cqrenet/matrix-docker-ansible-deploy
3
0
Fork 0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2025-12-16 22:03:10 +00:00
Code Issues Wiki Activity

fix: migrate Traefik Cert Dumper configuration

Browse Source 
Relates to 904a98d56c.

Signed-off-by: The one with the braid <info@braid.business>
This commit is contained in:
The one with the braid
2025-12-09 07:58:40 +01:00
committed by Slavi Pantaleev
parent 59ab28cab2
commit fe9f70517e
5 changed files with 21 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
CHANGELOG.md
View File

@@ -1,3 +1,11 @@
# 2025-12-09
## Traefik Cert Dumper upgrade
The variable `traefik_certs_dumper_ssl_dir_path` was renamed to `traefik_certs_dumper_ssl_path`. Users who use [their own webserver with Traefik](docs/configuring-playbook-own-webserver.md) may need to adjust their configuration.
The variable `traefik_certs_dumper_dumped_certificates_dir_path` was renamed to `traefik_certs_dumper_dumped_certificates_path`. Users who use [SRV Server Delegation](docs/howto-srv-server-delegation.md) may need to adjust their configuration.
# 2025-11-23 # 2025-11-23
## Matrix.to support ## Matrix.to support

2
docs/configuring-playbook-own-webserver.md
View File

@@ -51,7 +51,7 @@ matrix_playbook_reverse_proxy_type: other-traefik-container
# Adjust to point to your Traefik container # Adjust to point to your Traefik container
matrix_playbook_reverse_proxy_hostname: name-of-your-traefik-container matrix_playbook_reverse_proxy_hostname: name-of-your-traefik-container
traefik_certs_dumper_ssl_dir_path: "/path/to/your/traefiks/acme.json/directory" traefik_certs_dumper_ssl_path: "/path/to/your/traefiks/acme.json/directory"
# Uncomment and adjust the variable below if the name of your federation entrypoint is different # Uncomment and adjust the variable below if the name of your federation entrypoint is different
# than the default value (matrix-federation). # than the default value (matrix-federation).

8
docs/howto-srv-server-delegation.md
View File

@@ -112,12 +112,12 @@ matrix_coturn_container_additional_volumes: |
( (
[ [
{ {
'src': (traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/certificate.crt'), 'src': (traefik_certs_dumper_dumped_certificates_path + '/*.' + matrix_domain + '/certificate.crt'),
'dst': '/certificate.crt', 'dst': '/certificate.crt',
'options': 'ro', 'options': 'ro',
}, },
{ {
'src': (traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/privatekey.key'), 'src': (traefik_certs_dumper_dumped_certificates_path + '/*.' + matrix_domain + '/privatekey.key'),
'dst': '/privatekey.key', 'dst': '/privatekey.key',
'options': 'ro', 'options': 'ro',
}, },
@@ -173,12 +173,12 @@ matrix_coturn_container_additional_volumes: |
( (
[ [
{ {
'src': (traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/certificate.crt'), 'src': (traefik_certs_dumper_dumped_certificates_path + '/*.' + matrix_domain + '/certificate.crt'),
'dst': '/certificate.crt', 'dst': '/certificate.crt',
'options': 'ro', 'options': 'ro',
}, },
{ {
'src': (traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/privatekey.key'), 'src': (traefik_certs_dumper_dumped_certificates_path + '/*.' + matrix_domain + '/privatekey.key'),
'dst': '/privatekey.key', 'dst': '/privatekey.key',
'options': 'ro', 'options': 'ro',
}, },

