Install and configure Nginx

inventories/production/host_vars/matrix.crypto-libertarian.com.yml

@@ -16,7 +16,11 @@ common__certbot__pre_hook: null
 
 common__nginx__state: null
 
+matrix__synapse__ssl_cert: '/etc/letsencrypt/live/matrix.crypto-libertarian.com/fullchain.pem'
+matrix__synapse__ssl_key:  '/etc/letsencrypt/live/matrix.crypto-libertarian.com/privkey.pem'
+
 matrix__synapse__server_name: 'crypto-libertarian.com'
+matrix__synapse__server_host: 'matrix.crypto-libertarian.com'
 matrix__synapse__baseurl: 'https://matrix.crypto-libertarian.com'
 matrix__synapse__admin_contact: 'mailto:kotovalexarian@gmail.com'
 

roles/matrix/defaults/main.yml

@@ -1,5 +1,9 @@
 ---
+matrix__synapse__ssl_cert: '/etc/letsencrypt/live/matrix.example.com/fullchain.pem'
+matrix__synapse__ssl_key:  '/etc/letsencrypt/live/matrix.example.com/privkey.pem'
+
 matrix__synapse__server_name: 'example.com'
+matrix__synapse__server_host: 'matrix.example.com'
 matrix__synapse__baseurl: 'https://matrix.example.com'
 matrix__synapse__admin_contact: 'mailto:user@example.com'
 

roles/matrix/handlers/main.yml

@@ -5,3 +5,8 @@
     daemon_reload: true
     enabled: true
     state: restarted
+
+- name: Restart Nginx
+  systemd:
+    name: nginx
+    state: restarted

roles/matrix/tasks/main.yml

@@ -1,3 +1,6 @@
 ---
+- include_tasks: nginx.yml
+- meta: flush_handlers
+
 - include_tasks: synapse.yml
 - meta: flush_handlers

roles/matrix/tasks/nginx.yml

@@ -0,0 +1,22 @@
+---
+- name: Install system package
+  apt:
+    name: nginx
+
+- name: Create Nginx server configuration
+  template:
+    src: '../templates/nginx/synapse.conf'
+    dest: '/etc/nginx/sites-available/synapse.conf'
+    mode: 'u=rw,g=rw,o=r'
+    owner: root
+    group: root
+  notify: Restart Nginx
+
+- name: Enable Nginx server configuration
+  file:
+    state: link
+    src: '/etc/nginx/sites-available/synapse.conf'
+    dest: '/etc/nginx/sites-enabled/synapse.conf'
+    owner: root
+    group: root
+  notify: Restart Nginx

roles/matrix/templates/nginx/synapse.conf

@@ -0,0 +1,18 @@
+server {
+  listen 8448      ssl;
+  listen [::]:8448 ssl;
+
+  server_name {{ matrix__synapse__server_host }};
+
+  ssl_certificate     {{ matrix__synapse__ssl_cert }};
+  ssl_certificate_key {{ matrix__synapse__ssl_key }};
+
+  location / {
+    proxy_pass http://localhost:8008;
+    proxy_set_header X-Forwarded-For $remote_addr;
+
+    # Nginx by default only allows file uploads up to 1M in size
+    # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
+    client_max_body_size 10M;
+  }
+}