Brendan Abolivier
cd32375846
Add option to disable per-room profiles
2019-05-16 14:34:28 +01:00
Erik Johnston
a0603523d2
Add aggregations API
2019-05-16 09:37:20 +01:00
Andrew Morgan
5a4b328f52
Add ability to blacklist ip ranges for federation traffic ( #5043 )
2019-05-13 19:05:06 +01:00
Matthew Hodgson
c0e0740bef
add options to require an access_token to GET /profile and /publicRooms on CS API ( #5083 )
...
This commit adds two config options:
* `restrict_public_rooms_to_local_users`
Requires auth to fetch the public rooms directory through the CS API and disables fetching it through the federation API.
* `require_auth_for_profile_requests`
When set to `true`, requires that requests to `/profile` over the CS API are authenticated, and only returns the user's profile if the requester shares a room with the profile's owner, as per MSC1301.
MSC1301 also specifies a behaviour for federation (only returning the profile if the server asking for it shares a room with the profile's owner), but that's currently really non-trivial to do in a not too expensive way. Next step is writing down a MSC that allows a HS to specify which user sent the profile query. In this implementation, Synapse won't send a profile query over federation if it doesn't believe it already shares a room with the profile's owner, though.
Groups have been intentionally omitted from this commit.
2019-05-08 18:26:56 +01:00
Brendan Abolivier
c193b39134
Merge pull request #5124 from matrix-org/babolivier/aliases
...
Add some limitations to alias creation
2019-05-02 11:22:40 +01:00
Brendan Abolivier
84196cb231
Add some limitations to alias creation
2019-05-02 11:05:11 +01:00
Richard van der Hoff
8e9ca83537
Move admin API to a new prefix
2019-05-01 15:44:30 +01:00
Andrew Morgan
6824ddd93d
Config option for verifying federation certificates (MSC 1711) ( #4967 )
2019-04-25 14:22:49 +01:00
Neil Johnson
b25e387c0d
add context to phonehome stats ( #5020 )
...
add context to phonehome stats
2019-04-08 15:47:39 +01:00
Richard van der Hoff
cdb8036161
Add a config option for torture-testing worker replication. ( #4902 )
...
Setting this to 50 or so makes a bunch of sytests fail in worker mode.
2019-03-20 16:04:35 +00:00
Richard van der Hoff
fd463b4f5d
Comment out most options in the generated config. ( #4863 )
...
Make it so that most options in the config are optional, and commented out in
the generated config.
The reasons this is a good thing are as follows:
* If we decide that we should change the default for an option, we can do so,
and only those admins that have deliberately chosen to override that option
will be stuck on the old setting.
* It moves us towards a point where we can get rid of the super-surprising
feature of synapse where the default settings for the config come from the
generated yaml.
* It makes setting up a test config for unit testing an order of magnitude
easier (see forthcoming PR).
* It makes the generated config more consistent, and hopefully easier for users
to understand.
2019-03-19 10:06:40 +00:00
Richard van der Hoff
8e28bc5eee
Include a default configuration file in the 'docs' directory. ( #4791 )
2019-03-04 17:14:58 +00:00
Richard van der Hoff
5f9bdf90fe
Attempt to make default config more consistent
...
The general idea here is that config examples should just have a hash and no
extraneous whitespace, both to make it easier for people who don't understand
yaml, and to make the examples stand out from the comments.
2019-02-19 13:54:29 +00:00
Richard van der Hoff
e3a0300431
Special-case the default bind_addresses for metrics listener
...
turns out it doesn't really support ipv6, so let's hack around that by only
listening on ipv4 by default.
2019-02-13 11:48:56 +00:00
Richard van der Hoff
a4ce91396b
Disable TLS by default ( #4614 )
2019-02-12 10:52:08 +00:00
Richard van der Hoff
4fddf8fc77
Infer no_tls from presence of TLS listeners
...
Rather than have to specify `no_tls` explicitly, infer whether we need to load
the TLS keys etc from whether we have any TLS-enabled listeners.
