mirror of
https://git.anonymousland.org/anonymousland/synapse.git
synced 2024-12-19 05:04:19 -05:00
Disable TLS by default (#4614)
This commit is contained in:
parent
32b781bfe2
commit
a4ce91396b
1
changelog.d/4614.feature
Normal file
1
changelog.d/4614.feature
Normal file
@ -0,0 +1 @@
|
|||||||
|
The default configuration no longer requires TLS certificates.
|
@ -387,28 +387,24 @@ class ServerConfig(Config):
|
|||||||
# webclient: A web client. Requires web_client_location to be set.
|
# webclient: A web client. Requires web_client_location to be set.
|
||||||
#
|
#
|
||||||
listeners:
|
listeners:
|
||||||
# Main HTTPS listener.
|
# TLS-enabled listener: for when matrix traffic is sent directly to synapse.
|
||||||
# For when matrix traffic is sent directly to synapse.
|
#
|
||||||
- port: %(bind_port)s
|
# Disabled by default. To enable it, uncomment the following. (Note that you
|
||||||
type: http
|
# will also need to give Synapse a TLS key and certificate: see the TLS section
|
||||||
tls: true
|
# below.)
|
||||||
|
#
|
||||||
|
# - port: %(bind_port)s
|
||||||
|
# type: http
|
||||||
|
# tls: true
|
||||||
|
# resources:
|
||||||
|
# - names: [client, federation]
|
||||||
|
|
||||||
# List of HTTP resources to serve on this listener.
|
# Unsecure HTTP listener: for when matrix traffic passes through a reverse proxy
|
||||||
resources:
|
# that unwraps TLS.
|
||||||
- names: [client]
|
#
|
||||||
compress: true
|
# If you plan to use a reverse proxy, please see
|
||||||
- names: [federation]
|
# https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.rst.
|
||||||
compress: false
|
#
|
||||||
|
|
||||||
# example addional_resources:
|
|
||||||
#
|
|
||||||
# additional_resources:
|
|
||||||
# "/_matrix/my/custom/endpoint":
|
|
||||||
# module: my_module.CustomRequestHandler
|
|
||||||
# config: {}
|
|
||||||
|
|
||||||
# Unsecure HTTP listener
|
|
||||||
# For when matrix traffic passes through a reverse-proxy that unwraps TLS.
|
|
||||||
- port: %(unsecure_port)s
|
- port: %(unsecure_port)s
|
||||||
tls: false
|
tls: false
|
||||||
bind_addresses: ['::1', '127.0.0.1']
|
bind_addresses: ['::1', '127.0.0.1']
|
||||||
@ -416,18 +412,22 @@ class ServerConfig(Config):
|
|||||||
x_forwarded: true
|
x_forwarded: true
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
- names: [client]
|
- names: [client, federation]
|
||||||
compress: true
|
|
||||||
- names: [federation]
|
|
||||||
compress: false
|
compress: false
|
||||||
|
|
||||||
|
# example additonal_resources:
|
||||||
|
#
|
||||||
|
# additional_resources:
|
||||||
|
# "/_matrix/my/custom/endpoint":
|
||||||
|
# module: my_module.CustomRequestHandler
|
||||||
|
# config: {}
|
||||||
|
|
||||||
# Turn on the twisted ssh manhole service on localhost on the given
|
# Turn on the twisted ssh manhole service on localhost on the given
|
||||||
# port.
|
# port.
|
||||||
# - port: 9000
|
# - port: 9000
|
||||||
# bind_addresses: ['::1', '127.0.0.1']
|
# bind_addresses: ['::1', '127.0.0.1']
|
||||||
# type: manhole
|
# type: manhole
|
||||||
|
|
||||||
|
|
||||||
# Homeserver blocking
|
# Homeserver blocking
|
||||||
#
|
#
|
||||||
# How to reach the server admin, used in ResourceLimitError
|
# How to reach the server admin, used in ResourceLimitError
|
||||||
|
@ -176,10 +176,10 @@ class TlsConfig(Config):
|
|||||||
# See 'ACME support' below to enable auto-provisioning this certificate via
|
# See 'ACME support' below to enable auto-provisioning this certificate via
|
||||||
# Let's Encrypt.
|
# Let's Encrypt.
|
||||||
#
|
#
|
||||||
tls_certificate_path: "%(tls_certificate_path)s"
|
# tls_certificate_path: "%(tls_certificate_path)s"
|
||||||
|
|
||||||
# PEM-encoded private key for TLS
|
# PEM-encoded private key for TLS
|
||||||
tls_private_key_path: "%(tls_private_key_path)s"
|
# tls_private_key_path: "%(tls_private_key_path)s"
|
||||||
|
|
||||||
# ACME support: This will configure Synapse to request a valid TLS certificate
|
# ACME support: This will configure Synapse to request a valid TLS certificate
|
||||||
# for your configured `server_name` via Let's Encrypt.
|
# for your configured `server_name` via Let's Encrypt.
|
||||||
@ -204,7 +204,7 @@ class TlsConfig(Config):
|
|||||||
#
|
#
|
||||||
acme:
|
acme:
|
||||||
# ACME support is disabled by default. Uncomment the following line
|
# ACME support is disabled by default. Uncomment the following line
|
||||||
# to enable it.
|
# (and tls_certificate_path and tls_private_key_path above) to enable it.
|
||||||
#
|
#
|
||||||
# enabled: true
|
# enabled: true
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user