0
0
Fork 1
mirror of https://mau.dev/maunium/synapse.git synced 2024-12-15 04:13:52 +01:00

Minor tweaks to acme docs (#4689)

This commit is contained in:
Richard van der Hoff 2019-02-22 10:56:42 +00:00 committed by GitHub
parent 0abb094f1a
commit fcd6f01dc7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 10 deletions

1
changelog.d/4689.misc Normal file
View file

@ -0,0 +1 @@
Minor tweaks to acme docs.

View file

@ -10,13 +10,14 @@ through [Let's Encrypt](https://letsencrypt.org/) if you tell it to.
In the case that your `server_name` config variable is the same as In the case that your `server_name` config variable is the same as
the hostname that the client connects to, then the same certificate can be the hostname that the client connects to, then the same certificate can be
used between client and federation ports without issue. used between client and federation ports without issue.
For a sample configuration, please inspect the new ACME section in the example If your configuration file does not already have an `acme` section, you can
generated config by running the `generate-config` executable. For example: generate an example config by running the `generate_config` executable. For
example:
``` ```
~/synapse/env3/bin/generate-config ~/synapse/env3/bin/generate_config
``` ```
You will need to provide Let's Encrypt (or another ACME provider) access to You will need to provide Let's Encrypt (or another ACME provider) access to
@ -27,10 +28,9 @@ like `authbind` to allow Synapse to listen on port 80 without root access.
(Do not run Synapse with root permissions!) Detailed instructions are (Do not run Synapse with root permissions!) Detailed instructions are
available under "ACME setup" below. available under "ACME setup" below.
If you are already using self-signed certificates, you will need to back up If you already have certificates, you will need to back up or delete them
or delete them (files `example.com.tls.crt` and `example.com.tls.key` in (files `example.com.tls.crt` and `example.com.tls.key` in Synapse's root
Synapse's root directory), Synapse's ACME implementation will not overwrite directory), Synapse's ACME implementation will not overwrite them.
them.
You may wish to use alternate methods such as Certbot to obtain a certificate You may wish to use alternate methods such as Certbot to obtain a certificate
from Let's Encrypt, depending on your server configuration. Of course, if you from Let's Encrypt, depending on your server configuration. Of course, if you
@ -87,7 +87,6 @@ acme:
port: 8009 port: 8009
``` ```
#### Authbind #### Authbind
`authbind` allows a program which does not run as root to bind to `authbind` allows a program which does not run as root to bind to
@ -127,4 +126,4 @@ acme:
Ensure that the certificate paths specified in `homeserver.yaml` (`tls_certificate_path` and `tls_private_key_path`) do not currently point to any files. Synapse will not provision certificates if files exist, as it does not want to overwrite existing certificates. Ensure that the certificate paths specified in `homeserver.yaml` (`tls_certificate_path` and `tls_private_key_path`) do not currently point to any files. Synapse will not provision certificates if files exist, as it does not want to overwrite existing certificates.
Finally, start/restart Synapse. Finally, start/restart Synapse.