Can't install Postmoogle while fronting Traefik

RoiArthurB commented 1 year ago

Describe the bug I'm currently fronting my rapberry pi install with a Caddy instance hosted on a VPS. The problem I have is that Postmoogle requires grabbing the SSL certificate, which isn't accessible from my rasp...

All the fronting process does follow this repo's practice recommandation ( https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/ccebbc07ca2ab931adde9e8fb12306949d0b6d2d/examples/caddy2/README.md )

To Reproduce My vars.yml file looks like this:


[...]

## === Switching Proxy to Traefik
matrix_playbook_reverse_proxy_type: playbook-managed-traefik
matrix_playbook_ssl_enabled: true
devture_traefik_config_entrypoint_web_secure_enabled: false
devture_traefik_container_web_host_bind_port: 'YYY:81'
devture_traefik_config_entrypoint_web_forwardedHeaders_insecure: true
devture_traefik_additional_entrypoints_auto:
  - name: matrix-federation
    port: 8448
    host_bind_port: 'YYY:8448'
    config:
     forwardedHeaders:
       insecure: true
       trustedIPs: ['ZZZ']
## !traefik ===;===

##  === Reverse reverse proxy - Keep nginx behind Caddy ===
matrix_ssl_retrieval_method: none
matrix_ssl_lets_encrypt_support_email: 'XXX'
matrix_nginx_proxy_https_enabled: false
#matrix_nginx_proxy_container_http_host_bind_port: '0.0.0.0:81'
#matrix_nginx_proxy_container_federation_host_bind_port: '0.0.0.0:8448'
# Trust the reverse proxy to send the correct `X-Forwarded-Proto` header as it is handling the SSL connection.
matrix_nginx_proxy_trust_forwarded_proto: true
## !proxy ===;===

[...]

# @postmoogle:DOMAIN
matrix_bot_postmoogle_enabled: true
matrix_bot_postmoogle_password: XXXX
matrix_bot_postmoogle_admins:
  - 'XXX'

[...]

Expected behavior Install Postmoogle without TLS if HTTPS is disable

Also, the installation was working all fine up to the starting check step. It might be great to highlight this potential problem in the documentation and/or in the ansible execution

Matrix Server:

OS: Debian 11 (RPi4)
Architecture: arm64

Ansible: If your problem appears to be with Ansible, tell us:

where you run Ansible -- e.g. on the Matrix server itself; on another computer (which OS? distro? standard installation or containerized Ansible?)
From another laptop, EndeavourOS (Arch Linux based), standard install

what version of Ansible you're running (see ansible --version)

$ ansible --version 
ansible [core 2.15.2]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/roiarthurb/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.11/site-packages/ansible
ansible collection location = /home/roiarthurb/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/bin/ansible
python version = 3.11.3 (main, Jun  5 2023, 09:32:32) [GCC 13.1.1 20230429] (/usr/bin/python)
jinja version = 3.1.2
libyaml = True

Additional context

Might be somehow related to #2613

aine-etke commented 1 year ago

postmoogle doesn't require any ssl certs to run, but playbook is configured to automatically add ssl certs into postmoogle when possible.

Just add the following to you vars.yml to override the playbook's defaults:

matrix_bot_postmoogle_tls_cert: ''
matrix_bot_postmoogle_tls_key: ''

RoiArthurB commented 1 year ago

Hi @etkecc

I just added your fix to my vars.yml, but it didn't fix it... :/

# @postmoogle:DOMAIN
matrix_bot_postmoogle_enabled: true
#matrix_bot_postmoogle_container_image_self_build: true
matrix_bot_postmoogle_password: XXX
matrix_bot_postmoogle_admins:
  - '@YYY:{{ matrix_domain }}'
# https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2819#issuecomment-1680086276
matrix_bot_postmoogle_tls_cert: ''
matrix_bot_postmoogle_tls_key: ''
matrix_bot_postmoogle_environment_variables_extension:  |
  POSTMOOGLE_TLS_REQUIRED=false

Aug 16 19:07:19 DietPi systemd[1]: matrix-bot-postmoogle.service: Scheduled restart job, restart counter is at 6.
Aug 16 19:07:19 DietPi systemd[1]: Stopped matrix-bot-postmoogle.service - Matrix Postmoogle bot.
Aug 16 19:07:19 DietPi systemd[1]: Starting matrix-bot-postmoogle.service - Matrix Postmoogle bot...
Aug 16 19:07:19 DietPi systemd[1]: Started matrix-bot-postmoogle.service - Matrix Postmoogle bot.
Aug 16 19:07:20 DietPi matrix-bot-postmoogle[3307961]: docker: Error response from daemon: invalid mount config for type "bind": bind source path does not exist: /matrix/traefik-certs-dumper/dumped-certificates.
Aug 16 19:07:20 DietPi matrix-bot-postmoogle[3307961]: See 'docker run --help'.
Aug 16 19:07:20 DietPi systemd[1]: matrix-bot-postmoogle.service: Main process exited, code=exited, status=125/n/a
Aug 16 19:07:20 DietPi systemd[1]: matrix-bot-postmoogle.service: Failed with result 'exit-code'.

aine-etke commented 1 year ago

Well, that's another thing. You need to disable that mount - check group vars and postoogle role defaults to find the var name. The idea is the same - pass the empty value (iirc, it's an array, not string)

RoiArthurB commented 1 year ago

Thanks for your help @etkecc !

I succeeded to have it running with these settings ! :hugs:

matrix_bot_postmoogle_enabled: true
matrix_bot_postmoogle_password: XXX
matrix_bot_postmoogle_admins:
  - '@YYY:{{ matrix_domain }}'
# https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2819#issuecomment-1680086276
matrix_bot_postmoogle_tls_cert: ''
matrix_bot_postmoogle_tls_key: ''
matrix_bot_postmoogle_ssl_path: ''
#matrix_bot_postmoogle_environment_variables_extension:  |
#  POSTMOOGLE_TLS_REQUIRED=false

spantaleev / matrix-docker-ansible-deploy

Can't install Postmoogle while fronting Traefik #2819