summary refs log tree commit diff
diff options
context:
space:
mode:
authorBrendan Abolivier <babolivier@matrix.org>2020-02-18 15:06:06 +0000
committerGitHub <noreply@github.com>2020-02-18 15:06:06 +0000
commit7a782c32a289182b725d52bc4b408ccc72949f53 (patch)
treeeb5ce54e7a1749c7eb122b98e239183e4fae4dd8
parentStop sending events when creating or deleting aliases (#6904) (diff)
parentUpdate INSTALL.md (diff)
downloadsynapse-7a782c32a289182b725d52bc4b408ccc72949f53.tar.xz
Merge pull request #6909 from matrix-org/babolivier/acme-install
Update INSTALL.md to recommend reverse proxying and warn about ACMEv1 deprecation
-rw-r--r--INSTALL.md28
-rw-r--r--changelog.d/6909.doc1
2 files changed, 18 insertions, 11 deletions
diff --git a/INSTALL.md b/INSTALL.md
index d25fcf0753..9fe767704b 100644
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -388,15 +388,17 @@ Once you have installed synapse as above, you will need to configure it.
 
 ## TLS certificates
 
-The default configuration exposes a single HTTP port: http://localhost:8008. It
-is suitable for local testing, but for any practical use, you will either need
-to enable a reverse proxy, or configure Synapse to expose an HTTPS port.
+The default configuration exposes a single HTTP port on the local
+interface: `http://localhost:8008`. It is suitable for local testing,
+but for any practical use, you will need Synapse's APIs to be served
+over HTTPS.
 
-For information on using a reverse proxy, see
+The recommended way to do so is to set up a reverse proxy on port
+`8448`. You can find documentation on doing so in
 [docs/reverse_proxy.md](docs/reverse_proxy.md).
 
-To configure Synapse to expose an HTTPS port, you will need to edit
-`homeserver.yaml`, as follows:
+Alternatively, you can configure Synapse to expose an HTTPS port. To do
+so, you will need to edit `homeserver.yaml`, as follows:
 
 * First, under the `listeners` section, uncomment the configuration for the
   TLS-enabled listener. (Remove the hash sign (`#`) at the start of
@@ -414,11 +416,15 @@ To configure Synapse to expose an HTTPS port, you will need to edit
   point these settings at an existing certificate and key, or you can
   enable Synapse's built-in ACME (Let's Encrypt) support. Instructions
   for having Synapse automatically provision and renew federation
-  certificates through ACME can be found at [ACME.md](docs/ACME.md). If you
-  are using your own certificate, be sure to use a `.pem` file that includes
-  the full certificate chain including any intermediate certificates (for
-  instance, if using certbot, use `fullchain.pem` as your certificate, not
-  `cert.pem`).
+  certificates through ACME can be found at [ACME.md](docs/ACME.md).
+  Note that, as pointed out in that document, this feature will not
+  work with installs set up after November 2020. 
+  
+  If you are using your
+  own certificate, be sure to use a `.pem` file that includes the full
+  certificate chain including any intermediate certificates (for
+  instance, if using certbot, use `fullchain.pem` as your certificate,
+  not `cert.pem`).
 
 For a more detailed guide to configuring your server for federation, see
 [federate.md](docs/federate.md)
diff --git a/changelog.d/6909.doc b/changelog.d/6909.doc
new file mode 100644
index 0000000000..be0e698af8
--- /dev/null
+++ b/changelog.d/6909.doc
@@ -0,0 +1 @@
+Update Synapse's documentation to warn about the deprecation of ACME v1.