Erik Johnston
b616a8717b
Add note on tuning postgres
2019-03-19 16:05:32 +00:00
Richard van der Hoff
d2a537ea60
Merge remote-tracking branch 'origin/master' into develop
2019-03-19 10:37:50 +00:00
Michael Kaye
9482a84c0a
Repoint docs for federation ( #4881 )
2019-03-19 10:37:18 +00:00
Richard van der Hoff
fd463b4f5d
Comment out most options in the generated config. ( #4863 )
...
Make it so that most options in the config are optional, and commented out in
the generated config.
The reasons this is a good thing are as follows:
* If we decide that we should change the default for an option, we can do so,
and only those admins that have deliberately chosen to override that option
will be stuck on the old setting.
* It moves us towards a point where we can get rid of the super-surprising
feature of synapse where the default settings for the config come from the
generated yaml.
* It makes setting up a test config for unit testing an order of magnitude
easier (see forthcoming PR).
* It makes the generated config more consistent, and hopefully easier for users
to understand.
2019-03-19 10:06:40 +00:00
Brendan Abolivier
651ad8bc96
Add ratelimiting on failed login attempts ( #4865 )
2019-03-18 12:57:20 +00:00
Brendan Abolivier
899e523d6d
Add ratelimiting on login ( #4821 )
...
Add two ratelimiters on login (per-IP address and per-userID).
2019-03-15 17:46:16 +00:00
Richard van der Hoff
9ffadcdbad
fix some typos in federate.md
2019-03-15 09:43:24 +00:00
Andrew Morgan
7998ca3a66
Document using a certificate with a full chain ( #4849 )
2019-03-13 15:26:29 +00:00
Neil Johnson
332b60ec68
Merge branch 'master' of github.com:matrix-org/synapse into develop
2019-03-12 17:15:21 +00:00
Neil Johnson
83193a9362
fix orphaned sentence
2019-03-12 16:57:17 +00:00
Neil Johnson
8b692bf7c2
Neilj/improved delegation doc 2 ( #4832 )
...
Improved federation configuration docs. Specifically detailing .well-known and SRV based delegation methods.
Inspiration Valentin Lab <valentin.lab@kalysto.org> for https://github.com/matrix-org/synapse/pull/4781
2019-03-12 14:23:28 +00:00
Aaron Raimist
8ea1b41a0e
Clarify what registration_shared_secret allows for ( #2885 ) ( #4844 )
...
* Clarify what registration_shared_secret allows for (#2885 )
Signed-off-by: Aaron Raimist <aaron@raim.ist>
* Add changelog
Signed-off-by: Aaron Raimist <aaron@raim.ist>
2019-03-11 18:21:52 +00:00
Matthew Hodgson
8f4b9f5210
Reword the sample config header to be less scary ( #4801 )
2019-03-07 07:09:01 +00:00
Brendan Abolivier
c23e8c3333
Update sample config
2019-03-05 18:03:48 +00:00
Erik Johnston
16c8b4ecbd
Merge pull request #4772 from jbweston/jbweston/server-version-api
...
Add 'server_version' endpoint to admin API
2019-03-05 16:31:00 +00:00
Brendan Abolivier
a4c3a361b7
Add rate-limiting on registration ( #4735 )
...
* Rate-limiting for registration
* Add unit test for registration rate limiting
* Add config parameters for rate limiting on auth endpoints
* Doc
* Fix doc of rate limiting function
Co-Authored-By: babolivier <contact@brendanabolivier.com>
* Incorporate review
* Fix config parsing
* Fix linting errors
* Set default config for auth rate limiting
* Fix tests
* Add changelog
* Advance reactor instead of mocked clock
* Move parameters to registration specific config and give them more sensible default values
* Remove unused config options
* Don't mock the rate limiter un MAU tests
* Rename _register_with_store into register_with_store
* Make CI happy
* Remove unused import
* Update sample config
* Fix ratelimiting test for py2
* Add non-guest test
2019-03-05 14:25:33 +00:00
Erik Johnston
c3c542bb4a
Merge pull request #4796 from matrix-org/erikj/factor_out_e2e_keys
...
