matrix-docker-ansible-deploy/roles/matrix-server/tasks
Slavi Pantaleev 3a5f82267b Do not use Let's Encrypt certificate for Synapse's federation port
As described here (
https://github.com/matrix-org/synapse/issues/2438#issuecomment-327424711
), using own SSL certificates for the federation port is more fragile,
as renewing them could cause federation outages.

The recommended setup is to use the self-signed certificates generated
by Synapse.

On the 443 port (matrix-nginx-proxy) side, we still use the Let's Encrypt
certificates, which ensures API consumers work without having to trust
"our own CA".

Having done this, we also don't need to ever restart Synapse anymore,
as no new SSL certificates need to be applied there.

It's just matrix-nginx-proxy that needs to be restarted, and it doesn't
even need a full restart as an "nginx reload" does the job of swithing
to the new SSL certificates.
2017-09-23 15:29:15 +03:00
..
import_media_store.yml Add support for storing Matrix Synapse's media_store to Amazon S3 2017-09-07 18:26:41 +03:00
import_sqlite_db.yml Add support for using an external PostgreSQL server 2017-09-08 17:24:27 +03:00
main.yml Do not do the S3 setup so early 2017-09-08 10:50:31 +03:00
register_user.yml Do not assume /usr/local/bin is always on the PATH 2017-09-08 10:47:12 +03:00
setup_base.yml Add support for Debian (9+) and Ubuntu (16.04+) 2017-09-11 23:24:05 +03:00
setup_main.yml Move SSL certificates from /etc/pki/acmetool-certs to /matrix/ssl 2017-09-11 23:50:14 +03:00
setup_nginx_proxy.yml Do not use Let's Encrypt certificate for Synapse's federation port 2017-09-23 15:29:15 +03:00
setup_postgres.yml Move SSL certificates from /etc/pki/acmetool-certs to /matrix/ssl 2017-09-11 23:50:14 +03:00
setup_riot_web.yml Add support for not taking over a server (no matrix-nginx-proxy) and disabling Riot 2017-09-12 12:41:44 +03:00
setup_s3fs.yml Move SSL certificates from /etc/pki/acmetool-certs to /matrix/ssl 2017-09-11 23:50:14 +03:00
setup_ssl.yml Add support for not taking over a server (no matrix-nginx-proxy) and disabling Riot 2017-09-12 12:41:44 +03:00
setup_synapse.yml Do not use Let's Encrypt certificate for Synapse's federation port 2017-09-23 15:29:15 +03:00
start.yml Add support for not taking over a server (no matrix-nginx-proxy) and disabling Riot 2017-09-12 12:41:44 +03:00