2019-02-11 21:39:14 +00:00
Richard van der Hoff
2129dd1a02
Fail cleanly if listener config lacks a 'port'
...
... otherwise we would fail with a mysterious KeyError or something later.
2019-02-11 21:15:01 +00:00
Richard van der Hoff
24b7f3916d
Clean up default listener configuration ( #4586 )
...
Rearrange the comments to try to clarify them, and expand on what some of it
means.
Use a sensible default 'bind_addresses' setting.
For the insecure port, only bind to localhost, and enable x_forwarded, since
apparently it's for use behind a load-balancer.
2019-02-11 12:50:30 +00:00
Erik Johnston
b201149c7e
Merge pull request #4420 from matrix-org/jaywink/openid-listener
...
New listener resource for the federation API "openid/userinfo" endpoint
2019-02-11 09:44:00 +00:00
Travis Ralston
6901ac7e9d
Don't recommend :8448 to people on public_baseurl
2019-01-28 12:15:22 -07:00
Neil Johnson
10b89d5c2e
Merge pull request #4435 from matrix-org/neilj/fix_threepid_auth_check
...
Neilj/fix threepid auth check
2019-01-24 13:02:50 +00:00
David Baker
92d8a068ad
Clarify docs for public_baseurl
...
This is leading to problems with people upgrading to clients that
support MSC1730 because people have this misconfigured, so try
to make the docs completely unambiguous.
2019-01-24 10:52:06 +00:00
Jason Robinson
6f680241bd
Fix flake8 issues
...
Signed-off-by: Jason Robinson <jasonr@matrix.org>
2019-01-23 10:53:48 +02:00
Jason Robinson
0516dc4d85
Remove openid resource from default config
...
Instead document it commented out.
Signed-off-by: Jason Robinson <jasonr@matrix.org>
2019-01-23 10:32:41 +02:00
Jason Robinson
82e13662c0
Split federation OpenID userinfo endpoint out of the federation resource
...
This allows the OpenID userinfo endpoint to be active even if the
federation resource is not active. The OpenID userinfo endpoint
is called by integration managers to verify user actions using the
client API OpenID access token. Without this verification, the
integration manager cannot know that the access token is valid.
The OpenID userinfo endpoint will be loaded in the case that either
"federation" or "openid" resource is defined. The new "openid"
resource is defaulted to active in default configuration.
Signed-off-by: Jason Robinson <jasonr@matrix.org>
2019-01-23 10:32:41 +02:00
Neil Johnson
c99c2d58d7
move guard out of is_threepid_reserved and into register.py
2019-01-22 17:47:00 +00:00
Neil Johnson
d619b113ed
Fix None guard in config.server.is_threepid_reserved
2019-01-22 16:52:29 +00:00
Richard van der Hoff
b7c0218812
Check jinja version for consent resource ( #4327 )
...
* Raise a ConfigError if an invalid resource is specified
* Require Jinja 2.9 for the consent resource
* changelog
2019-01-07 10:14:31 +00:00
Richard van der Hoff
9c2af7b2c5
Add a script to generate a clean config file ( #4315 )
2018-12-22 02:04:57 +11:00
Richard van der Hoff
f3561f8d86
Fix indentation in default config ( #4313 )
...
These settings are not supposed to be under 'listeners'.
2018-12-22 02:01:43 +11:00
Richard van der Hoff
df96177ca7
Stop installing Matrix Console by default
...
This is based on the work done by @krombel in #2601 .
2018-12-11 13:20:33 +00:00
Travis Ralston
158ffb92f1
Add an option to disable search for homeservers which may not be interested in it ( #4230 )
...
This is useful for homeservers not intended for users, such as bot-only homeservers or ones that only process IoT data.
