Add authentication to replication endpoints. (#8853)

Authentication is done by checking a shared secret provided in the Synapse configuration file.
author: Patrick Cloke <clokep@users.noreply.github.com> 2020-12-04 10:56:28 -0500
committer: GitHub <noreply@github.com> 2020-12-04 10:56:28 -0500
commit: 96358cb42410a4be6268eaa3ffec229c550208ea (patch)
tree: 5edef7ceff55c023747f5084ea4304649b15781d /docs/workers.md
parent: Pass room_id to get_auth_chain_difference (#8879) (diff)
download: synapse-96358cb42410a4be6268eaa3ffec229c550208ea.tar.xz
1 files changed, 5 insertions, 1 deletions
diff --git a/docs/workers.md b/docs/workers.md
index c53d1bd2ff..efe97af31a 100644
--- a/docs/workers.md
+++ b/docs/workers.md
@@ -89,7 +89,8 @@ shared configuration file.
 Normally, only a couple of changes are needed to make an existing configuration
 file suitable for use with workers. First, you need to enable an "HTTP replication
 listener" for the main process; and secondly, you need to enable redis-based
-replication. For example:
+replication. Optionally, a shared secret can be used to authenticate HTTP
+traffic between workers. For example:
 
 
 ```yaml
@@ -103,6 +104,9 @@ listeners:
     resources:
      - names: [replication]
 
+# Add a random shared secret to authenticate traffic.
+worker_replication_secret: ""
+
 redis:
     enabled: true
 ```
author	Patrick Cloke <clokep@users.noreply.github.com>	2020-12-04 10:56:28 -0500
committer	GitHub <noreply@github.com>	2020-12-04 10:56:28 -0500
commit	96358cb42410a4be6268eaa3ffec229c550208ea (patch)
tree	5edef7ceff55c023747f5084ea4304649b15781d /docs/workers.md
parent	Pass room_id to get_auth_chain_difference (#8879) (diff)
download	synapse-96358cb42410a4be6268eaa3ffec229c550208ea.tar.xz