forked from Fediversity/Fediversity
Updated some stuff about directory and systemd.
This commit is contained in:
parent
c41ea155f2
commit
dde3bfaad4
|
@ -20,7 +20,10 @@ themselves. Redirect specific tasks to them and you have several different
|
||||||
servers doing all kinds of tasks at the same time. A busy room will no longer
|
servers doing all kinds of tasks at the same time. A busy room will no longer
|
||||||
freeze the rest.
|
freeze the rest.
|
||||||
|
|
||||||
Workers communicate with each other via socket files and Redis.
|
Workers communicate with each other via UNIX sockets and Redis. We choose
|
||||||
|
UNIX sockets because they're much more efficient than network sockets. Of
|
||||||
|
course, if you scale to more than one machine, you will need network sockets
|
||||||
|
instead.
|
||||||
|
|
||||||
**Important note**
|
**Important note**
|
||||||
|
|
||||||
|
@ -46,7 +49,8 @@ examples.
|
||||||
|
|
||||||
# Redis
|
# Redis
|
||||||
|
|
||||||
First step is to install Redis.
|
Workers need Redis as part of their communication, so our first step is
|
||||||
|
to install Redis.
|
||||||
|
|
||||||
```
|
```
|
||||||
apt install redis-server
|
apt install redis-server
|
||||||
|
@ -65,33 +69,47 @@ unixsocketperm 770
|
||||||
|
|
||||||
Our matrix user (`matrix-synapse`) has to be able to read from and write to
|
Our matrix user (`matrix-synapse`) has to be able to read from and write to
|
||||||
that socket, which is created by Redis and owned by `redis:redis`, so we add
|
that socket, which is created by Redis and owned by `redis:redis`, so we add
|
||||||
user `matrix-synapse` to the group `redis`.
|
user `matrix-synapse` to the group `redis`. You may come up with a
|
||||||
|
finer-grained permission solution, but for our example this will do.
|
||||||
|
|
||||||
```
|
```
|
||||||
adduser matrix-synapse redis
|
adduser matrix-synapse redis
|
||||||
```
|
```
|
||||||
|
|
||||||
Restart Redis for these changes to take effect. Check if port 6379 is no
|
Restart Redis for these changes to take effect. Check for error messages in
|
||||||
longer active, and if the socketfile `/run/redis/redis-server.sock` exists.
|
the logs, if port 6379 is no longer active, and if the socketfile
|
||||||
|
`/run/redis/redis-server.sock` exists.
|
||||||
|
|
||||||
|
|
||||||
# Synapse
|
# Synapse
|
||||||
|
|
||||||
Workers communicate with each other over sockets, that are all placed in one
|
Workers communicate with each other over sockets, that are all placed in one
|
||||||
directory. To make sure only the users that need access will have it, we
|
directory. To make sure only the users that need access will have it, we
|
||||||
create a new group and add the users to it.
|
create a new group and add the users to it. Remember that nginx needs to be
|
||||||
|
able to write to many of these sockets.
|
||||||
|
|
||||||
Then, create the directory where all the socket files for workers will come,
|
Then, make sure systemd creates the directory for the sockets as soon as
|
||||||
and give it the correct user, group and permission:
|
Synapse starts, and let it have the correct group.
|
||||||
|
|
||||||
```
|
```
|
||||||
groupadd --system clubmatrix
|
systemctl edit matrix-synapse
|
||||||
useradd matrix-synapse clubmatrix
|
|
||||||
useradd www-data clubmatrix
|
|
||||||
mkdir /run/matrix-synapse
|
|
||||||
dpkg-statoverride --add --update matrix-synapse clubmatrix 2770 /run/matrix-synapse
|
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Now override parts of the `Service` stanza to look like this:
|
||||||
|
|
||||||
|
```
|
||||||
|
[Service]
|
||||||
|
User=matrix-synapse
|
||||||
|
Group=clubmatrix
|
||||||
|
RuntimeDirectory=matrix-synapse
|
||||||
|
RuntimeDirectoryPreserve=yes
|
||||||
|
```
|
||||||
|
|
||||||
|
Synapse will, from now on, run as group `clubmatrix` instead of
|
||||||
|
`matrix-synapse`. The directory `/run/matrix-synapse` will be created as soon
|
||||||
|
as Synapse starts, and will not be removed on restart or stop, because that
|
||||||
|
would create problems with workers who suddenly lose their sockets.
|
||||||
|
|
||||||
First we change Synapse from listening on `localhost:8008` to listening on a
|
First we change Synapse from listening on `localhost:8008` to listening on a
|
||||||
socket. We'll do most of our workers work in `conf.d/listeners.yaml`, so let's
|
socket. We'll do most of our workers work in `conf.d/listeners.yaml`, so let's
|
||||||
put the new configuration for the main proccess there:
|
put the new configuration for the main proccess there:
|
||||||
|
|
Loading…
Reference in a new issue