diff --git a/defaults/main.yml b/defaults/main.yml index da76fa0..6657aca 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -87,7 +87,7 @@ matrix_iptables_enabled: False matrix_open_ports: - name: allow_matrix_web rules: | - -A INPUT -m state --state NEW -p tcp --dport {{ matrix_bind_port }} -j ACCEPT + -A INPUT -m state --state NEW -p tcp --dport {{ matrix_http_bind_port }} -j ACCEPT state: present matrix_tls_enabled: False @@ -104,3 +104,5 @@ matrix_nginx_iptables_enabled: False matrix_nginx_tls_enabled: False matrix_nginx_tls_cert_file: matrix-cert.pem matrix_nginx_tls_key_file: matrix-key.pem +matrix_nginx_proxy_port: "{{ matrix_http_bind_port }}" +matrix_nginx_proxy_ip: "{{ matrix_http_bind_ips[0] }}" diff --git a/templates/nginx/vhost.j2 b/templates/nginx/vhost.j2 index 58c3363..90d1d2e 100644 --- a/templates/nginx/vhost.j2 +++ b/templates/nginx/vhost.j2 @@ -1,7 +1,7 @@ #jinja2: lstrip_blocks: True # {{ ansible_managed }} upstream backend_matrix { - server {{ matrix_bind_ip }}:{{ matrix_bind_port }}; + server {{ matrix_nginx_proxy_ip }}:{{ matrix_nginx_proxy_port }}; } server { @@ -14,7 +14,7 @@ server { return 301 https://$server_name$request_uri; {% else %} location / { - proxy_pass http://backend_matrix; + proxy_pass {{ 'https' if matrix_tls_enabled else 'http' }}://backend_matrix; proxy_set_header X-Forwarded-For $remote_addr; } {% endif %} @@ -28,7 +28,7 @@ server { client_max_body_size 200M; location / { - proxy_pass http://backend_matrix; + proxy_pass {{ 'https' if matrix_tls_enabled else 'http' }}://backend_matrix; proxy_set_header X-Forwarded-For $remote_addr; }