Deploy Rocket.Chat with Ansible!
Major refactoring for robustness and including Let's Encrypt support
Update NPM to 5.6.0
Adding httpd_sys_content_t role for selinux to allow traffic to well_known folder
Change the way NPM and NodeJS are installed for robustness
rocket_chat_node_path is now
rocket_chat_node_prefix` without the /binrocket_chat_node_orig_npm
is now rockat_chat_npm_dist
rocket_chat_node_path
: path to installed node binaryrocket_chat_npm_version
: Explicit NPM versionrocket_chat_npm_path
: path to installed npm binaryrocket_chat_npm_dist
: path to distribution NPMAdd rocket_chat_letsencrypt_force_renew
: false
SELinux: Restorecon well-known directory for let's encrypt
Re-order instantiation of rocket_chat_service_group,user in order to fix a conflict
Check for privilege escalation rights (i.e. sudo) This is required in order to become a different user than the SSH user
Add Fedora support 24+
Enable HTTP/2 support if the nginx server supports it
Enhance SSL options to meet current secure standards (HSTS ENABLED!)
Vagrantfile:
Add gcc-c++
and policycoreutils-python
for RedHat distros that may
need to compile certain dependencies
Fix Installing cron on jessie docker fails the build
Let's Encrypt Support!
Add rocket_chat_letsencrypt_* variables to defaults/main.yml
Add tasks/letsencrypt.yml utilizing acme-tiny.py for SSL certs
Inserts cronjob in /etc/cron.monthly/acme-tiny_renew.sh to keep things current (perhaps systemd timer in the future)\
Set newly generated generic RSA certs to 4096 bits
Add .well-known path for ACME in templates/rocket_chat.conf
Add cron
to dependencies
Replace the use of the file module for permission recursion with chown
I've noticed over the course of using the role myself and testing that the use of Ansible's file module to recursively ensure permissions for the bundle directory is quite slow and can significantly impact the time it takes the role to complete. Chown in this instance is much, much faster. I'm commenting out the old functionality for posterity but will probably remove it in the future or revert back to Ansible's way if it improves in speed.
Use the n
version of node to install instead of system version:
It doesn't seem right to use the original node binary to install rocket.chat, especially on systems that use much older versions of node, like on CentOS.
Update download path and sha256 sum to reference latest
Update NodeJS to latest LTS version 8.9.4