After having multiple people report issues with retrieving SSL certificates, we've finally discovered the culprit to be Ansible 2.5.1 (default and latest version on Ubuntu 18.04 LTS). As silly as it is, certain distributions ("LTS" even) are 13 bugfix versions of Ansible behind. From now on, we try to auto-detect buggy Ansible versions and tell the user. We also provide some tips for how to upgrade Ansible or run it from inside a Docker container. My testing shows that Ansible 2.4.0 and 2.4.6 are OK. All other intermediate 2.4.x versions haven't been tested, but we trust they're OK too. From the 2.5.x releases, only 2.5.0 and 2.5.1 seem to be affected. Ansible 2.5.2 corrects the problem with `include_tasks` + `with_items`.
1.7 KiB
Prerequisites
-
CentOS (7.0+), Debian (9/Stretch+) or Ubuntu (16.04+) server. This playbook can take over your whole server or co-exist with other services that you have there.
-
Python being installed on the server. Most distributions install Python by default, but some don't (e.g. Ubuntu 18.04) and require manual installation (something like
apt-get install python
). -
the Ansible program being installed on your own computer. It's used to run this playbook and configures your server for you. Take a look at our guide about Ansible for version requirements or alternative ways to run Ansible.
-
properly configured DNS SRV record for
<your-domain>
(details in Configuring DNS below) -
matrix.<your-domain>
domain name pointing to your new server - this is where the Matrix Synapse server will live (details in Configuring DNS below) -
riot.<your-domain>
domain name pointing to your new server - this is where the Riot web UI will live (details in Configuring DNS below) -
some TCP/UDP ports open. This playbook configures the server's internal firewall for you. In most cases, you don't need to do anything special. But if your server is running behind another firewall, you'd need to open these ports:
80/tcp
(HTTP webserver),443/tcp
(HTTPS webserver),3478/tcp
(STUN over TCP),3478/udp
(STUN over UDP),8448/tcp
(Matrix federation HTTPS webserver),49152-49172/udp
(TURN over UDP).
When ready to proceed, continue with Configuring DNS.