Allow /keys/{changes,query} API to run on worker
2019-03-05 09:06:25 +00:00
Erik Johnston
bfa7d46a10
Allow /keys/{changes,query} API to run on worker
2019-03-04 18:30:01 +00:00
Richard van der Hoff
8e28bc5eee
Include a default configuration file in the 'docs' directory. ( #4791 )
2019-03-04 17:14:58 +00:00
Seebi
aba5eeabd5
Fix v4v6 option in HAProxy example config ( #4790 )
...
The v4v6 option only has a usage one ipv6 socket: https://serverfault.com/q/747895
Signed-off-by: Flakebi <flakebi@t-online.de>
2019-03-04 13:19:41 +00:00
Joseph Weston
144cbfd650
add API documentation
...
Signed-off-by: Joseph Weston <joseph@weston.cloud>
2019-03-02 03:07:04 +01:00
Erik Johnston
76550c58d2
Merge pull request #4759 from matrix-org/erikj/3pid_client_reader
...
Move /account/3pid to client_reader
2019-02-27 16:11:21 +00:00
Erik Johnston
54f9ce11a7
Move /account/3pid to client_reader
2019-02-27 14:26:08 +00:00
Erik Johnston
4cff9376f7
Move server key queries to federation reader
2019-02-27 13:43:53 +00:00
Erik Johnston
7590e9fa28
Merge pull request #4749 from matrix-org/erikj/replication_connection_backoff
...
Fix tightloop over connecting to replication server
2019-02-27 11:00:59 +00:00
Paul Tötterman
4bc7483518
Fix apache reverse proxy example ( #4742 )
...
So that it actually works. See https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypass
Signed-off-by: Paul Tötterman <paul.totterman@iki.fi>
2019-02-26 18:01:45 +00:00
Erik Johnston
313987187e
Fix tightloop over connecting to replication server
...
If the client failed to process incoming commands during the initial set
up of the replication connection it would immediately disconnect and
reconnect, resulting in a tightloop.
This can happen, for example, when subscribing to a stream that has a
row that is too long in the backlog.
The fix here is to not consider the connection successfully set up until
the client has succesfully subscribed and caught up with the streams.
This ensures that the retry logic timers aren't reset until then,
meaning that if an error does happen during start up the client will
continue backing off before retrying again.
2019-02-26 15:05:41 +00:00
Richard van der Hoff
fcd6f01dc7
Minor tweaks to acme docs ( #4689 )
2019-02-22 10:56:42 +00:00
Benoît S
16e0680498
Added HAProxy example ( #4660 )
...
* Added HAProxy example
Proposal of an example with HAProxy. Asked by #4541 .
Signed-off-by: Benoît S. (“Benpro”) <gitlab@benpro.fr>
* Following suggestions of @richvdh
2019-02-21 17:44:10 +00:00
Erik Johnston
c003450057
Merge pull request #4671 from matrix-org/erikj/state_cache_invalidation
...
Batch cache invalidation over replication
2019-02-19 13:14:30 +00:00
Erik Johnston
62175a20e5
Docs
2019-02-19 11:38:40 +00:00
Erik Johnston
bc8fa1509d
Documentation
2019-02-19 11:24:59 +00:00
Erik Johnston
128902d60a
Update worker docs
2019-02-18 17:21:51 +00:00
Erik Johnston
8b9ae6d3a6
Update docs
2019-02-18 15:26:13 +00:00
Richard van der Hoff
00cf679bf2
Synapse 0.99.1 (2019-02-14)
...
===========================
Features
--------
- Include m.room.encryption on invites by default ([\#3902](https://github.com/matrix-org/synapse/issues/3902 ))
- Federation OpenID listener resource can now be activated even if federation is disabled ([\#4420](https://github.com/matrix-org/synapse/issues/4420 ))
- Synapse's ACME support will now correctly reprovision a certificate that approaches its expiry while Synapse is running. ([\#4522](https://github.com/matrix-org/synapse/issues/4522 ))
- Add ability to update backup versions ([\#4580](https://github.com/matrix-org/synapse/issues/4580 ))
- Allow the "unavailable" presence status for /sync.
