MirrorHub/synapse
0
0
Fork 1
mirror of https://mau.dev/maunium/synapse.git synced 2024-05-20 12:33:46 +02:00
Code Issues Projects Releases Wiki Activity

Update INSTALL.md to recommend reverse proxying and warn about ACMEv1 deprecation

Browse source
This commit is contained in:
Brendan Abolivier 2020-02-13 17:22:44 +00:00
parent df1c98c22a
commit 71cc6bab5f
No known key found for this signature in database
GPG key ID: 1E015C145F1916CD
1 changed files with 15 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
INSTALL.md
View file

@ -388,15 +388,17 @@ Once you have installed synapse as above, you will need to configure it.
## TLS certificates ## TLS certificates
The default configuration exposes a single HTTP port: http://localhost:8008. It The default configuration exposes a single HTTP port on the local
is suitable for local testing, but for any practical use, you will either need interface: `http://localhost:8008`. It is suitable for local testing,
to enable a reverse proxy, or configure Synapse to expose an HTTPS port. but for any practical use, you will need Synapse's APIs to be served
over HTTPS.
For information on using a reverse proxy, see The recommended way to do so is to set up a reverse proxy on port
`8448`. You can find documentation on doing so in
[docs/reverse_proxy.md](docs/reverse_proxy.md). [docs/reverse_proxy.md](docs/reverse_proxy.md).
To configure Synapse to expose an HTTPS port, you will need to edit Alternatively, you can configure Synapse to expose an HTTPS port. To do
`homeserver.yaml`, as follows: so, you will need to edit `homeserver.yaml`, as follows:
* First, under the `listeners` section, uncomment the configuration for the * First, under the `listeners` section, uncomment the configuration for the
TLS-enabled listener. (Remove the hash sign (`#`) at the start of TLS-enabled listener. (Remove the hash sign (`#`) at the start of
@ -414,11 +416,13 @@ To configure Synapse to expose an HTTPS port, you will need to edit
point these settings at an existing certificate and key, or you can point these settings at an existing certificate and key, or you can
enable Synapse's built-in ACME (Let's Encrypt) support. Instructions enable Synapse's built-in ACME (Let's Encrypt) support. Instructions
for having Synapse automatically provision and renew federation for having Synapse automatically provision and renew federation
certificates through ACME can be found at [ACME.md](docs/ACME.md). If you certificates through ACME can be found at [ACME.md](docs/ACME.md).
are using your own certificate, be sure to use a `.pem` file that includes Note that, as pointed out in that document, this feature will not
the full certificate chain including any intermediate certificates (for work with installs set up after November 2020. If you are using your
instance, if using certbot, use `fullchain.pem` as your certificate, not own certificate, be sure to use a `.pem` file that includes the full
`cert.pem`). certificate chain including any intermediate certificates (for
instance, if using certbot, use `fullchain.pem` as your certificate,
not `cert.pem`).
For a more detailed guide to configuring your server for federation, see For a more detailed guide to configuring your server for federation, see
[federate.md](docs/federate.md) [federate.md](docs/federate.md)