Remove Caddy from the Synapse workers image used in Complement. (#12818)

2025-05-12 17:32:11 -04:00 · 2022-05-23 10:29:24 +01:00 · 2022-05-23 10:29:24 +01:00 · 4fef76ca34
commit 4fef76ca34
parent fbf904bd54
7 changed files with 38 additions and 93 deletions
--- a/docker/complement/conf-workers/start-complement-synapse-workers.sh
+++ b/docker/complement/conf-workers/start-complement-synapse-workers.sh
@ -9,9 +9,6 @@ function log {
    echo "$d $@"
 }

-# Replace the server name in the caddy config
-sed -i "s/{{ server_name }}/${SERVER_NAME}/g" /root/caddy.json
-
 # Set the server name of the homeserver
 export SYNAPSE_SERVER_NAME=${SERVER_NAME}

@ -39,6 +36,21 @@ export SYNAPSE_WORKER_TYPES="\
    appservice, \
    pusher"

+
+# Generate a TLS key, then generate a certificate by having Complement's CA sign it
+# Note that both the key and certificate are in PEM format (not DER).
+openssl genrsa -out /conf/server.tls.key 2048
+
+openssl req -new -key /conf/server.tls.key -out /conf/server.tls.csr \
+  -subj "/CN=${SERVER_NAME}"
+
+openssl x509 -req -in /conf/server.tls.csr \
+  -CA /complement/ca/ca.crt -CAkey /complement/ca/ca.key -set_serial 1 \
+  -out /conf/server.tls.crt
+
+export SYNAPSE_TLS_CERT=/conf/server.tls.crt
+export SYNAPSE_TLS_KEY=/conf/server.tls.key
+
 # Run the script that writes the necessary config files and starts supervisord, which in turn
 # starts everything else
 exec /configure_workers_and_start.py