hans/Fediversity
1
0
Fork 0
forked from Fediversity/Fediversity
Code Pull requests Activity

Changed stuff about groups.

Browse source
This commit is contained in:
Hans van Zijst 2024-12-22 21:50:10 +01:00
parent dde3bfaad4
commit 3608f37fd5
No known key found for this signature in database
GPG key ID: ECF8564FB15A8216
1 changed files with 19 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
matrix/synapse/workers.md
View file

@ -95,26 +95,23 @@ Synapse starts, and let it have the correct group.
systemctl edit matrix-synapse systemctl edit matrix-synapse
``` ```
Now override parts of the `Service` stanza to look like this: Now override parts of the `Service` stanza to add these two lines:
``` ```
[Service] [Service]
User=matrix-synapse
Group=clubmatrix
RuntimeDirectory=matrix-synapse RuntimeDirectory=matrix-synapse
RuntimeDirectoryPreserve=yes RuntimeDirectoryPreserve=yes
``` ```
Synapse will, from now on, run as group `clubmatrix` instead of The directory `/run/matrix-synapse` will be created as soon
`matrix-synapse`. The directory `/run/matrix-synapse` will be created as soon
as Synapse starts, and will not be removed on restart or stop, because that as Synapse starts, and will not be removed on restart or stop, because that
would create problems with workers who suddenly lose their sockets. would create problems with workers who suddenly lose their sockets.
First we change Synapse from listening on `localhost:8008` to listening on a Then we change Synapse from listening on `localhost:8008` to listening on a
socket. We'll do most of our workers work in `conf.d/listeners.yaml`, so let's socket. We'll do most of our workers work in `conf.d/listeners.yaml`, so let's
put the new configuration for the main proccess there: put the new configuration for the main proccess there.
Add a replication listener: Remove the `localhost:8008` bit, and configure these two sockets:
``` ```
listeners: listeners:
@ -135,13 +132,13 @@ listeners:
- replication - replication
``` ```
This means Synapse will create two sockets under `/run/matrix/synapse`: one This means Synapse will create two sockets under `/run/matrix-synapse`: one
for incoming traffic that is forwarded by nginx (`inbound_main.sock`), and one for for incoming traffic that is forwarded by nginx (`inbound_main.sock`), and one for
communicating with all the other workers (`replication.sock`). communicating with all the other workers (`replication.sock`).
If you restart Synapse now, it won't do anything anymore, because nginx is If you restart Synapse now, it won't do anything anymore, because nginx is
still forwarding its traffic to `localhost:8008`. We'll get to nginx later, still forwarding its traffic to `localhost:8008`. We'll get to nginx later,
but you'd have to change but for now you should change:
``` ```
proxy_forward http://localhost:8008; proxy_forward http://localhost:8008;
@ -153,8 +150,17 @@ to
proxy_forward http://unix:/run/matrix-synapse/inbound_main.sock; proxy_forward http://unix:/run/matrix-synapse/inbound_main.sock;
``` ```
If you've done this, restart Synapse, check if the socket is created and has Because the sockets under `/run/matrix-synapse` are writable only by user and
the correct permissions. Now point Synapse at Redis in `conf.d/redis.yaml`: group `matrix-synapse`, we have to add nginx to that group:
```
addgroup www-data matrix-synapse
```
This may not be the best way, but for now it will suffice.
If you've done this, restart Synapse and nginx, and check if the sockets are created
and have the correct permissions. Now point Synapse at Redis in `conf.d/redis.yaml`:
``` ```
redis: redis:
@ -162,7 +168,7 @@ redis:
path: /run/redis/redis-server.sock path: /run/redis/redis-server.sock
``` ```
Check if Synapse can connect to Redis via the socket, you should find log Restart Synapse and check if it can connect to Redis via the socket, you should find log
entries like this: entries like this:
``` ```