2018-12-04 12:01:02 +01:00
Travis Ralston
835779f7fb
Add option to track MAU stats (but not limit people) ( #3830 )
2018-11-15 18:08:27 +00:00
Neil Johnson
0b01281e77
move threepid checker to config, add missing yields
2018-08-31 17:11:11 +01:00
Erik Johnston
05077e06fa
Change admin_uri to admin_contact in config and errors
2018-08-24 16:51:27 +01:00
Erik Johnston
cd77270a66
Implement trail users
2018-08-23 19:17:19 +01:00
Amber Brown
c334ca67bb
Integrate presence from hotfixes ( #3694 )
2018-08-18 01:08:45 +10:00
Neil Johnson
0195dfbf52
server limits config docs
2018-08-17 13:58:25 +01:00
Neil Johnson
13ad9930c8
add new error type ResourceLimit
2018-08-16 18:02:02 +01:00
Neil Johnson
55afba0fc5
update admin email to uri
2018-08-15 11:41:18 +01:00
Neil Johnson
ab035bdeac
replace admin_email with admin_uri for greater flexibility
2018-08-15 10:16:41 +01:00
Neil Johnson
f4b49152e2
support admin_email config and pass through into blocking errors, return AuthError in all cases
2018-08-13 21:09:47 +01:00
Neil Johnson
ce7de9ae6b
Revert "support admin_email config and pass through into blocking errors, return AuthError in all cases"
...
This reverts commit 0d43f991a1
.
2018-08-13 18:06:18 +01:00
Neil Johnson
0d43f991a1
support admin_email config and pass through into blocking errors, return AuthError in all cases
2018-08-13 18:00:23 +01:00
Neil Johnson
d2f3ef98ac
Merge branch 'develop' into neilj/disable_hs
2018-08-08 15:55:47 +00:00
Neil Johnson
e8eba2b4e3
implement reserved users for mau limits
2018-08-07 17:49:43 +01:00
Neil Johnson
7daa8a78c5
load mau limit threepids
2018-08-06 22:55:05 +01:00
Neil Johnson
42c6823827
disable HS from config
2018-08-04 22:07:04 +01:00
Neil Johnson
5593ff6773
fix (lots of) py3 test failures
2018-08-03 14:59:17 +01:00
Richard van der Hoff
704c3e6239
Merge branch 'master' into develop
2018-08-02 15:43:30 +01:00
Neil Johnson
2c54f1c225
remove need to plot limit_usage_by_mau
2018-08-01 11:46:59 +01:00
Neil Johnson
df2235e7fa
coding style
2018-07-31 13:16:20 +01:00
Neil Johnson
251e6c1210
limit register and sign in on number of monthly users
2018-07-30 15:55:57 +01:00
Richard van der Hoff
5f3658baf5
Merge pull request #3377 from Valodim/note-affinity
...
document that the affinity package is required for the cpu_affinity setting
2018-07-19 14:35:06 +01:00
Amber Brown
49af402019
run isort
2018-07-09 16:09:20 +10:00
Richard van der Hoff
546bc9e28b
More server_name validation
...
We need to do a bit more validation when we get a server name, but don't want
to be re-doing it all over the shop, so factor out a separate
parse_and_validate_server_name, and do the extra validation.
Also, use it to verify the server name in the config file.
2018-07-04 18:59:51 +01:00
Vincent Breitmoser
b800834351
add note that the affinity package is required for the cpu_affinity setting
2018-06-09 22:50:29 +02:00
Amber Brown
febe0ec8fd
Run Prometheus on a different port, optionally. ( #3274 )
2018-05-31 19:04:50 +10:00
Matthew Hodgson
ab9f844aaf
Add federation_domain_whitelist option ( #2820 )
...
Add federation_domain_whitelist
gives a way to restrict which domains your HS is allowed to federate with.
useful mainly for gracefully preventing a private but internet-connected HS from trying to federate to the wider public Matrix network
2018-01-22 19:11:18 +01:00
Silke Hofstra
37d1a90025
Allow binds to both :: and 0.0.0.0
...
Binding on 0.0.0.0 when :: is specified in the bind_addresses is now allowed.
