forked from Fediversity/Fediversity
Added to and polished Synapse configuration.
This commit is contained in:
parent
e6ed985e53
commit
65e551b74b
GPG key ID:
43DBCC37BFDEFD72
|
|
@ -146,7 +146,8 @@ This will ask for a password, choose a safe one.
|
|||
Logging is configured in `log.yaml`. Some logging should go to systemd, the
|
||||
more specific logging to Synapse's own logfile(s).
|
||||
|
||||
This part is yet to be completed.
|
||||
This part is yet to be completed, the default configuration is adequate for
|
||||
most cases.
|
||||
|
||||
# Delegation and DNS {#Delegation}
|
||||
|
||||
|
|
@ -163,8 +164,7 @@ JSON-code under `https://example.com/.well-known/matrix/server`:
|
|||
|
||||
```
|
||||
{
|
||||
"m.homeserver": {"base_url": "https://matrix.example.com"},
|
||||
"org.matrix.msc3575.proxy": {"url": "https://matrix.example.com"}
|
||||
"m.homeserver": {"base_url": "https://matrix.example.com"}
|
||||
}
|
||||
```
|
||||
|
||||
|
|
@ -280,7 +280,7 @@ password_config:
|
|||
policy:
|
||||
enabled: true
|
||||
localdb_enabled: true
|
||||
pepper: CxDC6jU5FAxAcvD
|
||||
pepper: <random string>
|
||||
minimum_length: 8
|
||||
require_digit: true
|
||||
require_symbol: true
|
||||
|
|
@ -311,7 +311,7 @@ password_providers:
|
|||
enabled: true
|
||||
uri: "ldap://ldap.example.com:389"
|
||||
start_tls: true
|
||||
base: "ou=users,o=Example,dc=example,dc=com"
|
||||
base: "ou=users,dc=example,dc=com"
|
||||
attributes:
|
||||
uid: "uid"
|
||||
mail: "mail"
|
||||
|
|
@ -319,12 +319,12 @@ password_providers:
|
|||
filter: "(&(objectClass=posixAccount)(accountStatus=active))"
|
||||
|
||||
mode: "search"
|
||||
bind_dn: "cn=matrix,ou=service,o=Example,dc=example,dc=com"
|
||||
bind_dn: "cn=matrix,ou=service,dc=example,dc=com"
|
||||
bind_password: "<very secure password>"
|
||||
```
|
||||
|
||||
This would connect to ldap.example.com over TLS, and authenticate users that
|
||||
live under `ou=users,o=Example,dc=example,dc=com` and that are active Posix
|
||||
live under `ou=users,dc=example,dc=com` and that are active Posix
|
||||
accounts. Users will not be able to change their passwords via Matrix, they
|
||||
have to do that in LDAP.
|
||||
|
||||
|
|
@ -411,6 +411,10 @@ Check for more information about [how to configure the TURN
|
|||
server](../coturn) or [LiveKit](../element-call#livekit). You probably want
|
||||
LiveKit, but read on if you choose coturn.
|
||||
|
||||
It might be useful to use both coturn and LiveKit, so as to support both
|
||||
legacy and EC calls, but you'd need to tweak the configurations so that they
|
||||
don't bite each other.
|
||||
|
||||
Once you've set up your TURN server, configure it in
|
||||
Synapse, in `conf.d/turn.yaml`:
|
||||
|
||||
|
|
@ -446,9 +450,9 @@ Add this bit of info to `conf.d/server_notices.yaml`:
|
|||
server_notices:
|
||||
system_mxid_localpart: server
|
||||
system_mxid_display_name: "Server Notices"
|
||||
# system_mxid_avatar_url: "mxc://matrixdev.example.com/QBBZcaxfrrpvreGeNhqRaCjG"
|
||||
# system_mxid_avatar_url: "mxc://example.com/QBBZcaxfrrpvreGeNhqRaCjG"
|
||||
room_name: "Server Notices"
|
||||
# room_avatar_url: "mxc://matrixdev.example.com/QBBZcaxfrrpvreGeNhqRaCjG"
|
||||
# room_avatar_url: "mxc://example.com/QBBZcaxfrrpvreGeNhqRaCjG"
|
||||
room_topic: "Room used by your server admin to notice you of important
|
||||
information"
|
||||
auto_join: true
|
||||
|
|
@ -464,7 +468,7 @@ Every user gets his own room, so if you send a server notice to 100 users,
|
|||
there will be (at least) 100 rooms by that name, all containing 1 user.
|
||||
|
||||
The option `auto_join` means that users will automatically join the room as
|
||||
soon as it's created. They can leave afterwards, but they'll put into it again
|
||||
soon as it's created. They can leave afterwards, but they'll be put into it again
|
||||
as soon as they receive another server message.
|
||||
|
||||
The two commented out options are the avatars for user and room. This is a bit
|
||||
|
|
@ -480,6 +484,9 @@ the thumbnailer. Pictures in encrypted rooms are stored as MIME type
|
|||
[Homeserver Blocking](#blocking). Or, if you haven't defined a whitelist, at
|
||||
least an image mimetype...
|
||||
|
||||
Apparently this was a bug that's supposed to be fixed in Synapse 1.20, but we
|
||||
haven't tested that yet.
|
||||
|
||||
You can find the ID of the picture in the database (table `local_media_repository`)
|
||||
or, more conveniently, in [Synapse-Admin](../synapse-admin), which is also
|
||||
where you'll want to go if you want to send a server notice.
|
||||
|
|
@ -606,6 +613,24 @@ user_consent:
|
|||
messages yet. Please read and accept the policy at %(consent_uri)s.
|
||||
```
|
||||
|
||||
Last bit it to enable the consent tracking on all listeners where `client` is
|
||||
active. We have only one listener, so we add `consent` to that:
|
||||
|
||||
```
|
||||
listeners:
|
||||
- port: 8008
|
||||
tls: false
|
||||
type: http
|
||||
x_forwarded: true
|
||||
bind_addresses: ['::1', '127.0.0.1']
|
||||
resources:
|
||||
- names:
|
||||
- client
|
||||
- consent
|
||||
- federation
|
||||
compress: false
|
||||
```
|
||||
|
||||
Restart Synapse for these changes to take effect.
|
||||
|
||||
If you update your policy, you'll have to copy the current one to a new
|
||||
|
|
|
|||
Loading…
Reference in a new issue