mirror of
https://git.anonymousland.org/anonymousland/synapse.git
synced 2024-10-01 11:49:51 -04:00
Add /_synapse/client to the reverse proxy docs (#8227)
This PR adds a information about forwarding `/_synapse/client` endpoints through your reverse proxy. The first of these endpoints are introduced in https://github.com/matrix-org/synapse/pull/8004.
This commit is contained in:
parent
5d3e306d9f
commit
95d869c357
15
UPGRADE.rst
15
UPGRADE.rst
@ -91,6 +91,21 @@ for example:
|
|||||||
Upgrading to v1.21.0
|
Upgrading to v1.21.0
|
||||||
====================
|
====================
|
||||||
|
|
||||||
|
Forwarding ``/_synapse/client`` through your reverse proxy
|
||||||
|
----------------------------------------------------------
|
||||||
|
|
||||||
|
The `reverse proxy documentation
|
||||||
|
<https://github.com/matrix-org/synapse/blob/develop/docs/reverse_proxy.md>`_ has been updated
|
||||||
|
to include reverse proxy directives for ``/_synapse/client/*`` endpoints. As the user password
|
||||||
|
reset flow now uses endpoints under this prefix, **you must update your reverse proxy
|
||||||
|
configurations for user password reset to work**.
|
||||||
|
|
||||||
|
Additionally, note that the `Synapse worker documentation
|
||||||
|
<https://github.com/matrix-org/synapse/blob/develop/docs/workers.md>`_ has been updated to
|
||||||
|
state that the ``/_synapse/client/password_reset/email/submit_token`` endpoint can be handled
|
||||||
|
by all workers. If you make use of Synapse's worker feature, please update your reverse proxy
|
||||||
|
configuration to reflect this change.
|
||||||
|
|
||||||
New HTML templates
|
New HTML templates
|
||||||
------------------
|
------------------
|
||||||
|
|
||||||
|
1
changelog.d/8227.doc
Normal file
1
changelog.d/8227.doc
Normal file
@ -0,0 +1 @@
|
|||||||
|
Add `/_synapse/client` to the reverse proxy documentation.
|
@ -11,7 +11,7 @@ privileges.
|
|||||||
|
|
||||||
**NOTE**: Your reverse proxy must not `canonicalise` or `normalise`
|
**NOTE**: Your reverse proxy must not `canonicalise` or `normalise`
|
||||||
the requested URI in any way (for example, by decoding `%xx` escapes).
|
the requested URI in any way (for example, by decoding `%xx` escapes).
|
||||||
Beware that Apache *will* canonicalise URIs unless you specifify
|
Beware that Apache *will* canonicalise URIs unless you specify
|
||||||
`nocanon`.
|
`nocanon`.
|
||||||
|
|
||||||
When setting up a reverse proxy, remember that Matrix clients and other
|
When setting up a reverse proxy, remember that Matrix clients and other
|
||||||
@ -23,6 +23,10 @@ specification](https://matrix.org/docs/spec/server_server/latest#resolving-serve
|
|||||||
for more details of the algorithm used for federation connections, and
|
for more details of the algorithm used for federation connections, and
|
||||||
[delegate.md](<delegate.md>) for instructions on setting up delegation.
|
[delegate.md](<delegate.md>) for instructions on setting up delegation.
|
||||||
|
|
||||||
|
Endpoints that are part of the standardised Matrix specification are
|
||||||
|
located under `/_matrix`, whereas endpoints specific to Synapse are
|
||||||
|
located under `/_synapse/client`.
