diff options
-rw-r--r-- | CHANGES.md | 6 | ||||
-rw-r--r-- | INSTALL.md | 31 | ||||
-rw-r--r-- | changelog.d/5313.misc | 1 | ||||
-rw-r--r-- | changelog.d/5545.misc | 1 | ||||
-rw-r--r-- | changelog.d/5548.misc | 1 | ||||
-rw-r--r-- | changelog.d/5558.misc | 1 | ||||
-rw-r--r-- | changelog.d/5570.misc | 1 | ||||
-rw-r--r-- | contrib/purge_api/README.md | 4 | ||||
-rw-r--r-- | docs/MSC1711_certificates_FAQ.md | 2 | ||||
-rw-r--r-- | docs/reverse_proxy.rst | 6 | ||||
-rw-r--r-- | scripts-dev/check_event_hash.py | 54 |
11 files changed, 35 insertions, 73 deletions
diff --git a/CHANGES.md b/CHANGES.md index 1b827c8079..284e89b266 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -52,7 +52,11 @@ Features - Add a script to generate new signing-key files. ([\#5361](https://github.com/matrix-org/synapse/issues/5361)) - Update upgrade and installation guides ahead of 1.0. ([\#5371](https://github.com/matrix-org/synapse/issues/5371)) - Replace the `perspectives` configuration section with `trusted_key_servers`, and make validating the signatures on responses optional (since TLS will do this job for us). ([\#5374](https://github.com/matrix-org/synapse/issues/5374)) -- Add ability to perform password reset via email without trusting the identity server. ([\#5377](https://github.com/matrix-org/synapse/issues/5377)) +- Add ability to perform password reset via email without trusting the identity server. **As a result of this PR, password resets will now be disabled on the default configuration.** + + Password reset emails are now sent from the homeserver by default, instead of the identity server. To enable this functionality, ensure `email` and `public_baseurl` config options are filled out. + + If you would like to re-enable password resets being sent from the identity server (warning: this is dangerous! See [#5345](https://github.com/matrix-org/synapse/pull/5345)), set `email.trust_identity_server_for_password_resets` to true. ([\#5377](https://github.com/matrix-org/synapse/issues/5377)) - Set default room version to v4. ([\#5379](https://github.com/matrix-org/synapse/issues/5379)) diff --git a/INSTALL.md b/INSTALL.md index 2df686b19b..25343593d5 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -1,3 +1,4 @@ +- [Choosing your server name](#choosing-your-server-name) - [Installing Synapse](#installing-synapse) - [Installing from source](#installing-from-source) - [Platform-Specific Instructions](#platform-specific-instructions) @@ -10,6 +11,22 @@ - [Setting up a TURN server](#setting-up-a-turn-server) - [URL previews](#url-previews) +# Choosing your server name + +It is important to choose the name for your server before you install Synapse, +because it cannot be changed later. + +The server name determines the "domain" part of user-ids for users on your +server: these will all be of the format `@user:my.domain.name`. It also +determines how other matrix servers will reach yours for federation. + +For a test configuration, set this to the hostname of your server. For a more +production-ready setup, you will probably want to specify your domain +(`example.com`) rather than a matrix-specific hostname here (in the same way +that your email address is probably `user@example.com` rather than +`user@email.example.com`) - but doing so may require more advanced setup: see +[Setting up Federation](docs/federate.md). + # Installing Synapse ## Installing from source @@ -64,16 +81,7 @@ python -m synapse.app.homeserver \ --report-stats=[yes|no] ``` -... substituting an appropriate value for `--server-name`. The server name -determines the "domain" part of user-ids for users on your server: these will -all be of the format `@user:my.domain.name`. It also determines how other -matrix servers will reach yours for Federation. For a test configuration, -set this to the hostname of your server. For a more production-ready setup, you -will probably want to specify your domain (`example.com`) rather than a -matrix-specific hostname here (in the same way that your email address is -probably `user@example.com` rather than `user@email.example.com`) - but -doing so may require more advanced setup: see [Setting up Federation](docs/federate.md). -Beware that the server name cannot be changed later. +... substituting an appropriate value for `--server-name`. This command will generate you a config file that you can then customise, but it will also generate a set of keys for you. These keys will allow your Home Server to @@ -86,9 +94,6 @@ different. See the [spec](https://matrix.org/docs/spec/server_server/latest.html#retrieving-server-keys) for more information on key management.) -You will need to give Synapse a TLS certficate before it will start - see [TLS -certificates](#tls-certificates). - To actually run your new homeserver, pick a working directory for Synapse to run (e.g. `~/synapse`), and:: diff --git a/changelog.d/5313.misc b/changelog.d/5313.misc new file mode 100644 index 0000000000..2ea01cb9d3 --- /dev/null +++ b/changelog.d/5313.misc @@ -0,0 +1 @@ +Update example haproxy config to a more compatible setup. diff --git a/changelog.d/5545.misc b/changelog.d/5545.misc new file mode 100644 index 0000000000..b738eef4bd --- /dev/null +++ b/changelog.d/5545.misc @@ -0,0 +1 @@ +Update v1.0.0 release changelog to include more information about changes to password resets. diff --git a/changelog.d/5548.misc b/changelog.d/5548.misc new file mode 100644 index 0000000000..f35939cfe9 --- /dev/null +++ b/changelog.d/5548.misc @@ -0,0 +1 @@ +Remove non-functioning check_event_hash.py dev script. diff --git a/changelog.d/5558.misc b/changelog.d/5558.misc new file mode 100644 index 0000000000..9ce3555d45 --- /dev/null +++ b/changelog.d/5558.misc @@ -0,0 +1 @@ +Improve install docs on choosing server_name. diff --git a/changelog.d/5570.misc b/changelog.d/5570.misc new file mode 100644 index 0000000000..dfb1d7e58b --- /dev/null +++ b/changelog.d/5570.misc @@ -0,0 +1 @@ +Point the reverse links in the Purge History contrib scripts at the intended location. diff --git a/contrib/purge_api/README.md b/contrib/purge_api/README.md index 000bf35ca7..06b4cdb9f7 100644 --- a/contrib/purge_api/README.md +++ b/contrib/purge_api/README.md @@ -3,7 +3,7 @@ Purge history API examples # `purge_history.sh` -A bash file, that uses the [purge history API](/docs/admin_api/README.rst) to +A bash file, that uses the [purge history API](/docs/admin_api/purge_history_api.rst) to purge all messages in a list of rooms up to a certain event. You can select a timeframe or a number of messages that you want to keep in the room. @@ -12,5 +12,5 @@ the script. # `purge_remote_media.sh` -A bash file, that uses the [purge history API](/docs/admin_api/README.rst) to +A bash file, that uses the [purge history API](/docs/admin_api/purge_history_api.rst) to purge all old cached remote media. diff --git a/docs/MSC1711_certificates_FAQ.md b/docs/MSC1711_certificates_FAQ.md index 7f9a23ff31..83497380df 100644 --- a/docs/MSC1711_certificates_FAQ.md +++ b/docs/MSC1711_certificates_FAQ.md @@ -14,7 +14,7 @@ upgraded, however it may be of use to those with old installs returning to the project. If you are setting up a server from scratch you almost certainly should look at -the [installation guide](INSTALL.md) instead. +the [installation guide](../INSTALL.md) instead. ## Introduction The goal of Synapse 0.99.0 is to act as a stepping stone to Synapse 1.0.0. It diff --git a/docs/reverse_proxy.rst b/docs/reverse_proxy.rst index 7619b1097b..e4b870411c 100644 --- a/docs/reverse_proxy.rst +++ b/docs/reverse_proxy.rst @@ -89,8 +89,10 @@ Let's assume that we expect clients to connect to our server at bind :::443 v4v6 ssl crt /etc/ssl/haproxy/ strict-sni alpn h2,http/1.1 # Matrix client traffic - acl matrix hdr(host) -i matrix.example.com - use_backend matrix if matrix + acl matrix-host hdr(host) -i matrix.example.com + acl matrix-path path_beg /_matrix + + use_backend matrix if matrix-host matrix-path frontend matrix-federation bind :::8448 v4v6 ssl crt /etc/ssl/haproxy/synapse.pem alpn h2,http/1.1 diff --git a/scripts-dev/check_event_hash.py b/scripts-dev/check_event_hash.py deleted file mode 100644 index cd5599e9a1..0000000000 --- a/scripts-dev/check_event_hash.py +++ /dev/null @@ -1,54 +0,0 @@ -import argparse -import hashlib -import json -import logging -import sys - -from unpaddedbase64 import encode_base64 - -from synapse.crypto.event_signing import ( - check_event_content_hash, - compute_event_reference_hash, -) - - -class dictobj(dict): - def __init__(self, *args, **kargs): - dict.__init__(self, *args, **kargs) - self.__dict__ = self - - def get_dict(self): - return dict(self) - - def get_full_dict(self): - return dict(self) - - def get_pdu_json(self): - return dict(self) - - -def main(): - parser = argparse.ArgumentParser() - parser.add_argument( - "input_json", nargs="?", type=argparse.FileType("r"), default=sys.stdin - ) - args = parser.parse_args() - logging.basicConfig() - - event_json = dictobj(json.load(args.input_json)) - - algorithms = {"sha256": hashlib.sha256} - - for alg_name in event_json.hashes: - if check_event_content_hash(event_json, algorithms[alg_name]): - print("PASS content hash %s" % (alg_name,)) - else: - print("FAIL content hash %s" % (alg_name,)) - - for algorithm in algorithms.values(): - name, h_bytes = compute_event_reference_hash(event_json, algorithm) - print("Reference hash %s: %s" % (name, encode_base64(h_bytes))) - - -if __name__ == "__main__": - main() |