Make /.well-known/matrix/server optional
People who wish to rely on SRV records can prevent the `/.well-known/matrix/server` file from being generated (and thus, served.. which causes trouble).
This commit is contained in:
parent
74710427e5
commit
764a040a90
|
@ -28,6 +28,14 @@ matrix_identity_server_url: ~
|
|||
# The Docker network that all services would be put into
|
||||
matrix_docker_network: "matrix"
|
||||
|
||||
# Controls whether a `/.well-known/matrix/server` file is generated and used at all.
|
||||
#
|
||||
# If you wish to rely on DNS SRV records only, you can disable this.
|
||||
# That implies that you'll be handling Matrix Federation API traffic (tcp/8448)
|
||||
# using certificates for the base domain (`hostname_identity`) and not for the
|
||||
# matrix domain (`hostname_matrix`).
|
||||
matrix_well_known_matrix_server_enabled: true
|
||||
|
||||
# Variables to Control which parts of our roles run.
|
||||
run_setup: true
|
||||
run_import_postgres: true
|
||||
|
|
|
@ -12,13 +12,25 @@
|
|||
with_items:
|
||||
- "{{ matrix_static_files_base_path }}/.well-known/matrix"
|
||||
|
||||
- name: Ensure Matrix /.well-known/matrix files configured
|
||||
- name: Ensure Matrix /.well-known/matrix/client file configured
|
||||
template:
|
||||
src: "{{ role_path }}/templates/static-files/well-known/matrix-{{ item }}.j2"
|
||||
dest: "{{ matrix_static_files_base_path }}/.well-known/matrix/{{ item }}"
|
||||
src: "{{ role_path }}/templates/static-files/well-known/matrix-client.j2"
|
||||
dest: "{{ matrix_static_files_base_path }}/.well-known/matrix/client"
|
||||
mode: 0644
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_username }}"
|
||||
with_items:
|
||||
- "client"
|
||||
- "server"
|
||||
|
||||
- name: Ensure Matrix /.well-known/matrix/server file configured
|
||||
template:
|
||||
src: "{{ role_path }}/templates/static-files/well-known/matrix-server.j2"
|
||||
dest: "{{ matrix_static_files_base_path }}/.well-known/matrix/server"
|
||||
mode: 0644
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_username }}"
|
||||
when: matrix_well_known_matrix_server_enabled
|
||||
|
||||
- name: Ensure Matrix /.well-known/matrix/server file deleted
|
||||
file:
|
||||
path: "{{ matrix_static_files_base_path }}/.well-known/matrix/server"
|
||||
state: absent
|
||||
when: "not matrix_well_known_matrix_server_enabled"
|
||||
|
|
|
@ -1,13 +1,26 @@
|
|||
---
|
||||
|
||||
- name: Determine well-known files to check (Matrix)
|
||||
set_fact:
|
||||
well_known_file_checks:
|
||||
- path: /.well-known/matrix/client
|
||||
purpose: Client Discovery
|
||||
cors: true
|
||||
|
||||
- block:
|
||||
- set_fact:
|
||||
well_known_file_check_matrix_server:
|
||||
path: /.well-known/matrix/server
|
||||
purpose: Server Discovery
|
||||
cors: false
|
||||
|
||||
- name: Determine domains that we require certificates for (mxisd)
|
||||
set_fact:
|
||||
well_known_file_checks: "{{ well_known_file_checks + [well_known_file_check_matrix_server] }}"
|
||||
when: "matrix_well_known_matrix_server_enabled"
|
||||
|
||||
- name: Perform well-known checks
|
||||
include_tasks: "{{ role_path }}/tasks/self_check_well_known_file.yml"
|
||||
with_items:
|
||||
- path: /.well-known/matrix/server
|
||||
purpose: Server Discovery
|
||||
cors: false
|
||||
- path: /.well-known/matrix/client
|
||||
purpose: Client Discovery
|
||||
cors: true
|
||||
with_items: "{{ well_known_file_checks }}"
|
||||
loop_control:
|
||||
loop_var: well_known_file_check
|
||||
|
|
Loading…
Reference in a new issue