This change makes Synapse compliant with r0.4.0 of the Client-Server specification. ([\#4592](https://github.com/matrix-org/synapse/issues/4592 ))
- There is no longer any need to specify `no_tls`: it is inferred from the absence of TLS listeners ([\#4613](https://github.com/matrix-org/synapse/issues/4613 ), [\#4615](https://github.com/matrix-org/synapse/issues/4615 ), [\#4617](https://github.com/matrix-org/synapse/issues/4617 ), [\#4636](https://github.com/matrix-org/synapse/issues/4636 ))
- The default configuration no longer requires TLS certificates. ([\#4614](https://github.com/matrix-org/synapse/issues/4614 ))
Bugfixes
--------
- Copy over room federation ability on room upgrade. ([\#4530](https://github.com/matrix-org/synapse/issues/4530 ))
- Fix noisy "twisted.internet.task.TaskStopped" errors in logs ([\#4546](https://github.com/matrix-org/synapse/issues/4546 ))
- Synapse is now tolerant of the `tls_fingerprints` option being None or not specified. ([\#4589](https://github.com/matrix-org/synapse/issues/4589 ))
- Fix 'no unique or exclusion constraint' error ([\#4591](https://github.com/matrix-org/synapse/issues/4591 ))
- Transfer Server ACLs on room upgrade. ([\#4608](https://github.com/matrix-org/synapse/issues/4608 ))
- Fix failure to start when not TLS certificate was given even if TLS was disabled. ([\#4618](https://github.com/matrix-org/synapse/issues/4618 ))
- Fix self-signed cert notice from generate-config. ([\#4625](https://github.com/matrix-org/synapse/issues/4625 ))
- Fix performance of `user_ips` table deduplication background update ([\#4626](https://github.com/matrix-org/synapse/issues/4626 ), [\#4627](https://github.com/matrix-org/synapse/issues/4627 ))
Internal Changes
----------------
- Change the user directory state query to use a filtered call to the db instead of a generic one. ([\#4462](https://github.com/matrix-org/synapse/issues/4462 ))
- Reject federation transactions if they include more than 50 PDUs or 100 EDUs. ([\#4513](https://github.com/matrix-org/synapse/issues/4513 ))
- Reduce duplication of ``synapse.app`` code. ([\#4567](https://github.com/matrix-org/synapse/issues/4567 ))
- Fix docker upload job to push -py2 images. ([\#4576](https://github.com/matrix-org/synapse/issues/4576 ))
- Add port configuration information to ACME instructions. ([\#4578](https://github.com/matrix-org/synapse/issues/4578 ))
- Update MSC1711 FAQ to calrify .well-known usage ([\#4584](https://github.com/matrix-org/synapse/issues/4584 ))
- Clean up default listener configuration ([\#4586](https://github.com/matrix-org/synapse/issues/4586 ))
- Clarifications for reverse proxy docs ([\#4607](https://github.com/matrix-org/synapse/issues/4607 ))
- Move ClientTLSOptionsFactory init out of `refresh_certificates` ([\#4611](https://github.com/matrix-org/synapse/issues/4611 ))
- Fail cleanly if listener config lacks a 'port' ([\#4616](https://github.com/matrix-org/synapse/issues/4616 ))
- Remove redundant entries from docker config ([\#4619](https://github.com/matrix-org/synapse/issues/4619 ))
- README updates ([\#4621](https://github.com/matrix-org/synapse/issues/4621 ))
-----BEGIN PGP SIGNATURE-----
iQFHBAABCgAxFiEEQlNDQm4FMsm53u1sih+T1XW16NUFAlxlemgTHHJpY2hhcmRA
bWF0cml4Lm9yZwAKCRCKH5PVdbXo1eKYCACR9TcOvMver/YyD2qP+dY6Lt24f8zG
zYYzHGAHin+p204q8Pp6o0XLe4UuLDuhAyNVPZyj1wzwHYdubRvdah1uFwPdxmCY
tGbJG5p37ykSEfEwcxdXEjYfPqflOwQL5aCeXyCCLWSdVVFKkWCXGgw8F6WPkgrI
QwWKTfsM3wCnfa8ryKAXHxcmX2G1JncZ0ouUZTVNz5vokBsA19IaLvfJ5Rv3Kk59
eXsBB/yE+9Dat4A439AGfVDQDKiGYvuhppJmUdYRMqxulzakd8diyZqBDAHZafqt
QdjxnDx2e0OtSxI3RSevABnDnNyJ4NsUEtrny1Lh/MV72T9K3yEbHuwH
=UCD1
-----END PGP SIGNATURE-----
Merge tag 'v0.99.1'
Synapse 0.99.1 (2019-02-14)
===========================
Features
--------
- Include m.room.encryption on invites by default ([\#3902](https://github.com/matrix-org/synapse/issues/3902 ))
