From 97f65e8dffcf979a296cc99dfecaf744392a0116 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 10 Feb 2023 19:36:06 +0200 Subject: [PATCH] Minor fixes to allow for Traefik without SSL --- group_vars/matrix_servers | 2 +- roles/custom/matrix-base/defaults/main.yml | 13 ++++++++----- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 62771b6c8..2bcaa73c6 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -38,7 +38,7 @@ matrix_playbook_traefik_role_enabled: true # installed in another way. matrix_playbook_traefik_labels_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-installed-traefik', 'other-traefik-container'] }}" -matrix_playbook_traefik_certs_dumper_role_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-installed-traefik', 'other-traefik-container'] }}" +matrix_playbook_traefik_certs_dumper_role_enabled: "{{ (matrix_playbook_reverse_proxy_type == 'playbook-installed-traefik' and devture_traefik_config_entrypoint_web_secure_enabled) or matrix_playbook_reverse_proxy_type == 'other-traefik-container' }}" # Controls the additional network that reverse-proxyable services will be connected to. matrix_playbook_reverse_proxyable_services_additional_network: "{{ devture_traefik_container_network if devture_traefik_enabled else '' }}" diff --git a/roles/custom/matrix-base/defaults/main.yml b/roles/custom/matrix-base/defaults/main.yml index e74fa4f18..7e76a9e78 100644 --- a/roles/custom/matrix-base/defaults/main.yml +++ b/roles/custom/matrix-base/defaults/main.yml @@ -273,16 +273,19 @@ matrix_homeserver_app_service_config_files_auto: [] # Valid options and a description of their behavior: # # - `playbook-installed-traefik` -# - the playbook will install devture-traefik for SSL termination +# - the playbook will install devture-traefik +# - Traefik will do SSL termination, unless you disable it (e.g. `devture_traefik_config_entrypoint_web_secure_enabled: false`) # - it will also install matrix-nginx-proxy in local-only mode, while we migrate the rest of the services to a Traefik-native mode of working # # - `playbook-installed-nginx` -# - the playbook will install matrix-nginx-proxy and do SSL termination with Certbot +# - the playbook will install matrix-nginx-proxy +# - matrix-nginx-proxy will do SSL termination with Certbot, unless you change that (see `matrix_ssl_retrieval_method`) # # - `other-traefik-container` -# - Traefik will be used, but it's not installed by this playbook. -# - you should make sure it's compatible with what the playbook would have configured (web, web-secure, matrix-federation entrypoints, etc.) -# - you may wish to set `matrix_playbook_reverse_proxyable_services_additional_network` to the name of your Traefik network +# - this playbook will not install Traefik +# - nevertheless, the playbook expects that you would install Traefik yourself via other means +# - you should make sure your Traefik configuration is compatible with what the playbook would have configured (web, web-secure, matrix-federation entrypoints, etc.) +# - you need to set `matrix_playbook_reverse_proxyable_services_additional_network` to the name of your Traefik network # - you may wish to enable `devture_traefik_certs_dumper_enabled` and point it to your Traefik's SSL certificates (`devture_traefik_certs_dumper_ssl_dir_path`) # # - `other-nginx-non-container`