Disable TLS by default (#4614)

This commit is contained in:
Richard van der Hoff 2019-02-12 10:52:08 +00:00 committed by GitHub
parent 32b781bfe2
commit a4ce91396b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 29 additions and 28 deletions

1
changelog.d/4614.feature Normal file
View File

@ -0,0 +1 @@
The default configuration no longer requires TLS certificates.

View File

@ -387,28 +387,24 @@ class ServerConfig(Config):
# webclient: A web client. Requires web_client_location to be set. # webclient: A web client. Requires web_client_location to be set.
# #
listeners: listeners:
# Main HTTPS listener. # TLS-enabled listener: for when matrix traffic is sent directly to synapse.
# For when matrix traffic is sent directly to synapse. #
- port: %(bind_port)s # Disabled by default. To enable it, uncomment the following. (Note that you
type: http # will also need to give Synapse a TLS key and certificate: see the TLS section
tls: true # below.)
#
# - port: %(bind_port)s
# type: http
# tls: true
# resources:
# - names: [client, federation]
# List of HTTP resources to serve on this listener. # Unsecure HTTP listener: for when matrix traffic passes through a reverse proxy
resources: # that unwraps TLS.
- names: [client] #
compress: true # If you plan to use a reverse proxy, please see
- names: [federation] # https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.rst.
compress: false #
# example addional_resources:
#
# additional_resources:
# "/_matrix/my/custom/endpoint":
# module: my_module.CustomRequestHandler
# config: {}
# Unsecure HTTP listener
# For when matrix traffic passes through a reverse-proxy that unwraps TLS.
- port: %(unsecure_port)s - port: %(unsecure_port)s
tls: false tls: false
bind_addresses: ['::1', '127.0.0.1'] bind_addresses: ['::1', '127.0.0.1']
@ -416,18 +412,22 @@ class ServerConfig(Config):
x_forwarded: true x_forwarded: true
resources: resources:
- names: [client] - names: [client, federation]
compress: true
- names: [federation]
compress: false compress: false
# example additonal_resources:
#
# additional_resources:
# "/_matrix/my/custom/endpoint":
# module: my_module.CustomRequestHandler
# config: {}
# Turn on the twisted ssh manhole service on localhost on the given # Turn on the twisted ssh manhole service on localhost on the given
# port. # port.
# - port: 9000 # - port: 9000
# bind_addresses: ['::1', '127.0.0.1'] # bind_addresses: ['::1', '127.0.0.1']
# type: manhole # type: manhole
# Homeserver blocking # Homeserver blocking
# #
# How to reach the server admin, used in ResourceLimitError # How to reach the server admin, used in ResourceLimitError

View File

@ -176,10 +176,10 @@ class TlsConfig(Config):
# See 'ACME support' below to enable auto-provisioning this certificate via # See 'ACME support' below to enable auto-provisioning this certificate via
# Let's Encrypt. # Let's Encrypt.
# #
tls_certificate_path: "%(tls_certificate_path)s" # tls_certificate_path: "%(tls_certificate_path)s"
# PEM-encoded private key for TLS # PEM-encoded private key for TLS
tls_private_key_path: "%(tls_private_key_path)s" # tls_private_key_path: "%(tls_private_key_path)s"
# ACME support: This will configure Synapse to request a valid TLS certificate # ACME support: This will configure Synapse to request a valid TLS certificate
# for your configured `server_name` via Let's Encrypt. # for your configured `server_name` via Let's Encrypt.
@ -204,7 +204,7 @@ class TlsConfig(Config):
# #
acme: acme:
# ACME support is disabled by default. Uncomment the following line # ACME support is disabled by default. Uncomment the following line
# to enable it. # (and tls_certificate_path and tls_private_key_path above) to enable it.
# #
# enabled: true # enabled: true