Make /.well-known/matrix/server optional

People who wish to rely on SRV records can prevent
the `/.well-known/matrix/server` file from being generated
(and thus, served.. which causes trouble).
This commit is contained in:
Slavi Pantaleev 2019-02-05 12:08:00 +02:00
parent 74710427e5
commit 764a040a90
3 changed files with 46 additions and 13 deletions

View file

@ -28,6 +28,14 @@ matrix_identity_server_url: ~
# The Docker network that all services would be put into # The Docker network that all services would be put into
matrix_docker_network: "matrix" matrix_docker_network: "matrix"
# Controls whether a `/.well-known/matrix/server` file is generated and used at all.
#
# If you wish to rely on DNS SRV records only, you can disable this.
# That implies that you'll be handling Matrix Federation API traffic (tcp/8448)
# using certificates for the base domain (`hostname_identity`) and not for the
# matrix domain (`hostname_matrix`).
matrix_well_known_matrix_server_enabled: true
# Variables to Control which parts of our roles run. # Variables to Control which parts of our roles run.
run_setup: true run_setup: true
run_import_postgres: true run_import_postgres: true

View file

@ -12,13 +12,25 @@
with_items: with_items:
- "{{ matrix_static_files_base_path }}/.well-known/matrix" - "{{ matrix_static_files_base_path }}/.well-known/matrix"
- name: Ensure Matrix /.well-known/matrix files configured - name: Ensure Matrix /.well-known/matrix/client file configured
template: template:
src: "{{ role_path }}/templates/static-files/well-known/matrix-{{ item }}.j2" src: "{{ role_path }}/templates/static-files/well-known/matrix-client.j2"
dest: "{{ matrix_static_files_base_path }}/.well-known/matrix/{{ item }}" dest: "{{ matrix_static_files_base_path }}/.well-known/matrix/client"
mode: 0644 mode: 0644
owner: "{{ matrix_user_username }}" owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}"
with_items:
- "client" - name: Ensure Matrix /.well-known/matrix/server file configured
- "server" template:
src: "{{ role_path }}/templates/static-files/well-known/matrix-server.j2"
dest: "{{ matrix_static_files_base_path }}/.well-known/matrix/server"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_username }}"
when: matrix_well_known_matrix_server_enabled
- name: Ensure Matrix /.well-known/matrix/server file deleted
file:
path: "{{ matrix_static_files_base_path }}/.well-known/matrix/server"
state: absent
when: "not matrix_well_known_matrix_server_enabled"

View file

@ -1,13 +1,26 @@
--- ---
- name: Determine well-known files to check (Matrix)
set_fact:
well_known_file_checks:
- path: /.well-known/matrix/client
purpose: Client Discovery
cors: true
- block:
- set_fact:
well_known_file_check_matrix_server:
path: /.well-known/matrix/server
purpose: Server Discovery
cors: false
- name: Determine domains that we require certificates for (mxisd)
set_fact:
well_known_file_checks: "{{ well_known_file_checks + [well_known_file_check_matrix_server] }}"
when: "matrix_well_known_matrix_server_enabled"
- name: Perform well-known checks - name: Perform well-known checks
include_tasks: "{{ role_path }}/tasks/self_check_well_known_file.yml" include_tasks: "{{ role_path }}/tasks/self_check_well_known_file.yml"
with_items: with_items: "{{ well_known_file_checks }}"
- path: /.well-known/matrix/server
purpose: Server Discovery
cors: false
- path: /.well-known/matrix/client
purpose: Client Discovery
cors: true
loop_control: loop_control:
loop_var: well_known_file_check loop_var: well_known_file_check