Disable turns when Let's Encrypt is used

Supersedes https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1145
This commit is contained in:
Slavi Pantaleev 2021-07-02 17:00:10 +03:00
parent 935967f3a6
commit 8b146f083e

View file

@ -1474,7 +1474,7 @@ matrix_postgres_additional_databases: |
'username': matrix_prometheus_postgres_exporter_database_username, 'username': matrix_prometheus_postgres_exporter_database_username,
'password': matrix_prometheus_postgres_exporter_database_password, 'password': matrix_prometheus_postgres_exporter_database_password,
}] if (matrix_prometheus_postgres_exporter_enabled and matrix_prometheus_postgres_exporter_database_hostname == 'matrix-postgres') else []) }] if (matrix_prometheus_postgres_exporter_enabled and matrix_prometheus_postgres_exporter_database_hostname == 'matrix-postgres') else [])
}} }}
matrix_postgres_import_roles_to_ignore: | matrix_postgres_import_roles_to_ignore: |
@ -1671,16 +1671,23 @@ matrix_synapse_email_notif_from: "Matrix <{{ matrix_mailer_sender_address }}>"
# Even if TURN doesn't support TLS (it does by default), # Even if TURN doesn't support TLS (it does by default),
# it doesn't hurt to try a secure connection anyway. # it doesn't hurt to try a secure connection anyway.
#
# When Let's Encrypt certificates are used (the default case),
# we don't enable `turns` endpoints, because WebRTC in Element can't talk to them.
# Learn more here: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1145
matrix_synapse_turn_uris: | matrix_synapse_turn_uris: |
{{ {{
[]
+
[ [
'turns:' + matrix_server_fqn_matrix + '?transport=udp', 'turns:' + matrix_server_fqn_matrix + '?transport=udp',
'turns:' + matrix_server_fqn_matrix + '?transport=tcp', 'turns:' + matrix_server_fqn_matrix + '?transport=tcp',
] if matrix_coturn_enabled and matrix_ssl_retrieval_method != 'lets-encrypt' else []
+
[
'turn:' + matrix_server_fqn_matrix + '?transport=udp', 'turn:' + matrix_server_fqn_matrix + '?transport=udp',
'turn:' + matrix_server_fqn_matrix + '?transport=tcp', 'turn:' + matrix_server_fqn_matrix + '?transport=tcp',
] ] if matrix_coturn_enabled else []
if matrix_coturn_enabled
else []
}} }}
matrix_synapse_turn_shared_secret: "{{ matrix_coturn_turn_static_auth_secret if matrix_coturn_enabled else '' }}" matrix_synapse_turn_shared_secret: "{{ matrix_coturn_turn_static_auth_secret if matrix_coturn_enabled else '' }}"