diff options
author | Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> | 2019-02-07 19:18:08 +0000 |
---|---|---|
committer | Richard van der Hoff <1389908+richvdh@users.noreply.github.com> | 2019-02-07 19:18:08 +0000 |
commit | c17b128b837f58cb59ba75803e32c8a720cf8501 (patch) | |
tree | 556582efd8f3dca2ec01d2592d03cd554d9c84b4 /docs/ACME.md | |
parent | v0.99.0 (diff) | |
download | synapse-c17b128b837f58cb59ba75803e32c8a720cf8501.tar.xz |
Update ACME docs to include port instructions (#4578) github/release-v0.99.0 release-v0.99.0
Diffstat (limited to '')
-rw-r--r-- | docs/ACME.md | 26 |
1 files changed, 15 insertions, 11 deletions
diff --git a/docs/ACME.md b/docs/ACME.md index 8fb2bd66a9..e555c7c939 100644 --- a/docs/ACME.md +++ b/docs/ACME.md @@ -41,10 +41,10 @@ placed in Synapse's config directory without the need for any ACME setup. The main steps for enabling ACME support in short summary are: -1. Allow Synapse to listen on port 80 with authbind, or forward it from a reverse-proxy. -1. Set `acme:enabled` to `true` in homeserver.yaml. +1. Allow Synapse to listen for incoming ACME challenges. +1. Enable ACME support in `homeserver.yaml`. 1. Move your old certificates (files `example.com.tls.crt` and `example.com.tls.key` out of the way if they currently exist at the paths specified in `homeserver.yaml`. -1. Restart Synapse +1. Restart Synapse. Detailed instructions for each step are provided below. @@ -71,7 +71,7 @@ location /.well-known/acme-challenge { } ``` -For Apache, add the following to your existing webserver config:: +For Apache, add the following to your existing webserver config: ``` ProxyPass /.well-known/acme-challenge http://localhost:8009/.well-known/acme-challenge @@ -79,6 +79,14 @@ ProxyPass /.well-known/acme-challenge http://localhost:8009/.well-known/acme-cha Make sure to restart/reload your webserver after making changes. +Now make the relevant changes in `homeserver.yaml` to enable ACME support: + +``` +acme: + enabled: true + port: 8009 +``` + #### Authbind @@ -102,24 +110,20 @@ sudo touch /etc/authbind/byport/80 sudo chmod 777 /etc/authbind/byport/80 ``` -When Synapse is started, use the following syntax:: +When Synapse is started, use the following syntax: ``` authbind --deep <synapse start command> ``` -### Config file editing - -Once Synapse is able to listen on port 80 for ACME challenge -requests, it must be told to perform ACME provisioning by setting `enabled` -to true under the `acme` section in `homeserver.yaml`: +Make the relevant changes in `homeserver.yaml` to enable ACME support: ``` acme: enabled: true ``` -### Starting synapse +### (Re)starting synapse Ensure that the certificate paths specified in `homeserver.yaml` (`tls_certificate_path` and `tls_private_key_path`) do not currently point to any files. Synapse will not provision certificates if files exist, as it does not want to overwrite existing certificates. |