diff options
| author | erikjohnston <erikjohnston@users.noreply.github.com> | 2021-07-13 11:08:22 +0000 |
|---|---|---|
| committer | erikjohnston <erikjohnston@users.noreply.github.com> | 2021-07-13 11:08:22 +0000 |
| commit | 9cc1d48a3872a441b81011c30c363967d421bcf1 (patch) | |
| tree | de73782bb990245069dad06f2ecdd28281a17bd4 /develop/systemd-with-workers | |
| parent | deploy: 251cfc4e09c36c87227771f1a3aa305c4b0a2121 (diff) | |
| download | synapse-9cc1d48a3872a441b81011c30c363967d421bcf1.tar.xz | |
deploy: e938f69697aac0723a03605831403a815e8a1b45
Diffstat (limited to 'develop/systemd-with-workers')
| -rw-r--r-- | develop/systemd-with-workers/index.html | 25 |
1 files changed, 19 insertions, 6 deletions
diff --git a/develop/systemd-with-workers/index.html b/develop/systemd-with-workers/index.html index f8918efe33..eda92bce89 100644 --- a/develop/systemd-with-workers/index.html +++ b/develop/systemd-with-workers/index.html @@ -194,9 +194,22 @@ for the systemd unit files.</p> contains an example configuration for the <code>federation_reader</code> worker.</p> <h2 id="synapse-configuration-files"><a class="header" href="#synapse-configuration-files">Synapse configuration files</a></h2> <p>See <a href="../workers.html">workers.md</a> for information on how to set up the -configuration files and reverse-proxy correctly. You can find an example worker -config in the <a href="https://github.com/matrix-org/synapse/tree/develop/docs/systemd-with-workers/workers/">workers</a> -folder.</p> +configuration files and reverse-proxy correctly. +Below is a sample <code>federation_reader</code> worker configuration file.</p> +<pre><code class="language-yaml">worker_app: synapse.app.federation_reader +worker_name: federation_reader1 + +worker_replication_host: 127.0.0.1 +worker_replication_http_port: 9093 + +worker_listeners: + - type: http + port: 8011 + resources: + - names: [federation] + +worker_log_config: /etc/matrix-synapse/federation-reader-log.yaml +</code></pre> <p>Systemd manages daemonization itself, so ensure that none of the configuration files set either <code>daemonize</code> or <code>worker_daemonize</code>.</p> <p>The config files of all workers are expected to be located in @@ -241,12 +254,12 @@ systemctl restart matrix-synapse.target <h2 id="hardening"><a class="header" href="#hardening">Hardening</a></h2> <p><strong>Optional:</strong> If further hardening is desired, the file <code>override-hardened.conf</code> may be copied from -<code>contrib/systemd/override-hardened.conf</code> in this repository to the location +<a href="https://github.com/matrix-org/synapse/tree/develop/contrib/systemd/">contrib/systemd/override-hardened.conf</a> +in this repository to the location <code>/etc/systemd/system/matrix-synapse.service.d/override-hardened.conf</code> (the directory may have to be created). It enables certain sandboxing features in systemd to further secure the synapse service. You may read the comments to -understand what the override file is doing. The same file will need to be copied -to +understand what the override file is doing. The same file will need to be copied to <code>/etc/systemd/system/matrix-synapse-worker@.service.d/override-hardened-worker.conf</code> (this directory may also have to be created) in order to apply the same hardening options to any worker processes.</p> |