mirror of
https://mau.dev/maunium/synapse.git
synced 2024-12-15 04:13:52 +01:00
Minor tweaks to acme docs (#4689)
This commit is contained in:
parent
0abb094f1a
commit
fcd6f01dc7
2 changed files with 10 additions and 10 deletions
1
changelog.d/4689.misc
Normal file
1
changelog.d/4689.misc
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Minor tweaks to acme docs.
|
19
docs/ACME.md
19
docs/ACME.md
|
@ -10,13 +10,14 @@ through [Let's Encrypt](https://letsencrypt.org/) if you tell it to.
|
||||||
|
|
||||||
In the case that your `server_name` config variable is the same as
|
In the case that your `server_name` config variable is the same as
|
||||||
the hostname that the client connects to, then the same certificate can be
|
the hostname that the client connects to, then the same certificate can be
|
||||||
used between client and federation ports without issue.
|
used between client and federation ports without issue.
|
||||||
|
|
||||||
For a sample configuration, please inspect the new ACME section in the example
|
If your configuration file does not already have an `acme` section, you can
|
||||||
generated config by running the `generate-config` executable. For example:
|
generate an example config by running the `generate_config` executable. For
|
||||||
|
example:
|
||||||
|
|
||||||
```
|
```
|
||||||
~/synapse/env3/bin/generate-config
|
~/synapse/env3/bin/generate_config
|
||||||
```
|
```
|
||||||
|
|
||||||
You will need to provide Let's Encrypt (or another ACME provider) access to
|
You will need to provide Let's Encrypt (or another ACME provider) access to
|
||||||
|
@ -27,10 +28,9 @@ like `authbind` to allow Synapse to listen on port 80 without root access.
|
||||||
(Do not run Synapse with root permissions!) Detailed instructions are
|
(Do not run Synapse with root permissions!) Detailed instructions are
|
||||||
available under "ACME setup" below.
|
available under "ACME setup" below.
|
||||||
|
|
||||||
If you are already using self-signed certificates, you will need to back up
|
If you already have certificates, you will need to back up or delete them
|
||||||
or delete them (files `example.com.tls.crt` and `example.com.tls.key` in
|
(files `example.com.tls.crt` and `example.com.tls.key` in Synapse's root
|
||||||
Synapse's root directory), Synapse's ACME implementation will not overwrite
|
directory), Synapse's ACME implementation will not overwrite them.
|
||||||
them.
|
|
||||||
|
|
||||||
You may wish to use alternate methods such as Certbot to obtain a certificate
|
You may wish to use alternate methods such as Certbot to obtain a certificate
|
||||||
from Let's Encrypt, depending on your server configuration. Of course, if you
|
from Let's Encrypt, depending on your server configuration. Of course, if you
|
||||||
|
@ -87,7 +87,6 @@ acme:
|
||||||
port: 8009
|
port: 8009
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
#### Authbind
|
#### Authbind
|
||||||
|
|
||||||
`authbind` allows a program which does not run as root to bind to
|
`authbind` allows a program which does not run as root to bind to
|
||||||
|
@ -127,4 +126,4 @@ acme:
|
||||||
|
|
||||||
Ensure that the certificate paths specified in `homeserver.yaml` (`tls_certificate_path` and `tls_private_key_path`) do not currently point to any files. Synapse will not provision certificates if files exist, as it does not want to overwrite existing certificates.
|
Ensure that the certificate paths specified in `homeserver.yaml` (`tls_certificate_path` and `tls_private_key_path`) do not currently point to any files. Synapse will not provision certificates if files exist, as it does not want to overwrite existing certificates.
|
||||||
|
|
||||||
Finally, start/restart Synapse.
|
Finally, start/restart Synapse.
|
||||||
|
|
Loading…
Reference in a new issue