|
||||||
|
|
||||||
Let's assume that we expect clients to connect to our server at
|
Let's assume that we expect clients to connect to our server at
|
||||||
`https://matrix.example.com`, and other servers to connect at
|
`https://matrix.example.com`, and other servers to connect at
|
||||||
`https://example.com:8448`. The following sections detail the configuration of
|
`https://example.com:8448`. The following sections detail the configuration of
|
||||||
@ -45,7 +49,7 @@ server {
|
|||||||
|
|
||||||
server_name matrix.example.com;
|
server_name matrix.example.com;
|
||||||
|
|
||||||
location /_matrix {
|
location ~* ^(\/_matrix|\/_synapse\/client) {
|
||||||
proxy_pass http://localhost:8008;
|
proxy_pass http://localhost:8008;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
# Nginx by default only allows file uploads up to 1M in size
|
# Nginx by default only allows file uploads up to 1M in size
|
||||||
@ -65,6 +69,10 @@ matrix.example.com {
|
|||||||
proxy /_matrix http://localhost:8008 {
|
proxy /_matrix http://localhost:8008 {
|
||||||
transparent
|
transparent
|
||||||
}
|
}
|
||||||
|
|
||||||
|
proxy /_synapse/client http://localhost:8008 {
|
||||||
|
transparent
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
example.com:8448 {
|
example.com:8448 {
|
||||||
@ -79,6 +87,7 @@ example.com:8448 {
|
|||||||
```
|
```
|
||||||
matrix.example.com {
|
matrix.example.com {
|
||||||
reverse_proxy /_matrix/* http://localhost:8008
|
reverse_proxy /_matrix/* http://localhost:8008
|
||||||
|
reverse_proxy /_synapse/client/* http://localhost:8008
|
||||||
}
|
}
|
||||||
|
|
||||||
example.com:8448 {
|
example.com:8448 {
|
||||||
@ -96,6 +105,8 @@ example.com:8448 {
|
|||||||
AllowEncodedSlashes NoDecode
|
AllowEncodedSlashes NoDecode
|
||||||
ProxyPass /_matrix http://127.0.0.1:8008/_matrix nocanon
|
ProxyPass /_matrix http://127.0.0.1:8008/_matrix nocanon
|
||||||
ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix
|
ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix
|
||||||
|
ProxyPass /_synapse/client http://127.0.0.1:8008/_synapse/client nocanon
|
||||||
|
ProxyPassReverse /_synapse/client http://127.0.0.1:8008/_synapse/client
|
||||||
</VirtualHost>
|
</VirtualHost>
|
||||||
|
|
||||||
<VirtualHost *:8448>
|
<VirtualHost *:8448>
|
||||||
@ -119,6 +130,7 @@ frontend https
|
|||||||
# Matrix client traffic
|
# Matrix client traffic
|
||||||
acl matrix-host hdr(host) -i matrix.example.com
|
acl matrix-host hdr(host) -i matrix.example.com
|
||||||
acl matrix-path path_beg /_matrix
|
acl matrix-path path_beg /_matrix
|
||||||
|
acl matrix-path path_beg /_synapse/client
|
||||||
|
|
||||||
use_backend matrix if matrix-host matrix-path
|
use_backend matrix if matrix-host matrix-path
|
||||||
|
|
||||||
@ -146,3 +158,10 @@ connecting to Synapse from a client.
|
|||||||
Synapse exposes a health check endpoint for use by reverse proxies.
|
Synapse exposes a health check endpoint for use by reverse proxies.
|
||||||
Each configured HTTP listener has a `/health` endpoint which always returns
|
Each configured HTTP listener has a `/health` endpoint which always returns
|
||||||
200 OK (and doesn't get logged).
|
200 OK (and doesn't get logged).
|
||||||
|
|
||||||
|
## Synapse administration endpoints
|
||||||
|
|
||||||
|
Endpoints for administering your Synapse instance are placed under
|
||||||
|
`/_synapse/admin`. These require authentication through an access token of an
|
||||||
|
admin user. However as access to these endpoints grants the caller a lot of power,
|
||||||
|
we do not recommend exposing them to the public internet without good reason.
|
||||||
|
@ -217,6 +217,7 @@ expressions:
|
|||||||
^/_matrix/client/(api/v1|r0|unstable)/joined_groups$
|
^/_matrix/client/(api/v1|r0|unstable)/joined_groups$
|
||||||
^/_matrix/client/(api/v1|r0|unstable)/publicised_groups$
|
^/_matrix/client/(api/v1|r0|unstable)/publicised_groups$
|
||||||
^/_matrix/client/(api/v1|r0|unstable)/publicised_groups/
|
^/_matrix/client/(api/v1|r0|unstable)/publicised_groups/
|
||||||
|
^/_synapse/client/password_reset/email/submit_token$
|
||||||
|
|
||||||
# Registration/login requests
|
# Registration/login requests
|
||||||
^/_matrix/client/(api/v1|r0|unstable)/login$
|
^/_matrix/client/(api/v1|r0|unstable)/login$
|
||||||
|
Loading…
Reference in New Issue
Block a user