Support using SSL on worker endpoints. (#14128)

* Fix missing SSL support in worker endpoints. * Add changelog * SSL for Replication endpoint * Remove unit test change * Refactor listener creation to reduce duplicated code * Fix the logger message * Update synapse/app/_base.py Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com> * Update synapse/app/_base.py Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com> * Update synapse/app/_base.py Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com> * Add config documentation for new TLS option Co-authored-by: Tuomas Ojamies <tojamies@palantir.com> Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com> Co-authored-by: Olivier Wilkinson (reivilibre) <oliverw@matrix.org>
2025-08-06 09:34:13 -04:00 · 2022-11-15 13:55:00 +01:00 · 2022-11-15 13:55:00 +01:00 · b5ab2c428a
commit b5ab2c428a
parent 634359b083
7 changed files with 100 additions and 53 deletions
--- a/synapse/replication/http/_base.py
+++ b/synapse/replication/http/_base.py
@ -184,8 +184,10 @@ class ReplicationEndpoint(metaclass=abc.ABCMeta):
        client = hs.get_simple_http_client()
        local_instance_name = hs.get_instance_name()

+        # The value of these option should match the replication listener settings
        master_host = hs.config.worker.worker_replication_host
        master_port = hs.config.worker.worker_replication_http_port
+        master_tls = hs.config.worker.worker_replication_http_tls

        instance_map = hs.config.worker.instance_map

@ -205,9 +207,11 @@ class ReplicationEndpoint(metaclass=abc.ABCMeta):
                if instance_name == "master":
                    host = master_host
                    port = master_port
+                    tls = master_tls
                elif instance_name in instance_map:
                    host = instance_map[instance_name].host
                    port = instance_map[instance_name].port
+                    tls = instance_map[instance_name].tls
                else:
                    raise Exception(
                        "Instance %r not in 'instance_map' config" % (instance_name,)
@ -238,7 +242,11 @@ class ReplicationEndpoint(metaclass=abc.ABCMeta):
                        "Unknown METHOD on %s replication endpoint" % (cls.NAME,)
                    )

-                uri = "http://%s:%s/_synapse/replication/%s/%s" % (
+                # Here the protocol is hard coded to be http by default or https in case the replication
+                # port is set to have tls true.
+                scheme = "https" if tls else "http"
+                uri = "%s://%s:%s/_synapse/replication/%s/%s" % (
+                    scheme,
                    host,
                    port,
                    cls.NAME,