From 3608f37fd56da9694be1345b1469b4a96322ceab Mon Sep 17 00:00:00 2001 From: Hans van Zijst Date: Sun, 22 Dec 2024 21:50:10 +0100 Subject: [PATCH] Changed stuff about groups. --- matrix/synapse/workers.md | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/matrix/synapse/workers.md b/matrix/synapse/workers.md index 3d9d42a..e3b72a6 100644 --- a/matrix/synapse/workers.md +++ b/matrix/synapse/workers.md @@ -95,26 +95,23 @@ Synapse starts, and let it have the correct group. systemctl edit matrix-synapse ``` -Now override parts of the `Service` stanza to look like this: +Now override parts of the `Service` stanza to add these two lines: ``` [Service] -User=matrix-synapse -Group=clubmatrix RuntimeDirectory=matrix-synapse RuntimeDirectoryPreserve=yes ``` -Synapse will, from now on, run as group `clubmatrix` instead of -`matrix-synapse`. The directory `/run/matrix-synapse` will be created as soon +The directory `/run/matrix-synapse` will be created as soon as Synapse starts, and will not be removed on restart or stop, because that would create problems with workers who suddenly lose their sockets. -First we change Synapse from listening on `localhost:8008` to listening on a +Then we change Synapse from listening on `localhost:8008` to listening on a socket. We'll do most of our workers work in `conf.d/listeners.yaml`, so let's -put the new configuration for the main proccess there: +put the new configuration for the main proccess there. -Add a replication listener: +Remove the `localhost:8008` bit, and configure these two sockets: ``` listeners: @@ -135,13 +132,13 @@ listeners: - replication ``` -This means Synapse will create two sockets under `/run/matrix/synapse`: one +This means Synapse will create two sockets under `/run/matrix-synapse`: one for incoming traffic that is forwarded by nginx (`inbound_main.sock`), and one for communicating with all the other workers (`replication.sock`). If you restart Synapse now, it won't do anything anymore, because nginx is still forwarding its traffic to `localhost:8008`. We'll get to nginx later, -but you'd have to change +but for now you should change: ``` proxy_forward http://localhost:8008; @@ -153,8 +150,17 @@ to proxy_forward http://unix:/run/matrix-synapse/inbound_main.sock; ``` -If you've done this, restart Synapse, check if the socket is created and has -the correct permissions. Now point Synapse at Redis in `conf.d/redis.yaml`: +Because the sockets under `/run/matrix-synapse` are writable only by user and +group `matrix-synapse`, we have to add nginx to that group: + +``` +addgroup www-data matrix-synapse +``` + +This may not be the best way, but for now it will suffice. + +If you've done this, restart Synapse and nginx, and check if the sockets are created +and have the correct permissions. Now point Synapse at Redis in `conf.d/redis.yaml`: ``` redis: @@ -162,7 +168,7 @@ redis: path: /run/redis/redis-server.sock ``` -Check if Synapse can connect to Redis via the socket, you should find log +Restart Synapse and check if it can connect to Redis via the socket, you should find log entries like this: ```