Re-introduce the outbound federation proxy (#15913)

Allow configuring the set of workers to proxy outbound federation traffic through (`outbound_federation_restricted_to`). This is useful when you have a worker setup with `federation_sender` instances responsible for sending outbound federation requests and want to make sure *all* outbound federation traffic goes through those instances. Before this change, the generic workers would still contact federation themselves for things like profile lookups, backfill, etc. This PR allows you to set more strict access controls/firewall for all workers and only allow the `federation_sender`'s to contact the outside world.
author: Eric Eastwood <erice@element.io> 2023-07-18 03:49:21 -0500
committer: GitHub <noreply@github.com> 2023-07-18 09:49:21 +0100
commit: 1c802de626de3293049206cb788af15cbc8ea17f (patch)
tree: 52d72c2fcd6442e96943a7a565c519240eca19eb /synapse/app/_base.py
parent: Bump anyhow from 1.0.71 to 1.0.72 (#15949) (diff)
download: synapse-1c802de626de3293049206cb788af15cbc8ea17f.tar.xz
1 files changed, 2 insertions, 0 deletions
diff --git a/synapse/app/_base.py b/synapse/app/_base.py
index 936b1b0430..a94b57a671 100644
--- a/synapse/app/_base.py
+++ b/synapse/app/_base.py
@@ -386,6 +386,7 @@ def listen_unix(
 
 
 def listen_http(
+    hs: "HomeServer",
     listener_config: ListenerConfig,
     root_resource: Resource,
     version_string: str,
@@ -406,6 +407,7 @@ def listen_http(
         version_string,
         max_request_body_size=max_request_body_size,
         reactor=reactor,
+        hs=hs,
     )
 
     if isinstance(listener_config, TCPListenerConfig):
author	Eric Eastwood <erice@element.io>	2023-07-18 03:49:21 -0500
committer	GitHub <noreply@github.com>	2023-07-18 09:49:21 +0100
commit	1c802de626de3293049206cb788af15cbc8ea17f (patch)
tree	52d72c2fcd6442e96943a7a565c519240eca19eb /synapse/app/_base.py
parent	Bump anyhow from 1.0.71 to 1.0.72 (#15949) (diff)
download	synapse-1c802de626de3293049206cb788af15cbc8ea17f.tar.xz