diff --git a/docker/Dockerfile-dhvirtualenv b/docker/Dockerfile-dhvirtualenv
index 3de032cf8c..ceedbad68a 100644
--- a/docker/Dockerfile-dhvirtualenv
+++ b/docker/Dockerfile-dhvirtualenv
@@ -50,7 +50,9 @@ RUN apt-get update -qq -o Acquire::Languages=none \
debhelper \
devscripts \
dh-systemd \
+ libsystemd-dev \
lsb-release \
+ pkg-config \
python3-dev \
python3-pip \
python3-setuptools \
diff --git a/docker/README.md b/docker/README.md
index 4b98b7fd75..b27a692d5b 100644
--- a/docker/README.md
+++ b/docker/README.md
@@ -31,6 +31,7 @@ docker run \
--mount type=volume,src=synapse-data,dst=/data \
-e SYNAPSE_SERVER_NAME=my.matrix.host \
-e SYNAPSE_REPORT_STATS=yes \
+ -p 8448:8448 \
matrixdotorg/synapse:latest
```
@@ -57,9 +58,10 @@ configuration file there. Multiple application services are supported.
Synapse requires a valid TLS certificate. You can do one of the following:
* Provide your own certificate and key (as
- `${DATA_PATH}/${SYNAPSE_SERVER_NAME}.crt` and
- `${DATA_PATH}/${SYNAPSE_SERVER_NAME}.key`, or elsewhere by providing an
- entire config as `${SYNAPSE_CONFIG_PATH}`).
+ `${DATA_PATH}/${SYNAPSE_SERVER_NAME}.tls.crt` and
+ `${DATA_PATH}/${SYNAPSE_SERVER_NAME}.tls.key`, or elsewhere by providing an
+ entire config as `${SYNAPSE_CONFIG_PATH}`). In this case, you should forward
+ traffic to port 8448 in the container, for example with `-p 443:8448`.
* Use a reverse proxy to terminate incoming TLS, and forward the plain http
traffic to port 8008 in the container. In this case you should set `-e
@@ -100,8 +102,9 @@ when ``SYNAPSE_CONFIG_PATH`` is not set.
* ``SYNAPSE_SERVER_NAME`` (mandatory), the server public hostname.
* ``SYNAPSE_REPORT_STATS``, (mandatory, ``yes`` or ``no``), enable anonymous
statistics reporting back to the Matrix project which helps us to get funding.
-* ``SYNAPSE_NO_TLS``, set this variable to disable TLS in Synapse (use this if
- you run your own TLS-capable reverse proxy).
+* `SYNAPSE_NO_TLS`, (accepts `true`, `false`, `on`, `off`, `1`, `0`, `yes`, `no`]): disable
+ TLS in Synapse (use this if you run your own TLS-capable reverse proxy). Defaults
+ to `false` (ie, TLS is enabled by default).
* ``SYNAPSE_ENABLE_REGISTRATION``, set this variable to enable registration on
the Synapse instance.
* ``SYNAPSE_ALLOW_GUEST``, set this variable to allow guest joining this server.
@@ -137,7 +140,7 @@ Database specific values (will use SQLite if not set):
**NOTE**: You are highly encouraged to use postgresql! Please use the compose
file to make it easier to deploy.
* `POSTGRES_USER` - The user for the synapse postgres database. [default:
- `matrix`]
+ `synapse`]
Mail server specific values (will not send emails if not set):
diff --git a/docker/start.py b/docker/start.py
index 941d9996a8..2da555272a 100755
--- a/docker/start.py
+++ b/docker/start.py
@@ -59,6 +59,18 @@ else:
if not os.path.exists("/compiled"): os.mkdir("/compiled")
config_path = "/compiled/homeserver.yaml"
+
+ # Convert SYNAPSE_NO_TLS to boolean if exists
+ if "SYNAPSE_NO_TLS" in environ:
+ tlsanswerstring = str.lower(environ["SYNAPSE_NO_TLS"])
+ if tlsanswerstring in ("true", "on", "1", "yes"):
+ environ["SYNAPSE_NO_TLS"] = True
+ else:
+ if tlsanswerstring in ("false", "off", "0", "no"):
+ environ["SYNAPSE_NO_TLS"] = False
+ else:
+ print("Environment variable \"SYNAPSE_NO_TLS\" found but value \"" + tlsanswerstring + "\" unrecognized; exiting.")
+ sys.exit(2)
convert("/conf/homeserver.yaml", config_path, environ)
convert("/conf/log.config", "/compiled/log.config", environ)
|
