summary refs log tree commit diff
path: root/synapse/config/server.py
diff options
context:
space:
mode:
authorRichard van der Hoff <richard@matrix.org>2019-02-11 17:57:58 +0000
committerRichard van der Hoff <richard@matrix.org>2019-02-11 21:39:14 +0000
commit4fddf8fc77496d9bb3b5fa8835f0e5ba9a5a9926 (patch)
tree642076f830711fb2e967799b136cb92030e2026b /synapse/config/server.py
parentMerge branch 'rav/no_create_server_contexts_if_no_tls' into rav/tls_cert/work (diff)
downloadsynapse-4fddf8fc77496d9bb3b5fa8835f0e5ba9a5a9926.tar.xz
Infer no_tls from presence of TLS listeners
Rather than have to specify `no_tls` explicitly, infer whether we need to load
the TLS keys etc from whether we have any TLS-enabled listeners.
Diffstat (limited to 'synapse/config/server.py')
-rw-r--r--synapse/config/server.py23
1 files changed, 20 insertions, 3 deletions
diff --git a/synapse/config/server.py b/synapse/config/server.py
index eed9d7c81e..767897c419 100644
--- a/synapse/config/server.py
+++ b/synapse/config/server.py
@@ -126,14 +126,22 @@ class ServerConfig(Config):
                 self.public_baseurl += '/'
         self.start_pushers = config.get("start_pushers", True)
 
-        self.listeners = config.get("listeners", [])
-
-        for listener in self.listeners:
+        self.listeners = []
+        for listener in config.get("listeners", []):
             if not isinstance(listener.get("port", None), int):
                 raise ConfigError(
                     "Listener configuration is lacking a valid 'port' option"
                 )
 
+            if listener.setdefault("tls", False):
+                # no_tls is not really supported any more, but let's grandfather it in
+                # here.
+                if config.get("no_tls", False):
+                    logger.info(
+                        "Ignoring TLS-enabled listener on port %i due to no_tls"
+                    )
+                    continue
+
             bind_address = listener.pop("bind_address", None)
             bind_addresses = listener.setdefault("bind_addresses", [])
 
@@ -145,6 +153,8 @@ class ServerConfig(Config):
             if not bind_addresses:
                 bind_addresses.extend(DEFAULT_BIND_ADDRESSES)
 
+            self.listeners.append(listener)
+
         if not self.web_client_location:
             _warn_if_webclient_configured(self.listeners)
 
@@ -152,6 +162,9 @@ class ServerConfig(Config):
 
         bind_port = config.get("bind_port")
         if bind_port:
+            if config.get("no_tls", False):
+                raise ConfigError("no_tls is incompatible with bind_port")
+
             self.listeners = []
             bind_host = config.get("bind_host", "")
             gzip_responses = config.get("gzip_responses", True)
@@ -198,6 +211,7 @@ class ServerConfig(Config):
                 "port": manhole,
                 "bind_addresses": ["127.0.0.1"],
                 "type": "manhole",
+                "tls": False,
             })
 
         metrics_port = config.get("metrics_port")
@@ -223,6 +237,9 @@ class ServerConfig(Config):
 
         _check_resource_config(self.listeners)
 
+    def has_tls_listener(self):
+        return any(l["tls"] for l in self.listeners)
+
     def default_config(self, server_name, data_dir_path, **kwargs):
         _, bind_port = parse_and_validate_server_name(server_name)
         if bind_port is not None: