summary refs log tree commit diff
diff options
context:
space:
mode:
authorkaiyou <pierre@jaury.eu>2018-02-09 00:13:26 +0100
committerkaiyou <pierre@jaury.eu>2018-02-09 00:13:26 +0100
commite511979fe6c4a03da3e9c1d16672e263f54ee2d3 (patch)
tree89564035e1bd601408fb6754224847e4c370acfb
parentSpecify the Docker registry for the postgres image (diff)
downloadsynapse-e511979fe6c4a03da3e9c1d16672e263f54ee2d3.tar.xz
Make SYNAPSE_MACAROON_SECRET_KEY a mandatory option
-rw-r--r--contrib/docker/README.md3
-rwxr-xr-xcontrib/docker/start.py4
2 files changed, 4 insertions, 3 deletions
diff --git a/contrib/docker/README.md b/contrib/docker/README.md
index 221d9c53b5..25c358c847 100644
--- a/contrib/docker/README.md
+++ b/contrib/docker/README.md
@@ -111,6 +111,8 @@ variables are available for configuration:
 * ``SYNAPSE_SERVER_NAME`` (mandatory), the current server public hostname.
 * ``SYNAPSE_REPORT_STATS``, (mandatory, ``yes`` or ``no``), enable anonymous
   statistics reporting back to the Matrix project which helps us to get funding.
+* ``SYNAPSE_MACAROON_SECRET_KEY`` (mandatory) secret for signing access tokens
+  to the server, set this to a proper random key.
 * ``SYNAPSE_NO_TLS``, set this variable to disable TLS in Synapse (use this if
   you run your own TLS-capable reverse proxy).
 * ``SYNAPSE_ENABLE_REGISTRATION``, set this variable to enable registration on
@@ -130,7 +132,6 @@ Shared secrets, that will be initialized to random values if not set:
 
 * ``SYNAPSE_REGISTRATION_SHARED_SECRET``, secret for registrering users if
   registration is disable.
-* ``SYNAPSE_MACAROON_SECRET_KEY``, secret for Macaroon.
 
 Database specific values (will use SQLite if not set):
 
diff --git a/contrib/docker/start.py b/contrib/docker/start.py
index 32142bbe00..d4c1140b1d 100755
--- a/contrib/docker/start.py
+++ b/contrib/docker/start.py
@@ -44,8 +44,8 @@ else:
     if "SYNAPSE_CONFIG_PATH" in environ:
         args += ["--config-path", environ["SYNAPSE_CONFIG_PATH"]]
     else:
-        check_arguments(environ, ("SYNAPSE_SERVER_NAME", "SYNAPSE_REPORT_STATS"))
-        generate_secrets(environ, ("SYNAPSE_REGISTRATION_SHARED_SECRET", "SYNAPSE_MACAROON_SECRET_KEY"))
+        check_arguments(environ, ("SYNAPSE_SERVER_NAME", "SYNAPSE_REPORT_STATS", "SYNAPSE_MACAROON_SECRET_KEY"))
+        generate_secrets(environ, ("SYNAPSE_REGISTRATION_SHARED_SECRET",))
         environ["SYNAPSE_APPSERVICES"] = glob.glob("/data/appservices/*.yaml")
         if not os.path.exists("/compiled"): os.mkdir("/compiled")
         convert("/conf/homeserver.yaml", "/compiled/homeserver.yaml", environ)