mirror of
https://mau.dev/maunium/synapse.git
synced 2024-11-20 12:24:59 +01:00
Merge pull request #5478 from matrix-org/joriks/demo_python3
Joriks/demo python3
This commit is contained in:
commit
160c52d0d4
3 changed files with 71 additions and 4 deletions
1
changelog.d/5478.misc
Normal file
1
changelog.d/5478.misc
Normal file
|
@ -0,0 +1 @@
|
||||||
|
The demo servers talk to each other again.
|
|
@ -1,9 +1,13 @@
|
||||||
|
DO NOT USE THESE DEMO SERVERS IN PRODUCTION
|
||||||
|
|
||||||
Requires you to have done:
|
Requires you to have done:
|
||||||
python setup.py develop
|
python setup.py develop
|
||||||
|
|
||||||
|
|
||||||
The demo start.sh will start three synapse servers on ports 8080, 8081 and 8082, with host names localhost:$port. This can be easily changed to `hostname`:$port in start.sh if required.
|
The demo start.sh will start three synapse servers on ports 8080, 8081 and 8082, with host names localhost:$port. This can be easily changed to `hostname`:$port in start.sh if required.
|
||||||
It will also start a web server on port 8000 pointed at the webclient.
|
|
||||||
|
To enable the servers to communicate untrusted ssl certs are used. In order to do this the servers do not check the certs
|
||||||
|
and are configured in a highly insecure way. Do not use these configuration files in production.
|
||||||
|
|
||||||
stop.sh will stop the synapse servers and the webclient.
|
stop.sh will stop the synapse servers and the webclient.
|
||||||
|
|
||||||
|
|
|
@ -27,9 +27,71 @@ for port in 8080 8081 8082; do
|
||||||
--config-path "$DIR/etc/$port.config" \
|
--config-path "$DIR/etc/$port.config" \
|
||||||
--report-stats no
|
--report-stats no
|
||||||
|
|
||||||
|
if ! grep -F "Customisation made by demo/start.sh" -q $DIR/etc/$port.config; then
|
||||||
printf '\n\n# Customisation made by demo/start.sh\n' >> $DIR/etc/$port.config
|
printf '\n\n# Customisation made by demo/start.sh\n' >> $DIR/etc/$port.config
|
||||||
|
|
||||||
echo 'enable_registration: true' >> $DIR/etc/$port.config
|
echo 'enable_registration: true' >> $DIR/etc/$port.config
|
||||||
|
|
||||||
|
# Warning, this heredoc depends on the interaction of tabs and spaces. Please don't
|
||||||
|
# accidentaly bork me with your fancy settings.
|
||||||
|
listeners=$(cat <<-PORTLISTENERS
|
||||||
|
# Configure server to listen on both $https_port and $port
|
||||||
|
# This overides some of the default settings above
|
||||||
|
listeners:
|
||||||
|
- port: $https_port
|
||||||
|
type: http
|
||||||
|
tls: true
|
||||||
|
resources:
|
||||||
|
- names: [client, federation]
|
||||||
|
|
||||||
|
- port: $port
|
||||||
|
tls: false
|
||||||
|
bind_addresses: ['::1', '127.0.0.1']
|
||||||
|
type: http
|
||||||
|
x_forwarded: true
|
||||||
|
resources:
|
||||||
|
- names: [client, federation]
|
||||||
|
compress: false
|
||||||
|
PORTLISTENERS
|
||||||
|
)
|
||||||
|
echo "${listeners}" >> $DIR/etc/$port.config
|
||||||
|
|
||||||
|
# Disable tls for the servers
|
||||||
|
printf '\n\n# Disable tls on the servers.' >> $DIR/etc/$port.config
|
||||||
|
echo '# DO NOT USE IN PRODUCTION' >> $DIR/etc/$port.config
|
||||||
|
echo 'use_insecure_ssl_client_just_for_testing_do_not_use: true' >> $DIR/etc/$port.config
|
||||||
|
echo 'federation_verify_certificates: false' >> $DIR/etc/$port.config
|
||||||
|
|
||||||
|
# Set tls paths
|
||||||
|
echo "tls_certificate_path: \"$DIR/etc/localhost:$https_port.tls.crt\"" >> $DIR/etc/$port.config
|
||||||
|
echo "tls_private_key_path: \"$DIR/etc/localhost:$https_port.tls.key\"" >> $DIR/etc/$port.config
|
||||||
|
|
||||||
|
# Generate tls keys
|
||||||
|
openssl req -x509 -newkey rsa:4096 -keyout $DIR/etc/localhost\:$https_port.tls.key -out $DIR/etc/localhost\:$https_port.tls.crt -days 365 -nodes -subj "/O=matrix"
|
||||||
|
|
||||||
|
# Ignore keys from the trusted keys server
|
||||||
|
echo '# Ignore keys from the trusted keys server' >> $DIR/etc/$port.config
|
||||||
|
echo 'trusted_key_servers:' >> $DIR/etc/$port.config
|
||||||
|
echo ' - server_name: "matrix.org"' >> $DIR/etc/$port.config
|
||||||
|
echo ' accept_keys_insecurely: true' >> $DIR/etc/$port.config
|
||||||
|
|
||||||
|
# Reduce the blacklist
|
||||||
|
blacklist=$(cat <<-BLACK
|
||||||
|
# Set the blacklist so that it doesn't include 127.0.0.1
|
||||||
|
federation_ip_range_blacklist:
|
||||||
|
- '10.0.0.0/8'
|
||||||
|
- '172.16.0.0/12'
|
||||||
|
- '192.168.0.0/16'
|
||||||
|
- '100.64.0.0/10'
|
||||||
|
- '169.254.0.0/16'
|
||||||
|
- '::1/128'
|
||||||
|
- 'fe80::/64'
|
||||||
|
- 'fc00::/7'
|
||||||
|
BLACK
|
||||||
|
)
|
||||||
|
echo "${blacklist}" >> $DIR/etc/$port.config
|
||||||
|
fi
|
||||||
|
|
||||||
# Check script parameters
|
# Check script parameters
|
||||||
if [ $# -eq 1 ]; then
|
if [ $# -eq 1 ]; then
|
||||||
if [ $1 = "--no-rate-limit" ]; then
|
if [ $1 = "--no-rate-limit" ]; then
|
||||||
|
|
Loading…
Reference in a new issue