summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--INSTALL.md28
-rw-r--r--README.rst7
-rw-r--r--UPGRADE.rst32
3 files changed, 25 insertions, 42 deletions
diff --git a/INSTALL.md b/INSTALL.md
index a04524cdc7..fd37c2d9b9 100644
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -40,7 +40,7 @@ pip install matrix-synapse[all]
 
 This will download Synapse from [PyPI](https://pypi.org/project/matrix-synapse)
 and install it, along with the python libraries it uses, into a virtual environment
-under ``~/synapse/env``.  Feel free to pick a different directory if you
+under `~/synapse/env`.  Feel free to pick a different directory if you
 prefer.
 
 This Synapse installation can then be later upgraded by using pip again with the
@@ -88,7 +88,7 @@ You will need to give Synapse a TLS certficate before it will start - see [TLS
 certificates](#tls-certificates).
 
 To actually run your new homeserver, pick a working directory for Synapse to
-run (e.g. ``~/synapse``), and::
+run (e.g. `~/synapse`), and::
 
     cd ~/synapse
     source env/bin/activate
@@ -197,19 +197,19 @@ may need to manually upgrade it::
 
     sudo pip install --upgrade pip
 
-Installing may fail with ``Could not find any downloads that satisfy the requirement pymacaroons-pynacl (from matrix-synapse==0.12.0)``.
+Installing may fail with `Could not find any downloads that satisfy the requirement pymacaroons-pynacl (from matrix-synapse==0.12.0)`.
 You can fix this by manually upgrading pip and virtualenv::
 
     sudo pip install --upgrade virtualenv
 
-You can next rerun ``virtualenv -p python3 synapse`` to update the virtual env.
+You can next rerun `virtualenv -p python3 synapse` to update the virtual env.
 
-Installing may fail during installing virtualenv with ``InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.``
+Installing may fail during installing virtualenv with `InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.`
 You can fix this  by manually installing ndg-httpsclient::
 
     pip install --upgrade ndg-httpsclient
 
-Installing may fail with ``mock requires setuptools>=17.1. Aborting installation``.
+Installing may fail with `mock requires setuptools>=17.1. Aborting installation`.
 You can fix this by upgrading setuptools::
 
     pip install --upgrade setuptools
@@ -459,12 +459,12 @@ Make admin [no]:
 Success!
 ```
 
-This process uses a setting ``registration_shared_secret`` in
-``homeserver.yaml``, which is shared between Synapse itself and the
-``register_new_matrix_user`` script. It doesn't matter what it is (a random
-value is generated by ``--generate-config``), but it should be kept secret, as
+This process uses a setting `registration_shared_secret` in
+`homeserver.yaml`, which is shared between Synapse itself and the
+`register_new_matrix_user` script. It doesn't matter what it is (a random
+value is generated by `--generate-config`), but it should be kept secret, as
 anyone with knowledge of it can register users on your server even if
-``enable_registration`` is ``false``.
+`enable_registration` is `false`.
 
 ## Setting up a TURN server
 
@@ -474,14 +474,14 @@ a TURN server.  See [docs/turn-howto.rst](docs/turn-howto.rst) for details.
 ## URL previews
 
 Synapse includes support for previewing URLs, which is disabled by default.  To
-turn it on you must enable the ``url_preview_enabled: True`` config parameter
+turn it on you must enable the `url_preview_enabled: True` config parameter
 and explicitly specify the IP ranges that Synapse is not allowed to spider for
-previewing in the ``url_preview_ip_range_blacklist`` configuration parameter.
+previewing in the `url_preview_ip_range_blacklist` configuration parameter.
 This is critical from a security perspective to stop arbitrary Matrix users
 spidering 'internal' URLs on your network.  At the very least we recommend that
 your loopback and RFC1918 IP addresses are blacklisted.
 
 This also requires the optional lxml and netaddr python dependencies to be
 installed.  This in turn requires the libxml2 library to be available - on
-Debian/Ubuntu this means ``apt-get install libxml2-dev``, or equivalent for
+Debian/Ubuntu this means `apt-get install libxml2-dev`, or equivalent for
 your OS.
diff --git a/README.rst b/README.rst
index 8c5220be88..b8c1909101 100644
--- a/README.rst
+++ b/README.rst
@@ -84,6 +84,13 @@ Synapse Installation
 For details on how to install synapse, see `<INSTALL.md>`_.
 
 
+To actually run your new homeserver, pick a working directory for Synapse to
+run (e.g. ``~/synapse``), and::
+
+    cd ~/synapse
+    source env/bin/activate
+    synctl start
+
 Connecting to Synapse from a client
 ===================================
 
diff --git a/UPGRADE.rst b/UPGRADE.rst
index c46f70f699..948867f189 100644
--- a/UPGRADE.rst
+++ b/UPGRADE.rst
@@ -51,34 +51,10 @@ returned by the Client-Server API:
 Upgrading to v0.99.0
 ====================
 
-In preparation for Synapse v1.0, you must update your TLS certificates from
-self-signed ones to verifiable ones signed by a trusted root CA.
-
-If you do not already have a certificate for your domain, the easiest way to get
-one is with Synapse's new ACME support, which will use the ACME protocol to
-provision a certificate automatically. By default, certificates will be obtained
-from the publicly trusted CA Let's Encrypt.
-
-For a sample configuration, please inspect the new ACME section in the example
-generated config by running the ``generate-config`` executable. For example::
-
-  ~/synapse/env3/bin/generate-config
-
-You will need to provide Let's Encrypt (or other ACME provider) access to your
-Synapse ACME challenge responder on port 80, at the domain of your homeserver.
-This requires you either change the port of the ACME listener provided by
-Synapse to a high port and reverse proxy to it, or use a tool like authbind to
-allow Synapse to listen on port 80 without root access. (Do not run Synapse with
-root permissions!)
-
-You will need to back up or delete your self signed TLS certificate
-(``example.com.tls.crt`` and ``example.com.tls.key``), Synapse's ACME
-implementation will not overwrite them.
-
-You may wish to use alternate methods such as Certbot to obtain a certificate
-from Let's Encrypt, depending on your server configuration. Of course, if you
-already have a valid certificate for your homeserver's domain, that can be
-placed in Synapse's config directory without the need for ACME.
+No special steps are required, but please be aware that you will need to
+replace any self-signed certificates with those verified by a root CA before
+Synapse v1.0 releases in roughly a month's time after v0.99.0. Information on
+how to do so can be found at `the ACME docs <docs/ACME.md>`_.
 
 Upgrading to v0.34.0
 ====================
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-17 02:02:38 +0000