- Federation OpenID listener resource can now be activated even if federation is disabled ([\#4420](https://github.com/matrix-org/synapse/issues/4420 ))
- Synapse's ACME support will now correctly reprovision a certificate that approaches its expiry while Synapse is running. ([\#4522](https://github.com/matrix-org/synapse/issues/4522 ))
- Add ability to update backup versions ([\#4580](https://github.com/matrix-org/synapse/issues/4580 ))
- Allow the "unavailable" presence status for /sync.
This change makes Synapse compliant with r0.4.0 of the Client-Server specification. ([\#4592](https://github.com/matrix-org/synapse/issues/4592 ))
- There is no longer any need to specify `no_tls`: it is inferred from the absence of TLS listeners ([\#4613](https://github.com/matrix-org/synapse/issues/4613 ), [\#4615](https://github.com/matrix-org/synapse/issues/4615 ), [\#4617](https://github.com/matrix-org/synapse/issues/4617 ), [\#4636](https://github.com/matrix-org/synapse/issues/4636 ))
- The default configuration no longer requires TLS certificates. ([\#4614](https://github.com/matrix-org/synapse/issues/4614 ))
Bugfixes
--------
- Copy over room federation ability on room upgrade. ([\#4530](https://github.com/matrix-org/synapse/issues/4530 ))
- Fix noisy "twisted.internet.task.TaskStopped" errors in logs ([\#4546](https://github.com/matrix-org/synapse/issues/4546 ))
- Synapse is now tolerant of the `tls_fingerprints` option being None or not specified. ([\#4589](https://github.com/matrix-org/synapse/issues/4589 ))
- Fix 'no unique or exclusion constraint' error ([\#4591](https://github.com/matrix-org/synapse/issues/4591 ))
- Transfer Server ACLs on room upgrade. ([\#4608](https://github.com/matrix-org/synapse/issues/4608 ))
- Fix failure to start when not TLS certificate was given even if TLS was disabled. ([\#4618](https://github.com/matrix-org/synapse/issues/4618 ))
- Fix self-signed cert notice from generate-config. ([\#4625](https://github.com/matrix-org/synapse/issues/4625 ))
- Fix performance of `user_ips` table deduplication background update ([\#4626](https://github.com/matrix-org/synapse/issues/4626 ), [\#4627](https://github.com/matrix-org/synapse/issues/4627 ))
Internal Changes
----------------
- Change the user directory state query to use a filtered call to the db instead of a generic one. ([\#4462](https://github.com/matrix-org/synapse/issues/4462 ))
- Reject federation transactions if they include more than 50 PDUs or 100 EDUs. ([\#4513](https://github.com/matrix-org/synapse/issues/4513 ))
- Reduce duplication of ``synapse.app`` code. ([\#4567](https://github.com/matrix-org/synapse/issues/4567 ))
- Fix docker upload job to push -py2 images. ([\#4576](https://github.com/matrix-org/synapse/issues/4576 ))
- Add port configuration information to ACME instructions. ([\#4578](https://github.com/matrix-org/synapse/issues/4578 ))
- Update MSC1711 FAQ to calrify .well-known usage ([\#4584](https://github.com/matrix-org/synapse/issues/4584 ))
- Clean up default listener configuration ([\#4586](https://github.com/matrix-org/synapse/issues/4586 ))
- Clarifications for reverse proxy docs ([\#4607](https://github.com/matrix-org/synapse/issues/4607 ))
- Move ClientTLSOptionsFactory init out of `refresh_certificates` ([\#4611](https://github.com/matrix-org/synapse/issues/4611 ))
- Fail cleanly if listener config lacks a 'port' ([\#4616](https://github.com/matrix-org/synapse/issues/4616 ))
- Remove redundant entries from docker config ([\#4619](https://github.com/matrix-org/synapse/issues/4619 ))
- README updates ([\#4621](https://github.com/matrix-org/synapse/issues/4621 ))
2019-02-14 14:41:40 +00:00
Richard van der Hoff
c475275926
Clarifications for reverse proxy docs ( #4607 )
...
