mirror of
https://mau.dev/maunium/synapse.git
synced 2024-11-16 15:01:23 +01:00
Merge branch 'develop' of github.com:matrix-org/synapse into release-v0.23.0
This commit is contained in:
commit
1a398b19fd
3 changed files with 39 additions and 19 deletions
33
README.rst
33
README.rst
|
@ -200,11 +200,11 @@ different. See `the spec`__ for more information on key management.)
|
||||||
.. __: `key_management`_
|
.. __: `key_management`_
|
||||||
|
|
||||||
The default configuration exposes two HTTP ports: 8008 and 8448. Port 8008 is
|
The default configuration exposes two HTTP ports: 8008 and 8448. Port 8008 is
|
||||||
configured without TLS; it is not recommended this be exposed outside your
|
configured without TLS; it should be behind a reverse proxy for TLS/SSL
|
||||||
local network. Port 8448 is configured to use TLS with a self-signed
|
termination on port 443 which in turn should be used for clients. Port 8448
|
||||||
certificate. This is fine for testing with but, to avoid your clients
|
is configured to use TLS with a self-signed certificate. If you would like
|
||||||
complaining about the certificate, you will almost certainly want to use
|
to do initial test with a client without having to setup a reverse proxy,
|
||||||
another certificate for production purposes. (Note that a self-signed
|
you can temporarly use another certificate. (Note that a self-signed
|
||||||
certificate is fine for `Federation`_). You can do so by changing
|
certificate is fine for `Federation`_). You can do so by changing
|
||||||
``tls_certificate_path``, ``tls_private_key_path`` and ``tls_dh_params_path``
|
``tls_certificate_path``, ``tls_private_key_path`` and ``tls_dh_params_path``
|
||||||
in ``homeserver.yaml``; alternatively, you can use a reverse-proxy, but be sure
|
in ``homeserver.yaml``; alternatively, you can use a reverse-proxy, but be sure
|
||||||
|
@ -283,10 +283,16 @@ Connecting to Synapse from a client
|
||||||
The easiest way to try out your new Synapse installation is by connecting to it
|
The easiest way to try out your new Synapse installation is by connecting to it
|
||||||
from a web client. The easiest option is probably the one at
|
from a web client. The easiest option is probably the one at
|
||||||
http://riot.im/app. You will need to specify a "Custom server" when you log on
|
http://riot.im/app. You will need to specify a "Custom server" when you log on
|
||||||
or register: set this to ``https://localhost:8448`` - remember to specify the
|
or register: set this to ``https://domain.tld`` if you setup a reverse proxy
|
||||||
port (``:8448``) unless you changed the configuration. (Leave the identity
|
following the recommended setup, or ``https://localhost:8448`` - remember to specify the
|
||||||
|
port (``:8448``) if not ``:443`` unless you changed the configuration. (Leave the identity
|
||||||
server as the default - see `Identity servers`_.)
|
server as the default - see `Identity servers`_.)
|
||||||
|
|
||||||
|
If using port 8448 you will run into errors until you accept the self-signed
|
||||||
|
certificate. You can easily do this by going to ``https://localhost:8448``
|
||||||
|
directly with your browser and accept the presented certificate. You can then
|
||||||
|
go back in your web client and proceed further.
|
||||||
|
|
||||||
If all goes well you should at least be able to log in, create a room, and
|
If all goes well you should at least be able to log in, create a room, and
|
||||||
start sending messages.
|
start sending messages.
|
||||||
|
|
||||||
|
@ -593,8 +599,9 @@ you to run your server on a machine that might not have the same name as your
|
||||||
domain name. For example, you might want to run your server at
|
domain name. For example, you might want to run your server at
|
||||||
``synapse.example.com``, but have your Matrix user-ids look like
|
``synapse.example.com``, but have your Matrix user-ids look like
|
||||||
``@user:example.com``. (A SRV record also allows you to change the port from
|
``@user:example.com``. (A SRV record also allows you to change the port from
|
||||||
the default 8448. However, if you are thinking of using a reverse-proxy, be
|
the default 8448. However, if you are thinking of using a reverse-proxy on the
|
||||||
sure to read `Reverse-proxying the federation port`_ first.)
|
federation port, which is not recommended, be sure to read
|
||||||
|
`Reverse-proxying the federation port`_ first.)
|
||||||
|
|
||||||
To use a SRV record, first create your SRV record and publish it in DNS. This
|
To use a SRV record, first create your SRV record and publish it in DNS. This
|
||||||
should have the format ``_matrix._tcp.<yourdomain.com> <ttl> IN SRV 10 0 <port>
|
should have the format ``_matrix._tcp.<yourdomain.com> <ttl> IN SRV 10 0 <port>
|
||||||
|
@ -674,7 +681,7 @@ For information on how to install and use PostgreSQL, please see
|
||||||
Using a reverse proxy with Synapse
|
Using a reverse proxy with Synapse
|
||||||
==================================
|
==================================
|
||||||
|
|
||||||
It is possible to put a reverse proxy such as
|
It is recommended to put a reverse proxy such as
|
||||||
`nginx <https://nginx.org/en/docs/http/ngx_http_proxy_module.html>`_,
|
`nginx <https://nginx.org/en/docs/http/ngx_http_proxy_module.html>`_,
|
||||||
`Apache <https://httpd.apache.org/docs/current/mod/mod_proxy_http.html>`_ or
|
`Apache <https://httpd.apache.org/docs/current/mod/mod_proxy_http.html>`_ or
|
||||||
`HAProxy <http://www.haproxy.org/>`_ in front of Synapse. One advantage of
|
`HAProxy <http://www.haproxy.org/>`_ in front of Synapse. One advantage of
|
||||||
|
@ -692,9 +699,9 @@ federation port has a number of pitfalls. It is possible, but be sure to read
|
||||||
`Reverse-proxying the federation port`_.
