Add 'none' SSL certificate retrieval method

docs/configuring-playbook-ssl-certificates.md

@@ -2,6 +2,8 @@
 
 By default, this playbook retrieves and auto-renews free SSL certificates from [Let's Encrypt](https://letsencrypt.org/).
 
+Those certificates are used when configuring the nginx reverse proxy installed by this playbook.
+
 If that's alright, you can skip this.
 
 
@@ -29,4 +31,15 @@ With such a configuration, the playbook would expect you to drop the SSL certifi
 - `<matrix_ssl_config_dir_path>/live/<domain>/fullchain.pem`
 - `<matrix_ssl_config_dir_path>/live/<domain>/privkey.pem`
 
-where `<domain>` refers to the domains that you need (usually `matrix.<your-domain>` and `riot.<your-domain>`).
+where `<domain>` refers to the domains that you need (usually `matrix.<your-domain>` and `riot.<your-domain>`).
+
+
+## Not bothering with SSL certificates
+
+If you're [using an external web server](configuring-playbook-own-webserver.md) which is not nginx, or you would otherwise want to manage its certificates without this playbook getting in the way, you can completely disable SSL certificate management with the following configuration:
+
+```yaml
+matrix_ssl_retrieval_method: none
+```
+
+With such a configuration, no certificates will be retrieved at all. You're free to manage them however you want.

roles/matrix-nginx-proxy/defaults/main.yml

@@ -66,6 +66,7 @@ matrix_nginx_proxy_ssl_protocols: "TLSv1.1 TLSv1.2 TLSv1.3"
 # - "lets-encrypt" - the playbook obtains free SSL certificates from Let's Encrypt
 # - "self-signed" - the playbook generates and self-signs certificates
 # - "manually-managed" - lets you manage certificates by yourself (manually; see below)
+# - "none" - like "manually-managed", but doesn't care if you don't drop certificates in the location it expects
 #
 # If you decide to manage certificates by yourself (`matrix_ssl_retrieval_method: manually-managed`),
 # you'd need to drop them into the directory specified by `matrix_ssl_config_dir_path`
@@ -73,6 +74,10 @@ matrix_nginx_proxy_ssl_protocols: "TLSv1.1 TLSv1.2 TLSv1.3"
 # - <matrix_ssl_config_dir_path>/live/<domain>/fullchain.pem
 # - <matrix_ssl_config_dir_path>/live/<domain>/privkey.pem
 # where <domain> refers to the domains that you need (usually `hostname_matrix` and `hostname_riot`).
+#
+# The "none" type (`matrix_ssl_retrieval_method: none`), simply means that no certificate retrieval will happen.
+# It's useful for when you've disabled the nginx proxy (`matrix_nginx_proxy_enabled: false`)
+# and you'll be using another reverse-proxy server (like Apache) with your own certificates, managed by yourself.
 matrix_ssl_retrieval_method: "lets-encrypt"
 
 # The list of domains that this role will obtain certificates for.

roles/matrix-nginx-proxy/tasks/ssl/main.yml

@@ -3,10 +3,10 @@
 - name: Fail if using unsupported SSL certificate retrieval method
   fail:
     msg: "The `matrix_ssl_retrieval_method` variable contains an unsupported value"
-  when: "matrix_ssl_retrieval_method not in ['lets-encrypt', 'self-signed', 'manually-managed']"
+  when: "matrix_ssl_retrieval_method not in ['lets-encrypt', 'self-signed', 'manually-managed', 'none']"
 
 
-# Common tasks, required by any method below.
+# Common tasks, required by almost any method below.
 
 - name: Ensure SSL certificate paths exists
   file:
@@ -19,6 +19,7 @@
   with_items:
     - "{{ matrix_ssl_log_dir_path }}"
     - "{{ matrix_ssl_config_dir_path }}"
+  when: "matrix_ssl_retrieval_method != 'none'"
 
 
 # Method specific tasks follow