# autogenerates on launch with your own SSL certificate + key pair
# if you like. Any required intermediary certificates can be
# appended after the primary certificate in hierarchical order.
-tls_certificate_path: "/etc/matrix-synapse/homeserver.tls.crt"
+#tls_certificate_path: "/etc/matrix-synapse/homeserver.tls.crt"
# PEM encoded private key for TLS
-tls_private_key_path: "/etc/matrix-synapse/homeserver.tls.key"
+#tls_private_key_path: "/etc/matrix-synapse/homeserver.tls.key"
# PEM dh parameters for ephemeral keys
-tls_dh_params_path: "/etc/matrix-synapse/homeserver.tls.dh"
+#tls_dh_params_path: "/etc/matrix-synapse/homeserver.tls.dh"
# Don't bind to the https port
-no_tls: False
+no_tls: True
# List of allowed TLS fingerprints for this server to publish along
# with the signing keys for this server. Other matrix servers that
# webclient: A web client. Requires web_client_location to be set.
#
listeners:
- # Main HTTPS listener
- # For when matrix traffic is sent directly to synapse.
- -
- # The port to listen for HTTPS requests on.
- port: 8448
-
- # Local addresses to listen on.
- # On Linux and Mac OS, `::` will listen on all IPv4 and IPv6
- # addresses by default. For most other OSes, this will only listen
- # on IPv6.
- bind_addresses:
- - '::1'
- - '127.0.0.1'
- # - '::'
- # - '0.0.0.0'
-
- # This is a 'http' listener, allows us to specify 'resources'.
- type: http
-
- tls: true
-
- # Use the X-Forwarded-For (XFF) header as the client IP and not the
- # actual client IP.
- x_forwarded: false
-
- # List of HTTP resources to serve on this listener.
- resources:
- -
- # List of resources to host on this listener.
- names:
- - client # The client-server APIs, both v1 and v2
-
- # Should synapse compress HTTP responses to clients that support it?
- # This should be disabled if running synapse behind a load balancer
- # that can do automatic compression.
- compress: true
-
- - names: [federation] # Federation APIs
- compress: false
-
- # optional list of additional endpoints which can be loaded via
- # dynamic modules
- # additional_resources:
- # "/_matrix/my/custom/endpoint":
- # module: my_module.CustomRequestHandler
- # config: {}
-
# Unsecure HTTP listener,
# For when matrix traffic passes through loadbalancer that unwraps TLS.
- port: 8008
tls: false
bind_addresses:
- - '::1'
- '127.0.0.1'
# - '::'
# - '0.0.0.0'
type: http
- x_forwarded: false
+ x_forwarded: true
resources:
- names: [client]
nginx
|
-|-> nginx.conf -- /etc/nginx/ :: Main configuration.
-`-> mime.types -- /etc/nginx/ :: Available mime types.
+|-> nginx.conf -- /etc/nginx/ :: Main configuration.
+|-> mime.types -- /etc/nginx/ :: Available mime types.
+`-> matrix.<domain>.template -- /etc/nginx/sites-available.
SSL
---
```
$ apt install nginx
```
+
+Sites
+-----
+
+Substitute `<...>` patterns in `*.template` files. Create symbolic links for
+files in /etc/nginx/sites-available.
+
+```
+$ ln -s /etc/nginx/sites-available/{...} /etc/nginx/sites-enabled
+```
projects / server.git / commitdiff