summary refs log tree commit diff
path: root/INSTALL.md
diff options
context:
space:
mode:
authorRichard van der Hoff <1389908+richvdh@users.noreply.github.com>2019-02-12 10:53:28 +0000
committerGitHub <noreply@github.com>2019-02-12 10:53:28 +0000
commit2418b91bb7d64bfe572647565a6f1c80e82e1f5a (patch)
tree8299798405d1c630f2264da89a0fde0d4b70439e /INSTALL.md
parentDisable TLS by default (#4614) (diff)
downloadsynapse-2418b91bb7d64bfe572647565a6f1c80e82e1f5a.tar.xz
README updates (#4621)
Lots of updates to the README/INSTALL.md.

Fixes #4601.

Diffstat (limited to 'INSTALL.md')
-rw-r--r--INSTALL.md42
1 files changed, 29 insertions, 13 deletions
diff --git a/INSTALL.md b/INSTALL.md
index e496a13b21..fb6a5e4e99 100644
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -350,18 +350,34 @@ Once you have installed synapse as above, you will need to configure it.
 
 ## TLS certificates
 
-The default configuration exposes two HTTP ports: 8008 and 8448. Port 8008 is
-configured without TLS; it should be behind a reverse proxy for TLS/SSL
-termination on port 443 which in turn should be used for clients. Port 8448
-is configured to use TLS for Federation with a self-signed or verified
-certificate, but please be aware that a valid certificate will be required in
-Synapse v1.0. Instructions for having Synapse automatically provision and renew federation certificates through ACME can be found at [ACME.md](docs/ACME.md).
-
-If you would like to use your own certificates, you can do so by changing
-`tls_certificate_path` and `tls_private_key_path` in `homeserver.yaml`;
-alternatively, you can use a reverse proxy.  See
-[docs/reverse_proxy.rst](docs/reverse_proxy.rst) for information on configuring
-a reverse proxy.
+The default configuration exposes a single HTTP port: http://localhost:8008. It
+is suitable for local testing, but for any practical use, you will either need
+to enable a reverse proxy, or configure Synapse to expose an HTTPS port.
+
+For information on using a reverse proxy, see
+[docs/reverse_proxy.rst](docs/reverse_proxy.rst).
+
+To configure Synapse to expose an HTTPS port, you will need to edit
+`homeserver.yaml`.
+
+First, under the `listeners` section, uncomment the configuration for the
+TLS-enabled listener. (Remove the hash sign (`#`) and space at the start of
+each line). The relevant lines are like this:
+
+```
+  - port: 8448
+    type: http
+    tls: true
+    resources:
+      - names: [client, federation]
+```
+
+You will also need to uncomment the `tls_certificate_path` and
+`tls_private_key_path` lines under the `TLS` section. You can either point
+these settings at an existing certificate and key, or you can enable Synapse's
+built-in ACME (Let's Encrypt) support.  Instructions for having Synapse
+automatically provision and renew federation certificates through ACME can be
+found at [ACME.md](docs/ACME.md).
 
 ## Registering a user
 
@@ -375,7 +391,7 @@ users. This can be done as follows:
 ```
 $ source ~/synapse/env/bin/activate
 $ synctl start # if not already running
-$ register_new_matrix_user -c homeserver.yaml https://localhost:8448
+$ register_new_matrix_user -c homeserver.yaml http://localhost:8008
 New user localpart: erikj
 Password:
 Confirm password: