diff options
author | Erik Johnston <erik@matrix.org> | 2019-06-20 11:59:14 +0100 |
---|---|---|
committer | Erik Johnston <erik@matrix.org> | 2019-06-20 11:59:14 +0100 |
commit | 45f28a9d2fc0466dcf2a05b0063b7caa3b7e12c3 (patch) | |
tree | 07bb21377c6611db89f64f948a2e27645662ff0e /demo/start.sh | |
parent | Add descriptions and remove redundant set(..) (diff) | |
parent | Run Black. (#5482) (diff) | |
download | synapse-45f28a9d2fc0466dcf2a05b0063b7caa3b7e12c3.tar.xz |
Merge branch 'develop' of github.com:matrix-org/synapse into erikj/histogram_extremities
Diffstat (limited to 'demo/start.sh')
-rwxr-xr-x | demo/start.sh | 66 |
1 files changed, 64 insertions, 2 deletions
diff --git a/demo/start.sh b/demo/start.sh index 5c3a8fe61f..1c4f12d0bb 100755 --- a/demo/start.sh +++ b/demo/start.sh @@ -27,8 +27,70 @@ for port in 8080 8081 8082; do --config-path "$DIR/etc/$port.config" \ --report-stats no - printf '\n\n# Customisation made by demo/start.sh\n' >> $DIR/etc/$port.config - echo 'enable_registration: true' >> $DIR/etc/$port.config + if ! grep -F "Customisation made by demo/start.sh" -q $DIR/etc/$port.config; then + printf '\n\n# Customisation made by demo/start.sh\n' >> $DIR/etc/$port.config + + echo 'enable_registration: true' >> $DIR/etc/$port.config + + # Warning, this heredoc depends on the interaction of tabs and spaces. Please don't + # accidentaly bork me with your fancy settings. + listeners=$(cat <<-PORTLISTENERS + # Configure server to listen on both $https_port and $port + # This overides some of the default settings above + listeners: + - port: $https_port + type: http + tls: true + resources: + - names: [client, federation] + + - port: $port + tls: false + bind_addresses: ['::1', '127.0.0.1'] + type: http + x_forwarded: true + resources: + - names: [client, federation] + compress: false + PORTLISTENERS + ) + echo "${listeners}" >> $DIR/etc/$port.config + + # Disable tls for the servers + printf '\n\n# Disable tls on the servers.' >> $DIR/etc/$port.config + echo '# DO NOT USE IN PRODUCTION' >> $DIR/etc/$port.config + echo 'use_insecure_ssl_client_just_for_testing_do_not_use: true' >> $DIR/etc/$port.config + echo 'federation_verify_certificates: false' >> $DIR/etc/$port.config + + # Set tls paths + echo "tls_certificate_path: \"$DIR/etc/localhost:$https_port.tls.crt\"" >> $DIR/etc/$port.config + echo "tls_private_key_path: \"$DIR/etc/localhost:$https_port.tls.key\"" >> $DIR/etc/$port.config + + # Generate tls keys + openssl req -x509 -newkey rsa:4096 -keyout $DIR/etc/localhost\:$https_port.tls.key -out $DIR/etc/localhost\:$https_port.tls.crt -days 365 -nodes -subj "/O=matrix" + + # Ignore keys from the trusted keys server + echo '# Ignore keys from the trusted keys server' >> $DIR/etc/$port.config + echo 'trusted_key_servers:' >> $DIR/etc/$port.config + echo ' - server_name: "matrix.org"' >> $DIR/etc/$port.config + echo ' accept_keys_insecurely: true' >> $DIR/etc/$port.config + + # Reduce the blacklist + blacklist=$(cat <<-BLACK + # Set the blacklist so that it doesn't include 127.0.0.1 + federation_ip_range_blacklist: + - '10.0.0.0/8' + - '172.16.0.0/12' + - '192.168.0.0/16' + - '100.64.0.0/10' + - '169.254.0.0/16' + - '::1/128' + - 'fe80::/64' + - 'fc00::/7' + BLACK + ) + echo "${blacklist}" >> $DIR/etc/$port.config + fi # Check script parameters if [ $# -eq 1 ]; then |