Disable TLS by default (#4614)

This commit is contained in:
Richard van der Hoff 2019-02-12 10:52:08 +00:00 committed by GitHub
parent 32b781bfe2
commit a4ce91396b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 29 additions and 28 deletions

1
changelog.d/4614.feature Normal file
View File

@ -0,0 +1 @@
The default configuration no longer requires TLS certificates.

View File

@ -387,28 +387,24 @@ class ServerConfig(Config):
# webclient: A web client. Requires web_client_location to be set.
#
listeners:
# Main HTTPS listener.
# For when matrix traffic is sent directly to synapse.
- port: %(bind_port)s
type: http
tls: true
# TLS-enabled listener: for when matrix traffic is sent directly to synapse.
#
# Disabled by default. To enable it, uncomment the following. (Note that you
# will also need to give Synapse a TLS key and certificate: see the TLS section
# below.)
#
# - port: %(bind_port)s
# type: http
# tls: true
# resources:
# - names: [client, federation]
# List of HTTP resources to serve on this listener.
resources:
- names: [client]
compress: true
- names: [federation]
compress: false
# example addional_resources:
#
# additional_resources:
# "/_matrix/my/custom/endpoint":
# module: my_module.CustomRequestHandler
# config: {}
# Unsecure HTTP listener
# For when matrix traffic passes through a reverse-proxy that unwraps TLS.
# Unsecure HTTP listener: for when matrix traffic passes through a reverse proxy
# that unwraps TLS.
#
# If you plan to use a reverse proxy, please see
# https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.rst.
#
- port: %(unsecure_port)s
tls: false
bind_addresses: ['::1', '127.0.0.1']
@ -416,18 +412,22 @@ class ServerConfig(Config):
x_forwarded: true
resources:
- names: [client]
compress: true
- names: [federation]
- names: [client, federation]
compress: false
# example additonal_resources:
#
# additional_resources:
# "/_matrix/my/custom/endpoint":
# module: my_module.CustomRequestHandler
# config: {}
# Turn on the twisted ssh manhole service on localhost on the given
# port.
# - port: 9000
# bind_addresses: ['::1', '127.0.0.1']
# type: manhole
# Homeserver blocking
#
# How to reach the server admin, used in ResourceLimitError

View File

@ -176,10 +176,10 @@ class TlsConfig(Config):
# See 'ACME support' below to enable auto-provisioning this certificate via
# Let's Encrypt.
#
tls_certificate_path: "%(tls_certificate_path)s"
# tls_certificate_path: "%(tls_certificate_path)s"
# PEM-encoded private key for TLS
tls_private_key_path: "%(tls_private_key_path)s"
# tls_private_key_path: "%(tls_private_key_path)s"
# ACME support: This will configure Synapse to request a valid TLS certificate
# for your configured `server_name` via Let's Encrypt.
@ -204,7 +204,7 @@ class TlsConfig(Config):
#
acme:
# ACME support is disabled by default. Uncomment the following line
# to enable it.
# (and tls_certificate_path and tls_private_key_path above) to enable it.
#
# enabled: true