summary refs log tree commit diff
path: root/docker/complement/conf-workers/start-complement-synapse-workers.sh
diff options
context:
space:
mode:
Diffstat (limited to 'docker/complement/conf-workers/start-complement-synapse-workers.sh')
-rwxr-xr-xdocker/complement/conf-workers/start-complement-synapse-workers.sh18
1 files changed, 15 insertions, 3 deletions
diff --git a/docker/complement/conf-workers/start-complement-synapse-workers.sh b/docker/complement/conf-workers/start-complement-synapse-workers.sh

index b9a6b55bbe..a10b57a53f 100755
--- a/docker/complement/conf-workers/start-complement-synapse-workers.sh
+++ b/docker/complement/conf-workers/start-complement-synapse-workers.sh
@@ -9,9 +9,6 @@ function log {
     echo "$d $@"
 }
 
-# Replace the server name in the caddy config
-sed -i "s/{{ server_name }}/${SERVER_NAME}/g" /root/caddy.json
-
 # Set the server name of the homeserver
 export SYNAPSE_SERVER_NAME=${SERVER_NAME}
 
@@ -39,6 +36,21 @@ export SYNAPSE_WORKER_TYPES="\
     appservice, \
     pusher"
 
+
+# Generate a TLS key, then generate a certificate by having Complement's CA sign it
+# Note that both the key and certificate are in PEM format (not DER).
+openssl genrsa -out /conf/server.tls.key 2048
+
+openssl req -new -key /conf/server.tls.key -out /conf/server.tls.csr \
+  -subj "/CN=${SERVER_NAME}"
+
+openssl x509 -req -in /conf/server.tls.csr \
+  -CA /complement/ca/ca.crt -CAkey /complement/ca/ca.key -set_serial 1 \
+  -out /conf/server.tls.crt
+
+export SYNAPSE_TLS_CERT=/conf/server.tls.crt
+export SYNAPSE_TLS_KEY=/conf/server.tls.key
+
 # Run the script that writes the necessary config files and starts supervisord, which in turn
 # starts everything else
 exec /configure_workers_and_start.py
generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-04-05 06:28:52 +0000