From 83db339ece3e9426beb4ca56637251834b07af41 Mon Sep 17 00:00:00 2001 From: Hans van Zijst Date: Thu, 14 Nov 2024 15:37:17 +0100 Subject: [PATCH] Added 'Homeserver blocking' and 'Media store' to the documentation. --- matrix/synapse/README.md | 70 ++++++++++++++++++++++++++++++++++++---- 1 file changed, 64 insertions(+), 6 deletions(-) diff --git a/matrix/synapse/README.md b/matrix/synapse/README.md index 36d0adf..e8d82fb 100644 --- a/matrix/synapse/README.md +++ b/matrix/synapse/README.md @@ -51,7 +51,7 @@ There are two different ways to configure Synapse, documented here: We'll use Synapse, using the workers architecture to make it scalable, flexible and reusable. -## Listeners +# Listeners A fresh installation configures one listener, for both client and federation traffic. This listens on port 8008 on localhost (IPv4 and IPv6) and does not @@ -69,7 +69,7 @@ listeners: compress: false ``` -## Database +# Database The default installation leaves you with an sqlite3 database. Nice for experimenting, but unsuitable for a production environment. @@ -117,7 +117,7 @@ After changing the database, restart Synapse and check whether it can connect and create the tables it needs. -## Create admin +# Create admin Synapse doesn't create an admin account at install time, so you'll have to do that yourself. @@ -141,13 +141,14 @@ register_new_matrix_user -u admin -a -c /etc/matrix-synapse/conf.d/keys.yaml This will ask for a password, choose a safe one. -## Logging +# Logging Logging is configured in `log.yaml`. Some logging should go to systemd, the more specific logging to Synapse's own logfile(s). +This part is yet to be completed. -## Delegation and DNS {#Delegation} +# Delegation and DNS {#Delegation} If you run your server under a different FQDN than just the domain name you want to use, you need to delegate: point from your domain to the server. @@ -182,7 +183,7 @@ and/or AAAA records in DNS, not CNAME. See [nginx](../nginx) for details about how to publish this data. -## Blacklists +# Blacklists You don't want Synapse to try to contact certain IP-addresses, especially not those that are unroutable or for special uses. Add these addresses to `ip_range_blacklist`, @@ -243,3 +244,60 @@ This configures an SMTP-connection with SSL (port 465, `force_tls`). See Matrix' [email documentation](https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html?highlight=require_transport_security#email) for more information. + +# Media store {#mediastore} + +Files and avatars need to be stored somewhere, we configure these options in +`conf.d/mediastore.yaml`: + +``` +media_store_path: /var/lib/matrix-synapse/media +enable_authenticated_media: true +max_upload_size: 50M +url_preview_enabled: true +url_preview_ip_range_blacklist: + - '127.0.0.0/8' + - '10.0.0.0/8' + - '172.16.0.0/12' + - '192.168.0.0/16' + - '100.64.0.0/10' + - '192.0.0.0/24' + - '169.254.0.0/16' + - '192.88.99.0/24' + - '198.18.0.0/15' + - '192.0.2.0/24' + - '198.51.100.0/24' + - '203.0.113.0/24' + - '224.0.0.0/4' + - '::1/128' + - 'fe80::/10' + - 'fc00::/7' + - '2001:db8::/32' + - 'ff00::/8' + - 'fec0::/10' +``` + +These are a few sane (?) defaults, check [Matrix' documentation](https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html?highlight=media_store_path#media-store) +for many more options. + + +# Homeserver blocking {#blocking} + +This is a series of options that can be used to block and/or limit users. The +whole list of options can be found in [Matrix' documentation](https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html?highlight=mau_stats_only%3A#homeserver-blocking), +we're going to pick out a few useful ones. + +Let's configure these options in `conf.d/homeserver_blocking.yaml`. + +``` +admin_contact: matrixadmin@example.com +mau_stats_only: true +max_avatar_size: 2M +allowed_avatar_mimetypes: + - "image/png" + - "image/jpeg" + - "image/gif" +forgotten_room_retention_period: 7d +``` + +