diff options
| author | Richard van der Hoff <richard@matrix.org> | 2019-02-19 13:54:29 +0000 |
|---|---|---|
| committer | Richard van der Hoff <richard@matrix.org> | 2019-02-19 13:54:29 +0000 |
| commit | 5f9bdf90fe6baf12972d9f94557b3077f008cd9b (patch) | |
| tree | ecfaa199e18456ac77f869ec0d2a98cbf2575d94 /synapse/config/tls.py | |
| parent | clarify TLS instructions (diff) | |
| download | synapse-5f9bdf90fe6baf12972d9f94557b3077f008cd9b.tar.xz | |
Attempt to make default config more consistent
The general idea here is that config examples should just have a hash and no extraneous whitespace, both to make it easier for people who don't understand yaml, and to make the examples stand out from the comments.
Diffstat (limited to 'synapse/config/tls.py')
| -rw-r--r-- | synapse/config/tls.py | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/synapse/config/tls.py b/synapse/config/tls.py index 38425bb056..8d5d287357 100644 --- a/synapse/config/tls.py +++ b/synapse/config/tls.py @@ -177,10 +177,11 @@ class TlsConfig(Config): # See 'ACME support' below to enable auto-provisioning this certificate via # Let's Encrypt. # - # tls_certificate_path: "%(tls_certificate_path)s" + #tls_certificate_path: "%(tls_certificate_path)s" # PEM-encoded private key for TLS - # tls_private_key_path: "%(tls_private_key_path)s" + # + #tls_private_key_path: "%(tls_private_key_path)s" # ACME support: This will configure Synapse to request a valid TLS certificate # for your configured `server_name` via Let's Encrypt. @@ -207,28 +208,28 @@ class TlsConfig(Config): # ACME support is disabled by default. Uncomment the following line # (and tls_certificate_path and tls_private_key_path above) to enable it. # - # enabled: true + #enabled: true # Endpoint to use to request certificates. If you only want to test, # use Let's Encrypt's staging url: # https://acme-staging.api.letsencrypt.org/directory # - # url: https://acme-v01.api.letsencrypt.org/directory + #url: https://acme-v01.api.letsencrypt.org/directory # Port number to listen on for the HTTP-01 challenge. Change this if # you are forwarding connections through Apache/Nginx/etc. # - # port: 80 + #port: 80 # Local addresses to listen on for incoming connections. # Again, you may want to change this if you are forwarding connections # through Apache/Nginx/etc. # - # bind_addresses: ['::', '0.0.0.0'] + #bind_addresses: ['::', '0.0.0.0'] # How many days remaining on a certificate before it is renewed. # - # reprovision_threshold: 30 + #reprovision_threshold: 30 # The domain that the certificate should be for. Normally this # should be the same as your Matrix domain (i.e., 'server_name'), but, @@ -242,7 +243,7 @@ class TlsConfig(Config): # # If not set, defaults to your 'server_name'. # - # domain: matrix.example.com + #domain: matrix.example.com # List of allowed TLS fingerprints for this server to publish along # with the signing keys for this server. Other matrix servers that @@ -269,8 +270,7 @@ class TlsConfig(Config): # openssl x509 -outform DER | openssl sha256 -binary | base64 | tr -d '=' # or by checking matrix.org/federationtester/api/report?server_name=$host # - tls_fingerprints: [] - # tls_fingerprints: [{"sha256": "<base64_encoded_sha256_fingerprint>"}] + #tls_fingerprints: [{"sha256": "<base64_encoded_sha256_fingerprint>"}] """ % locals() |