2082242499
A new variable called `matrix_nginx_proxy_ssl_config` is created for configuring how the nginx proxy configures SSL. Also a new configuration validation option and other auxiliary variables are created. A new variable configuration called `matrix_nginx_proxy_ssl_config` is created. This allow to set the SSL configuration easily using the default options proposed by Mozilla. The default configuration is set to "Intermediate", removing the weak ciphers used in the old configurations. The new variable can also be set to "Custom" for a more granular control. This allows to set another three variables called: - `matrix_nginx_proxy_ssl_protocols`, - `matrix_nginx_proxy_ssl_prefer_server_ciphers` - `matrix_nginx_proxy_ssl_ciphers` Also a new task is added to validate the SSL configuration variable.
27 lines
1.4 KiB
YAML
27 lines
1.4 KiB
YAML
---
|
|
|
|
- name: (Deprecation) Catch and report renamed settings
|
|
fail:
|
|
msg: >-
|
|
Your configuration contains a variable, which now has a different name.
|
|
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
|
|
when: "item.old in vars"
|
|
with_items:
|
|
- {'old': 'matrix_nginx_proxy_matrix_client_api_addr_with_proxy_container', 'new': 'matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container'}
|
|
- {'old': 'matrix_nginx_proxy_matrix_client_api_addr_sans_proxy_container', 'new': 'matrix_nginx_proxy_proxy_matrix_client_api_addr_sans_container'}
|
|
# People who configured this to disable Riot, would now wish to be disabling Element.
|
|
# We now also have `matrix_nginx_proxy_proxy_riot_compat_redirect_`, but that's something else and is disabled by default.
|
|
- {'old': 'matrix_nginx_proxy_proxy_riot_enabled', 'new': 'matrix_nginx_proxy_proxy_element_enabled'}
|
|
|
|
- name: Fail on unknown matrix_ssl_retrieval_method
|
|
fail:
|
|
msg: >-
|
|
`matrix_ssl_retrieval_method` needs to be set to a known value.
|
|
when: "matrix_ssl_retrieval_method not in ['lets-encrypt', 'self-signed', 'manually-managed', 'none']"
|
|
|
|
- name: Fail on unknown matrix_nginx_proxy_ssl_config
|
|
fail:
|
|
msg: >-
|
|
`matrix_nginx_proxy_ssl_config` needs to be set to a known value.
|
|
when: "matrix_nginx_proxy_ssl_config not in ['Custom', 'Old', 'Intermediate', 'Modern']"
|