Install and configure Nginx

2020-07-02 18:33:32 +05:00 · 2020-07-02 18:33:32 +05:00 · 5211b5a492
commit 5211b5a492
parent b9278457be
6 changed files with 56 additions and 0 deletions
--- a/inventories/production/host_vars/matrix.crypto-libertarian.com.yml
+++ b/inventories/production/host_vars/matrix.crypto-libertarian.com.yml
@ -16,7 +16,11 @@ common__certbot__pre_hook: null

 common__nginx__state: null

+matrix__synapse__ssl_cert: '/etc/letsencrypt/live/matrix.crypto-libertarian.com/fullchain.pem'
+matrix__synapse__ssl_key:  '/etc/letsencrypt/live/matrix.crypto-libertarian.com/privkey.pem'
+
 matrix__synapse__server_name: 'crypto-libertarian.com'
+matrix__synapse__server_host: 'matrix.crypto-libertarian.com'
 matrix__synapse__baseurl: 'https://matrix.crypto-libertarian.com'
 matrix__synapse__admin_contact: 'mailto:kotovalexarian@gmail.com'

--- a/roles/matrix/defaults/main.yml
+++ b/roles/matrix/defaults/main.yml
@ -1,5 +1,9 @@
 ---
+matrix__synapse__ssl_cert: '/etc/letsencrypt/live/matrix.example.com/fullchain.pem'
+matrix__synapse__ssl_key:  '/etc/letsencrypt/live/matrix.example.com/privkey.pem'
+
 matrix__synapse__server_name: 'example.com'
+matrix__synapse__server_host: 'matrix.example.com'
 matrix__synapse__baseurl: 'https://matrix.example.com'
 matrix__synapse__admin_contact: 'mailto:user@example.com'

--- a/roles/matrix/handlers/main.yml
+++ b/roles/matrix/handlers/main.yml
@ -5,3 +5,8 @@
    daemon_reload: true
    enabled: true
    state: restarted
+
+- name: Restart Nginx
+  systemd:
+    name: nginx
+    state: restarted
--- a/roles/matrix/tasks/main.yml
+++ b/roles/matrix/tasks/main.yml
@ -1,3 +1,6 @@
 ---
+- include_tasks: nginx.yml
+- meta: flush_handlers
+
 - include_tasks: synapse.yml
 - meta: flush_handlers
--- a/roles/matrix/tasks/nginx.yml
+++ b/roles/matrix/tasks/nginx.yml
@ -0,0 +1,22 @@
+---
+- name: Install system package
+  apt:
+    name: nginx
+
+- name: Create Nginx server configuration
+  template:
+    src: '../templates/nginx/synapse.conf'
+    dest: '/etc/nginx/sites-available/synapse.conf'
+    mode: 'u=rw,g=rw,o=r'
+    owner: root
+    group: root
+  notify: Restart Nginx
+
+- name: Enable Nginx server configuration
+  file:
+    state: link
+    src: '/etc/nginx/sites-available/synapse.conf'
+    dest: '/etc/nginx/sites-enabled/synapse.conf'
+    owner: root
+    group: root
+  notify: Restart Nginx
--- a/roles/matrix/templates/nginx/synapse.conf
+++ b/roles/matrix/templates/nginx/synapse.conf
@ -0,0 +1,18 @@
+server {
+  listen 8448      ssl;
+  listen [::]:8448 ssl;
+
+  server_name {{ matrix__synapse__server_host }};
+
+  ssl_certificate     {{ matrix__synapse__ssl_cert }};
+  ssl_certificate_key {{ matrix__synapse__ssl_key }};
+
+  location / {
+    proxy_pass http://localhost:8008;
+    proxy_set_header X-Forwarded-For $remote_addr;
+
+    # Nginx by default only allows file uploads up to 1M in size
+    # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
+    client_max_body_size 10M;
+  }
+}