers | 24 ++++++++++++++----- roles/custom/matrix-base/defaults/main.yml | 2 +- .../defaults/main.yml | 4 ++-- .../defaults/main.yml | 2 +- .../matrix-bridge-hookshot/defaults/main.yml | 3 ++- .../defaults/main.yml | 2 +- .../defaults/main.yml | 2 +- .../matrix-client-cinny/defaults/main.yml | 2 ++ .../matrix-client-cinny/tasks/self_check.yml | 2 +- .../matrix-client-element/defaults/main.yml | 2 ++ .../tasks/self_check.yml | 2 +- .../templates/config.json.j2 | 2 +- .../matrix-client-hydrogen/defaults/main.yml | 2 ++ .../tasks/self_check.yml | 2 +- .../defaults/main.yml | 2 ++ .../tasks/self_check.yml | 2 +- .../templates/config.json.j2 | 2 +- roles/custom/matrix-conduit/vars/main.yml | 4 ++-- .../custom/matrix-corporal/defaults/main.yml | 5 ++-- roles/custom/matrix-dendrite/vars/main.yml | 4 ++-- .../matrix-static-files/defaults/main.yml | 6 +++-- .../tasks/self_check_well_known_file.yml | 4 ++-- roles/custom/matrix-synapse/defaults/main.yml | 4 +++- .../templates/synapse/homeserver.yaml.j2 | 2 +- roles/custom/matrix-synapse/vars/main.yml | 4 ++-- 25 files changed, 59 insertions(+), 33 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 1ff4fb35a..3dfb29688 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -506,7 +506,7 @@ docker_daemon_options: "{{ matrix_playbook_docker_installation_daemon_options }} # ###################################################################### -matrix_identity_server_url: "{{ ('https://' + matrix_server_fqn_matrix) if matrix_ma1sd_enabled else None }}" +matrix_identity_server_url: "{{ (('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_matrix) if matrix_ma1sd_enabled else None }}" matrix_homeserver_systemd_services_list: |- {{ @@ -1913,8 +1913,8 @@ matrix_hookshot_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_p matrix_hookshot_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}" matrix_hookshot_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}" +matrix_hookshot_public_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}" matrix_hookshot_public_hostname: "{{ matrix_server_fqn_matrix }}" -matrix_hookshot_urlprefix: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}://{{ matrix_server_fqn_matrix }}" ###################################################################### # @@ -2923,6 +2923,8 @@ matrix_corporal_container_labels_traefik_docker_network: "{{ matrix_playbook_rev matrix_corporal_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" matrix_corporal_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_corporal_matrix_homeserver_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}" + matrix_corporal_matrix_homeserver_api_endpoint: "{{ matrix_homeserver_container_url }}" matrix_corporal_matrix_auth_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}" @@ -3080,7 +3082,7 @@ matrix_dimension_container_labels_traefik_tls_certResolver: "{{ devture_traefik_ matrix_dimension_homeserver_clientServerUrl: "{{ matrix_addons_homeserver_client_api_url }}" matrix_dimension_homeserver_federationUrl: "{{ matrix_homeserver_container_federation_url }}" -matrix_dimension_homeserver_mediaUrl: "https://{{ matrix_server_fqn_matrix }}" +matrix_dimension_homeserver_mediaUrl: "{{ ('https' if matrix_playbook_ssl_enabled else 'http') }}://{{ matrix_server_fqn_matrix }}" # Dimension depends both on `matrix_addons_homeserver_systemd_services_list` and on the homeserver service, # because `matrix_dimension_homeserver_clientServerUrl` and `matrix_dimension_homeserver_federationUrl` are potentially @@ -4019,6 +4021,8 @@ keydb_arch: |- # If you wish to connect to your Matrix server by other means, you may wish to disable this. matrix_client_element_enabled: true +matrix_client_element_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}" + matrix_client_element_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" matrix_client_element_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8765') if matrix_playbook_service_host_bind_interface_prefix else '' }}" @@ -4081,6 +4085,8 @@ matrix_client_hydrogen_container_labels_traefik_docker_network: "{{ matrix_playb matrix_client_hydrogen_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" matrix_client_hydrogen_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_client_hydrogen_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}" + matrix_client_hydrogen_default_hs_url: "{{ matrix_homeserver_url }}" matrix_client_hydrogen_self_check_validate_certificates: "{{ matrix_playbook_ssl_enabled }}" @@ -4112,6 +4118,8 @@ matrix_client_cinny_container_labels_traefik_docker_network: "{{ matrix_playbook matrix_client_cinny_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" matrix_client_cinny_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_client_cinny_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}" + matrix_client_cinny_default_hs_url: "{{ matrix_homeserver_url }}" matrix_client_cinny_self_check_validate_certificates: "{{ matrix_playbook_ssl_enabled }}" @@ -4130,6 +4138,8 @@ matrix_client_cinny_self_check_validate_certificates: "{{ matrix_playbook_ssl_en matrix_client_schildichat_enabled: false +matrix_client_schildichat_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}" + matrix_client_schildichat_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" matrix_client_schildichat_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8765') if matrix_playbook_service_host_bind_interface_prefix else '' }}" @@ -4804,7 +4814,7 @@ matrix_registration_container_labels_traefik_docker_network: "{{ matrix_playbook matrix_registration_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" matrix_registration_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" -matrix_registration_riot_instance: "{{ ('https://' + matrix_server_fqn_element) if matrix_client_element_enabled else 'https://element.io/app/' }}" +matrix_registration_riot_instance: "{{ (('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element) if matrix_client_element_enabled else 'https://element.io/app/' }}" matrix_registration_shared_secret: |- {{ @@ -5171,17 +5181,19 @@ matrix_static_files_container_labels_base_domain_traefik_hostname: "{{ matrix_do # If we're not serving a static webpage, serve a redirect instead of a 404. matrix_static_files_container_labels_base_domain_root_path_redirection_enabled: "{{ not matrix_static_files_file_index_html_enabled }}" -matrix_static_files_container_labels_base_domain_root_path_redirection_url: "https://{{ matrix_server_fqn_matrix }}" +matrix_static_files_container_labels_base_domain_root_path_redirection_url: "{{ ('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_matrix }}" matrix_static_files_file_matrix_client_property_io_element_jitsi_preferred_domain: "{{ matrix_server_fqn_jitsi if jitsi_enabled else '' }}" matrix_static_files_file_matrix_client_property_org_matrix_msc3575_proxy_url: "{{ matrix_homeserver_sliding_sync_url }}" matrix_static_files_file_matrix_client_property_m_tile_server_entries_enabled: "{{ matrix_client_element_location_sharing_enabled }}" -matrix_static_files_file_matrix_client_property_m_tile_server_map_style_url: "https://{{ matrix_server_fqn_element }}/map_style.json" +matrix_static_files_file_matrix_client_property_m_tile_server_map_style_url: "{{ ('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element }}/map_style.json" matrix_static_files_file_matrix_server_property_m_server: "{{ matrix_server_fqn_matrix_federation }}:{{ matrix_federation_public_port }}" +matrix_static_files_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}" + matrix_static_files_self_check_hostname_matrix: "{{ matrix_server_fqn_matrix }}" matrix_static_files_self_check_hostname_identity: "{{ matrix_domain }}" diff --git a/roles/custom/matrix-base/defaults/main.yml b/roles/custom/matrix-base/defaults/main.yml index 8bfecc833..393063980 100644 --- a/roles/custom/matrix-base/defaults/main.yml +++ b/roles/custom/matrix-base/defaults/main.yml @@ -154,7 +154,7 @@ matrix_host_command_chown: "/usr/bin/env chown" matrix_host_command_fusermount: "/usr/bin/env fusermount" matrix_host_command_openssl: "/usr/bin/env openssl" -matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}" +matrix_homeserver_url: "{{ ('https' if matrix_playbook_ssl_enabled else 'http') }}://{{ matrix_server_fqn_matrix }}" # Specifies on which container network the homeserver is. matrix_homeserver_container_network: "matrix-homeserver" diff --git a/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml b/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml index d8146c312..9de29091b 100644 --- a/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml +++ b/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml @@ -19,8 +19,8 @@ matrix_bot_matrix_registration_bot_base_path: "{{ matrix_base_data_path }}/matri matrix_bot_matrix_registration_bot_config_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/config" matrix_bot_matrix_registration_bot_data_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/data" -matrix_bot_matrix_registration_bot_bot_server: "https://{{ matrix_server_fqn_matrix }}" -matrix_bot_matrix_registration_bot_api_base_url: "https://{{ matrix_server_fqn_matrix }}" +matrix_bot_matrix_registration_bot_bot_server: "{{ matrix_homeserver_url }}" +matrix_bot_matrix_registration_bot_api_base_url: "{{ matrix_homeserver_url }}" # The bot's password (can also be used to login via a client like element) diff --git a/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml b/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml index 3155ebd76..6a2d35006 100644 --- a/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml +++ b/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml @@ -23,7 +23,7 @@ matrix_appservice_irc_config_path: "{{ matrix_appservice_irc_base_path }}/config matrix_appservice_irc_data_path: "{{ matrix_appservice_irc_base_path }}/data" matrix_appservice_irc_homeserver_url: "" -matrix_appservice_irc_homeserver_media_url: 'https://{{ matrix_server_fqn_matrix }}' +matrix_appservice_irc_homeserver_media_url: '{{ matrix_homeserver_url }}' matrix_appservice_irc_homeserver_domain: '{{ matrix_domain }}' matrix_appservice_irc_homeserver_enablePresence: true # noqa var-naming matrix_appservice_irc_appservice_address: 'http://matrix-appservice-irc:9999' diff --git a/roles/custom/matrix-bridge-hookshot/defaults/main.yml b/roles/custom/matrix-bridge-hookshot/defaults/main.yml index e5f2af0bf..63a6dab91 100644 --- a/roles/custom/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/custom/matrix-bridge-hookshot/defaults/main.yml @@ -30,10 +30,11 @@ matrix_hookshot_docker_src_files_path: "{{ matrix_hookshot_base_path }}/docker-s matrix_hookshot_homeserver_address: "" matrix_hookshot_container_url: 'matrix-hookshot' +matrix_hookshot_public_scheme: https matrix_hookshot_public_hostname: "{{ matrix_server_fqn_matrix }}" matrix_hookshot_public_endpoint: /hookshot -matrix_hookshot_urlprefix: "https://{{ matrix_hookshot_public_hostname }}{{ matrix_hookshot_public_endpoint }}" +matrix_hookshot_urlprefix: "{{ matrix_hookshot_public_scheme }}://{{ matrix_hookshot_public_hostname }}{{ matrix_hookshot_public_endpoint }}" # There is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. matrix_hookshot_appservice_port: 9993 diff --git a/roles/custom/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-discord/defaults/main.yml index 8419e1a7e..27d32e8f6 100644 --- a/roles/custom/matrix-bridge-mx-puppet-discord/defaults/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-discord/defaults/main.yml @@ -31,7 +31,7 @@ matrix_mx_puppet_discord_homeserver_address: "" matrix_mx_puppet_discord_homeserver_domain: '{{ matrix_domain }}' matrix_mx_puppet_discord_appservice_address: 'http://matrix-mx-puppet-discord:{{ matrix_mx_puppet_discord_appservice_port }}' -matrix_mx_puppet_discord_bridge_mediaUrl: "https://{{ matrix_server_fqn_matrix }}" # noqa var-naming +matrix_mx_puppet_discord_bridge_mediaUrl: "{{ matrix_homeserver_url }}" # noqa var-naming # "@user:server.com" to allow specific user # "@.*:yourserver.com" to allow users on a specific homeserver diff --git a/roles/custom/matrix-bridge-mx-puppet-twitter/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/defaults/main.yml index 5efc38e7f..dda042f33 100644 --- a/roles/custom/matrix-bridge-mx-puppet-twitter/defaults/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-twitter/defaults/main.yml @@ -40,7 +40,7 @@ matrix_mx_puppet_twitter_access_token: '' matrix_mx_puppet_twitter_access_token_secret: '' matrix_mx_puppet_twitter_environment: '' matrix_mx_puppet_twitter_server_path: "{{ matrix_mx_puppet_twitter_path_prefix }}" -matrix_mx_puppet_twitter_server_url: 'https://{{ matrix_server_fqn_matrix }}{{ matrix_mx_puppet_twitter_server_path }}' +matrix_mx_puppet_twitter_server_url: '{{ matrix_homeserver_url }}{{ matrix_mx_puppet_twitter_server_path }}' # "@user:server.com" to allow specific user # "@.*:yourserver.com" to allow users on a specific homeserver diff --git a/roles/custom/matrix-client-cinny/defaults/main.yml b/roles/custom/matrix-client-cinny/defaults/main.yml index f79c65dda..735e663a4 100644 --- a/roles/custom/matrix-client-cinny/defaults/main.yml +++ b/roles/custom/matrix-client-cinny/defaults/main.yml @@ -125,6 +125,8 @@ matrix_client_cinny_floc_optout_enabled: true # See: `matrix_client_cinny_http_header_strict_transport_security` matrix_client_cinny_hsts_preload_enabled: false +matrix_client_cinny_scheme: https + # The hostname at which Cinny is served. # Only works with with Traefik reverse-proxying. matrix_client_cinny_hostname: "{{ matrix_server_fqn_cinny }}" diff --git a/roles/custom/matrix-client-cinny/tasks/self_check.yml b/roles/custom/matrix-client-cinny/tasks/self_check.yml index 2ea64a32e..8e8634153 100644 --- a/roles/custom/matrix-client-cinny/tasks/self_check.yml +++ b/roles/custom/matrix-client-cinny/tasks/self_check.yml @@ -1,7 +1,7 @@ --- - ansible.builtin.set_fact: - matrix_client_cinny_url_endpoint_public: "https://{{ matrix_client_cinny_hostname }}{{ matrix_client_cinny_path_prefix }}/config.json" + matrix_client_cinny_url_endpoint_public: "{{ matrix_client_cinny_scheme }}://{{ matrix_client_cinny_hostname }}{{ matrix_client_cinny_path_prefix }}/config.json" - name: Check Cinny ansible.builtin.uri: diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index a8ecd1bca..46f20f85c 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -129,6 +129,7 @@ matrix_client_element_floc_optout_enabled: true # See: `matrix_client_element_http_header_strict_transport_security` matrix_client_element_hsts_preload_enabled: false +matrix_client_element_scheme: https # The hostname at which Element is served. matrix_client_element_hostname: "{{ matrix_server_fqn_element }}" @@ -140,6 +141,7 @@ matrix_client_element_path_prefix: / matrix_client_element_default_server_name: "{{ matrix_domain }}" matrix_client_element_default_hs_url: "" matrix_client_element_default_is_url: ~ +matrix_client_element_map_style_url: "{{ matrix_client_element_scheme }}://{{ matrix_client_element_hostname }}/map_style.json" matrix_client_element_disable_custom_urls: true matrix_client_element_disable_guests: true matrix_client_element_integrations_ui_url: "https://scalar.vector.im/" diff --git a/roles/custom/matrix-client-element/tasks/self_check.yml b/roles/custom/matrix-client-element/tasks/self_check.yml index c336e4b65..619727b97 100644 --- a/roles/custom/matrix-client-element/tasks/self_check.yml +++ b/roles/custom/matrix-client-element/tasks/self_check.yml @@ -1,7 +1,7 @@ --- - ansible.builtin.set_fact: - matrix_client_element_url_endpoint_public: "https://{{ matrix_server_fqn_element }}/config.json" + matrix_client_element_url_endpoint_public: "{{ matrix_client_element_scheme }}://{{ matrix_client_element_hostname }}/config.json" - name: Check Element ansible.builtin.uri: diff --git a/roles/custom/matrix-client-element/templates/config.json.j2 b/roles/custom/matrix-client-element/templates/config.json.j2 index dfb03fb10..e45e68065 100644 --- a/roles/custom/matrix-client-element/templates/config.json.j2 +++ b/roles/custom/matrix-client-element/templates/config.json.j2 @@ -38,7 +38,7 @@ }, {% endif %} {% if matrix_client_element_location_sharing_enabled %} - "map_style_url": "https://{{ matrix_server_fqn_element }}/map_style.json", + "map_style_url": {{ matrix_client_element_map_style_url | to_json }}, {% endif %} "branding": { "auth_footer_links": {{ matrix_client_element_branding_auth_footer_links | to_json }}, diff --git a/roles/custom/matrix-client-hydrogen/defaults/main.yml b/roles/custom/matrix-client-hydrogen/defaults/main.yml index b4bb5d275..c3a1050b6 100644 --- a/roles/custom/matrix-client-hydrogen/defaults/main.yml +++ b/roles/custom/matrix-client-hydrogen/defaults/main.yml @@ -124,6 +124,8 @@ matrix_client_hydrogen_floc_optout_enabled: true # See: `matrix_client_hydrogen_http_header_strict_transport_security` matrix_client_hydrogen_hsts_preload_enabled: false +matrix_client_hydrogen_scheme: https + # The hostname at which Hydrogen is served. matrix_client_hydrogen_hostname: "{{ matrix_server_fqn_hydrogen }}" diff --git a/roles/custom/matrix-client-hydrogen/tasks/self_check.yml b/roles/custom/matrix-client-hydrogen/tasks/self_check.yml index 42c1f09b6..4892c40dc 100644 --- a/roles/custom/matrix-client-hydrogen/tasks/self_check.yml +++ b/roles/custom/matrix-client-hydrogen/tasks/self_check.yml @@ -1,7 +1,7 @@ --- - ansible.builtin.set_fact: - matrix_client_hydrogen_url_endpoint_public: "https://{{ matrix_client_hydrogen_hostname }}{{ matrix_client_hydrogen_path_prefix }}/config.json" + matrix_client_hydrogen_url_endpoint_public: "{{ matrix_client_hydrogen_scheme }}://{{ matrix_client_hydrogen_hostname }}{{ matrix_client_hydrogen_path_prefix }}/config.json" - name: Check Hydrogen ansible.builtin.uri: diff --git a/roles/custom/matrix-client-schildichat/defaults/main.yml b/roles/custom/matrix-client-schildichat/defaults/main.yml index 93e58bf7e..2e253df7d 100644 --- a/roles/custom/matrix-client-schildichat/defaults/main.yml +++ b/roles/custom/matrix-client-schildichat/defaults/main.yml @@ -123,6 +123,7 @@ matrix_client_schildichat_floc_optout_enabled: true # See: `matrix_client_schildichat_http_header_strict_transport_security` matrix_client_schildichat_hsts_preload_enabled: false +matrix_client_schildichat_scheme: https # The hostname at which schildichat is served. matrix_client_schildichat_hostname: "{{ matrix_server_fqn_schildichat }}" @@ -134,6 +135,7 @@ matrix_client_schildichat_path_prefix: / matrix_client_schildichat_default_server_name: "{{ matrix_domain }}" matrix_client_schildichat_default_hs_url: "" matrix_client_schildichat_default_is_url: ~ +matrix_client_schildichat_map_style_url: "{{ matrix_client_schildichat_scheme }}://{{ matrix_client_schildichat_hostname }}/map_style.json" matrix_client_schildichat_disable_custom_urls: true matrix_client_schildichat_disable_guests: true matrix_client_schildichat_integrations_ui_url: "https://scalar.vector.im/" diff --git a/roles/custom/matrix-client-schildichat/tasks/self_check.yml b/roles/custom/matrix-client-schildichat/tasks/self_check.yml index 2963e2ba5..7ecdd1c0a 100644 --- a/roles/custom/matrix-client-schildichat/tasks/self_check.yml +++ b/roles/custom/matrix-client-schildichat/tasks/self_check.yml @@ -1,7 +1,7 @@ --- - ansible.builtin.set_fact: - matrix_client_schildichat_url_endpoint_public: "https://{{ matrix_server_fqn_schildichat }}/config.json" + matrix_client_schildichat_url_endpoint_public: "{{ matrix_client_schildichat_scheme }}://{{ matrix_client_schildichat_hostname }}/config.json" - name: Check schildichat ansible.builtin.uri: diff --git a/roles/custom/matrix-client-schildichat/templates/config.json.j2 b/roles/custom/matrix-client-schildichat/templates/config.json.j2 index bd5ab79d2..9a6b89fc8 100644 --- a/roles/custom/matrix-client-schildichat/templates/config.json.j2 +++ b/roles/custom/matrix-client-schildichat/templates/config.json.j2 @@ -38,7 +38,7 @@ }, {% endif %} {% if matrix_client_schildichat_location_sharing_enabled %} - "map_style_url": "https://{{ matrix_server_fqn_schildichat }}/map_style.json", + "map_style_url": {{ matrix_client_schildichat_map_style_url | to_json }}, {% endif %} "branding": { "auth_footer_links": {{ matrix_client_schildichat_branding_auth_footer_links | to_json }}, diff --git a/roles/custom/matrix-conduit/vars/main.yml b/roles/custom/matrix-conduit/vars/main.yml index ad60e1c3e..633204070 100644 --- a/roles/custom/matrix-conduit/vars/main.yml +++ b/roles/custom/matrix-conduit/vars/main.yml @@ -1,3 +1,3 @@ --- -matrix_conduit_client_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/client/versions" -matrix_conduit_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}:{{ matrix_federation_public_port }}/_matrix/federation/v1/version" +matrix_conduit_client_api_url_endpoint_public: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}://{{ matrix_conduit_hostname }}/_matrix/client/versions" +matrix_conduit_federation_api_url_endpoint_public: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}://{{ matrix_conduit_hostname }}:{{ matrix_federation_public_port }}/_matrix/federation/v1/version" diff --git a/roles/custom/matrix-corporal/defaults/main.yml b/roles/custom/matrix-corporal/defaults/main.yml index 0b77350e5..e3f0189e0 100644 --- a/roles/custom/matrix-corporal/defaults/main.yml +++ b/roles/custom/matrix-corporal/defaults/main.yml @@ -92,6 +92,7 @@ matrix_corporal_config_dir_path: "{{ matrix_corporal_base_path }}/config" matrix_corporal_cache_dir_path: "{{ matrix_corporal_base_path }}/cache" matrix_corporal_var_dir_path: "{{ matrix_corporal_base_path }}/var" +matrix_corporal_matrix_homeserver_scheme: https matrix_corporal_matrix_homeserver_domain_name: "{{ matrix_domain }}" matrix_corporal_matrix_homeserver_api_domain_name: "{{ matrix_server_fqn_matrix }}" @@ -164,5 +165,5 @@ matrix_corporal_configuration_extension: "{{ matrix_corporal_configuration_exten # You most likely don't need to touch this variable. Instead, see `matrix_corporal_configuration_default`. matrix_corporal_configuration: "{{ matrix_corporal_configuration_default | combine(matrix_corporal_configuration_extension, recursive=True) }}" -matrix_corporal_self_check_matrix_client_api_url_endpoint_public: "https://{{ matrix_corporal_matrix_homeserver_api_domain_name }}/_matrix/client/corporal" -matrix_corporal_self_check_corporal_api_url_endpoint_public: "https://{{ matrix_corporal_matrix_homeserver_api_domain_name }}/_matrix/corporal/policy" +matrix_corporal_self_check_matrix_client_api_url_endpoint_public: "{{ matrix_corporal_matrix_homeserver_scheme }}://{{ matrix_corporal_matrix_homeserver_api_domain_name }}/_matrix/client/corporal" +matrix_corporal_self_check_corporal_api_url_endpoint_public: "{{ matrix_corporal_matrix_homeserver_scheme }}://{{ matrix_corporal_matrix_homeserver_api_domain_name }}/_matrix/corporal/policy" diff --git a/roles/custom/matrix-dendrite/vars/main.yml b/roles/custom/matrix-dendrite/vars/main.yml index 1e7aa378b..28a0f1bde 100644 --- a/roles/custom/matrix-dendrite/vars/main.yml +++ b/roles/custom/matrix-dendrite/vars/main.yml @@ -1,6 +1,6 @@ --- -matrix_dendrite_client_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/client/versions" -matrix_dendrite_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}:{{ matrix_federation_public_port }}/_matrix/federation/v1/version" +matrix_dendrite_client_api_url_endpoint_public: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}://{{ matrix_dendrite_hostname }}/_matrix/client/versions" +matrix_dendrite_federation_api_url_endpoint_public: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}://{{ matrix_dendrite_hostname }}:{{ matrix_federation_public_port }}/_matrix/federation/v1/version" matrix_dendrite_media_store_parent_path: "{{ matrix_dendrite_media_store_path | dirname }}" matrix_dendrite_media_store_directory_name: "{{ matrix_dendrite_media_store_path | basename }}" diff --git a/roles/custom/matrix-static-files/defaults/main.yml b/roles/custom/matrix-static-files/defaults/main.yml index 9f755dec1..3552dfd7e 100644 --- a/roles/custom/matrix-static-files/defaults/main.yml +++ b/roles/custom/matrix-static-files/defaults/main.yml @@ -83,7 +83,7 @@ matrix_static_files_container_labels_base_domain_traefik_tls: "{{ matrix_static_ matrix_static_files_container_labels_base_domain_traefik_tls_certResolver: "{{ matrix_static_files_container_labels_traefik_tls_certResolver }}" # noqa var-naming # Controls whether the root path (/) at the base domain would respond with a redirect to some URL. matrix_static_files_container_labels_base_domain_root_path_redirection_enabled: false -matrix_static_files_container_labels_base_domain_root_path_redirection_regex: "^https://{{ matrix_static_files_container_labels_base_domain_traefik_hostname }}{{ matrix_static_files_container_labels_base_domain_traefik_path_prefix }}$" +matrix_static_files_container_labels_base_domain_root_path_redirection_regex: "^{{ matrix_static_files_scheme }}://{{ matrix_static_files_container_labels_base_domain_traefik_hostname }}{{ matrix_static_files_container_labels_base_domain_traefik_path_prefix }}$" matrix_static_files_container_labels_base_domain_root_path_redirection_url: "" # matrix_static_files_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. @@ -369,8 +369,10 @@ matrix_static_files_file_index_html_template: |- # # ######################################################################## +matrix_static_files_scheme: https + # Controls whether the self-check feature should validate SSL certificates. -matrix_static_files_self_check_validate_certificates: true +matrix_static_files_self_check_validate_certificates: "{{ matrix_static_files_scheme == 'https' }}" matrix_static_files_self_check_hostname_matrix: '' matrix_static_files_self_check_hostname_identity: '' diff --git a/roles/custom/matrix-static-files/tasks/self_check_well_known_file.yml b/roles/custom/matrix-static-files/tasks/self_check_well_known_file.yml index 983ce1049..8e13cba1e 100644 --- a/roles/custom/matrix-static-files/tasks/self_check_well_known_file.yml +++ b/roles/custom/matrix-static-files/tasks/self_check_well_known_file.yml @@ -1,8 +1,8 @@ --- - ansible.builtin.set_fact: - well_known_url_matrix: "https://{{ matrix_static_files_self_check_hostname_matrix }}{{ well_known_file_check.path }}" - well_known_url_identity: "https://{{ matrix_static_files_self_check_hostname_identity }}{{ well_known_file_check.path }}" + well_known_url_matrix: "{{ matrix_static_files_scheme }}://{{ matrix_static_files_self_check_hostname_matrix }}{{ well_known_file_check.path }}" + well_known_url_identity: "{{ matrix_static_files_scheme }}://{{ matrix_static_files_self_check_hostname_identity }}{{ well_known_file_check.path }}" # These well-known files may be served without a `Content-Type: application/json` header, # so we can't rely on the uri module's automatic parsing of JSON. diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 0cfb9d30c..8bb5d0d69 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -339,6 +339,8 @@ matrix_synapse_in_container_python_packages_path: "/usr/local/lib/python3.11/sit matrix_synapse_template_synapse_homeserver: "{{ role_path }}/templates/synapse/homeserver.yaml.j2" matrix_synapse_template_synapse_log: "{{ role_path }}/templates/synapse/synapse.log.config.j2" +matrix_synapse_public_baseurl: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}://{{ matrix_server_fqn_matrix }}/" + matrix_synapse_macaroon_secret_key: "" matrix_synapse_registration_shared_secret: "{{ matrix_synapse_macaroon_secret_key }}" matrix_synapse_allow_guest_access: false @@ -1082,7 +1084,7 @@ matrix_synapse_email_smtp_pass: "" matrix_synapse_email_smtp_require_transport_security: false matrix_synapse_email_notif_from: "Matrix " matrix_synapse_email_app_name: Matrix -matrix_synapse_email_client_base_url: "https://{{ matrix_server_fqn_element }}" +matrix_synapse_email_client_base_url: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}://{{ matrix_server_fqn_element }}" matrix_synapse_email_invite_client_location: "https://app.element.io" diff --git a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 29f11d8e9..7193f9529 100644 --- a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -63,7 +63,7 @@ pid_file: /homeserver.pid # # Defaults to 'https:///'. # -public_baseurl: https://{{ matrix_server_fqn_matrix }}/ +public_baseurl: {{ matrix_synapse_public_baseurl | to_json }} # Uncomment the following to tell other servers to send federation traffic on # port 443. diff --git a/roles/custom/matrix-synapse/vars/main.yml b/roles/custom/matrix-synapse/vars/main.yml index 522505614..3bc77d019 100644 --- a/roles/custom/matrix-synapse/vars/main.yml +++ b/roles/custom/matrix-synapse/vars/main.yml @@ -1,7 +1,7 @@ --- -matrix_synapse_client_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/client/versions" -matrix_synapse_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}:{{ matrix_federation_public_port }}/_matrix/federation/v1/version" +matrix_synapse_client_api_url_endpoint_public: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}://{{ matrix_server_fqn_matrix }}/_matrix/client/versions" +matrix_synapse_federation_api_url_endpoint_public: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}://{{ matrix_server_fqn_matrix }}:{{ matrix_federation_public_port }}/_matrix/federation/v1/version" matrix_synapse_media_store_directory_name: "{{ matrix_synapse_media_store_path | basename }}"