mirror of
https://git.anonymousland.org/anonymousland/synapse.git
synced 2024-12-25 23:19:25 -05:00
Address changes
This commit is contained in:
parent
7f914a2dbf
commit
0d70288c59
35
README.rst
35
README.rst
@ -220,28 +220,19 @@ is configured to use TLS for `Federation`_ with a self-signed or verified
|
|||||||
certificate, but please be aware that a valid certificate will be required in
|
certificate, but please be aware that a valid certificate will be required in
|
||||||
Synapse v1.0.
|
Synapse v1.0.
|
||||||
|
|
||||||
If you would like to do initial testing with a client without having to setup
|
|
||||||
a reverse proxy, you can temporarly use another certificate. You can do so by
|
|
||||||
changing ``tls_certificate_path`` and ``tls_private_key_path`` in
|
|
||||||
``homeserver.yaml``; alternatively, you can use a reverse-proxy, but be sure
|
|
||||||
to read `Using a reverse proxy with Synapse`_ when doing so. Apart from port
|
|
||||||
8448 using TLS, both ports are the same in the default configuration.
|
|
||||||
|
|
||||||
ACME setup
|
ACME setup
|
||||||
----------
|
----------
|
||||||
|
|
||||||
Synapse v1.0 requires valid TLS certificates for communication between servers
|
Synapse v1.0 requires valid TLS certificates for communication between servers
|
||||||
(port ``8448`` by default) in addition to those that are client-facing (port
|
(port ``8448`` by default) in addition to those that are client-facing (port
|
||||||
``443``). Synapse v0.99.0+ **will provision server-to-server certificates
|
``443``). In the case that your `server_name` config variable is the same as
|
||||||
automatically for you for free** through `Let's Encrypt
|
the hostname that the client connects to, then the same certificate can be
|
||||||
|
used between client and federation ports without issue. Synapse v0.99.0+
|
||||||
|
**will provision server-to-server certificates automatically for you for
|
||||||
|
free** through `Let's Encrypt
|
||||||
<https://letsencrypt.org/>`_ if you tell it to.
|
<https://letsencrypt.org/>`_ if you tell it to.
|
||||||
|
|
||||||
Note: Synapse does not currently hot-renew Let's Encrypt certificates for
|
|
||||||
you, it only checks for certificates that need renewing on restart. This
|
|
||||||
functionality will be implemented promptly, but if in the meantime your
|
|
||||||
federation certificates expire, simply restarting Synapse should renew
|
|
||||||
them automatically.
|
|
||||||
|
|
||||||
In order for Synapse to complete the ACME challenge to provision a
|
In order for Synapse to complete the ACME challenge to provision a
|
||||||
certificate, it needs access to port 80. Typically listening on port 80 is
|
certificate, it needs access to port 80. Typically listening on port 80 is
|
||||||
only granted to applications running as root. There are thus two solutions to
|
only granted to applications running as root. There are thus two solutions to
|
||||||
@ -250,7 +241,7 @@ this problem.
|
|||||||
**Using a reverse proxy**
|
**Using a reverse proxy**
|
||||||
|
|
||||||
A reverse proxy such as Apache or Nginx allows a single process (the web
|
A reverse proxy such as Apache or Nginx allows a single process (the web
|
||||||
server) to listen on port 80 and redirect traffic to the appropriate program
|
server) to listen on port 80 and proxy traffic to the appropriate program
|
||||||
running on your server. It is the recommended method for setting up ACME as
|
running on your server. It is the recommended method for setting up ACME as
|
||||||
it allows you to use your existing webserver while also allowing Synapse to
|
it allows you to use your existing webserver while also allowing Synapse to
|
||||||
provision certificates as needed.
|
provision certificates as needed.
|
||||||
@ -278,7 +269,7 @@ usually run a web server on port 80. Nevertheless, if you're sure port 80 is
|
|||||||
not being used for any other purpose then all that is necessary is the
|
not being used for any other purpose then all that is necessary is the
|
||||||
following:
|
following:
|
||||||
|
|
||||||
Install ``authbind``::
|
Install ``authbind``. For example, on Debian/Ubuntu::
|
||||||
|
|
||||||
sudo apt-get install authbind
|
sudo apt-get install authbind
|
||||||
|
|
||||||
@ -291,9 +282,11 @@ When Synapse is started, use the following syntax::
|
|||||||
|
|
||||||
authbind --deep <synapse start command>
|
authbind --deep <synapse start command>
|
||||||
|
|
||||||
If you would like to use your own certificates, simply specify them in
|
If you would like to use your own certificates, you can do so by
|
||||||
``homeserver.yaml``.
|
changing ``tls_certificate_path`` and ``tls_private_key_path`` in
|
||||||
|
``homeserver.yaml``; alternatively, you can use a reverse-proxy, but be sure
|
||||||
|
to read `Using a reverse proxy with Synapse`_ when doing so. Apart from port
|
||||||
|
8448 using TLS, both ports are the same in the default configuration.
|
||||||
|
|
||||||
Registering a user
|
Registering a user
|
||||||
------------------
|
------------------
|
||||||
@ -622,7 +615,7 @@ you to run your server on a machine that might not have the same name as your
|
|||||||
domain name. For example, you might want to run your server at
|
domain name. For example, you might want to run your server at
|
||||||
``synapse.example.com``, but have your Matrix user-ids look like
|
``synapse.example.com``, but have your Matrix user-ids look like
|
||||||
``@user:example.com``. (A SRV record also allows you to change the port from
|
``@user:example.com``. (A SRV record also allows you to change the port from
|
||||||
the default 8448.
|
the default 8448).
|
||||||
|
|
||||||
To use a SRV record, first create your SRV record and publish it in DNS. This
|
To use a SRV record, first create your SRV record and publish it in DNS. This
|
||||||
should have the format ``_matrix._tcp.<yourdomain.com> <ttl> IN SRV 10 0 <port>
|
should have the format ``_matrix._tcp.<yourdomain.com> <ttl> IN SRV 10 0 <port>
|
||||||
@ -768,8 +761,6 @@ Having done so, you can then use ``https://matrix.example.com`` (instead of
|
|||||||
``https://matrix.example.com:8448``) as the "Custom server" when `Connecting to
|
``https://matrix.example.com:8448``) as the "Custom server" when `Connecting to
|
||||||
Synapse from a client`_.
|
Synapse from a client`_.
|
||||||
|
|
||||||
Please see `ACME setup`_ for details on reverse-proxying the federation port.
|
|
||||||
|
|
||||||
|
|
||||||
Identity Servers
|
Identity Servers
|
||||||
================
|
================
|
||||||
|
Loading…
Reference in New Issue
Block a user