This causes a warning explaining the behaviour.
Configuration changed to match.
See #2232
Signed-off-by: Silke Hofstra <silke@slxh.eu>
2017-12-17 13:10:31 +01:00
Willem Mulder
3e59143ba8
Adapt the default config to bind on IPv6.
...
Most deployments are on Linux (or Mac OS), so this would actually bind
on both IPv4 and IPv6.
Resolves #1886 .
Signed-off-by: Willem Mulder <willemmaster@hotmail.com>
2017-12-17 13:07:37 +01:00
Richard van der Hoff
68ca864141
Add config option to disable media_repo on main synapse
...
... to stop us doing the cache cleanup jobs on the master.
2017-11-22 16:20:27 +00:00
Richard van der Hoff
fcdfc911ee
Add a hook for custom rest endpoints
...
Let the user specify custom modules which can be used for implementing extra
endpoints.
2017-11-02 14:36:55 +00:00
Richard van der Hoff
eaaabc6c4f
replace 'except:' with 'except Exception:'
...
what could possibly go wrong
2017-10-23 15:52:32 +01:00
Richard van der Hoff
aa620d09a0
Add a config option to block all room invites ( #2457 )
...
- allows sysadmins the ability to lock down their servers so that people can't
send their users room invites.
2017-09-19 16:08:14 +01:00
Richard van der Hoff
d2352347cf
Fix process startup
...
escape the % that got added in 92168cb
so that the process starts up ok.
2017-08-16 14:57:35 +01:00
Matthew Hodgson
92168cbbc5
explain why CPU affinity is a good idea
2017-08-15 18:27:42 +01:00
Richard van der Hoff
10d8b701a1
Allow configuration of CPU affinity
...
Make it possible to set the CPU affinity in the config file, so that we don't
need to remember to do it manually every time.
2017-08-15 17:08:28 +01:00
Erik Johnston
6aa5bc8635
Initial worker impl
2017-06-16 11:47:11 +01:00
Pablo Saavedra
9da4316ca5
Configurable maximum number of events requested by /sync and /messages ( #2220 )
...
Set the limit on the returned events in the timeline in the get and sync
operations. The default value is -1, means no upper limit.
For example, using `filter_timeline_limit: 5000`:
POST /_matrix/client/r0/user/user:id/filter
{
room: {
timeline: {
limit: 1000000000000000000
}
}
}
GET /_matrix/client/r0/user/user:id/filter/filter:id
{
room: {
timeline: {
limit: 5000
}
}
}
The server cuts down the room.timeline.limit.
2017-05-13 18:17:54 +02:00
Matthew Wolff
8e780b113d
web_server_root documentation fix
...
Signed-off-by: Matthew Wolff <matthewjwolff@gmail.com>
2017-04-17 00:49:11 -05:00
Erik Johnston
b1dfd20292
Pop bind_address
2017-01-10 17:23:18 +00:00
Erik Johnston
edd6cdfc9a
Restore default bind address
2017-01-10 17:21:41 +00:00
Johannes Löthberg
f5cd5ebd7b
Add IPv6 comment to default config
...
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
2016-12-18 23:14:32 +01:00
Johannes Löthberg
c95e9fff99
Make default homeserver config use bind_addresses
...
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
2016-12-18 21:51:56 +01:00
Erik Johnston
ed787cf09e
Hook up the send queue and create a federation sender worker
2016-11-16 17:34:44 +00:00
Erik Johnston
4131381123
Remove support for aggregate room lists
2016-09-15 09:28:15 +01:00
Matthew Hodgson
63bb8f0df9
remove vector.im from default secondary DS list
2016-06-27 13:13:33 +04:00
Mark Haines
13e334506c
Remove the legacy v0 content upload API.
...
The existing content can still be downloaded. The last upload to the
matrix.org server was in January 2015, so it is probably safe to remove
the upload API.
