diff options
| author | Richard van der Hoff <1389908+richvdh@users.noreply.github.com> | 2019-02-12 10:53:28 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-02-12 10:53:28 +0000 |
| commit | 2418b91bb7d64bfe572647565a6f1c80e82e1f5a (patch) | |
| tree | 8299798405d1c630f2264da89a0fde0d4b70439e /INSTALL.md | |
| parent | Disable TLS by default (#4614) (diff) | |
| download | synapse-2418b91bb7d64bfe572647565a6f1c80e82e1f5a.tar.xz | |
README updates (#4621)
Lots of updates to the README/INSTALL.md. Fixes #4601.
Diffstat (limited to 'INSTALL.md')
| -rw-r--r-- | INSTALL.md | 42 |
1 files changed, 29 insertions, 13 deletions
diff --git a/INSTALL.md b/INSTALL.md index e496a13b21..fb6a5e4e99 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -350,18 +350,34 @@ Once you have installed synapse as above, you will need to configure it. ## TLS certificates -The default configuration exposes two HTTP ports: 8008 and 8448. Port 8008 is -configured without TLS; it should be behind a reverse proxy for TLS/SSL -termination on port 443 which in turn should be used for clients. Port 8448 -is configured to use TLS for Federation with a self-signed or verified -certificate, but please be aware that a valid certificate will be required in -Synapse v1.0. Instructions for having Synapse automatically provision and renew federation certificates through ACME can be found at [ACME.md](docs/ACME.md). - -If you would like to use your own certificates, you can do so by changing -`tls_certificate_path` and `tls_private_key_path` in `homeserver.yaml`; -alternatively, you can use a reverse proxy. See -[docs/reverse_proxy.rst](docs/reverse_proxy.rst) for information on configuring -a reverse proxy. +The default configuration exposes a single HTTP port: http://localhost:8008. It +is suitable for local testing, but for any practical use, you will either need +to enable a reverse proxy, or configure Synapse to expose an HTTPS port. + +For information on using a reverse proxy, see +[docs/reverse_proxy.rst](docs/reverse_proxy.rst). + +To configure Synapse to expose an HTTPS port, you will need to edit +`homeserver.yaml`. + +First, under the `listeners` section, uncomment the configuration for the +TLS-enabled listener. (Remove the hash sign (`#`) and space at the start of +each line). The relevant lines are like this: + +``` + - port: 8448 + type: http + tls: true + resources: + - names: [client, federation] +``` + +You will also need to uncomment the `tls_certificate_path` and +`tls_private_key_path` lines under the `TLS` section. You can either point +these settings at an existing certificate and key, or you can enable Synapse's +built-in ACME (Let's Encrypt) support. Instructions for having Synapse +automatically provision and renew federation certificates through ACME can be +found at [ACME.md](docs/ACME.md). ## Registering a user @@ -375,7 +391,7 @@ users. This can be done as follows: ``` $ source ~/synapse/env/bin/activate $ synctl start # if not already running -$ register_new_matrix_user -c homeserver.yaml https://localhost:8448 +$ register_new_matrix_user -c homeserver.yaml http://localhost:8008 New user localpart: erikj Password: Confirm password: |