summary refs log tree commit diff
path: root/README.rst
diff options
context:
space:
mode:
authorAndrew Morgan <andrew@amorgan.xyz>2019-02-01 16:59:06 +0000
committerAndrew Morgan <andrew@amorgan.xyz>2019-02-01 16:59:06 +0000
commit57164e17dace3c12706a2393385f6eefb6bc8c74 (patch)
tree4c71600a7c9ca89a1606d80df9b962a6629737ce /README.rst
parentUpdate README.rst (diff)
downloadsynapse-57164e17dace3c12706a2393385f6eefb6bc8c74.tar.xz
Address comments
Diffstat (limited to '')
-rw-r--r--README.rst30
1 files changed, 13 insertions, 17 deletions
diff --git a/README.rst b/README.rst
index fcf828528d..6e3ee01f2e 100644
--- a/README.rst
+++ b/README.rst
@@ -220,6 +220,11 @@ is configured to use TLS for `Federation`_ with a self-signed or verified
 certificate, but please be aware that a valid certificate will be required in
 Synapse v1.0.
 
+If you would like to use your own certificates, you can do so by changing
+``tls_certificate_path`` and ``tls_private_key_path`` in ``homeserver.yaml``;
+alternatively, you can use a reverse-proxy. Apart from port 8448 using TLS,
+both ports are the same in the default configuration.
+
 
 ACME setup
 ----------
@@ -261,13 +266,12 @@ Make sure to restart/reload your webserver after making changes.
 
 **Authbind**
 
-``authbind`` allows a program which does not not run as root to
-bind to low-numbered ports in a controlled way. The setup is simpler, but
-requires a webserver not to already be running on port 80. **This includes
-every time Synapse renews a certificate**, which may be cumbersome if you
-usually run a web server on port 80. Nevertheless, if you're sure port 80 is
-not being used for any other purpose then all that is necessary is the
-following:
+``authbind`` allows a program which does not run as root to bind to
+low-numbered ports in a controlled way. The setup is simpler, but requires a
+webserver not to already be running on port 80. **This includes every time
+Synapse renews a certificate**, which may be cumbersome if you usually run a
+web server on port 80. Nevertheless, if you're sure port 80 is not being used
+for any other purpose then all that is necessary is the following:
 
 Install ``authbind``. For example, on Debian/Ubuntu::
 
@@ -282,12 +286,6 @@ When Synapse is started, use the following syntax::
 
     authbind --deep <synapse start command>
 
-If you would like to use your own certificates, you can do so by
-changing ``tls_certificate_path`` and ``tls_private_key_path`` in
-``homeserver.yaml``; alternatively, you can use a reverse-proxy, but be sure
-to read `Using a reverse proxy with Synapse`_ when doing so. Apart from port
-8448 using TLS, both ports are the same in the default configuration.
-
 Finally, once Synapse's is able to listen on port 80 for ACME challenge
 requests, it must be told to perform ACME provisioning by setting ``enabled``
 to true under the ``acme`` section in ``homeserver.yaml``::
@@ -725,10 +723,8 @@ port. Indeed, clients will use port 443 by default, whereas servers default to
 port 8448. Where these are different, we refer to the 'client port' and the
 'federation port'.
 
-The recommended setup is therefore to configure your reverse-proxy on port
-443 to port 8008 of synapse for client connections, and port 8448 for
-server-server connections. All Matrix endpoints begin with ``/_matrix``, so an
-example nginx configuration might look like::
+All Matrix endpoints begin with ``/_matrix``, so an example nginx
+configuration for forwarding client connections to Synapse might look like::
 
   server {
       listen 443 ssl;