Support using SSL on worker endpoints. (#14128)

* Fix missing SSL support in worker endpoints. * Add changelog * SSL for Replication endpoint * Remove unit test change * Refactor listener creation to reduce duplicated code * Fix the logger message * Update synapse/app/_base.py Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com> * Update synapse/app/_base.py Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com> * Update synapse/app/_base.py Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com> * Add config documentation for new TLS option Co-authored-by: Tuomas Ojamies <tojamies@palantir.com> Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com> Co-authored-by: Olivier Wilkinson (reivilibre) <oliverw@matrix.org>
2025-07-23 06:20:35 -04:00 · 2022-11-15 13:55:00 +01:00 · 2022-11-15 13:55:00 +01:00 · b5ab2c428a
commit b5ab2c428a
parent 634359b083
7 changed files with 100 additions and 53 deletions
--- a/synapse/config/workers.py
+++ b/synapse/config/workers.py
@ -67,6 +67,7 @@ class InstanceLocationConfig:

    host: str
    port: int
+    tls: bool = False


@attr.s
@ -149,6 +150,12 @@ class WorkerConfig(Config):
        # The port on the main synapse for HTTP replication endpoint
        self.worker_replication_http_port = config.get("worker_replication_http_port")

+        # The tls mode on the main synapse for HTTP replication endpoint.
+        # For backward compatibility this defaults to False.
+        self.worker_replication_http_tls = config.get(
+            "worker_replication_http_tls", False
+        )
+
        # The shared secret used for authentication when connecting to the main synapse.
        self.worker_replication_secret = config.get("worker_replication_secret", None)