websites/proxy-matrix: Add Synapse rev proxy setup

The *websites/proxy-matrix* role configures the Internet-facing reverse proxy to handle the *hatch.chat* domain. Most Matrix communication happens over the default HTTPS port, and as such will be directed through the reverse proxy.
2020-12-30 21:43:46 -06:00 · 2020-12-30 21:43:46 -06:00 · 5a114eecf0
parent 2df1605421
commit 5a114eecf0
5 changed files with 31 additions and 0 deletions
--- a/certs/websites/hatch.chat.cer
+++ b/certs/websites/hatch.chat.cer
@ -0,0 +1 @@
+../lego/hatch.chat.crt
--- a/certs/websites/hatch.chat.key
+++ b/certs/websites/hatch.chat.key
@ -0,0 +1 @@
+../lego/hatch.chat.key
--- a/roles/websites/proxy-matrix/tasks/main.yml
+++ b/roles/websites/proxy-matrix/tasks/main.yml
@ -0,0 +1,6 @@
+- name: ensure apache is configured to proxy for matrix
+  template:
+    src: matrix.httpd.conf.j2
+    dest: /etc/httpd/conf.d/matrix.conf
+    mode: '0644'
+  notify: reload httpd
--- a/roles/websites/proxy-matrix/templates/matrix.httpd.conf.j2
+++ b/roles/websites/proxy-matrix/templates/matrix.httpd.conf.j2
@ -0,0 +1,13 @@
+<VirtualHost *:443>
+ServerName hatch.chat
+
+Include conf.d/ssl.include
+SSLCertificateFile /etc/pki/tls/certs/hatch.chat.cer
+SSLCertificateKeyFile /etc/pki/tls/private/hatch.chat.key
+
+SSLProxyEngine On
+ProxyRequests Off
+AllowEncodedSlashes NoDecode
+ProxyPass / https://matrix0.pyrocufflink.blue/ nocanon
+ProxyPassReverse / https://matrix0.pyrocufflink.blue/
+</VirtualHost>
--- a/websites.yml
+++ b/websites.yml
@ -35,6 +35,16 @@
    tags:
    - websites/proxy
    - websites/proxy-openvpn
+  - role: cert
+    cert_src: websites/hatch.chat.cer
+    cert_dest: /etc/pki/tls/certs/hatch.chat.cer
+    cert_key_src: websites/hatch.chat.key
+    cert_key_dest: /etc/pki/tls/private/hatch.chat.key
+    tags: websites/hatch.chat
+  - role: websites/proxy-matrix
+    tags:
+    - websites/proxy
+    - websites/hatch.chat
  tasks:
  - name: ensure httpd service is running
    service: