From e53f11bd62b3fbf5ae3def707998235e63e82afa Mon Sep 17 00:00:00 2001 From: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> Date: Fri, 26 Feb 2021 13:24:54 +0000 Subject: [PATCH] Call out the need for an X-Forwarded-Proto in the upgrade notes (#9501) --- CHANGES.md | 6 ++++++ UPGRADE.rst | 20 ++++++++++++++++++++ changelog.d/9472.feature | 2 +- changelog.d/9501.feature | 1 + 4 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 changelog.d/9501.feature diff --git a/CHANGES.md b/CHANGES.md index d584d342d..d9ecbac44 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,3 +1,9 @@ +Synapse 1.xx.0 +============== + +Note that synapse now expects an `X-Forwarded-Proto` header when used with a reverse proxy. Please see [UPGRADE.rst](UPGRADE.rst#upgrading-to-v1290) for more details on this change. + + Synapse 1.28.0 (2021-02-25) =========================== diff --git a/UPGRADE.rst b/UPGRADE.rst index 6f628a694..e852b806c 100644 --- a/UPGRADE.rst +++ b/UPGRADE.rst @@ -85,6 +85,26 @@ for example: wget https://packages.matrix.org/debian/pool/main/m/matrix-synapse-py3/matrix-synapse-py3_1.3.0+stretch1_amd64.deb dpkg -i matrix-synapse-py3_1.3.0+stretch1_amd64.deb +Upgrading to v1.29.0 +==================== + +Requirement for X-Forwarded-Proto header +---------------------------------------- + +When using Synapse with a reverse proxy (in particular, when using the +`x_forwarded` option on an HTTP listener), Synapse now expects to receive an +`X-Forwarded-Proto` header on incoming HTTP requests. If it is not set, Synapse +will log a warning on each received request. + +To avoid the warning, administrators using a reverse proxy should ensure that +the reverse proxy sets `X-Forwarded-Proto` header to `https` or `http` to +indicate the protocol used by the client. See the [reverse proxy +documentation](docs/reverse_proxy.md), where the example configurations have +been updated to show how to set this header. + +(Users of `Caddy `_ are unaffected, since we believe it +sets `X-Forwarded-Proto` by default.) + Upgrading to v1.27.0 ==================== diff --git a/changelog.d/9472.feature b/changelog.d/9472.feature index 2ea14e2d6..06cfd5d19 100644 --- a/changelog.d/9472.feature +++ b/changelog.d/9472.feature @@ -1 +1 @@ -Add support for `X-Forwarded-Proto` header when using a reverse proxy. Administrators using a reverse proxy should ensure this header is set to avoid warnings. See [docs/workers.md](docs/workers.md) for example configurations. +Add support for `X-Forwarded-Proto` header when using a reverse proxy. diff --git a/changelog.d/9501.feature b/changelog.d/9501.feature new file mode 100644 index 000000000..06cfd5d19 --- /dev/null +++ b/changelog.d/9501.feature @@ -0,0 +1 @@ +Add support for `X-Forwarded-Proto` header when using a reverse proxy.