2016-06-21 11:47:39 +01:00
Erik Johnston
3e41de05cc
Turn use_frozen_events off by default
2016-06-17 15:11:22 +01:00
Mark Haines
885ee861f7
Inline the synchrotron and pusher configs into the main config
2016-06-16 11:06:12 +01:00
Erik Johnston
dded389ac1
Allow setting of gc.set_thresholds
2016-06-07 15:45:56 +01:00
David Baker
6ca4d3ae9a
Add vector.im to default secondary_directory_servers and add comment explaining it's not a permanent solution
2016-05-31 17:24:50 +01:00
David Baker
e1625d62a8
Add federation room list servlet
2016-05-31 11:55:57 +01:00
David Baker
4b0c3a3270
Correct public_baseurl default
2016-04-29 14:30:15 +01:00
David Baker
acded821c4
Merge remote-tracking branch 'origin/develop' into dbkr/email_notifs
2016-04-29 10:05:20 +01:00
David Baker
fa12209c1b
Hopefully all remaining bits for email notifs
...
Add public facing base url to the server so synapse knows what URL to use when converting mxc to http urls for use in emails
2016-04-27 15:09:55 +01:00
Mark Haines
a3ac837599
Optionally split out the pushers into a separate process
2016-04-21 17:22:37 +01:00
Erik Johnston
5727922106
Merge pull request #473 from matrix-org/erikj/ssh_manhole
...
Change manhole to use ssh
2016-01-07 14:36:16 +00:00
Erik Johnston
5dc5e29b9c
s/telnet/ssh/
2016-01-07 14:02:57 +00:00
Matthew Hodgson
6c28ac260c
copyrights
2016-01-07 04:26:29 +00:00
Mads R. Christensen
6863466653
Added a single line to explain what the server_name is used for
2015-12-02 00:37:55 +01:00
Daniel Wagner-Hall
b28c7da0a4
Preserve version string in user agent
2015-10-05 20:49:39 -05:00
Daniel Wagner-Hall
8fc52bc56a
Allow synapse's useragent to be customized
...
This will allow me to write tests which verify which server made HTTP
requests in a federation context.
2015-10-02 17:13:51 -05:00
Daniel Wagner-Hall
7213588083
Implement configurable stats reporting
...
SYN-287
This requires that HS owners either opt in or out of stats reporting.
When --generate-config is passed, --report-stats must be specified
If an already-generated config is used, and doesn't have the
report_stats key, it is requested to be set.
2015-09-22 12:57:40 +01:00
Erik Johnston
86cef6a91b
Allow specifying a directory to host a web client from
2015-08-25 12:01:23 +01:00
Paul "LeoNerd" Evans
efe60d5e8c
Only print the pidfile path on startup if requested by a commandline flag
2015-08-07 16:36:42 +01:00
Erik Johnston
9d0326baa6
Remove redundant newline
2015-06-15 11:27:29 +01:00
Erik Johnston
186f61a3ac
Document listener config. Remove deprecated config options
2015-06-15 11:25:53 +01:00
Erik Johnston
a005b7269a
Add backwards compat support for metrics, manhole and webclient config options
2015-06-12 17:44:23 +01:00
Erik Johnston
9c5fc81c2d
Correctly handle x_forwaded listener option
2015-06-12 17:13:23 +01:00
Erik Johnston
fd2c07bfed
Use config.listeners
2015-06-12 15:33:07 +01:00
Erik Johnston
f7f07dc517
Begin changing the config format
2015-06-11 15:48:52 +01:00
Erik Johnston
522f285f9b
Add config option to disable compression of http responses
2015-06-01 13:36:30 +01:00
Erik Johnston
a7b65bdedf
Add config option to turn off freezing events. Use new encode_json api and ujson.loads
2015-05-29 12:17:33 +01:00
Mark Haines
3bcdf3664c
Use the daemonize key from the config if it exists
2015-05-01 14:34:55 +01:00
Mark Haines
50c87b8eed
Allow "manhole" to be ommited from the config
2015-04-30 18:11:47 +01:00
Mark Haines
345995fcde
Remove the ~, comment the lines instead
2015-04-30 18:10:19 +01:00
Mark Haines
d624e2a638
Manually generate the default config yaml, remove most of the commandline arguments for synapse anticipating that people will use the yaml instead. Simpify implementing config options by not requiring the classes to hit the super class
2015-04-30 04:24:44 +01:00
Mark Haines
c8c710eca7
Move the key related config parser into a separate file
2015-04-24 10:22:22 +01:00
Mark Haines
149ed9f151
Better help for the old-signing-key option
2015-04-24 10:07:55 +01:00
Mark Haines
f30d47c876
Implement remote key lookup api
2015-04-22 14:21:08 +01:00
Mark Haines
d488463fa3
Add a version 2 of the key server api
2015-04-14 16:04:52 +01:00
David Baker
7564dac8cb
Wire up the webclient option
...