|
`Reverse-proxying the federation port`_.
|
||||||
|
|
||||||
The recommended setup is therefore to configure your reverse-proxy on port 443
|
The recommended setup is therefore to configure your reverse-proxy on port 443
|
||||||
for client connections, but to also expose port 8448 for server-server
|
to port 8008 of synapse for client connections, but to also directly expose port
|
||||||
connections. All the Matrix endpoints begin ``/_matrix``, so an example nginx
|
8448 for server-server connections. All the Matrix endpoints begin ``/_matrix``,
|
||||||
configuration might look like::
|
so an example nginx configuration might look like::
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443 ssl;
|
listen 443 ssl;
|
||||||
|
|
|
@ -298,7 +298,7 @@ class Keyring(object):
|
||||||
break
|
break
|
||||||
|
|
||||||
with PreserveLoggingContext():
|
with PreserveLoggingContext():
|
||||||
for verify_request in requests_missing_keys.values():
|
for verify_request in requests_missing_keys:
|
||||||
verify_request.deferred.errback(SynapseError(
|
verify_request.deferred.errback(SynapseError(
|
||||||
401,
|
401,
|
||||||
"No key for %s with id %s" % (
|
"No key for %s with id %s" % (
|
||||||
|
|
|
@ -293,11 +293,6 @@ class SyncHandler(object):
|
||||||
timeline_limit = sync_config.filter_collection.timeline_limit()
|
timeline_limit = sync_config.filter_collection.timeline_limit()
|
||||||
block_all_timeline = sync_config.filter_collection.blocks_all_room_timeline()
|
block_all_timeline = sync_config.filter_collection.blocks_all_room_timeline()
|
||||||
|
|
||||||
# Pull out the current state, as we always want to include those events
|
|
||||||
# in the timeline if they're there.
|
|
||||||
current_state_ids = yield self.state.get_current_state_ids(room_id)
|
|
||||||
current_state_ids = frozenset(current_state_ids.itervalues())
|
|
||||||
|
|
||||||
if recents is None or newly_joined_room or timeline_limit < len(recents):
|
if recents is None or newly_joined_room or timeline_limit < len(recents):
|
||||||
limited = True
|
limited = True
|
||||||
else:
|
else:
|
||||||
|
@ -305,6 +300,15 @@ class SyncHandler(object):
|
||||||
|
|
||||||
if recents:
|
if recents:
|
||||||
recents = sync_config.filter_collection.filter_room_timeline(recents)
|
recents = sync_config.filter_collection.filter_room_timeline(recents)
|
||||||
|
|
||||||
|
# We check if there are any state events, if there are then we pass
|
||||||
|
# all current state events to the filter_events function. This is to
|
||||||
|
# ensure that we always include current state in the timeline
|
||||||
|
current_state_ids = frozenset()
|
||||||
|
if any(e.is_state() for e in recents):
|
||||||
|
current_state_ids = yield self.state.get_current_state_ids(room_id)
|
||||||
|
current_state_ids = frozenset(current_state_ids.itervalues())
|
||||||
|
|
||||||
recents = yield filter_events_for_client(
|
recents = yield filter_events_for_client(
|
||||||
self.store,
|
self.store,
|
||||||
sync_config.user.to_string(),
|
sync_config.user.to_string(),
|
||||||
|
@ -341,6 +345,15 @@ class SyncHandler(object):
|
||||||
loaded_recents = sync_config.filter_collection.filter_room_timeline(
|
loaded_recents = sync_config.filter_collection.filter_room_timeline(
|
||||||
events
|
events
|
||||||
)
|
)
|
||||||
|
|
||||||
|
# We check if there are any state events, if there are then we pass
|
||||||
|
# all current state events to the filter_events function. This is to
|
||||||
|
# ensure that we always include current state in the timeline
|
||||||
|
current_state_ids = frozenset()
|
||||||
|
if any(e.is_state() for e in loaded_recents):
|
||||||
|
current_state_ids = yield self.state.get_current_state_ids(room_id)
|
||||||
|
current_state_ids = frozenset(current_state_ids.itervalues())
|
||||||
|
|
||||||
loaded_recents = yield filter_events_for_client(
|
loaded_recents = yield filter_events_for_client(
|
||||||
self.store,
|
self.store,
|
||||||
sync_config.user.to_string(),
|
sync_config.user.to_string(),
|
||||||
|
|
Loading…
Reference in a new issue