14
group_vars/matrix_servers
View File

@@ -2242,8 +2242,8 @@ matrix_postmoogle_container_image_self_build: "{{ matrix_architecture not in ['a
matrix_postmoogle_ssl_path: |- matrix_postmoogle_ssl_path: |-
{{ {{
{ {
'playbook-managed-traefik': (traefik_certs_dumper_dumped_certificates_dir_path if traefik_certs_dumper_enabled else ''), 'playbook-managed-traefik': (traefik_certs_dumper_dumped_certificates_path if traefik_certs_dumper_enabled else ''),
'other-traefik-container': (traefik_certs_dumper_dumped_certificates_dir_path if traefik_certs_dumper_enabled else ''), 'other-traefik-container': (traefik_certs_dumper_dumped_certificates_path if traefik_certs_dumper_enabled else ''),
'none': '', 'none': '',
}[matrix_playbook_reverse_proxy_type] }[matrix_playbook_reverse_proxy_type]
}} }}
@@ -3191,12 +3191,12 @@ matrix_coturn_container_additional_volumes: |
( (
[ [
{ {
'src': (traefik_certs_dumper_dumped_certificates_dir_path + '/' + matrix_server_fqn_matrix + '/certificate.crt'), 'src': (traefik_certs_dumper_dumped_certificates_path + '/' + matrix_server_fqn_matrix + '/certificate.crt'),
'dst': '/certificate.crt', 'dst': '/certificate.crt',
'options': 'ro', 'options': 'ro',
}, },
{ {
'src': (traefik_certs_dumper_dumped_certificates_dir_path + '/' + matrix_server_fqn_matrix + '/privatekey.key'), 'src': (traefik_certs_dumper_dumped_certificates_path + '/' + matrix_server_fqn_matrix + '/privatekey.key'),
'dst': '/privatekey.key', 'dst': '/privatekey.key',
'options': 'ro', 'options': 'ro',
}, },
@@ -5881,7 +5881,7 @@ traefik_certs_dumper_base_path: "{{ matrix_base_data_path }}/traefik-certs-dumpe
traefik_certs_dumper_uid: "{{ matrix_user_uid }}" traefik_certs_dumper_uid: "{{ matrix_user_uid }}"
traefik_certs_dumper_gid: "{{ matrix_user_gid }}" traefik_certs_dumper_gid: "{{ matrix_user_gid }}"
traefik_certs_dumper_ssl_dir_path: "{{ traefik_ssl_dir_path if traefik_enabled else '' }}" traefik_certs_dumper_ssl_path: "{{ traefik_ssl_dir_path if traefik_enabled else '' }}"
traefik_certs_dumper_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else traefik_certs_dumper_container_image_registry_prefix_upstream_default }}" traefik_certs_dumper_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else traefik_certs_dumper_container_image_registry_prefix_upstream_default }}"
@@ -5990,12 +5990,12 @@ livekit_server_container_additional_volumes_auto: |
( (
[ [
{ {
'src': (traefik_certs_dumper_dumped_certificates_dir_path + '/' + livekit_server_config_turn_domain + '/certificate.crt'), 'src': (traefik_certs_dumper_dumped_certificates_path + '/' + livekit_server_config_turn_domain + '/certificate.crt'),
'dst': livekit_server_config_turn_cert_file, 'dst': livekit_server_config_turn_cert_file,
'options': 'ro', 'options': 'ro',
}, },
{ {
'src': (traefik_certs_dumper_dumped_certificates_dir_path + '/' + livekit_server_config_turn_domain + '/privatekey.key'), 'src': (traefik_certs_dumper_dumped_certificates_path + '/' + livekit_server_config_turn_domain + '/privatekey.key'),
'dst': livekit_server_config_turn_key_file, 'dst': livekit_server_config_turn_key_file,
'options': 'ro', 'options': 'ro',
}, },

2
roles/custom/matrix-base/defaults/main.yml
View File

@@ -273,7 +273,7 @@ matrix_metrics_exposure_http_basic_auth_users: ''
# - nevertheless, the playbook expects that you would install Traefik yourself via other means # - nevertheless, the playbook expects that you would install Traefik yourself via other means
# - you should make sure your Traefik configuration is compatible with what the playbook would have configured (web, web-secure, matrix-federation entrypoints, etc.) # - you should make sure your Traefik configuration is compatible with what the playbook would have configured (web, web-secure, matrix-federation entrypoints, etc.)
# - you need to set `matrix_playbook_reverse_proxyable_services_additional_network` to the name of your Traefik network # - you need to set `matrix_playbook_reverse_proxyable_services_additional_network` to the name of your Traefik network
# - Traefik certs dumper will be enabled by default (`traefik_certs_dumper_enabled`). You need to point it to your Traefik's SSL certificates (`traefik_certs_dumper_ssl_dir_path`) # - Traefik certs dumper will be enabled by default (`traefik_certs_dumper_enabled`). You need to point it to your Traefik's SSL certificates (`traefik_certs_dumper_ssl_path`)
# #
# - `none` # - `none`
# - no reverse-proxy will be installed # - no reverse-proxy will be installed