It existed but was hardcoded to True.
Give it an underscore for consistency.
Also don't pull in syweb unless we're actually using the web client.
2015-03-17 12:45:37 +01:00
Erik Johnston
3ce8540484
Don't look for an TLS private key if we have set --no-tls
2015-03-06 11:34:06 +00:00
Erik Johnston
7c56210f20
By default set soft limit to hard limit
2015-02-20 16:09:44 +00:00
Erik Johnston
c3eb7dd9c5
Add config option to set the soft fd limit on start
2015-02-19 11:50:49 +00:00
Erik Johnston
379a653ae3
Add better help message for --server-name config option.
2015-01-08 14:32:53 +00:00
Mark Haines
adb04b1e57
Update copyright notices
2015-01-06 13:21:39 +00:00
Mark Haines
7993e3d10d
SYN-187: Set a more sensible default for the content_addr
2014-12-02 17:20:02 +00:00
Erik Johnston
af7ae048f8
Add option to not bind to HTTPS port. This is useful if running behind an ssl load balancer
2014-11-03 15:06:40 +00:00
Mark Haines
7d709542ca
Fix pep8 warnings
2014-10-30 11:10:17 +00:00
Mark Haines
d56e389a95
Fix pyflakes warnings
2014-10-27 10:33:17 +00:00
Mark Haines
9c0826592c
Fix auto generating signing_keys
2014-10-18 16:56:44 +01:00
Mark Haines
c6a8e7d9b9
Read signing keys using methods from syutil. convert keys that are in the wrong format
2014-09-23 18:43:34 +01:00
Paul "LeoNerd" Evans
4081413876
Default PID file should be 'homeserver.pid' to match the other 'homeserver.*' naming convention
2014-09-03 17:34:07 +01:00
Matthew Hodgson
8a7c1d6a00
fix the copyright holder from matrix.org to OpenMarket Ltd, as matrix.org hasn't been incorporated in time for launch.
2014-09-03 17:31:57 +01:00
Erik Johnston
bc21350298
Add option to change content repo location
2014-09-03 11:57:23 +01:00
Mark Haines
cf890e9d43
Remove option for disabling webclient because it was confusing
2014-09-02 11:09:41 +01:00
Erik Johnston
08d2f902dd
Default HTTP and HTTPS ports to 8008 and 8448
2014-09-02 10:58:33 +01:00
Mark Haines
d45f89c95b
More helpful error messages for missing config
2014-09-02 10:49:11 +01:00
Mark Haines
399e004884
Add unsecure listener port to homeserver
2014-09-01 22:38:52 +01:00
Matthew Hodgson
61e28cdb6f
specify metavars in argparse
2014-09-01 22:11:08 +01:00
Mark Haines
ef6a8e4f32
Listen using SSL
2014-09-01 16:30:43 +01:00
Mark Haines
9ea1de432d
Fix homeserver config parsing
2014-09-01 15:51:15 +01:00
Mark Haines
d9ebe531ed
Add config tree to synapse. Add support for reading config from a file
2014-08-31 16:06:39 +01:00