mirror of
https://github.com/spantaleev/matrix-docker-ansible-deploy.git
synced 2024-12-12 08:43:55 +02:00
73af8f7bbb
By default, `--tags=self-check` no longer validates certificates when `matrix_ssl_retrieval_method` is set to `self-signed`. Besides this default, people can also enable/disable validation using the individual role variables manually. Fixes #124 (Github Issue)
68 lines
3.8 KiB
YAML
68 lines
3.8 KiB
YAML
---
|
|
|
|
- set_fact:
|
|
well_known_url_matrix: "https://{{ matrix_server_fqn_matrix }}{{ well_known_file_check.path }}"
|
|
well_known_url_identity: "https://{{ matrix_domain }}{{ well_known_file_check.path }}"
|
|
|
|
# These well-known files may be served without a `Content-Type: application/json` header,
|
|
# so we can't rely on the uri module's automatic parsing of JSON.
|
|
- name: Check .well-known on the matrix hostname
|
|
uri:
|
|
url: "{{ well_known_url_matrix }}"
|
|
follow_redirects: false
|
|
return_content: true
|
|
validate_certs: "{{ well_known_file_check.validate_certs }}"
|
|
register: result_well_known_matrix
|
|
ignore_errors: true
|
|
|
|
- name: Fail if .well-known not working on the matrix hostname
|
|
fail:
|
|
msg: "Failed checking that the well-known file for {{ well_known_file_check.purpose }} is configured at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`). Is port 443 open in your firewall? Full error: {{ result_well_known_matrix }}"
|
|
when: "result_well_known_matrix.failed"
|
|
|
|
- name: Parse JSON for well-known payload at the matrix hostname
|
|
set_fact:
|
|
well_known_matrix_payload: "{{ result_well_known_matrix.content|from_json }}"
|
|
|
|
- name: Fail if .well-known not CORS-aware on the matrix hostname
|
|
fail:
|
|
msg: "The well-known file for {{ well_known_file_check.purpose }} on `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`) is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set."
|
|
when: "well_known_file_check.cors and 'access_control_allow_origin' not in result_well_known_matrix"
|
|
|
|
- name: Report working .well-known on the matrix hostname
|
|
debug:
|
|
msg: "well-known for {{ well_known_file_check.purpose }} is configured correctly for `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`)"
|
|
|
|
- name: Check .well-known on the identity hostname
|
|
uri:
|
|
url: "{{ well_known_url_identity }}"
|
|
follow_redirects: "{{ well_known_file_check.follow_redirects }}"
|
|
return_content: true
|
|
validate_certs: "{{ well_known_file_check.validate_certs }}"
|
|
register: result_well_known_identity
|
|
ignore_errors: true
|
|
|
|
- name: Fail if .well-known not working on the identity hostname
|
|
fail:
|
|
msg: "Failed checking that the well-known file for {{ well_known_file_check.purpose }} is configured at `{{ matrix_domain }}` (checked endpoint: `{{ well_known_url_identity }}`). Is port 443 open in your firewall? Full error: {{ result_well_known_identity }}"
|
|
when: "result_well_known_identity.failed"
|
|
|
|
- name: Parse JSON for well-known payload at the identity hostname
|
|
set_fact:
|
|
well_known_identity_payload: "{{ result_well_known_identity.content|from_json }}"
|
|
|
|
- name: Fail if .well-known not CORS-aware on the identity hostname
|
|
fail:
|
|
msg: "The well-known file for {{ well_known_file_check.purpose }} on `{{ matrix_domain }}` (checked endpoint: `{{ well_known_url_identity }}`) is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set. See docs/configuring-well-known.md"
|
|
when: "well_known_file_check.cors and 'access_control_allow_origin' not in result_well_known_identity"
|
|
|
|
# For people who manually copy the well-known file, try to detect if it's outdated
|
|
- name: Fail if well-known is different on matrix hostname and identity hostname
|
|
fail:
|
|
msg: "The well-known files for {{ well_known_file_check.purpose }} at `{{ matrix_server_fqn_matrix }}` and `{{ matrix_domain }}` are different. Perhaps you copied the file ({{ well_known_file_check.path }}) manually before and now it's outdated?"
|
|
when: "well_known_matrix_payload != well_known_identity_payload"
|
|
|
|
- name: Report working .well-known on the identity hostname
|
|
debug:
|
|
msg: "well-known for {{ well_known_file_check.purpose }} ({{ well_known_file_check.path }}) is configured correctly for `{{ matrix_domain }}` (checked endpoint: `{{ well_known_url_identity }}`)"
|