Factor out the reverse proxy info to a separate file, add some more info on
reverse-proxying the federation port.
2019-02-11 11:44:28 +00:00
Erik Johnston
4588b0d64a
Update MSC1711_certificates_FAQ.md
...
Fix incorrect heading level
2019-02-08 09:37:16 +00:00
Erik Johnston
acb2ac5863
Update MSC1711 FAQ to be explicit about well-known ( #4584 )
...
A surprising number of people are using the well-known method, and are
simply copying the example configuration. This is problematic as the
example includes an explicit port, which causes inbound federation
requests to have the HTTP Host header include the port, upsetting some
reverse proxies.
Given that, we update the well-known example to be more explicit about
the various ways you can set it up, and the consequence of using an
explict port.
2019-02-07 19:30:32 +00:00
Richard van der Hoff
7cadc4c918
cleanups
2019-02-07 19:29:20 +00:00
Richard van der Hoff
188ad47e73
Merge branch 'master' into erikj/msc1711_faq
2019-02-07 19:27:42 +00:00
Erik Johnston
9285d5c2ce
Update MSC1711 FAQ to be explicit about well-known
...
A surprising number of people are using the well-known method, and are
simply copying the example configuration. This is problematic as the
example includes an explicit port, which causes inbound federation
requests to have the HTTP Host header include the port, upsetting some
reverse proxies.
Given that, we update the well-known example to be more explicit about
the various ways you can set it up, and the consequence of using an
explict port.
2019-02-07 19:24:11 +00:00
Richard van der Hoff
624b172e08
Merge remote-tracking branch 'origin/release-v0.99.0'
2019-02-07 19:18:26 +00:00
Andrew Morgan
c17b128b83
Update ACME docs to include port instructions ( #4578 )
2019-02-07 19:18:08 +00:00
Richard van der Hoff
9b7aa543d9
clarify option 1
2019-02-07 18:46:02 +00:00
Richard van der Hoff
b05dd4ac06
faq cleanups
2019-02-05 18:59:57 +00:00
Richard van der Hoff
39bf0ea2e8
Add notes on SRV and .well-known ( #4573 )
2019-02-05 18:11:26 +00:00
Andrew Morgan
4a7524ffd3
Merge pull request #4570 from matrix-org/anoa/self_signed_upgrade
...
Add ACME docs and link to it from README and INSTALL
2019-02-05 17:34:43 +00:00
Neil Johnson
6585ef4799
Neilj/1711faq ( #4572 )
...
MSC1711 certificates FAQ
2019-02-05 17:19:28 +00:00
Andrew Morgan
a6345009f9
Add TL;DR and final step details to ACME
2019-02-05 17:04:34 +00:00
Andrew Morgan
56cb34ba8b
Merge branch 'anoa/self_signed_upgrade' of github.com:matrix-org/synapse into anoa/self_signed_upgrade
2019-02-05 16:53:05 +00:00