search

spantaleev / matrix-docker-ansible-deploy

🐳 Matrix (An open network for secure, decentralized communication) server setup using Ansible and Docker
GNU Affero General Public License v3.0
4.88k stars 1.04k forks source link

devture_traefik_ssl_dir_enabled option does nothing (missing ssl folder) #2688

Open xvsun opened 1 year ago

xvsun commented 1 year ago

Describe the bug When trying to deploy the playbook and using your own certificate, the certificate doesn't get deployed because the directory /matrix/traefik/ssl is missing. Is "devture_traefik_ssl_dir_enabled = true" working?

To Reproduce From original as reference

# Disable ACME / Let's Encrypt support.
devture_traefik_config_certificatesResolvers_acme_enabled: false

# Disabling ACME support (above) automatically disables the creation of the SSL directory.
# Force-enable it here, because we'll add our certificate files there.
devture_traefik_ssl_dir_enabled: true

# Tell Traefik to load our custom configuration file (certificates.yml).
# The file is created below, in `aux_file_definitions`.
# The `/config/..` path is an in-container path, not a path on the host (like `/matrix/traefik/config`). Do not change it!
devture_traefik_configuration_extension_yaml: |
  providers:
    file:
      filename: /config/certificates.yml
      watch: true

# Use the aux role to create our custom files on the server.
# If you'd like to do this manually, you remove this `aux_file_definitions` variable.
aux_file_definitions:
  # Create the privkey.pem file on the server by
  # uploading a file from the computer where Ansible is running.
  - dest: "{{ devture_traefik_ssl_dir_path }}/privkey.pem"
    #src: /path/on/your/Ansible/computer/to/privkey.pem
    # Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline.
    # Note the indentation level.
     content: |
       FILE CONTENT
       HERE

  # Create the cert.pem file on the server
  # uploading a file from the computer where Ansible is running.
  - dest: "{{ devture_traefik_ssl_dir_path }}/cert.pem"
    #src: /path/on/your/Ansible/computer/to/cert.pem
    # Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline.
    # Note the indentation level.
     content: |
       FILE CONTENT
       HERE

  # Create the custom Traefik configuration.
  # The `/ssl/..` paths below are in-container paths, not paths on the host (/`matrix/traefik/ssl/..`). Do not change them!
  - dest: "{{ devture_traefik_config_dir_path }}/certificates.yml"
    content: |
      tls:
        certificates:
          - certFile: /ssl/cert.pem
            keyFile: /ssl/privkey.pem
        stores:
          default:
            defaultCertificate:
              certFile: /ssl/cert.pem
              keyFile: /ssl/privkey.pem

Giving the values so the certificate and key are getting deployed.

Expected behavior Certificates are stored on the server under /matrix/traefik/ssl

Matrix Server:

Additional context Adding the ssl folder under /matrix/traefik/ does solve the problem and the setup is running through.

janonym1 commented 1 year ago

I stumpled upon the same problem when migrating from nginx to traefik and creating /matrix/traefik/ssl beforehand worked for me as well

duisen0v commented 1 year ago

@janonym1 what is a full path to create this directory at?

xvsun commented 1 year ago

@janonym1 what is a full path to create this directory at?

wdym? /matrix/traefik/ssl is the full path needed so the ansible playbook is working

janonym1 commented 1 year ago

If the folder/matrix/traefik/ssl does not exist on the host beforehand, you may have to create it by hand (mkdir -p /matrix/traefik/ssl) before deploying the playbook. The playbook may be missing the existence+create check for this folder