diff --git a/certs/websites/hatch.chat.cer b/certs/websites/hatch.chat.cer new file mode 120000 index 0000000..0f61f5e --- /dev/null +++ b/certs/websites/hatch.chat.cer @@ -0,0 +1 @@ +../lego/hatch.chat.crt \ No newline at end of file diff --git a/certs/websites/hatch.chat.key b/certs/websites/hatch.chat.key new file mode 120000 index 0000000..38fea13 --- /dev/null +++ b/certs/websites/hatch.chat.key @@ -0,0 +1 @@ +../lego/hatch.chat.key \ No newline at end of file diff --git a/roles/websites/proxy-matrix/tasks/main.yml b/roles/websites/proxy-matrix/tasks/main.yml new file mode 100644 index 0000000..1e4cfb1 --- /dev/null +++ b/roles/websites/proxy-matrix/tasks/main.yml @@ -0,0 +1,6 @@ +- name: ensure apache is configured to proxy for matrix + template: + src: matrix.httpd.conf.j2 + dest: /etc/httpd/conf.d/matrix.conf + mode: '0644' + notify: reload httpd diff --git a/roles/websites/proxy-matrix/templates/matrix.httpd.conf.j2 b/roles/websites/proxy-matrix/templates/matrix.httpd.conf.j2 new file mode 100644 index 0000000..bc1b0fa --- /dev/null +++ b/roles/websites/proxy-matrix/templates/matrix.httpd.conf.j2 @@ -0,0 +1,13 @@ + +ServerName hatch.chat + +Include conf.d/ssl.include +SSLCertificateFile /etc/pki/tls/certs/hatch.chat.cer +SSLCertificateKeyFile /etc/pki/tls/private/hatch.chat.key + +SSLProxyEngine On +ProxyRequests Off +AllowEncodedSlashes NoDecode +ProxyPass / https://matrix0.pyrocufflink.blue/ nocanon +ProxyPassReverse / https://matrix0.pyrocufflink.blue/ + diff --git a/websites.yml b/websites.yml index 542853a..3fdfb49 100644 --- a/websites.yml +++ b/websites.yml @@ -35,6 +35,16 @@ tags: - websites/proxy - websites/proxy-openvpn + - role: cert + cert_src: websites/hatch.chat.cer + cert_dest: /etc/pki/tls/certs/hatch.chat.cer + cert_key_src: websites/hatch.chat.key + cert_key_dest: /etc/pki/tls/private/hatch.chat.key + tags: websites/hatch.chat + - role: websites/proxy-matrix + tags: + - websites/proxy + - websites/hatch.chat tasks: - name: ensure httpd service is running service: