summary refs log tree commit diff
path: root/v1.38/print.html
diff options
context:
space:
mode:
Diffstat (limited to 'v1.38/print.html')
-rw-r--r--v1.38/print.html12790
1 files changed, 12790 insertions, 0 deletions
diff --git a/v1.38/print.html b/v1.38/print.html
new file mode 100644
index 0000000000..ecf11b27fa
--- /dev/null
+++ b/v1.38/print.html
@@ -0,0 +1,12790 @@
+<!DOCTYPE HTML>
+<html lang="en" class="sidebar-visible no-js light">
+    <head>
+        <!-- Book generated using mdBook -->
+        <meta charset="UTF-8">
+        <title>Synapse</title>
+        
+        <meta name="robots" content="noindex" />
+        
+        
+
+
+        <!-- Custom HTML head -->
+        
+
+
+        <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
+        <meta name="description" content="">
+        <meta name="viewport" content="width=device-width, initial-scale=1">
+        <meta name="theme-color" content="#ffffff" />
+
+        
+        <link rel="icon" href="favicon.svg">
+        
+        
+        <link rel="shortcut icon" href="favicon.png">
+        
+        <link rel="stylesheet" href="css/variables.css">
+        <link rel="stylesheet" href="css/general.css">
+        <link rel="stylesheet" href="css/chrome.css">
+        
+        <link rel="stylesheet" href="css/print.css" media="print">
+        
+
+        <!-- Fonts -->
+        <link rel="stylesheet" href="FontAwesome/css/font-awesome.css">
+        
+        <link rel="stylesheet" href="fonts/fonts.css">
+        
+
+        <!-- Highlight.js Stylesheets -->
+        <link rel="stylesheet" href="highlight.css">
+        <link rel="stylesheet" href="tomorrow-night.css">
+        <link rel="stylesheet" href="ayu-highlight.css">
+
+        <!-- Custom theme stylesheets -->
+        
+        <link rel="stylesheet" href="docs/website_files/table-of-contents.css">
+        
+        <link rel="stylesheet" href="docs/website_files/remove-nav-buttons.css">
+        
+        <link rel="stylesheet" href="docs/website_files/indent-section-headers.css">
+        
+
+        
+    </head>
+    <body>
+        <!-- Provide site root to javascript -->
+        <script type="text/javascript">
+            var path_to_root = "";
+            var default_theme = window.matchMedia("(prefers-color-scheme: dark)").matches ? "navy" : "light";
+        </script>
+
+        <!-- Work around some values being stored in localStorage wrapped in quotes -->
+        <script type="text/javascript">
+            try {
+                var theme = localStorage.getItem('mdbook-theme');
+                var sidebar = localStorage.getItem('mdbook-sidebar');
+                if (theme.startsWith('"') && theme.endsWith('"')) {
+                    localStorage.setItem('mdbook-theme', theme.slice(1, theme.length - 1));
+                }
+                if (sidebar.startsWith('"') && sidebar.endsWith('"')) {
+                    localStorage.setItem('mdbook-sidebar', sidebar.slice(1, sidebar.length - 1));
+                }
+            } catch (e) { }
+        </script>
+
+        <!-- Set the theme before any content is loaded, prevents flash -->
+        <script type="text/javascript">
+            var theme;
+            try { theme = localStorage.getItem('mdbook-theme'); } catch(e) { }
+            if (theme === null || theme === undefined) { theme = default_theme; }
+            var html = document.querySelector('html');
+            html.classList.remove('no-js')
+            html.classList.remove('light')
+            html.classList.add(theme);
+            html.classList.add('js');
+        </script>
+
+        <!-- Hide / unhide sidebar before it is displayed -->
+        <script type="text/javascript">
+            var html = document.querySelector('html');
+            var sidebar = 'hidden';
+            if (document.body.clientWidth >= 1080) {
+                try { sidebar = localStorage.getItem('mdbook-sidebar'); } catch(e) { }
+                sidebar = sidebar || 'visible';
+            }
+            html.classList.remove('sidebar-visible');
+            html.classList.add("sidebar-" + sidebar);
+        </script>
+
+        <nav id="sidebar" class="sidebar" aria-label="Table of contents">
+            <div class="sidebar-scrollbox">
+                <ol class="chapter"><li class="chapter-item expanded affix "><li class="part-title">Introduction</li><li class="chapter-item expanded "><a href="welcome_and_overview.html">Welcome and Overview</a></li><li class="chapter-item expanded affix "><li class="part-title">Setup</li><li class="chapter-item expanded "><a href="setup/installation.html">Installation</a></li><li class="chapter-item expanded "><a href="postgres.html">Using Postgres</a></li><li class="chapter-item expanded "><a href="reverse_proxy.html">Configuring a Reverse Proxy</a></li><li class="chapter-item expanded "><a href="turn-howto.html">Configuring a Turn Server</a></li><li class="chapter-item expanded "><a href="delegate.html">Delegation</a></li><li class="chapter-item expanded affix "><li class="part-title">Upgrading</li><li class="chapter-item expanded "><a href="upgrade.html">Upgrading between Synapse Versions</a></li><li class="chapter-item expanded "><a href="MSC1711_certificates_FAQ.html">Upgrading from pre-Synapse 1.0</a></li><li class="chapter-item expanded affix "><li class="part-title">Usage</li><li class="chapter-item expanded "><a href="federate.html">Federation</a></li><li class="chapter-item expanded "><a href="usage/configuration/index.html">Configuration</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="usage/configuration/homeserver_sample_config.html">Homeserver Sample Config File</a></li><li class="chapter-item expanded "><a href="usage/configuration/logging_sample_config.html">Logging Sample Config File</a></li><li class="chapter-item expanded "><a href="structured_logging.html">Structured Logging</a></li><li class="chapter-item expanded "><a href="usage/configuration/user_authentication/index.html">User Authentication</a></li><li><ol class="section"><li class="chapter-item expanded "><div>Single-Sign On</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="openid.html">OpenID Connect</a></li><li class="chapter-item expanded "><div>SAML</div></li><li class="chapter-item expanded "><div>CAS</div></li><li class="chapter-item expanded "><a href="sso_mapping_providers.html">SSO Mapping Providers</a></li></ol></li><li class="chapter-item expanded "><a href="password_auth_providers.html">Password Auth Providers</a></li><li class="chapter-item expanded "><a href="jwt.html">JSON Web Tokens</a></li></ol></li><li class="chapter-item expanded "><a href="CAPTCHA_SETUP.html">Registration Captcha</a></li><li class="chapter-item expanded "><a href="application_services.html">Application Services</a></li><li class="chapter-item expanded "><a href="server_notices.html">Server Notices</a></li><li class="chapter-item expanded "><a href="consent_tracking.html">Consent Tracking</a></li><li class="chapter-item expanded "><a href="url_previews.html">URL Previews</a></li><li class="chapter-item expanded "><a href="user_directory.html">User Directory</a></li><li class="chapter-item expanded "><a href="message_retention_policies.html">Message Retention Policies</a></li><li class="chapter-item expanded "><a href="modules.html">Pluggable Modules</a></li><li><ol class="section"><li class="chapter-item expanded "><div>Third Party Rules</div></li><li class="chapter-item expanded "><a href="spam_checker.html">Spam Checker</a></li><li class="chapter-item expanded "><a href="presence_router_module.html">Presence Router</a></li><li class="chapter-item expanded "><div>Media Storage Providers</div></li></ol></li><li class="chapter-item expanded "><a href="workers.html">Workers</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="synctl_workers.html">Using synctl with Workers</a></li><li class="chapter-item expanded "><a href="systemd-with-workers/index.html">Systemd</a></li></ol></li></ol></li><li class="chapter-item expanded "><a href="usage/administration/index.html">Administration</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="usage/administration/admin_api/index.html">Admin API</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="admin_api/account_validity.html">Account Validity</a></li><li class="chapter-item expanded "><a href="admin_api/delete_group.html">Delete Group</a></li><li class="chapter-item expanded "><a href="admin_api/event_reports.html">Event Reports</a></li><li class="chapter-item expanded "><a href="admin_api/media_admin_api.html">Media</a></li><li class="chapter-item expanded "><a href="admin_api/purge_history_api.html">Purge History</a></li><li class="chapter-item expanded "><a href="admin_api/purge_room.html">Purge Rooms</a></li><li class="chapter-item expanded "><a href="admin_api/register_api.html">Register Users</a></li><li class="chapter-item expanded "><a href="admin_api/room_membership.html">Manipulate Room Membership</a></li><li class="chapter-item expanded "><a href="admin_api/rooms.html">Rooms</a></li><li class="chapter-item expanded "><a href="admin_api/server_notices.html">Server Notices</a></li><li class="chapter-item expanded "><a href="admin_api/shutdown_room.html">Shutdown Room</a></li><li class="chapter-item expanded "><a href="admin_api/statistics.html">Statistics</a></li><li class="chapter-item expanded "><a href="admin_api/user_admin_api.html">Users</a></li><li class="chapter-item expanded "><a href="admin_api/version_api.html">Server Version</a></li></ol></li><li class="chapter-item expanded "><a href="manhole.html">Manhole</a></li><li class="chapter-item expanded "><a href="metrics-howto.html">Monitoring</a></li><li class="chapter-item expanded "><a href="usage/administration/request_log.html">Request log format</a></li><li class="chapter-item expanded "><div>Scripts</div></li></ol></li><li class="chapter-item expanded "><li class="part-title">Development</li><li class="chapter-item expanded "><a href="development/contributing_guide.html">Contributing Guide</a></li><li class="chapter-item expanded "><a href="code_style.html">Code Style</a></li><li class="chapter-item expanded "><a href="dev/git.html">Git Usage</a></li><li class="chapter-item expanded "><div>Testing</div></li><li class="chapter-item expanded "><a href="opentracing.html">OpenTracing</a></li><li class="chapter-item expanded "><a href="development/database_schema.html">Database Schemas</a></li><li class="chapter-item expanded "><div>Synapse Architecture</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="log_contexts.html">Log Contexts</a></li><li class="chapter-item expanded "><a href="replication.html">Replication</a></li><li class="chapter-item expanded "><a href="tcp_replication.html">TCP Replication</a></li></ol></li><li class="chapter-item expanded "><a href="development/internal_documentation/index.html">Internal Documentation</a></li><li><ol class="section"><li class="chapter-item expanded "><div>Single Sign-On</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="dev/saml.html">SAML</a></li><li class="chapter-item expanded "><a href="dev/cas.html">CAS</a></li></ol></li><li class="chapter-item expanded "><div>State Resolution</div></li><li><ol class="section"><li class="chapter-item expanded "><a href="auth_chain_difference_algorithm.html">The Auth Chain Difference Algorithm</a></li></ol></li><li class="chapter-item expanded "><a href="media_repository.html">Media Repository</a></li><li class="chapter-item expanded "><a href="room_and_user_statistics.html">Room and User Statistics</a></li></ol></li><li class="chapter-item expanded "><div>Scripts</div></li><li class="chapter-item expanded affix "><li class="part-title">Other</li><li class="chapter-item expanded "><a href="deprecation_policy.html">Dependency Deprecation Policy</a></li></ol>
+            </div>
+            <div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
+        </nav>
+
+        <div id="page-wrapper" class="page-wrapper">
+
+            <div class="page">
+                
+                <div id="menu-bar-hover-placeholder"></div>
+                <div id="menu-bar" class="menu-bar sticky bordered">
+                    <div class="left-buttons">
+                        <button id="sidebar-toggle" class="icon-button" type="button" title="Toggle Table of Contents" aria-label="Toggle Table of Contents" aria-controls="sidebar">
+                            <i class="fa fa-bars"></i>
+                        </button>
+                        <button id="theme-toggle" class="icon-button" type="button" title="Change theme" aria-label="Change theme" aria-haspopup="true" aria-expanded="false" aria-controls="theme-list">
+                            <i class="fa fa-paint-brush"></i>
+                        </button>
+                        <ul id="theme-list" class="theme-popup" aria-label="Themes" role="menu">
+                            <li role="none"><button role="menuitem" class="theme" id="light">Light (default)</button></li>
+                            <li role="none"><button role="menuitem" class="theme" id="rust">Rust</button></li>
+                            <li role="none"><button role="menuitem" class="theme" id="coal">Coal</button></li>
+                            <li role="none"><button role="menuitem" class="theme" id="navy">Navy</button></li>
+                            <li role="none"><button role="menuitem" class="theme" id="ayu">Ayu</button></li>
+                        </ul>
+                        
+                        <button id="search-toggle" class="icon-button" type="button" title="Search. (Shortkey: s)" aria-label="Toggle Searchbar" aria-expanded="false" aria-keyshortcuts="S" aria-controls="searchbar">
+                            <i class="fa fa-search"></i>
+                        </button>
+                        
+                    </div>
+
+                    <h1 class="menu-title">Synapse</h1>
+
+                    <div class="right-buttons">
+                        
+                        <a href="print.html" title="Print this book" aria-label="Print this book">
+                            <i id="print-button" class="fa fa-print"></i>
+                        </a>
+                        
+                        
+                        <a href="https://github.com/matrix-org/synapse" title="Git repository" aria-label="Git repository">
+                            <i id="git-repository-button" class="fa fa-github"></i>
+                        </a>
+                        
+                        
+
+                    </div>
+                </div>
+
+                
+                <div id="search-wrapper" class="hidden">
+                    <form id="searchbar-outer" class="searchbar-outer">
+                        <input type="search" id="searchbar" name="searchbar" placeholder="Search this book ..." aria-controls="searchresults-outer" aria-describedby="searchresults-header">
+                    </form>
+                    <div id="searchresults-outer" class="searchresults-outer hidden">
+                        <div id="searchresults-header" class="searchresults-header"></div>
+                        <ul id="searchresults">
+                        </ul>
+                    </div>
+                </div>
+                
+
+                <!-- Apply ARIA attributes after the sidebar and the sidebar toggle button are added to the DOM -->
+                <script type="text/javascript">
+                    document.getElementById('sidebar-toggle').setAttribute('aria-expanded', sidebar === 'visible');
+                    document.getElementById('sidebar').setAttribute('aria-hidden', sidebar !== 'visible');
+                    Array.from(document.querySelectorAll('#sidebar a')).forEach(function(link) {
+                        link.setAttribute('tabIndex', sidebar === 'visible' ? 0 : -1);
+                    });
+                </script>
+
+                <div id="content" class="content">
+                    <main>
+                        <!-- Page table of contents -->
+                        <div class="sidetoc">
+                            <nav class="pagetoc"></nav>
+                        </div>
+
+                        <div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="introduction"><a class="header" href="#introduction">Introduction</a></h1>
+<p>Welcome to the documentation repository for Synapse, the reference
+<a href="https://matrix.org">Matrix</a> homeserver implementation.</p>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><!--
+  Include the contents of INSTALL.md from the project root without moving it, which may
+  break links around the internet. Additionally, note that SUMMARY.md is unable to 
+  directly link to content outside of the docs/ directory. So we use this file as a 
+  redirection.
+-->
+<h1 id="installation-instructions"><a class="header" href="#installation-instructions">Installation Instructions</a></h1>
+<p>There are 3 steps to follow under <strong>Installation Instructions</strong>.</p>
+<ul>
+<li><a href="setup/installation.html#installation-instructions">Installation Instructions</a>
+<ul>
+<li><a href="setup/installation.html#choosing-your-server-name">Choosing your server name</a></li>
+<li><a href="setup/installation.html#installing-synapse">Installing Synapse</a>
+<ul>
+<li><a href="setup/installation.html#installing-from-source">Installing from source</a>
+<ul>
+<li><a href="setup/installation.html#platform-specific-prerequisites">Platform-specific prerequisites</a>
+<ul>
+<li><a href="setup/installation.html#debianubunturaspbian">Debian/Ubuntu/Raspbian</a></li>
+<li><a href="setup/installation.html#archlinux">ArchLinux</a></li>
+<li><a href="setup/installation.html#centosfedora">CentOS/Fedora</a></li>
+<li><a href="setup/installation.html#macos">macOS</a></li>
+<li><a href="setup/installation.html#opensuse">OpenSUSE</a></li>
+<li><a href="setup/installation.html#openbsd">OpenBSD</a></li>
+<li><a href="setup/installation.html#windows">Windows</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li><a href="setup/installation.html#prebuilt-packages">Prebuilt packages</a>
+<ul>
+<li><a href="setup/installation.html#docker-images-and-ansible-playbooks">Docker images and Ansible playbooks</a></li>
+<li><a href="setup/installation.html#debianubuntu">Debian/Ubuntu</a>
+<ul>
+<li><a href="setup/installation.html#matrixorg-packages">Matrix.org packages</a></li>
+<li><a href="setup/installation.html#downstream-debian-packages">Downstream Debian packages</a></li>
+<li><a href="setup/installation.html#downstream-ubuntu-packages">Downstream Ubuntu packages</a></li>
+</ul>
+</li>
+<li><a href="setup/installation.html#fedora">Fedora</a></li>
+<li><a href="setup/installation.html#opensuse-1">OpenSUSE</a></li>
+<li><a href="setup/installation.html#suse-linux-enterprise-server">SUSE Linux Enterprise Server</a></li>
+<li><a href="setup/installation.html#archlinux-1">ArchLinux</a></li>
+<li><a href="setup/installation.html#void-linux">Void Linux</a></li>
+<li><a href="setup/installation.html#freebsd">FreeBSD</a></li>
+<li><a href="setup/installation.html#openbsd-1">OpenBSD</a></li>
+<li><a href="setup/installation.html#nixos">NixOS</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li><a href="setup/installation.html#setting-up-synapse">Setting up Synapse</a>
+<ul>
+<li><a href="setup/installation.html#using-postgresql">Using PostgreSQL</a></li>
+<li><a href="setup/installation.html#tls-certificates">TLS certificates</a></li>
+<li><a href="setup/installation.html#client-well-known-uri">Client Well-Known URI</a></li>
+<li><a href="setup/installation.html#email">Email</a></li>
+<li><a href="setup/installation.html#registering-a-user">Registering a user</a></li>
+<li><a href="setup/installation.html#setting-up-a-turn-server">Setting up a TURN server</a></li>
+<li><a href="setup/installation.html#url-previews">URL previews</a></li>
+<li><a href="setup/installation.html#troubleshooting-installation">Troubleshooting Installation</a></li>
+</ul>
+</li>
+</ul>
+</li>
+</ul>
+<h2 id="choosing-your-server-name"><a class="header" href="#choosing-your-server-name">Choosing your server name</a></h2>
+<p>It is important to choose the name for your server before you install Synapse,
+because it cannot be changed later.</p>
+<p>The server name determines the &quot;domain&quot; part of user-ids for users on your
+server: these will all be of the format <code>@user:my.domain.name</code>. It also
+determines how other matrix servers will reach yours for federation.</p>
+<p>For a test configuration, set this to the hostname of your server. For a more
+production-ready setup, you will probably want to specify your domain
+(<code>example.com</code>) rather than a matrix-specific hostname here (in the same way
+that your email address is probably <code>user@example.com</code> rather than
+<code>user@email.example.com</code>) - but doing so may require more advanced setup: see
+<a href="setup/docs/federate.html">Setting up Federation</a>.</p>
+<h2 id="installing-synapse"><a class="header" href="#installing-synapse">Installing Synapse</a></h2>
+<h3 id="installing-from-source"><a class="header" href="#installing-from-source">Installing from source</a></h3>
+<p>(Prebuilt packages are available for some platforms - see <a href="setup/installation.html#prebuilt-packages">Prebuilt packages</a>.)</p>
+<p>When installing from source please make sure that the <a href="setup/installation.html#platform-specific-prerequisites">Platform-specific prerequisites</a> are already installed.</p>
+<p>System requirements:</p>
+<ul>
+<li>POSIX-compliant system (tested on Linux &amp; OS X)</li>
+<li>Python 3.5.2 or later, up to Python 3.9.</li>
+<li>At least 1GB of free RAM if you want to join large public rooms like #matrix:matrix.org</li>
+</ul>
+<p>To install the Synapse homeserver run:</p>
+<pre><code class="language-sh">mkdir -p ~/synapse
+virtualenv -p python3 ~/synapse/env
+source ~/synapse/env/bin/activate
+pip install --upgrade pip
+pip install --upgrade setuptools
+pip install matrix-synapse
+</code></pre>
+<p>This will download Synapse from <a href="https://pypi.org/project/matrix-synapse">PyPI</a>
+and install it, along with the python libraries it uses, into a virtual environment
+under <code>~/synapse/env</code>.  Feel free to pick a different directory if you
+prefer.</p>
+<p>This Synapse installation can then be later upgraded by using pip again with the
+update flag:</p>
+<pre><code class="language-sh">source ~/synapse/env/bin/activate
+pip install -U matrix-synapse
+</code></pre>
+<p>Before you can start Synapse, you will need to generate a configuration
+file. To do this, run (in your virtualenv, as before):</p>
+<pre><code class="language-sh">cd ~/synapse
+python -m synapse.app.homeserver \
+    --server-name my.domain.name \
+    --config-path homeserver.yaml \
+    --generate-config \
+    --report-stats=[yes|no]
+</code></pre>
+<p>... substituting an appropriate value for <code>--server-name</code>.</p>
+<p>This command will generate you a config file that you can then customise, but it will
+also generate a set of keys for you. These keys will allow your homeserver to
+identify itself to other homeserver, so don't lose or delete them. It would be
+wise to back them up somewhere safe. (If, for whatever reason, you do need to
+change your homeserver's keys, you may find that other homeserver have the
+old key cached. If you update the signing key, you should change the name of the
+key in the <code>&lt;server name&gt;.signing.key</code> file (the second word) to something
+different. See the <a href="https://matrix.org/docs/spec/server_server/latest.html#retrieving-server-keys">spec</a> for more information on key management).</p>
+<p>To actually run your new homeserver, pick a working directory for Synapse to
+run (e.g. <code>~/synapse</code>), and:</p>
+<pre><code class="language-sh">cd ~/synapse
+source env/bin/activate
+synctl start
+</code></pre>
+<h4 id="platform-specific-prerequisites"><a class="header" href="#platform-specific-prerequisites">Platform-specific prerequisites</a></h4>
+<p>Synapse is written in Python but some of the libraries it uses are written in
+C. So before we can install Synapse itself we need a working C compiler and the
+header files for Python C extensions.</p>
+<h5 id="debianubunturaspbian"><a class="header" href="#debianubunturaspbian">Debian/Ubuntu/Raspbian</a></h5>
+<p>Installing prerequisites on Ubuntu or Debian:</p>
+<pre><code class="language-sh">sudo apt install build-essential python3-dev libffi-dev \
+                     python3-pip python3-setuptools sqlite3 \
+                     libssl-dev virtualenv libjpeg-dev libxslt1-dev
+</code></pre>
+<h5 id="archlinux"><a class="header" href="#archlinux">ArchLinux</a></h5>
+<p>Installing prerequisites on ArchLinux:</p>
+<pre><code class="language-sh">sudo pacman -S base-devel python python-pip \
+               python-setuptools python-virtualenv sqlite3
+</code></pre>
+<h5 id="centosfedora"><a class="header" href="#centosfedora">CentOS/Fedora</a></h5>
+<p>Installing prerequisites on CentOS or Fedora Linux:</p>
+<pre><code class="language-sh">sudo dnf install libtiff-devel libjpeg-devel libzip-devel freetype-devel \
+                 libwebp-devel libxml2-devel libxslt-devel libpq-devel \
+                 python3-virtualenv libffi-devel openssl-devel python3-devel
+sudo dnf groupinstall &quot;Development Tools&quot;
+</code></pre>
+<h5 id="macos"><a class="header" href="#macos">macOS</a></h5>
+<p>Installing prerequisites on macOS:</p>
+<pre><code class="language-sh">xcode-select --install
+sudo easy_install pip
+sudo pip install virtualenv
+brew install pkg-config libffi
+</code></pre>
+<p>On macOS Catalina (10.15) you may need to explicitly install OpenSSL
+via brew and inform <code>pip</code> about it so that <code>psycopg2</code> builds:</p>
+<pre><code class="language-sh">brew install openssl@1.1
+export LDFLAGS=&quot;-L/usr/local/opt/openssl/lib&quot;
+export CPPFLAGS=&quot;-I/usr/local/opt/openssl/include&quot;
+</code></pre>
+<h5 id="opensuse"><a class="header" href="#opensuse">OpenSUSE</a></h5>
+<p>Installing prerequisites on openSUSE:</p>
+<pre><code class="language-sh">sudo zypper in -t pattern devel_basis
+sudo zypper in python-pip python-setuptools sqlite3 python-virtualenv \
+               python-devel libffi-devel libopenssl-devel libjpeg62-devel
+</code></pre>
+<h5 id="openbsd"><a class="header" href="#openbsd">OpenBSD</a></h5>
+<p>A port of Synapse is available under <code>net/synapse</code>. The filesystem
+underlying the homeserver directory (defaults to <code>/var/synapse</code>) has to be
+mounted with <code>wxallowed</code> (cf. <code>mount(8)</code>), so creating a separate filesystem
+and mounting it to <code>/var/synapse</code> should be taken into consideration.</p>
+<p>To be able to build Synapse's dependency on python the <code>WRKOBJDIR</code>
+(cf. <code>bsd.port.mk(5)</code>) for building python, too, needs to be on a filesystem
+mounted with <code>wxallowed</code> (cf. <code>mount(8)</code>).</p>
+<p>Creating a <code>WRKOBJDIR</code> for building python under <code>/usr/local</code> (which on a
+default OpenBSD installation is mounted with <code>wxallowed</code>):</p>
+<pre><code class="language-sh">doas mkdir /usr/local/pobj_wxallowed
+</code></pre>
+<p>Assuming <code>PORTS_PRIVSEP=Yes</code> (cf. <code>bsd.port.mk(5)</code>) and <code>SUDO=doas</code> are
+configured in <code>/etc/mk.conf</code>:</p>
+<pre><code class="language-sh">doas chown _pbuild:_pbuild /usr/local/pobj_wxallowed
+</code></pre>
+<p>Setting the <code>WRKOBJDIR</code> for building python:</p>
+<pre><code class="language-sh">echo WRKOBJDIR_lang/python/3.7=/usr/local/pobj_wxallowed  \\nWRKOBJDIR_lang/python/2.7=/usr/local/pobj_wxallowed &gt;&gt; /etc/mk.conf
+</code></pre>
+<p>Building Synapse:</p>
+<pre><code class="language-sh">cd /usr/ports/net/synapse
+make install
+</code></pre>
+<h5 id="windows"><a class="header" href="#windows">Windows</a></h5>
+<p>If you wish to run or develop Synapse on Windows, the Windows Subsystem For
+Linux provides a Linux environment on Windows 10 which is capable of using the
+Debian, Fedora, or source installation methods. More information about WSL can
+be found at <a href="https://docs.microsoft.com/en-us/windows/wsl/install-win10">https://docs.microsoft.com/en-us/windows/wsl/install-win10</a> for
+Windows 10 and <a href="https://docs.microsoft.com/en-us/windows/wsl/install-on-server">https://docs.microsoft.com/en-us/windows/wsl/install-on-server</a>
+for Windows Server.</p>
+<h3 id="prebuilt-packages"><a class="header" href="#prebuilt-packages">Prebuilt packages</a></h3>
+<p>As an alternative to installing from source, prebuilt packages are available
+for a number of platforms.</p>
+<h4 id="docker-images-and-ansible-playbooks"><a class="header" href="#docker-images-and-ansible-playbooks">Docker images and Ansible playbooks</a></h4>
+<p>There is an official synapse image available at
+<a href="https://hub.docker.com/r/matrixdotorg/synapse">https://hub.docker.com/r/matrixdotorg/synapse</a> which can be used with
+the docker-compose file available at <a href="setup/contrib/docker">contrib/docker</a>. Further
+information on this including configuration options is available in the README
+on hub.docker.com.</p>
+<p>Alternatively, Andreas Peters (previously Silvio Fricke) has contributed a
+Dockerfile to automate a synapse server in a single Docker image, at
+<a href="https://hub.docker.com/r/avhost/docker-matrix/tags/">https://hub.docker.com/r/avhost/docker-matrix/tags/</a></p>
+<p>Slavi Pantaleev has created an Ansible playbook,
+which installs the offical Docker image of Matrix Synapse
+along with many other Matrix-related services (Postgres database, Element, coturn,
+ma1sd, SSL support, etc.).
+For more details, see
+<a href="https://github.com/spantaleev/matrix-docker-ansible-deploy">https://github.com/spantaleev/matrix-docker-ansible-deploy</a></p>
+<h4 id="debianubuntu"><a class="header" href="#debianubuntu">Debian/Ubuntu</a></h4>
+<h5 id="matrixorg-packages"><a class="header" href="#matrixorg-packages">Matrix.org packages</a></h5>
+<p>Matrix.org provides Debian/Ubuntu packages of the latest stable version of
+Synapse via <a href="https://packages.matrix.org/debian/">https://packages.matrix.org/debian/</a>. They are available for Debian
+9 (Stretch), Ubuntu 16.04 (Xenial), and later. To use them:</p>
+<pre><code class="language-sh">sudo apt install -y lsb-release wget apt-transport-https
+sudo wget -O /usr/share/keyrings/matrix-org-archive-keyring.gpg https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg
+echo &quot;deb [signed-by=/usr/share/keyrings/matrix-org-archive-keyring.gpg] https://packages.matrix.org/debian/ $(lsb_release -cs) main&quot; |
+    sudo tee /etc/apt/sources.list.d/matrix-org.list
+sudo apt update
+sudo apt install matrix-synapse-py3
+</code></pre>
+<p><strong>Note</strong>: if you followed a previous version of these instructions which
+recommended using <code>apt-key add</code> to add an old key from
+<code>https://matrix.org/packages/debian/</code>, you should note that this key has been
+revoked. You should remove the old key with <code>sudo apt-key remove C35EB17E1EAE708E6603A9B3AD0592FE47F0DF61</code>, and follow the above instructions to
+update your configuration.</p>
+<p>The fingerprint of the repository signing key (as shown by <code>gpg /usr/share/keyrings/matrix-org-archive-keyring.gpg</code>) is
+<code>AAF9AE843A7584B5A3E4CD2BCF45A512DE2DA058</code>.</p>
+<h5 id="downstream-debian-packages"><a class="header" href="#downstream-debian-packages">Downstream Debian packages</a></h5>
+<p>We do not recommend using the packages from the default Debian <code>buster</code>
+repository at this time, as they are old and suffer from known security
+vulnerabilities. You can install the latest version of Synapse from
+<a href="setup/installation.html#matrixorg-packages">our repository</a> or from <code>buster-backports</code>. Please
+see the <a href="https://backports.debian.org/Instructions/">Debian documentation</a>
+for information on how to use backports.</p>
+<p>If you are using Debian <code>sid</code> or testing, Synapse is available in the default
+repositories and it should be possible to install it simply with:</p>
+<pre><code class="language-sh">sudo apt install matrix-synapse
+</code></pre>
+<h5 id="downstream-ubuntu-packages"><a class="header" href="#downstream-ubuntu-packages">Downstream Ubuntu packages</a></h5>
+<p>We do not recommend using the packages in the default Ubuntu repository
+at this time, as they are old and suffer from known security vulnerabilities.
+The latest version of Synapse can be installed from <a href="setup/installation.html#matrixorg-packages">our repository</a>.</p>
+<h4 id="fedora"><a class="header" href="#fedora">Fedora</a></h4>
+<p>Synapse is in the Fedora repositories as <code>matrix-synapse</code>:</p>
+<pre><code class="language-sh">sudo dnf install matrix-synapse
+</code></pre>
+<p>Oleg Girko provides Fedora RPMs at
+<a href="https://obs.infoserver.lv/project/monitor/matrix-synapse">https://obs.infoserver.lv/project/monitor/matrix-synapse</a></p>
+<h4 id="opensuse-1"><a class="header" href="#opensuse-1">OpenSUSE</a></h4>
+<p>Synapse is in the OpenSUSE repositories as <code>matrix-synapse</code>:</p>
+<pre><code class="language-sh">sudo zypper install matrix-synapse
+</code></pre>
+<h4 id="suse-linux-enterprise-server"><a class="header" href="#suse-linux-enterprise-server">SUSE Linux Enterprise Server</a></h4>
+<p>Unofficial package are built for SLES 15 in the openSUSE:Backports:SLE-15 repository at
+<a href="https://download.opensuse.org/repositories/openSUSE:/Backports:/SLE-15/standard/">https://download.opensuse.org/repositories/openSUSE:/Backports:/SLE-15/standard/</a></p>
+<h4 id="archlinux-1"><a class="header" href="#archlinux-1">ArchLinux</a></h4>
+<p>The quickest way to get up and running with ArchLinux is probably with the community package
+<a href="https://www.archlinux.org/packages/community/any/matrix-synapse/">https://www.archlinux.org/packages/community/any/matrix-synapse/</a>, which should pull in most of
+the necessary dependencies.</p>
+<p>pip may be outdated (6.0.7-1 and needs to be upgraded to 6.0.8-1 ):</p>
+<pre><code class="language-sh">sudo pip install --upgrade pip
+</code></pre>
+<p>If you encounter an error with lib bcrypt causing an Wrong ELF Class:
+ELFCLASS32 (x64 Systems), you may need to reinstall py-bcrypt to correctly
+compile it under the right architecture. (This should not be needed if
+installing under virtualenv):</p>
+<pre><code class="language-sh">sudo pip uninstall py-bcrypt
+sudo pip install py-bcrypt
+</code></pre>
+<h4 id="void-linux"><a class="header" href="#void-linux">Void Linux</a></h4>
+<p>Synapse can be found in the void repositories as 'synapse':</p>
+<pre><code class="language-sh">xbps-install -Su
+xbps-install -S synapse
+</code></pre>
+<h4 id="freebsd"><a class="header" href="#freebsd">FreeBSD</a></h4>
+<p>Synapse can be installed via FreeBSD Ports or Packages contributed by Brendan Molloy from:</p>
+<ul>
+<li>Ports: <code>cd /usr/ports/net-im/py-matrix-synapse &amp;&amp; make install clean</code></li>
+<li>Packages: <code>pkg install py37-matrix-synapse</code></li>
+</ul>
+<h4 id="openbsd-1"><a class="header" href="#openbsd-1">OpenBSD</a></h4>
+<p>As of OpenBSD 6.7 Synapse is available as a pre-compiled binary. The filesystem
+underlying the homeserver directory (defaults to <code>/var/synapse</code>) has to be
+mounted with <code>wxallowed</code> (cf. <code>mount(8)</code>), so creating a separate filesystem
+and mounting it to <code>/var/synapse</code> should be taken into consideration.</p>
+<p>Installing Synapse:</p>
+<pre><code class="language-sh">doas pkg_add synapse
+</code></pre>
+<h4 id="nixos"><a class="header" href="#nixos">NixOS</a></h4>
+<p>Robin Lambertz has packaged Synapse for NixOS at:
+<a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/misc/matrix-synapse.nix">https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/misc/matrix-synapse.nix</a></p>
+<h2 id="setting-up-synapse"><a class="header" href="#setting-up-synapse">Setting up Synapse</a></h2>
+<p>Once you have installed synapse as above, you will need to configure it.</p>
+<h3 id="using-postgresql"><a class="header" href="#using-postgresql">Using PostgreSQL</a></h3>
+<p>By default Synapse uses an <a href="https://sqlite.org/">SQLite</a> database and in doing so trades
+performance for convenience. Almost all installations should opt to use <a href="https://www.postgresql.org">PostgreSQL</a>
+instead. Advantages include:</p>
+<ul>
+<li>significant performance improvements due to the superior threading and
+caching model, smarter query optimiser</li>
+<li>allowing the DB to be run on separate hardware</li>
+</ul>
+<p>For information on how to install and use PostgreSQL in Synapse, please see
+<a href="setup/docs/postgres.html">docs/postgres.md</a></p>
+<p>SQLite is only acceptable for testing purposes. SQLite should not be used in
+a production server. Synapse will perform poorly when using
+SQLite, especially when participating in large rooms.</p>
+<h3 id="tls-certificates"><a class="header" href="#tls-certificates">TLS certificates</a></h3>
+<p>The default configuration exposes a single HTTP port on the local
+interface: <code>http://localhost:8008</code>. It is suitable for local testing,
+but for any practical use, you will need Synapse's APIs to be served
+over HTTPS.</p>
+<p>The recommended way to do so is to set up a reverse proxy on port
+<code>8448</code>. You can find documentation on doing so in
+<a href="setup/docs/reverse_proxy.html">docs/reverse_proxy.md</a>.</p>
+<p>Alternatively, you can configure Synapse to expose an HTTPS port. To do
+so, you will need to edit <code>homeserver.yaml</code>, as follows:</p>
+<ul>
+<li>First, under the <code>listeners</code> section, uncomment the configuration for the
+TLS-enabled listener. (Remove the hash sign (<code>#</code>) at the start of
+each line). The relevant lines are like this:</li>
+</ul>
+<pre><code class="language-yaml">  - port: 8448
+    type: http
+    tls: true
+    resources:
+      - names: [client, federation]
+</code></pre>
+<ul>
+<li>
+<p>You will also need to uncomment the <code>tls_certificate_path</code> and
+<code>tls_private_key_path</code> lines under the <code>TLS</code> section. You will need to manage
+provisioning of these certificates yourself.</p>
+<p>If you are using your own certificate, be sure to use a <code>.pem</code> file that
+includes the full certificate chain including any intermediate certificates
+(for instance, if using certbot, use <code>fullchain.pem</code> as your certificate, not
+<code>cert.pem</code>).</p>
+</li>
+</ul>
+<p>For a more detailed guide to configuring your server for federation, see
+<a href="setup/docs/federate.html">federate.md</a>.</p>
+<h3 id="client-well-known-uri"><a class="header" href="#client-well-known-uri">Client Well-Known URI</a></h3>
+<p>Setting up the client Well-Known URI is optional but if you set it up, it will
+allow users to enter their full username (e.g. <code>@user:&lt;server_name&gt;</code>) into clients
+which support well-known lookup to automatically configure the homeserver and
+identity server URLs. This is useful so that users don't have to memorize or think
+about the actual homeserver URL you are using.</p>
+<p>The URL <code>https://&lt;server_name&gt;/.well-known/matrix/client</code> should return JSON in
+the following format.</p>
+<pre><code class="language-json">{
+  &quot;m.homeserver&quot;: {
+    &quot;base_url&quot;: &quot;https://&lt;matrix.example.com&gt;&quot;
+  }
+}
+</code></pre>
+<p>It can optionally contain identity server information as well.</p>
+<pre><code class="language-json">{
+  &quot;m.homeserver&quot;: {
+    &quot;base_url&quot;: &quot;https://&lt;matrix.example.com&gt;&quot;
+  },
+  &quot;m.identity_server&quot;: {
+    &quot;base_url&quot;: &quot;https://&lt;identity.example.com&gt;&quot;
+  }
+}
+</code></pre>
+<p>To work in browser based clients, the file must be served with the appropriate
+Cross-Origin Resource Sharing (CORS) headers. A recommended value would be
+<code>Access-Control-Allow-Origin: *</code> which would allow all browser based clients to
+view it.</p>
+<p>In nginx this would be something like:</p>
+<pre><code class="language-nginx">location /.well-known/matrix/client {
+    return 200 '{&quot;m.homeserver&quot;: {&quot;base_url&quot;: &quot;https://&lt;matrix.example.com&gt;&quot;}}';
+    default_type application/json;
+    add_header Access-Control-Allow-Origin *;
+}
+</code></pre>
+<p>You should also ensure the <code>public_baseurl</code> option in <code>homeserver.yaml</code> is set
+correctly. <code>public_baseurl</code> should be set to the URL that clients will use to
+connect to your server. This is the same URL you put for the <code>m.homeserver</code>
+<code>base_url</code> above.</p>
+<pre><code class="language-yaml">public_baseurl: &quot;https://&lt;matrix.example.com&gt;&quot;
+</code></pre>
+<h3 id="email"><a class="header" href="#email">Email</a></h3>
+<p>It is desirable for Synapse to have the capability to send email. This allows
+Synapse to send password reset emails, send verifications when an email address
+is added to a user's account, and send email notifications to users when they
+receive new messages.</p>
+<p>To configure an SMTP server for Synapse, modify the configuration section
+headed <code>email</code>, and be sure to have at least the <code>smtp_host</code>, <code>smtp_port</code>
+and <code>notif_from</code> fields filled out.  You may also need to set <code>smtp_user</code>,
+<code>smtp_pass</code>, and <code>require_transport_security</code>.</p>
+<p>If email is not configured, password reset, registration and notifications via
+email will be disabled.</p>
+<h3 id="registering-a-user"><a class="header" href="#registering-a-user">Registering a user</a></h3>
+<p>The easiest way to create a new user is to do so from a client like <a href="https://element.io/">Element</a>.</p>
+<p>Alternatively, you can do so from the command line. This can be done as follows:</p>
+<ol>
+<li>If synapse was installed via pip, activate the virtualenv as follows (if Synapse was
+installed via a prebuilt package, <code>register_new_matrix_user</code> should already be
+on the search path):
+<pre><code class="language-sh">cd ~/synapse
+source env/bin/activate
+synctl start # if not already running
+</code></pre>
+</li>
+<li>Run the following command:
+<pre><code class="language-sh">register_new_matrix_user -c homeserver.yaml http://localhost:8008
+</code></pre>
+</li>
+</ol>
+<p>This will prompt you to add details for the new user, and will then connect to
+the running Synapse to create the new user. For example:</p>
+<pre><code>New user localpart: erikj
+Password:
+Confirm password:
+Make admin [no]:
+Success!
+</code></pre>
+<p>This process uses a setting <code>registration_shared_secret</code> in
+<code>homeserver.yaml</code>, which is shared between Synapse itself and the
+<code>register_new_matrix_user</code> script. It doesn't matter what it is (a random
+value is generated by <code>--generate-config</code>), but it should be kept secret, as
+anyone with knowledge of it can register users, including admin accounts,
+on your server even if <code>enable_registration</code> is <code>false</code>.</p>
+<h3 id="setting-up-a-turn-server"><a class="header" href="#setting-up-a-turn-server">Setting up a TURN server</a></h3>
+<p>For reliable VoIP calls to be routed via this homeserver, you MUST configure
+a TURN server. See <a href="setup/docs/turn-howto.html">docs/turn-howto.md</a> for details.</p>
+<h3 id="url-previews"><a class="header" href="#url-previews">URL previews</a></h3>
+<p>Synapse includes support for previewing URLs, which is disabled by default.  To
+turn it on you must enable the <code>url_preview_enabled: True</code> config parameter
+and explicitly specify the IP ranges that Synapse is not allowed to spider for
+previewing in the <code>url_preview_ip_range_blacklist</code> configuration parameter.
+This is critical from a security perspective to stop arbitrary Matrix users
+spidering 'internal' URLs on your network. At the very least we recommend that
+your loopback and RFC1918 IP addresses are blacklisted.</p>
+<p>This also requires the optional <code>lxml</code> python dependency to be  installed. This
+in turn requires the <code>libxml2</code> library to be available - on  Debian/Ubuntu this
+means <code>apt-get install libxml2-dev</code>, or equivalent for your OS.</p>
+<h3 id="troubleshooting-installation"><a class="header" href="#troubleshooting-installation">Troubleshooting Installation</a></h3>
+<p><code>pip</code> seems to leak <em>lots</em> of memory during installation. For instance, a Linux
+host with 512MB of RAM may run out of memory whilst installing Twisted. If this
+happens, you will have to individually install the dependencies which are
+failing, e.g.:</p>
+<pre><code class="language-sh">pip install twisted
+</code></pre>
+<p>If you have any other problems, feel free to ask in
+<a href="https://matrix.to/#/#synapse:matrix.org">#synapse:matrix.org</a>.</p>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="using-postgres"><a class="header" href="#using-postgres">Using Postgres</a></h1>
+<p>Synapse supports PostgreSQL versions 9.6 or later.</p>
+<h2 id="install-postgres-client-libraries"><a class="header" href="#install-postgres-client-libraries">Install postgres client libraries</a></h2>
+<p>Synapse will require the python postgres client library in order to
+connect to a postgres database.</p>
+<ul>
+<li>
+<p>If you are using the <a href="../INSTALL.html#matrixorg-packages">matrix.org debian/ubuntu
+packages</a>, the necessary python
+library will already be installed, but you will need to ensure the
+low-level postgres library is installed, which you can do with
+<code>apt install libpq5</code>.</p>
+</li>
+<li>
+<p>For other pre-built packages, please consult the documentation from
+the relevant package.</p>
+</li>
+<li>
+<p>If you installed synapse <a href="../INSTALL.html#installing-from-source">in a
+virtualenv</a>, you can install
+the library with:</p>
+<pre><code>~/synapse/env/bin/pip install &quot;matrix-synapse[postgres]&quot;
+</code></pre>
+<p>(substituting the path to your virtualenv for <code>~/synapse/env</code>, if
+you used a different path). You will require the postgres
+development files. These are in the <code>libpq-dev</code> package on
+Debian-derived distributions.</p>
+</li>
+</ul>
+<h2 id="set-up-database"><a class="header" href="#set-up-database">Set up database</a></h2>
+<p>Assuming your PostgreSQL database user is called <code>postgres</code>, first authenticate as the database user with:</p>
+<pre><code>su - postgres
+# Or, if your system uses sudo to get administrative rights
+sudo -u postgres bash
+</code></pre>
+<p>Then, create a postgres user and a database with:</p>
+<pre><code># this will prompt for a password for the new user
+createuser --pwprompt synapse_user
+
+createdb --encoding=UTF8 --locale=C --template=template0 --owner=synapse_user synapse
+</code></pre>
+<p>The above will create a user called <code>synapse_user</code>, and a database called
+<code>synapse</code>.</p>
+<p>Note that the PostgreSQL database <em>must</em> have the correct encoding set
+(as shown above), otherwise it will not be able to store UTF8 strings.</p>
+<p>You may need to enable password authentication so <code>synapse_user</code> can
+connect to the database. See
+<a href="https://www.postgresql.org/docs/current/auth-pg-hba-conf.html">https://www.postgresql.org/docs/current/auth-pg-hba-conf.html</a>.</p>
+<h2 id="synapse-config"><a class="header" href="#synapse-config">Synapse config</a></h2>
+<p>When you are ready to start using PostgreSQL, edit the <code>database</code>
+section in your config file to match the following lines:</p>
+<pre><code class="language-yaml">database:
+  name: psycopg2
+  args:
+    user: &lt;user&gt;
+    password: &lt;pass&gt;
+    database: &lt;db&gt;
+    host: &lt;host&gt;
+    cp_min: 5
+    cp_max: 10
+</code></pre>
+<p>All key, values in <code>args</code> are passed to the <code>psycopg2.connect(..)</code>
+function, except keys beginning with <code>cp_</code>, which are consumed by the
+twisted adbapi connection pool. See the <a href="https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS">libpq
+documentation</a>
+for a list of options which can be passed.</p>
+<p>You should consider tuning the <code>args.keepalives_*</code> options if there is any danger of
+the connection between your homeserver and database dropping, otherwise Synapse
+may block for an extended period while it waits for a response from the
+database server. Example values might be:</p>
+<pre><code class="language-yaml">database:
+  args:
+    # ... as above
+
+    # seconds of inactivity after which TCP should send a keepalive message to the server
+    keepalives_idle: 10
+
+    # the number of seconds after which a TCP keepalive message that is not
+    # acknowledged by the server should be retransmitted
+    keepalives_interval: 10
+
+    # the number of TCP keepalives that can be lost before the client's connection
+    # to the server is considered dead
+    keepalives_count: 3
+</code></pre>
+<h2 id="tuning-postgres"><a class="header" href="#tuning-postgres">Tuning Postgres</a></h2>
+<p>The default settings should be fine for most deployments. For larger
+scale deployments tuning some of the settings is recommended, details of
+which can be found at
+<a href="https://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server">https://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server</a>.</p>
+<p>In particular, we've found tuning the following values helpful for
+performance:</p>
+<ul>
+<li><code>shared_buffers</code></li>
+<li><code>effective_cache_size</code></li>
+<li><code>work_mem</code></li>
+<li><code>maintenance_work_mem</code></li>
+<li><code>autovacuum_work_mem</code></li>
+</ul>
+<p>Note that the appropriate values for those fields depend on the amount
+of free memory the database host has available.</p>
+<h2 id="porting-from-sqlite"><a class="header" href="#porting-from-sqlite">Porting from SQLite</a></h2>
+<h3 id="overview"><a class="header" href="#overview">Overview</a></h3>
+<p>The script <code>synapse_port_db</code> allows porting an existing synapse server
+backed by SQLite to using PostgreSQL. This is done in as a two phase
+process:</p>
+<ol>
+<li>Copy the existing SQLite database to a separate location and run
+the port script against that offline database.</li>
+<li>Shut down the server. Rerun the port script to port any data that
+has come in since taking the first snapshot. Restart server against
+the PostgreSQL database.</li>
+</ol>
+<p>The port script is designed to be run repeatedly against newer snapshots
+of the SQLite database file. This makes it safe to repeat step 1 if
+there was a delay between taking the previous snapshot and being ready
+to do step 2.</p>
+<p>It is safe to at any time kill the port script and restart it.</p>
+<p>Note that the database may take up significantly more (25% - 100% more)
+space on disk after porting to Postgres.</p>
+<h3 id="using-the-port-script"><a class="header" href="#using-the-port-script">Using the port script</a></h3>
+<p>Firstly, shut down the currently running synapse server and copy its
+database file (typically <code>homeserver.db</code>) to another location. Once the
+copy is complete, restart synapse. For instance:</p>
+<pre><code>./synctl stop
+cp homeserver.db homeserver.db.snapshot
+./synctl start
+</code></pre>
+<p>Copy the old config file into a new config file:</p>
+<pre><code>cp homeserver.yaml homeserver-postgres.yaml
+</code></pre>
+<p>Edit the database section as described in the section <em>Synapse config</em>
+above and with the SQLite snapshot located at <code>homeserver.db.snapshot</code>
+simply run:</p>
+<pre><code>synapse_port_db --sqlite-database homeserver.db.snapshot \
+    --postgres-config homeserver-postgres.yaml
+</code></pre>
+<p>The flag <code>--curses</code> displays a coloured curses progress UI.</p>
+<p>If the script took a long time to complete, or time has otherwise passed
+since the original snapshot was taken, repeat the previous steps with a
+newer snapshot.</p>
+<p>To complete the conversion shut down the synapse server and run the port
+script one last time, e.g. if the SQLite database is at <code>homeserver.db</code>
+run:</p>
+<pre><code>synapse_port_db --sqlite-database homeserver.db \
+    --postgres-config homeserver-postgres.yaml
+</code></pre>
+<p>Once that has completed, change the synapse config to point at the
+PostgreSQL database configuration file <code>homeserver-postgres.yaml</code>:</p>
+<pre><code>./synctl stop
+mv homeserver.yaml homeserver-old-sqlite.yaml
+mv homeserver-postgres.yaml homeserver.yaml
+./synctl start
+</code></pre>
+<p>Synapse should now be running against PostgreSQL.</p>
+<h2 id="troubleshooting"><a class="header" href="#troubleshooting">Troubleshooting</a></h2>
+<h3 id="alternative-auth-methods"><a class="header" href="#alternative-auth-methods">Alternative auth methods</a></h3>
+<p>If you get an error along the lines of <code>FATAL:  Ident authentication failed for user &quot;synapse_user&quot;</code>, you may need to use an authentication method other than
+<code>ident</code>:</p>
+<ul>
+<li>
+<p>If the <code>synapse_user</code> user has a password, add the password to the <code>database:</code>
+section of <code>homeserver.yaml</code>. Then add the following to <code>pg_hba.conf</code>:</p>
+<pre><code>host    synapse     synapse_user    ::1/128     md5  # or `scram-sha-256` instead of `md5` if you use that
+</code></pre>
+</li>
+<li>
+<p>If the <code>synapse_user</code> user does not have a password, then a password doesn't
+have to be added to <code>homeserver.yaml</code>. But the following does need to be added
+to <code>pg_hba.conf</code>:</p>
+<pre><code>host    synapse     synapse_user    ::1/128     trust
+</code></pre>
+</li>
+</ul>
+<p>Note that line order matters in <code>pg_hba.conf</code>, so make sure that if you do add a
+new line, it is inserted before:</p>
+<pre><code>host    all         all             ::1/128     ident
+</code></pre>
+<h3 id="fixing-incorrect-collate-or-ctype"><a class="header" href="#fixing-incorrect-collate-or-ctype">Fixing incorrect <code>COLLATE</code> or <code>CTYPE</code></a></h3>
+<p>Synapse will refuse to set up a new database if it has the wrong values of
+<code>COLLATE</code> and <code>CTYPE</code> set, and will log warnings on existing databases. Using
+different locales can cause issues if the locale library is updated from
+underneath the database, or if a different version of the locale is used on any
+replicas.</p>
+<p>The safest way to fix the issue is to dump the database and recreate it with
+the correct locale parameter (as shown above). It is also possible to change the
+parameters on a live database and run a <code>REINDEX</code> on the entire database,
+however extreme care must be taken to avoid database corruption.</p>
+<p>Note that the above may fail with an error about duplicate rows if corruption
+has already occurred, and such duplicate rows will need to be manually removed.</p>
+<h3 id="fixing-inconsistent-sequences-error"><a class="header" href="#fixing-inconsistent-sequences-error">Fixing inconsistent sequences error</a></h3>
+<p>Synapse uses Postgres sequences to generate IDs for various tables. A sequence
+and associated table can get out of sync if, for example, Synapse has been
+downgraded and then upgraded again.</p>
+<p>To fix the issue shut down Synapse (including any and all workers) and run the
+SQL command included in the error message. Once done Synapse should start
+successfully.</p>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="using-a-reverse-proxy-with-synapse"><a class="header" href="#using-a-reverse-proxy-with-synapse">Using a reverse proxy with Synapse</a></h1>
+<p>It is recommended to put a reverse proxy such as
+<a href="https://nginx.org/en/docs/http/ngx_http_proxy_module.html">nginx</a>,
+<a href="https://httpd.apache.org/docs/current/mod/mod_proxy_http.html">Apache</a>,
+<a href="https://caddyserver.com/docs/quick-starts/reverse-proxy">Caddy</a>,
+<a href="https://www.haproxy.org/">HAProxy</a> or
+<a href="https://man.openbsd.org/relayd.8">relayd</a> in front of Synapse. One advantage
+of doing so is that it means that you can expose the default https port
+(443) to Matrix clients without needing to run Synapse with root
+privileges.</p>
+<p>You should configure your reverse proxy to forward requests to <code>/_matrix</code> or
+<code>/_synapse/client</code> to Synapse, and have it set the <code>X-Forwarded-For</code> and
+<code>X-Forwarded-Proto</code> request headers.</p>
+<p>You should remember that Matrix clients and other Matrix servers do not
+necessarily need to connect to your server via the same server name or
+port. Indeed, clients will use port 443 by default, whereas servers default to
+port 8448. Where these are different, we refer to the 'client port' and the
+'federation port'. See <a href="https://matrix.org/docs/spec/server_server/latest#resolving-server-names">the Matrix
+specification</a>
+for more details of the algorithm used for federation connections, and
+<a href="delegate.html">delegate.md</a> for instructions on setting up delegation.</p>
+<p><strong>NOTE</strong>: Your reverse proxy must not <code>canonicalise</code> or <code>normalise</code>
+the requested URI in any way (for example, by decoding <code>%xx</code> escapes).
+Beware that Apache <em>will</em> canonicalise URIs unless you specify
+<code>nocanon</code>.</p>
+<p>Let's assume that we expect clients to connect to our server at
+<code>https://matrix.example.com</code>, and other servers to connect at
+<code>https://example.com:8448</code>.  The following sections detail the configuration of
+the reverse proxy and the homeserver.</p>
+<h2 id="reverse-proxy-configuration-examples"><a class="header" href="#reverse-proxy-configuration-examples">Reverse-proxy configuration examples</a></h2>
+<p><strong>NOTE</strong>: You only need one of these.</p>
+<h3 id="nginx"><a class="header" href="#nginx">nginx</a></h3>
+<pre><code>server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    # For the federation port
+    listen 8448 ssl http2 default_server;
+    listen [::]:8448 ssl http2 default_server;
+
+    server_name matrix.example.com;
+
+    location ~* ^(\/_matrix|\/_synapse\/client) {
+        proxy_pass http://localhost:8008;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Host $host;
+
+        # Nginx by default only allows file uploads up to 1M in size
+        # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
+        client_max_body_size 50M;
+    }
+}
+</code></pre>
+<p><strong>NOTE</strong>: Do not add a path after the port in <code>proxy_pass</code>, otherwise nginx will
+canonicalise/normalise the URI.</p>
+<h3 id="caddy-1"><a class="header" href="#caddy-1">Caddy 1</a></h3>
+<pre><code>matrix.example.com {
+  proxy /_matrix http://localhost:8008 {
+    transparent
+  }
+
+  proxy /_synapse/client http://localhost:8008 {
+    transparent
+  }
+}
+
+example.com:8448 {
+  proxy / http://localhost:8008 {
+    transparent
+  }
+}
+</code></pre>
+<h3 id="caddy-2"><a class="header" href="#caddy-2">Caddy 2</a></h3>
+<pre><code>matrix.example.com {
+  reverse_proxy /_matrix/* http://localhost:8008
+  reverse_proxy /_synapse/client/* http://localhost:8008
+}
+
+example.com:8448 {
+  reverse_proxy http://localhost:8008
+}
+</code></pre>
+<h3 id="apache"><a class="header" href="#apache">Apache</a></h3>
+<pre><code>&lt;VirtualHost *:443&gt;
+    SSLEngine on
+    ServerName matrix.example.com
+
+    RequestHeader set &quot;X-Forwarded-Proto&quot; expr=%{REQUEST_SCHEME}
+    AllowEncodedSlashes NoDecode
+    ProxyPreserveHost on
+    ProxyPass /_matrix http://127.0.0.1:8008/_matrix nocanon
+    ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix
+    ProxyPass /_synapse/client http://127.0.0.1:8008/_synapse/client nocanon
+    ProxyPassReverse /_synapse/client http://127.0.0.1:8008/_synapse/client
+&lt;/VirtualHost&gt;
+
+&lt;VirtualHost *:8448&gt;
+    SSLEngine on
+    ServerName example.com
+
+    RequestHeader set &quot;X-Forwarded-Proto&quot; expr=%{REQUEST_SCHEME}
+    AllowEncodedSlashes NoDecode
+    ProxyPass /_matrix http://127.0.0.1:8008/_matrix nocanon
+    ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix
+&lt;/VirtualHost&gt;
+</code></pre>
+<p><strong>NOTE</strong>: ensure the  <code>nocanon</code> options are included.</p>
+<p><strong>NOTE 2</strong>: It appears that Synapse is currently incompatible with the ModSecurity module for Apache (<code>mod_security2</code>). If you need it enabled for other services on your web server, you can disable it for Synapse's two VirtualHosts by including the following lines before each of the two <code>&lt;/VirtualHost&gt;</code> above:</p>
+<pre><code>&lt;IfModule security2_module&gt;
+    SecRuleEngine off
+&lt;/IfModule&gt;
+</code></pre>
+<p><strong>NOTE 3</strong>: Missing <code>ProxyPreserveHost on</code> can lead to a redirect loop.</p>
+<h3 id="haproxy"><a class="header" href="#haproxy">HAProxy</a></h3>
+<pre><code>frontend https
+  bind :::443 v4v6 ssl crt /etc/ssl/haproxy/ strict-sni alpn h2,http/1.1
+  http-request set-header X-Forwarded-Proto https if { ssl_fc }
+  http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
+  http-request set-header X-Forwarded-For %[src]
+
+  # Matrix client traffic
+  acl matrix-host hdr(host) -i matrix.example.com
+  acl matrix-path path_beg /_matrix
+  acl matrix-path path_beg /_synapse/client
+
+  use_backend matrix if matrix-host matrix-path
+
+frontend matrix-federation
+  bind :::8448 v4v6 ssl crt /etc/ssl/haproxy/synapse.pem alpn h2,http/1.1
+  http-request set-header X-Forwarded-Proto https if { ssl_fc }
+  http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
+  http-request set-header X-Forwarded-For %[src]
+
+  default_backend matrix
+
+backend matrix
+  server matrix 127.0.0.1:8008
+</code></pre>
+<h3 id="relayd"><a class="header" href="#relayd">Relayd</a></h3>
+<pre><code>table &lt;webserver&gt;    { 127.0.0.1 }
+table &lt;matrixserver&gt; { 127.0.0.1 }
+
+http protocol &quot;https&quot; {
+    tls { no tlsv1.0, ciphers &quot;HIGH&quot; }
+    tls keypair &quot;example.com&quot;
+    match header set &quot;X-Forwarded-For&quot;   value &quot;$REMOTE_ADDR&quot;
+    match header set &quot;X-Forwarded-Proto&quot; value &quot;https&quot;
+
+    # set CORS header for .well-known/matrix/server, .well-known/matrix/client
+    # httpd does not support setting headers, so do it here
+    match request path &quot;/.well-known/matrix/*&quot; tag &quot;matrix-cors&quot;
+    match response tagged &quot;matrix-cors&quot; header set &quot;Access-Control-Allow-Origin&quot; value &quot;*&quot;
+
+    pass quick path &quot;/_matrix/*&quot;         forward to &lt;matrixserver&gt;
+    pass quick path &quot;/_synapse/client/*&quot; forward to &lt;matrixserver&gt;
+
+    # pass on non-matrix traffic to webserver
+    pass                                 forward to &lt;webserver&gt;
+}
+
+relay &quot;https_traffic&quot; {
+    listen on egress port 443 tls
+    protocol &quot;https&quot;
+    forward to &lt;matrixserver&gt; port 8008 check tcp
+    forward to &lt;webserver&gt;    port 8080 check tcp
+}
+
+http protocol &quot;matrix&quot; {
+    tls { no tlsv1.0, ciphers &quot;HIGH&quot; }
+    tls keypair &quot;example.com&quot;
+    block
+    pass quick path &quot;/_matrix/*&quot;         forward to &lt;matrixserver&gt;
+    pass quick path &quot;/_synapse/client/*&quot; forward to &lt;matrixserver&gt;
+}
+
+relay &quot;matrix_federation&quot; {
+    listen on egress port 8448 tls
+    protocol &quot;matrix&quot;
+    forward to &lt;matrixserver&gt; port 8008 check tcp
+}
+</code></pre>
+<h2 id="homeserver-configuration"><a class="header" href="#homeserver-configuration">Homeserver Configuration</a></h2>
+<p>You will also want to set <code>bind_addresses: ['127.0.0.1']</code> and
+<code>x_forwarded: true</code> for port 8008 in <code>homeserver.yaml</code> to ensure that
+client IP addresses are recorded correctly.</p>
+<p>Having done so, you can then use <code>https://matrix.example.com</code> (instead
+of <code>https://matrix.example.com:8448</code>) as the &quot;Custom server&quot; when
+connecting to Synapse from a client.</p>
+<h2 id="health-check-endpoint"><a class="header" href="#health-check-endpoint">Health check endpoint</a></h2>
+<p>Synapse exposes a health check endpoint for use by reverse proxies.
+Each configured HTTP listener has a <code>/health</code> endpoint which always returns
+200 OK (and doesn't get logged).</p>
+<h2 id="synapse-administration-endpoints"><a class="header" href="#synapse-administration-endpoints">Synapse administration endpoints</a></h2>
+<p>Endpoints for administering your Synapse instance are placed under
+<code>/_synapse/admin</code>. These require authentication through an access token of an
+admin user. However as access to these endpoints grants the caller a lot of power,
+we do not recommend exposing them to the public internet without good reason.</p>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="overview-1"><a class="header" href="#overview-1">Overview</a></h1>
+<p>This document explains how to enable VoIP relaying on your Home Server with
+TURN.</p>
+<p>The synapse Matrix Home Server supports integration with TURN server via the
+<a href="https://tools.ietf.org/html/draft-uberti-behave-turn-rest-00">TURN server REST API</a>. This
+allows the Home Server to generate credentials that are valid for use on the
+TURN server through the use of a secret shared between the Home Server and the
+TURN server.</p>
+<p>The following sections describe how to install <a href="https://github.com/coturn/coturn">coturn</a> (which implements the TURN REST API) and integrate it with synapse.</p>
+<h2 id="requirements"><a class="header" href="#requirements">Requirements</a></h2>
+<p>For TURN relaying with <code>coturn</code> to work, it must be hosted on a server/endpoint with a public IP.</p>
+<p>Hosting TURN behind a NAT (even with appropriate port forwarding) is known to cause issues
+and to often not work.</p>
+<h2 id="coturn-setup"><a class="header" href="#coturn-setup"><code>coturn</code> setup</a></h2>
+<h3 id="initial-installation"><a class="header" href="#initial-installation">Initial installation</a></h3>
+<p>The TURN daemon <code>coturn</code> is available from a variety of sources such as native package managers, or installation from source.</p>
+<h4 id="debian-installation"><a class="header" href="#debian-installation">Debian installation</a></h4>
+<p>Just install the debian package:</p>
+<pre><code class="language-sh">apt install coturn
+</code></pre>
+<p>This will install and start a systemd service called <code>coturn</code>.</p>
+<h4 id="source-installation"><a class="header" href="#source-installation">Source installation</a></h4>
+<ol>
+<li>
+<p>Download the <a href="https://github.com/coturn/coturn/releases/latest">latest release</a> from github.  Unpack it and <code>cd</code> into the directory.</p>
+</li>
+<li>
+<p>Configure it:</p>
+<pre><code>./configure
+</code></pre>
+<p>You may need to install <code>libevent2</code>: if so, you should do so in
+the way recommended by your operating system. You can ignore
+warnings about lack of database support: a database is unnecessary
+for this purpose.</p>
+</li>
+<li>
+<p>Build and install it:</p>
+<pre><code>make
+make install
+</code></pre>
+</li>
+</ol>
+<h3 id="configuration"><a class="header" href="#configuration">Configuration</a></h3>
+<ol>
+<li>
+<p>Create or edit the config file in <code>/etc/turnserver.conf</code>. The relevant
+lines, with example values, are:</p>
+<pre><code>use-auth-secret
+static-auth-secret=[your secret key here]
+realm=turn.myserver.org
+</code></pre>
+<p>See <code>turnserver.conf</code> for explanations of the options. One way to generate
+the <code>static-auth-secret</code> is with <code>pwgen</code>:</p>
+<pre><code>pwgen -s 64 1
+</code></pre>
+<p>A <code>realm</code> must be specified, but its value is somewhat arbitrary. (It is
+sent to clients as part of the authentication flow.) It is conventional to
+set it to be your server name.</p>
+</li>
+<li>
+<p>You will most likely want to configure coturn to write logs somewhere. The
+easiest way is normally to send them to the syslog:</p>
+<pre><code>syslog
+</code></pre>
+<p>(in which case, the logs will be available via <code>journalctl -u coturn</code> on a
+systemd system). Alternatively, coturn can be configured to write to a
+logfile - check the example config file supplied with coturn.</p>
+</li>
+<li>
+<p>Consider your security settings. TURN lets users request a relay which will
+connect to arbitrary IP addresses and ports. The following configuration is
+suggested as a minimum starting point:</p>
+<pre><code># VoIP traffic is all UDP. There is no reason to let users connect to arbitrary TCP endpoints via the relay.
+no-tcp-relay
+
+# don't let the relay ever try to connect to private IP address ranges within your network (if any)
+# given the turn server is likely behind your firewall, remember to include any privileged public IPs too.
+denied-peer-ip=10.0.0.0-10.255.255.255
+denied-peer-ip=192.168.0.0-192.168.255.255
+denied-peer-ip=172.16.0.0-172.31.255.255
+
+# special case the turn server itself so that client-&gt;TURN-&gt;TURN-&gt;client flows work
+allowed-peer-ip=10.0.0.1
+
+# consider whether you want to limit the quota of relayed streams per user (or total) to avoid risk of DoS.
+user-quota=12 # 4 streams per video call, so 12 streams = 3 simultaneous relayed calls per user.
+total-quota=1200
+</code></pre>
+</li>
+<li>
+<p>Also consider supporting TLS/DTLS. To do this, add the following settings
+to <code>turnserver.conf</code>:</p>
+<pre><code># TLS certificates, including intermediate certs.
+# For Let's Encrypt certificates, use `fullchain.pem` here.
+cert=/path/to/fullchain.pem
+
+# TLS private key file
+pkey=/path/to/privkey.pem
+</code></pre>
+<p>In this case, replace the <code>turn:</code> schemes in the <code>turn_uri</code> settings below
+with <code>turns:</code>.</p>
+<p>We recommend that you only try to set up TLS/DTLS once you have set up a
+basic installation and got it working.</p>
+</li>
+<li>
+<p>Ensure your firewall allows traffic into the TURN server on the ports
+you've configured it to listen on (By default: 3478 and 5349 for TURN
+traffic (remember to allow both TCP and UDP traffic), and ports 49152-65535
+for the UDP relay.)</p>
+</li>
+<li>
+<p>We do not recommend running a TURN server behind NAT, and are not aware of
+anyone doing so successfully.</p>
+<p>If you want to try it anyway, you will at least need to tell coturn its
+external IP address:</p>
+<pre><code>external-ip=192.88.99.1
+</code></pre>
+<p>... and your NAT gateway must forward all of the relayed ports directly
+(eg, port 56789 on the external IP must be always be forwarded to port
+56789 on the internal IP).</p>
+<p>If you get this working, let us know!</p>
+</li>
+<li>
+<p>(Re)start the turn server:</p>
+<ul>
+<li>
+<p>If you used the Debian package (or have set up a systemd unit yourself):</p>
+<pre><code class="language-sh">systemctl restart coturn
+</code></pre>
+</li>
+<li>
+<p>If you installed from source:</p>
+<pre><code class="language-sh">bin/turnserver -o
+</code></pre>
+</li>
+</ul>
+</li>
+</ol>
+<h2 id="synapse-setup"><a class="header" href="#synapse-setup">Synapse setup</a></h2>
+<p>Your home server configuration file needs the following extra keys:</p>
+<ol>
+<li>&quot;<code>turn_uris</code>&quot;: This needs to be a yaml list of public-facing URIs
+for your TURN server to be given out to your clients. Add separate
+entries for each transport your TURN server supports.</li>
+<li>&quot;<code>turn_shared_secret</code>&quot;: This is the secret shared between your
+Home server and your TURN server, so you should set it to the same
+string you used in turnserver.conf.</li>
+<li>&quot;<code>turn_user_lifetime</code>&quot;: This is the amount of time credentials
+generated by your Home Server are valid for (in milliseconds).
+Shorter times offer less potential for abuse at the expense of
+increased traffic between web clients and your home server to
+refresh credentials. The TURN REST API specification recommends
+one day (86400000).</li>
+<li>&quot;<code>turn_allow_guests</code>&quot;: Whether to allow guest users to use the
+TURN server. This is enabled by default, as otherwise VoIP will
+not work reliably for guests. However, it does introduce a
+security risk as it lets guests connect to arbitrary endpoints
+without having gone through a CAPTCHA or similar to register a
+real account.</li>
+</ol>
+<p>As an example, here is the relevant section of the config file for <code>matrix.org</code>. The
+<code>turn_uris</code> are appropriate for TURN servers listening on the default ports, with no TLS.</p>
+<pre><code>turn_uris: [ &quot;turn:turn.matrix.org?transport=udp&quot;, &quot;turn:turn.matrix.org?transport=tcp&quot; ]
+turn_shared_secret: &quot;n0t4ctuAllymatr1Xd0TorgSshar3d5ecret4obvIousreAsons&quot;
+turn_user_lifetime: 86400000
+turn_allow_guests: True
+</code></pre>
+<p>After updating the homeserver configuration, you must restart synapse:</p>
+<ul>
+<li>If you use synctl:
+<pre><code class="language-sh">cd /where/you/run/synapse
+./synctl restart
+</code></pre>
+</li>
+<li>If you use systemd:
+<pre><code>systemctl restart matrix-synapse.service
+</code></pre>
+</li>
+</ul>
+<p>... and then reload any clients (or wait an hour for them to refresh their
+settings).</p>
+<h2 id="troubleshooting-1"><a class="header" href="#troubleshooting-1">Troubleshooting</a></h2>
+<p>The normal symptoms of a misconfigured TURN server are that calls between
+devices on different networks ring, but get stuck at &quot;call
+connecting&quot;. Unfortunately, troubleshooting this can be tricky.</p>
+<p>Here are a few things to try:</p>
+<ul>
+<li>
+<p>Check that your TURN server is not behind NAT. As above, we're not aware of
+anyone who has successfully set this up.</p>
+</li>
+<li>
+<p>Check that you have opened your firewall to allow TCP and UDP traffic to the
+TURN ports (normally 3478 and 5479).</p>
+</li>
+<li>
+<p>Check that you have opened your firewall to allow UDP traffic to the UDP
+relay ports (49152-65535 by default).</p>
+</li>
+<li>
+<p>Some WebRTC implementations (notably, that of Google Chrome) appear to get
+confused by TURN servers which are reachable over IPv6 (this appears to be
+an unexpected side-effect of its handling of multiple IP addresses as
+defined by
+<a href="https://tools.ietf.org/html/draft-ietf-rtcweb-ip-handling-12"><code>draft-ietf-rtcweb-ip-handling</code></a>).</p>
+<p>Try removing any AAAA records for your TURN server, so that it is only
+reachable over IPv4.</p>
+</li>
+<li>
+<p>Enable more verbose logging in coturn via the <code>verbose</code> setting:</p>
+<pre><code>verbose
+</code></pre>
+<p>... and then see if there are any clues in its logs.</p>
+</li>
+<li>
+<p>If you are using a browser-based client under Chrome, check
+<code>chrome://webrtc-internals/</code> for insights into the internals of the
+negotiation. On Firefox, check the &quot;Connection Log&quot; on <code>about:webrtc</code>.</p>
+<p>(Understanding the output is beyond the scope of this document!)</p>
+</li>
+<li>
+<p>You can test your Matrix homeserver TURN setup with https://test.voip.librepush.net/.
+Note that this test is not fully reliable yet, so don't be discouraged if
+the test fails.
+<a href="https://github.com/matrix-org/voip-tester">Here</a> is the github repo of the
+source of the tester, where you can file bug reports.</p>
+</li>
+<li>
+<p>There is a WebRTC test tool at
+https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/. To
+use it, you will need a username/password for your TURN server. You can
+either:</p>
+<ul>
+<li>
+<p>look for the <code>GET /_matrix/client/r0/voip/turnServer</code> request made by a
+matrix client to your homeserver in your browser's network inspector. In
+the response you should see <code>username</code> and <code>password</code>. Or:</p>
+</li>
+<li>
+<p>Use the following shell commands:</p>
+<pre><code class="language-sh">secret=staticAuthSecretHere
+
+u=$((`date +%s` + 3600)):test
+p=$(echo -n $u | openssl dgst -hmac $secret -sha1 -binary | base64)
+echo -e &quot;username: $u\npassword: $p&quot;
+</code></pre>
+<p>Or:</p>
+</li>
+<li>
+<p>Temporarily configure coturn to accept a static username/password. To do
+this, comment out <code>use-auth-secret</code> and <code>static-auth-secret</code> and add the
+following:</p>
+<pre><code>lt-cred-mech
+user=username:password
+</code></pre>
+<p><strong>Note</strong>: these settings will not take effect unless <code>use-auth-secret</code>
+and <code>static-auth-secret</code> are disabled.</p>
+<p>Restart coturn after changing the configuration file.</p>
+<p>Remember to restore the original settings to go back to testing with
+Matrix clients!</p>
+</li>
+</ul>
+<p>If the TURN server is working correctly, you should see at least one <code>relay</code>
+entry in the results.</p>
+</li>
+</ul>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="delegation"><a class="header" href="#delegation">Delegation</a></h1>
+<p>By default, other homeservers will expect to be able to reach yours via
+your <code>server_name</code>, on port 8448. For example, if you set your <code>server_name</code>
+to <code>example.com</code> (so that your user names look like <code>@user:example.com</code>),
+other servers will try to connect to yours at <code>https://example.com:8448/</code>.</p>
+<p>Delegation is a Matrix feature allowing a homeserver admin to retain a
+<code>server_name</code> of <code>example.com</code> so that user IDs, room aliases, etc continue
+to look like <code>*:example.com</code>, whilst having federation traffic routed
+to a different server and/or port (e.g. <code>synapse.example.com:443</code>).</p>
+<h2 id="well-known-delegation"><a class="header" href="#well-known-delegation">.well-known delegation</a></h2>
+<p>To use this method, you need to be able to alter the
+<code>server_name</code> 's https server to serve the <code>/.well-known/matrix/server</code>
+URL. Having an active server (with a valid TLS certificate) serving your
+<code>server_name</code> domain is out of the scope of this documentation.</p>
+<p>The URL <code>https://&lt;server_name&gt;/.well-known/matrix/server</code> should
+return a JSON structure containing the key <code>m.server</code> like so:</p>
+<pre><code class="language-json">{
+    &quot;m.server&quot;: &quot;&lt;synapse.server.name&gt;[:&lt;yourport&gt;]&quot;
+}
+</code></pre>
+<p>In our example, this would mean that URL <code>https://example.com/.well-known/matrix/server</code>
+should return:</p>
+<pre><code class="language-json">{
+    &quot;m.server&quot;: &quot;synapse.example.com:443&quot;
+}
+</code></pre>
+<p>Note, specifying a port is optional. If no port is specified, then it defaults
+to 8448.</p>
+<p>With .well-known delegation, federating servers will check for a valid TLS
+certificate for the delegated hostname (in our example: <code>synapse.example.com</code>).</p>
+<h2 id="srv-dns-record-delegation"><a class="header" href="#srv-dns-record-delegation">SRV DNS record delegation</a></h2>
+<p>It is also possible to do delegation using a SRV DNS record. However, that is
+considered an advanced topic since it's a bit complex to set up, and <code>.well-known</code>
+delegation is already enough in most cases.</p>
+<p>However, if you really need it, you can find some documentation on how such a
+record should look like and how Synapse will use it in <a href="https://matrix.org/docs/spec/server_server/latest#resolving-server-names">the Matrix
+specification</a>.</p>
+<h2 id="delegation-faq"><a class="header" href="#delegation-faq">Delegation FAQ</a></h2>
+<h3 id="when-do-i-need-delegation"><a class="header" href="#when-do-i-need-delegation">When do I need delegation?</a></h3>
+<p>If your homeserver's APIs are accessible on the default federation port (8448)
+and the domain your <code>server_name</code> points to, you do not need any delegation.</p>
+<p>For instance, if you registered <code>example.com</code> and pointed its DNS A record at a
+fresh server, you could install Synapse on that host, giving it a <code>server_name</code>
+of <code>example.com</code>, and once a reverse proxy has been set up to proxy all requests
+sent to the port <code>8448</code> and serve TLS certificates for <code>example.com</code>, you
+wouldn't need any delegation set up.</p>
+<p><strong>However</strong>, if your homeserver's APIs aren't accessible on port 8448 and on the
+domain <code>server_name</code> points to, you will need to let other servers know how to
+find it using delegation.</p>
+<h3 id="do-you-still-recommend-against-using-a-reverse-proxy-on-the-federation-port"><a class="header" href="#do-you-still-recommend-against-using-a-reverse-proxy-on-the-federation-port">Do you still recommend against using a reverse proxy on the federation port?</a></h3>
+<p>We no longer actively recommend against using a reverse proxy. Many admins will
+find it easier to direct federation traffic to a reverse proxy and manage their
+own TLS certificates, and this is a supported configuration.</p>
+<p>See <a href="reverse_proxy.html">reverse_proxy.md</a> for information on setting up a
+reverse proxy.</p>
+<h3 id="do-i-still-need-to-give-my-tls-certificates-to-synapse-if-i-am-using-a-reverse-proxy"><a class="header" href="#do-i-still-need-to-give-my-tls-certificates-to-synapse-if-i-am-using-a-reverse-proxy">Do I still need to give my TLS certificates to Synapse if I am using a reverse proxy?</a></h3>
+<p>This is no longer necessary. If you are using a reverse proxy for all of your
+TLS traffic, then you can set <code>no_tls: True</code> in the Synapse config.</p>
+<p>In that case, the only reason Synapse needs the certificate is to populate a legacy
+<code>tls_fingerprints</code> field in the federation API. This is ignored by Synapse 0.99.0
+and later, and the only time pre-0.99 Synapses will check it is when attempting to
+fetch the server keys - and generally this is delegated via <code>matrix.org</code>, which
+is running a modern version of Synapse.</p>
+<h3 id="do-i-need-the-same-certificate-for-the-client-and-federation-port"><a class="header" href="#do-i-need-the-same-certificate-for-the-client-and-federation-port">Do I need the same certificate for the client and federation port?</a></h3>
+<p>No. There is nothing stopping you from using different certificates,
+particularly if you are using a reverse proxy.</p>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="upgrading-synapse"><a class="header" href="#upgrading-synapse">Upgrading Synapse</a></h1>
+<p>Before upgrading check if any special steps are required to upgrade from
+the version you currently have installed to the current version of
+Synapse. The extra instructions that may be required are listed later in
+this document.</p>
+<ul>
+<li>
+<p>Check that your versions of Python and PostgreSQL are still
+supported.</p>
+<p>Synapse follows upstream lifecycles for <a href="https://endoflife.date/python">Python</a> and
+<a href="https://endoflife.date/postgresql">PostgreSQL</a>, and removes support for versions
+which are no longer maintained.</p>
+<p>The website <a href="https://endoflife.date">https://endoflife.date</a> also offers convenient
+summaries.</p>
+</li>
+<li>
+<p>If Synapse was installed using <a href="../setup/INSTALL.html#prebuilt-packages">prebuilt
+packages</a>, you will need to follow the
+normal process for upgrading those packages.</p>
+</li>
+<li>
+<p>If Synapse was installed from source, then:</p>
+<ol>
+<li>
+<p>Activate the virtualenv before upgrading. For example, if
+Synapse is installed in a virtualenv in <code>~/synapse/env</code> then
+run:</p>
+<pre><code class="language-bash">source ~/synapse/env/bin/activate
+</code></pre>
+</li>
+<li>
+<p>If Synapse was installed using pip then upgrade to the latest
+version by running:</p>
+<pre><code class="language-bash">pip install --upgrade matrix-synapse
+</code></pre>
+<p>If Synapse was installed using git then upgrade to the latest
+version by running:</p>
+<pre><code class="language-bash">git pull
+pip install --upgrade .
+</code></pre>
+</li>
+<li>
+<p>Restart Synapse:</p>
+<pre><code class="language-bash">./synctl restart
+</code></pre>
+</li>
+</ol>
+</li>
+</ul>
+<p>To check whether your update was successful, you can check the running
+server version with:</p>
+<pre><code class="language-bash"># you may need to replace 'localhost:8008' if synapse is not configured
+# to listen on port 8008.
+
+curl http://localhost:8008/_synapse/admin/v1/server_version
+</code></pre>
+<h2 id="rolling-back-to-older-versions"><a class="header" href="#rolling-back-to-older-versions">Rolling back to older versions</a></h2>
+<p>Rolling back to previous releases can be difficult, due to database
+schema changes between releases. Where we have been able to test the
+rollback process, this will be noted below.</p>
+<p>In general, you will need to undo any changes made during the upgrade
+process, for example:</p>
+<ul>
+<li>
+<p>pip:</p>
+<pre><code class="language-bash">source env/bin/activate
+# replace `1.3.0` accordingly:
+pip install matrix-synapse==1.3.0
+</code></pre>
+</li>
+<li>
+<p>Debian:</p>
+<pre><code class="language-bash"># replace `1.3.0` and `stretch` accordingly:
+wget https://packages.matrix.org/debian/pool/main/m/matrix-synapse-py3/matrix-synapse-py3_1.3.0+stretch1_amd64.deb
+dpkg -i matrix-synapse-py3_1.3.0+stretch1_amd64.deb
+</code></pre>
+</li>
+</ul>
+<h1 id="upgrading-to-v1380"><a class="header" href="#upgrading-to-v1380">Upgrading to v1.38.0</a></h1>
+<h2 id="re-indexing-of-events-table-on-postgres-databases"><a class="header" href="#re-indexing-of-events-table-on-postgres-databases">Re-indexing of <code>events</code> table on Postgres databases</a></h2>
+<p>This release includes a database schema update which requires re-indexing one of
+the larger tables in the database, <code>events</code>. This could result in increased
+disk I/O for several hours or days after upgrading while the migration
+completes. Furthermore, because we have to keep the old indexes until the new
+indexes are ready, it could result in a significant, temporary, increase in
+disk space.</p>
+<p>To get a rough idea of the disk space required, check the current size of one
+of the indexes. For example, from a <code>psql</code> shell, run the following sql:</p>
+<pre><code class="language-sql">SELECT pg_size_pretty(pg_relation_size('events_order_room'));
+</code></pre>
+<p>We need to rebuild <strong>four</strong> indexes, so you will need to multiply this result
+by four to give an estimate of the disk space required. For example, on one
+particular server:</p>
+<pre><code>synapse=# select pg_size_pretty(pg_relation_size('events_order_room'));
+ pg_size_pretty
+----------------
+ 288 MB
+(1 row)
+</code></pre>
+<p>On this server, it would be wise to ensure that at least 1152MB are free.</p>
+<p>The additional disk space will be freed once the migration completes.</p>
+<p>SQLite databases are unaffected by this change.</p>
+<h1 id="upgrading-to-v1370"><a class="header" href="#upgrading-to-v1370">Upgrading to v1.37.0</a></h1>
+<h2 id="deprecation-of-the-current-spam-checker-interface"><a class="header" href="#deprecation-of-the-current-spam-checker-interface">Deprecation of the current spam checker interface</a></h2>
+<p>The current spam checker interface is deprecated in favour of a new generic modules system.
+Authors of spam checker modules can refer to <a href="https://matrix-org.github.io/synapse/develop/modules.html#porting-an-existing-module-that-uses-the-old-interface">this
+documentation</a>
+to update their modules. Synapse administrators can refer to <a href="https://matrix-org.github.io/synapse/develop/modules.html#using-modules">this
+documentation</a>
+to update their configuration once the modules they are using have been updated.</p>
+<p>We plan to remove support for the current spam checker interface in August 2021.</p>
+<p>More module interfaces will be ported over to this new generic system in future versions
+of Synapse.</p>
+<h1 id="upgrading-to-v1340"><a class="header" href="#upgrading-to-v1340">Upgrading to v1.34.0</a></h1>
+<h2 id="room_invite_state_types-configuration-setting"><a class="header" href="#room_invite_state_types-configuration-setting"><code>room_invite_state_types</code> configuration setting</a></h2>
+<p>The <code>room_invite_state_types</code> configuration setting has been deprecated
+and replaced with <code>room_prejoin_state</code>. See the <a href="https://github.com/matrix-org/synapse/blob/v1.34.0/docs/sample_config.yaml#L1515">sample configuration
+file</a>.</p>
+<p>If you have set <code>room_invite_state_types</code> to the default value you
+should simply remove it from your configuration file. The default value
+used to be:</p>
+<pre><code class="language-yaml">room_invite_state_types:
+   - &quot;m.room.join_rules&quot;
+   - &quot;m.room.canonical_alias&quot;
+   - &quot;m.room.avatar&quot;
+   - &quot;m.room.encryption&quot;
+   - &quot;m.room.name&quot;
+</code></pre>
+<p>If you have customised this value, you should remove
+<code>room_invite_state_types</code> and configure <code>room_prejoin_state</code> instead.</p>
+<h1 id="upgrading-to-v1330"><a class="header" href="#upgrading-to-v1330">Upgrading to v1.33.0</a></h1>
+<h2 id="account-validity-html-templates-can-now-display-a-users-expiration-date"><a class="header" href="#account-validity-html-templates-can-now-display-a-users-expiration-date">Account Validity HTML templates can now display a user's expiration date</a></h2>
+<p>This may affect you if you have enabled the account validity feature,
+and have made use of a custom HTML template specified by the
+<code>account_validity.template_dir</code> or
+<code>account_validity.account_renewed_html_path</code> Synapse config options.</p>
+<p>The template can now accept an <code>expiration_ts</code> variable, which
+represents the unix timestamp in milliseconds for the future date of
+which their account has been renewed until. See the <a href="https://github.com/matrix-org/synapse/blob/release-v1.33.0/synapse/res/templates/account_renewed.html">default
+template</a>
+for an example of usage.</p>
+<p>ALso note that a new HTML template, <code>account_previously_renewed.html</code>,
+has been added. This is is shown to users when they attempt to renew
+their account with a valid renewal token that has already been used
+before. The default template contents can been found
+<a href="https://github.com/matrix-org/synapse/blob/release-v1.33.0/synapse/res/templates/account_previously_renewed.html">here</a>,
+and can also accept an <code>expiration_ts</code> variable. This template replaces
+the error message users would previously see upon attempting to use a
+valid renewal token more than once.</p>
+<h1 id="upgrading-to-v1320"><a class="header" href="#upgrading-to-v1320">Upgrading to v1.32.0</a></h1>
+<h2 id="regression-causing-connected-prometheus-instances-to-become-overwhelmed"><a class="header" href="#regression-causing-connected-prometheus-instances-to-become-overwhelmed">Regression causing connected Prometheus instances to become overwhelmed</a></h2>
+<p>This release introduces <a href="https://github.com/matrix-org/synapse/issues/9853">a
+regression</a> that can
+overwhelm connected Prometheus instances. This issue is not present in
+Synapse v1.32.0rc1.</p>
+<p>If you have been affected, please downgrade to 1.31.0. You then may need
+to remove excess writeahead logs in order for Prometheus to recover.
+Instructions for doing so are provided
+<a href="https://github.com/matrix-org/synapse/pull/9854#issuecomment-823472183">here</a>.</p>
+<h2 id="dropping-support-for-old-python-postgres-and-sqlite-versions"><a class="header" href="#dropping-support-for-old-python-postgres-and-sqlite-versions">Dropping support for old Python, Postgres and SQLite versions</a></h2>
+<p>In line with our <a href="https://github.com/matrix-org/synapse/blob/release-v1.32.0/docs/deprecation_policy.md">deprecation
+policy</a>,
+we've dropped support for Python 3.5 and PostgreSQL 9.5, as they are no
+longer supported upstream.</p>
+<p>This release of Synapse requires Python 3.6+ and PostgresSQL 9.6+ or
+SQLite 3.22+.</p>
+<h2 id="removal-of-old-list-accounts-admin-api"><a class="header" href="#removal-of-old-list-accounts-admin-api">Removal of old List Accounts Admin API</a></h2>
+<p>The deprecated v1 &quot;list accounts&quot; admin API
+(<code>GET /_synapse/admin/v1/users/&lt;user_id&gt;</code>) has been removed in this
+version.</p>
+<p>The <a href="https://github.com/matrix-org/synapse/blob/master/docs/admin_api/user_admin_api.rst#list-accounts">v2 list accounts
+API</a>
+has been available since Synapse 1.7.0 (2019-12-13), and is accessible
+under <code>GET /_synapse/admin/v2/users</code>.</p>
+<p>The deprecation of the old endpoint was announced with Synapse 1.28.0
+(released on 2021-02-25).</p>
+<h2 id="application-services-must-use-type-mloginapplication_service-when-registering-users"><a class="header" href="#application-services-must-use-type-mloginapplication_service-when-registering-users">Application Services must use type <code>m.login.application_service</code> when registering users</a></h2>
+<p>In compliance with the <a href="https://matrix.org/docs/spec/application_service/r0.1.2#server-admin-style-permissions">Application Service
+spec</a>,
+Application Services are now required to use the
+<code>m.login.application_service</code> type when registering users via the
+<code>/_matrix/client/r0/register</code> endpoint. This behaviour was deprecated in
+Synapse v1.30.0.</p>
+<p>Please ensure your Application Services are up to date.</p>
+<h1 id="upgrading-to-v1290"><a class="header" href="#upgrading-to-v1290">Upgrading to v1.29.0</a></h1>
+<h2 id="requirement-for-x-forwarded-proto-header"><a class="header" href="#requirement-for-x-forwarded-proto-header">Requirement for X-Forwarded-Proto header</a></h2>
+<p>When using Synapse with a reverse proxy (in particular, when using the
+[x_forwarded]{.title-ref} option on an HTTP listener), Synapse now
+expects to receive an [X-Forwarded-Proto]{.title-ref} header on incoming
+HTTP requests. If it is not set, Synapse will log a warning on each
+received request.</p>
+<p>To avoid the warning, administrators using a reverse proxy should ensure
+that the reverse proxy sets [X-Forwarded-Proto]{.title-ref} header to
+[https]{.title-ref} or [http]{.title-ref} to indicate the protocol used
+by the client.</p>
+<p>Synapse also requires the [Host]{.title-ref} header to be preserved.</p>
+<p>See the <a href="../reverse_proxy.html">reverse proxy documentation</a>, where the
+example configurations have been updated to show how to set these
+headers.</p>
+<p>(Users of <a href="https://caddyserver.com/">Caddy</a> are unaffected, since we
+believe it sets [X-Forwarded-Proto]{.title-ref} by default.)</p>
+<h1 id="upgrading-to-v1270"><a class="header" href="#upgrading-to-v1270">Upgrading to v1.27.0</a></h1>
+<h2 id="changes-to-callback-uri-for-oauth2--openid-connect-and-saml2"><a class="header" href="#changes-to-callback-uri-for-oauth2--openid-connect-and-saml2">Changes to callback URI for OAuth2 / OpenID Connect and SAML2</a></h2>
+<p>This version changes the URI used for callbacks from OAuth2 and SAML2
+identity providers:</p>
+<ul>
+<li>
+<p>If your server is configured for single sign-on via an OpenID
+Connect or OAuth2 identity provider, you will need to add
+<code>[synapse public baseurl]/_synapse/client/oidc/callback</code> to the list
+of permitted &quot;redirect URIs&quot; at the identity provider.</p>
+<p>See the <a href="../openid.html">OpenID docs</a> for more information on setting
+up OpenID Connect.</p>
+</li>
+<li>
+<p>If your server is configured for single sign-on via a SAML2 identity
+provider, you will need to add
+<code>[synapse public baseurl]/_synapse/client/saml2/authn_response</code> as a
+permitted &quot;ACS location&quot; (also known as &quot;allowed callback URLs&quot;)
+at the identity provider.</p>
+<p>The &quot;Issuer&quot; in the &quot;AuthnRequest&quot; to the SAML2 identity
+provider is also updated to
+<code>[synapse public baseurl]/_synapse/client/saml2/metadata.xml</code>. If
+your SAML2 identity provider uses this property to validate or
+otherwise identify Synapse, its configuration will need to be
+updated to use the new URL. Alternatively you could create a new,
+separate &quot;EntityDescriptor&quot; in your SAML2 identity provider with
+the new URLs and leave the URLs in the existing &quot;EntityDescriptor&quot;
+as they were.</p>
+</li>
+</ul>
+<h2 id="changes-to-html-templates"><a class="header" href="#changes-to-html-templates">Changes to HTML templates</a></h2>
+<p>The HTML templates for SSO and email notifications now have <a href="https://jinja.palletsprojects.com/en/2.11.x/api/#autoescaping">Jinja2's
+autoescape</a>
+enabled for files ending in <code>.html</code>, <code>.htm</code>, and <code>.xml</code>. If you have
+customised these templates and see issues when viewing them you might
+need to update them. It is expected that most configurations will need
+no changes.</p>
+<p>If you have customised the templates <em>names</em> for these templates, it is
+recommended to verify they end in <code>.html</code> to ensure autoescape is
+enabled.</p>
+<p>The above applies to the following templates:</p>
+<ul>
+<li><code>add_threepid.html</code></li>
+<li><code>add_threepid_failure.html</code></li>
+<li><code>add_threepid_success.html</code></li>
+<li><code>notice_expiry.html</code></li>
+<li><code>notice_expiry.html</code></li>
+<li><code>notif_mail.html</code> (which, by default, includes <code>room.html</code> and
+<code>notif.html</code>)</li>
+<li><code>password_reset.html</code></li>
+<li><code>password_reset_confirmation.html</code></li>
+<li><code>password_reset_failure.html</code></li>
+<li><code>password_reset_success.html</code></li>
+<li><code>registration.html</code></li>
+<li><code>registration_failure.html</code></li>
+<li><code>registration_success.html</code></li>
+<li><code>sso_account_deactivated.html</code></li>
+<li><code>sso_auth_bad_user.html</code></li>
+<li><code>sso_auth_confirm.html</code></li>
+<li><code>sso_auth_success.html</code></li>
+<li><code>sso_error.html</code></li>
+<li><code>sso_login_idp_picker.html</code></li>
+<li><code>sso_redirect_confirm.html</code></li>
+</ul>
+<h1 id="upgrading-to-v1260"><a class="header" href="#upgrading-to-v1260">Upgrading to v1.26.0</a></h1>
+<h2 id="rolling-back-to-v1250-after-a-failed-upgrade"><a class="header" href="#rolling-back-to-v1250-after-a-failed-upgrade">Rolling back to v1.25.0 after a failed upgrade</a></h2>
+<p>v1.26.0 includes a lot of large changes. If something problematic
+occurs, you may want to roll-back to a previous version of Synapse.
+Because v1.26.0 also includes a new database schema version, reverting
+that version is also required alongside the generic rollback
+instructions mentioned above. In short, to roll back to v1.25.0 you need
+to:</p>
+<ol>
+<li>
+<p>Stop the server</p>
+</li>
+<li>
+<p>Decrease the schema version in the database:</p>
+<pre><code class="language-sql">UPDATE schema_version SET version = 58;
+</code></pre>
+</li>
+<li>
+<p>Delete the ignored users &amp; chain cover data:</p>
+<pre><code class="language-sql">DROP TABLE IF EXISTS ignored_users;
+UPDATE rooms SET has_auth_chain_index = false;
+</code></pre>
+<p>For PostgreSQL run:</p>
+<pre><code class="language-sql">TRUNCATE event_auth_chain_links;
+TRUNCATE event_auth_chains;
+</code></pre>
+<p>For SQLite run:</p>
+<pre><code class="language-sql">DELETE FROM event_auth_chain_links;
+DELETE FROM event_auth_chains;
+</code></pre>
+</li>
+<li>
+<p>Mark the deltas as not run (so they will re-run on upgrade).</p>
+<pre><code class="language-sql">DELETE FROM applied_schema_deltas WHERE version = 59 AND file = &quot;59/01ignored_user.py&quot;;
+DELETE FROM applied_schema_deltas WHERE version = 59 AND file = &quot;59/06chain_cover_index.sql&quot;;
+</code></pre>
+</li>
+<li>
+<p>Downgrade Synapse by following the instructions for your
+installation method in the &quot;Rolling back to older versions&quot;
+section above.</p>
+</li>
+</ol>
+<h1 id="upgrading-to-v1250"><a class="header" href="#upgrading-to-v1250">Upgrading to v1.25.0</a></h1>
+<h2 id="last-release-supporting-python-35"><a class="header" href="#last-release-supporting-python-35">Last release supporting Python 3.5</a></h2>
+<p>This is the last release of Synapse which guarantees support with Python
+3.5, which passed its upstream End of Life date several months ago.</p>
+<p>We will attempt to maintain support through March 2021, but without
+guarantees.</p>
+<p>In the future, Synapse will follow upstream schedules for ending support
+of older versions of Python and PostgreSQL. Please upgrade to at least
+Python 3.6 and PostgreSQL 9.6 as soon as possible.</p>
+<h2 id="blacklisting-ip-ranges"><a class="header" href="#blacklisting-ip-ranges">Blacklisting IP ranges</a></h2>
+<p>Synapse v1.25.0 includes new settings, <code>ip_range_blacklist</code> and
+<code>ip_range_whitelist</code>, for controlling outgoing requests from Synapse for
+federation, identity servers, push, and for checking key validity for
+third-party invite events. The previous setting,
+<code>federation_ip_range_blacklist</code>, is deprecated. The new
+<code>ip_range_blacklist</code> defaults to private IP ranges if it is not defined.</p>
+<p>If you have never customised <code>federation_ip_range_blacklist</code> it is
+recommended that you remove that setting.</p>
+<p>If you have customised <code>federation_ip_range_blacklist</code> you should update
+the setting name to <code>ip_range_blacklist</code>.</p>
+<p>If you have a custom push server that is reached via private IP space
+you may need to customise <code>ip_range_blacklist</code> or <code>ip_range_whitelist</code>.</p>
+<h1 id="upgrading-to-v1240"><a class="header" href="#upgrading-to-v1240">Upgrading to v1.24.0</a></h1>
+<h2 id="custom-openid-connect-mapping-provider-breaking-change"><a class="header" href="#custom-openid-connect-mapping-provider-breaking-change">Custom OpenID Connect mapping provider breaking change</a></h2>
+<p>This release allows the OpenID Connect mapping provider to perform
+normalisation of the localpart of the Matrix ID. This allows for the
+mapping provider to specify different algorithms, instead of the
+<a href="https://matrix.org/docs/spec/appendices#mapping-from-other-character-sets">default
+way</a>.</p>
+<p>If your Synapse configuration uses a custom mapping provider
+([oidc_config.user_mapping_provider.module]{.title-ref} is specified and
+not equal to
+[synapse.handlers.oidc_handler.JinjaOidcMappingProvider]{.title-ref})
+then you <em>must</em> ensure that [map_user_attributes]{.title-ref} of the
+mapping provider performs some normalisation of the
+[localpart]{.title-ref} returned. To match previous behaviour you can
+use the [map_username_to_mxid_localpart]{.title-ref} function provided
+by Synapse. An example is shown below:</p>
+<pre><code class="language-python">from synapse.types import map_username_to_mxid_localpart
+
+class MyMappingProvider:
+    def map_user_attributes(self, userinfo, token):
+        # ... your custom logic ...
+        sso_user_id = ...
+        localpart = map_username_to_mxid_localpart(sso_user_id)
+
+        return {&quot;localpart&quot;: localpart}
+</code></pre>
+<h2 id="removal-historical-synapse-admin-api"><a class="header" href="#removal-historical-synapse-admin-api">Removal historical Synapse Admin API</a></h2>
+<p>Historically, the Synapse Admin API has been accessible under:</p>
+<ul>
+<li><code>/_matrix/client/api/v1/admin</code></li>
+<li><code>/_matrix/client/unstable/admin</code></li>
+<li><code>/_matrix/client/r0/admin</code></li>
+<li><code>/_synapse/admin/v1</code></li>
+</ul>
+<p>The endpoints with <code>/_matrix/client/*</code> prefixes have been removed as of
+v1.24.0. The Admin API is now only accessible under:</p>
+<ul>
+<li><code>/_synapse/admin/v1</code></li>
+</ul>
+<p>The only exception is the [/admin/whois]{.title-ref} endpoint, which is
+<a href="https://matrix.org/docs/spec/client_server/r0.6.1#get-matrix-client-r0-admin-whois-userid">also available via the client-server
+API</a>.</p>
+<p>The deprecation of the old endpoints was announced with Synapse 1.20.0
+(released on 2020-09-22) and makes it easier for homeserver admins to
+lock down external access to the Admin API endpoints.</p>
+<h1 id="upgrading-to-v1230"><a class="header" href="#upgrading-to-v1230">Upgrading to v1.23.0</a></h1>
+<h2 id="structured-logging-configuration-breaking-changes"><a class="header" href="#structured-logging-configuration-breaking-changes">Structured logging configuration breaking changes</a></h2>
+<p>This release deprecates use of the <code>structured: true</code> logging
+configuration for structured logging. If your logging configuration
+contains <code>structured: true</code> then it should be modified based on the
+<a href="../structured_logging.html">structured logging
+documentation</a>.</p>
+<p>The <code>structured</code> and <code>drains</code> logging options are now deprecated and
+should be replaced by standard logging configuration of <code>handlers</code> and
+<code>formatters</code>.</p>
+<p>A future will release of Synapse will make using <code>structured: true</code> an
+error.</p>
+<h1 id="upgrading-to-v1220"><a class="header" href="#upgrading-to-v1220">Upgrading to v1.22.0</a></h1>
+<h2 id="thirdpartyeventrules-breaking-changes"><a class="header" href="#thirdpartyeventrules-breaking-changes">ThirdPartyEventRules breaking changes</a></h2>
+<p>This release introduces a backwards-incompatible change to modules
+making use of <code>ThirdPartyEventRules</code> in Synapse. If you make use of a
+module defined under the <code>third_party_event_rules</code> config option, please
+make sure it is updated to handle the below change:</p>
+<p>The <code>http_client</code> argument is no longer passed to modules as they are
+initialised. Instead, modules are expected to make use of the
+<code>http_client</code> property on the <code>ModuleApi</code> class. Modules are now passed
+a <code>module_api</code> argument during initialisation, which is an instance of
+<code>ModuleApi</code>. <code>ModuleApi</code> instances have a <code>http_client</code> property which
+acts the same as the <code>http_client</code> argument previously passed to
+<code>ThirdPartyEventRules</code> modules.</p>
+<h1 id="upgrading-to-v1210"><a class="header" href="#upgrading-to-v1210">Upgrading to v1.21.0</a></h1>
+<h2 id="forwarding-_synapseclient-through-your-reverse-proxy"><a class="header" href="#forwarding-_synapseclient-through-your-reverse-proxy">Forwarding <code>/_synapse/client</code> through your reverse proxy</a></h2>
+<p>The <a href="https://github.com/matrix-org/synapse/blob/develop/docs/reverse_proxy.md">reverse proxy
+documentation</a>
+has been updated to include reverse proxy directives for
+<code>/_synapse/client/*</code> endpoints. As the user password reset flow now uses
+endpoints under this prefix, <strong>you must update your reverse proxy
+configurations for user password reset to work</strong>.</p>
+<p>Additionally, note that the <a href="https://github.com/matrix-org/synapse/blob/develop/docs/workers.md">Synapse worker documentation</a> has been updated to</p>
+<p>:   state that the <code>/_synapse/client/password_reset/email/submit_token</code>
+endpoint can be handled</p>
+<p>by all workers. If you make use of Synapse's worker feature, please
+update your reverse proxy configuration to reflect this change.</p>
+<h2 id="new-html-templates"><a class="header" href="#new-html-templates">New HTML templates</a></h2>
+<p>A new HTML template,
+<a href="https://github.com/matrix-org/synapse/blob/develop/synapse/res/templates/password_reset_confirmation.html">password_reset_confirmation.html</a>,
+has been added to the <code>synapse/res/templates</code> directory. If you are
+using a custom template directory, you may want to copy the template
+over and modify it.</p>
+<p>Note that as of v1.20.0, templates do not need to be included in custom
+template directories for Synapse to start. The default templates will be
+used if a custom template cannot be found.</p>
+<p>This page will appear to the user after clicking a password reset link
+that has been emailed to them.</p>
+<p>To complete password reset, the page must include a way to make a
+[POST]{.title-ref} request to
+<code>/_synapse/client/password_reset/{medium}/submit_token</code> with the query
+parameters from the original link, presented as a URL-encoded form. See
+the file itself for more details.</p>
+<h2 id="updated-single-sign-on-html-templates"><a class="header" href="#updated-single-sign-on-html-templates">Updated Single Sign-on HTML Templates</a></h2>
+<p>The <code>saml_error.html</code> template was removed from Synapse and replaced
+with the <code>sso_error.html</code> template. If your Synapse is configured to use
+SAML and a custom <code>sso_redirect_confirm_template_dir</code> configuration then
+any customisations of the <code>saml_error.html</code> template will need to be
+merged into the <code>sso_error.html</code> template. These templates are similar,
+but the parameters are slightly different:</p>
+<ul>
+<li>The <code>msg</code> parameter should be renamed to <code>error_description</code>.</li>
+<li>There is no longer a <code>code</code> parameter for the response code.</li>
+<li>A string <code>error</code> parameter is available that includes a short hint
+of why a user is seeing the error page.</li>
+</ul>
+<h1 id="upgrading-to-v1180"><a class="header" href="#upgrading-to-v1180">Upgrading to v1.18.0</a></h1>
+<h2 id="docker--py3title-ref-suffix-will-be-removed-in-future-versions"><a class="header" href="#docker--py3title-ref-suffix-will-be-removed-in-future-versions">Docker [-py3]{.title-ref} suffix will be removed in future versions</a></h2>
+<p>From 10th August 2020, we will no longer publish Docker images with the
+[-py3]{.title-ref} tag suffix. The images tagged with the
+[-py3]{.title-ref} suffix have been identical to the non-suffixed tags
+since release 0.99.0, and the suffix is obsolete.</p>
+<p>On 10th August, we will remove the [latest-py3]{.title-ref} tag.
+Existing per-release tags (such as [v1.18.0-py3]{.title-ref}) will not
+be removed, but no new [-py3]{.title-ref} tags will be added.</p>
+<p>Scripts relying on the [-py3]{.title-ref} suffix will need to be
+updated.</p>
+<h2 id="redis-replication-is-now-recommended-in-lieu-of-tcp-replication"><a class="header" href="#redis-replication-is-now-recommended-in-lieu-of-tcp-replication">Redis replication is now recommended in lieu of TCP replication</a></h2>
+<p>When setting up worker processes, we now recommend the use of a Redis
+server for replication. <strong>The old direct TCP connection method is
+deprecated and will be removed in a future release.</strong> See
+<a href="../workers.html">workers</a> for more details.</p>
+<h1 id="upgrading-to-v1140"><a class="header" href="#upgrading-to-v1140">Upgrading to v1.14.0</a></h1>
+<p>This version includes a database update which is run as part of the
+upgrade, and which may take a couple of minutes in the case of a large
+server. Synapse will not respond to HTTP requests while this update is
+taking place.</p>
+<h1 id="upgrading-to-v1130"><a class="header" href="#upgrading-to-v1130">Upgrading to v1.13.0</a></h1>
+<h2 id="incorrect-database-migration-in-old-synapse-versions"><a class="header" href="#incorrect-database-migration-in-old-synapse-versions">Incorrect database migration in old synapse versions</a></h2>
+<p>A bug was introduced in Synapse 1.4.0 which could cause the room
+directory to be incomplete or empty if Synapse was upgraded directly
+from v1.2.1 or earlier, to versions between v1.4.0 and v1.12.x.</p>
+<p>This will <em>not</em> be a problem for Synapse installations which were:</p>
+<p>:   -   created at v1.4.0 or later,
+-   upgraded via v1.3.x, or
+-   upgraded straight from v1.2.1 or earlier to v1.13.0 or later.</p>
+<p>If completeness of the room directory is a concern, installations which
+are affected can be repaired as follows:</p>
+<ol>
+<li>
+<p>Run the following sql from a [psql]{.title-ref} or
+[sqlite3]{.title-ref} console:</p>
+<pre><code class="language-sql">INSERT INTO background_updates (update_name, progress_json, depends_on) VALUES
+   ('populate_stats_process_rooms', '{}', 'current_state_events_membership');
+
+INSERT INTO background_updates (update_name, progress_json, depends_on) VALUES
+   ('populate_stats_process_users', '{}', 'populate_stats_process_rooms');
+</code></pre>
+</li>
+<li>
+<p>Restart synapse.</p>
+</li>
+</ol>
+<h2 id="new-single-sign-on-html-templates"><a class="header" href="#new-single-sign-on-html-templates">New Single Sign-on HTML Templates</a></h2>
+<p>New templates (<code>sso_auth_confirm.html</code>, <code>sso_auth_success.html</code>, and
+<code>sso_account_deactivated.html</code>) were added to Synapse. If your Synapse
+is configured to use SSO and a custom
+<code>sso_redirect_confirm_template_dir</code> configuration then these templates
+will need to be copied from
+<a href="synapse/res/templates">synapse/res/templates</a> into that directory.</p>
+<h2 id="synapse-sso-plugins-method-deprecation"><a class="header" href="#synapse-sso-plugins-method-deprecation">Synapse SSO Plugins Method Deprecation</a></h2>
+<p>Plugins using the <code>complete_sso_login</code> method of
+<code>synapse.module_api.ModuleApi</code> should update to using the async/await
+version <code>complete_sso_login_async</code> which includes additional checks. The
+non-async version is considered deprecated.</p>
+<h2 id="rolling-back-to-v1124-after-a-failed-upgrade"><a class="header" href="#rolling-back-to-v1124-after-a-failed-upgrade">Rolling back to v1.12.4 after a failed upgrade</a></h2>
+<p>v1.13.0 includes a lot of large changes. If something problematic
+occurs, you may want to roll-back to a previous version of Synapse.
+Because v1.13.0 also includes a new database schema version, reverting
+that version is also required alongside the generic rollback
+instructions mentioned above. In short, to roll back to v1.12.4 you need
+to:</p>
+<ol>
+<li>
+<p>Stop the server</p>
+</li>
+<li>
+<p>Decrease the schema version in the database:</p>
+<pre><code class="language-sql">UPDATE schema_version SET version = 57;
+</code></pre>
+</li>
+<li>
+<p>Downgrade Synapse by following the instructions for your
+installation method in the &quot;Rolling back to older versions&quot;
+section above.</p>
+</li>
+</ol>
+<h1 id="upgrading-to-v1120"><a class="header" href="#upgrading-to-v1120">Upgrading to v1.12.0</a></h1>
+<p>This version includes a database update which is run as part of the
+upgrade, and which may take some time (several hours in the case of a
+large server). Synapse will not respond to HTTP requests while this
+update is taking place.</p>
+<p>This is only likely to be a problem in the case of a server which is
+participating in many rooms.</p>
+<ol start="0">
+<li>
+<p>As with all upgrades, it is recommended that you have a recent
+backup of your database which can be used for recovery in the event
+of any problems.</p>
+</li>
+<li>
+<p>As an initial check to see if you will be affected, you can try
+running the following query from the [psql]{.title-ref} or
+[sqlite3]{.title-ref} console. It is safe to run it while Synapse is
+still running.</p>
+<pre><code class="language-sql">SELECT MAX(q.v) FROM (
+  SELECT (
+    SELECT ej.json AS v
+    FROM state_events se INNER JOIN event_json ej USING (event_id)
+    WHERE se.room_id=rooms.room_id AND se.type='m.room.create' AND se.state_key=''
+    LIMIT 1
+  ) FROM rooms WHERE rooms.room_version IS NULL
+) q;
+</code></pre>
+<p>This query will take about the same amount of time as the upgrade
+process: ie, if it takes 5 minutes, then it is likely that Synapse
+will be unresponsive for 5 minutes during the upgrade.</p>
+<p>If you consider an outage of this duration to be acceptable, no
+further action is necessary and you can simply start Synapse 1.12.0.</p>
+<p>If you would prefer to reduce the downtime, continue with the steps
+below.</p>
+</li>
+<li>
+<p>The easiest workaround for this issue is to manually create a new
+index before upgrading. On PostgreSQL, his can be done as follows:</p>
+<pre><code class="language-sql">CREATE INDEX CONCURRENTLY tmp_upgrade_1_12_0_index
+ON state_events(room_id) WHERE type = 'm.room.create';
+</code></pre>
+<p>The above query may take some time, but is also safe to run while
+Synapse is running.</p>
+<p>We assume that no SQLite users have databases large enough to be
+affected. If you <em>are</em> affected, you can run a similar query,
+omitting the <code>CONCURRENTLY</code> keyword. Note however that this
+operation may in itself cause Synapse to stop running for some time.
+Synapse admins are reminded that <a href="https://github.com/matrix-org/synapse/blob/master/README.rst#using-postgresql">SQLite is not recommended for use
+outside a test
+environment</a>.</p>
+</li>
+<li>
+<p>Once the index has been created, the <code>SELECT</code> query in step 1 above
+should complete quickly. It is therefore safe to upgrade to Synapse
+1.12.0.</p>
+</li>
+<li>
+<p>Once Synapse 1.12.0 has successfully started and is responding to
+HTTP requests, the temporary index can be removed:</p>
+<pre><code class="language-sql">DROP INDEX tmp_upgrade_1_12_0_index;
+</code></pre>
+</li>
+</ol>
+<h1 id="upgrading-to-v1100"><a class="header" href="#upgrading-to-v1100">Upgrading to v1.10.0</a></h1>
+<p>Synapse will now log a warning on start up if used with a PostgreSQL
+database that has a non-recommended locale set.</p>
+<p>See <a href="../postgres.html">Postgres</a> for details.</p>
+<h1 id="upgrading-to-v180"><a class="header" href="#upgrading-to-v180">Upgrading to v1.8.0</a></h1>
+<p>Specifying a <code>log_file</code> config option will now cause Synapse to refuse
+to start, and should be replaced by with the <code>log_config</code> option.
+Support for the <code>log_file</code> option was removed in v1.3.0 and has since
+had no effect.</p>
+<h1 id="upgrading-to-v170"><a class="header" href="#upgrading-to-v170">Upgrading to v1.7.0</a></h1>
+<p>In an attempt to configure Synapse in a privacy preserving way, the
+default behaviours of <code>allow_public_rooms_without_auth</code> and
+<code>allow_public_rooms_over_federation</code> have been inverted. This means that
+by default, only authenticated users querying the Client/Server API will
+be able to query the room directory, and relatedly that the server will
+not share room directory information with other servers over federation.</p>
+<p>If your installation does not explicitly set these settings one way or
+the other and you want either setting to be <code>true</code> then it will
+necessary to update your homeserver configuration file accordingly.</p>
+<p>For more details on the surrounding context see our
+<a href="https://matrix.org/blog/2019/11/09/avoiding-unwelcome-visitors-on-private-matrix-servers">explainer</a>.</p>
+<h1 id="upgrading-to-v150"><a class="header" href="#upgrading-to-v150">Upgrading to v1.5.0</a></h1>
+<p>This release includes a database migration which may take several
+minutes to complete if there are a large number (more than a million or
+so) of entries in the <code>devices</code> table. This is only likely to a be a
+problem on very large installations.</p>
+<h1 id="upgrading-to-v140"><a class="header" href="#upgrading-to-v140">Upgrading to v1.4.0</a></h1>
+<h2 id="new-custom-templates"><a class="header" href="#new-custom-templates">New custom templates</a></h2>
+<p>If you have configured a custom template directory with the
+<code>email.template_dir</code> option, be aware that there are new templates
+regarding registration and threepid management (see below) that must be
+included.</p>
+<ul>
+<li><code>registration.html</code> and <code>registration.txt</code></li>
+<li><code>registration_success.html</code> and <code>registration_failure.html</code></li>
+<li><code>add_threepid.html</code> and <code>add_threepid.txt</code></li>
+<li><code>add_threepid_failure.html</code> and <code>add_threepid_success.html</code></li>
+</ul>
+<p>Synapse will expect these files to exist inside the configured template
+directory, and <strong>will fail to start</strong> if they are absent. To view the
+default templates, see
+<a href="https://github.com/matrix-org/synapse/tree/master/synapse/res/templates">synapse/res/templates</a>.</p>
+<h2 id="3pid-verification-changes"><a class="header" href="#3pid-verification-changes">3pid verification changes</a></h2>
+<p><strong>Note: As of this release, users will be unable to add phone numbers or
+email addresses to their accounts, without changes to the Synapse
+configuration. This includes adding an email address during
+registration.</strong></p>
+<p>It is possible for a user to associate an email address or phone number
+with their account, for a number of reasons:</p>
+<ul>
+<li>for use when logging in, as an alternative to the user id.</li>
+<li>in the case of email, as an alternative contact to help with account
+recovery.</li>
+<li>in the case of email, to receive notifications of missed messages.</li>
+</ul>
+<p>Before an email address or phone number can be added to a user's
+account, or before such an address is used to carry out a
+password-reset, Synapse must confirm the operation with the owner of the
+email address or phone number. It does this by sending an email or text
+giving the user a link or token to confirm receipt. This process is
+known as '3pid verification'. ('3pid', or 'threepid', stands for
+third-party identifier, and we use it to refer to external identifiers
+such as email addresses and phone numbers.)</p>
+<p>Previous versions of Synapse delegated the task of 3pid verification to
+an identity server by default. In most cases this server is <code>vector.im</code>
+or <code>matrix.org</code>.</p>
+<p>In Synapse 1.4.0, for security and privacy reasons, the homeserver will
+no longer delegate this task to an identity server by default. Instead,
+the server administrator will need to explicitly decide how they would
+like the verification messages to be sent.</p>
+<p>In the medium term, the <code>vector.im</code> and <code>matrix.org</code> identity servers
+will disable support for delegated 3pid verification entirely. However,
+in order to ease the transition, they will retain the capability for a
+limited period. Delegated email verification will be disabled on Monday
+2nd December 2019 (giving roughly 2 months notice). Disabling delegated
+SMS verification will follow some time after that once SMS verification
+support lands in Synapse.</p>
+<p>Once delegated 3pid verification support has been disabled in the
+<code>vector.im</code> and <code>matrix.org</code> identity servers, all Synapse versions that
+depend on those instances will be unable to verify email and phone
+numbers through them. There are no imminent plans to remove delegated
+3pid verification from Sydent generally. (Sydent is the identity server
+project that backs the <code>vector.im</code> and <code>matrix.org</code> instances).</p>
+<h3 id="email-1"><a class="header" href="#email-1">Email</a></h3>
+<p>Following upgrade, to continue verifying email (e.g. as part of the
+registration process), admins can either:-</p>
+<ul>
+<li>Configure Synapse to use an email server.</li>
+<li>Run or choose an identity server which allows delegated email
+verification and delegate to it.</li>
+</ul>
+<h4 id="configure-smtp-in-synapse"><a class="header" href="#configure-smtp-in-synapse">Configure SMTP in Synapse</a></h4>
+<p>To configure an SMTP server for Synapse, modify the configuration
+section headed <code>email</code>, and be sure to have at least the
+<code>smtp_host, smtp_port</code> and <code>notif_from</code> fields filled out.</p>
+<p>You may also need to set <code>smtp_user</code>, <code>smtp_pass</code>, and
+<code>require_transport_security</code>.</p>
+<p>See the <a href="docs/sample_config.yaml">sample configuration file</a> for more
+details on these settings.</p>
+<h4 id="delegate-email-to-an-identity-server"><a class="header" href="#delegate-email-to-an-identity-server">Delegate email to an identity server</a></h4>
+<p>Some admins will wish to continue using email verification as part of
+the registration process, but will not immediately have an appropriate
+SMTP server at hand.</p>
+<p>To this end, we will continue to support email verification delegation
+via the <code>vector.im</code> and <code>matrix.org</code> identity servers for two months.
+Support for delegated email verification will be disabled on Monday 2nd
+December.</p>
+<p>The <code>account_threepid_delegates</code> dictionary defines whether the
+homeserver should delegate an external server (typically an <a href="https://matrix.org/docs/spec/identity_service/r0.2.1">identity
+server</a>) to handle
+sending confirmation messages via email and SMS.</p>
+<p>So to delegate email verification, in <code>homeserver.yaml</code>, set
+<code>account_threepid_delegates.email</code> to the base URL of an identity
+server. For example:</p>
+<pre><code class="language-yaml">account_threepid_delegates:
+    email: https://example.com     # Delegate email sending to example.com
+</code></pre>
+<p>Note that <code>account_threepid_delegates.email</code> replaces the deprecated
+<code>email.trust_identity_server_for_password_resets</code>: if
+<code>email.trust_identity_server_for_password_resets</code> is set to <code>true</code>, and
+<code>account_threepid_delegates.email</code> is not set, then the first entry in
+<code>trusted_third_party_id_servers</code> will be used as the
+<code>account_threepid_delegate</code> for email. This is to ensure compatibility
+with existing Synapse installs that set up external server handling for
+these tasks before v1.4.0. If
+<code>email.trust_identity_server_for_password_resets</code> is <code>true</code> and no
+trusted identity server domains are configured, Synapse will report an
+error and refuse to start.</p>
+<p>If <code>email.trust_identity_server_for_password_resets</code> is <code>false</code> or
+absent and no <code>email</code> delegate is configured in
+<code>account_threepid_delegates</code>, then Synapse will send email verification
+messages itself, using the configured SMTP server (see above). that
+type.</p>
+<h3 id="phone-numbers"><a class="header" href="#phone-numbers">Phone numbers</a></h3>
+<p>Synapse does not support phone-number verification itself, so the only
+way to maintain the ability for users to add phone numbers to their
+accounts will be by continuing to delegate phone number verification to
+the <code>matrix.org</code> and <code>vector.im</code> identity servers (or another identity
+server that supports SMS sending).</p>
+<p>The <code>account_threepid_delegates</code> dictionary defines whether the
+homeserver should delegate an external server (typically an <a href="https://matrix.org/docs/spec/identity_service/r0.2.1">identity
+server</a>) to handle
+sending confirmation messages via email and SMS.</p>
+<p>So to delegate phone number verification, in <code>homeserver.yaml</code>, set
+<code>account_threepid_delegates.msisdn</code> to the base URL of an identity
+server. For example:</p>
+<pre><code class="language-yaml">account_threepid_delegates:
+    msisdn: https://example.com     # Delegate sms sending to example.com
+</code></pre>
+<p>The <code>matrix.org</code> and <code>vector.im</code> identity servers will continue to
+support delegated phone number verification via SMS until such time as
+it is possible for admins to configure their servers to perform phone
+number verification directly. More details will follow in a future
+release.</p>
+<h2 id="rolling-back-to-v131"><a class="header" href="#rolling-back-to-v131">Rolling back to v1.3.1</a></h2>
+<p>If you encounter problems with v1.4.0, it should be possible to roll
+back to v1.3.1, subject to the following:</p>
+<ul>
+<li>
+<p>The 'room statistics' engine was heavily reworked in this release
+(see <a href="https://github.com/matrix-org/synapse/pull/5971">#5971</a>),
+including significant changes to the database schema, which are not
+easily reverted. This will cause the room statistics engine to stop
+updating when you downgrade.</p>
+<p>The room statistics are essentially unused in v1.3.1 (in future
+versions of Synapse, they will be used to populate the room
+directory), so there should be no loss of functionality. However,
+the statistics engine will write errors to the logs, which can be
+avoided by setting the following in <code>homeserver.yaml</code>:</p>
+<pre><code class="language-yaml">stats:
+  enabled: false
+</code></pre>
+<p>Don't forget to re-enable it when you upgrade again, in preparation
+for its use in the room directory!</p>
+</li>
+</ul>
+<h1 id="upgrading-to-v120"><a class="header" href="#upgrading-to-v120">Upgrading to v1.2.0</a></h1>
+<p>Some counter metrics have been renamed, with the old names deprecated.
+See <a href="../metrics-howto.html#renaming-of-metrics--deprecation-of-old-names-in-12">the metrics
+documentation</a>
+for details.</p>
+<h1 id="upgrading-to-v110"><a class="header" href="#upgrading-to-v110">Upgrading to v1.1.0</a></h1>
+<p>Synapse v1.1.0 removes support for older Python and PostgreSQL versions,
+as outlined in <a href="https://matrix.org/blog/2019/04/08/synapse-deprecating-postgres-9-4-and-python-2-x">our deprecation
+notice</a>.</p>
+<h2 id="minimum-python-version"><a class="header" href="#minimum-python-version">Minimum Python Version</a></h2>
+<p>Synapse v1.1.0 has a minimum Python requirement of Python 3.5. Python
+3.6 or Python 3.7 are recommended as they have improved internal string
+handling, significantly reducing memory usage.</p>
+<p>If you use current versions of the Matrix.org-distributed Debian
+packages or Docker images, action is not required.</p>
+<p>If you install Synapse in a Python virtual environment, please see
+&quot;Upgrading to v0.34.0&quot; for notes on setting up a new virtualenv under
+Python 3.</p>
+<h2 id="minimum-postgresql-version"><a class="header" href="#minimum-postgresql-version">Minimum PostgreSQL Version</a></h2>
+<p>If using PostgreSQL under Synapse, you will need to use PostgreSQL 9.5
+or above. Please see the <a href="https://www.postgresql.org/docs/11/upgrading.html">PostgreSQL
+documentation</a> for
+more details on upgrading your database.</p>
+<h1 id="upgrading-to-v10"><a class="header" href="#upgrading-to-v10">Upgrading to v1.0</a></h1>
+<h2 id="validation-of-tls-certificates"><a class="header" href="#validation-of-tls-certificates">Validation of TLS certificates</a></h2>
+<p>Synapse v1.0 is the first release to enforce validation of TLS
+certificates for the federation API. It is therefore essential that your
+certificates are correctly configured. See the
+<a href="../MSC1711_certificates_FAQ.html">FAQ</a> for more information.</p>
+<p>Note, v1.0 installations will also no longer be able to federate with
+servers that have not correctly configured their certificates.</p>
+<p>In rare cases, it may be desirable to disable certificate checking: for
+example, it might be essential to be able to federate with a given
+legacy server in a closed federation. This can be done in one of two
+ways:-</p>
+<ul>
+<li>Configure the global switch <code>federation_verify_certificates</code> to
+<code>false</code>.</li>
+<li>Configure a whitelist of server domains to trust via
+<code>federation_certificate_verification_whitelist</code>.</li>
+</ul>
+<p>See the <a href="docs/sample_config.yaml">sample configuration file</a> for more
+details on these settings.</p>
+<h2 id="email-2"><a class="header" href="#email-2">Email</a></h2>
+<p>When a user requests a password reset, Synapse will send an email to the
+user to confirm the request.</p>
+<p>Previous versions of Synapse delegated the job of sending this email to
+an identity server. If the identity server was somehow malicious or
+became compromised, it would be theoretically possible to hijack an
+account through this means.</p>
+<p>Therefore, by default, Synapse v1.0 will send the confirmation email
+itself. If Synapse is not configured with an SMTP server, password reset
+via email will be disabled.</p>
+<p>To configure an SMTP server for Synapse, modify the configuration
+section headed <code>email</code>, and be sure to have at least the <code>smtp_host</code>,
+<code>smtp_port</code> and <code>notif_from</code> fields filled out. You may also need to set
+<code>smtp_user</code>, <code>smtp_pass</code>, and <code>require_transport_security</code>.</p>
+<p>If you are absolutely certain that you wish to continue using an
+identity server for password resets, set
+<code>trust_identity_server_for_password_resets</code> to <code>true</code>.</p>
+<p>See the <a href="docs/sample_config.yaml">sample configuration file</a> for more
+details on these settings.</p>
+<h2 id="new-email-templates"><a class="header" href="#new-email-templates">New email templates</a></h2>
+<p>Some new templates have been added to the default template directory for the purpose of
+the homeserver sending its own password reset emails. If you have configured a
+custom <code>template_dir</code> in your Synapse config, these files will need to be added.</p>
+<p><code>password_reset.html</code> and <code>password_reset.txt</code> are HTML and plain text
+templates respectively that contain the contents of what will be emailed
+to the user upon attempting to reset their password via email.
+<code>password_reset_success.html</code> and <code>password_reset_failure.html</code> are HTML
+files that the content of which (assuming no redirect URL is set) will
+be shown to the user after they attempt to click the link in the email
+sent to them.</p>
+<h1 id="upgrading-to-v0990"><a class="header" href="#upgrading-to-v0990">Upgrading to v0.99.0</a></h1>
+<p>Please be aware that, before Synapse v1.0 is released around March 2019,
+you will need to replace any self-signed certificates with those
+verified by a root CA. Information on how to do so can be found at <a href="../ACME.html">the
+ACME docs</a>.</p>
+<p>For more information on configuring TLS certificates see the
+<a href="../MSC1711_certificates_FAQ.html">FAQ</a>.</p>
+<h1 id="upgrading-to-v0340"><a class="header" href="#upgrading-to-v0340">Upgrading to v0.34.0</a></h1>
+<ol>
+<li>
+<p>This release is the first to fully support Python 3. Synapse will
+now run on Python versions 3.5, or 3.6 (as well as 2.7). We
+recommend switching to Python 3, as it has been shown to give
+performance improvements.</p>
+<p>For users who have installed Synapse into a virtualenv, we recommend
+doing this by creating a new virtualenv. For example:</p>
+<pre><code>virtualenv -p python3 ~/synapse/env3
+source ~/synapse/env3/bin/activate
+pip install matrix-synapse
+</code></pre>
+<p>You can then start synapse as normal, having activated the new
+virtualenv:</p>
+<pre><code>cd ~/synapse
+source env3/bin/activate
+synctl start
+</code></pre>
+<p>Users who have installed from distribution packages should see the
+relevant package documentation. See below for notes on Debian
+packages.</p>
+<ul>
+<li>
+<p>When upgrading to Python 3, you <strong>must</strong> make sure that your log
+files are configured as UTF-8, by adding <code>encoding: utf8</code> to the
+<code>RotatingFileHandler</code> configuration (if you have one) in your
+<code>&lt;server&gt;.log.config</code> file. For example, if your <code>log.config</code>
+file contains:</p>
+<pre><code>handlers:
+  file:
+    class: logging.handlers.RotatingFileHandler
+    formatter: precise
+    filename: homeserver.log
+    maxBytes: 104857600
+    backupCount: 10
+    filters: [context]
+  console:
+    class: logging.StreamHandler
+    formatter: precise
+    filters: [context]
+</code></pre>
+<p>Then you should update this to be:</p>
+<pre><code>handlers:
+  file:
+    class: logging.handlers.RotatingFileHandler
+    formatter: precise
+    filename: homeserver.log
+    maxBytes: 104857600
+    backupCount: 10
+    filters: [context]
+    encoding: utf8
+  console:
+    class: logging.StreamHandler
+    formatter: precise
+    filters: [context]
+</code></pre>
+<p>There is no need to revert this change if downgrading to
+Python 2.</p>
+</li>
+</ul>
+<p>We are also making available Debian packages which will run Synapse
+on Python 3. You can switch to these packages with
+<code>apt-get install matrix-synapse-py3</code>, however, please read
+<a href="https://github.com/matrix-org/synapse/blob/release-v0.34.0/debian/NEWS">debian/NEWS</a>
+before doing so. The existing <code>matrix-synapse</code> packages will
+continue to use Python 2 for the time being.</p>
+</li>
+<li>
+<p>This release removes the <code>riot.im</code> from the default list of trusted
+identity servers.</p>
+<p>If <code>riot.im</code> is in your homeserver's list of
+<code>trusted_third_party_id_servers</code>, you should remove it. It was added
+in case a hypothetical future identity server was put there. If you
+don't remove it, users may be unable to deactivate their accounts.</p>
+</li>
+<li>
+<p>This release no longer installs the (unmaintained) Matrix Console
+web client as part of the default installation. It is possible to
+re-enable it by installing it separately and setting the
+<code>web_client_location</code> config option, but please consider switching
+to another client.</p>
+</li>
+</ol>
+<h1 id="upgrading-to-v0337"><a class="header" href="#upgrading-to-v0337">Upgrading to v0.33.7</a></h1>
+<p>This release removes the example email notification templates from
+<code>res/templates</code> (they are now internal to the python package). This
+should only affect you if you (a) deploy your Synapse instance from a
+git checkout or a github snapshot URL, and (b) have email notifications
+enabled.</p>
+<p>If you have email notifications enabled, you should ensure that
+<code>email.template_dir</code> is either configured to point at a directory where
+you have installed customised templates, or leave it unset to use the
+default templates.</p>
+<h1 id="upgrading-to-v0273"><a class="header" href="#upgrading-to-v0273">Upgrading to v0.27.3</a></h1>
+<p>This release expands the anonymous usage stats sent if the opt-in
+<code>report_stats</code> configuration is set to <code>true</code>. We now capture RSS memory
+and cpu use at a very coarse level. This requires administrators to
+install the optional <code>psutil</code> python module.</p>
+<p>We would appreciate it if you could assist by ensuring this module is
+available and <code>report_stats</code> is enabled. This will let us see if
+performance changes to synapse are having an impact to the general
+community.</p>
+<h1 id="upgrading-to-v0150"><a class="header" href="#upgrading-to-v0150">Upgrading to v0.15.0</a></h1>
+<p>If you want to use the new URL previewing API
+(<code>/_matrix/media/r0/preview_url</code>) then you have to explicitly enable it
+in the config and update your dependencies dependencies. See README.rst
+for details.</p>
+<h1 id="upgrading-to-v0110"><a class="header" href="#upgrading-to-v0110">Upgrading to v0.11.0</a></h1>
+<p>This release includes the option to send anonymous usage stats to
+matrix.org, and requires that administrators explictly opt in or out by
+setting the <code>report_stats</code> option to either <code>true</code> or <code>false</code>.</p>
+<p>We would really appreciate it if you could help our project out by
+reporting anonymized usage statistics from your homeserver. Only very
+basic aggregate data (e.g. number of users) will be reported, but it
+helps us to track the growth of the Matrix community, and helps us to
+make Matrix a success, as well as to convince other networks that they
+should peer with us.</p>
+<h1 id="upgrading-to-v090"><a class="header" href="#upgrading-to-v090">Upgrading to v0.9.0</a></h1>
+<p>Application services have had a breaking API change in this version.</p>
+<p>They can no longer register themselves with a home server using the AS
+HTTP API. This decision was made because a compromised application
+service with free reign to register any regex in effect grants full
+read/write access to the home server if a regex of <code>.*</code> is used. An
+attack where a compromised AS re-registers itself with <code>.*</code> was deemed
+too big of a security risk to ignore, and so the ability to register
+with the HS remotely has been removed.</p>
+<p>It has been replaced by specifying a list of application service
+registrations in <code>homeserver.yaml</code>:</p>
+<pre><code>app_service_config_files: [&quot;registration-01.yaml&quot;, &quot;registration-02.yaml&quot;]
+</code></pre>
+<p>Where <code>registration-01.yaml</code> looks like:</p>
+<pre><code>url: &lt;String&gt;  # e.g. &quot;https://my.application.service.com&quot;
+as_token: &lt;String&gt;
+hs_token: &lt;String&gt;
+sender_localpart: &lt;String&gt;  # This is a new field which denotes the user_id localpart when using the AS token
+namespaces:
+  users:
+    - exclusive: &lt;Boolean&gt;
+      regex: &lt;String&gt;  # e.g. &quot;@prefix_.*&quot;
+  aliases:
+    - exclusive: &lt;Boolean&gt;
+      regex: &lt;String&gt;
+  rooms:
+    - exclusive: &lt;Boolean&gt;
+      regex: &lt;String&gt;
+</code></pre>
+<h1 id="upgrading-to-v080"><a class="header" href="#upgrading-to-v080">Upgrading to v0.8.0</a></h1>
+<p>Servers which use captchas will need to add their public key to:</p>
+<pre><code>static/client/register/register_config.js
+
+  window.matrixRegistrationConfig = {
+      recaptcha_public_key: &quot;YOUR_PUBLIC_KEY&quot;
+  };
+</code></pre>
+<p>This is required in order to support registration fallback (typically
+used on mobile devices).</p>
+<h1 id="upgrading-to-v070"><a class="header" href="#upgrading-to-v070">Upgrading to v0.7.0</a></h1>
+<p>New dependencies are:</p>
+<ul>
+<li>pydenticon</li>
+<li>simplejson</li>
+<li>syutil</li>
+<li>matrix-angular-sdk</li>
+</ul>
+<p>To pull in these dependencies in a virtual env, run:</p>
+<pre><code>python synapse/python_dependencies.py | xargs -n 1 pip install
+</code></pre>
+<h1 id="upgrading-to-v060"><a class="header" href="#upgrading-to-v060">Upgrading to v0.6.0</a></h1>
+<p>To pull in new dependencies, run:</p>
+<pre><code>python setup.py develop --user
+</code></pre>
+<p>This update includes a change to the database schema. To upgrade you
+first need to upgrade the database by running:</p>
+<pre><code>python scripts/upgrade_db_to_v0.6.0.py &lt;db&gt; &lt;server_name&gt; &lt;signing_key&gt;
+</code></pre>
+<p>Where [<db>]{.title-ref} is the location of the database,
+[&lt;server_name&gt;]{.title-ref} is the server name as specified in the
+synapse configuration, and [&lt;signing_key&gt;]{.title-ref} is the location
+of the signing key as specified in the synapse configuration.</p>
+<p>This may take some time to complete. Failures of signatures and content
+hashes can safely be ignored.</p>
+<h1 id="upgrading-to-v051"><a class="header" href="#upgrading-to-v051">Upgrading to v0.5.1</a></h1>
+<p>Depending on precisely when you installed v0.5.0 you may have ended up
+with a stale release of the reference matrix webclient installed as a
+python module. To uninstall it and ensure you are depending on the
+latest module, please run:</p>
+<pre><code>$ pip uninstall syweb
+</code></pre>
+<h1 id="upgrading-to-v050"><a class="header" href="#upgrading-to-v050">Upgrading to v0.5.0</a></h1>
+<p>The webclient has been split out into a seperate repository/pacakage in
+this release. Before you restart your homeserver you will need to pull
+in the webclient package by running:</p>
+<pre><code>python setup.py develop --user
+</code></pre>
+<p>This release completely changes the database schema and so requires
+upgrading it before starting the new version of the homeserver.</p>
+<p>The script &quot;database-prepare-for-0.5.0.sh&quot; should be used to upgrade
+the database. This will save all user information, such as logins and
+profiles, but will otherwise purge the database. This includes messages,
+which rooms the home server was a member of and room alias mappings.</p>
+<p>If you would like to keep your history, please take a copy of your
+database file and ask for help in #matrix:matrix.org. The upgrade
+process is, unfortunately, non trivial and requires human intervention
+to resolve any resulting conflicts during the upgrade process.</p>
+<p>Before running the command the homeserver should be first completely
+shutdown. To run it, simply specify the location of the database, e.g.:</p>
+<blockquote>
+<p>./scripts/database-prepare-for-0.5.0.sh &quot;homeserver.db&quot;</p>
+</blockquote>
+<p>Once this has successfully completed it will be safe to restart the
+homeserver. You may notice that the homeserver takes a few seconds
+longer to restart than usual as it reinitializes the database.</p>
+<p>On startup of the new version, users can either rejoin remote rooms
+using room aliases or by being reinvited. Alternatively, if any other
+homeserver sends a message to a room that the homeserver was previously
+in the local HS will automatically rejoin the room.</p>
+<h1 id="upgrading-to-v040"><a class="header" href="#upgrading-to-v040">Upgrading to v0.4.0</a></h1>
+<p>This release needs an updated syutil version. Run:</p>
+<pre><code>python setup.py develop
+</code></pre>
+<p>You will also need to upgrade your configuration as the signing key
+format has changed. Run:</p>
+<pre><code>python -m synapse.app.homeserver --config-path &lt;CONFIG&gt; --generate-config
+</code></pre>
+<h1 id="upgrading-to-v030"><a class="header" href="#upgrading-to-v030">Upgrading to v0.3.0</a></h1>
+<p>This registration API now closely matches the login API. This introduces
+a bit more backwards and forwards between the HS and the client, but
+this improves the overall flexibility of the API. You can now GET on
+/register to retrieve a list of valid registration flows. Upon choosing
+one, they are submitted in the same way as login, e.g:</p>
+<pre><code>{
+  type: m.login.password,
+  user: foo,
+  password: bar
+}
+</code></pre>
+<p>The default HS supports 2 flows, with and without Identity Server email
+authentication. Enabling captcha on the HS will add in an extra step to
+all flows: <code>m.login.recaptcha</code> which must be completed before you can
+transition to the next stage. There is a new login type:
+<code>m.login.email.identity</code> which contains the <code>threepidCreds</code> key which
+were previously sent in the original register request. For more
+information on this, see the specification.</p>
+<h2 id="web-client"><a class="header" href="#web-client">Web Client</a></h2>
+<p>The VoIP specification has changed between v0.2.0 and v0.3.0. Users
+should refresh any browser tabs to get the latest web client code. Users
+on v0.2.0 of the web client will not be able to call those on v0.3.0 and
+vice versa.</p>
+<h1 id="upgrading-to-v020"><a class="header" href="#upgrading-to-v020">Upgrading to v0.2.0</a></h1>
+<p>The home server now requires setting up of SSL config before it can run.
+To automatically generate default config use:</p>
+<pre><code>$ python synapse/app/homeserver.py \
+    --server-name machine.my.domain.name \
+    --bind-port 8448 \
+    --config-path homeserver.config \
+    --generate-config
+</code></pre>
+<p>This config can be edited if desired, for example to specify a different
+SSL certificate to use. Once done you can run the home server using:</p>
+<pre><code>$ python synapse/app/homeserver.py --config-path homeserver.config
+</code></pre>
+<p>See the README.rst for more information.</p>
+<p>Also note that some config options have been renamed, including:</p>
+<ul>
+<li>&quot;host&quot; to &quot;server-name&quot;</li>
+<li>&quot;database&quot; to &quot;database-path&quot;</li>
+<li>&quot;port&quot; to &quot;bind-port&quot; and &quot;unsecure-port&quot;</li>
+</ul>
+<h1 id="upgrading-to-v001"><a class="header" href="#upgrading-to-v001">Upgrading to v0.0.1</a></h1>
+<p>This release completely changes the database schema and so requires
+upgrading it before starting the new version of the homeserver.</p>
+<p>The script &quot;database-prepare-for-0.0.1.sh&quot; should be used to upgrade
+the database. This will save all user information, such as logins and
+profiles, but will otherwise purge the database. This includes messages,
+which rooms the home server was a member of and room alias mappings.</p>
+<p>Before running the command the homeserver should be first completely
+shutdown. To run it, simply specify the location of the database, e.g.:</p>
+<blockquote>
+<p>./scripts/database-prepare-for-0.0.1.sh &quot;homeserver.db&quot;</p>
+</blockquote>
+<p>Once this has successfully completed it will be safe to restart the
+homeserver. You may notice that the homeserver takes a few seconds
+longer to restart than usual as it reinitializes the database.</p>
+<p>On startup of the new version, users can either rejoin remote rooms
+using room aliases or by being reinvited. Alternatively, if any other
+homeserver sends a message to a room that the homeserver was previously
+in the local HS will automatically rejoin the room.</p>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="msc1711-certificates-faq"><a class="header" href="#msc1711-certificates-faq">MSC1711 Certificates FAQ</a></h1>
+<h2 id="historical-note"><a class="header" href="#historical-note">Historical Note</a></h2>
+<p>This document was originally written to guide server admins through the upgrade
+path towards Synapse 1.0. Specifically,
+<a href="https://github.com/matrix-org/matrix-doc/blob/master/proposals/1711-x509-for-federation.md">MSC1711</a>
+required that all servers present valid TLS certificates on their federation
+API. Admins were encouraged to achieve compliance from version 0.99.0 (released
+in February 2019) ahead of version 1.0 (released June 2019) enforcing the
+certificate checks.</p>
+<p>Much of what follows is now outdated since most admins will have already
+upgraded, however it may be of use to those with old installs returning to the
+project.</p>
+<p>If you are setting up a server from scratch you almost certainly should look at
+the <a href="../INSTALL.html">installation guide</a> instead.</p>
+<h2 id="introduction-1"><a class="header" href="#introduction-1">Introduction</a></h2>
+<p>The goal of Synapse 0.99.0 is to act as a stepping stone to Synapse 1.0.0. It
+supports the r0.1 release of the server to server specification, but is
+compatible with both the legacy Matrix federation behaviour (pre-r0.1) as well
+as post-r0.1 behaviour, in order to allow for a smooth upgrade across the
+federation.</p>
+<p>The most important thing to know is that Synapse 1.0.0 will require a valid TLS
+certificate on federation endpoints. Self signed certificates will not be
+sufficient.</p>
+<p>Synapse 0.99.0 makes it easy to configure TLS certificates and will
+interoperate with both &gt;= 1.0.0 servers as well as existing servers yet to
+upgrade.</p>
+<p><strong>It is critical that all admins upgrade to 0.99.0 and configure a valid TLS
+certificate.</strong> Admins will have 1 month to do so, after which 1.0.0 will be
+released and those servers without a valid certificate will not longer be able
+to federate with &gt;= 1.0.0 servers.</p>
+<p>Full details on how to carry out this configuration change is given
+<a href="MSC1711_certificates_FAQ.html#configuring-certificates-for-compatibility-with-synapse-100">below</a>. A
+timeline and some frequently asked questions are also given below.</p>
+<p>For more details and context on the release of the r0.1 Server/Server API and
+imminent Matrix 1.0 release, you can also see our
+<a href="https://matrix.org/blog/2019/02/04/matrix-at-fosdem-2019/">main talk from FOSDEM 2019</a>.</p>
+<h2 id="contents"><a class="header" href="#contents">Contents</a></h2>
+<ul>
+<li>Timeline</li>
+<li>Configuring certificates for compatibility with Synapse 1.0</li>
+<li>FAQ
+<ul>
+<li>Synapse 0.99.0 has just been released, what do I need to do right now?</li>
+<li>How do I upgrade?</li>
+<li>What will happen if I do not set up a valid federation certificate
+immediately?</li>
+<li>What will happen if I do nothing at all?</li>
+<li>When do I need a SRV record or .well-known URI?</li>
+<li>Can I still use an SRV record?</li>
+<li>I have created a .well-known URI. Do I still need an SRV record?</li>
+<li>It used to work just fine, why are you breaking everything?</li>
+<li>Can I manage my own certificates rather than having Synapse renew
+certificates itself?</li>
+<li>Do you still recommend against using a reverse proxy on the federation port?</li>
+<li>Do I still need to give my TLS certificates to Synapse if I am using a
+reverse proxy?</li>
+<li>Do I need the same certificate for the client and federation port?</li>
+<li>How do I tell Synapse to reload my keys/certificates after I replace them?</li>
+</ul>
+</li>
+</ul>
+<h2 id="timeline"><a class="header" href="#timeline">Timeline</a></h2>
+<p><strong>5th Feb 2019  - Synapse 0.99.0 is released.</strong></p>
+<p>All server admins are encouraged to upgrade.</p>
+<p>0.99.0:</p>
+<ul>
+<li>
+<p>provides support for ACME to make setting up Let's Encrypt certs easy, as
+well as .well-known support.</p>
+</li>
+<li>
+<p>does not enforce that a valid CA cert is present on the federation API, but
+rather makes it easy to set one up.</p>
+</li>
+<li>
+<p>provides support for .well-known</p>
+</li>
+</ul>
+<p>Admins should upgrade and configure a valid CA cert. Homeservers that require a
+.well-known entry (see below), should retain their SRV record and use it
+alongside their .well-known record.</p>
+<p><strong>10th June 2019  - Synapse 1.0.0 is released</strong></p>
+<p>1.0.0 is scheduled for release on 10th June. In
+accordance with the the <a href="https://matrix.org/docs/spec/server_server/r0.1.0.html">S2S spec</a>
+1.0.0 will enforce certificate validity. This means that any homeserver without a
+valid certificate after this point will no longer be able to federate with
+1.0.0 servers.</p>
+<h2 id="configuring-certificates-for-compatibility-with-synapse-100"><a class="header" href="#configuring-certificates-for-compatibility-with-synapse-100">Configuring certificates for compatibility with Synapse 1.0.0</a></h2>
+<h3 id="if-you-do-not-currently-have-an-srv-record"><a class="header" href="#if-you-do-not-currently-have-an-srv-record">If you do not currently have an SRV record</a></h3>
+<p>In this case, your <code>server_name</code> points to the host where your Synapse is
+running. There is no need to create a <code>.well-known</code> URI or an SRV record, but
+you will need to give Synapse a valid, signed, certificate.</p>
+<h3 id="if-you-do-have-an-srv-record-currently"><a class="header" href="#if-you-do-have-an-srv-record-currently">If you do have an SRV record currently</a></h3>
+<p>If you are using an SRV record, your matrix domain (<code>server_name</code>) may not
+point to the same host that your Synapse is running on (the 'target
+domain'). (If it does, you can follow the recommendation above; otherwise, read
+on.)</p>
+<p>Let's assume that your <code>server_name</code> is <code>example.com</code>, and your Synapse is
+hosted at a target domain of <code>customer.example.net</code>. Currently you should have
+an SRV record which looks like:</p>
+<pre><code>_matrix._tcp.example.com. IN SRV 10 5 8000 customer.example.net.
+</code></pre>
+<p>In this situation, you have three choices for how to proceed:</p>
+<h4 id="option-1-give-synapse-a-certificate-for-your-matrix-domain"><a class="header" href="#option-1-give-synapse-a-certificate-for-your-matrix-domain">Option 1: give Synapse a certificate for your matrix domain</a></h4>
+<p>Synapse 1.0 will expect your server to present a TLS certificate for your
+<code>server_name</code> (<code>example.com</code> in the above example). You can achieve this by acquiring a
+certificate for the <code>server_name</code> yourself (for example, using <code>certbot</code>), and giving it
+and the key to Synapse via <code>tls_certificate_path</code> and <code>tls_private_key_path</code>.</p>
+<h4 id="option-2-run-synapse-behind-a-reverse-proxy"><a class="header" href="#option-2-run-synapse-behind-a-reverse-proxy">Option 2: run Synapse behind a reverse proxy</a></h4>
+<p>If you have an existing reverse proxy set up with correct TLS certificates for
+your domain, you can simply route all traffic through the reverse proxy by
+updating the SRV record appropriately (or removing it, if the proxy listens on
+8448).</p>
+<p>See <a href="reverse_proxy.html">reverse_proxy.md</a> for information on setting up a
+reverse proxy.</p>
+<h4 id="option-3-add-a-well-known-file-to-delegate-your-matrix-traffic"><a class="header" href="#option-3-add-a-well-known-file-to-delegate-your-matrix-traffic">Option 3: add a .well-known file to delegate your matrix traffic</a></h4>
+<p>This will allow you to keep Synapse on a separate domain, without having to
+give it a certificate for the matrix domain.</p>
+<p>You can do this with a <code>.well-known</code> file as follows:</p>
+<ol>
+<li>
+<p>Keep the SRV record in place - it is needed for backwards compatibility
+with Synapse 0.34 and earlier.</p>
+</li>
+<li>
+<p>Give Synapse a certificate corresponding to the target domain
+(<code>customer.example.net</code> in the above example). You can do this by acquire a 
+certificate for the target domain and giving it to Synapse via <code>tls_certificate_path</code>
+and <code>tls_private_key_path</code>.</p>
+</li>
+<li>
+<p>Restart Synapse to ensure the new certificate is loaded.</p>
+</li>
+<li>
+<p>Arrange for a <code>.well-known</code> file at
+<code>https://&lt;server_name&gt;/.well-known/matrix/server</code> with contents:</p>
+<pre><code class="language-json">{&quot;m.server&quot;: &quot;&lt;target server name&gt;&quot;}
+</code></pre>
+<p>where the target server name is resolved as usual (i.e. SRV lookup, falling
+back to talking to port 8448).</p>
+<p>In the above example, where synapse is listening on port 8000,
+<code>https://example.com/.well-known/matrix/server</code> should have <code>m.server</code> set to one of:</p>
+<ol>
+<li>
+<p><code>customer.example.net</code> ─ with a SRV record on
+<code>_matrix._tcp.customer.example.com</code> pointing to port 8000, or:</p>
+</li>
+<li>
+<p><code>customer.example.net</code> ─ updating synapse to listen on the default port
+8448, or:</p>
+</li>
+<li>
+<p><code>customer.example.net:8000</code> ─ ensuring that if there is a reverse proxy
+on <code>customer.example.net:8000</code> it correctly handles HTTP requests with
+Host header set to <code>customer.example.net:8000</code>.</p>
+</li>
+</ol>
+</li>
+</ol>
+<h2 id="faq"><a class="header" href="#faq">FAQ</a></h2>
+<h3 id="synapse-0990-has-just-been-released-what-do-i-need-to-do-right-now"><a class="header" href="#synapse-0990-has-just-been-released-what-do-i-need-to-do-right-now">Synapse 0.99.0 has just been released, what do I need to do right now?</a></h3>
+<p>Upgrade as soon as you can in preparation for Synapse 1.0.0, and update your
+TLS certificates as <a href="MSC1711_certificates_FAQ.html#configuring-certificates-for-compatibility-with-synapse-100">above</a>.</p>
+<h3 id="what-will-happen-if-i-do-not-set-up-a-valid-federation-certificate-immediately"><a class="header" href="#what-will-happen-if-i-do-not-set-up-a-valid-federation-certificate-immediately">What will happen if I do not set up a valid federation certificate immediately?</a></h3>
+<p>Nothing initially, but once 1.0.0 is in the wild it will not be possible to
+federate with 1.0.0 servers.</p>
+<h3 id="what-will-happen-if-i-do-nothing-at-all"><a class="header" href="#what-will-happen-if-i-do-nothing-at-all">What will happen if I do nothing at all?</a></h3>
+<p>If the admin takes no action at all, and remains on a Synapse &lt; 0.99.0 then the
+homeserver will be unable to federate with those who have implemented
+.well-known. Then, as above, once the month upgrade window has expired the
+homeserver will not be able to federate with any Synapse &gt;= 1.0.0</p>
+<h3 id="when-do-i-need-a-srv-record-or-well-known-uri"><a class="header" href="#when-do-i-need-a-srv-record-or-well-known-uri">When do I need a SRV record or .well-known URI?</a></h3>
+<p>If your homeserver listens on the default federation port (8448), and your
+<code>server_name</code> points to the host that your homeserver runs on, you do not need an
+SRV record or <code>.well-known/matrix/server</code> URI.</p>
+<p>For instance, if you registered <code>example.com</code> and pointed its DNS A record at a
+fresh Upcloud VPS or similar, you could install Synapse 0.99 on that host,
+giving it a server_name of <code>example.com</code>, and it would automatically generate a
+valid TLS certificate for you via Let's Encrypt and no SRV record or
+<code>.well-known</code> URI would be needed.</p>
+<p>This is the common case, although you can add an SRV record or
+<code>.well-known/matrix/server</code> URI for completeness if you wish.</p>
+<p><strong>However</strong>, if your server does not listen on port 8448, or if your <code>server_name</code>
+does not point to the host that your homeserver runs on, you will need to let
+other servers know how to find it.</p>
+<p>In this case, you should see <a href="MSC1711_certificates_FAQ.html#if-you-do-have-an-srv-record-currently">&quot;If you do have an SRV record
+currently&quot;</a> above.</p>
+<h3 id="can-i-still-use-an-srv-record"><a class="header" href="#can-i-still-use-an-srv-record">Can I still use an SRV record?</a></h3>
+<p>Firstly, if you didn't need an SRV record before (because your server is
+listening on port 8448 of your server_name), you certainly don't need one now:
+the defaults are still the same.</p>
+<p>If you previously had an SRV record, you can keep using it provided you are
+able to give Synapse a TLS certificate corresponding to your server name. For
+example, suppose you had the following SRV record, which directs matrix traffic
+for example.com to matrix.example.com:443:</p>
+<pre><code>_matrix._tcp.example.com. IN SRV 10 5 443 matrix.example.com
+</code></pre>
+<p>In this case, Synapse must be given a certificate for example.com - or be
+configured to acquire one from Let's Encrypt.</p>
+<p>If you are unable to give Synapse a certificate for your server_name, you will
+also need to use a .well-known URI instead. However, see also &quot;I have created a
+.well-known URI. Do I still need an SRV record?&quot;.</p>
+<h3 id="i-have-created-a-well-known-uri-do-i-still-need-an-srv-record"><a class="header" href="#i-have-created-a-well-known-uri-do-i-still-need-an-srv-record">I have created a .well-known URI. Do I still need an SRV record?</a></h3>
+<p>As of Synapse 0.99, Synapse will first check for the existence of a <code>.well-known</code>
+URI and follow any delegation it suggests. It will only then check for the
+existence of an SRV record.</p>
+<p>That means that the SRV record will often be redundant. However, you should
+remember that there may still be older versions of Synapse in the federation
+which do not understand <code>.well-known</code> URIs, so if you removed your SRV record you
+would no longer be able to federate with them.</p>
+<p>It is therefore best to leave the SRV record in place for now. Synapse 0.34 and
+earlier will follow the SRV record (and not care about the invalid
+certificate). Synapse 0.99 and later will follow the .well-known URI, with the
+correct certificate chain.</p>
+<h3 id="it-used-to-work-just-fine-why-are-you-breaking-everything"><a class="header" href="#it-used-to-work-just-fine-why-are-you-breaking-everything">It used to work just fine, why are you breaking everything?</a></h3>
+<p>We have always wanted Matrix servers to be as easy to set up as possible, and
+so back when we started federation in 2014 we didn't want admins to have to go
+through the cumbersome process of buying a valid TLS certificate to run a
+server. This was before Let's Encrypt came along and made getting a free and
+valid TLS certificate straightforward. So instead, we adopted a system based on
+<a href="https://en.wikipedia.org/wiki/Convergence_(SSL)">Perspectives</a>: an approach
+where you check a set of &quot;notary servers&quot; (in practice, homeservers) to vouch
+for the validity of a certificate rather than having it signed by a CA. As long
+as enough different notaries agree on the certificate's validity, then it is
+trusted.</p>
+<p>However, in practice this has never worked properly. Most people only use the
+default notary server (matrix.org), leading to inadvertent centralisation which
+we want to eliminate. Meanwhile, we never implemented the full consensus
+algorithm to query the servers participating in a room to determine consensus
+on whether a given certificate is valid. This is fiddly to get right
+(especially in face of sybil attacks), and we found ourselves questioning
+whether it was worth the effort to finish the work and commit to maintaining a
+secure certificate validation system as opposed to focusing on core Matrix
+development.</p>
+<p>Meanwhile, Let's Encrypt came along in 2016, and put the final nail in the
+coffin of the Perspectives project (which was already pretty dead). So, the
+Spec Core Team decided that a better approach would be to mandate valid TLS
+certificates for federation alongside the rest of the Web. More details can be
+found in
+<a href="https://github.com/matrix-org/matrix-doc/blob/master/proposals/1711-x509-for-federation.md#background-the-failure-of-the-perspectives-approach">MSC1711</a>.</p>
+<p>This results in a breaking change, which is disruptive, but absolutely critical
+for the security model. However, the existence of Let's Encrypt as a trivial
+way to replace the old self-signed certificates with valid CA-signed ones helps
+smooth things over massively, especially as Synapse can now automate Let's
+Encrypt certificate generation if needed.</p>
+<h3 id="can-i-manage-my-own-certificates-rather-than-having-synapse-renew-certificates-itself"><a class="header" href="#can-i-manage-my-own-certificates-rather-than-having-synapse-renew-certificates-itself">Can I manage my own certificates rather than having Synapse renew certificates itself?</a></h3>
+<p>Yes, you are welcome to manage your certificates yourself. Synapse will only
+attempt to obtain certificates from Let's Encrypt if you configure it to do
+so.The only requirement is that there is a valid TLS cert present for
+federation end points.</p>
+<h3 id="do-you-still-recommend-against-using-a-reverse-proxy-on-the-federation-port-1"><a class="header" href="#do-you-still-recommend-against-using-a-reverse-proxy-on-the-federation-port-1">Do you still recommend against using a reverse proxy on the federation port?</a></h3>
+<p>We no longer actively recommend against using a reverse proxy. Many admins will
+find it easier to direct federation traffic to a reverse proxy and manage their
+own TLS certificates, and this is a supported configuration.</p>
+<p>See <a href="reverse_proxy.html">reverse_proxy.md</a> for information on setting up a
+reverse proxy.</p>
+<h3 id="do-i-still-need-to-give-my-tls-certificates-to-synapse-if-i-am-using-a-reverse-proxy-1"><a class="header" href="#do-i-still-need-to-give-my-tls-certificates-to-synapse-if-i-am-using-a-reverse-proxy-1">Do I still need to give my TLS certificates to Synapse if I am using a reverse proxy?</a></h3>
+<p>Practically speaking, this is no longer necessary.</p>
+<p>If you are using a reverse proxy for all of your TLS traffic, then you can set
+<code>no_tls: True</code>. In that case, the only reason Synapse needs the certificate is
+to populate a legacy 'tls_fingerprints' field in the federation API. This is
+ignored by Synapse 0.99.0 and later, and the only time pre-0.99 Synapses will
+check it is when attempting to fetch the server keys - and generally this is
+delegated via <code>matrix.org</code>, which is on 0.99.0.</p>
+<p>However, there is a bug in Synapse 0.99.0
+<a href="https://github.com/matrix-org/synapse/issues/4554">4554</a> which prevents
+Synapse from starting if you do not give it a TLS certificate. To work around
+this, you can give it any TLS certificate at all. This will be fixed soon.</p>
+<h3 id="do-i-need-the-same-certificate-for-the-client-and-federation-port-1"><a class="header" href="#do-i-need-the-same-certificate-for-the-client-and-federation-port-1">Do I need the same certificate for the client and federation port?</a></h3>
+<p>No. There is nothing stopping you from using different certificates,
+particularly if you are using a reverse proxy. However, Synapse will use the
+same certificate on any ports where TLS is configured.</p>
+<h3 id="how-do-i-tell-synapse-to-reload-my-keyscertificates-after-i-replace-them"><a class="header" href="#how-do-i-tell-synapse-to-reload-my-keyscertificates-after-i-replace-them">How do I tell Synapse to reload my keys/certificates after I replace them?</a></h3>
+<p>Synapse will reload the keys and certificates when it receives a SIGHUP - for
+example <code>kill -HUP $(cat homeserver.pid)</code>. Alternatively, simply restart
+Synapse, though this will result in downtime while it restarts.</p>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="setting-up-federation"><a class="header" href="#setting-up-federation">Setting up federation</a></h1>
+<p>Federation is the process by which users on different servers can participate
+in the same room. For this to work, those other servers must be able to contact
+yours to send messages.</p>
+<p>The <code>server_name</code> configured in the Synapse configuration file (often
+<code>homeserver.yaml</code>) defines how resources (users, rooms, etc.) will be
+identified (eg: <code>@user:example.com</code>, <code>#room:example.com</code>). By default,
+it is also the domain that other servers will use to try to reach your
+server (via port 8448). This is easy to set up and will work provided
+you set the <code>server_name</code> to match your machine's public DNS hostname.</p>
+<p>For this default configuration to work, you will need to listen for TLS
+connections on port 8448. The preferred way to do that is by using a
+reverse proxy: see <a href="reverse_proxy.html">reverse_proxy.md</a> for instructions
+on how to correctly set one up.</p>
+<p>In some cases you might not want to run Synapse on the machine that has
+the <code>server_name</code> as its public DNS hostname, or you might want federation
+traffic to use a different port than 8448. For example, you might want to
+have your user names look like <code>@user:example.com</code>, but you want to run
+Synapse on <code>synapse.example.com</code> on port 443. This can be done using
+delegation, which allows an admin to control where federation traffic should
+be sent. See <a href="delegate.html">delegate.md</a> for instructions on how to set this up.</p>
+<p>Once federation has been configured, you should be able to join a room over
+federation. A good place to start is <code>#synapse:matrix.org</code> - a room for
+Synapse admins.</p>
+<h2 id="troubleshooting-2"><a class="header" href="#troubleshooting-2">Troubleshooting</a></h2>
+<p>You can use the <a href="https://matrix.org/federationtester">federation tester</a>
+to check if your homeserver is configured correctly. Alternatively try the
+<a href="https://matrix.org/federationtester/api/report?server_name=DOMAIN">JSON API used by the federation tester</a>.
+Note that you'll have to modify this URL to replace <code>DOMAIN</code> with your
+<code>server_name</code>. Hitting the API directly provides extra detail.</p>
+<p>The typical failure mode for federation is that when the server tries to join
+a room, it is rejected with &quot;401: Unauthorized&quot;. Generally this means that other
+servers in the room could not access yours. (Joining a room over federation is
+a complicated dance which requires connections in both directions).</p>
+<p>Another common problem is that people on other servers can't join rooms that
+you invite them to. This can be caused by an incorrectly-configured reverse
+proxy: see <a href="reverse_proxy.html">reverse_proxy.md</a> for instructions on how to correctly
+configure a reverse proxy.</p>
+<h3 id="known-issues"><a class="header" href="#known-issues">Known issues</a></h3>
+<p><strong>HTTP <code>308 Permanent Redirect</code> redirects are not followed</strong>: Due to missing features
+in the HTTP library used by Synapse, 308 redirects are currently not followed by
+federating servers, which can cause <code>M_UNKNOWN</code> or <code>401 Unauthorized</code> errors. This
+may affect users who are redirecting apex-to-www (e.g. <code>example.com</code> -&gt; <code>www.example.com</code>),
+and especially users of the Kubernetes <em>Nginx Ingress</em> module, which uses 308 redirect
+codes by default. For those Kubernetes users, <a href="https://stackoverflow.com/a/52617528/5096871">this Stackoverflow post</a> 
+might be helpful. For other users, switching to a <code>301 Moved Permanently</code> code may be
+an option. 308 redirect codes will be supported properly in a future
+release of Synapse.</p>
+<h2 id="running-a-demo-federation-of-synapses"><a class="header" href="#running-a-demo-federation-of-synapses">Running a demo federation of Synapses</a></h2>
+<p>If you want to get up and running quickly with a trio of homeservers in a
+private federation, there is a script in the <code>demo</code> directory. This is mainly
+useful just for development purposes. See <a href="https://github.com/matrix-org/synapse/tree/develop/demo/">demo/README</a>.</p>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="configuration-1"><a class="header" href="#configuration-1">Configuration</a></h1>
+<p>This section contains information on tweaking Synapse via the various options in the configuration file. A configuration
+file should have been generated when you <a href="usage/configuration/../../setup/installation.html">installed Synapse</a>.</p>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="homeserver-sample-configuration-file"><a class="header" href="#homeserver-sample-configuration-file">Homeserver Sample Configuration File</a></h1>
+<p>Below is a sample homeserver configuration file. The homeserver configuration file 
+can be tweaked to change the behaviour of your homeserver. A restart of the server is 
+generally required to apply any changes made to this file.</p>
+<p>Note that the contents below are <em>not</em> intended to be copied and used as the basis for
+a real homeserver.yaml. Instead, if you are starting from scratch, please generate
+a fresh config using Synapse by following the instructions in
+<a href="usage/configuration/../../setup/installation.html">Installation</a>.</p>
+<pre><code class="language-yaml"># This file is maintained as an up-to-date snapshot of the default
+# homeserver.yaml configuration generated by Synapse.
+#
+# It is intended to act as a reference for the default configuration,
+# helping admins keep track of new options and other changes, and compare
+# their configs with the current default.  As such, many of the actual
+# config values shown are placeholders.
+#
+# It is *not* intended to be copied and used as the basis for a real
+# homeserver.yaml. Instead, if you are starting from scratch, please generate
+# a fresh config using Synapse by following the instructions in INSTALL.md.
+
+# Configuration options that take a time period can be set using a number
+# followed by a letter. Letters have the following meanings:
+# s = second
+# m = minute
+# h = hour
+# d = day
+# w = week
+# y = year
+# For example, setting redaction_retention_period: 5m would remove redacted
+# messages from the database after 5 minutes, rather than 5 months.
+
+################################################################################
+
+# Configuration file for Synapse.
+#
+# This is a YAML file: see [1] for a quick introduction. Note in particular
+# that *indentation is important*: all the elements of a list or dictionary
+# should have the same indentation.
+#
+# [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html
+
+
+## Modules ##
+
+# Server admins can expand Synapse's functionality with external modules.
+#
+# See https://matrix-org.github.io/synapse/develop/modules.html for more
+# documentation on how to configure or create custom modules for Synapse.
+#
+modules:
+    # - module: my_super_module.MySuperClass
+    #   config:
+    #       do_thing: true
+    # - module: my_other_super_module.SomeClass
+    #   config: {}
+
+
+## Server ##
+
+# The public-facing domain of the server
+#
+# The server_name name will appear at the end of usernames and room addresses
+# created on this server. For example if the server_name was example.com,
+# usernames on this server would be in the format @user:example.com
+#
+# In most cases you should avoid using a matrix specific subdomain such as
+# matrix.example.com or synapse.example.com as the server_name for the same
+# reasons you wouldn't use user@email.example.com as your email address.
+# See https://github.com/matrix-org/synapse/blob/master/docs/delegate.md
+# for information on how to host Synapse on a subdomain while preserving
+# a clean server_name.
+#
+# The server_name cannot be changed later so it is important to
+# configure this correctly before you start Synapse. It should be all
+# lowercase and may contain an explicit port.
+# Examples: matrix.org, localhost:8080
+#
+server_name: &quot;SERVERNAME&quot;
+
+# When running as a daemon, the file to store the pid in
+#
+pid_file: DATADIR/homeserver.pid
+
+# The absolute URL to the web client which /_matrix/client will redirect
+# to if 'webclient' is configured under the 'listeners' configuration.
+#
+# This option can be also set to the filesystem path to the web client
+# which will be served at /_matrix/client/ if 'webclient' is configured
+# under the 'listeners' configuration, however this is a security risk:
+# https://github.com/matrix-org/synapse#security-note
+#
+#web_client_location: https://riot.example.com/
+
+# The public-facing base URL that clients use to access this Homeserver (not
+# including _matrix/...). This is the same URL a user might enter into the
+# 'Custom Homeserver URL' field on their client. If you use Synapse with a
+# reverse proxy, this should be the URL to reach Synapse via the proxy.
+# Otherwise, it should be the URL to reach Synapse's client HTTP listener (see
+# 'listeners' below).
+#
+#public_baseurl: https://example.com/
+
+# Set the soft limit on the number of file descriptors synapse can use
+# Zero is used to indicate synapse should set the soft limit to the
+# hard limit.
+#
+#soft_file_limit: 0
+
+# Presence tracking allows users to see the state (e.g online/offline)
+# of other local and remote users.
+#
+presence:
+  # Uncomment to disable presence tracking on this homeserver. This option
+  # replaces the previous top-level 'use_presence' option.
+  #
+  #enabled: false
+
+  # Presence routers are third-party modules that can specify additional logic
+  # to where presence updates from users are routed.
+  #
+  presence_router:
+    # The custom module's class. Uncomment to use a custom presence router module.
+    #
+    #module: &quot;my_custom_router.PresenceRouter&quot;
+
+    # Configuration options of the custom module. Refer to your module's
+    # documentation for available options.
+    #
+    #config:
+    #  example_option: 'something'
+
+# Whether to require authentication to retrieve profile data (avatars,
+# display names) of other users through the client API. Defaults to
+# 'false'. Note that profile data is also available via the federation
+# API, unless allow_profile_lookup_over_federation is set to false.
+#
+#require_auth_for_profile_requests: true
+
+# Uncomment to require a user to share a room with another user in order
+# to retrieve their profile information. Only checked on Client-Server
+# requests. Profile requests from other servers should be checked by the
+# requesting server. Defaults to 'false'.
+#
+#limit_profile_requests_to_users_who_share_rooms: true
+
+# Uncomment to prevent a user's profile data from being retrieved and
+# displayed in a room until they have joined it. By default, a user's
+# profile data is included in an invite event, regardless of the values
+# of the above two settings, and whether or not the users share a server.
+# Defaults to 'true'.
+#
+#include_profile_data_on_invite: false
+
+# If set to 'true', removes the need for authentication to access the server's
+# public rooms directory through the client API, meaning that anyone can
+# query the room directory. Defaults to 'false'.
+#
+#allow_public_rooms_without_auth: true
+
+# If set to 'true', allows any other homeserver to fetch the server's public
+# rooms directory via federation. Defaults to 'false'.
+#
+#allow_public_rooms_over_federation: true
+
+# The default room version for newly created rooms.
+#
+# Known room versions are listed here:
+# https://matrix.org/docs/spec/#complete-list-of-room-versions
+#
+# For example, for room version 1, default_room_version should be set
+# to &quot;1&quot;.
+#
+#default_room_version: &quot;6&quot;
+
+# The GC threshold parameters to pass to `gc.set_threshold`, if defined
+#
+#gc_thresholds: [700, 10, 10]
+
+# The minimum time in seconds between each GC for a generation, regardless of
+# the GC thresholds. This ensures that we don't do GC too frequently.
+#
+# A value of `[1s, 10s, 30s]` indicates that a second must pass between consecutive
+# generation 0 GCs, etc.
+#
+# Defaults to `[1s, 10s, 30s]`.
+#
+#gc_min_interval: [0.5s, 30s, 1m]
+
+# Set the limit on the returned events in the timeline in the get
+# and sync operations. The default value is 100. -1 means no upper limit.
+#
+# Uncomment the following to increase the limit to 5000.
+#
+#filter_timeline_limit: 5000
+
+# Whether room invites to users on this server should be blocked
+# (except those sent by local server admins). The default is False.
+#
+#block_non_admin_invites: true
+
+# Room searching
+#
+# If disabled, new messages will not be indexed for searching and users
+# will receive errors when searching for messages. Defaults to enabled.
+#
+#enable_search: false
+
+# Prevent outgoing requests from being sent to the following blacklisted IP address
+# CIDR ranges. If this option is not specified then it defaults to private IP
+# address ranges (see the example below).
+#
+# The blacklist applies to the outbound requests for federation, identity servers,
+# push servers, and for checking key validity for third-party invite events.
+#
+# (0.0.0.0 and :: are always blacklisted, whether or not they are explicitly
+# listed here, since they correspond to unroutable addresses.)
+#
+# This option replaces federation_ip_range_blacklist in Synapse v1.25.0.
+#
+#ip_range_blacklist:
+#  - '127.0.0.0/8'
+#  - '10.0.0.0/8'
+#  - '172.16.0.0/12'
+#  - '192.168.0.0/16'
+#  - '100.64.0.0/10'
+#  - '192.0.0.0/24'
+#  - '169.254.0.0/16'
+#  - '192.88.99.0/24'
+#  - '198.18.0.0/15'
+#  - '192.0.2.0/24'
+#  - '198.51.100.0/24'
+#  - '203.0.113.0/24'
+#  - '224.0.0.0/4'
+#  - '::1/128'
+#  - 'fe80::/10'
+#  - 'fc00::/7'
+#  - '2001:db8::/32'
+#  - 'ff00::/8'
+#  - 'fec0::/10'
+
+# List of IP address CIDR ranges that should be allowed for federation,
+# identity servers, push servers, and for checking key validity for
+# third-party invite events. This is useful for specifying exceptions to
+# wide-ranging blacklisted target IP ranges - e.g. for communication with
+# a push server only visible in your network.
+#
+# This whitelist overrides ip_range_blacklist and defaults to an empty
+# list.
+#
+#ip_range_whitelist:
+#   - '192.168.1.1'
+
+# List of ports that Synapse should listen on, their purpose and their
+# configuration.
+#
+# Options for each listener include:
+#
+#   port: the TCP port to bind to
+#
+#   bind_addresses: a list of local addresses to listen on. The default is
+#       'all local interfaces'.
+#
+#   type: the type of listener. Normally 'http', but other valid options are:
+#       'manhole' (see docs/manhole.md),
+#       'metrics' (see docs/metrics-howto.md),
+#       'replication' (see docs/workers.md).
+#
+#   tls: set to true to enable TLS for this listener. Will use the TLS
+#       key/cert specified in tls_private_key_path / tls_certificate_path.
+#
+#   x_forwarded: Only valid for an 'http' listener. Set to true to use the
+#       X-Forwarded-For header as the client IP. Useful when Synapse is
+#       behind a reverse-proxy.
+#
+#   resources: Only valid for an 'http' listener. A list of resources to host
+#       on this port. Options for each resource are:
+#
+#       names: a list of names of HTTP resources. See below for a list of
+#           valid resource names.
+#
+#       compress: set to true to enable HTTP compression for this resource.
+#
+#   additional_resources: Only valid for an 'http' listener. A map of
+#        additional endpoints which should be loaded via dynamic modules.
+#
+# Valid resource names are:
+#
+#   client: the client-server API (/_matrix/client), and the synapse admin
+#       API (/_synapse/admin). Also implies 'media' and 'static'.
+#
+#   consent: user consent forms (/_matrix/consent). See
+#       docs/consent_tracking.md.
+#
+#   federation: the server-server API (/_matrix/federation). Also implies
+#       'media', 'keys', 'openid'
+#
+#   keys: the key discovery API (/_matrix/keys).
+#
+#   media: the media API (/_matrix/media).
+#
+#   metrics: the metrics interface. See docs/metrics-howto.md.
+#
+#   openid: OpenID authentication.
+#
+#   replication: the HTTP replication API (/_synapse/replication). See
+#       docs/workers.md.
+#
+#   static: static resources under synapse/static (/_matrix/static). (Mostly
+#       useful for 'fallback authentication'.)
+#
+#   webclient: A web client. Requires web_client_location to be set.
+#
+listeners:
+  # TLS-enabled listener: for when matrix traffic is sent directly to synapse.
+  #
+  # Disabled by default. To enable it, uncomment the following. (Note that you
+  # will also need to give Synapse a TLS key and certificate: see the TLS section
+  # below.)
+  #
+  #- port: 8448
+  #  type: http
+  #  tls: true
+  #  resources:
+  #    - names: [client, federation]
+
+  # Unsecure HTTP listener: for when matrix traffic passes through a reverse proxy
+  # that unwraps TLS.
+  #
+  # If you plan to use a reverse proxy, please see
+  # https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md.
+  #
+  - port: 8008
+    tls: false
+    type: http
+    x_forwarded: true
+    bind_addresses: ['::1', '127.0.0.1']
+
+    resources:
+      - names: [client, federation]
+        compress: false
+
+    # example additional_resources:
+    #
+    #additional_resources:
+    #  &quot;/_matrix/my/custom/endpoint&quot;:
+    #    module: my_module.CustomRequestHandler
+    #    config: {}
+
+  # Turn on the twisted ssh manhole service on localhost on the given
+  # port.
+  #
+  #- port: 9000
+  #  bind_addresses: ['::1', '127.0.0.1']
+  #  type: manhole
+
+# Forward extremities can build up in a room due to networking delays between
+# homeservers. Once this happens in a large room, calculation of the state of
+# that room can become quite expensive. To mitigate this, once the number of
+# forward extremities reaches a given threshold, Synapse will send an
+# org.matrix.dummy_event event, which will reduce the forward extremities
+# in the room.
+#
+# This setting defines the threshold (i.e. number of forward extremities in the
+# room) at which dummy events are sent. The default value is 10.
+#
+#dummy_events_threshold: 5
+
+
+## Homeserver blocking ##
+
+# How to reach the server admin, used in ResourceLimitError
+#
+#admin_contact: 'mailto:admin@server.com'
+
+# Global blocking
+#
+#hs_disabled: false
+#hs_disabled_message: 'Human readable reason for why the HS is blocked'
+
+# Monthly Active User Blocking
+#
+# Used in cases where the admin or server owner wants to limit to the
+# number of monthly active users.
+#
+# 'limit_usage_by_mau' disables/enables monthly active user blocking. When
+# enabled and a limit is reached the server returns a 'ResourceLimitError'
+# with error type Codes.RESOURCE_LIMIT_EXCEEDED
+#
+# 'max_mau_value' is the hard limit of monthly active users above which
+# the server will start blocking user actions.
+#
+# 'mau_trial_days' is a means to add a grace period for active users. It
+# means that users must be active for this number of days before they
+# can be considered active and guards against the case where lots of users
+# sign up in a short space of time never to return after their initial
+# session.
+#
+# 'mau_limit_alerting' is a means of limiting client side alerting
+# should the mau limit be reached. This is useful for small instances
+# where the admin has 5 mau seats (say) for 5 specific people and no
+# interest increasing the mau limit further. Defaults to True, which
+# means that alerting is enabled
+#
+#limit_usage_by_mau: false
+#max_mau_value: 50
+#mau_trial_days: 2
+#mau_limit_alerting: false
+
+# If enabled, the metrics for the number of monthly active users will
+# be populated, however no one will be limited. If limit_usage_by_mau
+# is true, this is implied to be true.
+#
+#mau_stats_only: false
+
+# Sometimes the server admin will want to ensure certain accounts are
+# never blocked by mau checking. These accounts are specified here.
+#
+#mau_limit_reserved_threepids:
+#  - medium: 'email'
+#    address: 'reserved_user@example.com'
+
+# Used by phonehome stats to group together related servers.
+#server_context: context
+
+# Resource-constrained homeserver settings
+#
+# When this is enabled, the room &quot;complexity&quot; will be checked before a user
+# joins a new remote room. If it is above the complexity limit, the server will
+# disallow joining, or will instantly leave.
+#
+# Room complexity is an arbitrary measure based on factors such as the number of
+# users in the room.
+#
+limit_remote_rooms:
+  # Uncomment to enable room complexity checking.
+  #
+  #enabled: true
+
+  # the limit above which rooms cannot be joined. The default is 1.0.
+  #
+  #complexity: 0.5
+
+  # override the error which is returned when the room is too complex.
+  #
+  #complexity_error: &quot;This room is too complex.&quot;
+
+  # allow server admins to join complex rooms. Default is false.
+  #
+  #admins_can_join: true
+
+# Whether to require a user to be in the room to add an alias to it.
+# Defaults to 'true'.
+#
+#require_membership_for_aliases: false
+
+# Whether to allow per-room membership profiles through the send of membership
+# events with profile information that differ from the target's global profile.
+# Defaults to 'true'.
+#
+#allow_per_room_profiles: false
+
+# How long to keep redacted events in unredacted form in the database. After
+# this period redacted events get replaced with their redacted form in the DB.
+#
+# Defaults to `7d`. Set to `null` to disable.
+#
+#redaction_retention_period: 28d
+
+# How long to track users' last seen time and IPs in the database.
+#
+# Defaults to `28d`. Set to `null` to disable clearing out of old rows.
+#
+#user_ips_max_age: 14d
+
+# Message retention policy at the server level.
+#
+# Room admins and mods can define a retention period for their rooms using the
+# 'm.room.retention' state event, and server admins can cap this period by setting
+# the 'allowed_lifetime_min' and 'allowed_lifetime_max' config options.
+#
+# If this feature is enabled, Synapse will regularly look for and purge events
+# which are older than the room's maximum retention period. Synapse will also
+# filter events received over federation so that events that should have been
+# purged are ignored and not stored again.
+#
+retention:
+  # The message retention policies feature is disabled by default. Uncomment the
+  # following line to enable it.
+  #
+  #enabled: true
+
+  # Default retention policy. If set, Synapse will apply it to rooms that lack the
+  # 'm.room.retention' state event. Currently, the value of 'min_lifetime' doesn't
+  # matter much because Synapse doesn't take it into account yet.
+  #
+  #default_policy:
+  #  min_lifetime: 1d
+  #  max_lifetime: 1y
+
+  # Retention policy limits. If set, and the state of a room contains a
+  # 'm.room.retention' event in its state which contains a 'min_lifetime' or a
+  # 'max_lifetime' that's out of these bounds, Synapse will cap the room's policy
+  # to these limits when running purge jobs.
+  #
+  #allowed_lifetime_min: 1d
+  #allowed_lifetime_max: 1y
+
+  # Server admins can define the settings of the background jobs purging the
+  # events which lifetime has expired under the 'purge_jobs' section.
+  #
+  # If no configuration is provided, a single job will be set up to delete expired
+  # events in every room daily.
+  #
+  # Each job's configuration defines which range of message lifetimes the job
+  # takes care of. For example, if 'shortest_max_lifetime' is '2d' and
+  # 'longest_max_lifetime' is '3d', the job will handle purging expired events in
+  # rooms whose state defines a 'max_lifetime' that's both higher than 2 days, and
+  # lower than or equal to 3 days. Both the minimum and the maximum value of a
+  # range are optional, e.g. a job with no 'shortest_max_lifetime' and a
+  # 'longest_max_lifetime' of '3d' will handle every room with a retention policy
+  # which 'max_lifetime' is lower than or equal to three days.
+  #
+  # The rationale for this per-job configuration is that some rooms might have a
+  # retention policy with a low 'max_lifetime', where history needs to be purged
+  # of outdated messages on a more frequent basis than for the rest of the rooms
+  # (e.g. every 12h), but not want that purge to be performed by a job that's
+  # iterating over every room it knows, which could be heavy on the server.
+  #
+  # If any purge job is configured, it is strongly recommended to have at least
+  # a single job with neither 'shortest_max_lifetime' nor 'longest_max_lifetime'
+  # set, or one job without 'shortest_max_lifetime' and one job without
+  # 'longest_max_lifetime' set. Otherwise some rooms might be ignored, even if
+  # 'allowed_lifetime_min' and 'allowed_lifetime_max' are set, because capping a
+  # room's policy to these values is done after the policies are retrieved from
+  # Synapse's database (which is done using the range specified in a purge job's
+  # configuration).
+  #
+  #purge_jobs:
+  #  - longest_max_lifetime: 3d
+  #    interval: 12h
+  #  - shortest_max_lifetime: 3d
+  #    interval: 1d
+
+# Inhibits the /requestToken endpoints from returning an error that might leak
+# information about whether an e-mail address is in use or not on this
+# homeserver.
+# Note that for some endpoints the error situation is the e-mail already being
+# used, and for others the error is entering the e-mail being unused.
+# If this option is enabled, instead of returning an error, these endpoints will
+# act as if no error happened and return a fake session ID ('sid') to clients.
+#
+#request_token_inhibit_3pid_errors: true
+
+# A list of domains that the domain portion of 'next_link' parameters
+# must match.
+#
+# This parameter is optionally provided by clients while requesting
+# validation of an email or phone number, and maps to a link that
+# users will be automatically redirected to after validation
+# succeeds. Clients can make use this parameter to aid the validation
+# process.
+#
+# The whitelist is applied whether the homeserver or an
+# identity server is handling validation.
+#
+# The default value is no whitelist functionality; all domains are
+# allowed. Setting this value to an empty list will instead disallow
+# all domains.
+#
+#next_link_domain_whitelist: [&quot;matrix.org&quot;]
+
+
+## TLS ##
+
+# PEM-encoded X509 certificate for TLS.
+# This certificate, as of Synapse 1.0, will need to be a valid and verifiable
+# certificate, signed by a recognised Certificate Authority.
+#
+# Be sure to use a `.pem` file that includes the full certificate chain including
+# any intermediate certificates (for instance, if using certbot, use
+# `fullchain.pem` as your certificate, not `cert.pem`).
+#
+#tls_certificate_path: &quot;CONFDIR/SERVERNAME.tls.crt&quot;
+
+# PEM-encoded private key for TLS
+#
+#tls_private_key_path: &quot;CONFDIR/SERVERNAME.tls.key&quot;
+
+# Whether to verify TLS server certificates for outbound federation requests.
+#
+# Defaults to `true`. To disable certificate verification, uncomment the
+# following line.
+#
+#federation_verify_certificates: false
+
+# The minimum TLS version that will be used for outbound federation requests.
+#
+# Defaults to `1`. Configurable to `1`, `1.1`, `1.2`, or `1.3`. Note
+# that setting this value higher than `1.2` will prevent federation to most
+# of the public Matrix network: only configure it to `1.3` if you have an
+# entirely private federation setup and you can ensure TLS 1.3 support.
+#
+#federation_client_minimum_tls_version: 1.2
+
+# Skip federation certificate verification on the following whitelist
+# of domains.
+#
+# This setting should only be used in very specific cases, such as
+# federation over Tor hidden services and similar. For private networks
+# of homeservers, you likely want to use a private CA instead.
+#
+# Only effective if federation_verify_certicates is `true`.
+#
+#federation_certificate_verification_whitelist:
+#  - lon.example.com
+#  - *.domain.com
+#  - *.onion
+
+# List of custom certificate authorities for federation traffic.
+#
+# This setting should only normally be used within a private network of
+# homeservers.
+#
+# Note that this list will replace those that are provided by your
+# operating environment. Certificates must be in PEM format.
+#
+#federation_custom_ca_list:
+#  - myCA1.pem
+#  - myCA2.pem
+#  - myCA3.pem
+
+
+## Federation ##
+
+# Restrict federation to the following whitelist of domains.
+# N.B. we recommend also firewalling your federation listener to limit
+# inbound federation traffic as early as possible, rather than relying
+# purely on this application-layer restriction.  If not specified, the
+# default is to whitelist everything.
+#
+#federation_domain_whitelist:
+#  - lon.example.com
+#  - nyc.example.com
+#  - syd.example.com
+
+# Report prometheus metrics on the age of PDUs being sent to and received from
+# the following domains. This can be used to give an idea of &quot;delay&quot; on inbound
+# and outbound federation, though be aware that any delay can be due to problems
+# at either end or with the intermediate network.
+#
+# By default, no domains are monitored in this way.
+#
+#federation_metrics_domains:
+#  - matrix.org
+#  - example.com
+
+# Uncomment to disable profile lookup over federation. By default, the
+# Federation API allows other homeservers to obtain profile data of any user
+# on this homeserver. Defaults to 'true'.
+#
+#allow_profile_lookup_over_federation: false
+
+# Uncomment to disable device display name lookup over federation. By default, the
+# Federation API allows other homeservers to obtain device display names of any user
+# on this homeserver. Defaults to 'true'.
+#
+#allow_device_name_lookup_over_federation: false
+
+
+## Caching ##
+
+# Caching can be configured through the following options.
+#
+# A cache 'factor' is a multiplier that can be applied to each of
+# Synapse's caches in order to increase or decrease the maximum
+# number of entries that can be stored.
+
+# The number of events to cache in memory. Not affected by
+# caches.global_factor.
+#
+#event_cache_size: 10K
+
+caches:
+  # Controls the global cache factor, which is the default cache factor
+  # for all caches if a specific factor for that cache is not otherwise
+  # set.
+  #
+  # This can also be set by the &quot;SYNAPSE_CACHE_FACTOR&quot; environment
+  # variable. Setting by environment variable takes priority over
+  # setting through the config file.
+  #
+  # Defaults to 0.5, which will half the size of all caches.
+  #
+  #global_factor: 1.0
+
+  # A dictionary of cache name to cache factor for that individual
+  # cache. Overrides the global cache factor for a given cache.
+  #
+  # These can also be set through environment variables comprised
+  # of &quot;SYNAPSE_CACHE_FACTOR_&quot; + the name of the cache in capital
+  # letters and underscores. Setting by environment variable
+  # takes priority over setting through the config file.
+  # Ex. SYNAPSE_CACHE_FACTOR_GET_USERS_WHO_SHARE_ROOM_WITH_USER=2.0
+  #
+  # Some caches have '*' and other characters that are not
+  # alphanumeric or underscores. These caches can be named with or
+  # without the special characters stripped. For example, to specify
+  # the cache factor for `*stateGroupCache*` via an environment
+  # variable would be `SYNAPSE_CACHE_FACTOR_STATEGROUPCACHE=2.0`.
+  #
+  per_cache_factors:
+    #get_users_who_share_room_with_user: 2.0
+
+  # Controls how long an entry can be in a cache without having been
+  # accessed before being evicted. Defaults to None, which means
+  # entries are never evicted based on time.
+  #
+  #expiry_time: 30m
+
+
+## Database ##
+
+# The 'database' setting defines the database that synapse uses to store all of
+# its data.
+#
+# 'name' gives the database engine to use: either 'sqlite3' (for SQLite) or
+# 'psycopg2' (for PostgreSQL).
+#
+# 'args' gives options which are passed through to the database engine,
+# except for options starting 'cp_', which are used to configure the Twisted
+# connection pool. For a reference to valid arguments, see:
+#   * for sqlite: https://docs.python.org/3/library/sqlite3.html#sqlite3.connect
+#   * for postgres: https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS
+#   * for the connection pool: https://twistedmatrix.com/documents/current/api/twisted.enterprise.adbapi.ConnectionPool.html#__init__
+#
+#
+# Example SQLite configuration:
+#
+#database:
+#  name: sqlite3
+#  args:
+#    database: /path/to/homeserver.db
+#
+#
+# Example Postgres configuration:
+#
+#database:
+#  name: psycopg2
+#  args:
+#    user: synapse_user
+#    password: secretpassword
+#    database: synapse
+#    host: localhost
+#    port: 5432
+#    cp_min: 5
+#    cp_max: 10
+#
+# For more information on using Synapse with Postgres, see `docs/postgres.md`.
+#
+database:
+  name: sqlite3
+  args:
+    database: DATADIR/homeserver.db
+
+
+## Logging ##
+
+# A yaml python logging config file as described by
+# https://docs.python.org/3.7/library/logging.config.html#configuration-dictionary-schema
+#
+log_config: &quot;CONFDIR/SERVERNAME.log.config&quot;
+
+
+## Ratelimiting ##
+
+# Ratelimiting settings for client actions (registration, login, messaging).
+#
+# Each ratelimiting configuration is made of two parameters:
+#   - per_second: number of requests a client can send per second.
+#   - burst_count: number of requests a client can send before being throttled.
+#
+# Synapse currently uses the following configurations:
+#   - one for messages that ratelimits sending based on the account the client
+#     is using
+#   - one for registration that ratelimits registration requests based on the
+#     client's IP address.
+#   - one for login that ratelimits login requests based on the client's IP
+#     address.
+#   - one for login that ratelimits login requests based on the account the
+#     client is attempting to log into.
+#   - one for login that ratelimits login requests based on the account the
+#     client is attempting to log into, based on the amount of failed login
+#     attempts for this account.
+#   - one for ratelimiting redactions by room admins. If this is not explicitly
+#     set then it uses the same ratelimiting as per rc_message. This is useful
+#     to allow room admins to deal with abuse quickly.
+#   - two for ratelimiting number of rooms a user can join, &quot;local&quot; for when
+#     users are joining rooms the server is already in (this is cheap) vs
+#     &quot;remote&quot; for when users are trying to join rooms not on the server (which
+#     can be more expensive)
+#   - one for ratelimiting how often a user or IP can attempt to validate a 3PID.
+#   - two for ratelimiting how often invites can be sent in a room or to a
+#     specific user.
+#
+# The defaults are as shown below.
+#
+#rc_message:
+#  per_second: 0.2
+#  burst_count: 10
+#
+#rc_registration:
+#  per_second: 0.17
+#  burst_count: 3
+#
+#rc_login:
+#  address:
+#    per_second: 0.17
+#    burst_count: 3
+#  account:
+#    per_second: 0.17
+#    burst_count: 3
+#  failed_attempts:
+#    per_second: 0.17
+#    burst_count: 3
+#
+#rc_admin_redaction:
+#  per_second: 1
+#  burst_count: 50
+#
+#rc_joins:
+#  local:
+#    per_second: 0.1
+#    burst_count: 10
+#  remote:
+#    per_second: 0.01
+#    burst_count: 10
+#
+#rc_3pid_validation:
+#  per_second: 0.003
+#  burst_count: 5
+#
+#rc_invites:
+#  per_room:
+#    per_second: 0.3
+#    burst_count: 10
+#  per_user:
+#    per_second: 0.003
+#    burst_count: 5
+
+# Ratelimiting settings for incoming federation
+#
+# The rc_federation configuration is made up of the following settings:
+#   - window_size: window size in milliseconds
+#   - sleep_limit: number of federation requests from a single server in
+#     a window before the server will delay processing the request.
+#   - sleep_delay: duration in milliseconds to delay processing events
+#     from remote servers by if they go over the sleep limit.
+#   - reject_limit: maximum number of concurrent federation requests
+#     allowed from a single server
+#   - concurrent: number of federation requests to concurrently process
+#     from a single server
+#
+# The defaults are as shown below.
+#
+#rc_federation:
+#  window_size: 1000
+#  sleep_limit: 10
+#  sleep_delay: 500
+#  reject_limit: 50
+#  concurrent: 3
+
+# Target outgoing federation transaction frequency for sending read-receipts,
+# per-room.
+#
+# If we end up trying to send out more read-receipts, they will get buffered up
+# into fewer transactions.
+#
+#federation_rr_transactions_per_room_per_second: 50
+
+
+
+## Media Store ##
+
+# Enable the media store service in the Synapse master. Uncomment the
+# following if you are using a separate media store worker.
+#
+#enable_media_repo: false
+
+# Directory where uploaded images and attachments are stored.
+#
+media_store_path: &quot;DATADIR/media_store&quot;
+
+# Media storage providers allow media to be stored in different
+# locations.
+#
+#media_storage_providers:
+#  - module: file_system
+#    # Whether to store newly uploaded local files
+#    store_local: false
+#    # Whether to store newly downloaded remote files
+#    store_remote: false
+#    # Whether to wait for successful storage for local uploads
+#    store_synchronous: false
+#    config:
+#       directory: /mnt/some/other/directory
+
+# The largest allowed upload size in bytes
+#
+# If you are using a reverse proxy you may also need to set this value in
+# your reverse proxy's config. Notably Nginx has a small max body size by default.
+# See https://matrix-org.github.io/synapse/develop/reverse_proxy.html.
+#
+#max_upload_size: 50M
+
+# Maximum number of pixels that will be thumbnailed
+#
+#max_image_pixels: 32M
+
+# Whether to generate new thumbnails on the fly to precisely match
+# the resolution requested by the client. If true then whenever
+# a new resolution is requested by the client the server will
+# generate a new thumbnail. If false the server will pick a thumbnail
+# from a precalculated list.
+#
+#dynamic_thumbnails: false
+
+# List of thumbnails to precalculate when an image is uploaded.
+#
+#thumbnail_sizes:
+#  - width: 32
+#    height: 32
+#    method: crop
+#  - width: 96
+#    height: 96
+#    method: crop
+#  - width: 320
+#    height: 240
+#    method: scale
+#  - width: 640
+#    height: 480
+#    method: scale
+#  - width: 800
+#    height: 600
+#    method: scale
+
+# Is the preview URL API enabled?
+#
+# 'false' by default: uncomment the following to enable it (and specify a
+# url_preview_ip_range_blacklist blacklist).
+#
+#url_preview_enabled: true
+
+# List of IP address CIDR ranges that the URL preview spider is denied
+# from accessing.  There are no defaults: you must explicitly
+# specify a list for URL previewing to work.  You should specify any
+# internal services in your network that you do not want synapse to try
+# to connect to, otherwise anyone in any Matrix room could cause your
+# synapse to issue arbitrary GET requests to your internal services,
+# causing serious security issues.
+#
+# (0.0.0.0 and :: are always blacklisted, whether or not they are explicitly
+# listed here, since they correspond to unroutable addresses.)
+#
+# This must be specified if url_preview_enabled is set. It is recommended that
+# you uncomment the following list as a starting point.
+#
+#url_preview_ip_range_blacklist:
+#  - '127.0.0.0/8'
+#  - '10.0.0.0/8'
+#  - '172.16.0.0/12'
+#  - '192.168.0.0/16'
+#  - '100.64.0.0/10'
+#  - '192.0.0.0/24'
+#  - '169.254.0.0/16'
+#  - '192.88.99.0/24'
+#  - '198.18.0.0/15'
+#  - '192.0.2.0/24'
+#  - '198.51.100.0/24'
+#  - '203.0.113.0/24'
+#  - '224.0.0.0/4'
+#  - '::1/128'
+#  - 'fe80::/10'
+#  - 'fc00::/7'
+#  - '2001:db8::/32'
+#  - 'ff00::/8'
+#  - 'fec0::/10'
+
+# List of IP address CIDR ranges that the URL preview spider is allowed
+# to access even if they are specified in url_preview_ip_range_blacklist.
+# This is useful for specifying exceptions to wide-ranging blacklisted
+# target IP ranges - e.g. for enabling URL previews for a specific private
+# website only visible in your network.
+#
+#url_preview_ip_range_whitelist:
+#   - '192.168.1.1'
+
+# Optional list of URL matches that the URL preview spider is
+# denied from accessing.  You should use url_preview_ip_range_blacklist
+# in preference to this, otherwise someone could define a public DNS
+# entry that points to a private IP address and circumvent the blacklist.
+# This is more useful if you know there is an entire shape of URL that
+# you know that will never want synapse to try to spider.
+#
+# Each list entry is a dictionary of url component attributes as returned
+# by urlparse.urlsplit as applied to the absolute form of the URL.  See
+# https://docs.python.org/2/library/urlparse.html#urlparse.urlsplit
+# The values of the dictionary are treated as an filename match pattern
+# applied to that component of URLs, unless they start with a ^ in which
+# case they are treated as a regular expression match.  If all the
+# specified component matches for a given list item succeed, the URL is
+# blacklisted.
+#
+#url_preview_url_blacklist:
+#  # blacklist any URL with a username in its URI
+#  - username: '*'
+#
+#  # blacklist all *.google.com URLs
+#  - netloc: 'google.com'
+#  - netloc: '*.google.com'
+#
+#  # blacklist all plain HTTP URLs
+#  - scheme: 'http'
+#
+#  # blacklist http(s)://www.acme.com/foo
+#  - netloc: 'www.acme.com'
+#    path: '/foo'
+#
+#  # blacklist any URL with a literal IPv4 address
+#  - netloc: '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'
+
+# The largest allowed URL preview spidering size in bytes
+#
+#max_spider_size: 10M
+
+# A list of values for the Accept-Language HTTP header used when
+# downloading webpages during URL preview generation. This allows
+# Synapse to specify the preferred languages that URL previews should
+# be in when communicating with remote servers.
+#
+# Each value is a IETF language tag; a 2-3 letter identifier for a
+# language, optionally followed by subtags separated by '-', specifying
+# a country or region variant.
+#
+# Multiple values can be provided, and a weight can be added to each by
+# using quality value syntax (;q=). '*' translates to any language.
+#
+# Defaults to &quot;en&quot;.
+#
+# Example:
+#
+# url_preview_accept_language:
+#   - en-UK
+#   - en-US;q=0.9
+#   - fr;q=0.8
+#   - *;q=0.7
+#
+url_preview_accept_language:
+#   - en
+
+
+## Captcha ##
+# See docs/CAPTCHA_SETUP.md for full details of configuring this.
+
+# This homeserver's ReCAPTCHA public key. Must be specified if
+# enable_registration_captcha is enabled.
+#
+#recaptcha_public_key: &quot;YOUR_PUBLIC_KEY&quot;
+
+# This homeserver's ReCAPTCHA private key. Must be specified if
+# enable_registration_captcha is enabled.
+#
+#recaptcha_private_key: &quot;YOUR_PRIVATE_KEY&quot;
+
+# Uncomment to enable ReCaptcha checks when registering, preventing signup
+# unless a captcha is answered. Requires a valid ReCaptcha
+# public/private key. Defaults to 'false'.
+#
+#enable_registration_captcha: true
+
+# The API endpoint to use for verifying m.login.recaptcha responses.
+# Defaults to &quot;https://www.recaptcha.net/recaptcha/api/siteverify&quot;.
+#
+#recaptcha_siteverify_api: &quot;https://my.recaptcha.site&quot;
+
+
+## TURN ##
+
+# The public URIs of the TURN server to give to clients
+#
+#turn_uris: []
+
+# The shared secret used to compute passwords for the TURN server
+#
+#turn_shared_secret: &quot;YOUR_SHARED_SECRET&quot;
+
+# The Username and password if the TURN server needs them and
+# does not use a token
+#
+#turn_username: &quot;TURNSERVER_USERNAME&quot;
+#turn_password: &quot;TURNSERVER_PASSWORD&quot;
+
+# How long generated TURN credentials last
+#
+#turn_user_lifetime: 1h
+
+# Whether guests should be allowed to use the TURN server.
+# This defaults to True, otherwise VoIP will be unreliable for guests.
+# However, it does introduce a slight security risk as it allows users to
+# connect to arbitrary endpoints without having first signed up for a
+# valid account (e.g. by passing a CAPTCHA).
+#
+#turn_allow_guests: true
+
+
+## Registration ##
+#
+# Registration can be rate-limited using the parameters in the &quot;Ratelimiting&quot;
+# section of this file.
+
+# Enable registration for new users.
+#
+#enable_registration: false
+
+# Time that a user's session remains valid for, after they log in.
+#
+# Note that this is not currently compatible with guest logins.
+#
+# Note also that this is calculated at login time: changes are not applied
+# retrospectively to users who have already logged in.
+#
+# By default, this is infinite.
+#
+#session_lifetime: 24h
+
+# The user must provide all of the below types of 3PID when registering.
+#
+#registrations_require_3pid:
+#  - email
+#  - msisdn
+
+# Explicitly disable asking for MSISDNs from the registration
+# flow (overrides registrations_require_3pid if MSISDNs are set as required)
+#
+#disable_msisdn_registration: true
+
+# Mandate that users are only allowed to associate certain formats of
+# 3PIDs with accounts on this server.
+#
+#allowed_local_3pids:
+#  - medium: email
+#    pattern: '^[^@]+@matrix\.org$'
+#  - medium: email
+#    pattern: '^[^@]+@vector\.im$'
+#  - medium: msisdn
+#    pattern: '\+44'
+
+# Enable 3PIDs lookup requests to identity servers from this server.
+#
+#enable_3pid_lookup: true
+
+# If set, allows registration of standard or admin accounts by anyone who
+# has the shared secret, even if registration is otherwise disabled.
+#
+#registration_shared_secret: &lt;PRIVATE STRING&gt;
+
+# Set the number of bcrypt rounds used to generate password hash.
+# Larger numbers increase the work factor needed to generate the hash.
+# The default number is 12 (which equates to 2^12 rounds).
+# N.B. that increasing this will exponentially increase the time required
+# to register or login - e.g. 24 =&gt; 2^24 rounds which will take &gt;20 mins.
+#
+#bcrypt_rounds: 12
+
+# Allows users to register as guests without a password/email/etc, and
+# participate in rooms hosted on this server which have been made
+# accessible to anonymous users.
+#
+#allow_guest_access: false
+
+# The identity server which we suggest that clients should use when users log
+# in on this server.
+#
+# (By default, no suggestion is made, so it is left up to the client.
+# This setting is ignored unless public_baseurl is also set.)
+#
+#default_identity_server: https://matrix.org
+
+# Handle threepid (email/phone etc) registration and password resets through a set of
+# *trusted* identity servers. Note that this allows the configured identity server to
+# reset passwords for accounts!
+#
+# Be aware that if `email` is not set, and SMTP options have not been
+# configured in the email config block, registration and user password resets via
+# email will be globally disabled.
+#
+# Additionally, if `msisdn` is not set, registration and password resets via msisdn
+# will be disabled regardless, and users will not be able to associate an msisdn
+# identifier to their account. This is due to Synapse currently not supporting
+# any method of sending SMS messages on its own.
+#
+# To enable using an identity server for operations regarding a particular third-party
+# identifier type, set the value to the URL of that identity server as shown in the
+# examples below.
+#
+# Servers handling the these requests must answer the `/requestToken` endpoints defined
+# by the Matrix Identity Service API specification:
+# https://matrix.org/docs/spec/identity_service/latest
+#
+# If a delegate is specified, the config option public_baseurl must also be filled out.
+#
+account_threepid_delegates:
+    #email: https://example.com     # Delegate email sending to example.com
+    #msisdn: http://localhost:8090  # Delegate SMS sending to this local process
+
+# Whether users are allowed to change their displayname after it has
+# been initially set. Useful when provisioning users based on the
+# contents of a third-party directory.
+#
+# Does not apply to server administrators. Defaults to 'true'
+#
+#enable_set_displayname: false
+
+# Whether users are allowed to change their avatar after it has been
+# initially set. Useful when provisioning users based on the contents
+# of a third-party directory.
+#
+# Does not apply to server administrators. Defaults to 'true'
+#
+#enable_set_avatar_url: false
+
+# Whether users can change the 3PIDs associated with their accounts
+# (email address and msisdn).
+#
+# Defaults to 'true'
+#
+#enable_3pid_changes: false
+
+# Users who register on this homeserver will automatically be joined
+# to these rooms.
+#
+# By default, any room aliases included in this list will be created
+# as a publicly joinable room when the first user registers for the
+# homeserver. This behaviour can be customised with the settings below.
+# If the room already exists, make certain it is a publicly joinable
+# room. The join rule of the room must be set to 'public'.
+#
+#auto_join_rooms:
+#  - &quot;#example:example.com&quot;
+
+# Where auto_join_rooms are specified, setting this flag ensures that the
+# the rooms exist by creating them when the first user on the
+# homeserver registers.
+#
+# By default the auto-created rooms are publicly joinable from any federated
+# server. Use the autocreate_auto_join_rooms_federated and
+# autocreate_auto_join_room_preset settings below to customise this behaviour.
+#
+# Setting to false means that if the rooms are not manually created,
+# users cannot be auto-joined since they do not exist.
+#
+# Defaults to true. Uncomment the following line to disable automatically
+# creating auto-join rooms.
+#
+#autocreate_auto_join_rooms: false
+
+# Whether the auto_join_rooms that are auto-created are available via
+# federation. Only has an effect if autocreate_auto_join_rooms is true.
+#
+# Note that whether a room is federated cannot be modified after
+# creation.
+#
+# Defaults to true: the room will be joinable from other servers.
+# Uncomment the following to prevent users from other homeservers from
+# joining these rooms.
+#
+#autocreate_auto_join_rooms_federated: false
+
+# The room preset to use when auto-creating one of auto_join_rooms. Only has an
+# effect if autocreate_auto_join_rooms is true.
+#
+# This can be one of &quot;public_chat&quot;, &quot;private_chat&quot;, or &quot;trusted_private_chat&quot;.
+# If a value of &quot;private_chat&quot; or &quot;trusted_private_chat&quot; is used then
+# auto_join_mxid_localpart must also be configured.
+#
+# Defaults to &quot;public_chat&quot;, meaning that the room is joinable by anyone, including
+# federated servers if autocreate_auto_join_rooms_federated is true (the default).
+# Uncomment the following to require an invitation to join these rooms.
+#
+#autocreate_auto_join_room_preset: private_chat
+
+# The local part of the user id which is used to create auto_join_rooms if
+# autocreate_auto_join_rooms is true. If this is not provided then the
+# initial user account that registers will be used to create the rooms.
+#
+# The user id is also used to invite new users to any auto-join rooms which
+# are set to invite-only.
+#
+# It *must* be configured if autocreate_auto_join_room_preset is set to
+# &quot;private_chat&quot; or &quot;trusted_private_chat&quot;.
+#
+# Note that this must be specified in order for new users to be correctly
+# invited to any auto-join rooms which have been set to invite-only (either
+# at the time of creation or subsequently).
+#
+# Note that, if the room already exists, this user must be joined and
+# have the appropriate permissions to invite new members.
+#
+#auto_join_mxid_localpart: system
+
+# When auto_join_rooms is specified, setting this flag to false prevents
+# guest accounts from being automatically joined to the rooms.
+#
+# Defaults to true.
+#
+#auto_join_rooms_for_guests: false
+
+
+## Account Validity ##
+
+# Optional account validity configuration. This allows for accounts to be denied
+# any request after a given period.
+#
+# Once this feature is enabled, Synapse will look for registered users without an
+# expiration date at startup and will add one to every account it found using the
+# current settings at that time.
+# This means that, if a validity period is set, and Synapse is restarted (it will
+# then derive an expiration date from the current validity period), and some time
+# after that the validity period changes and Synapse is restarted, the users'
+# expiration dates won't be updated unless their account is manually renewed. This
+# date will be randomly selected within a range [now + period - d ; now + period],
+# where d is equal to 10% of the validity period.
+#
+account_validity:
+  # The account validity feature is disabled by default. Uncomment the
+  # following line to enable it.
+  #
+  #enabled: true
+
+  # The period after which an account is valid after its registration. When
+  # renewing the account, its validity period will be extended by this amount
+  # of time. This parameter is required when using the account validity
+  # feature.
+  #
+  #period: 6w
+
+  # The amount of time before an account's expiry date at which Synapse will
+  # send an email to the account's email address with a renewal link. By
+  # default, no such emails are sent.
+  #
+  # If you enable this setting, you will also need to fill out the 'email' and
+  # 'public_baseurl' configuration sections.
+  #
+  #renew_at: 1w
+
+  # The subject of the email sent out with the renewal link. '%(app)s' can be
+  # used as a placeholder for the 'app_name' parameter from the 'email'
+  # section.
+  #
+  # Note that the placeholder must be written '%(app)s', including the
+  # trailing 's'.
+  #
+  # If this is not set, a default value is used.
+  #
+  #renew_email_subject: &quot;Renew your %(app)s account&quot;
+
+  # Directory in which Synapse will try to find templates for the HTML files to
+  # serve to the user when trying to renew an account. If not set, default
+  # templates from within the Synapse package will be used.
+  #
+  # The currently available templates are:
+  #
+  # * account_renewed.html: Displayed to the user after they have successfully
+  #       renewed their account.
+  #
+  # * account_previously_renewed.html: Displayed to the user if they attempt to
+  #       renew their account with a token that is valid, but that has already
+  #       been used. In this case the account is not renewed again.
+  #
+  # * invalid_token.html: Displayed to the user when they try to renew an account
+  #       with an unknown or invalid renewal token.
+  #
+  # See https://github.com/matrix-org/synapse/tree/master/synapse/res/templates for
+  # default template contents.
+  #
+  # The file name of some of these templates can be configured below for legacy
+  # reasons.
+  #
+  #template_dir: &quot;res/templates&quot;
+
+  # A custom file name for the 'account_renewed.html' template.
+  #
+  # If not set, the file is assumed to be named &quot;account_renewed.html&quot;.
+  #
+  #account_renewed_html_path: &quot;account_renewed.html&quot;
+
+  # A custom file name for the 'invalid_token.html' template.
+  #
+  # If not set, the file is assumed to be named &quot;invalid_token.html&quot;.
+  #
+  #invalid_token_html_path: &quot;invalid_token.html&quot;
+
+
+## Metrics ###
+
+# Enable collection and rendering of performance metrics
+#
+#enable_metrics: false
+
+# Enable sentry integration
+# NOTE: While attempts are made to ensure that the logs don't contain
+# any sensitive information, this cannot be guaranteed. By enabling
+# this option the sentry server may therefore receive sensitive
+# information, and it in turn may then diseminate sensitive information
+# through insecure notification channels if so configured.
+#
+#sentry:
+#    dsn: &quot;...&quot;
+
+# Flags to enable Prometheus metrics which are not suitable to be
+# enabled by default, either for performance reasons or limited use.
+#
+metrics_flags:
+    # Publish synapse_federation_known_servers, a gauge of the number of
+    # servers this homeserver knows about, including itself. May cause
+    # performance problems on large homeservers.
+    #
+    #known_servers: true
+
+# Whether or not to report anonymized homeserver usage statistics.
+#
+#report_stats: true|false
+
+# The endpoint to report the anonymized homeserver usage statistics to.
+# Defaults to https://matrix.org/report-usage-stats/push
+#
+#report_stats_endpoint: https://example.com/report-usage-stats/push
+
+
+## API Configuration ##
+
+# Controls for the state that is shared with users who receive an invite
+# to a room
+#
+room_prejoin_state:
+   # By default, the following state event types are shared with users who
+   # receive invites to the room:
+   #
+   # - m.room.join_rules
+   # - m.room.canonical_alias
+   # - m.room.avatar
+   # - m.room.encryption
+   # - m.room.name
+   # - m.room.create
+   #
+   # Uncomment the following to disable these defaults (so that only the event
+   # types listed in 'additional_event_types' are shared). Defaults to 'false'.
+   #
+   #disable_default_event_types: true
+
+   # Additional state event types to share with users when they are invited
+   # to a room.
+   #
+   # By default, this list is empty (so only the default event types are shared).
+   #
+   #additional_event_types:
+   #  - org.example.custom.event.type
+
+
+# A list of application service config files to use
+#
+#app_service_config_files:
+#  - app_service_1.yaml
+#  - app_service_2.yaml
+
+# Uncomment to enable tracking of application service IP addresses. Implicitly
+# enables MAU tracking for application service users.
+#
+#track_appservice_user_ips: true
+
+
+# a secret which is used to sign access tokens. If none is specified,
+# the registration_shared_secret is used, if one is given; otherwise,
+# a secret key is derived from the signing key.
+#
+#macaroon_secret_key: &lt;PRIVATE STRING&gt;
+
+# a secret which is used to calculate HMACs for form values, to stop
+# falsification of values. Must be specified for the User Consent
+# forms to work.
+#
+#form_secret: &lt;PRIVATE STRING&gt;
+
+## Signing Keys ##
+
+# Path to the signing key to sign messages with
+#
+signing_key_path: &quot;CONFDIR/SERVERNAME.signing.key&quot;
+
+# The keys that the server used to sign messages with but won't use
+# to sign new messages.
+#
+old_signing_keys:
+  # For each key, `key` should be the base64-encoded public key, and
+  # `expired_ts`should be the time (in milliseconds since the unix epoch) that
+  # it was last used.
+  #
+  # It is possible to build an entry from an old signing.key file using the
+  # `export_signing_key` script which is provided with synapse.
+  #
+  # For example:
+  #
+  #&quot;ed25519:id&quot;: { key: &quot;base64string&quot;, expired_ts: 123456789123 }
+
+# How long key response published by this server is valid for.
+# Used to set the valid_until_ts in /key/v2 APIs.
+# Determines how quickly servers will query to check which keys
+# are still valid.
+#
+#key_refresh_interval: 1d
+
+# The trusted servers to download signing keys from.
+#
+# When we need to fetch a signing key, each server is tried in parallel.
+#
+# Normally, the connection to the key server is validated via TLS certificates.
+# Additional security can be provided by configuring a `verify key`, which
+# will make synapse check that the response is signed by that key.
+#
+# This setting supercedes an older setting named `perspectives`. The old format
+# is still supported for backwards-compatibility, but it is deprecated.
+#
+# 'trusted_key_servers' defaults to matrix.org, but using it will generate a
+# warning on start-up. To suppress this warning, set
+# 'suppress_key_server_warning' to true.
+#
+# Options for each entry in the list include:
+#
+#    server_name: the name of the server. required.
+#
+#    verify_keys: an optional map from key id to base64-encoded public key.
+#       If specified, we will check that the response is signed by at least
+#       one of the given keys.
+#
+#    accept_keys_insecurely: a boolean. Normally, if `verify_keys` is unset,
+#       and federation_verify_certificates is not `true`, synapse will refuse
+#       to start, because this would allow anyone who can spoof DNS responses
+#       to masquerade as the trusted key server. If you know what you are doing
+#       and are sure that your network environment provides a secure connection
+#       to the key server, you can set this to `true` to override this
+#       behaviour.
+#
+# An example configuration might look like:
+#
+#trusted_key_servers:
+#  - server_name: &quot;my_trusted_server.example.com&quot;
+#    verify_keys:
+#      &quot;ed25519:auto&quot;: &quot;abcdefghijklmnopqrstuvwxyzabcdefghijklmopqr&quot;
+#  - server_name: &quot;my_other_trusted_server.example.com&quot;
+#
+trusted_key_servers:
+  - server_name: &quot;matrix.org&quot;
+
+# Uncomment the following to disable the warning that is emitted when the
+# trusted_key_servers include 'matrix.org'. See above.
+#
+#suppress_key_server_warning: true
+
+# The signing keys to use when acting as a trusted key server. If not specified
+# defaults to the server signing key.
+#
+# Can contain multiple keys, one per line.
+#
+#key_server_signing_keys_path: &quot;key_server_signing_keys.key&quot;
+
+
+## Single sign-on integration ##
+
+# The following settings can be used to make Synapse use a single sign-on
+# provider for authentication, instead of its internal password database.
+#
+# You will probably also want to set the following options to `false` to
+# disable the regular login/registration flows:
+#   * enable_registration
+#   * password_config.enabled
+#
+# You will also want to investigate the settings under the &quot;sso&quot; configuration
+# section below.
+
+# Enable SAML2 for registration and login. Uses pysaml2.
+#
+# At least one of `sp_config` or `config_path` must be set in this section to
+# enable SAML login.
+#
+# Once SAML support is enabled, a metadata file will be exposed at
+# https://&lt;server&gt;:&lt;port&gt;/_synapse/client/saml2/metadata.xml, which you may be able to
+# use to configure your SAML IdP with. Alternatively, you can manually configure
+# the IdP to use an ACS location of
+# https://&lt;server&gt;:&lt;port&gt;/_synapse/client/saml2/authn_response.
+#
+saml2_config:
+  # `sp_config` is the configuration for the pysaml2 Service Provider.
+  # See pysaml2 docs for format of config.
+  #
+  # Default values will be used for the 'entityid' and 'service' settings,
+  # so it is not normally necessary to specify them unless you need to
+  # override them.
+  #
+  sp_config:
+    # Point this to the IdP's metadata. You must provide either a local
+    # file via the `local` attribute or (preferably) a URL via the
+    # `remote` attribute.
+    #
+    #metadata:
+    #  local: [&quot;saml2/idp.xml&quot;]
+    #  remote:
+    #    - url: https://our_idp/metadata.xml
+
+    # Allowed clock difference in seconds between the homeserver and IdP.
+    #
+    # Uncomment the below to increase the accepted time difference from 0 to 3 seconds.
+    #
+    #accepted_time_diff: 3
+
+    # By default, the user has to go to our login page first. If you'd like
+    # to allow IdP-initiated login, set 'allow_unsolicited: true' in a
+    # 'service.sp' section:
+    #
+    #service:
+    #  sp:
+    #    allow_unsolicited: true
+
+    # The examples below are just used to generate our metadata xml, and you
+    # may well not need them, depending on your setup. Alternatively you
+    # may need a whole lot more detail - see the pysaml2 docs!
+
+    #description: [&quot;My awesome SP&quot;, &quot;en&quot;]
+    #name: [&quot;Test SP&quot;, &quot;en&quot;]
+
+    #ui_info:
+    #  display_name:
+    #    - lang: en
+    #      text: &quot;Display Name is the descriptive name of your service.&quot;
+    #  description:
+    #    - lang: en
+    #      text: &quot;Description should be a short paragraph explaining the purpose of the service.&quot;
+    #  information_url:
+    #    - lang: en
+    #      text: &quot;https://example.com/terms-of-service&quot;
+    #  privacy_statement_url:
+    #    - lang: en
+    #      text: &quot;https://example.com/privacy-policy&quot;
+    #  keywords:
+    #    - lang: en
+    #      text: [&quot;Matrix&quot;, &quot;Element&quot;]
+    #  logo:
+    #    - lang: en
+    #      text: &quot;https://example.com/logo.svg&quot;
+    #      width: &quot;200&quot;
+    #      height: &quot;80&quot;
+
+    #organization:
+    #  name: Example com
+    #  display_name:
+    #    - [&quot;Example co&quot;, &quot;en&quot;]
+    #  url: &quot;http://example.com&quot;
+
+    #contact_person:
+    #  - given_name: Bob
+    #    sur_name: &quot;the Sysadmin&quot;
+    #    email_address&quot;: [&quot;admin@example.com&quot;]
+    #    contact_type&quot;: technical
+
+  # Instead of putting the config inline as above, you can specify a
+  # separate pysaml2 configuration file:
+  #
+  #config_path: &quot;CONFDIR/sp_conf.py&quot;
+
+  # The lifetime of a SAML session. This defines how long a user has to
+  # complete the authentication process, if allow_unsolicited is unset.
+  # The default is 15 minutes.
+  #
+  #saml_session_lifetime: 5m
+
+  # An external module can be provided here as a custom solution to
+  # mapping attributes returned from a saml provider onto a matrix user.
+  #
+  user_mapping_provider:
+    # The custom module's class. Uncomment to use a custom module.
+    #
+    #module: mapping_provider.SamlMappingProvider
+
+    # Custom configuration values for the module. Below options are
+    # intended for the built-in provider, they should be changed if
+    # using a custom module. This section will be passed as a Python
+    # dictionary to the module's `parse_config` method.
+    #
+    config:
+      # The SAML attribute (after mapping via the attribute maps) to use
+      # to derive the Matrix ID from. 'uid' by default.
+      #
+      # Note: This used to be configured by the
+      # saml2_config.mxid_source_attribute option. If that is still
+      # defined, its value will be used instead.
+      #
+      #mxid_source_attribute: displayName
+
+      # The mapping system to use for mapping the saml attribute onto a
+      # matrix ID.
+      #
+      # Options include:
+      #  * 'hexencode' (which maps unpermitted characters to '=xx')
+      #  * 'dotreplace' (which replaces unpermitted characters with
+      #     '.').
+      # The default is 'hexencode'.
+      #
+      # Note: This used to be configured by the
+      # saml2_config.mxid_mapping option. If that is still defined, its
+      # value will be used instead.
+      #
+      #mxid_mapping: dotreplace
+
+  # In previous versions of synapse, the mapping from SAML attribute to
+  # MXID was always calculated dynamically rather than stored in a
+  # table. For backwards- compatibility, we will look for user_ids
+  # matching such a pattern before creating a new account.
+  #
+  # This setting controls the SAML attribute which will be used for this
+  # backwards-compatibility lookup. Typically it should be 'uid', but if
+  # the attribute maps are changed, it may be necessary to change it.
+  #
+  # The default is 'uid'.
+  #
+  #grandfathered_mxid_source_attribute: upn
+
+  # It is possible to configure Synapse to only allow logins if SAML attributes
+  # match particular values. The requirements can be listed under
+  # `attribute_requirements` as shown below. All of the listed attributes must
+  # match for the login to be permitted.
+  #
+  #attribute_requirements:
+  #  - attribute: userGroup
+  #    value: &quot;staff&quot;
+  #  - attribute: department
+  #    value: &quot;sales&quot;
+
+  # If the metadata XML contains multiple IdP entities then the `idp_entityid`
+  # option must be set to the entity to redirect users to.
+  #
+  # Most deployments only have a single IdP entity and so should omit this
+  # option.
+  #
+  #idp_entityid: 'https://our_idp/entityid'
+
+
+# List of OpenID Connect (OIDC) / OAuth 2.0 identity providers, for registration
+# and login.
+#
+# Options for each entry include:
+#
+#   idp_id: a unique identifier for this identity provider. Used internally
+#       by Synapse; should be a single word such as 'github'.
+#
+#       Note that, if this is changed, users authenticating via that provider
+#       will no longer be recognised as the same user!
+#
+#       (Use &quot;oidc&quot; here if you are migrating from an old &quot;oidc_config&quot;
+#       configuration.)
+#
+#   idp_name: A user-facing name for this identity provider, which is used to
+#       offer the user a choice of login mechanisms.
+#
+#   idp_icon: An optional icon for this identity provider, which is presented
+#       by clients and Synapse's own IdP picker page. If given, must be an
+#       MXC URI of the format mxc://&lt;server-name&gt;/&lt;media-id&gt;. (An easy way to
+#       obtain such an MXC URI is to upload an image to an (unencrypted) room
+#       and then copy the &quot;url&quot; from the source of the event.)
+#
+#   idp_brand: An optional brand for this identity provider, allowing clients
+#       to style the login flow according to the identity provider in question.
+#       See the spec for possible options here.
+#
+#   discover: set to 'false' to disable the use of the OIDC discovery mechanism
+#       to discover endpoints. Defaults to true.
+#
+#   issuer: Required. The OIDC issuer. Used to validate tokens and (if discovery
+#       is enabled) to discover the provider's endpoints.
+#
+#   client_id: Required. oauth2 client id to use.
+#
+#   client_secret: oauth2 client secret to use. May be omitted if
+#        client_secret_jwt_key is given, or if client_auth_method is 'none'.
+#
+#   client_secret_jwt_key: Alternative to client_secret: details of a key used
+#      to create a JSON Web Token to be used as an OAuth2 client secret. If
+#      given, must be a dictionary with the following properties:
+#
+#          key: a pem-encoded signing key. Must be a suitable key for the
+#              algorithm specified. Required unless 'key_file' is given.
+#
+#          key_file: the path to file containing a pem-encoded signing key file.
+#              Required unless 'key' is given.
+#
+#          jwt_header: a dictionary giving properties to include in the JWT
+#              header. Must include the key 'alg', giving the algorithm used to
+#              sign the JWT, such as &quot;ES256&quot;, using the JWA identifiers in
+#              RFC7518.
+#
+#          jwt_payload: an optional dictionary giving properties to include in
+#              the JWT payload. Normally this should include an 'iss' key.
+#
+#   client_auth_method: auth method to use when exchanging the token. Valid
+#       values are 'client_secret_basic' (default), 'client_secret_post' and
+#       'none'.
+#
+#   scopes: list of scopes to request. This should normally include the &quot;openid&quot;
+#       scope. Defaults to [&quot;openid&quot;].
+#
+#   authorization_endpoint: the oauth2 authorization endpoint. Required if
+#       provider discovery is disabled.
+#
+#   token_endpoint: the oauth2 token endpoint. Required if provider discovery is
+#       disabled.
+#
+#   userinfo_endpoint: the OIDC userinfo endpoint. Required if discovery is
+#       disabled and the 'openid' scope is not requested.
+#
+#   jwks_uri: URI where to fetch the JWKS. Required if discovery is disabled and
+#       the 'openid' scope is used.
+#
+#   skip_verification: set to 'true' to skip metadata verification. Use this if
+#       you are connecting to a provider that is not OpenID Connect compliant.
+#       Defaults to false. Avoid this in production.
+#
+#   user_profile_method: Whether to fetch the user profile from the userinfo
+#       endpoint. Valid values are: 'auto' or 'userinfo_endpoint'.
+#
+#       Defaults to 'auto', which fetches the userinfo endpoint if 'openid' is
+#       included in 'scopes'. Set to 'userinfo_endpoint' to always fetch the
+#       userinfo endpoint.
+#
+#   allow_existing_users: set to 'true' to allow a user logging in via OIDC to
+#       match a pre-existing account instead of failing. This could be used if
+#       switching from password logins to OIDC. Defaults to false.
+#
+#   user_mapping_provider: Configuration for how attributes returned from a OIDC
+#       provider are mapped onto a matrix user. This setting has the following
+#       sub-properties:
+#
+#       module: The class name of a custom mapping module. Default is
+#           'synapse.handlers.oidc.JinjaOidcMappingProvider'.
+#           See https://github.com/matrix-org/synapse/blob/master/docs/sso_mapping_providers.md#openid-mapping-providers
+#           for information on implementing a custom mapping provider.
+#
+#       config: Configuration for the mapping provider module. This section will
+#           be passed as a Python dictionary to the user mapping provider
+#           module's `parse_config` method.
+#
+#           For the default provider, the following settings are available:
+#
+#             subject_claim: name of the claim containing a unique identifier
+#                 for the user. Defaults to 'sub', which OpenID Connect
+#                 compliant providers should provide.
+#
+#             localpart_template: Jinja2 template for the localpart of the MXID.
+#                 If this is not set, the user will be prompted to choose their
+#                 own username (see 'sso_auth_account_details.html' in the 'sso'
+#                 section of this file).
+#
+#             display_name_template: Jinja2 template for the display name to set
+#                 on first login. If unset, no displayname will be set.
+#
+#             email_template: Jinja2 template for the email address of the user.
+#                 If unset, no email address will be added to the account.
+#
+#             extra_attributes: a map of Jinja2 templates for extra attributes
+#                 to send back to the client during login.
+#                 Note that these are non-standard and clients will ignore them
+#                 without modifications.
+#
+#           When rendering, the Jinja2 templates are given a 'user' variable,
+#           which is set to the claims returned by the UserInfo Endpoint and/or
+#           in the ID Token.
+#
+#   It is possible to configure Synapse to only allow logins if certain attributes
+#   match particular values in the OIDC userinfo. The requirements can be listed under
+#   `attribute_requirements` as shown below. All of the listed attributes must
+#   match for the login to be permitted. Additional attributes can be added to
+#   userinfo by expanding the `scopes` section of the OIDC config to retrieve
+#   additional information from the OIDC provider.
+#
+#   If the OIDC claim is a list, then the attribute must match any value in the list.
+#   Otherwise, it must exactly match the value of the claim. Using the example
+#   below, the `family_name` claim MUST be &quot;Stephensson&quot;, but the `groups`
+#   claim MUST contain &quot;admin&quot;.
+#
+#   attribute_requirements:
+#     - attribute: family_name
+#       value: &quot;Stephensson&quot;
+#     - attribute: groups
+#       value: &quot;admin&quot;
+#
+# See https://github.com/matrix-org/synapse/blob/master/docs/openid.md
+# for information on how to configure these options.
+#
+# For backwards compatibility, it is also possible to configure a single OIDC
+# provider via an 'oidc_config' setting. This is now deprecated and admins are
+# advised to migrate to the 'oidc_providers' format. (When doing that migration,
+# use 'oidc' for the idp_id to ensure that existing users continue to be
+# recognised.)
+#
+oidc_providers:
+  # Generic example
+  #
+  #- idp_id: my_idp
+  #  idp_name: &quot;My OpenID provider&quot;
+  #  idp_icon: &quot;mxc://example.com/mediaid&quot;
+  #  discover: false
+  #  issuer: &quot;https://accounts.example.com/&quot;
+  #  client_id: &quot;provided-by-your-issuer&quot;
+  #  client_secret: &quot;provided-by-your-issuer&quot;
+  #  client_auth_method: client_secret_post
+  #  scopes: [&quot;openid&quot;, &quot;profile&quot;]
+  #  authorization_endpoint: &quot;https://accounts.example.com/oauth2/auth&quot;
+  #  token_endpoint: &quot;https://accounts.example.com/oauth2/token&quot;
+  #  userinfo_endpoint: &quot;https://accounts.example.com/userinfo&quot;
+  #  jwks_uri: &quot;https://accounts.example.com/.well-known/jwks.json&quot;
+  #  skip_verification: true
+  #  user_mapping_provider:
+  #    config:
+  #      subject_claim: &quot;id&quot;
+  #      localpart_template: &quot;{{ user.login }}&quot;
+  #      display_name_template: &quot;{{ user.name }}&quot;
+  #      email_template: &quot;{{ user.email }}&quot;
+  #  attribute_requirements:
+  #    - attribute: userGroup
+  #      value: &quot;synapseUsers&quot;
+
+
+# Enable Central Authentication Service (CAS) for registration and login.
+#
+cas_config:
+  # Uncomment the following to enable authorization against a CAS server.
+  # Defaults to false.
+  #
+  #enabled: true
+
+  # The URL of the CAS authorization endpoint.
+  #
+  #server_url: &quot;https://cas-server.com&quot;
+
+  # The attribute of the CAS response to use as the display name.
+  #
+  # If unset, no displayname will be set.
+  #
+  #displayname_attribute: name
+
+  # It is possible to configure Synapse to only allow logins if CAS attributes
+  # match particular values. All of the keys in the mapping below must exist
+  # and the values must match the given value. Alternately if the given value
+  # is None then any value is allowed (the attribute just must exist).
+  # All of the listed attributes must match for the login to be permitted.
+  #
+  #required_attributes:
+  #  userGroup: &quot;staff&quot;
+  #  department: None
+
+
+# Additional settings to use with single-sign on systems such as OpenID Connect,
+# SAML2 and CAS.
+#
+sso:
+    # A list of client URLs which are whitelisted so that the user does not
+    # have to confirm giving access to their account to the URL. Any client
+    # whose URL starts with an entry in the following list will not be subject
+    # to an additional confirmation step after the SSO login is completed.
+    #
+    # WARNING: An entry such as &quot;https://my.client&quot; is insecure, because it
+    # will also match &quot;https://my.client.evil.site&quot;, exposing your users to
+    # phishing attacks from evil.site. To avoid this, include a slash after the
+    # hostname: &quot;https://my.client/&quot;.
+    #
+    # If public_baseurl is set, then the login fallback page (used by clients
+    # that don't natively support the required login flows) is whitelisted in
+    # addition to any URLs in this list.
+    #
+    # By default, this list is empty.
+    #
+    #client_whitelist:
+    #  - https://riot.im/develop
+    #  - https://my.custom.client/
+
+    # Uncomment to keep a user's profile fields in sync with information from
+    # the identity provider. Currently only syncing the displayname is
+    # supported. Fields are checked on every SSO login, and are updated
+    # if necessary.
+    #
+    # Note that enabling this option will override user profile information,
+    # regardless of whether users have opted-out of syncing that
+    # information when first signing in. Defaults to false.
+    #
+    #update_profile_information: true
+
+    # Directory in which Synapse will try to find the template files below.
+    # If not set, or the files named below are not found within the template
+    # directory, default templates from within the Synapse package will be used.
+    #
+    # Synapse will look for the following templates in this directory:
+    #
+    # * HTML page to prompt the user to choose an Identity Provider during
+    #   login: 'sso_login_idp_picker.html'.
+    #
+    #   This is only used if multiple SSO Identity Providers are configured.
+    #
+    #   When rendering, this template is given the following variables:
+    #     * redirect_url: the URL that the user will be redirected to after
+    #       login.
+    #
+    #     * server_name: the homeserver's name.
+    #
+    #     * providers: a list of available Identity Providers. Each element is
+    #       an object with the following attributes:
+    #
+    #         * idp_id: unique identifier for the IdP
+    #         * idp_name: user-facing name for the IdP
+    #         * idp_icon: if specified in the IdP config, an MXC URI for an icon
+    #              for the IdP
+    #         * idp_brand: if specified in the IdP config, a textual identifier
+    #              for the brand of the IdP
+    #
+    #   The rendered HTML page should contain a form which submits its results
+    #   back as a GET request, with the following query parameters:
+    #
+    #     * redirectUrl: the client redirect URI (ie, the `redirect_url` passed
+    #       to the template)
+    #
+    #     * idp: the 'idp_id' of the chosen IDP.
+    #
+    # * HTML page to prompt new users to enter a userid and confirm other
+    #   details: 'sso_auth_account_details.html'. This is only shown if the
+    #   SSO implementation (with any user_mapping_provider) does not return
+    #   a localpart.
+    #
+    #   When rendering, this template is given the following variables:
+    #
+    #     * server_name: the homeserver's name.
+    #
+    #     * idp: details of the SSO Identity Provider that the user logged in
+    #       with: an object with the following attributes:
+    #
+    #         * idp_id: unique identifier for the IdP
+    #         * idp_name: user-facing name for the IdP
+    #         * idp_icon: if specified in the IdP config, an MXC URI for an icon
+    #              for the IdP
+    #         * idp_brand: if specified in the IdP config, a textual identifier
+    #              for the brand of the IdP
+    #
+    #     * user_attributes: an object containing details about the user that
+    #       we received from the IdP. May have the following attributes:
+    #
+    #         * display_name: the user's display_name
+    #         * emails: a list of email addresses
+    #
+    #   The template should render a form which submits the following fields:
+    #
+    #     * username: the localpart of the user's chosen user id
+    #
+    # * HTML page allowing the user to consent to the server's terms and
+    #   conditions. This is only shown for new users, and only if
+    #   `user_consent.require_at_registration` is set.
+    #
+    #   When rendering, this template is given the following variables:
+    #
+    #     * server_name: the homeserver's name.
+    #
+    #     * user_id: the user's matrix proposed ID.
+    #
+    #     * user_profile.display_name: the user's proposed display name, if any.
+    #
+    #     * consent_version: the version of the terms that the user will be
+    #       shown
+    #
+    #     * terms_url: a link to the page showing the terms.
+    #
+    #   The template should render a form which submits the following fields:
+    #
+    #     * accepted_version: the version of the terms accepted by the user
+    #       (ie, 'consent_version' from the input variables).
+    #
+    # * HTML page for a confirmation step before redirecting back to the client
+    #   with the login token: 'sso_redirect_confirm.html'.
+    #
+    #   When rendering, this template is given the following variables:
+    #
+    #     * redirect_url: the URL the user is about to be redirected to.
+    #
+    #     * display_url: the same as `redirect_url`, but with the query
+    #                    parameters stripped. The intention is to have a
+    #                    human-readable URL to show to users, not to use it as
+    #                    the final address to redirect to.
+    #
+    #     * server_name: the homeserver's name.
+    #
+    #     * new_user: a boolean indicating whether this is the user's first time
+    #          logging in.
+    #
+    #     * user_id: the user's matrix ID.
+    #
+    #     * user_profile.avatar_url: an MXC URI for the user's avatar, if any.
+    #           None if the user has not set an avatar.
+    #
+    #     * user_profile.display_name: the user's display name. None if the user
+    #           has not set a display name.
+    #
+    # * HTML page which notifies the user that they are authenticating to confirm
+    #   an operation on their account during the user interactive authentication
+    #   process: 'sso_auth_confirm.html'.
+    #
+    #   When rendering, this template is given the following variables:
+    #     * redirect_url: the URL the user is about to be redirected to.
+    #
+    #     * description: the operation which the user is being asked to confirm
+    #
+    #     * idp: details of the Identity Provider that we will use to confirm
+    #       the user's identity: an object with the following attributes:
+    #
+    #         * idp_id: unique identifier for the IdP
+    #         * idp_name: user-facing name for the IdP
+    #         * idp_icon: if specified in the IdP config, an MXC URI for an icon
+    #              for the IdP
+    #         * idp_brand: if specified in the IdP config, a textual identifier
+    #              for the brand of the IdP
+    #
+    # * HTML page shown after a successful user interactive authentication session:
+    #   'sso_auth_success.html'.
+    #
+    #   Note that this page must include the JavaScript which notifies of a successful authentication
+    #   (see https://matrix.org/docs/spec/client_server/r0.6.0#fallback).
+    #
+    #   This template has no additional variables.
+    #
+    # * HTML page shown after a user-interactive authentication session which
+    #   does not map correctly onto the expected user: 'sso_auth_bad_user.html'.
+    #
+    #   When rendering, this template is given the following variables:
+    #     * server_name: the homeserver's name.
+    #     * user_id_to_verify: the MXID of the user that we are trying to
+    #       validate.
+    #
+    # * HTML page shown during single sign-on if a deactivated user (according to Synapse's database)
+    #   attempts to login: 'sso_account_deactivated.html'.
+    #
+    #   This template has no additional variables.
+    #
+    # * HTML page to display to users if something goes wrong during the
+    #   OpenID Connect authentication process: 'sso_error.html'.
+    #
+    #   When rendering, this template is given two variables:
+    #     * error: the technical name of the error
+    #     * error_description: a human-readable message for the error
+    #
+    # You can see the default templates at:
+    # https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
+    #
+    #template_dir: &quot;res/templates&quot;
+
+
+# JSON web token integration. The following settings can be used to make
+# Synapse JSON web tokens for authentication, instead of its internal
+# password database.
+#
+# Each JSON Web Token needs to contain a &quot;sub&quot; (subject) claim, which is
+# used as the localpart of the mxid.
+#
+# Additionally, the expiration time (&quot;exp&quot;), not before time (&quot;nbf&quot;),
+# and issued at (&quot;iat&quot;) claims are validated if present.
+#
+# Note that this is a non-standard login type and client support is
+# expected to be non-existent.
+#
+# See https://github.com/matrix-org/synapse/blob/master/docs/jwt.md.
+#
+#jwt_config:
+    # Uncomment the following to enable authorization using JSON web
+    # tokens. Defaults to false.
+    #
+    #enabled: true
+
+    # This is either the private shared secret or the public key used to
+    # decode the contents of the JSON web token.
+    #
+    # Required if 'enabled' is true.
+    #
+    #secret: &quot;provided-by-your-issuer&quot;
+
+    # The algorithm used to sign the JSON web token.
+    #
+    # Supported algorithms are listed at
+    # https://pyjwt.readthedocs.io/en/latest/algorithms.html
+    #
+    # Required if 'enabled' is true.
+    #
+    #algorithm: &quot;provided-by-your-issuer&quot;
+
+    # The issuer to validate the &quot;iss&quot; claim against.
+    #
+    # Optional, if provided the &quot;iss&quot; claim will be required and
+    # validated for all JSON web tokens.
+    #
+    #issuer: &quot;provided-by-your-issuer&quot;
+
+    # A list of audiences to validate the &quot;aud&quot; claim against.
+    #
+    # Optional, if provided the &quot;aud&quot; claim will be required and
+    # validated for all JSON web tokens.
+    #
+    # Note that if the &quot;aud&quot; claim is included in a JSON web token then
+    # validation will fail without configuring audiences.
+    #
+    #audiences:
+    #    - &quot;provided-by-your-issuer&quot;
+
+
+password_config:
+   # Uncomment to disable password login
+   #
+   #enabled: false
+
+   # Uncomment to disable authentication against the local password
+   # database. This is ignored if `enabled` is false, and is only useful
+   # if you have other password_providers.
+   #
+   #localdb_enabled: false
+
+   # Uncomment and change to a secret random string for extra security.
+   # DO NOT CHANGE THIS AFTER INITIAL SETUP!
+   #
+   #pepper: &quot;EVEN_MORE_SECRET&quot;
+
+   # Define and enforce a password policy. Each parameter is optional.
+   # This is an implementation of MSC2000.
+   #
+   policy:
+      # Whether to enforce the password policy.
+      # Defaults to 'false'.
+      #
+      #enabled: true
+
+      # Minimum accepted length for a password.
+      # Defaults to 0.
+      #
+      #minimum_length: 15
+
+      # Whether a password must contain at least one digit.
+      # Defaults to 'false'.
+      #
+      #require_digit: true
+
+      # Whether a password must contain at least one symbol.
+      # A symbol is any character that's not a number or a letter.
+      # Defaults to 'false'.
+      #
+      #require_symbol: true
+
+      # Whether a password must contain at least one lowercase letter.
+      # Defaults to 'false'.
+      #
+      #require_lowercase: true
+
+      # Whether a password must contain at least one lowercase letter.
+      # Defaults to 'false'.
+      #
+      #require_uppercase: true
+
+ui_auth:
+    # The amount of time to allow a user-interactive authentication session
+    # to be active.
+    #
+    # This defaults to 0, meaning the user is queried for their credentials
+    # before every action, but this can be overridden to allow a single
+    # validation to be re-used.  This weakens the protections afforded by
+    # the user-interactive authentication process, by allowing for multiple
+    # (and potentially different) operations to use the same validation session.
+    #
+    # This is ignored for potentially &quot;dangerous&quot; operations (including
+    # deactivating an account, modifying an account password, and
+    # adding a 3PID).
+    #
+    # Uncomment below to allow for credential validation to last for 15
+    # seconds.
+    #
+    #session_timeout: &quot;15s&quot;
+
+
+# Configuration for sending emails from Synapse.
+#
+email:
+  # The hostname of the outgoing SMTP server to use. Defaults to 'localhost'.
+  #
+  #smtp_host: mail.server
+
+  # The port on the mail server for outgoing SMTP. Defaults to 25.
+  #
+  #smtp_port: 587
+
+  # Username/password for authentication to the SMTP server. By default, no
+  # authentication is attempted.
+  #
+  #smtp_user: &quot;exampleusername&quot;
+  #smtp_pass: &quot;examplepassword&quot;
+
+  # Uncomment the following to require TLS transport security for SMTP.
+  # By default, Synapse will connect over plain text, and will then switch to
+  # TLS via STARTTLS *if the SMTP server supports it*. If this option is set,
+  # Synapse will refuse to connect unless the server supports STARTTLS.
+  #
+  #require_transport_security: true
+
+  # notif_from defines the &quot;From&quot; address to use when sending emails.
+  # It must be set if email sending is enabled.
+  #
+  # The placeholder '%(app)s' will be replaced by the application name,
+  # which is normally 'app_name' (below), but may be overridden by the
+  # Matrix client application.
+  #
+  # Note that the placeholder must be written '%(app)s', including the
+  # trailing 's'.
+  #
+  #notif_from: &quot;Your Friendly %(app)s homeserver &lt;noreply@example.com&gt;&quot;
+
+  # app_name defines the default value for '%(app)s' in notif_from and email
+  # subjects. It defaults to 'Matrix'.
+  #
+  #app_name: my_branded_matrix_server
+
+  # Uncomment the following to enable sending emails for messages that the user
+  # has missed. Disabled by default.
+  #
+  #enable_notifs: true
+
+  # Uncomment the following to disable automatic subscription to email
+  # notifications for new users. Enabled by default.
+  #
+  #notif_for_new_users: false
+
+  # Custom URL for client links within the email notifications. By default
+  # links will be based on &quot;https://matrix.to&quot;.
+  #
+  # (This setting used to be called riot_base_url; the old name is still
+  # supported for backwards-compatibility but is now deprecated.)
+  #
+  #client_base_url: &quot;http://localhost/riot&quot;
+
+  # Configure the time that a validation email will expire after sending.
+  # Defaults to 1h.
+  #
+  #validation_token_lifetime: 15m
+
+  # The web client location to direct users to during an invite. This is passed
+  # to the identity server as the org.matrix.web_client_location key. Defaults
+  # to unset, giving no guidance to the identity server.
+  #
+  #invite_client_location: https://app.element.io
+
+  # Directory in which Synapse will try to find the template files below.
+  # If not set, or the files named below are not found within the template
+  # directory, default templates from within the Synapse package will be used.
+  #
+  # Synapse will look for the following templates in this directory:
+  #
+  # * The contents of email notifications of missed events: 'notif_mail.html' and
+  #   'notif_mail.txt'.
+  #
+  # * The contents of account expiry notice emails: 'notice_expiry.html' and
+  #   'notice_expiry.txt'.
+  #
+  # * The contents of password reset emails sent by the homeserver:
+  #   'password_reset.html' and 'password_reset.txt'
+  #
+  # * An HTML page that a user will see when they follow the link in the password
+  #   reset email. The user will be asked to confirm the action before their
+  #   password is reset: 'password_reset_confirmation.html'
+  #
+  # * HTML pages for success and failure that a user will see when they confirm
+  #   the password reset flow using the page above: 'password_reset_success.html'
+  #   and 'password_reset_failure.html'
+  #
+  # * The contents of address verification emails sent during registration:
+  #   'registration.html' and 'registration.txt'
+  #
+  # * HTML pages for success and failure that a user will see when they follow
+  #   the link in an address verification email sent during registration:
+  #   'registration_success.html' and 'registration_failure.html'
+  #
+  # * The contents of address verification emails sent when an address is added
+  #   to a Matrix account: 'add_threepid.html' and 'add_threepid.txt'
+  #
+  # * HTML pages for success and failure that a user will see when they follow
+  #   the link in an address verification email sent when an address is added
+  #   to a Matrix account: 'add_threepid_success.html' and
+  #   'add_threepid_failure.html'
+  #
+  # You can see the default templates at:
+  # https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
+  #
+  #template_dir: &quot;res/templates&quot;
+
+  # Subjects to use when sending emails from Synapse.
+  #
+  # The placeholder '%(app)s' will be replaced with the value of the 'app_name'
+  # setting above, or by a value dictated by the Matrix client application.
+  #
+  # If a subject isn't overridden in this configuration file, the value used as
+  # its example will be used.
+  #
+  #subjects:
+
+    # Subjects for notification emails.
+    #
+    # On top of the '%(app)s' placeholder, these can use the following
+    # placeholders:
+    #
+    #   * '%(person)s', which will be replaced by the display name of the user(s)
+    #      that sent the message(s), e.g. &quot;Alice and Bob&quot;.
+    #   * '%(room)s', which will be replaced by the name of the room the
+    #      message(s) have been sent to, e.g. &quot;My super room&quot;.
+    #
+    # See the example provided for each setting to see which placeholder can be
+    # used and how to use them.
+    #
+    # Subject to use to notify about one message from one or more user(s) in a
+    # room which has a name.
+    #message_from_person_in_room: &quot;[%(app)s] You have a message on %(app)s from %(person)s in the %(room)s room...&quot;
+    #
+    # Subject to use to notify about one message from one or more user(s) in a
+    # room which doesn't have a name.
+    #message_from_person: &quot;[%(app)s] You have a message on %(app)s from %(person)s...&quot;
+    #
+    # Subject to use to notify about multiple messages from one or more users in
+    # a room which doesn't have a name.
+    #messages_from_person: &quot;[%(app)s] You have messages on %(app)s from %(person)s...&quot;
+    #
+    # Subject to use to notify about multiple messages in a room which has a
+    # name.
+    #messages_in_room: &quot;[%(app)s] You have messages on %(app)s in the %(room)s room...&quot;
+    #
+    # Subject to use to notify about multiple messages in multiple rooms.
+    #messages_in_room_and_others: &quot;[%(app)s] You have messages on %(app)s in the %(room)s room and others...&quot;
+    #
+    # Subject to use to notify about multiple messages from multiple persons in
+    # multiple rooms. This is similar to the setting above except it's used when
+    # the room in which the notification was triggered has no name.
+    #messages_from_person_and_others: &quot;[%(app)s] You have messages on %(app)s from %(person)s and others...&quot;
+    #
+    # Subject to use to notify about an invite to a room which has a name.
+    #invite_from_person_to_room: &quot;[%(app)s] %(person)s has invited you to join the %(room)s room on %(app)s...&quot;
+    #
+    # Subject to use to notify about an invite to a room which doesn't have a
+    # name.
+    #invite_from_person: &quot;[%(app)s] %(person)s has invited you to chat on %(app)s...&quot;
+
+    # Subject for emails related to account administration.
+    #
+    # On top of the '%(app)s' placeholder, these one can use the
+    # '%(server_name)s' placeholder, which will be replaced by the value of the
+    # 'server_name' setting in your Synapse configuration.
+    #
+    # Subject to use when sending a password reset email.
+    #password_reset: &quot;[%(server_name)s] Password reset&quot;
+    #
+    # Subject to use when sending a verification email to assert an address's
+    # ownership.
+    #email_validation: &quot;[%(server_name)s] Validate your email&quot;
+
+
+# Password providers allow homeserver administrators to integrate
+# their Synapse installation with existing authentication methods
+# ex. LDAP, external tokens, etc.
+#
+# For more information and known implementations, please see
+# https://github.com/matrix-org/synapse/blob/master/docs/password_auth_providers.md
+#
+# Note: instances wishing to use SAML or CAS authentication should
+# instead use the `saml2_config` or `cas_config` options,
+# respectively.
+#
+password_providers:
+#    # Example config for an LDAP auth provider
+#    - module: &quot;ldap_auth_provider.LdapAuthProvider&quot;
+#      config:
+#        enabled: true
+#        uri: &quot;ldap://ldap.example.com:389&quot;
+#        start_tls: true
+#        base: &quot;ou=users,dc=example,dc=com&quot;
+#        attributes:
+#           uid: &quot;cn&quot;
+#           mail: &quot;email&quot;
+#           name: &quot;givenName&quot;
+#        #bind_dn:
+#        #bind_password:
+#        #filter: &quot;(objectClass=posixAccount)&quot;
+
+
+
+## Push ##
+
+push:
+  # Clients requesting push notifications can either have the body of
+  # the message sent in the notification poke along with other details
+  # like the sender, or just the event ID and room ID (`event_id_only`).
+  # If clients choose the former, this option controls whether the
+  # notification request includes the content of the event (other details
+  # like the sender are still included). For `event_id_only` push, it
+  # has no effect.
+  #
+  # For modern android devices the notification content will still appear
+  # because it is loaded by the app. iPhone, however will send a
+  # notification saying only that a message arrived and who it came from.
+  #
+  # The default value is &quot;true&quot; to include message details. Uncomment to only
+  # include the event ID and room ID in push notification payloads.
+  #
+  #include_content: false
+
+  # When a push notification is received, an unread count is also sent.
+  # This number can either be calculated as the number of unread messages
+  # for the user, or the number of *rooms* the user has unread messages in.
+  #
+  # The default value is &quot;true&quot;, meaning push clients will see the number of
+  # rooms with unread messages in them. Uncomment to instead send the number
+  # of unread messages.
+  #
+  #group_unread_count_by_room: false
+
+
+## Rooms ##
+
+# Controls whether locally-created rooms should be end-to-end encrypted by
+# default.
+#
+# Possible options are &quot;all&quot;, &quot;invite&quot;, and &quot;off&quot;. They are defined as:
+#
+# * &quot;all&quot;: any locally-created room
+# * &quot;invite&quot;: any room created with the &quot;private_chat&quot; or &quot;trusted_private_chat&quot;
+#             room creation presets
+# * &quot;off&quot;: this option will take no effect
+#
+# The default value is &quot;off&quot;.
+#
+# Note that this option will only affect rooms created after it is set. It
+# will also not affect rooms created by other servers.
+#
+#encryption_enabled_by_default_for_room_type: invite
+
+
+# Uncomment to allow non-server-admin users to create groups on this server
+#
+#enable_group_creation: true
+
+# If enabled, non server admins can only create groups with local parts
+# starting with this prefix
+#
+#group_creation_prefix: &quot;unofficial_&quot;
+
+
+
+# User Directory configuration
+#
+user_directory:
+    # Defines whether users can search the user directory. If false then
+    # empty responses are returned to all queries. Defaults to true.
+    #
+    # Uncomment to disable the user directory.
+    #
+    #enabled: false
+
+    # Defines whether to search all users visible to your HS when searching
+    # the user directory, rather than limiting to users visible in public
+    # rooms. Defaults to false.
+    #
+    # If you set it true, you'll have to rebuild the user_directory search
+    # indexes, see:
+    # https://github.com/matrix-org/synapse/blob/master/docs/user_directory.md
+    #
+    # Uncomment to return search results containing all known users, even if that
+    # user does not share a room with the requester.
+    #
+    #search_all_users: true
+
+    # Defines whether to prefer local users in search query results.
+    # If True, local users are more likely to appear above remote users
+    # when searching the user directory. Defaults to false.
+    #
+    # Uncomment to prefer local over remote users in user directory search
+    # results.
+    #
+    #prefer_local_users: true
+
+
+# User Consent configuration
+#
+# for detailed instructions, see
+# https://github.com/matrix-org/synapse/blob/master/docs/consent_tracking.md
+#
+# Parts of this section are required if enabling the 'consent' resource under
+# 'listeners', in particular 'template_dir' and 'version'.
+#
+# 'template_dir' gives the location of the templates for the HTML forms.
+# This directory should contain one subdirectory per language (eg, 'en', 'fr'),
+# and each language directory should contain the policy document (named as
+# '&lt;version&gt;.html') and a success page (success.html).
+#
+# 'version' specifies the 'current' version of the policy document. It defines
+# the version to be served by the consent resource if there is no 'v'
+# parameter.
+#
+# 'server_notice_content', if enabled, will send a user a &quot;Server Notice&quot;
+# asking them to consent to the privacy policy. The 'server_notices' section
+# must also be configured for this to work. Notices will *not* be sent to
+# guest users unless 'send_server_notice_to_guests' is set to true.
+#
+# 'block_events_error', if set, will block any attempts to send events
+# until the user consents to the privacy policy. The value of the setting is
+# used as the text of the error.
+#
+# 'require_at_registration', if enabled, will add a step to the registration
+# process, similar to how captcha works. Users will be required to accept the
+# policy before their account is created.
+#
+# 'policy_name' is the display name of the policy users will see when registering
+# for an account. Has no effect unless `require_at_registration` is enabled.
+# Defaults to &quot;Privacy Policy&quot;.
+#
+#user_consent:
+#  template_dir: res/templates/privacy
+#  version: 1.0
+#  server_notice_content:
+#    msgtype: m.text
+#    body: &gt;-
+#      To continue using this homeserver you must review and agree to the
+#      terms and conditions at %(consent_uri)s
+#  send_server_notice_to_guests: true
+#  block_events_error: &gt;-
+#    To continue using this homeserver you must review and agree to the
+#    terms and conditions at %(consent_uri)s
+#  require_at_registration: false
+#  policy_name: Privacy Policy
+#
+
+
+
+# Settings for local room and user statistics collection. See
+# docs/room_and_user_statistics.md.
+#
+stats:
+  # Uncomment the following to disable room and user statistics. Note that doing
+  # so may cause certain features (such as the room directory) not to work
+  # correctly.
+  #
+  #enabled: false
+
+  # The size of each timeslice in the room_stats_historical and
+  # user_stats_historical tables, as a time period. Defaults to &quot;1d&quot;.
+  #
+  #bucket_size: 1h
+
+
+# Server Notices room configuration
+#
+# Uncomment this section to enable a room which can be used to send notices
+# from the server to users. It is a special room which cannot be left; notices
+# come from a special &quot;notices&quot; user id.
+#
+# If you uncomment this section, you *must* define the system_mxid_localpart
+# setting, which defines the id of the user which will be used to send the
+# notices.
+#
+# It's also possible to override the room name, the display name of the
+# &quot;notices&quot; user, and the avatar for the user.
+#
+#server_notices:
+#  system_mxid_localpart: notices
+#  system_mxid_display_name: &quot;Server Notices&quot;
+#  system_mxid_avatar_url: &quot;mxc://server.com/oumMVlgDnLYFaPVkExemNVVZ&quot;
+#  room_name: &quot;Server Notices&quot;
+
+
+
+# Uncomment to disable searching the public room list. When disabled
+# blocks searching local and remote room lists for local and remote
+# users by always returning an empty list for all queries.
+#
+#enable_room_list_search: false
+
+# The `alias_creation` option controls who's allowed to create aliases
+# on this server.
+#
+# The format of this option is a list of rules that contain globs that
+# match against user_id, room_id and the new alias (fully qualified with
+# server name). The action in the first rule that matches is taken,
+# which can currently either be &quot;allow&quot; or &quot;deny&quot;.
+#
+# Missing user_id/room_id/alias fields default to &quot;*&quot;.
+#
+# If no rules match the request is denied. An empty list means no one
+# can create aliases.
+#
+# Options for the rules include:
+#
+#   user_id: Matches against the creator of the alias
+#   alias: Matches against the alias being created
+#   room_id: Matches against the room ID the alias is being pointed at
+#   action: Whether to &quot;allow&quot; or &quot;deny&quot; the request if the rule matches
+#
+# The default is:
+#
+#alias_creation_rules:
+#  - user_id: &quot;*&quot;
+#    alias: &quot;*&quot;
+#    room_id: &quot;*&quot;
+#    action: allow
+
+# The `room_list_publication_rules` option controls who can publish and
+# which rooms can be published in the public room list.
+#
+# The format of this option is the same as that for
+# `alias_creation_rules`.
+#
+# If the room has one or more aliases associated with it, only one of
+# the aliases needs to match the alias rule. If there are no aliases
+# then only rules with `alias: *` match.
+#
+# If no rules match the request is denied. An empty list means no one
+# can publish rooms.
+#
+# Options for the rules include:
+#
+#   user_id: Matches against the creator of the alias
+#   room_id: Matches against the room ID being published
+#   alias: Matches against any current local or canonical aliases
+#            associated with the room
+#   action: Whether to &quot;allow&quot; or &quot;deny&quot; the request if the rule matches
+#
+# The default is:
+#
+#room_list_publication_rules:
+#  - user_id: &quot;*&quot;
+#    alias: &quot;*&quot;
+#    room_id: &quot;*&quot;
+#    action: allow
+
+
+# Server admins can define a Python module that implements extra rules for
+# allowing or denying incoming events. In order to work, this module needs to
+# override the methods defined in synapse/events/third_party_rules.py.
+#
+# This feature is designed to be used in closed federations only, where each
+# participating server enforces the same rules.
+#
+#third_party_event_rules:
+#  module: &quot;my_custom_project.SuperRulesSet&quot;
+#  config:
+#    example_option: 'things'
+
+
+## Opentracing ##
+
+# These settings enable opentracing, which implements distributed tracing.
+# This allows you to observe the causal chains of events across servers
+# including requests, key lookups etc., across any server running
+# synapse or any other other services which supports opentracing
+# (specifically those implemented with Jaeger).
+#
+opentracing:
+    # tracing is disabled by default. Uncomment the following line to enable it.
+    #
+    #enabled: true
+
+    # The list of homeservers we wish to send and receive span contexts and span baggage.
+    # See docs/opentracing.rst.
+    #
+    # This is a list of regexes which are matched against the server_name of the
+    # homeserver.
+    #
+    # By default, it is empty, so no servers are matched.
+    #
+    #homeserver_whitelist:
+    #  - &quot;.*&quot;
+
+    # A list of the matrix IDs of users whose requests will always be traced,
+    # even if the tracing system would otherwise drop the traces due to
+    # probabilistic sampling.
+    #
+    # By default, the list is empty.
+    #
+    #force_tracing_for_users:
+    #  - &quot;@user1:server_name&quot;
+    #  - &quot;@user2:server_name&quot;
+
+    # Jaeger can be configured to sample traces at different rates.
+    # All configuration options provided by Jaeger can be set here.
+    # Jaeger's configuration is mostly related to trace sampling which
+    # is documented here:
+    # https://www.jaegertracing.io/docs/latest/sampling/.
+    #
+    #jaeger_config:
+    #  sampler:
+    #    type: const
+    #    param: 1
+    #  logging:
+    #    false
+
+
+## Workers ##
+
+# Disables sending of outbound federation transactions on the main process.
+# Uncomment if using a federation sender worker.
+#
+#send_federation: false
+
+# It is possible to run multiple federation sender workers, in which case the
+# work is balanced across them.
+#
+# This configuration must be shared between all federation sender workers, and if
+# changed all federation sender workers must be stopped at the same time and then
+# started, to ensure that all instances are running with the same config (otherwise
+# events may be dropped).
+#
+#federation_sender_instances:
+#  - federation_sender1
+
+# When using workers this should be a map from `worker_name` to the
+# HTTP replication listener of the worker, if configured.
+#
+#instance_map:
+#  worker1:
+#    host: localhost
+#    port: 8034
+
+# Experimental: When using workers you can define which workers should
+# handle event persistence and typing notifications. Any worker
+# specified here must also be in the `instance_map`.
+#
+#stream_writers:
+#  events: worker1
+#  typing: worker1
+
+# The worker that is used to run background tasks (e.g. cleaning up expired
+# data). If not provided this defaults to the main process.
+#
+#run_background_tasks_on: worker1
+
+# A shared secret used by the replication APIs to authenticate HTTP requests
+# from workers.
+#
+# By default this is unused and traffic is not authenticated.
+#
+#worker_replication_secret: &quot;&quot;
+
+
+# Configuration for Redis when using workers. This *must* be enabled when
+# using workers (unless using old style direct TCP configuration).
+#
+redis:
+  # Uncomment the below to enable Redis support.
+  #
+  #enabled: true
+
+  # Optional host and port to use to connect to redis. Defaults to
+  # localhost and 6379
+  #
+  #host: localhost
+  #port: 6379
+
+  # Optional password if configured on the Redis instance
+  #
+  #password: &lt;secret_password&gt;
+</code></pre>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="logging-sample-configuration-file"><a class="header" href="#logging-sample-configuration-file">Logging Sample Configuration File</a></h1>
+<p>Below is a sample logging configuration file. This file can be tweaked to control how your
+homeserver will output logs. A restart of the server is generally required to apply any
+changes made to this file.</p>
+<p>Note that the contents below are <em>not</em> intended to be copied and used as the basis for
+a real homeserver.yaml. Instead, if you are starting from scratch, please generate
+a fresh config using Synapse by following the instructions in
+<a href="usage/configuration/../../setup/installation.html">Installation</a>.</p>
+<pre><code class="language-yaml"># Log configuration for Synapse.
+#
+# This is a YAML file containing a standard Python logging configuration
+# dictionary. See [1] for details on the valid settings.
+#
+# Synapse also supports structured logging for machine readable logs which can
+# be ingested by ELK stacks. See [2] for details.
+#
+# [1]: https://docs.python.org/3.7/library/logging.config.html#configuration-dictionary-schema
+# [2]: https://github.com/matrix-org/synapse/blob/master/docs/structured_logging.md
+
+version: 1
+
+formatters:
+    precise:
+        format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
+
+handlers:
+    file:
+        class: logging.handlers.TimedRotatingFileHandler
+        formatter: precise
+        filename: /var/log/matrix-synapse/homeserver.log
+        when: midnight
+        backupCount: 3  # Does not include the current log file.
+        encoding: utf8
+
+    # Default to buffering writes to log file for efficiency. This means that
+    # will be a delay for INFO/DEBUG logs to get written, but WARNING/ERROR
+    # logs will still be flushed immediately.
+    buffer:
+        class: logging.handlers.MemoryHandler
+        target: file
+        # The capacity is the number of log lines that are buffered before
+        # being written to disk. Increasing this will lead to better
+        # performance, at the expensive of it taking longer for log lines to
+        # be written to disk.
+        capacity: 10
+        flushLevel: 30  # Flush for WARNING logs as well
+
+    # A handler that writes logs to stderr. Unused by default, but can be used
+    # instead of &quot;buffer&quot; and &quot;file&quot; in the logger handlers.
+    console:
+        class: logging.StreamHandler
+        formatter: precise
+
+loggers:
+    synapse.storage.SQL:
+        # beware: increasing this to DEBUG will make synapse log sensitive
+        # information such as access tokens.
+        level: INFO
+
+    twisted:
+        # We send the twisted logging directly to the file handler,
+        # to work around https://github.com/matrix-org/synapse/issues/3471
+        # when using &quot;buffer&quot; logger. Use &quot;console&quot; to log to stderr instead.
+        handlers: [file]
+        propagate: false
+
+root:
+    level: INFO
+
+    # Write logs to the `buffer` handler, which will buffer them together in memory,
+    # then write them to a file.
+    #
+    # Replace &quot;buffer&quot; with &quot;console&quot; to log to stderr instead. (Note that you'll
+    # also need to update the configuration for the `twisted` logger above, in
+    # this case.)
+    #
+    handlers: [buffer]
+
+disable_existing_loggers: false
+``__`</code></pre>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="structured-logging"><a class="header" href="#structured-logging">Structured Logging</a></h1>
+<p>A structured logging system can be useful when your logs are destined for a
+machine to parse and process. By maintaining its machine-readable characteristics,
+it enables more efficient searching and aggregations when consumed by software
+such as the &quot;ELK stack&quot;.</p>
+<p>Synapse's structured logging system is configured via the file that Synapse's
+<code>log_config</code> config option points to. The file should include a formatter which
+uses the <code>synapse.logging.TerseJsonFormatter</code> class included with Synapse and a
+handler which uses the above formatter.</p>
+<p>There is also a <code>synapse.logging.JsonFormatter</code> option which does not include
+a timestamp in the resulting JSON. This is useful if the log ingester adds its
+own timestamp.</p>
+<p>A structured logging configuration looks similar to the following:</p>
+<pre><code class="language-yaml">version: 1
+
+formatters:
+    structured:
+        class: synapse.logging.TerseJsonFormatter
+
+handlers:
+    file:
+        class: logging.handlers.TimedRotatingFileHandler
+        formatter: structured
+        filename: /path/to/my/logs/homeserver.log
+        when: midnight
+        backupCount: 3  # Does not include the current log file.
+        encoding: utf8
+
+loggers:
+    synapse:
+        level: INFO
+        handlers: [remote]
+    synapse.storage.SQL:
+        level: WARNING
+</code></pre>
+<p>The above logging config will set Synapse as 'INFO' logging level by default,
+with the SQL layer at 'WARNING', and will log to a file, stored as JSON.</p>
+<p>It is also possible to figure Synapse to log to a remote endpoint by using the
+<code>synapse.logging.RemoteHandler</code> class included with Synapse. It takes the
+following arguments:</p>
+<ul>
+<li><code>host</code>: Hostname or IP address of the log aggregator.</li>
+<li><code>port</code>: Numerical port to contact on the host.</li>
+<li><code>maximum_buffer</code>: (Optional, defaults to 1000) The maximum buffer size to allow.</li>
+</ul>
+<p>A remote structured logging configuration looks similar to the following:</p>
+<pre><code class="language-yaml">version: 1
+
+formatters:
+    structured:
+        class: synapse.logging.TerseJsonFormatter
+
+handlers:
+    remote:
+        class: synapse.logging.RemoteHandler
+        formatter: structured
+        host: 10.1.2.3
+        port: 9999
+
+loggers:
+    synapse:
+        level: INFO
+        handlers: [remote]
+    synapse.storage.SQL:
+        level: WARNING
+</code></pre>
+<p>The above logging config will set Synapse as 'INFO' logging level by default,
+with the SQL layer at 'WARNING', and will log JSON formatted messages to a
+remote endpoint at 10.1.2.3:9999.</p>
+<h2 id="upgrading-from-legacy-structured-logging-configuration"><a class="header" href="#upgrading-from-legacy-structured-logging-configuration">Upgrading from legacy structured logging configuration</a></h2>
+<p>Versions of Synapse prior to v1.23.0 included a custom structured logging
+configuration which is deprecated. It used a <code>structured: true</code> flag and
+configured <code>drains</code> instead of <code>handlers</code> and <code>formatters</code>.</p>
+<p>Synapse currently automatically converts the old configuration to the new
+configuration, but this will be removed in a future version of Synapse. The
+following reference can be used to update your configuration. Based on the drain
+<code>type</code>, we can pick a new handler:</p>
+<ol>
+<li>For a type of <code>console</code>, <code>console_json</code>, or <code>console_json_terse</code>: a handler
+with a class of <code>logging.StreamHandler</code> and a <code>stream</code> of <code>ext://sys.stdout</code>
+or <code>ext://sys.stderr</code> should be used.</li>
+<li>For a type of <code>file</code> or <code>file_json</code>: a handler of <code>logging.FileHandler</code> with
+a location of the file path should be used.</li>
+<li>For a type of <code>network_json_terse</code>: a handler of <code>synapse.logging.RemoteHandler</code>
+with the host and port should be used.</li>
+</ol>
+<p>Then based on the drain <code>type</code> we can pick a new formatter:</p>
+<ol>
+<li>For a type of <code>console</code> or <code>file</code> no formatter is necessary.</li>
+<li>For a type of <code>console_json</code> or <code>file_json</code>: a formatter of
+<code>synapse.logging.JsonFormatter</code> should be used.</li>
+<li>For a type of <code>console_json_terse</code> or <code>network_json_terse</code>: a formatter of
+<code>synapse.logging.TerseJsonFormatter</code> should be used.</li>
+</ol>
+<p>For each new handler and formatter they should be added to the logging configuration
+and then assigned to either a logger or the root logger.</p>
+<p>An example legacy configuration:</p>
+<pre><code class="language-yaml">structured: true
+
+loggers:
+    synapse:
+        level: INFO
+    synapse.storage.SQL:
+        level: WARNING
+
+drains:
+    console:
+        type: console
+        location: stdout
+    file:
+        type: file_json
+        location: homeserver.log
+</code></pre>
+<p>Would be converted into a new configuration:</p>
+<pre><code class="language-yaml">version: 1
+
+formatters:
+    json:
+        class: synapse.logging.JsonFormatter
+
+handlers:
+    console:
+        class: logging.StreamHandler
+        location: ext://sys.stdout
+    file:
+        class: logging.FileHandler
+        formatter: json
+        filename: homeserver.log
+
+loggers:
+    synapse:
+        level: INFO
+        handlers: [console, file]
+    synapse.storage.SQL:
+        level: WARNING
+</code></pre>
+<p>The new logging configuration is a bit more verbose, but significantly more
+flexible. It allows for configuration that were not previously possible, such as
+sending plain logs over the network, or using different handlers for different
+modules.</p>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="user-authentication"><a class="header" href="#user-authentication">User Authentication</a></h1>
+<p>Synapse supports multiple methods of authenticating users, either out-of-the-box or through custom pluggable
+authentication modules.</p>
+<p>Included in Synapse is support for authenticating users via:</p>
+<ul>
+<li>A username and password.</li>
+<li>An email address and password.</li>
+<li>Single Sign-On through the SAML, Open ID Connect or CAS protocols.</li>
+<li>JSON Web Tokens.</li>
+<li>An administrator's shared secret.</li>
+</ul>
+<p>Synapse can additionally be extended to support custom authentication schemes through optional &quot;password auth provider&quot;
+modules.</p>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="configuring-synapse-to-authenticate-against-an-openid-connect-provider"><a class="header" href="#configuring-synapse-to-authenticate-against-an-openid-connect-provider">Configuring Synapse to authenticate against an OpenID Connect provider</a></h1>
+<p>Synapse can be configured to use an OpenID Connect Provider (OP) for
+authentication, instead of its own local password database.</p>
+<p>Any OP should work with Synapse, as long as it supports the authorization code
+flow. There are a few options for that:</p>
+<ul>
+<li>
+<p>start a local OP. Synapse has been tested with <a href="https://www.ory.sh/docs/hydra/">Hydra</a> and
+<a href="https://github.com/dexidp/dex">Dex</a>.  Note that for an OP to work, it should be served under a
+secure (HTTPS) origin.  A certificate signed with a self-signed, locally
+trusted CA should work. In that case, start Synapse with a <code>SSL_CERT_FILE</code>
+environment variable set to the path of the CA.</p>
+</li>
+<li>
+<p>set up a SaaS OP, like <a href="https://developers.google.com/identity/protocols/oauth2/openid-connect">Google</a>, <a href="https://auth0.com/">Auth0</a> or
+<a href="https://www.okta.com/">Okta</a>. Synapse has been tested with Auth0 and Google.</p>
+</li>
+</ul>
+<p>It may also be possible to use other OAuth2 providers which provide the
+<a href="https://tools.ietf.org/html/rfc6749#section-4.1">authorization code grant type</a>,
+such as <a href="https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps">Github</a>.</p>
+<h2 id="preparing-synapse"><a class="header" href="#preparing-synapse">Preparing Synapse</a></h2>
+<p>The OpenID integration in Synapse uses the
+<a href="https://pypi.org/project/Authlib/"><code>authlib</code></a> library, which must be installed
+as follows:</p>
+<ul>
+<li>
+<p>The relevant libraries are included in the Docker images and Debian packages
+provided by <code>matrix.org</code> so no further action is needed.</p>
+</li>
+<li>
+<p>If you installed Synapse into a virtualenv, run <code>/path/to/env/bin/pip install matrix-synapse[oidc]</code> to install the necessary dependencies.</p>
+</li>
+<li>
+<p>For other installation mechanisms, see the documentation provided by the
+maintainer.</p>
+</li>
+</ul>
+<p>To enable the OpenID integration, you should then add a section to the <code>oidc_providers</code>
+setting in your configuration file (or uncomment one of the existing examples).
+See <a href="./sample_config.yaml">sample_config.yaml</a> for some sample settings, as well as
+the text below for example configurations for specific providers.</p>
+<h2 id="sample-configs"><a class="header" href="#sample-configs">Sample configs</a></h2>
+<p>Here are a few configs for providers that should work with Synapse.</p>
+<h3 id="microsoft-azure-active-directory"><a class="header" href="#microsoft-azure-active-directory">Microsoft Azure Active Directory</a></h3>
+<p>Azure AD can act as an OpenID Connect Provider. Register a new application under
+<em>App registrations</em> in the Azure AD management console. The RedirectURI for your
+application should point to your matrix server:
+<code>[synapse public baseurl]/_synapse/client/oidc/callback</code></p>
+<p>Go to <em>Certificates &amp; secrets</em> and register a new client secret. Make note of your
+Directory (tenant) ID as it will be used in the Azure links.
+Edit your Synapse config file and change the <code>oidc_config</code> section:</p>
+<pre><code class="language-yaml">oidc_providers:
+  - idp_id: microsoft
+    idp_name: Microsoft
+    issuer: &quot;https://login.microsoftonline.com/&lt;tenant id&gt;/v2.0&quot;
+    client_id: &quot;&lt;client id&gt;&quot;
+    client_secret: &quot;&lt;client secret&gt;&quot;
+    scopes: [&quot;openid&quot;, &quot;profile&quot;]
+    authorization_endpoint: &quot;https://login.microsoftonline.com/&lt;tenant id&gt;/oauth2/v2.0/authorize&quot;
+    token_endpoint: &quot;https://login.microsoftonline.com/&lt;tenant id&gt;/oauth2/v2.0/token&quot;
+    userinfo_endpoint: &quot;https://graph.microsoft.com/oidc/userinfo&quot;
+
+    user_mapping_provider:
+      config:
+        localpart_template: &quot;{{ user.preferred_username.split('@')[0] }}&quot;
+        display_name_template: &quot;{{ user.name }}&quot;
+</code></pre>
+<h3 id="a-hrefhttpsgithubcomdexidpdexdexa"><a class="header" href="#a-hrefhttpsgithubcomdexidpdexdexa"><a href="https://github.com/dexidp/dex">Dex</a></a></h3>
+<p><a href="https://github.com/dexidp/dex">Dex</a> is a simple, open-source, certified OpenID Connect Provider.
+Although it is designed to help building a full-blown provider with an
+external database, it can be configured with static passwords in a config file.</p>
+<p>Follow the <a href="https://dexidp.io/docs/getting-started/">Getting Started guide</a>
+to install Dex.</p>
+<p>Edit <code>examples/config-dev.yaml</code> config file from the Dex repo to add a client:</p>
+<pre><code class="language-yaml">staticClients:
+- id: synapse
+  secret: secret
+  redirectURIs:
+  - '[synapse public baseurl]/_synapse/client/oidc/callback'
+  name: 'Synapse'
+</code></pre>
+<p>Run with <code>dex serve examples/config-dev.yaml</code>.</p>
+<p>Synapse config:</p>
+<pre><code class="language-yaml">oidc_providers:
+  - idp_id: dex
+    idp_name: &quot;My Dex server&quot;
+    skip_verification: true # This is needed as Dex is served on an insecure endpoint
+    issuer: &quot;http://127.0.0.1:5556/dex&quot;
+    client_id: &quot;synapse&quot;
+    client_secret: &quot;secret&quot;
+    scopes: [&quot;openid&quot;, &quot;profile&quot;]
+    user_mapping_provider:
+      config:
+        localpart_template: &quot;{{ user.name }}&quot;
+        display_name_template: &quot;{{ user.name|capitalize }}&quot;
+</code></pre>
+<h3 id="a-hrefhttpswwwkeycloakorgdocslatestserver_adminsso-protocolskeycloaka"><a class="header" href="#a-hrefhttpswwwkeycloakorgdocslatestserver_adminsso-protocolskeycloaka"><a href="https://www.keycloak.org/docs/latest/server_admin/#sso-protocols">Keycloak</a></a></h3>
+<p><a href="https://www.keycloak.org/docs/latest/server_admin/#sso-protocols">Keycloak</a> is an opensource IdP maintained by Red Hat.</p>
+<p>Follow the <a href="https://www.keycloak.org/getting-started">Getting Started Guide</a> to install Keycloak and set up a realm.</p>
+<ol>
+<li>
+<p>Click <code>Clients</code> in the sidebar and click <code>Create</code></p>
+</li>
+<li>
+<p>Fill in the fields as below:</p>
+</li>
+</ol>
+<table><thead><tr><th>Field</th><th>Value</th></tr></thead><tbody>
+<tr><td>Client ID</td><td><code>synapse</code></td></tr>
+<tr><td>Client Protocol</td><td><code>openid-connect</code></td></tr>
+</tbody></table>
+<ol start="3">
+<li>Click <code>Save</code></li>
+<li>Fill in the fields as below:</li>
+</ol>
+<table><thead><tr><th>Field</th><th>Value</th></tr></thead><tbody>
+<tr><td>Client ID</td><td><code>synapse</code></td></tr>
+<tr><td>Enabled</td><td><code>On</code></td></tr>
+<tr><td>Client Protocol</td><td><code>openid-connect</code></td></tr>
+<tr><td>Access Type</td><td><code>confidential</code></td></tr>
+<tr><td>Valid Redirect URIs</td><td><code>[synapse public baseurl]/_synapse/client/oidc/callback</code></td></tr>
+</tbody></table>
+<ol start="5">
+<li>Click <code>Save</code></li>
+<li>On the Credentials tab, update the fields:</li>
+</ol>
+<table><thead><tr><th>Field</th><th>Value</th></tr></thead><tbody>
+<tr><td>Client Authenticator</td><td><code>Client ID and Secret</code></td></tr>
+</tbody></table>
+<ol start="7">
+<li>Click <code>Regenerate Secret</code></li>
+<li>Copy Secret</li>
+</ol>
+<pre><code class="language-yaml">oidc_providers:
+  - idp_id: keycloak
+    idp_name: &quot;My KeyCloak server&quot;
+    issuer: &quot;https://127.0.0.1:8443/auth/realms/{realm_name}&quot;
+    client_id: &quot;synapse&quot;
+    client_secret: &quot;copy secret generated from above&quot;
+    scopes: [&quot;openid&quot;, &quot;profile&quot;]
+    user_mapping_provider:
+      config:
+        localpart_template: &quot;{{ user.preferred_username }}&quot;
+        display_name_template: &quot;{{ user.name }}&quot;
+</code></pre>
+<h3 id="a-hrefhttpsauth0comauth0a"><a class="header" href="#a-hrefhttpsauth0comauth0a"><a href="https://auth0.com/">Auth0</a></a></h3>
+<ol>
+<li>
+<p>Create a regular web application for Synapse</p>
+</li>
+<li>
+<p>Set the Allowed Callback URLs to <code>[synapse public baseurl]/_synapse/client/oidc/callback</code></p>
+</li>
+<li>
+<p>Add a rule to add the <code>preferred_username</code> claim.</p>
+<details>
+ <summary>Code sample</summary>
+<pre><code class="language-js">function addPersistenceAttribute(user, context, callback) {
+  user.user_metadata = user.user_metadata || {};
+  user.user_metadata.preferred_username = user.user_metadata.preferred_username || user.user_id;
+  context.idToken.preferred_username = user.user_metadata.preferred_username;
+
+  auth0.users.updateUserMetadata(user.user_id, user.user_metadata)
+    .then(function(){
+        callback(null, user, context);
+    })
+    .catch(function(err){
+        callback(err);
+    });
+}
+</code></pre>
+</li>
+</ol>
+</details>
+<p>Synapse config:</p>
+<pre><code class="language-yaml">oidc_providers:
+  - idp_id: auth0
+    idp_name: Auth0
+    issuer: &quot;https://your-tier.eu.auth0.com/&quot; # TO BE FILLED
+    client_id: &quot;your-client-id&quot; # TO BE FILLED
+    client_secret: &quot;your-client-secret&quot; # TO BE FILLED
+    scopes: [&quot;openid&quot;, &quot;profile&quot;]
+    user_mapping_provider:
+      config:
+        localpart_template: &quot;{{ user.preferred_username }}&quot;
+        display_name_template: &quot;{{ user.name }}&quot;
+</code></pre>
+<h3 id="github"><a class="header" href="#github">GitHub</a></h3>
+<p>GitHub is a bit special as it is not an OpenID Connect compliant provider, but
+just a regular OAuth2 provider.</p>
+<p>The <a href="https://developer.github.com/v3/users/#get-the-authenticated-user"><code>/user</code> API endpoint</a>
+can be used to retrieve information on the authenticated user. As the Synapse
+login mechanism needs an attribute to uniquely identify users, and that endpoint
+does not return a <code>sub</code> property, an alternative <code>subject_claim</code> has to be set.</p>
+<ol>
+<li>Create a new OAuth application: https://github.com/settings/applications/new.</li>
+<li>Set the callback URL to <code>[synapse public baseurl]/_synapse/client/oidc/callback</code>.</li>
+</ol>
+<p>Synapse config:</p>
+<pre><code class="language-yaml">oidc_providers:
+  - idp_id: github
+    idp_name: Github
+    idp_brand: &quot;github&quot;  # optional: styling hint for clients
+    discover: false
+    issuer: &quot;https://github.com/&quot;
+    client_id: &quot;your-client-id&quot; # TO BE FILLED
+    client_secret: &quot;your-client-secret&quot; # TO BE FILLED
+    authorization_endpoint: &quot;https://github.com/login/oauth/authorize&quot;
+    token_endpoint: &quot;https://github.com/login/oauth/access_token&quot;
+    userinfo_endpoint: &quot;https://api.github.com/user&quot;
+    scopes: [&quot;read:user&quot;]
+    user_mapping_provider:
+      config:
+        subject_claim: &quot;id&quot;
+        localpart_template: &quot;{{ user.login }}&quot;
+        display_name_template: &quot;{{ user.name }}&quot;
+</code></pre>
+<h3 id="a-hrefhttpsdevelopersgooglecomidentityprotocolsoauth2openid-connectgooglea"><a class="header" href="#a-hrefhttpsdevelopersgooglecomidentityprotocolsoauth2openid-connectgooglea"><a href="https://developers.google.com/identity/protocols/oauth2/openid-connect">Google</a></a></h3>
+<ol>
+<li>Set up a project in the Google API Console (see
+https://developers.google.com/identity/protocols/oauth2/openid-connect#appsetup).</li>
+<li>add an &quot;OAuth Client ID&quot; for a Web Application under &quot;Credentials&quot;.</li>
+<li>Copy the Client ID and Client Secret, and add the following to your synapse config:
+<pre><code class="language-yaml">oidc_providers:
+  - idp_id: google
+    idp_name: Google
+    idp_brand: &quot;google&quot;  # optional: styling hint for clients
+    issuer: &quot;https://accounts.google.com/&quot;
+    client_id: &quot;your-client-id&quot; # TO BE FILLED
+    client_secret: &quot;your-client-secret&quot; # TO BE FILLED
+    scopes: [&quot;openid&quot;, &quot;profile&quot;]
+    user_mapping_provider:
+      config:
+        localpart_template: &quot;{{ user.given_name|lower }}&quot;
+        display_name_template: &quot;{{ user.name }}&quot;
+</code></pre>
+</li>
+<li>Back in the Google console, add this Authorized redirect URI: <code>[synapse public baseurl]/_synapse/client/oidc/callback</code>.</li>
+</ol>
+<h3 id="twitch"><a class="header" href="#twitch">Twitch</a></h3>
+<ol>
+<li>Setup a developer account on <a href="https://dev.twitch.tv/">Twitch</a></li>
+<li>Obtain the OAuth 2.0 credentials by <a href="https://dev.twitch.tv/console/apps/">creating an app</a></li>
+<li>Add this OAuth Redirect URL: <code>[synapse public baseurl]/_synapse/client/oidc/callback</code></li>
+</ol>
+<p>Synapse config:</p>
+<pre><code class="language-yaml">oidc_providers:
+  - idp_id: twitch
+    idp_name: Twitch
+    issuer: &quot;https://id.twitch.tv/oauth2/&quot;
+    client_id: &quot;your-client-id&quot; # TO BE FILLED
+    client_secret: &quot;your-client-secret&quot; # TO BE FILLED
+    client_auth_method: &quot;client_secret_post&quot;
+    user_mapping_provider:
+      config:
+        localpart_template: &quot;{{ user.preferred_username }}&quot;
+        display_name_template: &quot;{{ user.name }}&quot;
+</code></pre>
+<h3 id="gitlab"><a class="header" href="#gitlab">GitLab</a></h3>
+<ol>
+<li>Create a <a href="https://gitlab.com/profile/applications">new application</a>.</li>
+<li>Add the <code>read_user</code> and <code>openid</code> scopes.</li>
+<li>Add this Callback URL: <code>[synapse public baseurl]/_synapse/client/oidc/callback</code></li>
+</ol>
+<p>Synapse config:</p>
+<pre><code class="language-yaml">oidc_providers:
+  - idp_id: gitlab
+    idp_name: Gitlab
+    idp_brand: &quot;gitlab&quot;  # optional: styling hint for clients
+    issuer: &quot;https://gitlab.com/&quot;
+    client_id: &quot;your-client-id&quot; # TO BE FILLED
+    client_secret: &quot;your-client-secret&quot; # TO BE FILLED
+    client_auth_method: &quot;client_secret_post&quot;
+    scopes: [&quot;openid&quot;, &quot;read_user&quot;]
+    user_profile_method: &quot;userinfo_endpoint&quot;
+    user_mapping_provider:
+      config:
+        localpart_template: '{{ user.nickname }}'
+        display_name_template: '{{ user.name }}'
+</code></pre>
+<h3 id="facebook"><a class="header" href="#facebook">Facebook</a></h3>
+<p>Like Github, Facebook provide a custom OAuth2 API rather than an OIDC-compliant
+one so requires a little more configuration.</p>
+<ol start="0">
+<li>You will need a Facebook developer account. You can register for one
+<a href="https://developers.facebook.com/async/registration/">here</a>.</li>
+<li>On the <a href="https://developers.facebook.com/apps/">apps</a> page of the developer
+console, &quot;Create App&quot;, and choose &quot;Build Connected Experiences&quot;.</li>
+<li>Once the app is created, add &quot;Facebook Login&quot; and choose &quot;Web&quot;. You don't
+need to go through the whole form here.</li>
+<li>In the left-hand menu, open &quot;Products&quot;/&quot;Facebook Login&quot;/&quot;Settings&quot;.
+<ul>
+<li>Add <code>[synapse public baseurl]/_synapse/client/oidc/callback</code> as an OAuth Redirect
+URL.</li>
+</ul>
+</li>
+<li>In the left-hand menu, open &quot;Settings/Basic&quot;. Here you can copy the &quot;App ID&quot;
+and &quot;App Secret&quot; for use below.</li>
+</ol>
+<p>Synapse config:</p>
+<pre><code class="language-yaml">  - idp_id: facebook
+    idp_name: Facebook
+    idp_brand: &quot;facebook&quot;  # optional: styling hint for clients
+    discover: false
+    issuer: &quot;https://facebook.com&quot;
+    client_id: &quot;your-client-id&quot; # TO BE FILLED
+    client_secret: &quot;your-client-secret&quot; # TO BE FILLED
+    scopes: [&quot;openid&quot;, &quot;email&quot;]
+    authorization_endpoint: https://facebook.com/dialog/oauth
+    token_endpoint: https://graph.facebook.com/v9.0/oauth/access_token
+    user_profile_method: &quot;userinfo_endpoint&quot;
+    userinfo_endpoint: &quot;https://graph.facebook.com/v9.0/me?fields=id,name,email,picture&quot;
+    user_mapping_provider:
+      config:
+        subject_claim: &quot;id&quot;
+        display_name_template: &quot;{{ user.name }}&quot;
+</code></pre>
+<p>Relevant documents:</p>
+<ul>
+<li>https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow</li>
+<li>Using Facebook's Graph API: https://developers.facebook.com/docs/graph-api/using-graph-api/</li>
+<li>Reference to the User endpoint: https://developers.facebook.com/docs/graph-api/reference/user</li>
+</ul>
+<h3 id="gitea"><a class="header" href="#gitea">Gitea</a></h3>
+<p>Gitea is, like Github, not an OpenID provider, but just an OAuth2 provider.</p>
+<p>The <a href="https://try.gitea.io/api/swagger#/user/userGetCurrent"><code>/user</code> API endpoint</a>
+can be used to retrieve information on the authenticated user. As the Synapse
+login mechanism needs an attribute to uniquely identify users, and that endpoint
+does not return a <code>sub</code> property, an alternative <code>subject_claim</code> has to be set.</p>
+<ol>
+<li>Create a new application.</li>
+<li>Add this Callback URL: <code>[synapse public baseurl]/_synapse/client/oidc/callback</code></li>
+</ol>
+<p>Synapse config:</p>
+<pre><code class="language-yaml">oidc_providers:
+  - idp_id: gitea
+    idp_name: Gitea
+    discover: false
+    issuer: &quot;https://your-gitea.com/&quot;
+    client_id: &quot;your-client-id&quot; # TO BE FILLED
+    client_secret: &quot;your-client-secret&quot; # TO BE FILLED
+    client_auth_method: client_secret_post
+    scopes: [] # Gitea doesn't support Scopes
+    authorization_endpoint: &quot;https://your-gitea.com/login/oauth/authorize&quot;
+    token_endpoint: &quot;https://your-gitea.com/login/oauth/access_token&quot;
+    userinfo_endpoint: &quot;https://your-gitea.com/api/v1/user&quot;
+    user_mapping_provider:
+      config:
+        subject_claim: &quot;id&quot;
+        localpart_template: &quot;{{ user.login }}&quot;
+        display_name_template: &quot;{{ user.full_name }}&quot;
+</code></pre>
+<h3 id="xwiki"><a class="header" href="#xwiki">XWiki</a></h3>
+<p>Install <a href="https://extensions.xwiki.org/xwiki/bin/view/Extension/OpenID%20Connect/OpenID%20Connect%20Provider/">OpenID Connect Provider</a> extension in your <a href="https://www.xwiki.org">XWiki</a> instance.</p>
+<p>Synapse config:</p>
+<pre><code class="language-yaml">oidc_providers:
+  - idp_id: xwiki
+    idp_name: &quot;XWiki&quot;
+    issuer: &quot;https://myxwikihost/xwiki/oidc/&quot;
+    client_id: &quot;your-client-id&quot; # TO BE FILLED
+    client_auth_method: none
+    scopes: [&quot;openid&quot;, &quot;profile&quot;]
+    user_profile_method: &quot;userinfo_endpoint&quot;
+    user_mapping_provider:
+      config:
+        localpart_template: &quot;{{ user.preferred_username }}&quot;
+        display_name_template: &quot;{{ user.name }}&quot;
+</code></pre>
+<h2 id="apple"><a class="header" href="#apple">Apple</a></h2>
+<p>Configuring &quot;Sign in with Apple&quot; (SiWA) requires an Apple Developer account.</p>
+<p>You will need to create a new &quot;Services ID&quot; for SiWA, and create and download a
+private key with &quot;SiWA&quot; enabled.</p>
+<p>As well as the private key file, you will need:</p>
+<ul>
+<li>Client ID: the &quot;identifier&quot; you gave the &quot;Services ID&quot;</li>
+<li>Team ID: a 10-character ID associated with your developer account.</li>
+<li>Key ID: the 10-character identifier for the key.</li>
+</ul>
+<p>https://help.apple.com/developer-account/?lang=en#/dev77c875b7e has more
+documentation on setting up SiWA.</p>
+<p>The synapse config will look like this:</p>
+<pre><code class="language-yaml">  - idp_id: apple
+    idp_name: Apple
+    issuer: &quot;https://appleid.apple.com&quot;
+    client_id: &quot;your-client-id&quot; # Set to the &quot;identifier&quot; for your &quot;ServicesID&quot;
+    client_auth_method: &quot;client_secret_post&quot;
+    client_secret_jwt_key:
+      key_file: &quot;/path/to/AuthKey_KEYIDCODE.p8&quot;  # point to your key file
+      jwt_header:
+        alg: ES256
+        kid: &quot;KEYIDCODE&quot;   # Set to the 10-char Key ID
+      jwt_payload:
+        iss: TEAMIDCODE    # Set to the 10-char Team ID
+    scopes: [&quot;name&quot;, &quot;email&quot;, &quot;openid&quot;]
+    authorization_endpoint: https://appleid.apple.com/auth/authorize?response_mode=form_post
+    user_mapping_provider:
+      config:
+        email_template: &quot;{{ user.email }}&quot;
+</code></pre>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="sso-mapping-providers"><a class="header" href="#sso-mapping-providers">SSO Mapping Providers</a></h1>
+<p>A mapping provider is a Python class (loaded via a Python module) that
+works out how to map attributes of a SSO response to Matrix-specific
+user attributes. Details such as user ID localpart, displayname, and even avatar
+URLs are all things that can be mapped from talking to a SSO service.</p>
+<p>As an example, a SSO service may return the email address
+&quot;john.smith@example.com&quot; for a user, whereas Synapse will need to figure out how
+to turn that into a displayname when creating a Matrix user for this individual.
+It may choose <code>John Smith</code>, or <code>Smith, John [Example.com]</code> or any number of
+variations. As each Synapse configuration may want something different, this is
+where SAML mapping providers come into play.</p>
+<p>SSO mapping providers are currently supported for OpenID and SAML SSO
+configurations. Please see the details below for how to implement your own.</p>
+<p>It is up to the mapping provider whether the user should be assigned a predefined
+Matrix ID based on the SSO attributes, or if the user should be allowed to
+choose their own username.</p>
+<p>In the first case - where users are automatically allocated a Matrix ID - it is
+the responsibility of the mapping provider to normalise the SSO attributes and
+map them to a valid Matrix ID. The <a href="https://matrix.org/docs/spec/appendices#user-identifiers">specification for Matrix
+IDs</a> has some
+information about what is considered valid.</p>
+<p>If the mapping provider does not assign a Matrix ID, then Synapse will
+automatically serve an HTML page allowing the user to pick their own username.</p>
+<p>External mapping providers are provided to Synapse in the form of an external
+Python module. You can retrieve this module from <a href="https://pypi.org">PyPI</a> or elsewhere,
+but it must be importable via Synapse (e.g. it must be in the same virtualenv
+as Synapse). The Synapse config is then modified to point to the mapping provider
+(and optionally provide additional configuration for it).</p>
+<h2 id="openid-mapping-providers"><a class="header" href="#openid-mapping-providers">OpenID Mapping Providers</a></h2>
+<p>The OpenID mapping provider can be customized by editing the
+<code>oidc_config.user_mapping_provider.module</code> config option.</p>
+<p><code>oidc_config.user_mapping_provider.config</code> allows you to provide custom
+configuration options to the module. Check with the module's documentation for
+what options it provides (if any). The options listed by default are for the
+user mapping provider built in to Synapse. If using a custom module, you should
+comment these options out and use those specified by the module instead.</p>
+<h3 id="building-a-custom-openid-mapping-provider"><a class="header" href="#building-a-custom-openid-mapping-provider">Building a Custom OpenID Mapping Provider</a></h3>
+<p>A custom mapping provider must specify the following methods:</p>
+<ul>
+<li><code>__init__(self, parsed_config)</code>
+<ul>
+<li>Arguments:
+<ul>
+<li><code>parsed_config</code> - A configuration object that is the return value of the
+<code>parse_config</code> method. You should set any configuration options needed by
+the module here.</li>
+</ul>
+</li>
+</ul>
+</li>
+<li><code>parse_config(config)</code>
+<ul>
+<li>This method should have the <code>@staticmethod</code> decoration.</li>
+<li>Arguments:
+<ul>
+<li><code>config</code> - A <code>dict</code> representing the parsed content of the
+<code>oidc_config.user_mapping_provider.config</code> homeserver config option.
+Runs on homeserver startup. Providers should extract and validate
+any option values they need here.</li>
+</ul>
+</li>
+<li>Whatever is returned will be passed back to the user mapping provider module's
+<code>__init__</code> method during construction.</li>
+</ul>
+</li>
+<li><code>get_remote_user_id(self, userinfo)</code>
+<ul>
+<li>Arguments:
+<ul>
+<li><code>userinfo</code> - A <code>authlib.oidc.core.claims.UserInfo</code> object to extract user
+information from.</li>
+</ul>
+</li>
+<li>This method must return a string, which is the unique, immutable identifier
+for the user. Commonly the <code>sub</code> claim of the response.</li>
+</ul>
+</li>
+<li><code>map_user_attributes(self, userinfo, token, failures)</code>
+<ul>
+<li>This method must be async.</li>
+<li>Arguments:
+<ul>
+<li><code>userinfo</code> - A <code>authlib.oidc.core.claims.UserInfo</code> object to extract user
+information from.</li>
+<li><code>token</code> - A dictionary which includes information necessary to make
+further requests to the OpenID provider.</li>
+<li><code>failures</code> - An <code>int</code> that represents the amount of times the returned
+mxid localpart mapping has failed.  This should be used
+to create a deduplicated mxid localpart which should be
+returned instead. For example, if this method returns
+<code>john.doe</code> as the value of <code>localpart</code> in the returned
+dict, and that is already taken on the homeserver, this
+method will be called again with the same parameters but
+with failures=1. The method should then return a different
+<code>localpart</code> value, such as <code>john.doe1</code>.</li>
+</ul>
+</li>
+<li>Returns a dictionary with two keys:
+<ul>
+<li><code>localpart</code>: A string, used to generate the Matrix ID. If this is
+<code>None</code>, the user is prompted to pick their own username. This is only used
+during a user's first login. Once a localpart has been associated with a
+remote user ID (see <code>get_remote_user_id</code>) it cannot be updated.</li>
+<li><code>displayname</code>: An optional string, the display name for the user.</li>
+</ul>
+</li>
+</ul>
+</li>
+<li><code>get_extra_attributes(self, userinfo, token)</code>
+<ul>
+<li>
+<p>This method must be async.</p>
+</li>
+<li>
+<p>Arguments:</p>
+<ul>
+<li><code>userinfo</code> - A <code>authlib.oidc.core.claims.UserInfo</code> object to extract user
+information from.</li>
+<li><code>token</code> - A dictionary which includes information necessary to make
+further requests to the OpenID provider.</li>
+</ul>
+</li>
+<li>
+<p>Returns a dictionary that is suitable to be serialized to JSON. This
+will be returned as part of the response during a successful login.</p>
+<p>Note that care should be taken to not overwrite any of the parameters
+usually returned as part of the <a href="https://matrix.org/docs/spec/client_server/latest#post-matrix-client-r0-login">login response</a>.</p>
+</li>
+</ul>
+</li>
+</ul>
+<h3 id="default-openid-mapping-provider"><a class="header" href="#default-openid-mapping-provider">Default OpenID Mapping Provider</a></h3>
+<p>Synapse has a built-in OpenID mapping provider if a custom provider isn't
+specified in the config. It is located at
+<a href="https://github.com/matrix-org/synapse/blob/develop/synapse/handlers/oidc.py"><code>synapse.handlers.oidc.JinjaOidcMappingProvider</code></a>.</p>
+<h2 id="saml-mapping-providers"><a class="header" href="#saml-mapping-providers">SAML Mapping Providers</a></h2>
+<p>The SAML mapping provider can be customized by editing the
+<code>saml2_config.user_mapping_provider.module</code> config option.</p>
+<p><code>saml2_config.user_mapping_provider.config</code> allows you to provide custom
+configuration options to the module. Check with the module's documentation for
+what options it provides (if any). The options listed by default are for the
+user mapping provider built in to Synapse. If using a custom module, you should
+comment these options out and use those specified by the module instead.</p>
+<h3 id="building-a-custom-saml-mapping-provider"><a class="header" href="#building-a-custom-saml-mapping-provider">Building a Custom SAML Mapping Provider</a></h3>
+<p>A custom mapping provider must specify the following methods:</p>
+<ul>
+<li><code>__init__(self, parsed_config, module_api)</code>
+<ul>
+<li>Arguments:
+<ul>
+<li><code>parsed_config</code> - A configuration object that is the return value of the
+<code>parse_config</code> method. You should set any configuration options needed by
+the module here.</li>
+<li><code>module_api</code> - a <code>synapse.module_api.ModuleApi</code> object which provides the
+stable API available for extension modules.</li>
+</ul>
+</li>
+</ul>
+</li>
+<li><code>parse_config(config)</code>
+<ul>
+<li>This method should have the <code>@staticmethod</code> decoration.</li>
+<li>Arguments:
+<ul>
+<li><code>config</code> - A <code>dict</code> representing the parsed content of the
+<code>saml_config.user_mapping_provider.config</code> homeserver config option.
+Runs on homeserver startup. Providers should extract and validate
+any option values they need here.</li>
+</ul>
+</li>
+<li>Whatever is returned will be passed back to the user mapping provider module's
+<code>__init__</code> method during construction.</li>
+</ul>
+</li>
+<li><code>get_saml_attributes(config)</code>
+<ul>
+<li>This method should have the <code>@staticmethod</code> decoration.</li>
+<li>Arguments:
+<ul>
+<li><code>config</code> - A object resulting from a call to <code>parse_config</code>.</li>
+</ul>
+</li>
+<li>Returns a tuple of two sets. The first set equates to the SAML auth
+response attributes that are required for the module to function, whereas
+the second set consists of those attributes which can be used if available,
+but are not necessary.</li>
+</ul>
+</li>
+<li><code>get_remote_user_id(self, saml_response, client_redirect_url)</code>
+<ul>
+<li>Arguments:
+<ul>
+<li><code>saml_response</code> - A <code>saml2.response.AuthnResponse</code> object to extract user
+information from.</li>
+<li><code>client_redirect_url</code> - A string, the URL that the client will be
+redirected to.</li>
+</ul>
+</li>
+<li>This method must return a string, which is the unique, immutable identifier
+for the user. Commonly the <code>uid</code> claim of the response.</li>
+</ul>
+</li>
+<li><code>saml_response_to_user_attributes(self, saml_response, failures, client_redirect_url)</code>
+<ul>
+<li>
+<p>Arguments:</p>
+<ul>
+<li><code>saml_response</code> - A <code>saml2.response.AuthnResponse</code> object to extract user
+information from.</li>
+<li><code>failures</code> - An <code>int</code> that represents the amount of times the returned
+mxid localpart mapping has failed.  This should be used
+to create a deduplicated mxid localpart which should be
+returned instead. For example, if this method returns
+<code>john.doe</code> as the value of <code>mxid_localpart</code> in the returned
+dict, and that is already taken on the homeserver, this
+method will be called again with the same parameters but
+with failures=1. The method should then return a different
+<code>mxid_localpart</code> value, such as <code>john.doe1</code>.</li>
+<li><code>client_redirect_url</code> - A string, the URL that the client will be
+redirected to.</li>
+</ul>
+</li>
+<li>
+<p>This method must return a dictionary, which will then be used by Synapse
+to build a new user. The following keys are allowed:</p>
+<ul>
+<li><code>mxid_localpart</code> - A string, the mxid localpart of the new user. If this is
+<code>None</code>, the user is prompted to pick their own username. This is only used
+during a user's first login. Once a localpart has been associated with a
+remote user ID (see <code>get_remote_user_id</code>) it cannot be updated.</li>
+<li><code>displayname</code> - The displayname of the new user. If not provided, will default to
+the value of <code>mxid_localpart</code>.</li>
+<li><code>emails</code> - A list of emails for the new user. If not provided, will
+default to an empty list.</li>
+</ul>
+<p>Alternatively it can raise a <code>synapse.api.errors.RedirectException</code> to
+redirect the user to another page. This is useful to prompt the user for
+additional information, e.g. if you want them to provide their own username.
+It is the responsibility of the mapping provider to either redirect back
+to <code>client_redirect_url</code> (including any additional information) or to
+complete registration using methods from the <code>ModuleApi</code>.</p>
+</li>
+</ul>
+</li>
+</ul>
+<h3 id="default-saml-mapping-provider"><a class="header" href="#default-saml-mapping-provider">Default SAML Mapping Provider</a></h3>
+<p>Synapse has a built-in SAML mapping provider if a custom provider isn't
+specified in the config. It is located at
+<a href="https://github.com/matrix-org/synapse/blob/develop/synapse/handlers/saml.py"><code>synapse.handlers.saml.DefaultSamlMappingProvider</code></a>.</p>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="password-auth-provider-modules"><a class="header" href="#password-auth-provider-modules">Password auth provider modules</a></h1>
+<p>Password auth providers offer a way for server administrators to
+integrate their Synapse installation with an existing authentication
+system.</p>
+<p>A password auth provider is a Python class which is dynamically loaded
+into Synapse, and provides a number of methods by which it can integrate
+with the authentication system.</p>
+<p>This document serves as a reference for those looking to implement their
+own password auth providers. Additionally, here is a list of known
+password auth provider module implementations:</p>
+<ul>
+<li><a href="https://github.com/matrix-org/matrix-synapse-ldap3/">matrix-synapse-ldap3</a></li>
+<li><a href="https://github.com/devture/matrix-synapse-shared-secret-auth">matrix-synapse-shared-secret-auth</a></li>
+<li><a href="https://github.com/ma1uta/matrix-synapse-rest-password-provider">matrix-synapse-rest-password-provider</a></li>
+</ul>
+<h2 id="required-methods"><a class="header" href="#required-methods">Required methods</a></h2>
+<p>Password auth provider classes must provide the following methods:</p>
+<ul>
+<li>
+<p><code>parse_config(config)</code>
+This method is passed the <code>config</code> object for this module from the
+homeserver configuration file.</p>
+<p>It should perform any appropriate sanity checks on the provided
+configuration, and return an object which is then passed into
+<code>__init__</code>.</p>
+<p>This method should have the <code>@staticmethod</code> decoration.</p>
+</li>
+<li>
+<p><code>__init__(self, config, account_handler)</code></p>
+<p>The constructor is passed the config object returned by
+<code>parse_config</code>, and a <code>synapse.module_api.ModuleApi</code> object which
+allows the password provider to check if accounts exist and/or create
+new ones.</p>
+</li>
+</ul>
+<h2 id="optional-methods"><a class="header" href="#optional-methods">Optional methods</a></h2>
+<p>Password auth provider classes may optionally provide the following methods:</p>
+<ul>
+<li>
+<p><code>get_db_schema_files(self)</code></p>
+<p>This method, if implemented, should return an Iterable of
+<code>(name, stream)</code> pairs of database schema files. Each file is applied
+in turn at initialisation, and a record is then made in the database
+so that it is not re-applied on the next start.</p>
+</li>
+<li>
+<p><code>get_supported_login_types(self)</code></p>
+<p>This method, if implemented, should return a <code>dict</code> mapping from a
+login type identifier (such as <code>m.login.password</code>) to an iterable
+giving the fields which must be provided by the user in the submission
+to <a href="https://matrix.org/docs/spec/client_server/latest#post-matrix-client-r0-login">the <code>/login</code> API</a>.
+These fields are passed in the <code>login_dict</code> dictionary to <code>check_auth</code>.</p>
+<p>For example, if a password auth provider wants to implement a custom
+login type of <code>com.example.custom_login</code>, where the client is expected
+to pass the fields <code>secret1</code> and <code>secret2</code>, the provider should
+implement this method and return the following dict:</p>
+<pre><code class="language-python">{&quot;com.example.custom_login&quot;: (&quot;secret1&quot;, &quot;secret2&quot;)}
+</code></pre>
+</li>
+<li>
+<p><code>check_auth(self, username, login_type, login_dict)</code></p>
+<p>This method does the real work. If implemented, it
+will be called for each login attempt where the login type matches one
+of the keys returned by <code>get_supported_login_types</code>.</p>
+<p>It is passed the (possibly unqualified) <code>user</code> field provided by the client,
+the login type, and a dictionary of login secrets passed by the
+client.</p>
+<p>The method should return an <code>Awaitable</code> object, which resolves
+to the canonical <code>@localpart:domain</code> user ID if authentication is
+successful, and <code>None</code> if not.</p>
+<p>Alternatively, the <code>Awaitable</code> can resolve to a <code>(str, func)</code> tuple, in
+which case the second field is a callback which will be called with
+the result from the <code>/login</code> call (including <code>access_token</code>,
+<code>device_id</code>, etc.)</p>
+</li>
+<li>
+<p><code>check_3pid_auth(self, medium, address, password)</code></p>
+<p>This method, if implemented, is called when a user attempts to
+register or log in with a third party identifier, such as email. It is
+passed the medium (ex. &quot;email&quot;), an address (ex.
+&quot;<a href="mailto:jdoe@example.com">jdoe@example.com</a>&quot;) and the user's password.</p>
+<p>The method should return an <code>Awaitable</code> object, which resolves
+to a <code>str</code> containing the user's (canonical) User id if
+authentication was successful, and <code>None</code> if not.</p>
+<p>As with <code>check_auth</code>, the <code>Awaitable</code> may alternatively resolve to a
+<code>(user_id, callback)</code> tuple.</p>
+</li>
+<li>
+<p><code>check_password(self, user_id, password)</code></p>
+<p>This method provides a simpler interface than
+<code>get_supported_login_types</code> and <code>check_auth</code> for password auth
+providers that just want to provide a mechanism for validating
+<code>m.login.password</code> logins.</p>
+<p>If implemented, it will be called to check logins with an
+<code>m.login.password</code> login type. It is passed a qualified
+<code>@localpart:domain</code> user id, and the password provided by the user.</p>
+<p>The method should return an <code>Awaitable</code> object, which resolves
+to <code>True</code> if authentication is successful, and <code>False</code> if not.</p>
+</li>
+<li>
+<p><code>on_logged_out(self, user_id, device_id, access_token)</code></p>
+<p>This method, if implemented, is called when a user logs out. It is
+passed the qualified user ID, the ID of the deactivated device (if
+any: access tokens are occasionally created without an associated
+device ID), and the (now deactivated) access token.</p>
+<p>It may return an <code>Awaitable</code> object; the logout request will
+wait for the <code>Awaitable</code> to complete, but the result is ignored.</p>
+</li>
+</ul>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="jwt-login-type"><a class="header" href="#jwt-login-type">JWT Login Type</a></h1>
+<p>Synapse comes with a non-standard login type to support
+<a href="https://en.wikipedia.org/wiki/JSON_Web_Token">JSON Web Tokens</a>. In general the
+documentation for
+<a href="https://matrix.org/docs/spec/client_server/r0.6.1#login">the login endpoint</a>
+is still valid (and the mechanism works similarly to the
+<a href="https://matrix.org/docs/spec/client_server/r0.6.1#token-based">token based login</a>).</p>
+<p>To log in using a JSON Web Token, clients should submit a <code>/login</code> request as
+follows:</p>
+<pre><code class="language-json">{
+  &quot;type&quot;: &quot;org.matrix.login.jwt&quot;,
+  &quot;token&quot;: &quot;&lt;jwt&gt;&quot;
+}
+</code></pre>
+<p>Note that the login type of <code>m.login.jwt</code> is supported, but is deprecated. This
+will be removed in a future version of Synapse.</p>
+<p>The <code>token</code> field should include the JSON web token with the following claims:</p>
+<ul>
+<li>The <code>sub</code> (subject) claim is required and should encode the local part of the
+user ID.</li>
+<li>The expiration time (<code>exp</code>), not before time (<code>nbf</code>), and issued at (<code>iat</code>)
+claims are optional, but validated if present.</li>
+<li>The issuer (<code>iss</code>) claim is optional, but required and validated if configured.</li>
+<li>The audience (<code>aud</code>) claim is optional, but required and validated if configured.
+Providing the audience claim when not configured will cause validation to fail.</li>
+</ul>
+<p>In the case that the token is not valid, the homeserver must respond with
+<code>403 Forbidden</code> and an error code of <code>M_FORBIDDEN</code>.</p>
+<p>As with other login types, there are additional fields (e.g. <code>device_id</code> and
+<code>initial_device_display_name</code>) which can be included in the above request.</p>
+<h2 id="preparing-synapse-1"><a class="header" href="#preparing-synapse-1">Preparing Synapse</a></h2>
+<p>The JSON Web Token integration in Synapse uses the
+<a href="https://pypi.org/project/pyjwt/"><code>PyJWT</code></a> library, which must be installed
+as follows:</p>
+<ul>
+<li>
+<p>The relevant libraries are included in the Docker images and Debian packages
+provided by <code>matrix.org</code> so no further action is needed.</p>
+</li>
+<li>
+<p>If you installed Synapse into a virtualenv, run <code>/path/to/env/bin/pip install synapse[pyjwt]</code> to install the necessary dependencies.</p>
+</li>
+<li>
+<p>For other installation mechanisms, see the documentation provided by the
+maintainer.</p>
+</li>
+</ul>
+<p>To enable the JSON web token integration, you should then add an <code>jwt_config</code> section
+to your configuration file (or uncomment the <code>enabled: true</code> line in the
+existing section). See <a href="./sample_config.yaml">sample_config.yaml</a> for some
+sample settings.</p>
+<h2 id="how-to-test-jwt-as-a-developer"><a class="header" href="#how-to-test-jwt-as-a-developer">How to test JWT as a developer</a></h2>
+<p>Although JSON Web Tokens are typically generated from an external server, the
+examples below use <a href="https://pyjwt.readthedocs.io/en/latest/">PyJWT</a> directly.</p>
+<ol>
+<li>
+<p>Configure Synapse with JWT logins, note that this example uses a pre-shared
+secret and an algorithm of HS256:</p>
+<pre><code class="language-yaml">jwt_config:
+    enabled: true
+    secret: &quot;my-secret-token&quot;
+    algorithm: &quot;HS256&quot;
+</code></pre>
+</li>
+<li>
+<p>Generate a JSON web token:</p>
+<pre><code class="language-bash">$ pyjwt --key=my-secret-token --alg=HS256 encode sub=test-user
+eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LXVzZXIifQ.Ag71GT8v01UO3w80aqRPTeuVPBIBZkYhNTJJ-_-zQIc
+</code></pre>
+</li>
+<li>
+<p>Query for the login types and ensure <code>org.matrix.login.jwt</code> is there:</p>
+<pre><code class="language-bash">curl http://localhost:8080/_matrix/client/r0/login
+</code></pre>
+</li>
+<li>
+<p>Login used the generated JSON web token from above:</p>
+<pre><code class="language-bash">$ curl http://localhost:8082/_matrix/client/r0/login -X POST \
+    --data '{&quot;type&quot;:&quot;org.matrix.login.jwt&quot;,&quot;token&quot;:&quot;eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LXVzZXIifQ.Ag71GT8v01UO3w80aqRPTeuVPBIBZkYhNTJJ-_-zQIc&quot;}'
+{
+    &quot;access_token&quot;: &quot;&lt;access token&gt;&quot;,
+    &quot;device_id&quot;: &quot;ACBDEFGHI&quot;,
+    &quot;home_server&quot;: &quot;localhost:8080&quot;,
+    &quot;user_id&quot;: &quot;@test-user:localhost:8480&quot;
+}
+</code></pre>
+</li>
+</ol>
+<p>You should now be able to use the returned access token to query the client API.</p>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="overview-2"><a class="header" href="#overview-2">Overview</a></h1>
+<p>A captcha can be enabled on your homeserver to help prevent bots from registering
+accounts. Synapse currently uses Google's reCAPTCHA service which requires API keys
+from Google.</p>
+<h2 id="getting-api-keys"><a class="header" href="#getting-api-keys">Getting API keys</a></h2>
+<ol>
+<li>Create a new site at <a href="https://www.google.com/recaptcha/admin/create">https://www.google.com/recaptcha/admin/create</a></li>
+<li>Set the label to anything you want</li>
+<li>Set the type to reCAPTCHA v2 using the &quot;I'm not a robot&quot; Checkbox option.
+This is the only type of captcha that works with Synapse.</li>
+<li>Add the public hostname for your server, as set in <code>public_baseurl</code>
+in <code>homeserver.yaml</code>, to the list of authorized domains. If you have not set
+<code>public_baseurl</code>, use <code>server_name</code>.</li>
+<li>Agree to the terms of service and submit.</li>
+<li>Copy your site key and secret key and add them to your <code>homeserver.yaml</code>
+configuration file
+<pre><code>recaptcha_public_key: YOUR_SITE_KEY
+recaptcha_private_key: YOUR_SECRET_KEY
+</code></pre>
+</li>
+<li>Enable the CAPTCHA for new registrations
+<pre><code>enable_registration_captcha: true
+</code></pre>
+</li>
+<li>Go to the settings page for the CAPTCHA you just created</li>
+<li>Uncheck the &quot;Verify the origin of reCAPTCHA solutions&quot; checkbox so that the
+captcha can be displayed in any client. If you do not disable this option then you
+must specify the domains of every client that is allowed to display the CAPTCHA.</li>
+</ol>
+<h2 id="configuring-ip-used-for-auth"><a class="header" href="#configuring-ip-used-for-auth">Configuring IP used for auth</a></h2>
+<p>The reCAPTCHA API requires that the IP address of the user who solved the
+CAPTCHA is sent. If the client is connecting through a proxy or load balancer,
+it may be required to use the <code>X-Forwarded-For</code> (XFF) header instead of the origin
+IP address. This can be configured using the <code>x_forwarded</code> directive in the
+listeners section of the <code>homeserver.yaml</code> configuration file.</p>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="registering-an-application-service"><a class="header" href="#registering-an-application-service">Registering an Application Service</a></h1>
+<p>The registration of new application services depends on the homeserver used. 
+In synapse, you need to create a new configuration file for your AS and add it
+to the list specified under the <code>app_service_config_files</code> config
+option in your synapse config.</p>
+<p>For example:</p>
+<pre><code class="language-yaml">app_service_config_files:
+- /home/matrix/.synapse/&lt;your-AS&gt;.yaml
+</code></pre>
+<p>The format of the AS configuration file is as follows:</p>
+<pre><code class="language-yaml">url: &lt;base url of AS&gt;
+as_token: &lt;token AS will add to requests to HS&gt;
+hs_token: &lt;token HS will add to requests to AS&gt;
+sender_localpart: &lt;localpart of AS user&gt;
+namespaces:
+  users:  # List of users we're interested in
+    - exclusive: &lt;bool&gt;
+      regex: &lt;regex&gt;
+      group_id: &lt;group&gt;
+    - ...
+  aliases: []  # List of aliases we're interested in
+  rooms: [] # List of room ids we're interested in
+</code></pre>
+<p><code>exclusive</code>: If enabled, only this application service is allowed to register users in its namespace(s).
+<code>group_id</code>: All users of this application service are dynamically joined to this group. This is useful for e.g user organisation or flairs.</p>
+<p>See the <a href="https://matrix.org/docs/spec/application_service/unstable.html">spec</a> for further details on how application services work.</p>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="server-notices"><a class="header" href="#server-notices">Server Notices</a></h1>
+<p>'Server Notices' are a new feature introduced in Synapse 0.30. They provide a
+channel whereby server administrators can send messages to users on the server.</p>
+<p>They are used as part of communication of the server polices(see
+<a href="consent_tracking.html">consent_tracking.md</a>), however the intention is that
+they may also find a use for features such as &quot;Message of the day&quot;.</p>
+<p>This is a feature specific to Synapse, but it uses standard Matrix
+communication mechanisms, so should work with any Matrix client.</p>
+<h2 id="user-experience"><a class="header" href="#user-experience">User experience</a></h2>
+<p>When the user is first sent a server notice, they will get an invitation to a
+room (typically called 'Server Notices', though this is configurable in
+<code>homeserver.yaml</code>). They will be <strong>unable to reject</strong> this invitation -
+attempts to do so will receive an error.</p>
+<p>Once they accept the invitation, they will see the notice message in the room
+history; it will appear to have come from the 'server notices user' (see
+below).</p>
+<p>The user is prevented from sending any messages in this room by the power
+levels.</p>
+<p>Having joined the room, the user can leave the room if they want. Subsequent
+server notices will then cause a new room to be created.</p>
+<h2 id="synapse-configuration"><a class="header" href="#synapse-configuration">Synapse configuration</a></h2>
+<p>Server notices come from a specific user id on the server. Server
+administrators are free to choose the user id - something like <code>server</code> is
+suggested, meaning the notices will come from
+<code>@server:&lt;your_server_name&gt;</code>. Once the Server Notices user is configured, that
+user id becomes a special, privileged user, so administrators should ensure
+that <strong>it is not already allocated</strong>.</p>
+<p>In order to support server notices, it is necessary to add some configuration
+to the <code>homeserver.yaml</code> file. In particular, you should add a <code>server_notices</code>
+section, which should look like this:</p>
+<pre><code class="language-yaml">server_notices:
+   system_mxid_localpart: server
+   system_mxid_display_name: &quot;Server Notices&quot;
+   system_mxid_avatar_url: &quot;mxc://server.com/oumMVlgDnLYFaPVkExemNVVZ&quot;
+   room_name: &quot;Server Notices&quot;
+</code></pre>
+<p>The only compulsory setting is <code>system_mxid_localpart</code>, which defines the user
+id of the Server Notices user, as above. <code>room_name</code> defines the name of the
+room which will be created.</p>
+<p><code>system_mxid_display_name</code> and <code>system_mxid_avatar_url</code> can be used to set the
+displayname and avatar of the Server Notices user.</p>
+<h2 id="sending-notices"><a class="header" href="#sending-notices">Sending notices</a></h2>
+<p>To send server notices to users you can use the
+<a href="admin_api/server_notices.html">admin_api</a>.</p>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="support-in-synapse-for-tracking-agreement-to-server-terms-and-conditions"><a class="header" href="#support-in-synapse-for-tracking-agreement-to-server-terms-and-conditions">Support in Synapse for tracking agreement to server terms and conditions</a></h1>
+<p>Synapse 0.30 introduces support for tracking whether users have agreed to the
+terms and conditions set by the administrator of a server - and blocking access
+to the server until they have.</p>
+<p>There are several parts to this functionality; each requires some specific
+configuration in <code>homeserver.yaml</code> to be enabled.</p>
+<p>Note that various parts of the configuation and this document refer to the
+&quot;privacy policy&quot;: agreement with a privacy policy is one particular use of this
+feature, but of course adminstrators can specify other terms and conditions
+unrelated to &quot;privacy&quot; per se.</p>
+<h2 id="collecting-policy-agreement-from-a-user"><a class="header" href="#collecting-policy-agreement-from-a-user">Collecting policy agreement from a user</a></h2>
+<p>Synapse can be configured to serve the user a simple policy form with an
+&quot;accept&quot; button. Clicking &quot;Accept&quot; records the user's acceptance in the
+database and shows a success page.</p>
+<p>To enable this, first create templates for the policy and success pages.
+These should be stored on the local filesystem.</p>
+<p>These templates use the <a href="http://jinja.pocoo.org">Jinja2</a> templating language,
+and <a href="https://github.com/matrix-org/synapse/tree/develop/docs/privacy_policy_templates/">docs/privacy_policy_templates</a>
+gives examples of the sort of thing that can be done.</p>
+<p>Note that the templates must be stored under a name giving the language of the
+template - currently this must always be <code>en</code> (for &quot;English&quot;);
+internationalisation support is intended for the future.</p>
+<p>The template for the policy itself should be versioned and named according to
+the version: for example <code>1.0.html</code>. The version of the policy which the user
+has agreed to is stored in the database.</p>
+<p>Once the templates are in place, make the following changes to <code>homeserver.yaml</code>:</p>
+<ol>
+<li>
+<p>Add a <code>user_consent</code> section, which should look like:</p>
+<pre><code class="language-yaml">user_consent:
+  template_dir: privacy_policy_templates
+  version: 1.0
+</code></pre>
+<p><code>template_dir</code> points to the directory containing the policy
+templates. <code>version</code> defines the version of the policy which will be served
+to the user. In the example above, Synapse will serve
+<code>privacy_policy_templates/en/1.0.html</code>.</p>
+</li>
+<li>
+<p>Add a <code>form_secret</code> setting at the top level:</p>
+<pre><code class="language-yaml">form_secret: &quot;&lt;unique secret&gt;&quot;
+</code></pre>
+<p>This should be set to an arbitrary secret string (try <code>pwgen -y 30</code> to
+generate suitable secrets).</p>
+<p>More on what this is used for below.</p>
+</li>
+<li>
+<p>Add <code>consent</code> wherever the <code>client</code> resource is currently enabled in the
+<code>listeners</code> configuration. For example:</p>
+<pre><code class="language-yaml">listeners:
+  - port: 8008
+    resources:
+      - names:
+        - client
+        - consent
+</code></pre>
+</li>
+</ol>
+<p>Finally, ensure that <code>jinja2</code> is installed. If you are using a virtualenv, this
+should be a matter of <code>pip install Jinja2</code>. On debian, try <code>apt-get install python-jinja2</code>.</p>
+<p>Once this is complete, and the server has been restarted, try visiting
+<code>https://&lt;server&gt;/_matrix/consent</code>. If correctly configured, this should give
+an error &quot;Missing string query parameter 'u'&quot;. It is now possible to manually
+construct URIs where users can give their consent.</p>
+<h3 id="enabling-consent-tracking-at-registration"><a class="header" href="#enabling-consent-tracking-at-registration">Enabling consent tracking at registration</a></h3>
+<ol>
+<li>
+<p>Add the following to your configuration:</p>
+<pre><code class="language-yaml">user_consent:
+  require_at_registration: true
+  policy_name: &quot;Privacy Policy&quot; # or whatever you'd like to call the policy
+</code></pre>
+</li>
+<li>
+<p>In your consent templates, make use of the <code>public_version</code> variable to
+see if an unauthenticated user is viewing the page. This is typically
+wrapped around the form that would be used to actually agree to the document:</p>
+<pre><code>{% if not public_version %}
+  &lt;!-- The variables used here are only provided when the 'u' param is given to the homeserver --&gt;
+  &lt;form method=&quot;post&quot; action=&quot;consent&quot;&gt;
+    &lt;input type=&quot;hidden&quot; name=&quot;v&quot; value=&quot;{{version}}&quot;/&gt;
+    &lt;input type=&quot;hidden&quot; name=&quot;u&quot; value=&quot;{{user}}&quot;/&gt;
+    &lt;input type=&quot;hidden&quot; name=&quot;h&quot; value=&quot;{{userhmac}}&quot;/&gt;
+    &lt;input type=&quot;submit&quot; value=&quot;Sure thing!&quot;/&gt;
+  &lt;/form&gt;
+{% endif %}
+</code></pre>
+</li>
+<li>
+<p>Restart Synapse to apply the changes.</p>
+</li>
+</ol>
+<p>Visiting <code>https://&lt;server&gt;/_matrix/consent</code> should now give you a view of the privacy
+document. This is what users will be able to see when registering for accounts.</p>
+<h3 id="constructing-the-consent-uri"><a class="header" href="#constructing-the-consent-uri">Constructing the consent URI</a></h3>
+<p>It may be useful to manually construct the &quot;consent URI&quot; for a given user - for
+instance, in order to send them an email asking them to consent. To do this,
+take the base <code>https://&lt;server&gt;/_matrix/consent</code> URL and add the following
+query parameters:</p>
+<ul>
+<li>
+<p><code>u</code>: the user id of the user. This can either be a full MXID
+(<code>@user:server.com</code>) or just the localpart (<code>user</code>).</p>
+</li>
+<li>
+<p><code>h</code>: hex-encoded HMAC-SHA256 of <code>u</code> using the <code>form_secret</code> as a key. It is
+possible to calculate this on the commandline with something like:</p>
+<pre><code class="language-bash">echo -n '&lt;user&gt;' | openssl sha256 -hmac '&lt;form_secret&gt;'
+</code></pre>
+<p>This should result in a URI which looks something like:
+<code>https://&lt;server&gt;/_matrix/consent?u=&lt;user&gt;&amp;h=68a152465a4d...</code>.</p>
+</li>
+</ul>
+<p>Note that not providing a <code>u</code> parameter will be interpreted as wanting to view
+the document from an unauthenticated perspective, such as prior to registration.
+Therefore, the <code>h</code> parameter is not required in this scenario. To enable this
+behaviour, set <code>require_at_registration</code> to <code>true</code> in your <code>user_consent</code> config.</p>
+<h2 id="sending-users-a-server-notice-asking-them-to-agree-to-the-policy"><a class="header" href="#sending-users-a-server-notice-asking-them-to-agree-to-the-policy">Sending users a server notice asking them to agree to the policy</a></h2>
+<p>It is possible to configure Synapse to send a <a href="server_notices.html">server
+notice</a> to anybody who has not yet agreed to the current
+version of the policy. To do so:</p>
+<ul>
+<li>
+<p>ensure that the consent resource is configured, as in the previous section</p>
+</li>
+<li>
+<p>ensure that server notices are configured, as in <a href="server_notices.html">server_notices.md</a>.</p>
+</li>
+<li>
+<p>Add <code>server_notice_content</code> under <code>user_consent</code> in <code>homeserver.yaml</code>. For
+example:</p>
+<pre><code class="language-yaml">user_consent:
+  server_notice_content:
+    msgtype: m.text
+    body: &gt;-
+      Please give your consent to the privacy policy at %(consent_uri)s.
+</code></pre>
+<p>Synapse automatically replaces the placeholder <code>%(consent_uri)s</code> with the
+consent uri for that user.</p>
+</li>
+<li>
+<p>ensure that <code>public_baseurl</code> is set in <code>homeserver.yaml</code>, and gives the base
+URI that clients use to connect to the server. (It is used to construct
+<code>consent_uri</code> in the server notice.)</p>
+</li>
+</ul>
+<h2 id="blocking-users-from-using-the-server-until-they-agree-to-the-policy"><a class="header" href="#blocking-users-from-using-the-server-until-they-agree-to-the-policy">Blocking users from using the server until they agree to the policy</a></h2>
+<p>Synapse can be configured to block any attempts to join rooms or send messages
+until the user has given their agreement to the policy. (Joining the server
+notices room is exempted from this).</p>
+<p>To enable this, add <code>block_events_error</code> under <code>user_consent</code>. For example:</p>
+<pre><code class="language-yaml">user_consent:
+  block_events_error: &gt;-
+    You can't send any messages until you consent to the privacy policy at
+    %(consent_uri)s.
+</code></pre>
+<p>Synapse automatically replaces the placeholder <code>%(consent_uri)s</code> with the
+consent uri for that user.</p>
+<p>ensure that <code>public_baseurl</code> is set in <code>homeserver.yaml</code>, and gives the base
+URI that clients use to connect to the server. (It is used to construct
+<code>consent_uri</code> in the error.)</p>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="url-previews-1"><a class="header" href="#url-previews-1">URL Previews</a></h1>
+<p>Design notes on a URL previewing service for Matrix:</p>
+<p>Options are:</p>
+<ol>
+<li>Have an AS which listens for URLs, downloads them, and inserts an event that describes their metadata.</li>
+</ol>
+<ul>
+<li>Pros:
+<ul>
+<li>Decouples the implementation entirely from Synapse.</li>
+<li>Uses existing Matrix events &amp; content repo to store the metadata.</li>
+</ul>
+</li>
+<li>Cons:
+<ul>
+<li>Which AS should provide this service for a room, and why should you trust it?</li>
+<li>Doesn't work well with E2E; you'd have to cut the AS into every room</li>
+<li>the AS would end up subscribing to every room anyway.</li>
+</ul>
+</li>
+</ul>
+<ol start="2">
+<li>Have a generic preview API (nothing to do with Matrix) that provides a previewing service:</li>
+</ol>
+<ul>
+<li>Pros:
+<ul>
+<li>Simple and flexible; can be used by any clients at any point</li>
+</ul>
+</li>
+<li>Cons:
+<ul>
+<li>If each HS provides one of these independently, all the HSes in a room may needlessly DoS the target URI</li>
+<li>We need somewhere to store the URL metadata rather than just using Matrix itself</li>
+<li>We can't piggyback on matrix to distribute the metadata between HSes.</li>
+</ul>
+</li>
+</ul>
+<ol start="3">
+<li>Make the synapse of the sending user responsible for spidering the URL and inserting an event asynchronously which describes the metadata.</li>
+</ol>
+<ul>
+<li>Pros:
+<ul>
+<li>Works transparently for all clients</li>
+<li>Piggy-backs nicely on using Matrix for distributing the metadata.</li>
+<li>No confusion as to which AS</li>
+</ul>
+</li>
+<li>Cons:
+<ul>
+<li>Doesn't work with E2E</li>
+<li>We might want to decouple the implementation of the spider from the HS, given spider behaviour can be quite complicated and evolve much more rapidly than the HS.  It's more like a bot than a core part of the server.</li>
+</ul>
+</li>
+</ul>
+<ol start="4">
+<li>Make the sending client use the preview API and insert the event itself when successful.</li>
+</ol>
+<ul>
+<li>Pros:
+<ul>
+<li>Works well with E2E</li>
+<li>No custom server functionality</li>
+<li>Lets the client customise the preview that they send (like on FB)</li>
+</ul>
+</li>
+<li>Cons:
+<ul>
+<li>Entirely specific to the sending client, whereas it'd be nice if /any/ URL was correctly previewed if clients support it.</li>
+</ul>
+</li>
+</ul>
+<ol start="5">
+<li>Have the option of specifying a shared (centralised) previewing service used by a room, to avoid all the different HSes in the room DoSing the target.</li>
+</ol>
+<p>Best solution is probably a combination of both 2 and 4.</p>
+<ul>
+<li>Sending clients do their best to create and send a preview at the point of sending the message, perhaps delaying the message until the preview is computed?  (This also lets the user validate the preview before sending)</li>
+<li>Receiving clients have the option of going and creating their own preview if one doesn't arrive soon enough (or if the original sender didn't create one)</li>
+</ul>
+<p>This is a bit magical though in that the preview could come from two entirely different sources - the sending HS or your local one.  However, this can always be exposed to users: &quot;Generate your own URL previews if none are available?&quot;</p>
+<p>This is tantamount also to senders calculating their own thumbnails for sending in advance of the main content - we are trusting the sender not to lie about the content in the thumbnail.  Whereas currently thumbnails are calculated by the receiving homeserver to avoid this attack.</p>
+<p>However, this kind of phishing attack does exist whether we let senders pick their thumbnails or not, in that a malicious sender can send normal text messages around the attachment claiming it to be legitimate.  We could rely on (future) reputation/abuse management to punish users who phish (be it with bogus metadata or bogus descriptions).   Bogus metadata is particularly bad though, especially if it's avoidable.</p>
+<p>As a first cut, let's do #2 and have the receiver hit the API to calculate its own previews (as it does currently for image thumbnails).  We can then extend/optimise this to option 4 as a special extra if needed.</p>
+<h2 id="api"><a class="header" href="#api">API</a></h2>
+<pre><code>GET /_matrix/media/r0/preview_url?url=http://wherever.com
+200 OK
+{
+    &quot;og:type&quot;        : &quot;article&quot;
+    &quot;og:url&quot;         : &quot;https://twitter.com/matrixdotorg/status/684074366691356672&quot;
+    &quot;og:title&quot;       : &quot;Matrix on Twitter&quot;
+    &quot;og:image&quot;       : &quot;https://pbs.twimg.com/profile_images/500400952029888512/yI0qtFi7_400x400.png&quot;
+    &quot;og:description&quot; : &quot;“Synapse 0.12 is out! Lots of polishing, performance &amp;amp;amp; bugfixes: /sync API, /r0 prefix, fulltext search, 3PID invites https://t.co/5alhXLLEGP”&quot;
+    &quot;og:site_name&quot;   : &quot;Twitter&quot;
+}
+</code></pre>
+<ul>
+<li>Downloads the URL
+<ul>
+<li>If HTML, just stores it in RAM and parses it for OG meta tags
+<ul>
+<li>Download any media OG meta tags to the media repo, and refer to them in the OG via mxc:// URIs.</li>
+</ul>
+</li>
+<li>If a media filetype we know we can thumbnail: store it on disk, and hand it to the thumbnailer. Generate OG meta tags from the thumbnailer contents.</li>
+<li>Otherwise, don't bother downloading further.</li>
+</ul>
+</li>
+</ul>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="user-directory-api-implementation"><a class="header" href="#user-directory-api-implementation">User Directory API Implementation</a></h1>
+<p>The user directory is currently maintained based on the 'visible' users
+on this particular server - i.e. ones which your account shares a room with, or
+who are present in a publicly viewable room present on the server.</p>
+<p>The directory info is stored in various tables, which can (typically after
+DB corruption) get stale or out of sync.  If this happens, for now the
+solution to fix it is to execute the SQL <a href="https://github.com/matrix-org/synapse/blob/master/synapse/storage/schema/main/delta/53/user_dir_populate.sql">here</a>
+and then restart synapse. This should then start a background task to
+flush the current tables and regenerate the directory.</p>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="message-retention-policies"><a class="header" href="#message-retention-policies">Message retention policies</a></h1>
+<p>Synapse admins can enable support for message retention policies on
+their homeserver. Message retention policies exist at a room level,
+follow the semantics described in
+<a href="https://github.com/matrix-org/matrix-doc/blob/matthew/msc1763/proposals/1763-configurable-retention-periods.md">MSC1763</a>,
+and allow server and room admins to configure how long messages should
+be kept in a homeserver's database before being purged from it.
+<strong>Please note that, as this feature isn't part of the Matrix
+specification yet, this implementation is to be considered as
+experimental.</strong> </p>
+<p>A message retention policy is mainly defined by its <code>max_lifetime</code>
+parameter, which defines how long a message can be kept around after
+it was sent to the room. If a room doesn't have a message retention
+policy, and there's no default one for a given server, then no message
+sent in that room is ever purged on that server.</p>
+<p>MSC1763 also specifies semantics for a <code>min_lifetime</code> parameter which
+defines the amount of time after which an event <em>can</em> get purged (after
+it was sent to the room), but Synapse doesn't currently support it
+beyond registering it.</p>
+<p>Both <code>max_lifetime</code> and <code>min_lifetime</code> are optional parameters.</p>
+<p>Note that message retention policies don't apply to state events.</p>
+<p>Once an event reaches its expiry date (defined as the time it was sent
+plus the value for <code>max_lifetime</code> in the room), two things happen:</p>
+<ul>
+<li>Synapse stops serving the event to clients via any endpoint.</li>
+<li>The message gets picked up by the next purge job (see the &quot;Purge jobs&quot;
+section) and is removed from Synapse's database.</li>
+</ul>
+<p>Since purge jobs don't run continuously, this means that an event might
+stay in a server's database for longer than the value for <code>max_lifetime</code>
+in the room would allow, though hidden from clients.</p>
+<p>Similarly, if a server (with support for message retention policies
+enabled) receives from another server an event that should have been
+purged according to its room's policy, then the receiving server will
+process and store that event until it's picked up by the next purge job,
+though it will always hide it from clients.</p>
+<p>Synapse requires at least one message in each room, so it will never
+delete the last message in a room. It will, however, hide it from
+clients.</p>
+<h2 id="server-configuration"><a class="header" href="#server-configuration">Server configuration</a></h2>
+<p>Support for this feature can be enabled and configured in the
+<code>retention</code> section of the Synapse configuration file (see the
+<a href="https://github.com/matrix-org/synapse/blob/v1.36.0/docs/sample_config.yaml#L451-L518">sample file</a>).</p>
+<p>To enable support for message retention policies, set the setting
+<code>enabled</code> in this section to <code>true</code>.</p>
+<h3 id="default-policy"><a class="header" href="#default-policy">Default policy</a></h3>
+<p>A default message retention policy is a policy defined in Synapse's
+configuration that is used by Synapse for every room that doesn't have a
+message retention policy configured in its state. This allows server
+admins to ensure that messages are never kept indefinitely in a server's
+database. </p>
+<p>A default policy can be defined as such, in the <code>retention</code> section of
+the configuration file:</p>
+<pre><code class="language-yaml">  default_policy:
+    min_lifetime: 1d
+    max_lifetime: 1y
+</code></pre>
+<p>Here, <code>min_lifetime</code> and <code>max_lifetime</code> have the same meaning and level
+of support as previously described. They can be expressed either as a
+duration (using the units <code>s</code> (seconds), <code>m</code> (minutes), <code>h</code> (hours),
+<code>d</code> (days), <code>w</code> (weeks) and <code>y</code> (years)) or as a number of milliseconds.</p>
+<h3 id="purge-jobs"><a class="header" href="#purge-jobs">Purge jobs</a></h3>
+<p>Purge jobs are the jobs that Synapse runs in the background to purge
+expired events from the database. They are only run if support for
+message retention policies is enabled in the server's configuration. If
+no configuration for purge jobs is configured by the server admin,
+Synapse will use a default configuration, which is described in the
+<a href="https://github.com/matrix-org/synapse/blob/v1.36.0/docs/sample_config.yaml#L451-L518">sample configuration file</a>.</p>
+<p>Some server admins might want a finer control on when events are removed
+depending on an event's room's policy. This can be done by setting the
+<code>purge_jobs</code> sub-section in the <code>retention</code> section of the configuration
+file. An example of such configuration could be:</p>
+<pre><code class="language-yaml">  purge_jobs:
+    - longest_max_lifetime: 3d
+      interval: 12h
+    - shortest_max_lifetime: 3d
+      longest_max_lifetime: 1w
+      interval: 1d
+    - shortest_max_lifetime: 1w
+      interval: 2d
+</code></pre>
+<p>In this example, we define three jobs:</p>
+<ul>
+<li>one that runs twice a day (every 12 hours) and purges events in rooms
+which policy's <code>max_lifetime</code> is lower or equal to 3 days.</li>
+<li>one that runs once a day and purges events in rooms which policy's
+<code>max_lifetime</code> is between 3 days and a week.</li>
+<li>one that runs once every 2 days and purges events in rooms which
+policy's <code>max_lifetime</code> is greater than a week.</li>
+</ul>
+<p>Note that this example is tailored to show different configurations and
+features slightly more jobs than it's probably necessary (in practice, a
+server admin would probably consider it better to replace the two last
+jobs with one that runs once a day and handles rooms which which
+policy's <code>max_lifetime</code> is greater than 3 days).</p>
+<p>Keep in mind, when configuring these jobs, that a purge job can become
+quite heavy on the server if it targets many rooms, therefore prefer
+having jobs with a low interval that target a limited set of rooms. Also
+make sure to include a job with no minimum and one with no maximum to
+make sure your configuration handles every policy.</p>
+<p>As previously mentioned in this documentation, while a purge job that
+runs e.g. every day means that an expired event might stay in the
+database for up to a day after its expiry, Synapse hides expired events
+from clients as soon as they expire, so the event is not visible to
+local users between its expiry date and the moment it gets purged from
+the server's database.</p>
+<h3 id="lifetime-limits"><a class="header" href="#lifetime-limits">Lifetime limits</a></h3>
+<p>Server admins can set limits on the values of <code>max_lifetime</code> to use when
+purging old events in a room. These limits can be defined as such in the
+<code>retention</code> section of the configuration file:</p>
+<pre><code class="language-yaml">  allowed_lifetime_min: 1d
+  allowed_lifetime_max: 1y
+</code></pre>
+<p>The limits are considered when running purge jobs. If necessary, the
+effective value of <code>max_lifetime</code> will be brought between
+<code>allowed_lifetime_min</code> and <code>allowed_lifetime_max</code> (inclusive).
+This means that, if the value of <code>max_lifetime</code> defined in the room's state
+is lower than <code>allowed_lifetime_min</code>, the value of <code>allowed_lifetime_min</code>
+will be used instead. Likewise, if the value of <code>max_lifetime</code> is higher
+than <code>allowed_lifetime_max</code>, the value of <code>allowed_lifetime_max</code> will be
+used instead.</p>
+<p>In the example above, we ensure Synapse never deletes events that are less
+than one day old, and that it always deletes events that are over a year
+old.</p>
+<p>If a default policy is set, and its <code>max_lifetime</code> value is lower than
+<code>allowed_lifetime_min</code> or higher than <code>allowed_lifetime_max</code>, the same
+process applies.</p>
+<p>Both parameters are optional; if one is omitted Synapse won't use it to
+adjust the effective value of <code>max_lifetime</code>.</p>
+<p>Like other settings in this section, these parameters can be expressed
+either as a duration or as a number of milliseconds.</p>
+<h2 id="room-configuration"><a class="header" href="#room-configuration">Room configuration</a></h2>
+<p>To configure a room's message retention policy, a room's admin or
+moderator needs to send a state event in that room with the type
+<code>m.room.retention</code> and the following content:</p>
+<pre><code class="language-json">{
+    &quot;max_lifetime&quot;: ...
+}
+</code></pre>
+<p>In this event's content, the <code>max_lifetime</code> parameter has the same
+meaning as previously described, and needs to be expressed in
+milliseconds. The event's content can also include a <code>min_lifetime</code>
+parameter, which has the same meaning and limited support as previously
+described.</p>
+<p>Note that over every server in the room, only the ones with support for
+message retention policies will actually remove expired events. This
+support is currently not enabled by default in Synapse.</p>
+<h2 id="note-on-reclaiming-disk-space"><a class="header" href="#note-on-reclaiming-disk-space">Note on reclaiming disk space</a></h2>
+<p>While purge jobs actually delete data from the database, the disk space
+used by the database might not decrease immediately on the database's
+host. However, even though the database engine won't free up the disk
+space, it will start writing new data into where the purged data was.</p>
+<p>If you want to reclaim the freed disk space anyway and return it to the
+operating system, the server admin needs to run <code>VACUUM FULL;</code> (or
+<code>VACUUM;</code> for SQLite databases) on Synapse's database (see the related
+<a href="https://www.postgresql.org/docs/current/sql-vacuum.html">PostgreSQL documentation</a>).</p>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="modules"><a class="header" href="#modules">Modules</a></h1>
+<p>Synapse supports extending its functionality by configuring external modules.</p>
+<h2 id="using-modules"><a class="header" href="#using-modules">Using modules</a></h2>
+<p>To use a module on Synapse, add it to the <code>modules</code> section of the configuration file:</p>
+<pre><code class="language-yaml">modules:
+  - module: my_super_module.MySuperClass
+    config:
+      do_thing: true
+  - module: my_other_super_module.SomeClass
+    config: {}
+</code></pre>
+<p>Each module is defined by a path to a Python class as well as a configuration. This
+information for a given module should be available in the module's own documentation.</p>
+<p><strong>Note</strong>: When using third-party modules, you effectively allow someone else to run
+custom code on your Synapse homeserver. Server admins are encouraged to verify the
+provenance of the modules they use on their homeserver and make sure the modules aren't
+running malicious code on their instance.</p>
+<p>Also note that we are currently in the process of migrating module interfaces to this
+system. While some interfaces might be compatible with it, others still require
+configuring modules in another part of Synapse's configuration file. Currently, only the
+spam checker interface is compatible with this new system.</p>
+<h2 id="writing-a-module"><a class="header" href="#writing-a-module">Writing a module</a></h2>
+<p>A module is a Python class that uses Synapse's module API to interact with the
+homeserver. It can register callbacks that Synapse will call on specific operations, as
+well as web resources to attach to Synapse's web server.</p>
+<p>When instantiated, a module is given its parsed configuration as well as an instance of
+the <code>synapse.module_api.ModuleApi</code> class. The configuration is a dictionary, and is
+either the output of the module's <code>parse_config</code> static method (see below), or the
+configuration associated with the module in Synapse's configuration file.</p>
+<p>See the documentation for the <code>ModuleApi</code> class
+<a href="https://github.com/matrix-org/synapse/blob/master/synapse/module_api/__init__.py">here</a>.</p>
+<h3 id="handling-the-modules-configuration"><a class="header" href="#handling-the-modules-configuration">Handling the module's configuration</a></h3>
+<p>A module can implement the following static method:</p>
+<pre><code class="language-python">@staticmethod
+def parse_config(config: dict) -&gt; dict
+</code></pre>
+<p>This method is given a dictionary resulting from parsing the YAML configuration for the
+module. It may modify it (for example by parsing durations expressed as strings (e.g.
+&quot;5d&quot;) into milliseconds, etc.), and return the modified dictionary. It may also verify
+that the configuration is correct, and raise an instance of
+<code>synapse.module_api.errors.ConfigError</code> if not.</p>
+<h3 id="registering-a-web-resource"><a class="header" href="#registering-a-web-resource">Registering a web resource</a></h3>
+<p>Modules can register web resources onto Synapse's web server using the following module
+API method:</p>
+<pre><code class="language-python">def ModuleApi.register_web_resource(path: str, resource: IResource)
+</code></pre>
+<p>The path is the full absolute path to register the resource at. For example, if you
+register a resource for the path <code>/_synapse/client/my_super_module/say_hello</code>, Synapse
+will serve it at <code>http(s)://[HS_URL]/_synapse/client/my_super_module/say_hello</code>. Note
+that Synapse does not allow registering resources for several sub-paths in the <code>/_matrix</code>
+namespace (such as anything under <code>/_matrix/client</code> for example). It is strongly
+recommended that modules register their web resources under the <code>/_synapse/client</code>
+namespace.</p>
+<p>The provided resource is a Python class that implements Twisted's <a href="https://twistedmatrix.com/documents/current/api/twisted.web.resource.IResource.html">IResource</a>
+interface (such as <a href="https://twistedmatrix.com/documents/current/api/twisted.web.resource.Resource.html">Resource</a>).</p>
+<p>Only one resource can be registered for a given path. If several modules attempt to
+register a resource for the same path, the module that appears first in Synapse's
+configuration file takes priority.</p>
+<p>Modules <strong>must</strong> register their web resources in their <code>__init__</code> method.</p>
+<h3 id="registering-a-callback"><a class="header" href="#registering-a-callback">Registering a callback</a></h3>
+<p>Modules can use Synapse's module API to register callbacks. Callbacks are functions that
+Synapse will call when performing specific actions. Callbacks must be asynchronous, and
+are split in categories. A single module may implement callbacks from multiple categories,
+and is under no obligation to implement all callbacks from the categories it registers
+callbacks for.</p>
+<h4 id="spam-checker-callbacks"><a class="header" href="#spam-checker-callbacks">Spam checker callbacks</a></h4>
+<p>To register one of the callbacks described in this section, a module needs to use the
+module API's <code>register_spam_checker_callbacks</code> method. The callback functions are passed
+to <code>register_spam_checker_callbacks</code> as keyword arguments, with the callback name as the
+argument name and the function as its value. This is demonstrated in the example below.</p>
+<p>The available spam checker callbacks are:</p>
+<pre><code class="language-python">async def check_event_for_spam(event: &quot;synapse.events.EventBase&quot;) -&gt; Union[bool, str]
+</code></pre>
+<p>Called when receiving an event from a client or via federation. The module can return
+either a <code>bool</code> to indicate whether the event must be rejected because of spam, or a <code>str</code>
+to indicate the event must be rejected because of spam and to give a rejection reason to
+forward to clients.</p>
+<pre><code class="language-python">async def user_may_invite(inviter: str, invitee: str, room_id: str) -&gt; bool
+</code></pre>
+<p>Called when processing an invitation. The module must return a <code>bool</code> indicating whether
+the inviter can invite the invitee to the given room. Both inviter and invitee are
+represented by their Matrix user ID (i.e. <code>@alice:example.com</code>).</p>
+<pre><code class="language-python">async def user_may_create_room(user: str) -&gt; bool
+</code></pre>
+<p>Called when processing a room creation request. The module must return a <code>bool</code> indicating
+whether the given user (represented by their Matrix user ID) is allowed to create a room.</p>
+<pre><code class="language-python">async def user_may_create_room_alias(user: str, room_alias: &quot;synapse.types.RoomAlias&quot;) -&gt; bool
+</code></pre>
+<p>Called when trying to associate an alias with an existing room. The module must return a
+<code>bool</code> indicating whether the given user (represented by their Matrix user ID) is allowed
+to set the given alias.</p>
+<pre><code class="language-python">async def user_may_publish_room(user: str, room_id: str) -&gt; bool
+</code></pre>
+<p>Called when trying to publish a room to the homeserver's public rooms directory. The
+module must return a <code>bool</code> indicating whether the given user (represented by their
+Matrix user ID) is allowed to publish the given room.</p>
+<pre><code class="language-python">async def check_username_for_spam(user_profile: Dict[str, str]) -&gt; bool
+</code></pre>
+<p>Called when computing search results in the user directory. The module must return a
+<code>bool</code> indicating whether the given user profile can appear in search results. The profile
+is represented as a dictionary with the following keys:</p>
+<ul>
+<li><code>user_id</code>: The Matrix ID for this user.</li>
+<li><code>display_name</code>: The user's display name.</li>
+<li><code>avatar_url</code>: The <code>mxc://</code> URL to the user's avatar.</li>
+</ul>
+<p>The module is given a copy of the original dictionary, so modifying it from within the
+module cannot modify a user's profile when included in user directory search results.</p>
+<pre><code class="language-python">async def check_registration_for_spam(
+    email_threepid: Optional[dict],
+    username: Optional[str],
+    request_info: Collection[Tuple[str, str]],
+    auth_provider_id: Optional[str] = None,
+) -&gt; &quot;synapse.spam_checker_api.RegistrationBehaviour&quot;
+</code></pre>
+<p>Called when registering a new user. The module must return a <code>RegistrationBehaviour</code>
+indicating whether the registration can go through or must be denied, or whether the user
+may be allowed to register but will be shadow banned.</p>
+<p>The arguments passed to this callback are:</p>
+<ul>
+<li><code>email_threepid</code>: The email address used for registering, if any.</li>
+<li><code>username</code>: The username the user would like to register. Can be <code>None</code>, meaning that
+Synapse will generate one later.</li>
+<li><code>request_info</code>: A collection of tuples, which first item is a user agent, and which
+second item is an IP address. These user agents and IP addresses are the ones that were
+used during the registration process.</li>
+<li><code>auth_provider_id</code>: The identifier of the SSO authentication provider, if any.</li>
+</ul>
+<pre><code class="language-python">async def check_media_file_for_spam(
+    file_wrapper: &quot;synapse.rest.media.v1.media_storage.ReadableFileWrapper&quot;,
+    file_info: &quot;synapse.rest.media.v1._base.FileInfo&quot;
+) -&gt; bool
+</code></pre>
+<p>Called when storing a local or remote file. The module must return a boolean indicating
+whether the given file can be stored in the homeserver's media store.</p>
+<h3 id="porting-an-existing-module-that-uses-the-old-interface"><a class="header" href="#porting-an-existing-module-that-uses-the-old-interface">Porting an existing module that uses the old interface</a></h3>
+<p>In order to port a module that uses Synapse's old module interface, its author needs to:</p>
+<ul>
+<li>ensure the module's callbacks are all asynchronous.</li>
+<li>register their callbacks using one or more of the <code>register_[...]_callbacks</code> methods
+from the <code>ModuleApi</code> class in the module's <code>__init__</code> method (see <a href="modules.html#registering-a-callback">this section</a>
+for more info).</li>
+</ul>
+<p>Additionally, if the module is packaged with an additional web resource, the module
+should register this resource in its <code>__init__</code> method using the <code>register_web_resource</code>
+method from the <code>ModuleApi</code> class (see <a href="modules.html#registering-a-web-resource">this section</a> for
+more info).</p>
+<p>The module's author should also update any example in the module's configuration to only
+use the new <code>modules</code> section in Synapse's configuration file (see <a href="modules.html#using-modules">this section</a>
+for more info).</p>
+<h3 id="example"><a class="header" href="#example">Example</a></h3>
+<p>The example below is a module that implements the spam checker callback
+<code>user_may_create_room</code> to deny room creation to user <code>@evilguy:example.com</code>, and registers
+a web resource to the path <code>/_synapse/client/demo/hello</code> that returns a JSON object.</p>
+<pre><code class="language-python">import json
+
+from twisted.web.resource import Resource
+from twisted.web.server import Request
+
+from synapse.module_api import ModuleApi
+
+
+class DemoResource(Resource):
+    def __init__(self, config):
+        super(DemoResource, self).__init__()
+        self.config = config
+
+    def render_GET(self, request: Request):
+        name = request.args.get(b&quot;name&quot;)[0]
+        request.setHeader(b&quot;Content-Type&quot;, b&quot;application/json&quot;)
+        return json.dumps({&quot;hello&quot;: name})
+
+
+class DemoModule:
+    def __init__(self, config: dict, api: ModuleApi):
+        self.config = config
+        self.api = api
+
+        self.api.register_web_resource(
+            path=&quot;/_synapse/client/demo/hello&quot;,
+            resource=DemoResource(self.config),
+        )
+
+        self.api.register_spam_checker_callbacks(
+            user_may_create_room=self.user_may_create_room,
+        )
+
+    @staticmethod
+    def parse_config(config):
+        return config
+
+    async def user_may_create_room(self, user: str) -&gt; bool:
+        if user == &quot;@evilguy:example.com&quot;:
+            return False
+
+        return True
+</code></pre>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><p><strong>Note: this page of the Synapse documentation is now deprecated. For up to date
+documentation on setting up or writing a spam checker module, please see
+<a href="https://matrix-org.github.io/synapse/develop/modules.html">this page</a>.</strong></p>
+<h1 id="handling-spam-in-synapse"><a class="header" href="#handling-spam-in-synapse">Handling spam in Synapse</a></h1>
+<p>Synapse has support to customize spam checking behavior. It can plug into a
+variety of events and affect how they are presented to users on your homeserver.</p>
+<p>The spam checking behavior is implemented as a Python class, which must be
+able to be imported by the running Synapse.</p>
+<h2 id="python-spam-checker-class"><a class="header" href="#python-spam-checker-class">Python spam checker class</a></h2>
+<p>The Python class is instantiated with two objects:</p>
+<ul>
+<li>Any configuration (see below).</li>
+<li>An instance of <code>synapse.module_api.ModuleApi</code>.</li>
+</ul>
+<p>It then implements methods which return a boolean to alter behavior in Synapse.
+All the methods must be defined.</p>
+<p>There's a generic method for checking every event (<code>check_event_for_spam</code>), as
+well as some specific methods:</p>
+<ul>
+<li><code>user_may_invite</code></li>
+<li><code>user_may_create_room</code></li>
+<li><code>user_may_create_room_alias</code></li>
+<li><code>user_may_publish_room</code></li>
+<li><code>check_username_for_spam</code></li>
+<li><code>check_registration_for_spam</code></li>
+<li><code>check_media_file_for_spam</code></li>
+</ul>
+<p>The details of each of these methods (as well as their inputs and outputs)
+are documented in the <code>synapse.events.spamcheck.SpamChecker</code> class.</p>
+<p>The <code>ModuleApi</code> class provides a way for the custom spam checker class to
+call back into the homeserver internals.</p>
+<p>Additionally, a <code>parse_config</code> method is mandatory and receives the plugin config
+dictionary. After parsing, It must return an object which will be
+passed to <code>__init__</code> later.</p>
+<h3 id="example-1"><a class="header" href="#example-1">Example</a></h3>
+<pre><code class="language-python">from synapse.spam_checker_api import RegistrationBehaviour
+
+class ExampleSpamChecker:
+    def __init__(self, config, api):
+        self.config = config
+        self.api = api
+
+    @staticmethod
+    def parse_config(config):
+        return config
+        
+    async def check_event_for_spam(self, foo):
+        return False  # allow all events
+
+    async def user_may_invite(self, inviter_userid, invitee_userid, room_id):
+        return True  # allow all invites
+
+    async def user_may_create_room(self, userid):
+        return True  # allow all room creations
+
+    async def user_may_create_room_alias(self, userid, room_alias):
+        return True  # allow all room aliases
+
+    async def user_may_publish_room(self, userid, room_id):
+        return True  # allow publishing of all rooms
+
+    async def check_username_for_spam(self, user_profile):
+        return False  # allow all usernames
+
+    async def check_registration_for_spam(
+        self,
+        email_threepid,
+        username,
+        request_info,
+        auth_provider_id,
+    ):
+        return RegistrationBehaviour.ALLOW  # allow all registrations
+
+    async def check_media_file_for_spam(self, file_wrapper, file_info):
+        return False  # allow all media
+</code></pre>
+<h2 id="configuration-2"><a class="header" href="#configuration-2">Configuration</a></h2>
+<p>Modify the <code>spam_checker</code> section of your <code>homeserver.yaml</code> in the following
+manner:</p>
+<p>Create a list entry with the keys <code>module</code> and <code>config</code>.</p>
+<ul>
+<li>
+<p><code>module</code> should point to the fully qualified Python class that implements your
+custom logic, e.g. <code>my_module.ExampleSpamChecker</code>.</p>
+</li>
+<li>
+<p><code>config</code> is a dictionary that gets passed to the spam checker class.</p>
+</li>
+</ul>
+<h3 id="example-2"><a class="header" href="#example-2">Example</a></h3>
+<p>This section might look like:</p>
+<pre><code class="language-yaml">spam_checker:
+  - module: my_module.ExampleSpamChecker
+    config:
+      # Enable or disable a specific option in ExampleSpamChecker.
+      my_custom_option: true
+</code></pre>
+<p>More spam checkers can be added in tandem by appending more items to the list. An
+action is blocked when at least one of the configured spam checkers flags it.</p>
+<h2 id="examples"><a class="header" href="#examples">Examples</a></h2>
+<p>The <a href="https://github.com/matrix-org/mjolnir">Mjolnir</a> project is a full fledged
+example using the Synapse spam checking API, including a bot for dynamic
+configuration.</p>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="presence-router-module"><a class="header" href="#presence-router-module">Presence Router Module</a></h1>
+<p>Synapse supports configuring a module that can specify additional users
+(local or remote) to should receive certain presence updates from local
+users.</p>
+<p>Note that routing presence via Application Service transactions is not
+currently supported.</p>
+<p>The presence routing module is implemented as a Python class, which will
+be imported by the running Synapse.</p>
+<h2 id="python-presence-router-class"><a class="header" href="#python-presence-router-class">Python Presence Router Class</a></h2>
+<p>The Python class is instantiated with two objects:</p>
+<ul>
+<li>A configuration object of some type (see below).</li>
+<li>An instance of <code>synapse.module_api.ModuleApi</code>.</li>
+</ul>
+<p>It then implements methods related to presence routing.</p>
+<p>Note that one method of <code>ModuleApi</code> that may be useful is:</p>
+<pre><code class="language-python">async def ModuleApi.send_local_online_presence_to(users: Iterable[str]) -&gt; None
+</code></pre>
+<p>which can be given a list of local or remote MXIDs to broadcast known, online user
+presence to (for those users that the receiving user is considered interested in). 
+It does not include state for users who are currently offline, and it can only be
+called on workers that support sending federation. Additionally, this method must
+only be called from the process that has been configured to write to the
+the <a href="workers.html#stream-writers">presence stream</a>.
+By default, this is the main process, but another worker can be configured to do
+so.</p>
+<h3 id="module-structure"><a class="header" href="#module-structure">Module structure</a></h3>
+<p>Below is a list of possible methods that can be implemented, and whether they are
+required.</p>
+<h4 id="parse_config"><a class="header" href="#parse_config"><code>parse_config</code></a></h4>
+<pre><code class="language-python">def parse_config(config_dict: dict) -&gt; Any
+</code></pre>
+<p><strong>Required.</strong> A static method that is passed a dictionary of config options, and
+should return a validated config object. This method is described further in
+<a href="presence_router_module.html#configuration">Configuration</a>.</p>
+<h4 id="get_users_for_states"><a class="header" href="#get_users_for_states"><code>get_users_for_states</code></a></h4>
+<pre><code class="language-python">async def get_users_for_states(
+    self,
+    state_updates: Iterable[UserPresenceState],
+) -&gt; Dict[str, Set[UserPresenceState]]:
+</code></pre>
+<p><strong>Required.</strong> An asynchronous method that is passed an iterable of user presence
+state. This method can determine whether a given presence update should be sent to certain
+users. It does this by returning a dictionary with keys representing local or remote
+Matrix User IDs, and values being a python set
+of <code>synapse.handlers.presence.UserPresenceState</code> instances.</p>
+<p>Synapse will then attempt to send the specified presence updates to each user when
+possible.</p>
+<h4 id="get_interested_users"><a class="header" href="#get_interested_users"><code>get_interested_users</code></a></h4>
+<pre><code class="language-python">async def get_interested_users(self, user_id: str) -&gt; Union[Set[str], str]
+</code></pre>
+<p><strong>Required.</strong> An asynchronous method that is passed a single Matrix User ID. This
+method is expected to return the users that the passed in user may be interested in the
+presence of. Returned users may be local or remote. The presence routed as a result of
+what this method returns is sent in addition to the updates already sent between users
+that share a room together. Presence updates are deduplicated.</p>
+<p>This method should return a python set of Matrix User IDs, or the object
+<code>synapse.events.presence_router.PresenceRouter.ALL_USERS</code> to indicate that the passed
+user should receive presence information for <em>all</em> known users.</p>
+<p>For clarity, if the user <code>@alice:example.org</code> is passed to this method, and the Set
+<code>{&quot;@bob:example.com&quot;, &quot;@charlie:somewhere.org&quot;}</code> is returned, this signifies that Alice
+should receive presence updates sent by Bob and Charlie, regardless of whether these
+users share a room.</p>
+<h3 id="example-3"><a class="header" href="#example-3">Example</a></h3>
+<p>Below is an example implementation of a presence router class.</p>
+<pre><code class="language-python">from typing import Dict, Iterable, Set, Union
+from synapse.events.presence_router import PresenceRouter
+from synapse.handlers.presence import UserPresenceState
+from synapse.module_api import ModuleApi
+
+class PresenceRouterConfig:
+    def __init__(self):
+        # Config options with their defaults
+        # A list of users to always send all user presence updates to
+        self.always_send_to_users = []  # type: List[str]
+        
+        # A list of users to ignore presence updates for. Does not affect
+        # shared-room presence relationships
+        self.blacklisted_users = []  # type: List[str]
+
+class ExamplePresenceRouter:
+    &quot;&quot;&quot;An example implementation of synapse.presence_router.PresenceRouter.
+    Supports routing all presence to a configured set of users, or a subset
+    of presence from certain users to members of certain rooms.
+
+    Args:
+        config: A configuration object.
+        module_api: An instance of Synapse's ModuleApi.
+    &quot;&quot;&quot;
+    def __init__(self, config: PresenceRouterConfig, module_api: ModuleApi):
+        self._config = config
+        self._module_api = module_api
+
+    @staticmethod
+    def parse_config(config_dict: dict) -&gt; PresenceRouterConfig:
+        &quot;&quot;&quot;Parse a configuration dictionary from the homeserver config, do
+        some validation and return a typed PresenceRouterConfig.
+
+        Args:
+            config_dict: The configuration dictionary.
+
+        Returns:
+            A validated config object.
+        &quot;&quot;&quot;
+        # Initialise a typed config object
+        config = PresenceRouterConfig()
+        always_send_to_users = config_dict.get(&quot;always_send_to_users&quot;)
+        blacklisted_users = config_dict.get(&quot;blacklisted_users&quot;)
+
+        # Do some validation of config options... otherwise raise a
+        # synapse.config.ConfigError.
+        config.always_send_to_users = always_send_to_users
+        config.blacklisted_users = blacklisted_users
+
+        return config
+
+    async def get_users_for_states(
+        self,
+        state_updates: Iterable[UserPresenceState],
+    ) -&gt; Dict[str, Set[UserPresenceState]]:
+        &quot;&quot;&quot;Given an iterable of user presence updates, determine where each one
+        needs to go. Returned results will not affect presence updates that are
+        sent between users who share a room.
+
+        Args:
+            state_updates: An iterable of user presence state updates.
+
+        Returns:
+          A dictionary of user_id -&gt; set of UserPresenceState that the user should 
+          receive.
+        &quot;&quot;&quot;
+        destination_users = {}  # type: Dict[str, Set[UserPresenceState]
+
+        # Ignore any updates for blacklisted users
+        desired_updates = set()
+        for update in state_updates:
+            if update.state_key not in self._config.blacklisted_users:
+                desired_updates.add(update)
+
+        # Send all presence updates to specific users
+        for user_id in self._config.always_send_to_users:
+            destination_users[user_id] = desired_updates
+
+        return destination_users
+
+    async def get_interested_users(
+        self,
+        user_id: str,
+    ) -&gt; Union[Set[str], PresenceRouter.ALL_USERS]:
+        &quot;&quot;&quot;
+        Retrieve a list of users that `user_id` is interested in receiving the
+        presence of. This will be in addition to those they share a room with.
+        Optionally, the object PresenceRouter.ALL_USERS can be returned to indicate
+        that this user should receive all incoming local and remote presence updates.
+
+        Note that this method will only be called for local users.
+
+        Args:
+          user_id: A user requesting presence updates.
+
+        Returns:
+          A set of user IDs to return additional presence updates for, or
+          PresenceRouter.ALL_USERS to return presence updates for all other users.
+        &quot;&quot;&quot;
+        if user_id in self._config.always_send_to_users:
+            return PresenceRouter.ALL_USERS
+
+        return set()
+</code></pre>
+<h4 id="a-note-on-get_users_for_states-and-get_interested_users"><a class="header" href="#a-note-on-get_users_for_states-and-get_interested_users">A note on <code>get_users_for_states</code> and <code>get_interested_users</code></a></h4>
+<p>Both of these methods are effectively two different sides of the same coin. The logic
+regarding which users should receive updates for other users should be the same 
+between them.</p>
+<p><code>get_users_for_states</code> is called when presence updates come in from either federation 
+or local users, and is used to either direct local presence to remote users, or to
+wake up the sync streams of local users to collect remote presence.</p>
+<p>In contrast, <code>get_interested_users</code> is used to determine the users that presence should
+be fetched for when a local user is syncing. This presence is then retrieved, before
+being fed through <code>get_users_for_states</code> once again, with only the syncing user's
+routing information pulled from the resulting dictionary.</p>
+<p>Their routing logic should thus line up, else you may run into unintended behaviour.</p>
+<h2 id="configuration-3"><a class="header" href="#configuration-3">Configuration</a></h2>
+<p>Once you've crafted your module and installed it into the same Python environment as
+Synapse, amend your homeserver config file with the following.</p>
+<pre><code class="language-yaml">presence:
+  enabled: true
+
+  presence_router:
+    module: my_module.ExamplePresenceRouter
+    config:
+      # Any configuration options for your module. The below is an example.
+      # of setting options for ExamplePresenceRouter.
+      always_send_to_users: [&quot;@presence_gobbler:example.org&quot;]
+      blacklisted_users:
+        - &quot;@alice:example.com&quot;
+        - &quot;@bob:example.com&quot;
+      ...
+</code></pre>
+<p>The contents of <code>config</code> will be passed as a Python dictionary to the static
+<code>parse_config</code> method of your class. The object returned by this method will
+then be passed to the <code>__init__</code> method of your module as <code>config</code>.</p>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="scaling-synapse-via-workers"><a class="header" href="#scaling-synapse-via-workers">Scaling synapse via workers</a></h1>
+<p>For small instances it recommended to run Synapse in the default monolith mode.
+For larger instances where performance is a concern it can be helpful to split
+out functionality into multiple separate python processes. These processes are
+called 'workers', and are (eventually) intended to scale horizontally
+independently.</p>
+<p>Synapse's worker support is under active development and subject to change as
+we attempt to rapidly scale ever larger Synapse instances. However we are
+documenting it here to help admins needing a highly scalable Synapse instance
+similar to the one running <code>matrix.org</code>.</p>
+<p>All processes continue to share the same database instance, and as such,
+workers only work with PostgreSQL-based Synapse deployments. SQLite should only
+be used for demo purposes and any admin considering workers should already be
+running PostgreSQL.</p>
+<p>See also <a href="https://matrix.org/blog/2020/11/03/how-we-fixed-synapses-scalability">Matrix.org blog post</a>
+for a higher level overview.</p>
+<h2 id="main-processworker-communication"><a class="header" href="#main-processworker-communication">Main process/worker communication</a></h2>
+<p>The processes communicate with each other via a Synapse-specific protocol called
+'replication' (analogous to MySQL- or Postgres-style database replication) which
+feeds streams of newly written data between processes so they can be kept in
+sync with the database state.</p>
+<p>When configured to do so, Synapse uses a
+<a href="https://redis.io/topics/pubsub">Redis pub/sub channel</a> to send the replication
+stream between all configured Synapse processes. Additionally, processes may
+make HTTP requests to each other, primarily for operations which need to wait
+for a reply ─ such as sending an event.</p>
+<p>Redis support was added in v1.13.0 with it becoming the recommended method in
+v1.18.0. It replaced the old direct TCP connections (which is deprecated as of
+v1.18.0) to the main process. With Redis, rather than all the workers connecting
+to the main process, all the workers and the main process connect to Redis,
+which relays replication commands between processes. This can give a significant
+cpu saving on the main process and will be a prerequisite for upcoming
+performance improvements.</p>
+<p>If Redis support is enabled Synapse will use it as a shared cache, as well as a
+pub/sub mechanism.</p>
+<p>See the <a href="workers.html#architectural-diagram">Architectural diagram</a> section at the end for
+a visualisation of what this looks like.</p>
+<h2 id="setting-up-workers"><a class="header" href="#setting-up-workers">Setting up workers</a></h2>
+<p>A Redis server is required to manage the communication between the processes.
+The Redis server should be installed following the normal procedure for your
+distribution (e.g. <code>apt install redis-server</code> on Debian). It is safe to use an
+existing Redis deployment if you have one.</p>
+<p>Once installed, check that Redis is running and accessible from the host running
+Synapse, for example by executing <code>echo PING | nc -q1 localhost 6379</code> and seeing
+a response of <code>+PONG</code>.</p>
+<p>The appropriate dependencies must also be installed for Synapse. If using a
+virtualenv, these can be installed with:</p>
+<pre><code class="language-sh">pip install &quot;matrix-synapse[redis]&quot;
+</code></pre>
+<p>Note that these dependencies are included when synapse is installed with <code>pip install matrix-synapse[all]</code>. They are also included in the debian packages from
+<code>matrix.org</code> and in the docker images at
+https://hub.docker.com/r/matrixdotorg/synapse/.</p>
+<p>To make effective use of the workers, you will need to configure an HTTP
+reverse-proxy such as nginx or haproxy, which will direct incoming requests to
+the correct worker, or to the main synapse instance. See
+<a href="reverse_proxy.html">reverse_proxy.md</a> for information on setting up a reverse
+proxy.</p>
+<p>When using workers, each worker process has its own configuration file which
+contains settings specific to that worker, such as the HTTP listener that it
+provides (if any), logging configuration, etc.</p>
+<p>Normally, the worker processes are configured to read from a shared
+configuration file as well as the worker-specific configuration files. This
+makes it easier to keep common configuration settings synchronised across all
+the processes.</p>
+<p>The main process is somewhat special in this respect: it does not normally
+need its own configuration file and can take all of its configuration from the
+shared configuration file.</p>
+<h3 id="shared-configuration"><a class="header" href="#shared-configuration">Shared configuration</a></h3>
+<p>Normally, only a couple of changes are needed to make an existing configuration
+file suitable for use with workers. First, you need to enable an &quot;HTTP replication
+listener&quot; for the main process; and secondly, you need to enable redis-based
+replication. Optionally, a shared secret can be used to authenticate HTTP
+traffic between workers. For example:</p>
+<pre><code class="language-yaml"># extend the existing `listeners` section. This defines the ports that the
+# main process will listen on.
+listeners:
+  # The HTTP replication port
+  - port: 9093
+    bind_address: '127.0.0.1'
+    type: http
+    resources:
+     - names: [replication]
+
+# Add a random shared secret to authenticate traffic.
+worker_replication_secret: &quot;&quot;
+
+redis:
+    enabled: true
+</code></pre>
+<p>See the sample config for the full documentation of each option.</p>
+<p>Under <strong>no circumstances</strong> should the replication listener be exposed to the
+public internet; it has no authentication and is unencrypted.</p>
+<h3 id="worker-configuration"><a class="header" href="#worker-configuration">Worker configuration</a></h3>
+<p>In the config file for each worker, you must specify the type of worker
+application (<code>worker_app</code>), and you should specify a unique name for the worker
+(<code>worker_name</code>). The currently available worker applications are listed below.
+You must also specify the HTTP replication endpoint that it should talk to on
+the main synapse process.  <code>worker_replication_host</code> should specify the host of
+the main synapse and <code>worker_replication_http_port</code> should point to the HTTP
+replication port. If the worker will handle HTTP requests then the
+<code>worker_listeners</code> option should be set with a <code>http</code> listener, in the same way
+as the <code>listeners</code> option in the shared config.</p>
+<p>For example:</p>
+<pre><code class="language-yaml">worker_app: synapse.app.generic_worker
+worker_name: worker1
+
+# The replication listener on the main synapse process.
+worker_replication_host: 127.0.0.1
+worker_replication_http_port: 9093
+
+worker_listeners:
+ - type: http
+   port: 8083
+   resources:
+     - names:
+       - client
+       - federation
+
+worker_log_config: /home/matrix/synapse/config/worker1_log_config.yaml
+</code></pre>
+<p>...is a full configuration for a generic worker instance, which will expose a
+plain HTTP endpoint on port 8083 separately serving various endpoints, e.g.
+<code>/sync</code>, which are listed below.</p>
+<p>Obviously you should configure your reverse-proxy to route the relevant
+endpoints to the worker (<code>localhost:8083</code> in the above example).</p>
+<h3 id="running-synapse-with-workers"><a class="header" href="#running-synapse-with-workers">Running Synapse with workers</a></h3>
+<p>Finally, you need to start your worker processes. This can be done with either
+<code>synctl</code> or your distribution's preferred service manager such as <code>systemd</code>. We
+recommend the use of <code>systemd</code> where available: for information on setting up
+<code>systemd</code> to start synapse workers, see
+<a href="systemd-with-workers">systemd-with-workers</a>. To use <code>synctl</code>, see
+<a href="synctl_workers.html">synctl_workers.md</a>.</p>
+<h2 id="available-worker-applications"><a class="header" href="#available-worker-applications">Available worker applications</a></h2>
+<h3 id="synapseappgeneric_worker"><a class="header" href="#synapseappgeneric_worker"><code>synapse.app.generic_worker</code></a></h3>
+<p>This worker can handle API requests matching the following regular
+expressions:</p>
+<pre><code># Sync requests
+^/_matrix/client/(v2_alpha|r0)/sync$
+^/_matrix/client/(api/v1|v2_alpha|r0)/events$
+^/_matrix/client/(api/v1|r0)/initialSync$
+^/_matrix/client/(api/v1|r0)/rooms/[^/]+/initialSync$
+
+# Federation requests
+^/_matrix/federation/v1/event/
+^/_matrix/federation/v1/state/
+^/_matrix/federation/v1/state_ids/
+^/_matrix/federation/v1/backfill/
+^/_matrix/federation/v1/get_missing_events/
+^/_matrix/federation/v1/publicRooms
+^/_matrix/federation/v1/query/
+^/_matrix/federation/v1/make_join/
+^/_matrix/federation/v1/make_leave/
+^/_matrix/federation/v1/send_join/
+^/_matrix/federation/v2/send_join/
+^/_matrix/federation/v1/send_leave/
+^/_matrix/federation/v2/send_leave/
+^/_matrix/federation/v1/invite/
+^/_matrix/federation/v2/invite/
+^/_matrix/federation/v1/query_auth/
+^/_matrix/federation/v1/event_auth/
+^/_matrix/federation/v1/exchange_third_party_invite/
+^/_matrix/federation/v1/user/devices/
+^/_matrix/federation/v1/get_groups_publicised$
+^/_matrix/key/v2/query
+
+# Inbound federation transaction request
+^/_matrix/federation/v1/send/
+
+# Client API requests
+^/_matrix/client/(api/v1|r0|unstable)/publicRooms$
+^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/joined_members$
+^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/context/.*$
+^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/members$
+^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/state$
+^/_matrix/client/(api/v1|r0|unstable)/account/3pid$
+^/_matrix/client/(api/v1|r0|unstable)/devices$
+^/_matrix/client/(api/v1|r0|unstable)/keys/query$
+^/_matrix/client/(api/v1|r0|unstable)/keys/changes$
+^/_matrix/client/versions$
+^/_matrix/client/(api/v1|r0|unstable)/voip/turnServer$
+^/_matrix/client/(api/v1|r0|unstable)/joined_groups$
+^/_matrix/client/(api/v1|r0|unstable)/publicised_groups$
+^/_matrix/client/(api/v1|r0|unstable)/publicised_groups/
+^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/event/
+^/_matrix/client/(api/v1|r0|unstable)/joined_rooms$
+^/_matrix/client/(api/v1|r0|unstable)/search$
+
+# Registration/login requests
+^/_matrix/client/(api/v1|r0|unstable)/login$
+^/_matrix/client/(r0|unstable)/register$
+
+# Event sending requests
+^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/redact
+^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/send
+^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/state/
+^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$
+^/_matrix/client/(api/v1|r0|unstable)/join/
+^/_matrix/client/(api/v1|r0|unstable)/profile/
+</code></pre>
+<p>Additionally, the following REST endpoints can be handled for GET requests:</p>
+<pre><code>^/_matrix/federation/v1/groups/
+</code></pre>
+<p>Pagination requests can also be handled, but all requests for a given
+room must be routed to the same instance. Additionally, care must be taken to
+ensure that the purge history admin API is not used while pagination requests
+for the room are in flight:</p>
+<pre><code>^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/messages$
+</code></pre>
+<p>Additionally, the following endpoints should be included if Synapse is configured
+to use SSO (you only need to include the ones for whichever SSO provider you're
+using):</p>
+<pre><code># for all SSO providers
+^/_matrix/client/(api/v1|r0|unstable)/login/sso/redirect
+^/_synapse/client/pick_idp$
+^/_synapse/client/pick_username
+^/_synapse/client/new_user_consent$
+^/_synapse/client/sso_register$
+
+# OpenID Connect requests.
+^/_synapse/client/oidc/callback$
+
+# SAML requests.
+^/_synapse/client/saml2/authn_response$
+
+# CAS requests.
+^/_matrix/client/(api/v1|r0|unstable)/login/cas/ticket$
+</code></pre>
+<p>Ensure that all SSO logins go to a single process.
+For multiple workers not handling the SSO endpoints properly, see
+<a href="https://github.com/matrix-org/synapse/issues/7530">#7530</a> and
+<a href="https://github.com/matrix-org/synapse/issues/9427">#9427</a>.</p>
+<p>Note that a HTTP listener with <code>client</code> and <code>federation</code> resources must be
+configured in the <code>worker_listeners</code> option in the worker config.</p>
+<h4 id="load-balancing"><a class="header" href="#load-balancing">Load balancing</a></h4>
+<p>It is possible to run multiple instances of this worker app, with incoming requests
+being load-balanced between them by the reverse-proxy. However, different endpoints
+have different characteristics and so admins
+may wish to run multiple groups of workers handling different endpoints so that
+load balancing can be done in different ways.</p>
+<p>For <code>/sync</code> and <code>/initialSync</code> requests it will be more efficient if all
+requests from a particular user are routed to a single instance. Extracting a
+user ID from the access token or <code>Authorization</code> header is currently left as an
+exercise for the reader. Admins may additionally wish to separate out <code>/sync</code>
+requests that have a <code>since</code> query parameter from those that don't (and
+<code>/initialSync</code>), as requests that don't are known as &quot;initial sync&quot; that happens
+when a user logs in on a new device and can be <em>very</em> resource intensive, so
+isolating these requests will stop them from interfering with other users ongoing
+syncs.</p>
+<p>Federation and client requests can be balanced via simple round robin.</p>
+<p>The inbound federation transaction request <code>^/_matrix/federation/v1/send/</code>
+should be balanced by source IP so that transactions from the same remote server
+go to the same process.</p>
+<p>Registration/login requests can be handled separately purely to help ensure that
+unexpected load doesn't affect new logins and sign ups.</p>
+<p>Finally, event sending requests can be balanced by the room ID in the URI (or
+the full URI, or even just round robin), the room ID is the path component after
+<code>/rooms/</code>. If there is a large bridge connected that is sending or may send lots
+of events, then a dedicated set of workers can be provisioned to limit the
+effects of bursts of events from that bridge on events sent by normal users.</p>
+<h4 id="stream-writers"><a class="header" href="#stream-writers">Stream writers</a></h4>
+<p>Additionally, there is <em>experimental</em> support for moving writing of specific
+streams (such as events) off of the main process to a particular worker. (This
+is only supported with Redis-based replication.)</p>
+<p>Currently supported streams are <code>events</code> and <code>typing</code>.</p>
+<p>To enable this, the worker must have a HTTP replication listener configured,
+have a <code>worker_name</code> and be listed in the <code>instance_map</code> config. For example to
+move event persistence off to a dedicated worker, the shared configuration would
+include:</p>
+<pre><code class="language-yaml">instance_map:
+    event_persister1:
+        host: localhost
+        port: 8034
+
+stream_writers:
+    events: event_persister1
+</code></pre>
+<p>The <code>events</code> stream also experimentally supports having multiple writers, where
+work is sharded between them by room ID. Note that you <em>must</em> restart all worker
+instances when adding or removing event persisters. An example <code>stream_writers</code>
+configuration with multiple writers:</p>
+<pre><code class="language-yaml">stream_writers:
+    events:
+        - event_persister1
+        - event_persister2
+</code></pre>
+<h4 id="background-tasks"><a class="header" href="#background-tasks">Background tasks</a></h4>
+<p>There is also <em>experimental</em> support for moving background tasks to a separate
+worker. Background tasks are run periodically or started via replication. Exactly
+which tasks are configured to run depends on your Synapse configuration (e.g. if
+stats is enabled).</p>
+<p>To enable this, the worker must have a <code>worker_name</code> and can be configured to run
+background tasks. For example, to move background tasks to a dedicated worker,
+the shared configuration would include:</p>
+<pre><code class="language-yaml">run_background_tasks_on: background_worker
+</code></pre>
+<p>You might also wish to investigate the <code>update_user_directory</code> and
+<code>media_instance_running_background_jobs</code> settings.</p>
+<h3 id="synapseapppusher"><a class="header" href="#synapseapppusher"><code>synapse.app.pusher</code></a></h3>
+<p>Handles sending push notifications to sygnal and email. Doesn't handle any
+REST endpoints itself, but you should set <code>start_pushers: False</code> in the
+shared configuration file to stop the main synapse sending push notifications.</p>
+<p>To run multiple instances at once the <code>pusher_instances</code> option should list all
+pusher instances by their worker name, e.g.:</p>
+<pre><code class="language-yaml">pusher_instances:
+    - pusher_worker1
+    - pusher_worker2
+</code></pre>
+<h3 id="synapseappappservice"><a class="header" href="#synapseappappservice"><code>synapse.app.appservice</code></a></h3>
+<p>Handles sending output traffic to Application Services. Doesn't handle any
+REST endpoints itself, but you should set <code>notify_appservices: False</code> in the
+shared configuration file to stop the main synapse sending appservice notifications.</p>
+<p>Note this worker cannot be load-balanced: only one instance should be active.</p>
+<h3 id="synapseappfederation_sender"><a class="header" href="#synapseappfederation_sender"><code>synapse.app.federation_sender</code></a></h3>
+<p>Handles sending federation traffic to other servers. Doesn't handle any
+REST endpoints itself, but you should set <code>send_federation: False</code> in the
+shared configuration file to stop the main synapse sending this traffic.</p>
+<p>If running multiple federation senders then you must list each
+instance in the <code>federation_sender_instances</code> option by their <code>worker_name</code>.
+All instances must be stopped and started when adding or removing instances.
+For example:</p>
+<pre><code class="language-yaml">federation_sender_instances:
+    - federation_sender1
+    - federation_sender2
+</code></pre>
+<h3 id="synapseappmedia_repository"><a class="header" href="#synapseappmedia_repository"><code>synapse.app.media_repository</code></a></h3>
+<p>Handles the media repository. It can handle all endpoints starting with:</p>
+<pre><code>/_matrix/media/
+</code></pre>
+<p>... and the following regular expressions matching media-specific administration APIs:</p>
+<pre><code>^/_synapse/admin/v1/purge_media_cache$
+^/_synapse/admin/v1/room/.*/media.*$
+^/_synapse/admin/v1/user/.*/media.*$
+^/_synapse/admin/v1/media/.*$
+^/_synapse/admin/v1/quarantine_media/.*$
+</code></pre>
+<p>You should also set <code>enable_media_repo: False</code> in the shared configuration
+file to stop the main synapse running background jobs related to managing the
+media repository.</p>
+<p>In the <code>media_repository</code> worker configuration file, configure the http listener to
+expose the <code>media</code> resource. For example:</p>
+<pre><code class="language-yaml">    worker_listeners:
+     - type: http
+       port: 8085
+       resources:
+         - names:
+           - media
+</code></pre>
+<p>Note that if running multiple media repositories they must be on the same server
+and you must configure a single instance to run the background tasks, e.g.:</p>
+<pre><code class="language-yaml">    media_instance_running_background_jobs: &quot;media-repository-1&quot;
+</code></pre>
+<p>Note that if a reverse proxy is used , then <code>/_matrix/media/</code> must be routed for both inbound client and federation requests (if they are handled separately).</p>
+<h3 id="synapseappuser_dir"><a class="header" href="#synapseappuser_dir"><code>synapse.app.user_dir</code></a></h3>
+<p>Handles searches in the user directory. It can handle REST endpoints matching
+the following regular expressions:</p>
+<pre><code>^/_matrix/client/(api/v1|r0|unstable)/user_directory/search$
+</code></pre>
+<p>When using this worker you must also set <code>update_user_directory: False</code> in the
+shared configuration file to stop the main synapse running background
+jobs related to updating the user directory.</p>
+<h3 id="synapseappfrontend_proxy"><a class="header" href="#synapseappfrontend_proxy"><code>synapse.app.frontend_proxy</code></a></h3>
+<p>Proxies some frequently-requested client endpoints to add caching and remove
+load from the main synapse. It can handle REST endpoints matching the following
+regular expressions:</p>
+<pre><code>^/_matrix/client/(api/v1|r0|unstable)/keys/upload
+</code></pre>
+<p>If <code>use_presence</code> is False in the homeserver config, it can also handle REST
+endpoints matching the following regular expressions:</p>
+<pre><code>^/_matrix/client/(api/v1|r0|unstable)/presence/[^/]+/status
+</code></pre>
+<p>This &quot;stub&quot; presence handler will pass through <code>GET</code> request but make the
+<code>PUT</code> effectively a no-op.</p>
+<p>It will proxy any requests it cannot handle to the main synapse instance. It
+must therefore be configured with the location of the main instance, via
+the <code>worker_main_http_uri</code> setting in the <code>frontend_proxy</code> worker configuration
+file. For example:</p>
+<pre><code>worker_main_http_uri: http://127.0.0.1:8008
+</code></pre>
+<h3 id="historical-apps"><a class="header" href="#historical-apps">Historical apps</a></h3>
+<p><em>Note:</em> Historically there used to be more apps, however they have been
+amalgamated into a single <code>synapse.app.generic_worker</code> app. The remaining apps
+are ones that do specific processing unrelated to requests, e.g. the <code>pusher</code>
+that handles sending out push notifications for new events. The intention is for
+all these to be folded into the <code>generic_worker</code> app and to use config to define
+which processes handle the various proccessing such as push notifications.</p>
+<h2 id="migration-from-old-config"><a class="header" href="#migration-from-old-config">Migration from old config</a></h2>
+<p>There are two main independent changes that have been made: introducing Redis
+support and merging apps into <code>synapse.app.generic_worker</code>. Both these changes
+are backwards compatible and so no changes to the config are required, however
+server admins are encouraged to plan to migrate to Redis as the old style direct
+TCP replication config is deprecated.</p>
+<p>To migrate to Redis add the <code>redis</code> config as above, and optionally remove the
+TCP <code>replication</code> listener from master and <code>worker_replication_port</code> from worker
+config.</p>
+<p>To migrate apps to use <code>synapse.app.generic_worker</code> simply update the
+<code>worker_app</code> option in the worker configs, and where worker are started (e.g.
+in systemd service files, but not required for synctl).</p>
+<h2 id="architectural-diagram"><a class="header" href="#architectural-diagram">Architectural diagram</a></h2>
+<p>The following shows an example setup using Redis and a reverse proxy:</p>
+<pre><code>                     Clients &amp; Federation
+                              |
+                              v
+                        +-----------+
+                        |           |
+                        |  Reverse  |
+                        |  Proxy    |
+                        |           |
+                        +-----------+
+                            | | |
+                            | | | HTTP requests
+        +-------------------+ | +-----------+
+        |                 +---+             |
+        |                 |                 |
+        v                 v                 v
++--------------+  +--------------+  +--------------+  +--------------+
+|   Main       |  |   Generic    |  |   Generic    |  |  Event       |
+|   Process    |  |   Worker 1   |  |   Worker 2   |  |  Persister   |
++--------------+  +--------------+  +--------------+  +--------------+
+      ^    ^          |   ^   |         |   ^   |          ^    ^
+      |    |          |   |   |         |   |   |          |    |
+      |    |          |   |   |  HTTP   |   |   |          |    |
+      |    +----------+&lt;--|---|---------+   |   |          |    |
+      |                   |   +-------------|--&gt;+----------+    |
+      |                   |                 |                   |
+      |                   |                 |                   |
+      v                   v                 v                   v
+====================================================================
+                                                         Redis pub/sub channel
+</code></pre>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h3 id="using-synctl-with-workers"><a class="header" href="#using-synctl-with-workers">Using synctl with workers</a></h3>
+<p>If you want to use <code>synctl</code> to manage your synapse processes, you will need to
+create an an additional configuration file for the main synapse process. That
+configuration should look like this:</p>
+<pre><code class="language-yaml">worker_app: synapse.app.homeserver
+</code></pre>
+<p>Additionally, each worker app must be configured with the name of a &quot;pid file&quot;,
+to which it will write its process ID when it starts. For example, for a
+synchrotron, you might write:</p>
+<pre><code class="language-yaml">worker_pid_file: /home/matrix/synapse/worker1.pid
+</code></pre>
+<p>Finally, to actually run your worker-based synapse, you must pass synctl the <code>-a</code>
+commandline option to tell it to operate on all the worker configurations found
+in the given directory, e.g.:</p>
+<pre><code>synctl -a $CONFIG/workers start
+</code></pre>
+<p>Currently one should always restart all workers when restarting or upgrading
+synapse, unless you explicitly know it's safe not to.  For instance, restarting
+synapse without restarting all the synchrotrons may result in broken typing
+notifications.</p>
+<p>To manipulate a specific worker, you pass the -w option to synctl:</p>
+<pre><code>synctl -w $CONFIG/workers/worker1.yaml restart
+</code></pre>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="setting-up-synapse-with-workers-and-systemd"><a class="header" href="#setting-up-synapse-with-workers-and-systemd">Setting up Synapse with Workers and Systemd</a></h1>
+<p>This is a setup for managing synapse with systemd, including support for
+managing workers. It provides a <code>matrix-synapse</code> service for the master, as
+well as a <code>matrix-synapse-worker@</code> service template for any workers you
+require. Additionally, to group the required services, it sets up a
+<code>matrix-synapse.target</code>.</p>
+<p>See the folder <a href="https://github.com/matrix-org/synapse/tree/develop/docs/systemd-with-workers/system/">system</a>
+for the systemd unit files.</p>
+<p>The folder <a href="https://github.com/matrix-org/synapse/tree/develop/docs/systemd-with-workers/workers/">workers</a>
+contains an example configuration for the <code>federation_reader</code> worker.</p>
+<h2 id="synapse-configuration-files"><a class="header" href="#synapse-configuration-files">Synapse configuration files</a></h2>
+<p>See <a href="systemd-with-workers/../workers.html">workers.md</a> for information on how to set up the
+configuration files and reverse-proxy correctly. You can find an example worker
+config in the <a href="https://github.com/matrix-org/synapse/tree/develop/docs/systemd-with-workers/workers/">workers</a>
+folder.</p>
+<p>Systemd manages daemonization itself, so ensure that none of the configuration
+files set either <code>daemonize</code> or <code>worker_daemonize</code>.</p>
+<p>The config files of all workers are expected to be located in
+<code>/etc/matrix-synapse/workers</code>. If you want to use a different location, edit
+the provided <code>*.service</code> files accordingly.</p>
+<p>There is no need for a separate configuration file for the master process.</p>
+<h2 id="set-up"><a class="header" href="#set-up">Set up</a></h2>
+<ol>
+<li>Adjust synapse configuration files as above.</li>
+<li>Copy the <code>*.service</code> and <code>*.target</code> files in <a href="https://github.com/matrix-org/synapse/tree/develop/docs/systemd-with-workers/system/">system</a>
+to <code>/etc/systemd/system</code>.</li>
+<li>Run <code>systemctl daemon-reload</code> to tell systemd to load the new unit files.</li>
+<li>Run <code>systemctl enable matrix-synapse.service</code>. This will configure the
+synapse master process to be started as part of the <code>matrix-synapse.target</code>
+target.</li>
+<li>For each worker process to be enabled, run <code>systemctl enable matrix-synapse-worker@&lt;worker_name&gt;.service</code>. For each <code>&lt;worker_name&gt;</code>, there
+should be a corresponding configuration file.
+<code>/etc/matrix-synapse/workers/&lt;worker_name&gt;.yaml</code>.</li>
+<li>Start all the synapse processes with <code>systemctl start matrix-synapse.target</code>.</li>
+<li>Tell systemd to start synapse on boot with <code>systemctl enable matrix-synapse.target</code>.</li>
+</ol>
+<h2 id="usage"><a class="header" href="#usage">Usage</a></h2>
+<p>Once the services are correctly set up, you can use the following commands
+to manage your synapse installation:</p>
+<pre><code class="language-sh"># Restart Synapse master and all workers
+systemctl restart matrix-synapse.target
+
+# Stop Synapse and all workers
+systemctl stop matrix-synapse.target
+
+# Restart the master alone
+systemctl start matrix-synapse.service
+
+# Restart a specific worker (eg. federation_reader); the master is
+# unaffected by this.
+systemctl restart matrix-synapse-worker@federation_reader.service
+
+# Add a new worker (assuming all configs are set up already)
+systemctl enable matrix-synapse-worker@federation_writer.service
+systemctl restart matrix-synapse.target
+</code></pre>
+<h2 id="hardening"><a class="header" href="#hardening">Hardening</a></h2>
+<p><strong>Optional:</strong> If further hardening is desired, the file
+<code>override-hardened.conf</code> may be copied from
+<code>contrib/systemd/override-hardened.conf</code> in this repository to the location
+<code>/etc/systemd/system/matrix-synapse.service.d/override-hardened.conf</code> (the
+directory may have to be created). It enables certain sandboxing features in
+systemd to further secure the synapse service. You may read the comments to
+understand what the override file is doing. The same file will need to be copied
+to
+<code>/etc/systemd/system/matrix-synapse-worker@.service.d/override-hardened-worker.conf</code>
+(this directory may also have to be created) in order to apply the same
+hardening options to any worker processes.</p>
+<p>Once these files have been copied to their appropriate locations, simply reload
+systemd's manager config files and restart all Synapse services to apply the hardening options. They will automatically
+be applied at every restart as long as the override files are present at the
+specified locations.</p>
+<pre><code class="language-sh">systemctl daemon-reload
+
+# Restart services
+systemctl restart matrix-synapse.target
+</code></pre>
+<p>In order to see their effect, you may run <code>systemd-analyze security matrix-synapse.service</code> before and after applying the hardening options to see
+the changes being applied at a glance.</p>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="administration"><a class="header" href="#administration">Administration</a></h1>
+<p>This section contains information on managing your Synapse homeserver. This includes:</p>
+<ul>
+<li>Managing users, rooms and media via the Admin API.</li>
+<li>Setting up metrics and monitoring to give you insight into your homeserver's health.</li>
+<li>Configuring structured logging.</li>
+</ul>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="the-admin-api"><a class="header" href="#the-admin-api">The Admin API</a></h1>
+<h2 id="authenticate-as-a-server-admin"><a class="header" href="#authenticate-as-a-server-admin">Authenticate as a server admin</a></h2>
+<p>Many of the API calls in the admin api will require an <code>access_token</code> for a
+server admin. (Note that a server admin is distinct from a room admin.)</p>
+<p>A user can be marked as a server admin by updating the database directly, e.g.:</p>
+<pre><code class="language-sql">UPDATE users SET admin = 1 WHERE name = '@foo:bar.com';
+</code></pre>
+<p>A new server admin user can also be created using the <code>register_new_matrix_user</code>
+command. This is a script that is located in the <code>scripts/</code> directory, or possibly
+already on your <code>$PATH</code> depending on how Synapse was installed.</p>
+<p>Finding your user's <code>access_token</code> is client-dependent, but will usually be shown in the client's settings.</p>
+<h2 id="making-an-admin-api-request"><a class="header" href="#making-an-admin-api-request">Making an Admin API request</a></h2>
+<p>Once you have your <code>access_token</code>, you will need to authenticate each request to an Admin API endpoint by
+providing the token as either a query parameter or a request header. To add it as a request header in cURL:</p>
+<pre><code class="language-sh">curl --header &quot;Authorization: Bearer &lt;access_token&gt;&quot; &lt;the_rest_of_your_API_request&gt;
+</code></pre>
+<p>For more details on access tokens in Matrix, please refer to the complete
+<a href="https://matrix.org/docs/spec/client_server/r0.6.1#using-access-tokens">matrix spec documentation</a>.</p>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="account-validity-api"><a class="header" href="#account-validity-api">Account validity API</a></h1>
+<p>This API allows a server administrator to manage the validity of an account. To
+use it, you must enable the account validity feature (under
+<code>account_validity</code>) in Synapse's configuration.</p>
+<h2 id="renew-account"><a class="header" href="#renew-account">Renew account</a></h2>
+<p>This API extends the validity of an account by as much time as configured in the
+<code>period</code> parameter from the <code>account_validity</code> configuration.</p>
+<p>The API is:</p>
+<pre><code>POST /_synapse/admin/v1/account_validity/validity
+</code></pre>
+<p>with the following body:</p>
+<pre><code class="language-json">{
+    &quot;user_id&quot;: &quot;&lt;user ID for the account to renew&gt;&quot;,
+    &quot;expiration_ts&quot;: 0,
+    &quot;enable_renewal_emails&quot;: true
+}
+</code></pre>
+<p><code>expiration_ts</code> is an optional parameter and overrides the expiration date,
+which otherwise defaults to now + validity period.</p>
+<p><code>enable_renewal_emails</code> is also an optional parameter and enables/disables
+sending renewal emails to the user. Defaults to true.</p>
+<p>The API returns with the new expiration date for this account, as a timestamp in
+milliseconds since epoch:</p>
+<pre><code class="language-json">{
+    &quot;expiration_ts&quot;: 0
+}
+</code></pre>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="delete-a-local-group"><a class="header" href="#delete-a-local-group">Delete a local group</a></h1>
+<p>This API lets a server admin delete a local group. Doing so will kick all
+users out of the group so that their clients will correctly handle the group
+being deleted.</p>
+<p>The API is:</p>
+<pre><code>POST /_synapse/admin/v1/delete_group/&lt;group_id&gt;
+</code></pre>
+<p>To use it, you will need to authenticate by providing an <code>access_token</code> for a
+server admin: see <a href="admin_api/../usage/administration/admin_api">Admin API</a>.</p>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="show-reported-events"><a class="header" href="#show-reported-events">Show reported events</a></h1>
+<p>This API returns information about reported events.</p>
+<p>The api is:</p>
+<pre><code>GET /_synapse/admin/v1/event_reports?from=0&amp;limit=10
+</code></pre>
+<p>To use it, you will need to authenticate by providing an <code>access_token</code> for a
+server admin: see <a href="admin_api/../usage/administration/admin_api">Admin API</a>.</p>
+<p>It returns a JSON body like the following:</p>
+<pre><code class="language-json">{
+    &quot;event_reports&quot;: [
+        {
+            &quot;event_id&quot;: &quot;$bNUFCwGzWca1meCGkjp-zwslF-GfVcXukvRLI1_FaVY&quot;,
+            &quot;id&quot;: 2,
+            &quot;reason&quot;: &quot;foo&quot;,
+            &quot;score&quot;: -100,
+            &quot;received_ts&quot;: 1570897107409,
+            &quot;canonical_alias&quot;: &quot;#alias1:matrix.org&quot;,
+            &quot;room_id&quot;: &quot;!ERAgBpSOcCCuTJqQPk:matrix.org&quot;,
+            &quot;name&quot;: &quot;Matrix HQ&quot;,
+            &quot;sender&quot;: &quot;@foobar:matrix.org&quot;,
+            &quot;user_id&quot;: &quot;@foo:matrix.org&quot;
+        },
+        {
+            &quot;event_id&quot;: &quot;$3IcdZsDaN_En-S1DF4EMCy3v4gNRKeOJs8W5qTOKj4I&quot;,
+            &quot;id&quot;: 3,
+            &quot;reason&quot;: &quot;bar&quot;,
+            &quot;score&quot;: -100,
+            &quot;received_ts&quot;: 1598889612059,
+            &quot;canonical_alias&quot;: &quot;#alias2:matrix.org&quot;,
+            &quot;room_id&quot;: &quot;!eGvUQuTCkHGVwNMOjv:matrix.org&quot;,
+            &quot;name&quot;: &quot;Your room name here&quot;,
+            &quot;sender&quot;: &quot;@foobar:matrix.org&quot;,
+            &quot;user_id&quot;: &quot;@bar:matrix.org&quot;
+        }
+    ],
+    &quot;next_token&quot;: 2,
+    &quot;total&quot;: 4
+}
+</code></pre>
+<p>To paginate, check for <code>next_token</code> and if present, call the endpoint again with <code>from</code>
+set to the value of <code>next_token</code>. This will return a new page.</p>
+<p>If the endpoint does not return a <code>next_token</code> then there are no more reports to
+paginate through.</p>
+<p><strong>URL parameters:</strong></p>
+<ul>
+<li><code>limit</code>: integer - Is optional but is used for pagination, denoting the maximum number
+of items to return in this call. Defaults to <code>100</code>.</li>
+<li><code>from</code>: integer - Is optional but used for pagination, denoting the offset in the
+returned results. This should be treated as an opaque value and not explicitly set to
+anything other than the return value of <code>next_token</code> from a previous call. Defaults to <code>0</code>.</li>
+<li><code>dir</code>: string - Direction of event report order. Whether to fetch the most recent
+first (<code>b</code>) or the oldest first (<code>f</code>). Defaults to <code>b</code>.</li>
+<li><code>user_id</code>: string - Is optional and filters to only return users with user IDs that
+contain this value. This is the user who reported the event and wrote the reason.</li>
+<li><code>room_id</code>: string - Is optional and filters to only return rooms with room IDs that
+contain this value.</li>
+</ul>
+<p><strong>Response</strong></p>
+<p>The following fields are returned in the JSON response body:</p>
+<ul>
+<li><code>id</code>: integer - ID of event report.</li>
+<li><code>received_ts</code>: integer - The timestamp (in milliseconds since the unix epoch) when this
+report was sent.</li>
+<li><code>room_id</code>: string - The ID of the room in which the event being reported is located.</li>
+<li><code>name</code>: string - The name of the room.</li>
+<li><code>event_id</code>: string - The ID of the reported event.</li>
+<li><code>user_id</code>: string - This is the user who reported the event and wrote the reason.</li>
+<li><code>reason</code>: string - Comment made by the <code>user_id</code> in this report. May be blank or <code>null</code>.</li>
+<li><code>score</code>: integer - Content is reported based upon a negative score, where -100 is
+&quot;most offensive&quot; and 0 is &quot;inoffensive&quot;. May be <code>null</code>.</li>
+<li><code>sender</code>: string - This is the ID of the user who sent the original message/event that
+was reported.</li>
+<li><code>canonical_alias</code>: string - The canonical alias of the room. <code>null</code> if the room does not
+have a canonical alias set.</li>
+<li><code>next_token</code>: integer - Indication for pagination. See above.</li>
+<li><code>total</code>: integer - Total number of event reports related to the query
+(<code>user_id</code> and <code>room_id</code>).</li>
+</ul>
+<h1 id="show-details-of-a-specific-event-report"><a class="header" href="#show-details-of-a-specific-event-report">Show details of a specific event report</a></h1>
+<p>This API returns information about a specific event report.</p>
+<p>The api is:</p>
+<pre><code>GET /_synapse/admin/v1/event_reports/&lt;report_id&gt;
+</code></pre>
+<p>To use it, you will need to authenticate by providing an <code>access_token</code> for a
+server admin: see <a href="admin_api/../usage/administration/admin_api">Admin API</a>.</p>
+<p>It returns a JSON body like the following:</p>
+<pre><code class="language-jsonc">{
+    &quot;event_id&quot;: &quot;$bNUFCwGzWca1meCGkjp-zwslF-GfVcXukvRLI1_FaVY&quot;,
+    &quot;event_json&quot;: {
+        &quot;auth_events&quot;: [
+            &quot;$YK4arsKKcc0LRoe700pS8DSjOvUT4NDv0HfInlMFw2M&quot;,
+            &quot;$oggsNXxzPFRE3y53SUNd7nsj69-QzKv03a1RucHu-ws&quot;
+        ],
+        &quot;content&quot;: {
+            &quot;body&quot;: &quot;matrix.org: This Week in Matrix&quot;,
+            &quot;format&quot;: &quot;org.matrix.custom.html&quot;,
+            &quot;formatted_body&quot;: &quot;&lt;strong&gt;matrix.org&lt;/strong&gt;:&lt;br&gt;&lt;a href=\&quot;https://matrix.org/blog/\&quot;&gt;&lt;strong&gt;This Week in Matrix&lt;/strong&gt;&lt;/a&gt;&quot;,
+            &quot;msgtype&quot;: &quot;m.notice&quot;
+        },
+        &quot;depth&quot;: 546,
+        &quot;hashes&quot;: {
+            &quot;sha256&quot;: &quot;xK1//xnmvHJIOvbgXlkI8eEqdvoMmihVDJ9J4SNlsAw&quot;
+        },
+        &quot;origin&quot;: &quot;matrix.org&quot;,
+        &quot;origin_server_ts&quot;: 1592291711430,
+        &quot;prev_events&quot;: [
+            &quot;$YK4arsKKcc0LRoe700pS8DSjOvUT4NDv0HfInlMFw2M&quot;
+        ],
+        &quot;prev_state&quot;: [],
+        &quot;room_id&quot;: &quot;!ERAgBpSOcCCuTJqQPk:matrix.org&quot;,
+        &quot;sender&quot;: &quot;@foobar:matrix.org&quot;,
+        &quot;signatures&quot;: {
+            &quot;matrix.org&quot;: {
+                &quot;ed25519:a_JaEG&quot;: &quot;cs+OUKW/iHx5pEidbWxh0UiNNHwe46Ai9LwNz+Ah16aWDNszVIe2gaAcVZfvNsBhakQTew51tlKmL2kspXk/Dg&quot;
+            }
+        },
+        &quot;type&quot;: &quot;m.room.message&quot;,
+        &quot;unsigned&quot;: {
+            &quot;age_ts&quot;: 1592291711430,
+        }
+    },
+    &quot;id&quot;: &lt;report_id&gt;,
+    &quot;reason&quot;: &quot;foo&quot;,
+    &quot;score&quot;: -100,
+    &quot;received_ts&quot;: 1570897107409,
+    &quot;canonical_alias&quot;: &quot;#alias1:matrix.org&quot;,
+    &quot;room_id&quot;: &quot;!ERAgBpSOcCCuTJqQPk:matrix.org&quot;,
+    &quot;name&quot;: &quot;Matrix HQ&quot;,
+    &quot;sender&quot;: &quot;@foobar:matrix.org&quot;,
+    &quot;user_id&quot;: &quot;@foo:matrix.org&quot;
+}
+</code></pre>
+<p><strong>URL parameters:</strong></p>
+<ul>
+<li><code>report_id</code>: string - The ID of the event report.</li>
+</ul>
+<p><strong>Response</strong></p>
+<p>The following fields are returned in the JSON response body:</p>
+<ul>
+<li><code>id</code>: integer - ID of event report.</li>
+<li><code>received_ts</code>: integer - The timestamp (in milliseconds since the unix epoch) when this
+report was sent.</li>
+<li><code>room_id</code>: string - The ID of the room in which the event being reported is located.</li>
+<li><code>name</code>: string - The name of the room.</li>
+<li><code>event_id</code>: string - The ID of the reported event.</li>
+<li><code>user_id</code>: string - This is the user who reported the event and wrote the reason.</li>
+<li><code>reason</code>: string - Comment made by the <code>user_id</code> in this report. May be blank.</li>
+<li><code>score</code>: integer - Content is reported based upon a negative score, where -100 is
+&quot;most offensive&quot; and 0 is &quot;inoffensive&quot;.</li>
+<li><code>sender</code>: string - This is the ID of the user who sent the original message/event that
+was reported.</li>
+<li><code>canonical_alias</code>: string - The canonical alias of the room. <code>null</code> if the room does not
+have a canonical alias set.</li>
+<li><code>event_json</code>: object - Details of the original event that was reported.</li>
+</ul>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="contents-1"><a class="header" href="#contents-1">Contents</a></h1>
+<ul>
+<li><a href="admin_api/media_admin_api.html#querying-media">Querying media</a>
+<ul>
+<li><a href="admin_api/media_admin_api.html#list-all-media-in-a-room">List all media in a room</a></li>
+<li><a href="admin_api/media_admin_api.html#list-all-media-uploaded-by-a-user">List all media uploaded by a user</a></li>
+</ul>
+</li>
+<li><a href="admin_api/media_admin_api.html#quarantine-media">Quarantine media</a>
+<ul>
+<li><a href="admin_api/media_admin_api.html#quarantining-media-by-id">Quarantining media by ID</a></li>
+<li><a href="admin_api/media_admin_api.html#remove-media-from-quarantine-by-id">Remove media from quarantine by ID</a></li>
+<li><a href="admin_api/media_admin_api.html#quarantining-media-in-a-room">Quarantining media in a room</a></li>
+<li><a href="admin_api/media_admin_api.html#quarantining-all-media-of-a-user">Quarantining all media of a user</a></li>
+<li><a href="admin_api/media_admin_api.html#protecting-media-from-being-quarantined">Protecting media from being quarantined</a></li>
+<li><a href="admin_api/media_admin_api.html#unprotecting-media-from-being-quarantined">Unprotecting media from being quarantined</a></li>
+</ul>
+</li>
+<li><a href="admin_api/media_admin_api.html#delete-local-media">Delete local media</a>
+<ul>
+<li><a href="admin_api/media_admin_api.html#delete-a-specific-local-media">Delete a specific local media</a></li>
+<li><a href="admin_api/media_admin_api.html#delete-local-media-by-date-or-size">Delete local media by date or size</a></li>
+</ul>
+</li>
+<li><a href="admin_api/media_admin_api.html#purge-remote-media-api">Purge Remote Media API</a></li>
+</ul>
+<h1 id="querying-media"><a class="header" href="#querying-media">Querying media</a></h1>
+<p>These APIs allow extracting media information from the homeserver.</p>
+<h2 id="list-all-media-in-a-room"><a class="header" href="#list-all-media-in-a-room">List all media in a room</a></h2>
+<p>This API gets a list of known media in a room.
+However, it only shows media from unencrypted events or rooms.</p>
+<p>The API is:</p>
+<pre><code>GET /_synapse/admin/v1/room/&lt;room_id&gt;/media
+</code></pre>
+<p>To use it, you will need to authenticate by providing an <code>access_token</code> for a
+server admin: see <a href="admin_api/../usage/administration/admin_api">Admin API</a>.</p>
+<p>The API returns a JSON body like the following:</p>
+<pre><code class="language-json">{
+  &quot;local&quot;: [
+    &quot;mxc://localhost/xwvutsrqponmlkjihgfedcba&quot;,
+    &quot;mxc://localhost/abcdefghijklmnopqrstuvwx&quot;
+  ],
+  &quot;remote&quot;: [
+    &quot;mxc://matrix.org/xwvutsrqponmlkjihgfedcba&quot;,
+    &quot;mxc://matrix.org/abcdefghijklmnopqrstuvwx&quot;
+  ]
+}
+</code></pre>
+<h2 id="list-all-media-uploaded-by-a-user"><a class="header" href="#list-all-media-uploaded-by-a-user">List all media uploaded by a user</a></h2>
+<p>Listing all media that has been uploaded by a local user can be achieved through
+the use of the <a href="admin_api/user_admin_api.rst#list-media-of-a-user">List media of a user</a>
+Admin API.</p>
+<h1 id="quarantine-media"><a class="header" href="#quarantine-media">Quarantine media</a></h1>
+<p>Quarantining media means that it is marked as inaccessible by users. It applies
+to any local media, and any locally-cached copies of remote media.</p>
+<p>The media file itself (and any thumbnails) is not deleted from the server.</p>
+<h2 id="quarantining-media-by-id"><a class="header" href="#quarantining-media-by-id">Quarantining media by ID</a></h2>
+<p>This API quarantines a single piece of local or remote media.</p>
+<p>Request:</p>
+<pre><code>POST /_synapse/admin/v1/media/quarantine/&lt;server_name&gt;/&lt;media_id&gt;
+
+{}
+</code></pre>
+<p>Where <code>server_name</code> is in the form of <code>example.org</code>, and <code>media_id</code> is in the
+form of <code>abcdefg12345...</code>.</p>
+<p>Response:</p>
+<pre><code class="language-json">{}
+</code></pre>
+<h2 id="remove-media-from-quarantine-by-id"><a class="header" href="#remove-media-from-quarantine-by-id">Remove media from quarantine by ID</a></h2>
+<p>This API removes a single piece of local or remote media from quarantine.</p>
+<p>Request:</p>
+<pre><code>POST /_synapse/admin/v1/media/unquarantine/&lt;server_name&gt;/&lt;media_id&gt;
+
+{}
+</code></pre>
+<p>Where <code>server_name</code> is in the form of <code>example.org</code>, and <code>media_id</code> is in the
+form of <code>abcdefg12345...</code>.</p>
+<p>Response:</p>
+<pre><code class="language-json">{}
+</code></pre>
+<h2 id="quarantining-media-in-a-room"><a class="header" href="#quarantining-media-in-a-room">Quarantining media in a room</a></h2>
+<p>This API quarantines all local and remote media in a room.</p>
+<p>Request:</p>
+<pre><code>POST /_synapse/admin/v1/room/&lt;room_id&gt;/media/quarantine
+
+{}
+</code></pre>
+<p>Where <code>room_id</code> is in the form of <code>!roomid12345:example.org</code>.</p>
+<p>Response:</p>
+<pre><code class="language-json">{
+  &quot;num_quarantined&quot;: 10
+}
+</code></pre>
+<p>The following fields are returned in the JSON response body:</p>
+<ul>
+<li><code>num_quarantined</code>: integer - The number of media items successfully quarantined</li>
+</ul>
+<p>Note that there is a legacy endpoint, <code>POST /_synapse/admin/v1/quarantine_media/&lt;room_id&gt;</code>, that operates the same.
+However, it is deprecated and may be removed in a future release.</p>
+<h2 id="quarantining-all-media-of-a-user"><a class="header" href="#quarantining-all-media-of-a-user">Quarantining all media of a user</a></h2>
+<p>This API quarantines all <em>local</em> media that a <em>local</em> user has uploaded. That is to say, if
+you would like to quarantine media uploaded by a user on a remote homeserver, you should
+instead use one of the other APIs.</p>
+<p>Request:</p>
+<pre><code>POST /_synapse/admin/v1/user/&lt;user_id&gt;/media/quarantine
+
+{}
+</code></pre>
+<p>URL Parameters</p>
+<ul>
+<li><code>user_id</code>: string - User ID in the form of <code>@bob:example.org</code></li>
+</ul>
+<p>Response:</p>
+<pre><code class="language-json">{
+  &quot;num_quarantined&quot;: 10
+}
+</code></pre>
+<p>The following fields are returned in the JSON response body:</p>
+<ul>
+<li><code>num_quarantined</code>: integer - The number of media items successfully quarantined</li>
+</ul>
+<h2 id="protecting-media-from-being-quarantined"><a class="header" href="#protecting-media-from-being-quarantined">Protecting media from being quarantined</a></h2>
+<p>This API protects a single piece of local media from being quarantined using the
+above APIs. This is useful for sticker packs and other shared media which you do
+not want to get quarantined, especially when
+<a href="admin_api/media_admin_api.html#quarantining-media-in-a-room">quarantining media in a room</a>.</p>
+<p>Request:</p>
+<pre><code>POST /_synapse/admin/v1/media/protect/&lt;media_id&gt;
+
+{}
+</code></pre>
+<p>Where <code>media_id</code> is in the  form of <code>abcdefg12345...</code>.</p>
+<p>Response:</p>
+<pre><code class="language-json">{}
+</code></pre>
+<h2 id="unprotecting-media-from-being-quarantined"><a class="header" href="#unprotecting-media-from-being-quarantined">Unprotecting media from being quarantined</a></h2>
+<p>This API reverts the protection of a media.</p>
+<p>Request:</p>
+<pre><code>POST /_synapse/admin/v1/media/unprotect/&lt;media_id&gt;
+
+{}
+</code></pre>
+<p>Where <code>media_id</code> is in the  form of <code>abcdefg12345...</code>.</p>
+<p>Response:</p>
+<pre><code class="language-json">{}
+</code></pre>
+<h1 id="delete-local-media"><a class="header" href="#delete-local-media">Delete local media</a></h1>
+<p>This API deletes the <em>local</em> media from the disk of your own server.
+This includes any local thumbnails and copies of media downloaded from
+remote homeservers.
+This API will not affect media that has been uploaded to external
+media repositories (e.g https://github.com/turt2live/matrix-media-repo/).
+See also <a href="admin_api/media_admin_api.html#purge-remote-media-api">Purge Remote Media API</a>.</p>
+<h2 id="delete-a-specific-local-media"><a class="header" href="#delete-a-specific-local-media">Delete a specific local media</a></h2>
+<p>Delete a specific <code>media_id</code>.</p>
+<p>Request:</p>
+<pre><code>DELETE /_synapse/admin/v1/media/&lt;server_name&gt;/&lt;media_id&gt;
+
+{}
+</code></pre>
+<p>URL Parameters</p>
+<ul>
+<li><code>server_name</code>: string - The name of your local server (e.g <code>matrix.org</code>)</li>
+<li><code>media_id</code>: string - The ID of the media (e.g <code>abcdefghijklmnopqrstuvwx</code>)</li>
+</ul>
+<p>Response:</p>
+<pre><code class="language-json">{
+  &quot;deleted_media&quot;: [
+    &quot;abcdefghijklmnopqrstuvwx&quot;
+  ],
+  &quot;total&quot;: 1
+}
+</code></pre>
+<p>The following fields are returned in the JSON response body:</p>
+<ul>
+<li><code>deleted_media</code>: an array of strings - List of deleted <code>media_id</code></li>
+<li><code>total</code>: integer - Total number of deleted <code>media_id</code></li>
+</ul>
+<h2 id="delete-local-media-by-date-or-size"><a class="header" href="#delete-local-media-by-date-or-size">Delete local media by date or size</a></h2>
+<p>Request:</p>
+<pre><code>POST /_synapse/admin/v1/media/&lt;server_name&gt;/delete?before_ts=&lt;before_ts&gt;
+
+{}
+</code></pre>
+<p>URL Parameters</p>
+<ul>
+<li><code>server_name</code>: string - The name of your local server (e.g <code>matrix.org</code>).</li>
+<li><code>before_ts</code>: string representing a positive integer - Unix timestamp in ms.
+Files that were last used before this timestamp will be deleted. It is the timestamp of
+last access and not the timestamp creation. </li>
+<li><code>size_gt</code>: Optional - string representing a positive integer - Size of the media in bytes.
+Files that are larger will be deleted. Defaults to <code>0</code>.</li>
+<li><code>keep_profiles</code>: Optional - string representing a boolean - Switch to also delete files
+that are still used in image data (e.g user profile, room avatar).
+If <code>false</code> these files will be deleted. Defaults to <code>true</code>.</li>
+</ul>
+<p>Response:</p>
+<pre><code class="language-json">{
+  &quot;deleted_media&quot;: [
+    &quot;abcdefghijklmnopqrstuvwx&quot;,
+    &quot;abcdefghijklmnopqrstuvwz&quot;
+  ],
+  &quot;total&quot;: 2
+}
+</code></pre>
+<p>The following fields are returned in the JSON response body:</p>
+<ul>
+<li><code>deleted_media</code>: an array of strings - List of deleted <code>media_id</code></li>
+<li><code>total</code>: integer - Total number of deleted <code>media_id</code></li>
+</ul>
+<h1 id="purge-remote-media-api"><a class="header" href="#purge-remote-media-api">Purge Remote Media API</a></h1>
+<p>The purge remote media API allows server admins to purge old cached remote media.</p>
+<p>The API is:</p>
+<pre><code>POST /_synapse/admin/v1/purge_media_cache?before_ts=&lt;unix_timestamp_in_ms&gt;
+
+{}
+</code></pre>
+<p>URL Parameters</p>
+<ul>
+<li><code>unix_timestamp_in_ms</code>: string representing a positive integer - Unix timestamp in ms.
+All cached media that was last accessed before this timestamp will be removed.</li>
+</ul>
+<p>Response:</p>
+<pre><code class="language-json">{
+  &quot;deleted&quot;: 10
+}
+</code></pre>
+<p>The following fields are returned in the JSON response body:</p>
+<ul>
+<li><code>deleted</code>: integer - The number of media items successfully deleted</li>
+</ul>
+<p>To use it, you will need to authenticate by providing an <code>access_token</code> for a
+server admin: see <a href="admin_api/../usage/administration/admin_api">Admin API</a>.</p>
+<p>If the user re-requests purged remote media, synapse will re-request the media
+from the originating server.</p>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="purge-history-api"><a class="header" href="#purge-history-api">Purge History API</a></h1>
+<p>The purge history API allows server admins to purge historic events from their
+database, reclaiming disk space.</p>
+<p>Depending on the amount of history being purged a call to the API may take
+several minutes or longer. During this period users will not be able to
+paginate further back in the room from the point being purged from.</p>
+<p>Note that Synapse requires at least one message in each room, so it will never
+delete the last message in a room.</p>
+<p>The API is:</p>
+<pre><code>POST /_synapse/admin/v1/purge_history/&lt;room_id&gt;[/&lt;event_id&gt;]
+</code></pre>
+<p>To use it, you will need to authenticate by providing an <code>access_token</code> for a
+server admin: <a href="admin_api/../usage/administration/admin_api">Admin API</a></p>
+<p>By default, events sent by local users are not deleted, as they may represent
+the only copies of this content in existence. (Events sent by remote users are
+deleted.)</p>
+<p>Room state data (such as joins, leaves, topic) is always preserved.</p>
+<p>To delete local message events as well, set <code>delete_local_events</code> in the body:</p>
+<pre><code>{
+   &quot;delete_local_events&quot;: true
+}
+</code></pre>
+<p>The caller must specify the point in the room to purge up to. This can be
+specified by including an event_id in the URI, or by setting a
+<code>purge_up_to_event_id</code> or <code>purge_up_to_ts</code> in the request body. If an event
+id is given, that event (and others at the same graph depth) will be retained.
+If <code>purge_up_to_ts</code> is given, it should be a timestamp since the unix epoch,
+in milliseconds.</p>
+<p>The API starts the purge running, and returns immediately with a JSON body with
+a purge id:</p>
+<pre><code class="language-json">{
+    &quot;purge_id&quot;: &quot;&lt;opaque id&gt;&quot;
+}
+</code></pre>
+<h2 id="purge-status-query"><a class="header" href="#purge-status-query">Purge status query</a></h2>
+<p>It is possible to poll for updates on recent purges with a second API;</p>
+<pre><code>GET /_synapse/admin/v1/purge_history_status/&lt;purge_id&gt;
+</code></pre>
+<p>Again, you will need to authenticate by providing an <code>access_token</code> for a
+server admin.</p>
+<p>This API returns a JSON body like the following:</p>
+<pre><code class="language-json">{
+    &quot;status&quot;: &quot;active&quot;
+}
+</code></pre>
+<p>The status will be one of <code>active</code>, <code>complete</code>, or <code>failed</code>.</p>
+<h2 id="reclaim-disk-space-postgres"><a class="header" href="#reclaim-disk-space-postgres">Reclaim disk space (Postgres)</a></h2>
+<p>To reclaim the disk space and return it to the operating system, you need to run
+<code>VACUUM FULL;</code> on the database.</p>
+<p><a href="https://www.postgresql.org/docs/current/sql-vacuum.html">https://www.postgresql.org/docs/current/sql-vacuum.html</a></p>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="deprecated-purge-room-api"><a class="header" href="#deprecated-purge-room-api">Deprecated: Purge room API</a></h1>
+<p><strong>The old Purge room API is deprecated and will be removed in a future release.
+See the new <a href="admin_api/rooms.html#delete-room-api">Delete Room API</a> for more details.</strong></p>
+<p>This API will remove all trace of a room from your database.</p>
+<p>All local users must have left the room before it can be removed.</p>
+<p>The API is:</p>
+<pre><code>POST /_synapse/admin/v1/purge_room
+
+{
+    &quot;room_id&quot;: &quot;!room:id&quot;
+}
+</code></pre>
+<p>You must authenticate using the access token of an admin user.</p>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="shared-secret-registration"><a class="header" href="#shared-secret-registration">Shared-Secret Registration</a></h1>
+<p>This API allows for the creation of users in an administrative and
+non-interactive way. This is generally used for bootstrapping a Synapse
+instance with administrator accounts.</p>
+<p>To authenticate yourself to the server, you will need both the shared secret
+(<code>registration_shared_secret</code> in the homeserver configuration), and a
+one-time nonce. If the registration shared secret is not configured, this API
+is not enabled.</p>
+<p>To fetch the nonce, you need to request one from the API:</p>
+<pre><code>&gt; GET /_synapse/admin/v1/register
+
+&lt; {&quot;nonce&quot;: &quot;thisisanonce&quot;}
+</code></pre>
+<p>Once you have the nonce, you can make a <code>POST</code> to the same URL with a JSON
+body containing the nonce, username, password, whether they are an admin
+(optional, False by default), and a HMAC digest of the content. Also you can
+set the displayname (optional, <code>username</code> by default).</p>
+<p>As an example:</p>
+<pre><code>&gt; POST /_synapse/admin/v1/register
+&gt; {
+   &quot;nonce&quot;: &quot;thisisanonce&quot;,
+   &quot;username&quot;: &quot;pepper_roni&quot;,
+   &quot;displayname&quot;: &quot;Pepper Roni&quot;,
+   &quot;password&quot;: &quot;pizza&quot;,
+   &quot;admin&quot;: true,
+   &quot;mac&quot;: &quot;mac_digest_here&quot;
+  }
+
+&lt; {
+   &quot;access_token&quot;: &quot;token_here&quot;,
+   &quot;user_id&quot;: &quot;@pepper_roni:localhost&quot;,
+   &quot;home_server&quot;: &quot;test&quot;,
+   &quot;device_id&quot;: &quot;device_id_here&quot;
+  }
+</code></pre>
+<p>The MAC is the hex digest output of the HMAC-SHA1 algorithm, with the key being
+the shared secret and the content being the nonce, user, password, either the
+string &quot;admin&quot; or &quot;notadmin&quot;, and optionally the user_type
+each separated by NULs. For an example of generation in Python:</p>
+<pre><code class="language-python">import hmac, hashlib
+
+def generate_mac(nonce, user, password, admin=False, user_type=None):
+
+    mac = hmac.new(
+      key=shared_secret,
+      digestmod=hashlib.sha1,
+    )
+
+    mac.update(nonce.encode('utf8'))
+    mac.update(b&quot;\x00&quot;)
+    mac.update(user.encode('utf8'))
+    mac.update(b&quot;\x00&quot;)
+    mac.update(password.encode('utf8'))
+    mac.update(b&quot;\x00&quot;)
+    mac.update(b&quot;admin&quot; if admin else b&quot;notadmin&quot;)
+    if user_type:
+        mac.update(b&quot;\x00&quot;)
+        mac.update(user_type.encode('utf8'))
+
+    return mac.hexdigest()
+</code></pre>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="edit-room-membership-api"><a class="header" href="#edit-room-membership-api">Edit Room Membership API</a></h1>
+<p>This API allows an administrator to join an user account with a given <code>user_id</code>
+to a room with a given <code>room_id_or_alias</code>. You can only modify the membership of
+local users. The server administrator must be in the room and have permission to
+invite users.</p>
+<h2 id="parameters"><a class="header" href="#parameters">Parameters</a></h2>
+<p>The following parameters are available:</p>
+<ul>
+<li><code>user_id</code> - Fully qualified user: for example, <code>@user:server.com</code>.</li>
+<li><code>room_id_or_alias</code> - The room identifier or alias to join: for example,
+<code>!636q39766251:server.com</code>.</li>
+</ul>
+<h2 id="usage-1"><a class="header" href="#usage-1">Usage</a></h2>
+<pre><code>POST /_synapse/admin/v1/join/&lt;room_id_or_alias&gt;
+
+{
+  &quot;user_id&quot;: &quot;@user:server.com&quot;
+}
+</code></pre>
+<p>To use it, you will need to authenticate by providing an <code>access_token</code> for a
+server admin: see <a href="admin_api/../usage/administration/admin_api">Admin API</a>.</p>
+<p>Response:</p>
+<pre><code>{
+  &quot;room_id&quot;: &quot;!636q39766251:server.com&quot;
+}
+</code></pre>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="contents-2"><a class="header" href="#contents-2">Contents</a></h1>
+<ul>
+<li><a href="admin_api/rooms.html#list-room-api">List Room API</a>
+<ul>
+<li><a href="admin_api/rooms.html#parameters">Parameters</a></li>
+<li><a href="admin_api/rooms.html#usage">Usage</a></li>
+</ul>
+</li>
+<li><a href="admin_api/rooms.html#room-details-api">Room Details API</a></li>
+<li><a href="admin_api/rooms.html#room-members-api">Room Members API</a></li>
+<li><a href="admin_api/rooms.html#room-state-api">Room State API</a></li>
+<li><a href="admin_api/rooms.html#delete-room-api">Delete Room API</a>
+<ul>
+<li><a href="admin_api/rooms.html#parameters-1">Parameters</a></li>
+<li><a href="admin_api/rooms.html#response">Response</a></li>
+<li><a href="admin_api/rooms.html#undoing-room-shutdowns">Undoing room shutdowns</a></li>
+</ul>
+</li>
+<li><a href="admin_api/rooms.html#make-room-admin-api">Make Room Admin API</a></li>
+<li><a href="admin_api/rooms.html#forward-extremities-admin-api">Forward Extremities Admin API</a></li>
+<li><a href="admin_api/rooms.html#event-context-api">Event Context API</a></li>
+</ul>
+<h1 id="list-room-api"><a class="header" href="#list-room-api">List Room API</a></h1>
+<p>The List Room admin API allows server admins to get a list of rooms on their
+server. There are various parameters available that allow for filtering and
+sorting the returned list. This API supports pagination.</p>
+<h2 id="parameters-1"><a class="header" href="#parameters-1">Parameters</a></h2>
+<p>The following query parameters are available:</p>
+<ul>
+<li><code>from</code> - Offset in the returned list. Defaults to <code>0</code>.</li>
+<li><code>limit</code> - Maximum amount of rooms to return. Defaults to <code>100</code>.</li>
+<li><code>order_by</code> - The method in which to sort the returned list of rooms. Valid values are:
+<ul>
+<li><code>alphabetical</code> - Same as <code>name</code>. This is deprecated.</li>
+<li><code>size</code> - Same as <code>joined_members</code>. This is deprecated.</li>
+<li><code>name</code> - Rooms are ordered alphabetically by room name. This is the default.</li>
+<li><code>canonical_alias</code> - Rooms are ordered alphabetically by main alias address of the room.</li>
+<li><code>joined_members</code> - Rooms are ordered by the number of members. Largest to smallest.</li>
+<li><code>joined_local_members</code> - Rooms are ordered by the number of local members. Largest to smallest.</li>
+<li><code>version</code> - Rooms are ordered by room version. Largest to smallest.</li>
+<li><code>creator</code> - Rooms are ordered alphabetically by creator of the room.</li>
+<li><code>encryption</code> - Rooms are ordered alphabetically by the end-to-end encryption algorithm.</li>
+<li><code>federatable</code> - Rooms are ordered by whether the room is federatable.</li>
+<li><code>public</code> - Rooms are ordered by visibility in room list.</li>
+<li><code>join_rules</code> - Rooms are ordered alphabetically by join rules of the room.</li>
+<li><code>guest_access</code> - Rooms are ordered alphabetically by guest access option of the room.</li>
+<li><code>history_visibility</code> - Rooms are ordered alphabetically by visibility of history of the room.</li>
+<li><code>state_events</code> - Rooms are ordered by number of state events. Largest to smallest.</li>
+</ul>
+</li>
+<li><code>dir</code> - Direction of room order. Either <code>f</code> for forwards or <code>b</code> for backwards. Setting
+this value to <code>b</code> will reverse the above sort order. Defaults to <code>f</code>.</li>
+<li><code>search_term</code> - Filter rooms by their room name. Search term can be contained in any
+part of the room name. Defaults to no filtering.</li>
+</ul>
+<p>The following fields are possible in the JSON response body:</p>
+<ul>
+<li><code>rooms</code> - An array of objects, each containing information about a room.
+<ul>
+<li>Room objects contain the following fields:
+<ul>
+<li><code>room_id</code> - The ID of the room.</li>
+<li><code>name</code> - The name of the room.</li>
+<li><code>canonical_alias</code> - The canonical (main) alias address of the room.</li>
+<li><code>joined_members</code> - How many users are currently in the room.</li>
+<li><code>joined_local_members</code> - How many local users are currently in the room.</li>
+<li><code>version</code> - The version of the room as a string.</li>
+<li><code>creator</code> - The <code>user_id</code> of the room creator.</li>
+<li><code>encryption</code> - Algorithm of end-to-end encryption of messages. Is <code>null</code> if encryption is not active.</li>
+<li><code>federatable</code> - Whether users on other servers can join this room.</li>
+<li><code>public</code> - Whether the room is visible in room directory.</li>
+<li><code>join_rules</code> - The type of rules used for users wishing to join this room. One of: [&quot;public&quot;, &quot;knock&quot;, &quot;invite&quot;, &quot;private&quot;].</li>
+<li><code>guest_access</code> - Whether guests can join the room. One of: [&quot;can_join&quot;, &quot;forbidden&quot;].</li>
+<li><code>history_visibility</code> - Who can see the room history. One of: [&quot;invited&quot;, &quot;joined&quot;, &quot;shared&quot;, &quot;world_readable&quot;].</li>
+<li><code>state_events</code> - Total number of state_events of a room. Complexity of the room.</li>
+</ul>
+</li>
+</ul>
+</li>
+<li><code>offset</code> - The current pagination offset in rooms. This parameter should be
+used instead of <code>next_token</code> for room offset as <code>next_token</code> is
+not intended to be parsed.</li>
+<li><code>total_rooms</code> - The total number of rooms this query can return. Using this
+and <code>offset</code>, you have enough information to know the current
+progression through the list.</li>
+<li><code>next_batch</code> - If this field is present, we know that there are potentially
+more rooms on the server that did not all fit into this response.
+We can use <code>next_batch</code> to get the &quot;next page&quot; of results. To do
+so, simply repeat your request, setting the <code>from</code> parameter to
+the value of <code>next_batch</code>.</li>
+<li><code>prev_batch</code> - If this field is present, it is possible to paginate backwards.
+Use <code>prev_batch</code> for the <code>from</code> value in the next request to
+get the &quot;previous page&quot; of results.</li>
+</ul>
+<h2 id="usage-2"><a class="header" href="#usage-2">Usage</a></h2>
+<p>A standard request with no filtering:</p>
+<pre><code>GET /_synapse/admin/v1/rooms
+
+{}
+</code></pre>
+<p>Response:</p>
+<pre><code class="language-jsonc">{
+  &quot;rooms&quot;: [
+    {
+      &quot;room_id&quot;: &quot;!OGEhHVWSdvArJzumhm:matrix.org&quot;,
+      &quot;name&quot;: &quot;Matrix HQ&quot;,
+      &quot;canonical_alias&quot;: &quot;#matrix:matrix.org&quot;,
+      &quot;joined_members&quot;: 8326,
+      &quot;joined_local_members&quot;: 2,
+      &quot;version&quot;: &quot;1&quot;,
+      &quot;creator&quot;: &quot;@foo:matrix.org&quot;,
+      &quot;encryption&quot;: null,
+      &quot;federatable&quot;: true,
+      &quot;public&quot;: true,
+      &quot;join_rules&quot;: &quot;invite&quot;,
+      &quot;guest_access&quot;: null,
+      &quot;history_visibility&quot;: &quot;shared&quot;,
+      &quot;state_events&quot;: 93534
+    },
+    ... (8 hidden items) ...
+    {
+      &quot;room_id&quot;: &quot;!xYvNcQPhnkrdUmYczI:matrix.org&quot;,
+      &quot;name&quot;: &quot;This Week In Matrix (TWIM)&quot;,
+      &quot;canonical_alias&quot;: &quot;#twim:matrix.org&quot;,
+      &quot;joined_members&quot;: 314,
+      &quot;joined_local_members&quot;: 20,
+      &quot;version&quot;: &quot;4&quot;,
+      &quot;creator&quot;: &quot;@foo:matrix.org&quot;,
+      &quot;encryption&quot;: &quot;m.megolm.v1.aes-sha2&quot;,
+      &quot;federatable&quot;: true,
+      &quot;public&quot;: false,
+      &quot;join_rules&quot;: &quot;invite&quot;,
+      &quot;guest_access&quot;: null,
+      &quot;history_visibility&quot;: &quot;shared&quot;,
+      &quot;state_events&quot;: 8345
+    }
+  ],
+  &quot;offset&quot;: 0,
+  &quot;total_rooms&quot;: 10
+}
+</code></pre>
+<p>Filtering by room name:</p>
+<pre><code>GET /_synapse/admin/v1/rooms?search_term=TWIM
+
+{}
+</code></pre>
+<p>Response:</p>
+<pre><code class="language-json">{
+  &quot;rooms&quot;: [
+    {
+      &quot;room_id&quot;: &quot;!xYvNcQPhnkrdUmYczI:matrix.org&quot;,
+      &quot;name&quot;: &quot;This Week In Matrix (TWIM)&quot;,
+      &quot;canonical_alias&quot;: &quot;#twim:matrix.org&quot;,
+      &quot;joined_members&quot;: 314,
+      &quot;joined_local_members&quot;: 20,
+      &quot;version&quot;: &quot;4&quot;,
+      &quot;creator&quot;: &quot;@foo:matrix.org&quot;,
+      &quot;encryption&quot;: &quot;m.megolm.v1.aes-sha2&quot;,
+      &quot;federatable&quot;: true,
+      &quot;public&quot;: false,
+      &quot;join_rules&quot;: &quot;invite&quot;,
+      &quot;guest_access&quot;: null,
+      &quot;history_visibility&quot;: &quot;shared&quot;,
+      &quot;state_events&quot;: 8
+    }
+  ],
+  &quot;offset&quot;: 0,
+  &quot;total_rooms&quot;: 1
+}
+</code></pre>
+<p>Paginating through a list of rooms:</p>
+<pre><code>GET /_synapse/admin/v1/rooms?order_by=size
+
+{}
+</code></pre>
+<p>Response:</p>
+<pre><code class="language-jsonc">{
+  &quot;rooms&quot;: [
+    {
+      &quot;room_id&quot;: &quot;!OGEhHVWSdvArJzumhm:matrix.org&quot;,
+      &quot;name&quot;: &quot;Matrix HQ&quot;,
+      &quot;canonical_alias&quot;: &quot;#matrix:matrix.org&quot;,
+      &quot;joined_members&quot;: 8326,
+      &quot;joined_local_members&quot;: 2,
+      &quot;version&quot;: &quot;1&quot;,
+      &quot;creator&quot;: &quot;@foo:matrix.org&quot;,
+      &quot;encryption&quot;: null,
+      &quot;federatable&quot;: true,
+      &quot;public&quot;: true,
+      &quot;join_rules&quot;: &quot;invite&quot;,
+      &quot;guest_access&quot;: null,
+      &quot;history_visibility&quot;: &quot;shared&quot;,
+      &quot;state_events&quot;: 93534
+    },
+    ... (98 hidden items) ...
+    {
+      &quot;room_id&quot;: &quot;!xYvNcQPhnkrdUmYczI:matrix.org&quot;,
+      &quot;name&quot;: &quot;This Week In Matrix (TWIM)&quot;,
+      &quot;canonical_alias&quot;: &quot;#twim:matrix.org&quot;,
+      &quot;joined_members&quot;: 314,
+      &quot;joined_local_members&quot;: 20,
+      &quot;version&quot;: &quot;4&quot;,
+      &quot;creator&quot;: &quot;@foo:matrix.org&quot;,
+      &quot;encryption&quot;: &quot;m.megolm.v1.aes-sha2&quot;,
+      &quot;federatable&quot;: true,
+      &quot;public&quot;: false,
+      &quot;join_rules&quot;: &quot;invite&quot;,
+      &quot;guest_access&quot;: null,
+      &quot;history_visibility&quot;: &quot;shared&quot;,
+      &quot;state_events&quot;: 8345
+    }
+  ],
+  &quot;offset&quot;: 0,
+  &quot;total_rooms&quot;: 150
+  &quot;next_token&quot;: 100
+}
+</code></pre>
+<p>The presence of the <code>next_token</code> parameter tells us that there are more rooms
+than returned in this request, and we need to make another request to get them.
+To get the next batch of room results, we repeat our request, setting the <code>from</code>
+parameter to the value of <code>next_token</code>.</p>
+<pre><code>GET /_synapse/admin/v1/rooms?order_by=size&amp;from=100
+
+{}
+</code></pre>
+<p>Response:</p>
+<pre><code class="language-jsonc">{
+  &quot;rooms&quot;: [
+    {
+      &quot;room_id&quot;: &quot;!mscvqgqpHYjBGDxNym:matrix.org&quot;,
+      &quot;name&quot;: &quot;Music Theory&quot;,
+      &quot;canonical_alias&quot;: &quot;#musictheory:matrix.org&quot;,
+      &quot;joined_members&quot;: 127,
+      &quot;joined_local_members&quot;: 2,
+      &quot;version&quot;: &quot;1&quot;,
+      &quot;creator&quot;: &quot;@foo:matrix.org&quot;,
+      &quot;encryption&quot;: null,
+      &quot;federatable&quot;: true,
+      &quot;public&quot;: true,
+      &quot;join_rules&quot;: &quot;invite&quot;,
+      &quot;guest_access&quot;: null,
+      &quot;history_visibility&quot;: &quot;shared&quot;,
+      &quot;state_events&quot;: 93534
+    },
+    ... (48 hidden items) ...
+    {
+      &quot;room_id&quot;: &quot;!twcBhHVdZlQWuuxBhN:termina.org.uk&quot;,
+      &quot;name&quot;: &quot;weechat-matrix&quot;,
+      &quot;canonical_alias&quot;: &quot;#weechat-matrix:termina.org.uk&quot;,
+      &quot;joined_members&quot;: 137,
+      &quot;joined_local_members&quot;: 20,
+      &quot;version&quot;: &quot;4&quot;,
+      &quot;creator&quot;: &quot;@foo:termina.org.uk&quot;,
+      &quot;encryption&quot;: null,
+      &quot;federatable&quot;: true,
+      &quot;public&quot;: true,
+      &quot;join_rules&quot;: &quot;invite&quot;,
+      &quot;guest_access&quot;: null,
+      &quot;history_visibility&quot;: &quot;shared&quot;,
+      &quot;state_events&quot;: 8345
+    }
+  ],
+  &quot;offset&quot;: 100,
+  &quot;prev_batch&quot;: 0,
+  &quot;total_rooms&quot;: 150
+}
+</code></pre>
+<p>Once the <code>next_token</code> parameter is no longer present, we know we've reached the
+end of the list.</p>
+<h1 id="room-details-api"><a class="header" href="#room-details-api">Room Details API</a></h1>
+<p>The Room Details admin API allows server admins to get all details of a room.</p>
+<p>The following fields are possible in the JSON response body:</p>
+<ul>
+<li><code>room_id</code> - The ID of the room.</li>
+<li><code>name</code> - The name of the room.</li>
+<li><code>topic</code> - The topic of the room.</li>
+<li><code>avatar</code> - The <code>mxc</code> URI to the avatar of the room.</li>
+<li><code>canonical_alias</code> - The canonical (main) alias address of the room.</li>
+<li><code>joined_members</code> - How many users are currently in the room.</li>
+<li><code>joined_local_members</code> - How many local users are currently in the room.</li>
+<li><code>joined_local_devices</code> - How many local devices are currently in the room.</li>
+<li><code>version</code> - The version of the room as a string.</li>
+<li><code>creator</code> - The <code>user_id</code> of the room creator.</li>
+<li><code>encryption</code> - Algorithm of end-to-end encryption of messages. Is <code>null</code> if encryption is not active.</li>
+<li><code>federatable</code> - Whether users on other servers can join this room.</li>
+<li><code>public</code> - Whether the room is visible in room directory.</li>
+<li><code>join_rules</code> - The type of rules used for users wishing to join this room. One of: [&quot;public&quot;, &quot;knock&quot;, &quot;invite&quot;, &quot;private&quot;].</li>
+<li><code>guest_access</code> - Whether guests can join the room. One of: [&quot;can_join&quot;, &quot;forbidden&quot;].</li>
+<li><code>history_visibility</code> - Who can see the room history. One of: [&quot;invited&quot;, &quot;joined&quot;, &quot;shared&quot;, &quot;world_readable&quot;].</li>
+<li><code>state_events</code> - Total number of state_events of a room. Complexity of the room.</li>
+</ul>
+<h2 id="usage-3"><a class="header" href="#usage-3">Usage</a></h2>
+<p>A standard request:</p>
+<pre><code>GET /_synapse/admin/v1/rooms/&lt;room_id&gt;
+
+{}
+</code></pre>
+<p>Response:</p>
+<pre><code class="language-json">{
+  &quot;room_id&quot;: &quot;!mscvqgqpHYjBGDxNym:matrix.org&quot;,
+  &quot;name&quot;: &quot;Music Theory&quot;,
+  &quot;avatar&quot;: &quot;mxc://matrix.org/AQDaVFlbkQoErdOgqWRgiGSV&quot;,
+  &quot;topic&quot;: &quot;Theory, Composition, Notation, Analysis&quot;,
+  &quot;canonical_alias&quot;: &quot;#musictheory:matrix.org&quot;,
+  &quot;joined_members&quot;: 127,
+  &quot;joined_local_members&quot;: 2,
+  &quot;joined_local_devices&quot;: 2,
+  &quot;version&quot;: &quot;1&quot;,
+  &quot;creator&quot;: &quot;@foo:matrix.org&quot;,
+  &quot;encryption&quot;: null,
+  &quot;federatable&quot;: true,
+  &quot;public&quot;: true,
+  &quot;join_rules&quot;: &quot;invite&quot;,
+  &quot;guest_access&quot;: null,
+  &quot;history_visibility&quot;: &quot;shared&quot;,
+  &quot;state_events&quot;: 93534
+}
+</code></pre>
+<h1 id="room-members-api"><a class="header" href="#room-members-api">Room Members API</a></h1>
+<p>The Room Members admin API allows server admins to get a list of all members of a room.</p>
+<p>The response includes the following fields:</p>
+<ul>
+<li><code>members</code> - A list of all the members that are present in the room, represented by their ids.</li>
+<li><code>total</code> - Total number of members in the room.</li>
+</ul>
+<h2 id="usage-4"><a class="header" href="#usage-4">Usage</a></h2>
+<p>A standard request:</p>
+<pre><code>GET /_synapse/admin/v1/rooms/&lt;room_id&gt;/members
+
+{}
+</code></pre>
+<p>Response:</p>
+<pre><code class="language-json">{
+  &quot;members&quot;: [
+    &quot;@foo:matrix.org&quot;,
+    &quot;@bar:matrix.org&quot;,
+    &quot;@foobar:matrix.org&quot;
+  ],
+  &quot;total&quot;: 3
+}
+</code></pre>
+<h1 id="room-state-api"><a class="header" href="#room-state-api">Room State API</a></h1>
+<p>The Room State admin API allows server admins to get a list of all state events in a room.</p>
+<p>The response includes the following fields:</p>
+<ul>
+<li><code>state</code> - The current state of the room at the time of request.</li>
+</ul>
+<h2 id="usage-5"><a class="header" href="#usage-5">Usage</a></h2>
+<p>A standard request:</p>
+<pre><code>GET /_synapse/admin/v1/rooms/&lt;room_id&gt;/state
+
+{}
+</code></pre>
+<p>Response:</p>
+<pre><code class="language-json">{
+  &quot;state&quot;: [
+    {&quot;type&quot;: &quot;m.room.create&quot;, &quot;state_key&quot;: &quot;&quot;, &quot;etc&quot;: true},
+    {&quot;type&quot;: &quot;m.room.power_levels&quot;, &quot;state_key&quot;: &quot;&quot;, &quot;etc&quot;: true},
+    {&quot;type&quot;: &quot;m.room.name&quot;, &quot;state_key&quot;: &quot;&quot;, &quot;etc&quot;: true}
+  ]
+}
+</code></pre>
+<h1 id="delete-room-api"><a class="header" href="#delete-room-api">Delete Room API</a></h1>
+<p>The Delete Room admin API allows server admins to remove rooms from server
+and block these rooms.</p>
+<p>Shuts down a room. Moves all local users and room aliases automatically to a
+new room if <code>new_room_user_id</code> is set. Otherwise local users only
+leave the room without any information.</p>
+<p>The new room will be created with the user specified by the <code>new_room_user_id</code> parameter
+as room administrator and will contain a message explaining what happened. Users invited
+to the new room will have power level <code>-10</code> by default, and thus be unable to speak.</p>
+<p>If <code>block</code> is <code>True</code> it prevents new joins to the old room.</p>
+<p>This API will remove all trace of the old room from your database after removing
+all local users. If <code>purge</code> is <code>true</code> (the default), all traces of the old room will
+be removed from your database after removing all local users. If you do not want
+this to happen, set <code>purge</code> to <code>false</code>.
+Depending on the amount of history being purged a call to the API may take
+several minutes or longer.</p>
+<p>The local server will only have the power to move local user and room aliases to
+the new room. Users on other servers will be unaffected.</p>
+<p>The API is:</p>
+<pre><code>DELETE /_synapse/admin/v1/rooms/&lt;room_id&gt;
+</code></pre>
+<p>with a body of:</p>
+<pre><code class="language-json">{
+    &quot;new_room_user_id&quot;: &quot;@someuser:example.com&quot;,
+    &quot;room_name&quot;: &quot;Content Violation Notification&quot;,
+    &quot;message&quot;: &quot;Bad Room has been shutdown due to content violations on this server. Please review our Terms of Service.&quot;,
+    &quot;block&quot;: true,
+    &quot;purge&quot;: true
+}
+</code></pre>
+<p>To use it, you will need to authenticate by providing an <code>access_token</code> for a
+server admin: see <a href="admin_api/../usage/administration/admin_api">Admin API</a>.</p>
+<p>A response body like the following is returned:</p>
+<pre><code class="language-json">{
+    &quot;kicked_users&quot;: [
+        &quot;@foobar:example.com&quot;
+    ],
+    &quot;failed_to_kick_users&quot;: [],
+    &quot;local_aliases&quot;: [
+        &quot;#badroom:example.com&quot;,
+        &quot;#evilsaloon:example.com&quot;
+    ],
+    &quot;new_room_id&quot;: &quot;!newroomid:example.com&quot;
+}
+</code></pre>
+<h2 id="parameters-2"><a class="header" href="#parameters-2">Parameters</a></h2>
+<p>The following parameters should be set in the URL:</p>
+<ul>
+<li><code>room_id</code> - The ID of the room.</li>
+</ul>
+<p>The following JSON body parameters are available:</p>
+<ul>
+<li><code>new_room_user_id</code> - Optional. If set, a new room will be created with this user ID
+as the creator and admin, and all users in the old room will be moved into that
+room. If not set, no new room will be created and the users will just be removed
+from the old room. The user ID must be on the local server, but does not necessarily
+have to belong to a registered user.</li>
+<li><code>room_name</code> - Optional. A string representing the name of the room that new users will be
+invited to. Defaults to <code>Content Violation Notification</code></li>
+<li><code>message</code> - Optional. A string containing the first message that will be sent as
+<code>new_room_user_id</code> in the new room. Ideally this will clearly convey why the
+original room was shut down. Defaults to <code>Sharing illegal content on this server is not permitted and rooms in violation will be blocked.</code></li>
+<li><code>block</code> - Optional. If set to <code>true</code>, this room will be added to a blocking list, preventing
+future attempts to join the room. Defaults to <code>false</code>.</li>
+<li><code>purge</code> - Optional. If set to <code>true</code>, it will remove all traces of the room from your database.
+Defaults to <code>true</code>.</li>
+<li><code>force_purge</code> - Optional, and ignored unless <code>purge</code> is <code>true</code>. If set to <code>true</code>, it
+will force a purge to go ahead even if there are local users still in the room. Do not
+use this unless a regular <code>purge</code> operation fails, as it could leave those users'
+clients in a confused state.</li>
+</ul>
+<p>The JSON body must not be empty. The body must be at least <code>{}</code>.</p>
+<h2 id="response"><a class="header" href="#response">Response</a></h2>
+<p>The following fields are returned in the JSON response body:</p>
+<ul>
+<li><code>kicked_users</code> - An array of users (<code>user_id</code>) that were kicked.</li>
+<li><code>failed_to_kick_users</code> - An array of users (<code>user_id</code>) that that were not kicked.</li>
+<li><code>local_aliases</code> - An array of strings representing the local aliases that were migrated from
+the old room to the new.</li>
+<li><code>new_room_id</code> - A string representing the room ID of the new room.</li>
+</ul>
+<h2 id="undoing-room-shutdowns"><a class="header" href="#undoing-room-shutdowns">Undoing room shutdowns</a></h2>
+<p><em>Note</em>: This guide may be outdated by the time you read it. By nature of room shutdowns being performed at the database level,
+the structure can and does change without notice.</p>
+<p>First, it's important to understand that a room shutdown is very destructive. Undoing a shutdown is not as simple as pretending it
+never happened - work has to be done to move forward instead of resetting the past. In fact, in some cases it might not be possible
+to recover at all:</p>
+<ul>
+<li>If the room was invite-only, your users will need to be re-invited.</li>
+<li>If the room no longer has any members at all, it'll be impossible to rejoin.</li>
+<li>The first user to rejoin will have to do so via an alias on a different server.</li>
+</ul>
+<p>With all that being said, if you still want to try and recover the room:</p>
+<ol>
+<li>For safety reasons, shut down Synapse.</li>
+<li>In the database, run <code>DELETE FROM blocked_rooms WHERE room_id = '!example:example.org';</code>
+<ul>
+<li>For caution: it's recommended to run this in a transaction: <code>BEGIN; DELETE ...;</code>, verify you got 1 result, then <code>COMMIT;</code>.</li>
+<li>The room ID is the same one supplied to the shutdown room API, not the Content Violation room.</li>
+</ul>
+</li>
+<li>Restart Synapse.</li>
+</ol>
+<p>You will have to manually handle, if you so choose, the following:</p>
+<ul>
+<li>Aliases that would have been redirected to the Content Violation room.</li>
+<li>Users that would have been booted from the room (and will have been force-joined to the Content Violation room).</li>
+<li>Removal of the Content Violation room if desired.</li>
+</ul>
+<h2 id="deprecated-endpoint"><a class="header" href="#deprecated-endpoint">Deprecated endpoint</a></h2>
+<p>The previous deprecated API will be removed in a future release, it was:</p>
+<pre><code>POST /_synapse/admin/v1/rooms/&lt;room_id&gt;/delete
+</code></pre>
+<p>It behaves the same way than the current endpoint except the path and the method.</p>
+<h1 id="make-room-admin-api"><a class="header" href="#make-room-admin-api">Make Room Admin API</a></h1>
+<p>Grants another user the highest power available to a local user who is in the room.
+If the user is not in the room, and it is not publicly joinable, then invite the user.</p>
+<p>By default the server admin (the caller) is granted power, but another user can
+optionally be specified, e.g.:</p>
+<pre><code>    POST /_synapse/admin/v1/rooms/&lt;room_id_or_alias&gt;/make_room_admin
+    {
+        &quot;user_id&quot;: &quot;@foo:example.com&quot;
+    }
+</code></pre>
+<h1 id="forward-extremities-admin-api"><a class="header" href="#forward-extremities-admin-api">Forward Extremities Admin API</a></h1>
+<p>Enables querying and deleting forward extremities from rooms. When a lot of forward
+extremities accumulate in a room, performance can become degraded. For details, see 
+<a href="https://github.com/matrix-org/synapse/issues/1760">#1760</a>.</p>
+<h2 id="check-for-forward-extremities"><a class="header" href="#check-for-forward-extremities">Check for forward extremities</a></h2>
+<p>To check the status of forward extremities for a room:</p>
+<pre><code>    GET /_synapse/admin/v1/rooms/&lt;room_id_or_alias&gt;/forward_extremities
+</code></pre>
+<p>A response as follows will be returned:</p>
+<pre><code class="language-json">{
+  &quot;count&quot;: 1,
+  &quot;results&quot;: [
+    {
+      &quot;event_id&quot;: &quot;$M5SP266vsnxctfwFgFLNceaCo3ujhRtg_NiiHabcdefgh&quot;,
+      &quot;state_group&quot;: 439,
+      &quot;depth&quot;: 123,
+      &quot;received_ts&quot;: 1611263016761
+    }
+  ]
+}    
+</code></pre>
+<h2 id="deleting-forward-extremities"><a class="header" href="#deleting-forward-extremities">Deleting forward extremities</a></h2>
+<p><strong>WARNING</strong>: Please ensure you know what you're doing and have read 
+the related issue <a href="https://github.com/matrix-org/synapse/issues/1760">#1760</a>.
+Under no situations should this API be executed as an automated maintenance task!</p>
+<p>If a room has lots of forward extremities, the extra can be
+deleted as follows:</p>
+<pre><code>    DELETE /_synapse/admin/v1/rooms/&lt;room_id_or_alias&gt;/forward_extremities
+</code></pre>
+<p>A response as follows will be returned, indicating the amount of forward extremities
+that were deleted.</p>
+<pre><code class="language-json">{
+  &quot;deleted&quot;: 1
+}
+</code></pre>
+<h1 id="event-context-api"><a class="header" href="#event-context-api">Event Context API</a></h1>
+<p>This API lets a client find the context of an event. This is designed primarily to investigate abuse reports.</p>
+<pre><code>GET /_synapse/admin/v1/rooms/&lt;room_id&gt;/context/&lt;event_id&gt;
+</code></pre>
+<p>This API mimmicks <a href="https://matrix.org/docs/spec/client_server/r0.6.1#get-matrix-client-r0-rooms-roomid-context-eventid">GET /_matrix/client/r0/rooms/{roomId}/context/{eventId}</a>. Please refer to the link for all details on parameters and reseponse.</p>
+<p>Example response:</p>
+<pre><code class="language-json">{
+  &quot;end&quot;: &quot;t29-57_2_0_2&quot;,
+  &quot;events_after&quot;: [
+    {
+      &quot;content&quot;: {
+        &quot;body&quot;: &quot;This is an example text message&quot;,
+        &quot;msgtype&quot;: &quot;m.text&quot;,
+        &quot;format&quot;: &quot;org.matrix.custom.html&quot;,
+        &quot;formatted_body&quot;: &quot;&lt;b&gt;This is an example text message&lt;/b&gt;&quot;
+      },
+      &quot;type&quot;: &quot;m.room.message&quot;,
+      &quot;event_id&quot;: &quot;$143273582443PhrSn:example.org&quot;,
+      &quot;room_id&quot;: &quot;!636q39766251:example.com&quot;,
+      &quot;sender&quot;: &quot;@example:example.org&quot;,
+      &quot;origin_server_ts&quot;: 1432735824653,
+      &quot;unsigned&quot;: {
+        &quot;age&quot;: 1234
+      }
+    }
+  ],
+  &quot;event&quot;: {
+    &quot;content&quot;: {
+      &quot;body&quot;: &quot;filename.jpg&quot;,
+      &quot;info&quot;: {
+        &quot;h&quot;: 398,
+        &quot;w&quot;: 394,
+        &quot;mimetype&quot;: &quot;image/jpeg&quot;,
+        &quot;size&quot;: 31037
+      },
+      &quot;url&quot;: &quot;mxc://example.org/JWEIFJgwEIhweiWJE&quot;,
+      &quot;msgtype&quot;: &quot;m.image&quot;
+    },
+    &quot;type&quot;: &quot;m.room.message&quot;,
+    &quot;event_id&quot;: &quot;$f3h4d129462ha:example.com&quot;,
+    &quot;room_id&quot;: &quot;!636q39766251:example.com&quot;,
+    &quot;sender&quot;: &quot;@example:example.org&quot;,
+    &quot;origin_server_ts&quot;: 1432735824653,
+    &quot;unsigned&quot;: {
+      &quot;age&quot;: 1234
+    }
+  },
+  &quot;events_before&quot;: [
+    {
+      &quot;content&quot;: {
+        &quot;body&quot;: &quot;something-important.doc&quot;,
+        &quot;filename&quot;: &quot;something-important.doc&quot;,
+        &quot;info&quot;: {
+          &quot;mimetype&quot;: &quot;application/msword&quot;,
+          &quot;size&quot;: 46144
+        },
+        &quot;msgtype&quot;: &quot;m.file&quot;,
+        &quot;url&quot;: &quot;mxc://example.org/FHyPlCeYUSFFxlgbQYZmoEoe&quot;
+      },
+      &quot;type&quot;: &quot;m.room.message&quot;,
+      &quot;event_id&quot;: &quot;$143273582443PhrSn:example.org&quot;,
+      &quot;room_id&quot;: &quot;!636q39766251:example.com&quot;,
+      &quot;sender&quot;: &quot;@example:example.org&quot;,
+      &quot;origin_server_ts&quot;: 1432735824653,
+      &quot;unsigned&quot;: {
+        &quot;age&quot;: 1234
+      }
+    }
+  ],
+  &quot;start&quot;: &quot;t27-54_2_0_2&quot;,
+  &quot;state&quot;: [
+    {
+      &quot;content&quot;: {
+        &quot;creator&quot;: &quot;@example:example.org&quot;,
+        &quot;room_version&quot;: &quot;1&quot;,
+        &quot;m.federate&quot;: true,
+        &quot;predecessor&quot;: {
+          &quot;event_id&quot;: &quot;$something:example.org&quot;,
+          &quot;room_id&quot;: &quot;!oldroom:example.org&quot;
+        }
+      },
+      &quot;type&quot;: &quot;m.room.create&quot;,
+      &quot;event_id&quot;: &quot;$143273582443PhrSn:example.org&quot;,
+      &quot;room_id&quot;: &quot;!636q39766251:example.com&quot;,
+      &quot;sender&quot;: &quot;@example:example.org&quot;,
+      &quot;origin_server_ts&quot;: 1432735824653,
+      &quot;unsigned&quot;: {
+        &quot;age&quot;: 1234
+      },
+      &quot;state_key&quot;: &quot;&quot;
+    },
+    {
+      &quot;content&quot;: {
+        &quot;membership&quot;: &quot;join&quot;,
+        &quot;avatar_url&quot;: &quot;mxc://example.org/SEsfnsuifSDFSSEF&quot;,
+        &quot;displayname&quot;: &quot;Alice Margatroid&quot;
+      },
+      &quot;type&quot;: &quot;m.room.member&quot;,
+      &quot;event_id&quot;: &quot;$143273582443PhrSn:example.org&quot;,
+      &quot;room_id&quot;: &quot;!636q39766251:example.com&quot;,
+      &quot;sender&quot;: &quot;@example:example.org&quot;,
+      &quot;origin_server_ts&quot;: 1432735824653,
+      &quot;unsigned&quot;: {
+        &quot;age&quot;: 1234
+      },
+      &quot;state_key&quot;: &quot;@alice:example.org&quot;
+    }
+  ]
+}
+</code></pre>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="server-notices-1"><a class="header" href="#server-notices-1">Server Notices</a></h1>
+<p>The API to send notices is as follows:</p>
+<pre><code>POST /_synapse/admin/v1/send_server_notice
+</code></pre>
+<p>or:</p>
+<pre><code>PUT /_synapse/admin/v1/send_server_notice/{txnId}
+</code></pre>
+<p>You will need to authenticate with an access token for an admin user.</p>
+<p>When using the <code>PUT</code> form, retransmissions with the same transaction ID will be
+ignored in the same way as with <code>PUT /_matrix/client/r0/rooms/{roomId}/send/{eventType}/{txnId}</code>.</p>
+<p>The request body should look something like the following:</p>
+<pre><code class="language-json">{
+    &quot;user_id&quot;: &quot;@target_user:server_name&quot;,
+    &quot;content&quot;: {
+        &quot;msgtype&quot;: &quot;m.text&quot;,
+        &quot;body&quot;: &quot;This is my message&quot;
+    }
+}
+</code></pre>
+<p>You can optionally include the following additional parameters:</p>
+<ul>
+<li><code>type</code>: the type of event. Defaults to <code>m.room.message</code>.</li>
+<li><code>state_key</code>: Setting this will result in a state event being sent.</li>
+</ul>
+<p>Once the notice has been sent, the API will return the following response:</p>
+<pre><code class="language-json">{
+    &quot;event_id&quot;: &quot;&lt;event_id&gt;&quot;
+}
+</code></pre>
+<p>Note that server notices must be enabled in <code>homeserver.yaml</code> before this API
+can be used. See <a href="admin_api/../server_notices.html">server_notices.md</a> for more information.</p>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="deprecated-shutdown-room-api"><a class="header" href="#deprecated-shutdown-room-api">Deprecated: Shutdown room API</a></h1>
+<p><strong>The old Shutdown room API is deprecated and will be removed in a future release.
+See the new <a href="admin_api/rooms.html#delete-room-api">Delete Room API</a> for more details.</strong></p>
+<p>Shuts down a room, preventing new joins and moves local users and room aliases automatically
+to a new room. The new room will be created with the user specified by the
+<code>new_room_user_id</code> parameter as room administrator and will contain a message
+explaining what happened. Users invited to the new room will have power level
+-10 by default, and thus be unable to speak. The old room's power levels will be changed to
+disallow any further invites or joins.</p>
+<p>The local server will only have the power to move local user and room aliases to
+the new room. Users on other servers will be unaffected.</p>
+<h2 id="api-1"><a class="header" href="#api-1">API</a></h2>
+<p>You will need to authenticate with an access token for an admin user.</p>
+<h3 id="url"><a class="header" href="#url">URL</a></h3>
+<p><code>POST /_synapse/admin/v1/shutdown_room/{room_id}</code></p>
+<h3 id="url-parameters"><a class="header" href="#url-parameters">URL Parameters</a></h3>
+<ul>
+<li><code>room_id</code> - The ID of the room (e.g <code>!someroom:example.com</code>)</li>
+</ul>
+<h3 id="json-body-parameters"><a class="header" href="#json-body-parameters">JSON Body Parameters</a></h3>
+<ul>
+<li><code>new_room_user_id</code> - Required. A string representing the user ID of the user that will admin
+the new room that all users in the old room will be moved to.</li>
+<li><code>room_name</code> - Optional. A string representing the name of the room that new users will be
+invited to.</li>
+<li><code>message</code> - Optional. A string containing the first message that will be sent as
+<code>new_room_user_id</code> in the new room. Ideally this will clearly convey why the
+original room was shut down.</li>
+</ul>
+<p>If not specified, the default value of <code>room_name</code> is &quot;Content Violation
+Notification&quot;. The default value of <code>message</code> is &quot;Sharing illegal content on
+othis server is not permitted and rooms in violation will be blocked.&quot;</p>
+<h3 id="response-parameters"><a class="header" href="#response-parameters">Response Parameters</a></h3>
+<ul>
+<li><code>kicked_users</code> - An integer number representing the number of users that
+were kicked.</li>
+<li><code>failed_to_kick_users</code> - An integer number representing the number of users
+that were not kicked.</li>
+<li><code>local_aliases</code> - An array of strings representing the local aliases that were migrated from
+the old room to the new.</li>
+<li><code>new_room_id</code> - A string representing the room ID of the new room.</li>
+</ul>
+<h2 id="example-4"><a class="header" href="#example-4">Example</a></h2>
+<p>Request:</p>
+<pre><code>POST /_synapse/admin/v1/shutdown_room/!somebadroom%3Aexample.com
+
+{
+    &quot;new_room_user_id&quot;: &quot;@someuser:example.com&quot;,
+    &quot;room_name&quot;: &quot;Content Violation Notification&quot;,
+    &quot;message&quot;: &quot;Bad Room has been shutdown due to content violations on this server. Please review our Terms of Service.&quot;
+}
+</code></pre>
+<p>Response:</p>
+<pre><code>{
+    &quot;kicked_users&quot;: 5,
+    &quot;failed_to_kick_users&quot;: 0,
+    &quot;local_aliases&quot;: [&quot;#badroom:example.com&quot;, &quot;#evilsaloon:example.com],
+    &quot;new_room_id&quot;: &quot;!newroomid:example.com&quot;,
+},
+</code></pre>
+<h2 id="undoing-room-shutdowns-1"><a class="header" href="#undoing-room-shutdowns-1">Undoing room shutdowns</a></h2>
+<p><em>Note</em>: This guide may be outdated by the time you read it. By nature of room shutdowns being performed at the database level,
+the structure can and does change without notice.</p>
+<p>First, it's important to understand that a room shutdown is very destructive. Undoing a shutdown is not as simple as pretending it
+never happened - work has to be done to move forward instead of resetting the past. In fact, in some cases it might not be possible
+to recover at all:</p>
+<ul>
+<li>If the room was invite-only, your users will need to be re-invited.</li>
+<li>If the room no longer has any members at all, it'll be impossible to rejoin.</li>
+<li>The first user to rejoin will have to do so via an alias on a different server.</li>
+</ul>
+<p>With all that being said, if you still want to try and recover the room:</p>
+<ol>
+<li>For safety reasons, shut down Synapse.</li>
+<li>In the database, run <code>DELETE FROM blocked_rooms WHERE room_id = '!example:example.org';</code>
+<ul>
+<li>For caution: it's recommended to run this in a transaction: <code>BEGIN; DELETE ...;</code>, verify you got 1 result, then <code>COMMIT;</code>.</li>
+<li>The room ID is the same one supplied to the shutdown room API, not the Content Violation room.</li>
+</ul>
+</li>
+<li>Restart Synapse.</li>
+</ol>
+<p>You will have to manually handle, if you so choose, the following:</p>
+<ul>
+<li>Aliases that would have been redirected to the Content Violation room.</li>
+<li>Users that would have been booted from the room (and will have been force-joined to the Content Violation room).</li>
+<li>Removal of the Content Violation room if desired.</li>
+</ul>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="users-media-usage-statistics"><a class="header" href="#users-media-usage-statistics">Users' media usage statistics</a></h1>
+<p>Returns information about all local media usage of users. Gives the
+possibility to filter them by time and user.</p>
+<p>The API is:</p>
+<pre><code>GET /_synapse/admin/v1/statistics/users/media
+</code></pre>
+<p>To use it, you will need to authenticate by providing an <code>access_token</code>
+for a server admin: see <a href="admin_api/../usage/administration/admin_api">Admin API</a>.</p>
+<p>A response body like the following is returned:</p>
+<pre><code class="language-json">{
+  &quot;users&quot;: [
+    {
+      &quot;displayname&quot;: &quot;foo_user_0&quot;,
+      &quot;media_count&quot;: 2,
+      &quot;media_length&quot;: 134,
+      &quot;user_id&quot;: &quot;@foo_user_0:test&quot;
+    },
+    {
+      &quot;displayname&quot;: &quot;foo_user_1&quot;,
+      &quot;media_count&quot;: 2,
+      &quot;media_length&quot;: 134,
+      &quot;user_id&quot;: &quot;@foo_user_1:test&quot;
+    }
+  ],
+  &quot;next_token&quot;: 3,
+  &quot;total&quot;: 10
+}
+</code></pre>
+<p>To paginate, check for <code>next_token</code> and if present, call the endpoint
+again with <code>from</code> set to the value of <code>next_token</code>. This will return a new page.</p>
+<p>If the endpoint does not return a <code>next_token</code> then there are no more
+reports to paginate through.</p>
+<p><strong>Parameters</strong></p>
+<p>The following parameters should be set in the URL:</p>
+<ul>
+<li><code>limit</code>: string representing a positive integer - Is optional but is
+used for pagination, denoting the maximum number of items to return
+in this call. Defaults to <code>100</code>.</li>
+<li><code>from</code>: string representing a positive integer - Is optional but used for pagination,
+denoting the offset in the returned results. This should be treated as an opaque value
+and not explicitly set to anything other than the return value of <code>next_token</code> from a
+previous call. Defaults to <code>0</code>.</li>
+<li><code>order_by</code> - string - The method in which to sort the returned list of users. Valid values are:
+<ul>
+<li><code>user_id</code> - Users are ordered alphabetically by <code>user_id</code>. This is the default.</li>
+<li><code>displayname</code> - Users are ordered alphabetically by <code>displayname</code>.</li>
+<li><code>media_length</code> - Users are ordered by the total size of uploaded media in bytes.
+Smallest to largest.</li>
+<li><code>media_count</code> - Users are ordered by number of uploaded media. Smallest to largest.</li>
+</ul>
+</li>
+<li><code>from_ts</code> - string representing a positive integer - Considers only
+files created at this timestamp or later. Unix timestamp in ms.</li>
+<li><code>until_ts</code> - string representing a positive integer - Considers only
+files created at this timestamp or earlier. Unix timestamp in ms.</li>
+<li><code>search_term</code> - string - Filter users by their user ID localpart <strong>or</strong> displayname.
+The search term can be found in any part of the string.
+Defaults to no filtering.</li>
+<li><code>dir</code> - string - Direction of order. Either <code>f</code> for forwards or <code>b</code> for backwards.
+Setting this value to <code>b</code> will reverse the above sort order. Defaults to <code>f</code>.</li>
+</ul>
+<p><strong>Response</strong></p>
+<p>The following fields are returned in the JSON response body:</p>
+<ul>
+<li><code>users</code> - An array of objects, each containing information
+about the user and their local media. Objects contain the following fields:
+<ul>
+<li><code>displayname</code> - string - Displayname of this user.</li>
+<li><code>media_count</code> - integer - Number of uploaded media by this user.</li>
+<li><code>media_length</code> - integer - Size of uploaded media in bytes by this user.</li>
+<li><code>user_id</code> - string - Fully-qualified user ID (ex. <code>@user:server.com</code>).</li>
+</ul>
+</li>
+<li><code>next_token</code> - integer - Opaque value used for pagination. See above.</li>
+<li><code>total</code> - integer - Total number of users after filtering.</li>
+</ul>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="user-admin-api"><a class="header" href="#user-admin-api">User Admin API</a></h1>
+<h2 id="query-user-account"><a class="header" href="#query-user-account">Query User Account</a></h2>
+<p>This API returns information about a specific user account.</p>
+<p>The api is:</p>
+<pre><code>GET /_synapse/admin/v2/users/&lt;user_id&gt;
+</code></pre>
+<p>To use it, you will need to authenticate by providing an <code>access_token</code> for a
+server admin: <a href="admin_api/../usage/administration/admin_api">Admin API</a></p>
+<p>It returns a JSON body like the following:</p>
+<pre><code class="language-json">{
+    &quot;displayname&quot;: &quot;User&quot;,
+    &quot;threepids&quot;: [
+        {
+            &quot;medium&quot;: &quot;email&quot;,
+            &quot;address&quot;: &quot;&lt;user_mail_1&gt;&quot;
+        },
+        {
+            &quot;medium&quot;: &quot;email&quot;,
+            &quot;address&quot;: &quot;&lt;user_mail_2&gt;&quot;
+        }
+    ],
+    &quot;avatar_url&quot;: &quot;&lt;avatar_url&gt;&quot;,
+    &quot;admin&quot;: 0,
+    &quot;deactivated&quot;: 0,
+    &quot;shadow_banned&quot;: 0,
+    &quot;password_hash&quot;: &quot;$2b$12$p9B4GkqYdRTPGD&quot;,
+    &quot;creation_ts&quot;: 1560432506,
+    &quot;appservice_id&quot;: null,
+    &quot;consent_server_notice_sent&quot;: null,
+    &quot;consent_version&quot;: null,
+    &quot;external_ids&quot;: [
+        {
+            &quot;auth_provider&quot;: &quot;&lt;provider1&gt;&quot;,
+            &quot;external_id&quot;: &quot;&lt;user_id_provider_1&gt;&quot;
+        },
+        {
+            &quot;auth_provider&quot;: &quot;&lt;provider2&gt;&quot;,
+            &quot;external_id&quot;: &quot;&lt;user_id_provider_2&gt;&quot;
+        }
+    ]
+}
+</code></pre>
+<p>URL parameters:</p>
+<ul>
+<li><code>user_id</code>: fully-qualified user id: for example, <code>@user:server.com</code>.</li>
+</ul>
+<h2 id="create-or-modify-account"><a class="header" href="#create-or-modify-account">Create or modify Account</a></h2>
+<p>This API allows an administrator to create or modify a user account with a
+specific <code>user_id</code>.</p>
+<p>This api is:</p>
+<pre><code>PUT /_synapse/admin/v2/users/&lt;user_id&gt;
+</code></pre>
+<p>with a body of:</p>
+<pre><code class="language-json">{
+    &quot;password&quot;: &quot;user_password&quot;,
+    &quot;displayname&quot;: &quot;User&quot;,
+    &quot;threepids&quot;: [
+        {
+            &quot;medium&quot;: &quot;email&quot;,
+            &quot;address&quot;: &quot;&lt;user_mail_1&gt;&quot;
+        },
+        {
+            &quot;medium&quot;: &quot;email&quot;,
+            &quot;address&quot;: &quot;&lt;user_mail_2&gt;&quot;
+        }
+    ],
+    &quot;avatar_url&quot;: &quot;&lt;avatar_url&gt;&quot;,
+    &quot;admin&quot;: false,
+    &quot;deactivated&quot;: false
+}
+</code></pre>
+<p>To use it, you will need to authenticate by providing an <code>access_token</code> for a
+server admin: <a href="admin_api/../usage/administration/admin_api">Admin API</a></p>
+<p>URL parameters:</p>
+<ul>
+<li><code>user_id</code>: fully-qualified user id: for example, <code>@user:server.com</code>.</li>
+</ul>
+<p>Body parameters:</p>
+<ul>
+<li>
+<p><code>password</code>, optional. If provided, the user's password is updated and all
+devices are logged out.</p>
+</li>
+<li>
+<p><code>displayname</code>, optional, defaults to the value of <code>user_id</code>.</p>
+</li>
+<li>
+<p><code>threepids</code>, optional, allows setting the third-party IDs (email, msisdn)
+belonging to a user.</p>
+</li>
+<li>
+<p><code>avatar_url</code>, optional, must be a
+<a href="https://matrix.org/docs/spec/client_server/r0.6.0#matrix-content-mxc-uris">MXC URI</a>.</p>
+</li>
+<li>
+<p><code>admin</code>, optional, defaults to <code>false</code>.</p>
+</li>
+<li>
+<p><code>deactivated</code>, optional. If unspecified, deactivation state will be left
+unchanged on existing accounts and set to <code>false</code> for new accounts.
+A user cannot be erased by deactivating with this API. For details on
+deactivating users see <a href="admin_api/user_admin_api.html#deactivate-account">Deactivate Account</a>.</p>
+</li>
+</ul>
+<p>If the user already exists then optional parameters default to the current value.</p>
+<p>In order to re-activate an account <code>deactivated</code> must be set to <code>false</code>. If
+users do not login via single-sign-on, a new <code>password</code> must be provided.</p>
+<h2 id="list-accounts"><a class="header" href="#list-accounts">List Accounts</a></h2>
+<p>This API returns all local user accounts.
+By default, the response is ordered by ascending user ID.</p>
+<pre><code>GET /_synapse/admin/v2/users?from=0&amp;limit=10&amp;guests=false
+</code></pre>
+<p>To use it, you will need to authenticate by providing an <code>access_token</code> for a
+server admin: <a href="admin_api/../usage/administration/admin_api">Admin API</a></p>
+<p>A response body like the following is returned:</p>
+<pre><code class="language-json">{
+    &quot;users&quot;: [
+        {
+            &quot;name&quot;: &quot;&lt;user_id1&gt;&quot;,
+            &quot;is_guest&quot;: 0,
+            &quot;admin&quot;: 0,
+            &quot;user_type&quot;: null,
+            &quot;deactivated&quot;: 0,
+            &quot;shadow_banned&quot;: 0,
+            &quot;displayname&quot;: &quot;&lt;User One&gt;&quot;,
+            &quot;avatar_url&quot;: null
+        }, {
+            &quot;name&quot;: &quot;&lt;user_id2&gt;&quot;,
+            &quot;is_guest&quot;: 0,
+            &quot;admin&quot;: 1,
+            &quot;user_type&quot;: null,
+            &quot;deactivated&quot;: 0,
+            &quot;shadow_banned&quot;: 0,
+            &quot;displayname&quot;: &quot;&lt;User Two&gt;&quot;,
+            &quot;avatar_url&quot;: &quot;&lt;avatar_url&gt;&quot;
+        }
+    ],
+    &quot;next_token&quot;: &quot;100&quot;,
+    &quot;total&quot;: 200
+}
+</code></pre>
+<p>To paginate, check for <code>next_token</code> and if present, call the endpoint again
+with <code>from</code> set to the value of <code>next_token</code>. This will return a new page.</p>
+<p>If the endpoint does not return a <code>next_token</code> then there are no more users
+to paginate through.</p>
+<p><strong>Parameters</strong></p>
+<p>The following parameters should be set in the URL:</p>
+<ul>
+<li>
+<p><code>user_id</code> - Is optional and filters to only return users with user IDs
+that contain this value. This parameter is ignored when using the <code>name</code> parameter.</p>
+</li>
+<li>
+<p><code>name</code> - Is optional and filters to only return users with user ID localparts
+<strong>or</strong> displaynames that contain this value.</p>
+</li>
+<li>
+<p><code>guests</code> - string representing a bool - Is optional and if <code>false</code> will <strong>exclude</strong> guest users.
+Defaults to <code>true</code> to include guest users.</p>
+</li>
+<li>
+<p><code>deactivated</code> - string representing a bool - Is optional and if <code>true</code> will <strong>include</strong> deactivated users.
+Defaults to <code>false</code> to exclude deactivated users.</p>
+</li>
+<li>
+<p><code>limit</code> - string representing a positive integer - Is optional but is used for pagination,
+denoting the maximum number of items to return in this call. Defaults to <code>100</code>.</p>
+</li>
+<li>
+<p><code>from</code> - string representing a positive integer - Is optional but used for pagination,
+denoting the offset in the returned results. This should be treated as an opaque value and
+not explicitly set to anything other than the return value of <code>next_token</code> from a previous call.
+Defaults to <code>0</code>.</p>
+</li>
+<li>
+<p><code>order_by</code> - The method by which to sort the returned list of users.
+If the ordered field has duplicates, the second order is always by ascending <code>name</code>,
+which guarantees a stable ordering. Valid values are:</p>
+<ul>
+<li><code>name</code> - Users are ordered alphabetically by <code>name</code>. This is the default.</li>
+<li><code>is_guest</code> - Users are ordered by <code>is_guest</code> status.</li>
+<li><code>admin</code> - Users are ordered by <code>admin</code> status.</li>
+<li><code>user_type</code> - Users are ordered alphabetically by <code>user_type</code>.</li>
+<li><code>deactivated</code> - Users are ordered by <code>deactivated</code> status.</li>
+<li><code>shadow_banned</code> - Users are ordered by <code>shadow_banned</code> status.</li>
+<li><code>displayname</code> - Users are ordered alphabetically by <code>displayname</code>.</li>
+<li><code>avatar_url</code> - Users are ordered alphabetically by avatar URL.</li>
+</ul>
+</li>
+<li>
+<p><code>dir</code> - Direction of media order. Either <code>f</code> for forwards or <code>b</code> for backwards.
+Setting this value to <code>b</code> will reverse the above sort order. Defaults to <code>f</code>.</p>
+</li>
+</ul>
+<p>Caution. The database only has indexes on the columns <code>name</code> and <code>created_ts</code>.
+This means that if a different sort order is used (<code>is_guest</code>, <code>admin</code>,
+<code>user_type</code>, <code>deactivated</code>, <code>shadow_banned</code>, <code>avatar_url</code> or <code>displayname</code>),
+this can cause a large load on the database, especially for large environments.</p>
+<p><strong>Response</strong></p>
+<p>The following fields are returned in the JSON response body:</p>
+<ul>
+<li>
+<p><code>users</code> - An array of objects, each containing information about an user.
+User objects contain the following fields:</p>
+<ul>
+<li><code>name</code> - string - Fully-qualified user ID (ex. <code>@user:server.com</code>).</li>
+<li><code>is_guest</code> - bool - Status if that user is a guest account.</li>
+<li><code>admin</code> - bool - Status if that user is a server administrator.</li>
+<li><code>user_type</code> - string - Type of the user. Normal users are type <code>None</code>.
+This allows user type specific behaviour. There are also types <code>support</code> and <code>bot</code>. </li>
+<li><code>deactivated</code> - bool - Status if that user has been marked as deactivated.</li>
+<li><code>shadow_banned</code> - bool - Status if that user has been marked as shadow banned.</li>
+<li><code>displayname</code> - string - The user's display name if they have set one.</li>
+<li><code>avatar_url</code> - string -  The user's avatar URL if they have set one.</li>
+</ul>
+</li>
+<li>
+<p><code>next_token</code>: string representing a positive integer - Indication for pagination. See above.</p>
+</li>
+<li>
+<p><code>total</code> - integer - Total number of media.</p>
+</li>
+</ul>
+<h2 id="query-current-sessions-for-a-user"><a class="header" href="#query-current-sessions-for-a-user">Query current sessions for a user</a></h2>
+<p>This API returns information about the active sessions for a specific user.</p>
+<p>The endpoints are:</p>
+<pre><code>GET /_synapse/admin/v1/whois/&lt;user_id&gt;
+</code></pre>
+<p>and:</p>
+<pre><code>GET /_matrix/client/r0/admin/whois/&lt;userId&gt;
+</code></pre>
+<p>See also: <a href="https://matrix.org/docs/spec/client_server/r0.6.1#get-matrix-client-r0-admin-whois-userid">Client Server
+API Whois</a>.</p>
+<p>To use it, you will need to authenticate by providing an <code>access_token</code> for a
+server admin: <a href="admin_api/../usage/administration/admin_api">Admin API</a></p>
+<p>It returns a JSON body like the following:</p>
+<pre><code class="language-json">{
+    &quot;user_id&quot;: &quot;&lt;user_id&gt;&quot;,
+    &quot;devices&quot;: {
+        &quot;&quot;: {
+            &quot;sessions&quot;: [
+                {
+                    &quot;connections&quot;: [
+                        {
+                            &quot;ip&quot;: &quot;1.2.3.4&quot;,
+                            &quot;last_seen&quot;: 1417222374433,
+                            &quot;user_agent&quot;: &quot;Mozilla/5.0 ...&quot;
+                        },
+                        {
+                            &quot;ip&quot;: &quot;1.2.3.10&quot;,
+                            &quot;last_seen&quot;: 1417222374500,
+                            &quot;user_agent&quot;: &quot;Dalvik/2.1.0 ...&quot;
+                        }
+                    ]
+                }
+            ]
+        }
+    }
+}
+</code></pre>
+<p><code>last_seen</code> is measured in milliseconds since the Unix epoch.</p>
+<h2 id="deactivate-account"><a class="header" href="#deactivate-account">Deactivate Account</a></h2>
+<p>This API deactivates an account. It removes active access tokens, resets the
+password, and deletes third-party IDs (to prevent the user requesting a
+password reset).</p>
+<p>It can also mark the user as GDPR-erased. This means messages sent by the
+user will still be visible by anyone that was in the room when these messages
+were sent, but hidden from users joining the room afterwards.</p>
+<p>The api is:</p>
+<pre><code>POST /_synapse/admin/v1/deactivate/&lt;user_id&gt;
+</code></pre>
+<p>with a body of:</p>
+<pre><code class="language-json">{
+    &quot;erase&quot;: true
+}
+</code></pre>
+<p>To use it, you will need to authenticate by providing an <code>access_token</code> for a
+server admin: <a href="admin_api/../usage/administration/admin_api">Admin API</a></p>
+<p>The erase parameter is optional and defaults to <code>false</code>.
+An empty body may be passed for backwards compatibility.</p>
+<p>The following actions are performed when deactivating an user:</p>
+<ul>
+<li>Try to unpind 3PIDs from the identity server</li>
+<li>Remove all 3PIDs from the homeserver</li>
+<li>Delete all devices and E2EE keys</li>
+<li>Delete all access tokens</li>
+<li>Delete the password hash</li>
+<li>Removal from all rooms the user is a member of</li>
+<li>Remove the user from the user directory</li>
+<li>Reject all pending invites</li>
+<li>Remove all account validity information related to the user</li>
+</ul>
+<p>The following additional actions are performed during deactivation if <code>erase</code>
+is set to <code>true</code>:</p>
+<ul>
+<li>Remove the user's display name</li>
+<li>Remove the user's avatar URL</li>
+<li>Mark the user as erased</li>
+</ul>
+<h2 id="reset-password"><a class="header" href="#reset-password">Reset password</a></h2>
+<p>Changes the password of another user. This will automatically log the user out of all their devices.</p>
+<p>The api is:</p>
+<pre><code>POST /_synapse/admin/v1/reset_password/&lt;user_id&gt;
+</code></pre>
+<p>with a body of:</p>
+<pre><code class="language-json">{
+   &quot;new_password&quot;: &quot;&lt;secret&gt;&quot;,
+   &quot;logout_devices&quot;: true
+}
+</code></pre>
+<p>To use it, you will need to authenticate by providing an <code>access_token</code> for a
+server admin: <a href="admin_api/../usage/administration/admin_api">Admin API</a></p>
+<p>The parameter <code>new_password</code> is required.
+The parameter <code>logout_devices</code> is optional and defaults to <code>true</code>.</p>
+<h2 id="get-whether-a-user-is-a-server-administrator-or-not"><a class="header" href="#get-whether-a-user-is-a-server-administrator-or-not">Get whether a user is a server administrator or not</a></h2>
+<p>The api is:</p>
+<pre><code>GET /_synapse/admin/v1/users/&lt;user_id&gt;/admin
+</code></pre>
+<p>To use it, you will need to authenticate by providing an <code>access_token</code> for a
+server admin: <a href="admin_api/../usage/administration/admin_api">Admin API</a></p>
+<p>A response body like the following is returned:</p>
+<pre><code class="language-json">{
+    &quot;admin&quot;: true
+}
+</code></pre>
+<h2 id="change-whether-a-user-is-a-server-administrator-or-not"><a class="header" href="#change-whether-a-user-is-a-server-administrator-or-not">Change whether a user is a server administrator or not</a></h2>
+<p>Note that you cannot demote yourself.</p>
+<p>The api is:</p>
+<pre><code>PUT /_synapse/admin/v1/users/&lt;user_id&gt;/admin
+</code></pre>
+<p>with a body of:</p>
+<pre><code class="language-json">{
+    &quot;admin&quot;: true
+}
+</code></pre>
+<p>To use it, you will need to authenticate by providing an <code>access_token</code> for a
+server admin: <a href="admin_api/../usage/administration/admin_api">Admin API</a></p>
+<h2 id="list-room-memberships-of-a-user"><a class="header" href="#list-room-memberships-of-a-user">List room memberships of a user</a></h2>
+<p>Gets a list of all <code>room_id</code> that a specific <code>user_id</code> is member.</p>
+<p>The API is:</p>
+<pre><code>GET /_synapse/admin/v1/users/&lt;user_id&gt;/joined_rooms
+</code></pre>
+<p>To use it, you will need to authenticate by providing an <code>access_token</code> for a
+server admin: <a href="admin_api/../usage/administration/admin_api">Admin API</a></p>
+<p>A response body like the following is returned:</p>
+<pre><code class="language-json">    {
+        &quot;joined_rooms&quot;: [
+            &quot;!DuGcnbhHGaSZQoNQR:matrix.org&quot;,
+            &quot;!ZtSaPCawyWtxfWiIy:matrix.org&quot;
+        ],
+        &quot;total&quot;: 2
+    }
+</code></pre>
+<p>The server returns the list of rooms of which the user and the server
+are member. If the user is local, all the rooms of which the user is
+member are returned.</p>
+<p><strong>Parameters</strong></p>
+<p>The following parameters should be set in the URL:</p>
+<ul>
+<li><code>user_id</code> - fully qualified: for example, <code>@user:server.com</code>.</li>
+</ul>
+<p><strong>Response</strong></p>
+<p>The following fields are returned in the JSON response body:</p>
+<ul>
+<li><code>joined_rooms</code> - An array of <code>room_id</code>.</li>
+<li><code>total</code> - Number of rooms.</li>
+</ul>
+<h2 id="list-media-of-a-user"><a class="header" href="#list-media-of-a-user">List media of a user</a></h2>
+<p>Gets a list of all local media that a specific <code>user_id</code> has created.
+By default, the response is ordered by descending creation date and ascending media ID.
+The newest media is on top. You can change the order with parameters
+<code>order_by</code> and <code>dir</code>.</p>
+<p>The API is:</p>
+<pre><code>GET /_synapse/admin/v1/users/&lt;user_id&gt;/media
+</code></pre>
+<p>To use it, you will need to authenticate by providing an <code>access_token</code> for a
+server admin: <a href="admin_api/../usage/administration/admin_api">Admin API</a></p>
+<p>A response body like the following is returned:</p>
+<pre><code class="language-json">{
+  &quot;media&quot;: [
+    {
+      &quot;created_ts&quot;: 100400,
+      &quot;last_access_ts&quot;: null,
+      &quot;media_id&quot;: &quot;qXhyRzulkwLsNHTbpHreuEgo&quot;,
+      &quot;media_length&quot;: 67,
+      &quot;media_type&quot;: &quot;image/png&quot;,
+      &quot;quarantined_by&quot;: null,
+      &quot;safe_from_quarantine&quot;: false,
+      &quot;upload_name&quot;: &quot;test1.png&quot;
+    },
+    {
+      &quot;created_ts&quot;: 200400,
+      &quot;last_access_ts&quot;: null,
+      &quot;media_id&quot;: &quot;FHfiSnzoINDatrXHQIXBtahw&quot;,
+      &quot;media_length&quot;: 67,
+      &quot;media_type&quot;: &quot;image/png&quot;,
+      &quot;quarantined_by&quot;: null,
+      &quot;safe_from_quarantine&quot;: false,
+      &quot;upload_name&quot;: &quot;test2.png&quot;
+    }
+  ],
+  &quot;next_token&quot;: 3,
+  &quot;total&quot;: 2
+}
+</code></pre>
+<p>To paginate, check for <code>next_token</code> and if present, call the endpoint again
+with <code>from</code> set to the value of <code>next_token</code>. This will return a new page.</p>
+<p>If the endpoint does not return a <code>next_token</code> then there are no more
+reports to paginate through.</p>
+<p><strong>Parameters</strong></p>
+<p>The following parameters should be set in the URL:</p>
+<ul>
+<li>
+<p><code>user_id</code> - string - fully qualified: for example, <code>@user:server.com</code>.</p>
+</li>
+<li>
+<p><code>limit</code>: string representing a positive integer - Is optional but is used for pagination,
+denoting the maximum number of items to return in this call. Defaults to <code>100</code>.</p>
+</li>
+<li>
+<p><code>from</code>: string representing a positive integer - Is optional but used for pagination,
+denoting the offset in the returned results. This should be treated as an opaque value and
+not explicitly set to anything other than the return value of <code>next_token</code> from a previous call.
+Defaults to <code>0</code>.</p>
+</li>
+<li>
+<p><code>order_by</code> - The method by which to sort the returned list of media.
+If the ordered field has duplicates, the second order is always by ascending <code>media_id</code>,
+which guarantees a stable ordering. Valid values are:</p>
+<ul>
+<li><code>media_id</code> - Media are ordered alphabetically by <code>media_id</code>.</li>
+<li><code>upload_name</code> - Media are ordered alphabetically by name the media was uploaded with.</li>
+<li><code>created_ts</code> - Media are ordered by when the content was uploaded in ms.
+Smallest to largest. This is the default.</li>
+<li><code>last_access_ts</code> - Media are ordered by when the content was last accessed in ms.
+Smallest to largest.</li>
+<li><code>media_length</code> - Media are ordered by length of the media in bytes.
+Smallest to largest.</li>
+<li><code>media_type</code> - Media are ordered alphabetically by MIME-type.</li>
+<li><code>quarantined_by</code> - Media are ordered alphabetically by the user ID that
+initiated the quarantine request for this media.</li>
+<li><code>safe_from_quarantine</code> - Media are ordered by the status if this media is safe
+from quarantining.</li>
+</ul>
+</li>
+<li>
+<p><code>dir</code> - Direction of media order. Either <code>f</code> for forwards or <code>b</code> for backwards.
+Setting this value to <code>b</code> will reverse the above sort order. Defaults to <code>f</code>.</p>
+</li>
+</ul>
+<p>If neither <code>order_by</code> nor <code>dir</code> is set, the default order is newest media on top
+(corresponds to <code>order_by</code> = <code>created_ts</code> and <code>dir</code> = <code>b</code>).</p>
+<p>Caution. The database only has indexes on the columns <code>media_id</code>,
+<code>user_id</code> and <code>created_ts</code>. This means that if a different sort order is used
+(<code>upload_name</code>, <code>last_access_ts</code>, <code>media_length</code>, <code>media_type</code>,
+<code>quarantined_by</code> or <code>safe_from_quarantine</code>), this can cause a large load on the
+database, especially for large environments.</p>
+<p><strong>Response</strong></p>
+<p>The following fields are returned in the JSON response body:</p>
+<ul>
+<li>
+<p><code>media</code> - An array of objects, each containing information about a media.
+Media objects contain the following fields:</p>
+<ul>
+<li>
+<p><code>created_ts</code> - integer - Timestamp when the content was uploaded in ms.</p>
+</li>
+<li>
+<p><code>last_access_ts</code> - integer - Timestamp when the content was last accessed in ms.</p>
+</li>
+<li>
+<p><code>media_id</code> - string - The id used to refer to the media.</p>
+</li>
+<li>
+<p><code>media_length</code> - integer - Length of the media in bytes.</p>
+</li>
+<li>
+<p><code>media_type</code> - string - The MIME-type of the media.</p>
+</li>
+<li>
+<p><code>quarantined_by</code> - string - The user ID that initiated the quarantine request
+for this media.</p>
+</li>
+<li>
+<p><code>safe_from_quarantine</code> - bool - Status if this media is safe from quarantining.</p>
+</li>
+<li>
+<p><code>upload_name</code> - string - The name the media was uploaded with.</p>
+</li>
+</ul>
+</li>
+<li>
+<p><code>next_token</code>: integer - Indication for pagination. See above.</p>
+</li>
+<li>
+<p><code>total</code> - integer - Total number of media.</p>
+</li>
+</ul>
+<h2 id="login-as-a-user"><a class="header" href="#login-as-a-user">Login as a user</a></h2>
+<p>Get an access token that can be used to authenticate as that user. Useful for
+when admins wish to do actions on behalf of a user.</p>
+<p>The API is:</p>
+<pre><code>POST /_synapse/admin/v1/users/&lt;user_id&gt;/login
+{}
+</code></pre>
+<p>An optional <code>valid_until_ms</code> field can be specified in the request body as an
+integer timestamp that specifies when the token should expire. By default tokens
+do not expire.</p>
+<p>A response body like the following is returned:</p>
+<pre><code class="language-json">{
+    &quot;access_token&quot;: &quot;&lt;opaque_access_token_string&gt;&quot;
+}
+</code></pre>
+<p>This API does <em>not</em> generate a new device for the user, and so will not appear
+their <code>/devices</code> list, and in general the target user should not be able to
+tell they have been logged in as.</p>
+<p>To expire the token call the standard <code>/logout</code> API with the token.</p>
+<p>Note: The token will expire if the <em>admin</em> user calls <code>/logout/all</code> from any
+of their devices, but the token will <em>not</em> expire if the target user does the
+same.</p>
+<h2 id="user-devices"><a class="header" href="#user-devices">User devices</a></h2>
+<h3 id="list-all-devices"><a class="header" href="#list-all-devices">List all devices</a></h3>
+<p>Gets information about all devices for a specific <code>user_id</code>.</p>
+<p>The API is:</p>
+<pre><code>GET /_synapse/admin/v2/users/&lt;user_id&gt;/devices
+</code></pre>
+<p>To use it, you will need to authenticate by providing an <code>access_token</code> for a
+server admin: <a href="admin_api/../usage/administration/admin_api">Admin API</a></p>
+<p>A response body like the following is returned:</p>
+<pre><code class="language-json">{
+  &quot;devices&quot;: [
+    {
+      &quot;device_id&quot;: &quot;QBUAZIFURK&quot;,
+      &quot;display_name&quot;: &quot;android&quot;,
+      &quot;last_seen_ip&quot;: &quot;1.2.3.4&quot;,
+      &quot;last_seen_ts&quot;: 1474491775024,
+      &quot;user_id&quot;: &quot;&lt;user_id&gt;&quot;
+    },
+    {
+      &quot;device_id&quot;: &quot;AUIECTSRND&quot;,
+      &quot;display_name&quot;: &quot;ios&quot;,
+      &quot;last_seen_ip&quot;: &quot;1.2.3.5&quot;,
+      &quot;last_seen_ts&quot;: 1474491775025,
+      &quot;user_id&quot;: &quot;&lt;user_id&gt;&quot;
+    }
+  ],
+  &quot;total&quot;: 2
+}
+</code></pre>
+<p><strong>Parameters</strong></p>
+<p>The following parameters should be set in the URL:</p>
+<ul>
+<li><code>user_id</code> - fully qualified: for example, <code>@user:server.com</code>.</li>
+</ul>
+<p><strong>Response</strong></p>
+<p>The following fields are returned in the JSON response body:</p>
+<ul>
+<li>
+<p><code>devices</code> - An array of objects, each containing information about a device.
+Device objects contain the following fields:</p>
+<ul>
+<li><code>device_id</code> - Identifier of device.</li>
+<li><code>display_name</code> - Display name set by the user for this device.
+Absent if no name has been set.</li>
+<li><code>last_seen_ip</code> - The IP address where this device was last seen.
+(May be a few minutes out of date, for efficiency reasons).</li>
+<li><code>last_seen_ts</code> - The timestamp (in milliseconds since the unix epoch) when this
+devices was last seen. (May be a few minutes out of date, for efficiency reasons).</li>
+<li><code>user_id</code> - Owner of  device.</li>
+</ul>
+</li>
+<li>
+<p><code>total</code> - Total number of user's devices.</p>
+</li>
+</ul>
+<h3 id="delete-multiple-devices"><a class="header" href="#delete-multiple-devices">Delete multiple devices</a></h3>
+<p>Deletes the given devices for a specific <code>user_id</code>, and invalidates
+any access token associated with them.</p>
+<p>The API is:</p>
+<pre><code>POST /_synapse/admin/v2/users/&lt;user_id&gt;/delete_devices
+
+{
+  &quot;devices&quot;: [
+    &quot;QBUAZIFURK&quot;,
+    &quot;AUIECTSRND&quot;
+  ],
+}
+</code></pre>
+<p>To use it, you will need to authenticate by providing an <code>access_token</code> for a
+server admin: <a href="admin_api/../usage/administration/admin_api">Admin API</a></p>
+<p>An empty JSON dict is returned.</p>
+<p><strong>Parameters</strong></p>
+<p>The following parameters should be set in the URL:</p>
+<ul>
+<li><code>user_id</code> - fully qualified: for example, <code>@user:server.com</code>.</li>
+</ul>
+<p>The following fields are required in the JSON request body:</p>
+<ul>
+<li><code>devices</code> - The list of device IDs to delete.</li>
+</ul>
+<h3 id="show-a-device"><a class="header" href="#show-a-device">Show a device</a></h3>
+<p>Gets information on a single device, by <code>device_id</code> for a specific <code>user_id</code>.</p>
+<p>The API is:</p>
+<pre><code>GET /_synapse/admin/v2/users/&lt;user_id&gt;/devices/&lt;device_id&gt;
+</code></pre>
+<p>To use it, you will need to authenticate by providing an <code>access_token</code> for a
+server admin: <a href="admin_api/../usage/administration/admin_api">Admin API</a></p>
+<p>A response body like the following is returned:</p>
+<pre><code class="language-json">{
+  &quot;device_id&quot;: &quot;&lt;device_id&gt;&quot;,
+  &quot;display_name&quot;: &quot;android&quot;,
+  &quot;last_seen_ip&quot;: &quot;1.2.3.4&quot;,
+  &quot;last_seen_ts&quot;: 1474491775024,
+  &quot;user_id&quot;: &quot;&lt;user_id&gt;&quot;
+}
+</code></pre>
+<p><strong>Parameters</strong></p>
+<p>The following parameters should be set in the URL:</p>
+<ul>
+<li><code>user_id</code> - fully qualified: for example, <code>@user:server.com</code>.</li>
+<li><code>device_id</code> - The device to retrieve.</li>
+</ul>
+<p><strong>Response</strong></p>
+<p>The following fields are returned in the JSON response body:</p>
+<ul>
+<li><code>device_id</code> - Identifier of device.</li>
+<li><code>display_name</code> - Display name set by the user for this device.
+Absent if no name has been set.</li>
+<li><code>last_seen_ip</code> - The IP address where this device was last seen.
+(May be a few minutes out of date, for efficiency reasons).</li>
+<li><code>last_seen_ts</code> - The timestamp (in milliseconds since the unix epoch) when this
+devices was last seen. (May be a few minutes out of date, for efficiency reasons).</li>
+<li><code>user_id</code> - Owner of  device.</li>
+</ul>
+<h3 id="update-a-device"><a class="header" href="#update-a-device">Update a device</a></h3>
+<p>Updates the metadata on the given <code>device_id</code> for a specific <code>user_id</code>.</p>
+<p>The API is:</p>
+<pre><code>PUT /_synapse/admin/v2/users/&lt;user_id&gt;/devices/&lt;device_id&gt;
+
+{
+  &quot;display_name&quot;: &quot;My other phone&quot;
+}
+</code></pre>
+<p>To use it, you will need to authenticate by providing an <code>access_token</code> for a
+server admin: <a href="admin_api/../usage/administration/admin_api">Admin API</a></p>
+<p>An empty JSON dict is returned.</p>
+<p><strong>Parameters</strong></p>
+<p>The following parameters should be set in the URL:</p>
+<ul>
+<li><code>user_id</code> - fully qualified: for example, <code>@user:server.com</code>.</li>
+<li><code>device_id</code> - The device to update.</li>
+</ul>
+<p>The following fields are required in the JSON request body:</p>
+<ul>
+<li><code>display_name</code> - The new display name for this device. If not given,
+the display name is unchanged.</li>
+</ul>
+<h3 id="delete-a-device"><a class="header" href="#delete-a-device">Delete a device</a></h3>
+<p>Deletes the given <code>device_id</code> for a specific <code>user_id</code>,
+and invalidates any access token associated with it.</p>
+<p>The API is:</p>
+<pre><code>DELETE /_synapse/admin/v2/users/&lt;user_id&gt;/devices/&lt;device_id&gt;
+
+{}
+</code></pre>
+<p>To use it, you will need to authenticate by providing an <code>access_token</code> for a
+server admin: <a href="admin_api/../usage/administration/admin_api">Admin API</a></p>
+<p>An empty JSON dict is returned.</p>
+<p><strong>Parameters</strong></p>
+<p>The following parameters should be set in the URL:</p>
+<ul>
+<li><code>user_id</code> - fully qualified: for example, <code>@user:server.com</code>.</li>
+<li><code>device_id</code> - The device to delete.</li>
+</ul>
+<h2 id="list-all-pushers"><a class="header" href="#list-all-pushers">List all pushers</a></h2>
+<p>Gets information about all pushers for a specific <code>user_id</code>.</p>
+<p>The API is:</p>
+<pre><code>GET /_synapse/admin/v1/users/&lt;user_id&gt;/pushers
+</code></pre>
+<p>To use it, you will need to authenticate by providing an <code>access_token</code> for a
+server admin: <a href="admin_api/../usage/administration/admin_api">Admin API</a></p>
+<p>A response body like the following is returned:</p>
+<pre><code class="language-json">{
+  &quot;pushers&quot;: [
+    {
+      &quot;app_display_name&quot;:&quot;HTTP Push Notifications&quot;,
+      &quot;app_id&quot;:&quot;m.http&quot;,
+      &quot;data&quot;: {
+        &quot;url&quot;:&quot;example.com&quot;
+      },
+      &quot;device_display_name&quot;:&quot;pushy push&quot;,
+      &quot;kind&quot;:&quot;http&quot;,
+      &quot;lang&quot;:&quot;None&quot;,
+      &quot;profile_tag&quot;:&quot;&quot;,
+      &quot;pushkey&quot;:&quot;a@example.com&quot;
+    }
+  ],
+  &quot;total&quot;: 1
+}
+</code></pre>
+<p><strong>Parameters</strong></p>
+<p>The following parameters should be set in the URL:</p>
+<ul>
+<li><code>user_id</code> - fully qualified: for example, <code>@user:server.com</code>.</li>
+</ul>
+<p><strong>Response</strong></p>
+<p>The following fields are returned in the JSON response body:</p>
+<ul>
+<li>
+<p><code>pushers</code> - An array containing the current pushers for the user</p>
+<ul>
+<li>
+<p><code>app_display_name</code> - string - A string that will allow the user to identify
+what application owns this pusher.</p>
+</li>
+<li>
+<p><code>app_id</code> - string - This is a reverse-DNS style identifier for the application.
+Max length, 64 chars.</p>
+</li>
+<li>
+<p><code>data</code> - A dictionary of information for the pusher implementation itself.</p>
+<ul>
+<li>
+<p><code>url</code> - string - Required if <code>kind</code> is <code>http</code>. The URL to use to send
+notifications to.</p>
+</li>
+<li>
+<p><code>format</code> - string - The format to use when sending notifications to the
+Push Gateway.</p>
+</li>
+</ul>
+</li>
+<li>
+<p><code>device_display_name</code> - string -  A string that will allow the user to identify
+what device owns this pusher.</p>
+</li>
+<li>
+<p><code>profile_tag</code> - string - This string determines which set of device specific rules
+this pusher executes.</p>
+</li>
+<li>
+<p><code>kind</code> - string -  The kind of pusher. &quot;http&quot; is a pusher that sends HTTP pokes.</p>
+</li>
+<li>
+<p><code>lang</code> - string - The preferred language for receiving notifications
+(e.g. 'en' or 'en-US')</p>
+</li>
+<li>
+<p><code>profile_tag</code> - string - This string determines which set of device specific rules
+this pusher executes.</p>
+</li>
+<li>
+<p><code>pushkey</code> - string - This is a unique identifier for this pusher.
+Max length, 512 bytes.</p>
+</li>
+</ul>
+</li>
+<li>
+<p><code>total</code> - integer - Number of pushers.</p>
+</li>
+</ul>
+<p>See also the
+<a href="https://matrix.org/docs/spec/client_server/latest#get-matrix-client-r0-pushers">Client-Server API Spec on pushers</a>.</p>
+<h2 id="shadow-banning-users"><a class="header" href="#shadow-banning-users">Shadow-banning users</a></h2>
+<p>Shadow-banning is a useful tool for moderating malicious or egregiously abusive users.
+A shadow-banned users receives successful responses to their client-server API requests,
+but the events are not propagated into rooms. This can be an effective tool as it
+(hopefully) takes longer for the user to realise they are being moderated before
+pivoting to another account.</p>
+<p>Shadow-banning a user should be used as a tool of last resort and may lead to confusing
+or broken behaviour for the client. A shadow-banned user will not receive any
+notification and it is generally more appropriate to ban or kick abusive users.
+A shadow-banned user will be unable to contact anyone on the server.</p>
+<p>The API is:</p>
+<pre><code>POST /_synapse/admin/v1/users/&lt;user_id&gt;/shadow_ban
+</code></pre>
+<p>To use it, you will need to authenticate by providing an <code>access_token</code> for a
+server admin: <a href="admin_api/../usage/administration/admin_api">Admin API</a></p>
+<p>An empty JSON dict is returned.</p>
+<p><strong>Parameters</strong></p>
+<p>The following parameters should be set in the URL:</p>
+<ul>
+<li><code>user_id</code> - The fully qualified MXID: for example, <code>@user:server.com</code>. The user must
+be local.</li>
+</ul>
+<h2 id="override-ratelimiting-for-users"><a class="header" href="#override-ratelimiting-for-users">Override ratelimiting for users</a></h2>
+<p>This API allows to override or disable ratelimiting for a specific user.
+There are specific APIs to set, get and delete a ratelimit.</p>
+<h3 id="get-status-of-ratelimit"><a class="header" href="#get-status-of-ratelimit">Get status of ratelimit</a></h3>
+<p>The API is:</p>
+<pre><code>GET /_synapse/admin/v1/users/&lt;user_id&gt;/override_ratelimit
+</code></pre>
+<p>To use it, you will need to authenticate by providing an <code>access_token</code> for a
+server admin: <a href="admin_api/../usage/administration/admin_api">Admin API</a></p>
+<p>A response body like the following is returned:</p>
+<pre><code class="language-json">{
+  &quot;messages_per_second&quot;: 0,
+  &quot;burst_count&quot;: 0
+}
+</code></pre>
+<p><strong>Parameters</strong></p>
+<p>The following parameters should be set in the URL:</p>
+<ul>
+<li><code>user_id</code> - The fully qualified MXID: for example, <code>@user:server.com</code>. The user must
+be local.</li>
+</ul>
+<p><strong>Response</strong></p>
+<p>The following fields are returned in the JSON response body:</p>
+<ul>
+<li><code>messages_per_second</code> - integer - The number of actions that can
+be performed in a second. <code>0</code> mean that ratelimiting is disabled for this user.</li>
+<li><code>burst_count</code> - integer - How many actions that can be performed before
+being limited.</li>
+</ul>
+<p>If <strong>no</strong> custom ratelimit is set, an empty JSON dict is returned.</p>
+<pre><code class="language-json">{}
+</code></pre>
+<h3 id="set-ratelimit"><a class="header" href="#set-ratelimit">Set ratelimit</a></h3>
+<p>The API is:</p>
+<pre><code>POST /_synapse/admin/v1/users/&lt;user_id&gt;/override_ratelimit
+</code></pre>
+<p>To use it, you will need to authenticate by providing an <code>access_token</code> for a
+server admin: <a href="admin_api/../usage/administration/admin_api">Admin API</a></p>
+<p>A response body like the following is returned:</p>
+<pre><code class="language-json">{
+  &quot;messages_per_second&quot;: 0,
+  &quot;burst_count&quot;: 0
+}
+</code></pre>
+<p><strong>Parameters</strong></p>
+<p>The following parameters should be set in the URL:</p>
+<ul>
+<li><code>user_id</code> - The fully qualified MXID: for example, <code>@user:server.com</code>. The user must
+be local.</li>
+</ul>
+<p>Body parameters:</p>
+<ul>
+<li><code>messages_per_second</code> - positive integer, optional. The number of actions that can
+be performed in a second. Defaults to <code>0</code>.</li>
+<li><code>burst_count</code> - positive integer, optional. How many actions that can be performed
+before being limited. Defaults to <code>0</code>.</li>
+</ul>
+<p>To disable users' ratelimit set both values to <code>0</code>.</p>
+<p><strong>Response</strong></p>
+<p>The following fields are returned in the JSON response body:</p>
+<ul>
+<li><code>messages_per_second</code> - integer - The number of actions that can
+be performed in a second.</li>
+<li><code>burst_count</code> - integer - How many actions that can be performed before
+being limited.</li>
+</ul>
+<h3 id="delete-ratelimit"><a class="header" href="#delete-ratelimit">Delete ratelimit</a></h3>
+<p>The API is:</p>
+<pre><code>DELETE /_synapse/admin/v1/users/&lt;user_id&gt;/override_ratelimit
+</code></pre>
+<p>To use it, you will need to authenticate by providing an <code>access_token</code> for a
+server admin: <a href="admin_api/../usage/administration/admin_api">Admin API</a></p>
+<p>An empty JSON dict is returned.</p>
+<pre><code class="language-json">{}
+</code></pre>
+<p><strong>Parameters</strong></p>
+<p>The following parameters should be set in the URL:</p>
+<ul>
+<li><code>user_id</code> - The fully qualified MXID: for example, <code>@user:server.com</code>. The user must
+be local.</li>
+</ul>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="version-api"><a class="header" href="#version-api">Version API</a></h1>
+<p>This API returns the running Synapse version and the Python version
+on which Synapse is being run. This is useful when a Synapse instance
+is behind a proxy that does not forward the 'Server' header (which also
+contains Synapse version information).</p>
+<p>The api is:</p>
+<pre><code>GET /_synapse/admin/v1/server_version
+</code></pre>
+<p>It returns a JSON body like the following:</p>
+<pre><code class="language-json">{
+    &quot;server_version&quot;: &quot;0.99.2rc1 (b=develop, abcdef123)&quot;,
+    &quot;python_version&quot;: &quot;3.6.8&quot;
+}
+</code></pre>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="using-the-synapse-manhole"><a class="header" href="#using-the-synapse-manhole">Using the synapse manhole</a></h1>
+<p>The &quot;manhole&quot; allows server administrators to access a Python shell on a running
+Synapse installation. This is a very powerful mechanism for administration and
+debugging.</p>
+<p><strong><em>Security Warning</em></strong></p>
+<p>Note that this will give administrative access to synapse to <strong>all users</strong> with
+shell access to the server. It should therefore <strong>not</strong> be enabled in
+environments where untrusted users have shell access.</p>
+<hr />
+<p>To enable it, first uncomment the <code>manhole</code> listener configuration in
+<code>homeserver.yaml</code>. The configuration is slightly different if you're using docker.</p>
+<h4 id="docker-config"><a class="header" href="#docker-config">Docker config</a></h4>
+<p>If you are using Docker, set <code>bind_addresses</code> to <code>['0.0.0.0']</code> as shown:</p>
+<pre><code class="language-yaml">listeners:
+  - port: 9000
+    bind_addresses: ['0.0.0.0']
+    type: manhole
+</code></pre>
+<p>When using <code>docker run</code> to start the server, you will then need to change the command to the following to include the
+<code>manhole</code> port forwarding. The <code>-p 127.0.0.1:9000:9000</code> below is important: it 
+ensures that access to the <code>manhole</code> is only possible for local users.</p>
+<pre><code class="language-bash">docker run -d --name synapse \
+    --mount type=volume,src=synapse-data,dst=/data \
+    -p 8008:8008 \
+    -p 127.0.0.1:9000:9000 \
+    matrixdotorg/synapse:latest
+</code></pre>
+<h4 id="native-config"><a class="header" href="#native-config">Native config</a></h4>
+<p>If you are not using docker, set <code>bind_addresses</code> to <code>['::1', '127.0.0.1']</code> as shown.
+The <code>bind_addresses</code> in the example below is important: it ensures that access to the
+<code>manhole</code> is only possible for local users).</p>
+<pre><code class="language-yaml">listeners:
+  - port: 9000
+    bind_addresses: ['::1', '127.0.0.1']
+    type: manhole
+</code></pre>
+<h4 id="accessing-synapse-manhole"><a class="header" href="#accessing-synapse-manhole">Accessing synapse manhole</a></h4>
+<p>Then restart synapse, and point an ssh client at port 9000 on localhost, using
+the username <code>matrix</code>:</p>
+<pre><code class="language-bash">ssh -p9000 matrix@localhost
+</code></pre>
+<p>The password is <code>rabbithole</code>.</p>
+<p>This gives a Python REPL in which <code>hs</code> gives access to the
+<code>synapse.server.HomeServer</code> object - which in turn gives access to many other
+parts of the process.</p>
+<p>Note that any call which returns a coroutine will need to be wrapped in <code>ensureDeferred</code>.</p>
+<p>As a simple example, retrieving an event from the database:</p>
+<pre><code class="language-pycon">&gt;&gt;&gt; from twisted.internet import defer
+&gt;&gt;&gt; defer.ensureDeferred(hs.get_datastore().get_event('$1416420717069yeQaw:matrix.org'))
+&lt;Deferred at 0x7ff253fc6998 current result: &lt;FrozenEvent event_id='$1416420717069yeQaw:matrix.org', type='m.room.create', state_key=''&gt;&gt;
+</code></pre>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="how-to-monitor-synapse-metrics-using-prometheus"><a class="header" href="#how-to-monitor-synapse-metrics-using-prometheus">How to monitor Synapse metrics using Prometheus</a></h1>
+<ol>
+<li>
+<p>Install Prometheus:</p>
+<p>Follow instructions at
+<a href="http://prometheus.io/docs/introduction/install/">http://prometheus.io/docs/introduction/install/</a></p>
+</li>
+<li>
+<p>Enable Synapse metrics:</p>
+<p>There are two methods of enabling metrics in Synapse.</p>
+<p>The first serves the metrics as a part of the usual web server and
+can be enabled by adding the &quot;metrics&quot; resource to the existing
+listener as such:</p>
+<pre><code class="language-yaml">  resources:
+    - names:
+      - client
+      - metrics
+</code></pre>
+<p>This provides a simple way of adding metrics to your Synapse
+installation, and serves under <code>/_synapse/metrics</code>. If you do not
+wish your metrics be publicly exposed, you will need to either
+filter it out at your load balancer, or use the second method.</p>
+<p>The second method runs the metrics server on a different port, in a
+different thread to Synapse. This can make it more resilient to
+heavy load meaning metrics cannot be retrieved, and can be exposed
+to just internal networks easier. The served metrics are available
+over HTTP only, and will be available at <code>/_synapse/metrics</code>.</p>
+<p>Add a new listener to homeserver.yaml:</p>
+<pre><code class="language-yaml">  listeners:
+    - type: metrics
+      port: 9000
+      bind_addresses:
+        - '0.0.0.0'
+</code></pre>
+<p>For both options, you will need to ensure that <code>enable_metrics</code> is
+set to <code>True</code>.</p>
+</li>
+<li>
+<p>Restart Synapse.</p>
+</li>
+<li>
+<p>Add a Prometheus target for Synapse.</p>
+<p>It needs to set the <code>metrics_path</code> to a non-default value (under
+<code>scrape_configs</code>):</p>
+<pre><code class="language-yaml">  - job_name: &quot;synapse&quot;
+    scrape_interval: 15s
+    metrics_path: &quot;/_synapse/metrics&quot;
+    static_configs:
+      - targets: [&quot;my.server.here:port&quot;]
+</code></pre>
+<p>where <code>my.server.here</code> is the IP address of Synapse, and <code>port</code> is
+the listener port configured with the <code>metrics</code> resource.</p>
+<p>If your prometheus is older than 1.5.2, you will need to replace
+<code>static_configs</code> in the above with <code>target_groups</code>.</p>
+</li>
+<li>
+<p>Restart Prometheus.</p>
+</li>
+<li>
+<p>Consider using the <a href="https://github.com/matrix-org/synapse/tree/master/contrib/grafana/">grafana dashboard</a>
+and required <a href="https://github.com/matrix-org/synapse/tree/master/contrib/prometheus/">recording rules</a> </p>
+</li>
+</ol>
+<h2 id="monitoring-workers"><a class="header" href="#monitoring-workers">Monitoring workers</a></h2>
+<p>To monitor a Synapse installation using <a href="workers.html">workers</a>,
+every worker needs to be monitored independently, in addition to
+the main homeserver process. This is because workers don't send
+their metrics to the main homeserver process, but expose them
+directly (if they are configured to do so).</p>
+<p>To allow collecting metrics from a worker, you need to add a
+<code>metrics</code> listener to its configuration, by adding the following
+under <code>worker_listeners</code>:</p>
+<pre><code class="language-yaml">  - type: metrics
+    bind_address: ''
+    port: 9101
+</code></pre>
+<p>The <code>bind_address</code> and <code>port</code> parameters should be set so that
+the resulting listener can be reached by prometheus, and they
+don't clash with an existing worker.
+With this example, the worker's metrics would then be available
+on <code>http://127.0.0.1:9101</code>.</p>
+<p>Example Prometheus target for Synapse with workers:</p>
+<pre><code class="language-yaml">  - job_name: &quot;synapse&quot;
+    scrape_interval: 15s
+    metrics_path: &quot;/_synapse/metrics&quot;
+    static_configs:
+      - targets: [&quot;my.server.here:port&quot;]
+        labels:
+          instance: &quot;my.server&quot;
+          job: &quot;master&quot;
+          index: 1
+      - targets: [&quot;my.workerserver.here:port&quot;]
+        labels:
+          instance: &quot;my.server&quot;
+          job: &quot;generic_worker&quot;
+          index: 1
+      - targets: [&quot;my.workerserver.here:port&quot;]
+        labels:
+          instance: &quot;my.server&quot;
+          job: &quot;generic_worker&quot;
+          index: 2
+      - targets: [&quot;my.workerserver.here:port&quot;]
+        labels:
+          instance: &quot;my.server&quot;
+          job: &quot;media_repository&quot;
+          index: 1
+</code></pre>
+<p>Labels (<code>instance</code>, <code>job</code>, <code>index</code>) can be defined as anything.
+The labels are used to group graphs in grafana.</p>
+<h2 id="renaming-of-metrics--deprecation-of-old-names-in-12"><a class="header" href="#renaming-of-metrics--deprecation-of-old-names-in-12">Renaming of metrics &amp; deprecation of old names in 1.2</a></h2>
+<p>Synapse 1.2 updates the Prometheus metrics to match the naming
+convention of the upstream <code>prometheus_client</code>. The old names are
+considered deprecated and will be removed in a future version of
+Synapse.</p>
+<table><thead><tr><th>New Name</th><th>Old Name</th></tr></thead><tbody>
+<tr><td>python_gc_objects_collected_total</td><td>python_gc_objects_collected</td></tr>
+<tr><td>python_gc_objects_uncollectable_total</td><td>python_gc_objects_uncollectable</td></tr>
+<tr><td>python_gc_collections_total</td><td>python_gc_collections</td></tr>
+<tr><td>process_cpu_seconds_total</td><td>process_cpu_seconds</td></tr>
+<tr><td>synapse_federation_client_sent_transactions_total</td><td>synapse_federation_client_sent_transactions</td></tr>
+<tr><td>synapse_federation_client_events_processed_total</td><td>synapse_federation_client_events_processed</td></tr>
+<tr><td>synapse_event_processing_loop_count_total</td><td>synapse_event_processing_loop_count</td></tr>
+<tr><td>synapse_event_processing_loop_room_count_total</td><td>synapse_event_processing_loop_room_count</td></tr>
+<tr><td>synapse_util_metrics_block_count_total</td><td>synapse_util_metrics_block_count</td></tr>
+<tr><td>synapse_util_metrics_block_time_seconds_total</td><td>synapse_util_metrics_block_time_seconds</td></tr>
+<tr><td>synapse_util_metrics_block_ru_utime_seconds_total</td><td>synapse_util_metrics_block_ru_utime_seconds</td></tr>
+<tr><td>synapse_util_metrics_block_ru_stime_seconds_total</td><td>synapse_util_metrics_block_ru_stime_seconds</td></tr>
+<tr><td>synapse_util_metrics_block_db_txn_count_total</td><td>synapse_util_metrics_block_db_txn_count</td></tr>
+<tr><td>synapse_util_metrics_block_db_txn_duration_seconds_total</td><td>synapse_util_metrics_block_db_txn_duration_seconds</td></tr>
+<tr><td>synapse_util_metrics_block_db_sched_duration_seconds_total</td><td>synapse_util_metrics_block_db_sched_duration_seconds</td></tr>
+<tr><td>synapse_background_process_start_count_total</td><td>synapse_background_process_start_count</td></tr>
+<tr><td>synapse_background_process_ru_utime_seconds_total</td><td>synapse_background_process_ru_utime_seconds</td></tr>
+<tr><td>synapse_background_process_ru_stime_seconds_total</td><td>synapse_background_process_ru_stime_seconds</td></tr>
+<tr><td>synapse_background_process_db_txn_count_total</td><td>synapse_background_process_db_txn_count</td></tr>
+<tr><td>synapse_background_process_db_txn_duration_seconds_total</td><td>synapse_background_process_db_txn_duration_seconds</td></tr>
+<tr><td>synapse_background_process_db_sched_duration_seconds_total</td><td>synapse_background_process_db_sched_duration_seconds</td></tr>
+<tr><td>synapse_storage_events_persisted_events_total</td><td>synapse_storage_events_persisted_events</td></tr>
+<tr><td>synapse_storage_events_persisted_events_sep_total</td><td>synapse_storage_events_persisted_events_sep</td></tr>
+<tr><td>synapse_storage_events_state_delta_total</td><td>synapse_storage_events_state_delta</td></tr>
+<tr><td>synapse_storage_events_state_delta_single_event_total</td><td>synapse_storage_events_state_delta_single_event</td></tr>
+<tr><td>synapse_storage_events_state_delta_reuse_delta_total</td><td>synapse_storage_events_state_delta_reuse_delta</td></tr>
+<tr><td>synapse_federation_server_received_pdus_total</td><td>synapse_federation_server_received_pdus</td></tr>
+<tr><td>synapse_federation_server_received_edus_total</td><td>synapse_federation_server_received_edus</td></tr>
+<tr><td>synapse_handler_presence_notified_presence_total</td><td>synapse_handler_presence_notified_presence</td></tr>
+<tr><td>synapse_handler_presence_federation_presence_out_total</td><td>synapse_handler_presence_federation_presence_out</td></tr>
+<tr><td>synapse_handler_presence_presence_updates_total</td><td>synapse_handler_presence_presence_updates</td></tr>
+<tr><td>synapse_handler_presence_timers_fired_total</td><td>synapse_handler_presence_timers_fired</td></tr>
+<tr><td>synapse_handler_presence_federation_presence_total</td><td>synapse_handler_presence_federation_presence</td></tr>
+<tr><td>synapse_handler_presence_bump_active_time_total</td><td>synapse_handler_presence_bump_active_time</td></tr>
+<tr><td>synapse_federation_client_sent_edus_total</td><td>synapse_federation_client_sent_edus</td></tr>
+<tr><td>synapse_federation_client_sent_pdu_destinations_count_total</td><td>synapse_federation_client_sent_pdu_destinations:count</td></tr>
+<tr><td>synapse_federation_client_sent_pdu_destinations_total</td><td>synapse_federation_client_sent_pdu_destinations:total</td></tr>
+<tr><td>synapse_handlers_appservice_events_processed_total</td><td>synapse_handlers_appservice_events_processed</td></tr>
+<tr><td>synapse_notifier_notified_events_total</td><td>synapse_notifier_notified_events</td></tr>
+<tr><td>synapse_push_bulk_push_rule_evaluator_push_rules_invalidation_counter_total</td><td>synapse_push_bulk_push_rule_evaluator_push_rules_invalidation_counter</td></tr>
+<tr><td>synapse_push_bulk_push_rule_evaluator_push_rules_state_size_counter_total</td><td>synapse_push_bulk_push_rule_evaluator_push_rules_state_size_counter</td></tr>
+<tr><td>synapse_http_httppusher_http_pushes_processed_total</td><td>synapse_http_httppusher_http_pushes_processed</td></tr>
+<tr><td>synapse_http_httppusher_http_pushes_failed_total</td><td>synapse_http_httppusher_http_pushes_failed</td></tr>
+<tr><td>synapse_http_httppusher_badge_updates_processed_total</td><td>synapse_http_httppusher_badge_updates_processed</td></tr>
+<tr><td>synapse_http_httppusher_badge_updates_failed_total</td><td>synapse_http_httppusher_badge_updates_failed</td></tr>
+</tbody></table>
+<h2 id="removal-of-deprecated-metrics--time-based-counters-becoming-histograms-in-0310"><a class="header" href="#removal-of-deprecated-metrics--time-based-counters-becoming-histograms-in-0310">Removal of deprecated metrics &amp; time based counters becoming histograms in 0.31.0</a></h2>
+<p>The duplicated metrics deprecated in Synapse 0.27.0 have been removed.</p>
+<p>All time duration-based metrics have been changed to be seconds. This
+affects:</p>
+<table><thead><tr><th>msec -&gt; sec metrics</th></tr></thead><tbody>
+<tr><td>python_gc_time</td></tr>
+<tr><td>python_twisted_reactor_tick_time</td></tr>
+<tr><td>synapse_storage_query_time</td></tr>
+<tr><td>synapse_storage_schedule_time</td></tr>
+<tr><td>synapse_storage_transaction_time</td></tr>
+</tbody></table>
+<p>Several metrics have been changed to be histograms, which sort entries
+into buckets and allow better analysis. The following metrics are now
+histograms:</p>
+<table><thead><tr><th>Altered metrics</th></tr></thead><tbody>
+<tr><td>python_gc_time</td></tr>
+<tr><td>python_twisted_reactor_pending_calls</td></tr>
+<tr><td>python_twisted_reactor_tick_time</td></tr>
+<tr><td>synapse_http_server_response_time_seconds</td></tr>
+<tr><td>synapse_storage_query_time</td></tr>
+<tr><td>synapse_storage_schedule_time</td></tr>
+<tr><td>synapse_storage_transaction_time</td></tr>
+</tbody></table>
+<h2 id="block-and-response-metrics-renamed-for-0270"><a class="header" href="#block-and-response-metrics-renamed-for-0270">Block and response metrics renamed for 0.27.0</a></h2>
+<p>Synapse 0.27.0 begins the process of rationalising the duplicate
+<code>*:count</code> metrics reported for the resource tracking for code blocks and
+HTTP requests.</p>
+<p>At the same time, the corresponding <code>*:total</code> metrics are being renamed,
+as the <code>:total</code> suffix no longer makes sense in the absence of a
+corresponding <code>:count</code> metric.</p>
+<p>To enable a graceful migration path, this release just adds new names
+for the metrics being renamed. A future release will remove the old
+ones.</p>
+<p>The following table shows the new metrics, and the old metrics which
+they are replacing.</p>
+<table><thead><tr><th>New name</th><th>Old name</th></tr></thead><tbody>
+<tr><td>synapse_util_metrics_block_count</td><td>synapse_util_metrics_block_timer:count</td></tr>
+<tr><td>synapse_util_metrics_block_count</td><td>synapse_util_metrics_block_ru_utime:count</td></tr>
+<tr><td>synapse_util_metrics_block_count</td><td>synapse_util_metrics_block_ru_stime:count</td></tr>
+<tr><td>synapse_util_metrics_block_count</td><td>synapse_util_metrics_block_db_txn_count:count</td></tr>
+<tr><td>synapse_util_metrics_block_count</td><td>synapse_util_metrics_block_db_txn_duration:count</td></tr>
+<tr><td>synapse_util_metrics_block_time_seconds</td><td>synapse_util_metrics_block_timer:total</td></tr>
+<tr><td>synapse_util_metrics_block_ru_utime_seconds</td><td>synapse_util_metrics_block_ru_utime:total</td></tr>
+<tr><td>synapse_util_metrics_block_ru_stime_seconds</td><td>synapse_util_metrics_block_ru_stime:total</td></tr>
+<tr><td>synapse_util_metrics_block_db_txn_count</td><td>synapse_util_metrics_block_db_txn_count:total</td></tr>
+<tr><td>synapse_util_metrics_block_db_txn_duration_seconds</td><td>synapse_util_metrics_block_db_txn_duration:total</td></tr>
+<tr><td>synapse_http_server_response_count</td><td>synapse_http_server_requests</td></tr>
+<tr><td>synapse_http_server_response_count</td><td>synapse_http_server_response_time:count</td></tr>
+<tr><td>synapse_http_server_response_count</td><td>synapse_http_server_response_ru_utime:count</td></tr>
+<tr><td>synapse_http_server_response_count</td><td>synapse_http_server_response_ru_stime:count</td></tr>
+<tr><td>synapse_http_server_response_count</td><td>synapse_http_server_response_db_txn_count:count</td></tr>
+<tr><td>synapse_http_server_response_count</td><td>synapse_http_server_response_db_txn_duration:count</td></tr>
+<tr><td>synapse_http_server_response_time_seconds</td><td>synapse_http_server_response_time:total</td></tr>
+<tr><td>synapse_http_server_response_ru_utime_seconds</td><td>synapse_http_server_response_ru_utime:total</td></tr>
+<tr><td>synapse_http_server_response_ru_stime_seconds</td><td>synapse_http_server_response_ru_stime:total</td></tr>
+<tr><td>synapse_http_server_response_db_txn_count</td><td>synapse_http_server_response_db_txn_count:total</td></tr>
+<tr><td>synapse_http_server_response_db_txn_duration_seconds</td><td>synapse_http_server_response_db_txn_duration:total</td></tr>
+</tbody></table>
+<h2 id="standard-metric-names"><a class="header" href="#standard-metric-names">Standard Metric Names</a></h2>
+<p>As of synapse version 0.18.2, the format of the process-wide metrics has
+been changed to fit prometheus standard naming conventions. Additionally
+the units have been changed to seconds, from miliseconds.</p>
+<table><thead><tr><th>New name</th><th>Old name</th></tr></thead><tbody>
+<tr><td>process_cpu_user_seconds_total</td><td>process_resource_utime / 1000</td></tr>
+<tr><td>process_cpu_system_seconds_total</td><td>process_resource_stime / 1000</td></tr>
+<tr><td>process_open_fds (no 'type' label)</td><td>process_fds</td></tr>
+</tbody></table>
+<p>The python-specific counts of garbage collector performance have been
+renamed.</p>
+<table><thead><tr><th>New name</th><th>Old name</th></tr></thead><tbody>
+<tr><td>python_gc_time</td><td>reactor_gc_time</td></tr>
+<tr><td>python_gc_unreachable_total</td><td>reactor_gc_unreachable</td></tr>
+<tr><td>python_gc_counts</td><td>reactor_gc_counts</td></tr>
+</tbody></table>
+<p>The twisted-specific reactor metrics have been renamed.</p>
+<table><thead><tr><th>New name</th><th>Old name</th></tr></thead><tbody>
+<tr><td>python_twisted_reactor_pending_calls</td><td>reactor_pending_calls</td></tr>
+<tr><td>python_twisted_reactor_tick_time</td><td>reactor_tick_time</td></tr>
+</tbody></table>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="request-log-format"><a class="header" href="#request-log-format">Request log format</a></h1>
+<p>HTTP request logs are written by synapse (see <a href="usage/administration/../synapse/http/site.py"><code>site.py</code></a> for details).</p>
+<p>See the following for how to decode the dense data available from the default logging configuration.</p>
+<pre><code>2020-10-01 12:00:00,000 - synapse.access.http.8008 - 311 - INFO - PUT-1000- 192.168.0.1 - 8008 - {another-matrix-server.com} Processed request: 0.100sec/-0.000sec (0.000sec, 0.000sec) (0.001sec/0.090sec/3) 11B !200 &quot;PUT /_matrix/federation/v1/send/1600000000000 HTTP/1.1&quot; &quot;Synapse/1.20.1&quot; [0 dbevts]
+-AAAAAAAAAAAAAAAAAAAAA-   -BBBBBBBBBBBBBBBBBBBBBB-   -C-   -DD-   -EEEEEE-  -FFFFFFFFF-   -GG-    -HHHHHHHHHHHHHHHHHHHHHHH-                     -IIIIII- -JJJJJJJ-  -KKKKKK-, -LLLLLL-  -MMMMMMM- -NNNNNN- O  -P- -QQ-  -RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR-   -SSSSSSSSSSSS-   -TTTTTT-
+</code></pre>
+<table><thead><tr><th>Part</th><th>Explanation</th></tr></thead><tbody>
+<tr><td>AAAA</td><td>Timestamp request was logged (not recieved)</td></tr>
+<tr><td>BBBB</td><td>Logger name (<code>synapse.access.(http\|https).&lt;tag&gt;</code>, where 'tag' is defined in the <code>listeners</code> config section, normally the port)</td></tr>
+<tr><td>CCCC</td><td>Line number in code</td></tr>
+<tr><td>DDDD</td><td>Log Level</td></tr>
+<tr><td>EEEE</td><td>Request Identifier (This identifier is shared by related log lines)</td></tr>
+<tr><td>FFFF</td><td>Source IP (Or X-Forwarded-For if enabled)</td></tr>
+<tr><td>GGGG</td><td>Server Port</td></tr>
+<tr><td>HHHH</td><td>Federated Server or Local User making request (blank if unauthenticated or not supplied)</td></tr>
+<tr><td>IIII</td><td>Total Time to process the request</td></tr>
+<tr><td>JJJJ</td><td>Time to send response over network once generated (this may be negative if the socket is closed before the response is generated)</td></tr>
+<tr><td>KKKK</td><td>Userland CPU time</td></tr>
+<tr><td>LLLL</td><td>System CPU time</td></tr>
+<tr><td>MMMM</td><td>Total time waiting for a free DB connection from the pool across all parallel DB work from this request</td></tr>
+<tr><td>NNNN</td><td>Total time waiting for response to DB queries across all parallel DB work from this request</td></tr>
+<tr><td>OOOO</td><td>Count of DB transactions performed</td></tr>
+<tr><td>PPPP</td><td>Response body size</td></tr>
+<tr><td>QQQQ</td><td>Response status code (prefixed with ! if the socket was closed before the response was generated)</td></tr>
+<tr><td>RRRR</td><td>Request</td></tr>
+<tr><td>SSSS</td><td>User-agent</td></tr>
+<tr><td>TTTT</td><td>Events fetched from DB to service this request (note that this does not include events fetched from the cache)</td></tr>
+</tbody></table>
+<p>MMMM / NNNN can be greater than IIII if there are multiple slow database queries
+running in parallel.</p>
+<p>Some actions can result in multiple identical http requests, which will return
+the same data, but only the first request will report time/transactions in
+<code>KKKK</code>/<code>LLLL</code>/<code>MMMM</code>/<code>NNNN</code>/<code>OOOO</code> - the others will be awaiting the first query to return a
+response and will simultaneously return with the first request, but with very
+small processing times.</p>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><!--
+  Include the contents of CONTRIBUTING.md from the project root (where GitHub likes it 
+  to be)
+-->
+<h1 id="contributing"><a class="header" href="#contributing">Contributing</a></h1>
+<p>Welcome to Synapse</p>
+<p>This document aims to get you started with contributing to this repo! </p>
+<ul>
+<li><a href="development/contributing_guide.html#1-who-can-contribute-to-synapse">1. Who can contribute to Synapse?</a></li>
+<li><a href="development/contributing_guide.html#2-what-do-i-need">2. What do I need?</a></li>
+<li><a href="development/contributing_guide.html#3-get-the-source">3. Get the source.</a></li>
+<li><a href="development/contributing_guide.html#4-install-the-dependencies">4. Install the dependencies</a>
+<ul>
+<li><a href="development/contributing_guide.html#under-unix-macos-linux-bsd-">Under Unix (macOS, Linux, BSD, ...)</a></li>
+<li><a href="development/contributing_guide.html#under-windows">Under Windows</a></li>
+</ul>
+</li>
+<li><a href="development/contributing_guide.html#5-get-in-touch">5. Get in touch.</a></li>
+<li><a href="development/contributing_guide.html#6-pick-an-issue">6. Pick an issue.</a></li>
+<li><a href="development/contributing_guide.html#7-turn-coffee-and-documentation-into-code-and-documentation">7. Turn coffee and documentation into code and documentation!</a></li>
+<li><a href="development/contributing_guide.html#8-test-test-test">8. Test, test, test!</a>
+<ul>
+<li><a href="development/contributing_guide.html#run-the-linters">Run the linters.</a></li>
+<li><a href="development/contributing_guide.html#run-the-unit-tests">Run the unit tests.</a></li>
+<li><a href="development/contributing_guide.html#run-the-integration-tests">Run the integration tests.</a></li>
+</ul>
+</li>
+<li><a href="development/contributing_guide.html#9-submit-your-patch">9. Submit your patch.</a>
+<ul>
+<li><a href="development/contributing_guide.html#changelog">Changelog</a>
+<ul>
+<li><a href="development/contributing_guide.html#how-do-i-know-what-to-call-the-changelog-file-before-i-create-the-pr">How do I know what to call the changelog file before I create the PR?</a></li>
+<li><a href="development/contributing_guide.html#debian-changelog">Debian changelog</a></li>
+</ul>
+</li>
+<li><a href="development/contributing_guide.html#sign-off">Sign off</a></li>
+</ul>
+</li>
+<li><a href="development/contributing_guide.html#10-turn-feedback-into-better-code">10. Turn feedback into better code.</a></li>
+<li><a href="development/contributing_guide.html#11-find-a-new-issue">11. Find a new issue.</a></li>
+<li><a href="development/contributing_guide.html#notes-for-maintainers-on-merging-prs-etc">Notes for maintainers on merging PRs etc</a></li>
+<li><a href="development/contributing_guide.html#conclusion">Conclusion</a></li>
+</ul>
+<h1 id="1-who-can-contribute-to-synapse"><a class="header" href="#1-who-can-contribute-to-synapse">1. Who can contribute to Synapse?</a></h1>
+<p>Everyone is welcome to contribute code to <a href="https://github.com/matrix-org">matrix.org
+projects</a>, provided that they are willing to
+license their contributions under the same license as the project itself. We
+follow a simple 'inbound=outbound' model for contributions: the act of
+submitting an 'inbound' contribution means that the contributor agrees to
+license the code under the same terms as the project's overall 'outbound'
+license - in our case, this is almost always Apache Software License v2 (see
+<a href="development/LICENSE">LICENSE</a>).</p>
+<h1 id="2-what-do-i-need"><a class="header" href="#2-what-do-i-need">2. What do I need?</a></h1>
+<p>The code of Synapse is written in Python 3. To do pretty much anything, you'll need <a href="https://wiki.python.org/moin/BeginnersGuide/Download">a recent version of Python 3</a>.</p>
+<p>The source code of Synapse is hosted on GitHub. You will also need <a href="https://github.com/git-guides/install-git">a recent version of git</a>.</p>
+<p>For some tests, you will need <a href="https://docs.docker.com/get-docker/">a recent version of Docker</a>.</p>
+<h1 id="3-get-the-source"><a class="header" href="#3-get-the-source">3. Get the source.</a></h1>
+<p>The preferred and easiest way to contribute changes is to fork the relevant
+project on GitHub, and then <a href="https://help.github.com/articles/using-pull-requests/">create a pull request</a> to ask us to pull your
+changes into our repo.</p>
+<p>Please base your changes on the <code>develop</code> branch.</p>
+<pre><code class="language-sh">git clone git@github.com:YOUR_GITHUB_USER_NAME/synapse.git
+git checkout develop
+</code></pre>
+<p>If you need help getting started with git, this is beyond the scope of the document, but you
+can find many good git tutorials on the web.</p>
+<h1 id="4-install-the-dependencies"><a class="header" href="#4-install-the-dependencies">4. Install the dependencies</a></h1>
+<h2 id="under-unix-macos-linux-bsd-"><a class="header" href="#under-unix-macos-linux-bsd-">Under Unix (macOS, Linux, BSD, ...)</a></h2>
+<p>Once you have installed Python 3 and added the source, please open a terminal and
+setup a <em>virtualenv</em>, as follows:</p>
+<pre><code class="language-sh">cd path/where/you/have/cloned/the/repository
+python3 -m venv ./env
+source ./env/bin/activate
+pip install -e &quot;.[all,lint,mypy,test]&quot;
+pip install tox
+</code></pre>
+<p>This will install the developer dependencies for the project.</p>
+<h2 id="under-windows"><a class="header" href="#under-windows">Under Windows</a></h2>
+<p>TBD</p>
+<h1 id="5-get-in-touch"><a class="header" href="#5-get-in-touch">5. Get in touch.</a></h1>
+<p>Join our developer community on Matrix: #synapse-dev:matrix.org !</p>
+<h1 id="6-pick-an-issue"><a class="header" href="#6-pick-an-issue">6. Pick an issue.</a></h1>
+<p>Fix your favorite problem or perhaps find a <a href="https://github.com/matrix-org/synapse/issues?q=is%3Aopen+is%3Aissue+label%3A%22Good+First+Issue%22">Good First Issue</a>
+to work on.</p>
+<h1 id="7-turn-coffee-and-documentation-into-code-and-documentation"><a class="header" href="#7-turn-coffee-and-documentation-into-code-and-documentation">7. Turn coffee and documentation into code and documentation!</a></h1>
+<p>Synapse's code style is documented <a href="development/docs/code_style.html">here</a>. Please follow
+it, including the conventions for the <a href="development/docs/code_style.html#configuration-file-format">sample configuration
+file</a>.</p>
+<p>There is a growing amount of documentation located in the <a href="development/docs">docs</a>
+directory. This documentation is intended primarily for sysadmins running their
+own Synapse instance, as well as developers interacting externally with
+Synapse. <a href="development/docs/dev">docs/dev</a> exists primarily to house documentation for
+Synapse developers. <a href="development/docs/admin_api">docs/admin_api</a> houses documentation
+regarding Synapse's Admin API, which is used mostly by sysadmins and external
+service developers.</p>
+<p>If you add new files added to either of these folders, please use <a href="https://guides.github.com/features/mastering-markdown/">GitHub-Flavoured
+Markdown</a>.</p>
+<p>Some documentation also exists in <a href="https://github.com/matrix-org/synapse/wiki">Synapse's GitHub
+Wiki</a>, although this is primarily
+contributed to by community authors.</p>
+<h1 id="8-test-test-test"><a class="header" href="#8-test-test-test">8. Test, test, test!</a></h1>
+<p><a name="test-test-test"></a></p>
+<p>While you're developing and before submitting a patch, you'll
+want to test your code.</p>
+<h2 id="run-the-linters"><a class="header" href="#run-the-linters">Run the linters.</a></h2>
+<p>The linters look at your code and do two things:</p>
+<ul>
+<li>ensure that your code follows the coding style adopted by the project;</li>
+<li>catch a number of errors in your code.</li>
+</ul>
+<p>They're pretty fast, don't hesitate!</p>
+<pre><code class="language-sh">source ./env/bin/activate
+./scripts-dev/lint.sh
+</code></pre>
+<p>Note that this script <em>will modify your files</em> to fix styling errors.
+Make sure that you have saved all your files.</p>
+<p>If you wish to restrict the linters to only the files changed since the last commit
+(much faster!), you can instead run:</p>
+<pre><code class="language-sh">source ./env/bin/activate
+./scripts-dev/lint.sh -d
+</code></pre>
+<p>Or if you know exactly which files you wish to lint, you can instead run:</p>
+<pre><code class="language-sh">source ./env/bin/activate
+./scripts-dev/lint.sh path/to/file1.py path/to/file2.py path/to/folder
+</code></pre>
+<h2 id="run-the-unit-tests"><a class="header" href="#run-the-unit-tests">Run the unit tests.</a></h2>
+<p>The unit tests run parts of Synapse, including your changes, to see if anything
+was broken. They are slower than the linters but will typically catch more errors.</p>
+<pre><code class="language-sh">source ./env/bin/activate
+trial tests
+</code></pre>
+<p>If you wish to only run <em>some</em> unit tests, you may specify
+another module instead of <code>tests</code> - or a test class or a method:</p>
+<pre><code class="language-sh">source ./env/bin/activate
+trial tests.rest.admin.test_room tests.handlers.test_admin.ExfiltrateData.test_invite
+</code></pre>
+<p>If your tests fail, you may wish to look at the logs (the default log level is <code>ERROR</code>):</p>
+<pre><code class="language-sh">less _trial_temp/test.log
+</code></pre>
+<p>To increase the log level for the tests, set <code>SYNAPSE_TEST_LOG_LEVEL</code>:</p>
+<pre><code class="language-sh">SYNAPSE_TEST_LOG_LEVEL=DEBUG trial tests
+</code></pre>
+<h2 id="run-the-integration-tests"><a class="header" href="#run-the-integration-tests">Run the integration tests.</a></h2>
+<p>The integration tests are a more comprehensive suite of tests. They
+run a full version of Synapse, including your changes, to check if
+anything was broken. They are slower than the unit tests but will
+typically catch more errors.</p>
+<p>The following command will let you run the integration test with the most common
+configuration:</p>
+<pre><code class="language-sh">$ docker run --rm -it -v /path/where/you/have/cloned/the/repository\:/src:ro -v /path/to/where/you/want/logs\:/logs matrixdotorg/sytest-synapse:py37
+</code></pre>
+<p>This configuration should generally cover  your needs. For more details about other configurations, see <a href="https://github.com/matrix-org/sytest/blob/develop/docker/README.md">documentation in the SyTest repo</a>.</p>
+<h1 id="9-submit-your-patch"><a class="header" href="#9-submit-your-patch">9. Submit your patch.</a></h1>
+<p>Once you're happy with your patch, it's time to prepare a Pull Request.</p>
+<p>To prepare a Pull Request, please:</p>
+<ol>
+<li>verify that <a href="development/contributing_guide.html#test-test-test">all the tests pass</a>, including the coding style;</li>
+<li><a href="development/contributing_guide.html#sign-off">sign off</a> your contribution;</li>
+<li><code>git push</code> your commit to your fork of Synapse;</li>
+<li>on GitHub, <a href="https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/creating-a-pull-request">create the Pull Request</a>;</li>
+<li>add a <a href="development/contributing_guide.html#changelog">changelog entry</a> and push it to your Pull Request;</li>
+<li>for most contributors, that's all - however, if you are a member of the organization <code>matrix-org</code>, on GitHub, please request a review from <code>matrix.org / Synapse Core</code>.</li>
+</ol>
+<h2 id="changelog"><a class="header" href="#changelog">Changelog</a></h2>
+<p>All changes, even minor ones, need a corresponding changelog / newsfragment
+entry. These are managed by <a href="https://github.com/hawkowl/towncrier">Towncrier</a>.</p>
+<p>To create a changelog entry, make a new file in the <code>changelog.d</code> directory named
+in the format of <code>PRnumber.type</code>. The type can be one of the following:</p>
+<ul>
+<li><code>feature</code></li>
+<li><code>bugfix</code></li>
+<li><code>docker</code> (for updates to the Docker image)</li>
+<li><code>doc</code> (for updates to the documentation)</li>
+<li><code>removal</code> (also used for deprecations)</li>
+<li><code>misc</code> (for internal-only changes)</li>
+</ul>
+<p>This file will become part of our <a href="https://github.com/matrix-org/synapse/blob/master/CHANGES.md">changelog</a> at the next
+release, so the content of the file should be a short description of your
+change in the same style as the rest of the changelog. The file can contain Markdown
+formatting, and should end with a full stop (.) or an exclamation mark (!) for
+consistency.</p>
+<p>Adding credits to the changelog is encouraged, we value your
+contributions and would like to have you shouted out in the release notes!</p>
+<p>For example, a fix in PR #1234 would have its changelog entry in
+<code>changelog.d/1234.bugfix</code>, and contain content like:</p>
+<blockquote>
+<p>The security levels of Florbs are now validated when received
+via the <code>/federation/florb</code> endpoint. Contributed by Jane Matrix.</p>
+</blockquote>
+<p>If there are multiple pull requests involved in a single bugfix/feature/etc,
+then the content for each <code>changelog.d</code> file should be the same. Towncrier will
+merge the matching files together into a single changelog entry when we come to
+release.</p>
+<h3 id="how-do-i-know-what-to-call-the-changelog-file-before-i-create-the-pr"><a class="header" href="#how-do-i-know-what-to-call-the-changelog-file-before-i-create-the-pr">How do I know what to call the changelog file before I create the PR?</a></h3>
+<p>Obviously, you don't know if you should call your newsfile
+<code>1234.bugfix</code> or <code>5678.bugfix</code> until you create the PR, which leads to a
+chicken-and-egg problem.</p>
+<p>There are two options for solving this:</p>
+<ol>
+<li>
+<p>Open the PR without a changelog file, see what number you got, and <em>then</em>
+add the changelog file to your branch (see <a href="development/contributing_guide.html#updating-your-pull-request">Updating your pull
+request</a>), or:</p>
+</li>
+<li>
+<p>Look at the <a href="https://github.com/matrix-org/synapse/issues?q=">list of all
+issues/PRs</a>, add one to the
+highest number you see, and quickly open the PR before somebody else claims
+your number.</p>
+<p><a href="https://github.com/richvdh/scripts/blob/master/next_github_number.sh">This
+script</a>
+might be helpful if you find yourself doing this a lot.</p>
+</li>
+</ol>
+<p>Sorry, we know it's a bit fiddly, but it's <em>really</em> helpful for us when we come
+to put together a release!</p>
+<h3 id="debian-changelog"><a class="header" href="#debian-changelog">Debian changelog</a></h3>
+<p>Changes which affect the debian packaging files (in <code>debian</code>) are an
+exception to the rule that all changes require a <code>changelog.d</code> file.</p>
+<p>In this case, you will need to add an entry to the debian changelog for the
+next release. For this, run the following command:</p>
+<pre><code>dch
+</code></pre>
+<p>This will make up a new version number (if there isn't already an unreleased
+version in flight), and open an editor where you can add a new changelog entry.
+(Our release process will ensure that the version number and maintainer name is
+corrected for the release.)</p>
+<p>If your change affects both the debian packaging <em>and</em> files outside the debian
+directory, you will need both a regular newsfragment <em>and</em> an entry in the
+debian changelog. (Though typically such changes should be submitted as two
+separate pull requests.)</p>
+<h2 id="sign-off"><a class="header" href="#sign-off">Sign off</a></h2>
+<p>In order to have a concrete record that your contribution is intentional
+and you agree to license it under the same terms as the project's license, we've adopted the
+same lightweight approach that the Linux Kernel
+<a href="https://www.kernel.org/doc/html/latest/process/submitting-patches.html#sign-your-work-the-developer-s-certificate-of-origin%3E">submitting patches process</a>,
+<a href="https://github.com/docker/docker/blob/master/CONTRIBUTING.md">Docker</a>, and many other
+projects use: the DCO (Developer Certificate of Origin:
+http://developercertificate.org/). This is a simple declaration that you wrote
+the contribution or otherwise have the right to contribute it to Matrix:</p>
+<pre><code>Developer Certificate of Origin
+Version 1.1
+
+Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
+660 York Street, Suite 102,
+San Francisco, CA 94110 USA
+
+Everyone is permitted to copy and distribute verbatim copies of this
+license document, but changing it is not allowed.
+
+Developer's Certificate of Origin 1.1
+
+By making a contribution to this project, I certify that:
+
+(a) The contribution was created in whole or in part by me and I
+    have the right to submit it under the open source license
+    indicated in the file; or
+
+(b) The contribution is based upon previous work that, to the best
+    of my knowledge, is covered under an appropriate open source
+    license and I have the right under that license to submit that
+    work with modifications, whether created in whole or in part
+    by me, under the same open source license (unless I am
+    permitted to submit under a different license), as indicated
+    in the file; or
+
+(c) The contribution was provided directly to me by some other
+    person who certified (a), (b) or (c) and I have not modified
+    it.
+
+(d) I understand and agree that this project and the contribution
+    are public and that a record of the contribution (including all
+    personal information I submit with it, including my sign-off) is
+    maintained indefinitely and may be redistributed consistent with
+    this project or the open source license(s) involved.
+</code></pre>
+<p>If you agree to this for your contribution, then all that's needed is to
+include the line in your commit or pull request comment:</p>
+<pre><code>Signed-off-by: Your Name &lt;your@email.example.org&gt;
+</code></pre>
+<p>We accept contributions under a legally identifiable name, such as
+your name on government documentation or common-law names (names
+claimed by legitimate usage or repute). Unfortunately, we cannot
+accept anonymous contributions at this time.</p>
+<p>Git allows you to add this signoff automatically when using the <code>-s</code>
+flag to <code>git commit</code>, which uses the name and email set in your
+<code>user.name</code> and <code>user.email</code> git configs.</p>
+<h1 id="10-turn-feedback-into-better-code"><a class="header" href="#10-turn-feedback-into-better-code">10. Turn feedback into better code.</a></h1>
+<p>Once the Pull Request is opened, you will see a few things:</p>
+<ol>
+<li>our automated CI (Continuous Integration) pipeline will run (again) the linters, the unit tests, the integration tests and more;</li>
+<li>one or more of the developers will take a look at your Pull Request and offer feedback.</li>
+</ol>
+<p>From this point, you should:</p>
+<ol>
+<li>Look at the results of the CI pipeline.
+<ul>
+<li>If there is any error, fix the error.</li>
+</ul>
+</li>
+<li>If a developer has requested changes, make these changes and let us know if it is ready for a developer to review again.</li>
+<li>Create a new commit with the changes.
+<ul>
+<li>Please do NOT overwrite the history. New commits make the reviewer's life easier.</li>
+<li>Push this commits to your Pull Request.</li>
+</ul>
+</li>
+<li>Back to 1.</li>
+</ol>
+<p>Once both the CI and the developers are happy, the patch will be merged into Synapse and released shortly!</p>
+<h1 id="11-find-a-new-issue"><a class="header" href="#11-find-a-new-issue">11. Find a new issue.</a></h1>
+<p>By now, you know the drill!</p>
+<h1 id="notes-for-maintainers-on-merging-prs-etc"><a class="header" href="#notes-for-maintainers-on-merging-prs-etc">Notes for maintainers on merging PRs etc</a></h1>
+<p>There are some notes for those with commit access to the project on how we
+manage git <a href="development/docs/dev/git.html">here</a>.</p>
+<h1 id="conclusion"><a class="header" href="#conclusion">Conclusion</a></h1>
+<p>That's it! Matrix is a very open and collaborative project as you might expect
+given our obsession with open communication. If we're going to successfully
+matrix together all the fragmented communication technologies out there we are
+reliant on contributions and collaboration from the community to do so. So
+please get involved - and we hope you have as much fun hacking on Matrix as we
+do!</p>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="code-style"><a class="header" href="#code-style">Code Style</a></h1>
+<h2 id="formatting-tools"><a class="header" href="#formatting-tools">Formatting tools</a></h2>
+<p>The Synapse codebase uses a number of code formatting tools in order to
+quickly and automatically check for formatting (and sometimes logical)
+errors in code.</p>
+<p>The necessary tools are detailed below.</p>
+<p>First install them with:</p>
+<pre><code>pip install -e &quot;.[lint,mypy]&quot;
+</code></pre>
+<ul>
+<li>
+<p><strong>black</strong></p>
+<p>The Synapse codebase uses <a href="https://pypi.org/project/black/">black</a>
+as an opinionated code formatter, ensuring all comitted code is
+properly formatted.</p>
+<p>Have <code>black</code> auto-format your code (it shouldn't change any
+functionality) with:</p>
+<pre><code>black . --exclude=&quot;\.tox|build|env&quot;
+</code></pre>
+</li>
+<li>
+<p><strong>flake8</strong></p>
+<p><code>flake8</code> is a code checking tool. We require code to pass <code>flake8</code>
+before being merged into the codebase.</p>
+<p>Check all application and test code with:</p>
+<pre><code>flake8 synapse tests
+</code></pre>
+</li>
+<li>
+<p><strong>isort</strong></p>
+<p><code>isort</code> ensures imports are nicely formatted, and can suggest and
+auto-fix issues such as double-importing.</p>
+<p>Auto-fix imports with:</p>
+<pre><code>isort -rc synapse tests
+</code></pre>
+<p><code>-rc</code> means to recursively search the given directories.</p>
+</li>
+</ul>
+<p>It's worth noting that modern IDEs and text editors can run these tools
+automatically on save. It may be worth looking into whether this
+functionality is supported in your editor for a more convenient
+development workflow. It is not, however, recommended to run <code>flake8</code> on
+save as it takes a while and is very resource intensive.</p>
+<h2 id="general-rules"><a class="header" href="#general-rules">General rules</a></h2>
+<ul>
+<li><strong>Naming</strong>:
+<ul>
+<li>Use camel case for class and type names</li>
+<li>Use underscores for functions and variables.</li>
+</ul>
+</li>
+<li><strong>Docstrings</strong>: should follow the <a href="https://google.github.io/styleguide/pyguide.html#38-comments-and-docstrings">google code
+style</a>.
+See the
+<a href="http://sphinxcontrib-napoleon.readthedocs.io/en/latest/example_google.html">examples</a>
+in the sphinx documentation.</li>
+<li><strong>Imports</strong>:
+<ul>
+<li>
+<p>Imports should be sorted by <code>isort</code> as described above.</p>
+</li>
+<li>
+<p>Prefer to import classes and functions rather than packages or
+modules.</p>
+<p>Example:</p>
+<pre><code>from synapse.types import UserID
+...
+user_id = UserID(local, server)
+</code></pre>
+<p>is preferred over:</p>
+<pre><code>from synapse import types
+...
+user_id = types.UserID(local, server)
+</code></pre>
+<p>(or any other variant).</p>
+<p>This goes against the advice in the Google style guide, but it
+means that errors in the name are caught early (at import time).</p>
+</li>
+<li>
+<p>Avoid wildcard imports (<code>from synapse.types import *</code>) and
+relative imports (<code>from .types import UserID</code>).</p>
+</li>
+</ul>
+</li>
+</ul>
+<h2 id="configuration-file-format"><a class="header" href="#configuration-file-format">Configuration file format</a></h2>
+<p>The <a href="./sample_config.yaml">sample configuration file</a> acts as a
+reference to Synapse's configuration options for server administrators.
+Remember that many readers will be unfamiliar with YAML and server
+administration in general, so that it is important that the file be as
+easy to understand as possible, which includes following a consistent
+format.</p>
+<p>Some guidelines follow:</p>
+<ul>
+<li>
+<p>Sections should be separated with a heading consisting of a single
+line prefixed and suffixed with <code>##</code>. There should be <strong>two</strong> blank
+lines before the section header, and <strong>one</strong> after.</p>
+</li>
+<li>
+<p>Each option should be listed in the file with the following format:</p>
+<ul>
+<li>
+<p>A comment describing the setting. Each line of this comment
+should be prefixed with a hash (<code>#</code>) and a space.</p>
+<p>The comment should describe the default behaviour (ie, what
+happens if the setting is omitted), as well as what the effect
+will be if the setting is changed.</p>
+<p>Often, the comment end with something like &quot;uncomment the
+following to <do action>&quot;.</p>
+</li>
+<li>
+<p>A line consisting of only <code>#</code>.</p>
+</li>
+<li>
+<p>A commented-out example setting, prefixed with only <code>#</code>.</p>
+<p>For boolean (on/off) options, convention is that this example
+should be the <em>opposite</em> to the default (so the comment will end
+with &quot;Uncomment the following to enable [or disable]
+<feature>.&quot; For other options, the example should give some
+non-default value which is likely to be useful to the reader.</p>
+</li>
+</ul>
+</li>
+<li>
+<p>There should be a blank line between each option.</p>
+</li>
+<li>
+<p>Where several settings are grouped into a single dict, <em>avoid</em> the
+convention where the whole block is commented out, resulting in
+comment lines starting <code># #</code>, as this is hard to read and confusing
+to edit. Instead, leave the top-level config option uncommented, and
+follow the conventions above for sub-options. Ensure that your code
+correctly handles the top-level option being set to <code>None</code> (as it
+will be if no sub-options are enabled).</p>
+</li>
+<li>
+<p>Lines should be wrapped at 80 characters.</p>
+</li>
+<li>
+<p>Use two-space indents.</p>
+</li>
+<li>
+<p><code>true</code> and <code>false</code> are spelt thus (as opposed to <code>True</code>, etc.)</p>
+</li>
+<li>
+<p>Use single quotes (<code>'</code>) rather than double-quotes (<code>&quot;</code>) or backticks
+(<code>`</code>) to refer to configuration options.</p>
+</li>
+</ul>
+<p>Example:</p>
+<pre><code>## Frobnication ##
+
+# The frobnicator will ensure that all requests are fully frobnicated.
+# To enable it, uncomment the following.
+#
+#frobnicator_enabled: true
+
+# By default, the frobnicator will frobnicate with the default frobber.
+# The following will make it use an alternative frobber.
+#
+#frobincator_frobber: special_frobber
+
+# Settings for the frobber
+#
+frobber:
+  # frobbing speed. Defaults to 1.
+  #
+  #speed: 10
+
+  # frobbing distance. Defaults to 1000.
+  #
+  #distance: 100
+</code></pre>
+<p>Note that the sample configuration is generated from the synapse code
+and is maintained by a script, <code>scripts-dev/generate_sample_config</code>.
+Making sure that the output from this script matches the desired format
+is left as an exercise for the reader!</p>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="some-notes-on-how-we-use-git"><a class="header" href="#some-notes-on-how-we-use-git">Some notes on how we use git</a></h1>
+<h2 id="on-keeping-the-commit-history-clean"><a class="header" href="#on-keeping-the-commit-history-clean">On keeping the commit history clean</a></h2>
+<p>In an ideal world, our git commit history would be a linear progression of
+commits each of which contains a single change building on what came
+before. Here, by way of an arbitrary example, is the top of <code>git log --graph b2dba0607</code>:</p>
+<img src="dev/git/clean.png" alt="clean git graph" width="500px">
+<p>Note how the commit comment explains clearly what is changing and why. Also
+note the <em>absence</em> of merge commits, as well as the absence of commits called
+things like (to pick a few culprits):
+<a href="https://github.com/matrix-org/synapse/commit/84691da6c">“pep8”</a>, <a href="https://github.com/matrix-org/synapse/commit/474810d9d">“fix broken
+test”</a>,
+<a href="https://github.com/matrix-org/synapse/commit/c9d72e457">“oops”</a>,
+<a href="https://github.com/matrix-org/synapse/commit/836358823">“typo”</a>, or <a href="https://github.com/matrix-org/synapse/commit/707374d5d">“Who's
+the president?”</a>.</p>
+<p>There are a number of reasons why keeping a clean commit history is a good
+thing:</p>
+<ul>
+<li>
+<p>From time to time, after a change lands, it turns out to be necessary to
+revert it, or to backport it to a release branch. Those operations are
+<em>much</em> easier when the change is contained in a single commit.</p>
+</li>
+<li>
+<p>Similarly, it's much easier to answer questions like “is the fix for
+<code>/publicRooms</code> on the release branch?” if that change consists of a single
+commit.</p>
+</li>
+<li>
+<p>Likewise: “what has changed on this branch in the last week?” is much
+clearer without merges and “pep8” commits everywhere.</p>
+</li>
+<li>
+<p>Sometimes we need to figure out where a bug got introduced, or some
+behaviour changed. One way of doing that is with <code>git bisect</code>: pick an
+arbitrary commit between the known good point and the known bad point, and
+see how the code behaves. However, that strategy fails if the commit you
+chose is the middle of someone's epic branch in which they broke the world
+before putting it back together again.</p>
+</li>
+</ul>
+<p>One counterargument is that it is sometimes useful to see how a PR evolved as
+it went through review cycles. This is true, but that information is always
+available via the GitHub UI (or via the little-known <a href="https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/checking-out-pull-requests-locally">refs/pull
+namespace</a>).</p>
+<p>Of course, in reality, things are more complicated than that. We have release
+branches as well as <code>develop</code> and <code>master</code>, and we deliberately merge changes
+between them. Bugs often slip through and have to be fixed later. That's all
+fine: this not a cast-iron rule which must be obeyed, but an ideal to aim
+towards.</p>
+<h2 id="merges-squashes-rebases-wtf"><a class="header" href="#merges-squashes-rebases-wtf">Merges, squashes, rebases: wtf?</a></h2>
+<p>Ok, so that's what we'd like to achieve. How do we achieve it?</p>
+<p>The TL;DR is: when you come to merge a pull request, you <em>probably</em> want to
+“squash and merge”:</p>
+<p><img src="dev/git/squash.png" alt="squash and merge" />.</p>
+<p>(This applies whether you are merging your own PR, or that of another
+contributor.)</p>
+<p>“Squash and merge”<sup id="a1"><a href="dev/git.html#f1">1</a></sup> takes all of the changes in the
+PR, and bundles them into a single commit. GitHub gives you the opportunity to
+edit the commit message before you confirm, and normally you should do so,
+because the default will be useless (again: <code>* woops typo</code> is not a useful
+thing to keep in the historical record).</p>
+<p>The main problem with this approach comes when you have a series of pull
+requests which build on top of one another: as soon as you squash-merge the
+first PR, you'll end up with a stack of conflicts to resolve in all of the
+others. In general, it's best to avoid this situation in the first place by
+trying not to have multiple related PRs in flight at the same time. Still,
+sometimes that's not possible and doing a regular merge is the lesser evil.</p>
+<p>Another occasion in which a regular merge makes more sense is a PR where you've
+deliberately created a series of commits each of which makes sense in its own
+right. For example: <a href="https://github.com/matrix-org/synapse/pull/6837">a PR which gradually propagates a refactoring operation
+through the codebase</a>, or <a href="https://github.com/matrix-org/synapse/pull/5987">a
+PR which is the culmination of several other
+PRs</a>. In this case the ability
+to figure out when a particular change/bug was introduced could be very useful.</p>
+<p>Ultimately: <strong>this is not a hard-and-fast-rule</strong>. If in doubt, ask yourself “do
+each of the commits I am about to merge make sense in their own right”, but
+remember that we're just doing our best to balance “keeping the commit history
+clean” with other factors.</p>
+<h2 id="git-branching-model"><a class="header" href="#git-branching-model">Git branching model</a></h2>
+<p>A <a href="https://nvie.com/posts/a-successful-git-branching-model/">lot</a>
+<a href="http://scottchacon.com/2011/08/31/github-flow.html">of</a>
+<a href="https://www.endoflineblog.com/gitflow-considered-harmful">words</a> have been
+written in the past about git branching models (no really, <a href="https://martinfowler.com/articles/branching-patterns.html">a
+lot</a>). I tend to
+think the whole thing is overblown. Fundamentally, it's not that
+complicated. Here's how we do it.</p>
+<p>Let's start with a picture:</p>
+<p><img src="dev/git/branches.jpg" alt="branching model" /></p>
+<p>It looks complicated, but it's really not. There's one basic rule: <em>anyone</em> is
+free to merge from <em>any</em> more-stable branch to <em>any</em> less-stable branch at
+<em>any</em> time<sup id="a2"><a href="dev/git.html#f2">2</a></sup>. (The principle behind this is that if a
+change is good enough for the more-stable branch, then it's also good enough go
+put in a less-stable branch.)</p>
+<p>Meanwhile, merging (or squashing, as per the above) from a less-stable to a
+more-stable branch is a deliberate action in which you want to publish a change
+or a set of changes to (some subset of) the world: for example, this happens
+when a PR is landed, or as part of our release process.</p>
+<p>So, what counts as a more- or less-stable branch? A little reflection will show
+that our active branches are ordered thus, from more-stable to less-stable:</p>
+<ul>
+<li><code>master</code> (tracks our last release).</li>
+<li><code>release-vX.Y</code> (the branch where we prepare the next release)<sup
+   id="a3"><a href="dev/git.html#f3">3</a></sup>.</li>
+<li>PR branches which are targeting the release.</li>
+<li><code>develop</code> (our &quot;mainline&quot; branch containing our bleeding-edge).</li>
+<li>regular PR branches.</li>
+</ul>
+<p>The corollary is: if you have a bugfix that needs to land in both
+<code>release-vX.Y</code> <em>and</em> <code>develop</code>, then you should base your PR on
+<code>release-vX.Y</code>, get it merged there, and then merge from <code>release-vX.Y</code> to
+<code>develop</code>. (If a fix lands in <code>develop</code> and we later need it in a
+release-branch, we can of course cherry-pick it, but landing it in the release
+branch first helps reduce the chance of annoying conflicts.)</p>
+<hr />
+<p><b id="f1">[1]</b>: “Squash and merge” is GitHub's term for this
+operation. Given that there is no merge involved, I'm not convinced it's the
+most intuitive name. <a href="dev/git.html#a1">^</a></p>
+<p><b id="f2">[2]</b>: Well, anyone with commit access.<a href="dev/git.html#a2">^</a></p>
+<p><b id="f3">[3]</b>: Very, very occasionally (I think this has happened once in
+the history of Synapse), we've had two releases in flight at once. Obviously,
+<code>release-v1.2</code> is more-stable than <code>release-v1.3</code>. <a href="dev/git.html#a3">^</a></p>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="opentracing"><a class="header" href="#opentracing">OpenTracing</a></h1>
+<h2 id="background"><a class="header" href="#background">Background</a></h2>
+<p>OpenTracing is a semi-standard being adopted by a number of distributed
+tracing platforms. It is a common api for facilitating vendor-agnostic
+tracing instrumentation. That is, we can use the OpenTracing api and
+select one of a number of tracer implementations to do the heavy lifting
+in the background. Our current selected implementation is Jaeger.</p>
+<p>OpenTracing is a tool which gives an insight into the causal
+relationship of work done in and between servers. The servers each track
+events and report them to a centralised server - in Synapse's case:
+Jaeger. The basic unit used to represent events is the span. The span
+roughly represents a single piece of work that was done and the time at
+which it occurred. A span can have child spans, meaning that the work of
+the child had to be completed for the parent span to complete, or it can
+have follow-on spans which represent work that is undertaken as a result
+of the parent but is not depended on by the parent to in order to
+finish.</p>
+<p>Since this is undertaken in a distributed environment a request to
+another server, such as an RPC or a simple GET, can be considered a span
+(a unit or work) for the local server. This causal link is what
+OpenTracing aims to capture and visualise. In order to do this metadata
+about the local server's span, i.e the 'span context', needs to be
+included with the request to the remote.</p>
+<p>It is up to the remote server to decide what it does with the spans it
+creates. This is called the sampling policy and it can be configured
+through Jaeger's settings.</p>
+<p>For OpenTracing concepts see
+<a href="https://opentracing.io/docs/overview/what-is-tracing/">https://opentracing.io/docs/overview/what-is-tracing/</a>.</p>
+<p>For more information about Jaeger's implementation see
+<a href="https://www.jaegertracing.io/docs/">https://www.jaegertracing.io/docs/</a></p>
+<h2 id="setting-up-opentracing"><a class="header" href="#setting-up-opentracing">Setting up OpenTracing</a></h2>
+<p>To receive OpenTracing spans, start up a Jaeger server. This can be done
+using docker like so:</p>
+<pre><code class="language-sh">docker run -d --name jaeger \
+  -p 6831:6831/udp \
+  -p 6832:6832/udp \
+  -p 5778:5778 \
+  -p 16686:16686 \
+  -p 14268:14268 \
+  jaegertracing/all-in-one:1
+</code></pre>
+<p>Latest documentation is probably at
+https://www.jaegertracing.io/docs/latest/getting-started.</p>
+<h2 id="enable-opentracing-in-synapse"><a class="header" href="#enable-opentracing-in-synapse">Enable OpenTracing in Synapse</a></h2>
+<p>OpenTracing is not enabled by default. It must be enabled in the
+homeserver config by uncommenting the config options under <code>opentracing</code>
+as shown in the <a href="./sample_config.yaml">sample config</a>. For example:</p>
+<pre><code class="language-yaml">opentracing:
+  enabled: true
+  homeserver_whitelist:
+    - &quot;mytrustedhomeserver.org&quot;
+    - &quot;*.myotherhomeservers.com&quot;
+</code></pre>
+<h2 id="homeserver-whitelisting"><a class="header" href="#homeserver-whitelisting">Homeserver whitelisting</a></h2>
+<p>The homeserver whitelist is configured using regular expressions. A list
+of regular expressions can be given and their union will be compared
+when propagating any spans contexts to another homeserver.</p>
+<p>Though it's mostly safe to send and receive span contexts to and from
+untrusted users since span contexts are usually opaque ids it can lead
+to two problems, namely:</p>
+<ul>
+<li>If the span context is marked as sampled by the sending homeserver
+the receiver will sample it. Therefore two homeservers with wildly
+different sampling policies could incur higher sampling counts than
+intended.</li>
+<li>Sending servers can attach arbitrary data to spans, known as
+'baggage'. For safety this has been disabled in Synapse but that
+doesn't prevent another server sending you baggage which will be
+logged to OpenTracing's logs.</li>
+</ul>
+<h2 id="configuring-jaeger"><a class="header" href="#configuring-jaeger">Configuring Jaeger</a></h2>
+<p>Sampling strategies can be set as in this document:
+<a href="https://www.jaegertracing.io/docs/latest/sampling/">https://www.jaegertracing.io/docs/latest/sampling/</a>.</p>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="synapse-database-schema-files"><a class="header" href="#synapse-database-schema-files">Synapse database schema files</a></h1>
+<p>Synapse's database schema is stored in the <code>synapse.storage.schema</code> module.</p>
+<h2 id="logical-databases"><a class="header" href="#logical-databases">Logical databases</a></h2>
+<p>Synapse supports splitting its datastore across multiple physical databases (which can
+be useful for large installations), and the schema files are therefore split according
+to the logical database they apply to.</p>
+<p>At the time of writing, the following &quot;logical&quot; databases are supported:</p>
+<ul>
+<li><code>state</code> - used to store Matrix room state (more specifically, <code>state_groups</code>,
+their relationships and contents).</li>
+<li><code>main</code> - stores everything else.</li>
+</ul>
+<p>Additionally, the <code>common</code> directory contains schema files for tables which must be
+present on <em>all</em> physical databases.</p>
+<h2 id="synapse-schema-versions"><a class="header" href="#synapse-schema-versions">Synapse schema versions</a></h2>
+<p>Synapse manages its database schema via &quot;schema versions&quot;. These are mainly used to
+help avoid confusion if the Synapse codebase is rolled back after the database is
+updated. They work as follows:</p>
+<ul>
+<li>
+<p>The Synapse codebase defines a constant <code>synapse.storage.schema.SCHEMA_VERSION</code>
+which represents the expectations made about the database by that version. For
+example, as of Synapse v1.36, this is <code>59</code>.</p>
+</li>
+<li>
+<p>The database stores a &quot;compatibility version&quot; in
+<code>schema_compat_version.compat_version</code> which defines the <code>SCHEMA_VERSION</code> of the
+oldest version of Synapse which will work with the database. On startup, if
+<code>compat_version</code> is found to be newer than <code>SCHEMA_VERSION</code>, Synapse will refuse to
+start.</p>
+<p>Synapse automatically updates this field from
+<code>synapse.storage.schema.SCHEMA_COMPAT_VERSION</code>.</p>
+</li>
+<li>
+<p>Whenever a backwards-incompatible change is made to the database format (normally
+via a <code>delta</code> file), <code>synapse.storage.schema.SCHEMA_COMPAT_VERSION</code> is also updated
+so that administrators can not accidentally roll back to a too-old version of Synapse.</p>
+</li>
+</ul>
+<p>Generally, the goal is to maintain compatibility with at least one or two previous
+releases of Synapse, so any substantial change tends to require multiple releases and a
+bit of forward-planning to get right.</p>
+<p>As a worked example: we want to remove the <code>room_stats_historical</code> table. Here is how it
+might pan out.</p>
+<ol>
+<li>
+<p>Replace any code that <em>reads</em> from <code>room_stats_historical</code> with alternative
+implementations, but keep writing to it in case of rollback to an earlier version.
+Also, increase <code>synapse.storage.schema.SCHEMA_VERSION</code>.  In this
+instance, there is no existing code which reads from <code>room_stats_historical</code>, so
+our starting point is:</p>
+<p>v1.36.0: <code>SCHEMA_VERSION=59</code>, <code>SCHEMA_COMPAT_VERSION=59</code></p>
+</li>
+<li>
+<p>Next (say in Synapse v1.37.0): remove the code that <em>writes</em> to
+<code>room_stats_historical</code>, but don’t yet remove the table in case of rollback to
+v1.36.0. Again, we increase <code>synapse.storage.schema.SCHEMA_VERSION</code>, but
+because we have not broken compatibility with v1.36, we do not yet update
+<code>SCHEMA_COMPAT_VERSION</code>. We now have:</p>
+<p>v1.37.0: <code>SCHEMA_VERSION=60</code>, <code>SCHEMA_COMPAT_VERSION=59</code>.</p>
+</li>
+<li>
+<p>Later (say in Synapse v1.38.0): we can remove the table altogether. This will
+break compatibility with v1.36.0, so we must update <code>SCHEMA_COMPAT_VERSION</code> accordingly.
+There is no need to update <code>synapse.storage.schema.SCHEMA_VERSION</code>, since there is no
+change to the Synapse codebase here. So we end up with:</p>
+<p>v1.38.0: <code>SCHEMA_VERSION=60</code>, <code>SCHEMA_COMPAT_VERSION=60</code>.</p>
+</li>
+</ol>
+<p>If in doubt about whether to update <code>SCHEMA_VERSION</code> or not, it is generally best to
+lean towards doing so.</p>
+<h2 id="full-schema-dumps"><a class="header" href="#full-schema-dumps">Full schema dumps</a></h2>
+<p>In the <code>full_schemas</code> directories, only the most recently-numbered snapshot is used
+(<code>54</code> at the time of writing). Older snapshots (eg, <code>16</code>) are present for historical
+reference only.</p>
+<h3 id="building-full-schema-dumps"><a class="header" href="#building-full-schema-dumps">Building full schema dumps</a></h3>
+<p>If you want to recreate these schemas, they need to be made from a database that
+has had all background updates run.</p>
+<p>To do so, use <code>scripts-dev/make_full_schema.sh</code>. This will produce new
+<code>full.sql.postgres</code> and <code>full.sql.sqlite</code> files.</p>
+<p>Ensure postgres is installed, then run:</p>
+<pre><code>./scripts-dev/make_full_schema.sh -p postgres_username -o output_dir/
+</code></pre>
+<p>NB at the time of writing, this script predates the split into separate <code>state</code>/<code>main</code>
+databases so will require updates to handle that correctly.</p>
+<h2 id="boolean-columns"><a class="header" href="#boolean-columns">Boolean columns</a></h2>
+<p>Boolean columns require special treatment, since SQLite treats booleans the
+same as integers.</p>
+<p>There are three separate aspects to this:</p>
+<ul>
+<li>
+<p>Any new boolean column must be added to the <code>BOOLEAN_COLUMNS</code> list in
+<code>scripts/synapse_port_db</code>. This tells the port script to cast the integer
+value from SQLite to a boolean before writing the value to the postgres
+database.</p>
+</li>
+<li>
+<p>Before SQLite 3.23, <code>TRUE</code> and <code>FALSE</code> were not recognised as constants by
+SQLite, and the <code>IS [NOT] TRUE</code>/<code>IS [NOT] FALSE</code> operators were not
+supported. This makes it necessary to avoid using <code>TRUE</code> and <code>FALSE</code>
+constants in SQL commands.</p>
+<p>For example, to insert a <code>TRUE</code> value into the database, write:</p>
+<pre><code class="language-python">txn.execute(&quot;INSERT INTO tbl(col) VALUES (?)&quot;, (True, ))
+</code></pre>
+</li>
+<li>
+<p>Default values for new boolean columns present a particular
+difficulty. Generally it is best to create separate schema files for
+Postgres and SQLite. For example:</p>
+<pre><code class="language-sql"># in 00delta.sql.postgres:
+ALTER TABLE tbl ADD COLUMN col BOOLEAN DEFAULT FALSE;
+</code></pre>
+<pre><code class="language-sql"># in 00delta.sql.sqlite:
+ALTER TABLE tbl ADD COLUMN col BOOLEAN DEFAULT 0;
+</code></pre>
+<p>Note that there is a particularly insidious failure mode here: the Postgres
+flavour will be accepted by SQLite 3.22, but will give a column whose
+default value is the <strong>string</strong> <code>&quot;FALSE&quot;</code> - which, when cast back to a boolean
+in Python, evaluates to <code>True</code>.</p>
+</li>
+</ul>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="log-contexts"><a class="header" href="#log-contexts">Log Contexts</a></h1>
+<p>To help track the processing of individual requests, synapse uses a
+'<code>log context</code>' to track which request it is handling at any given
+moment. This is done via a thread-local variable; a <code>logging.Filter</code> is
+then used to fish the information back out of the thread-local variable
+and add it to each log record.</p>
+<p>Logcontexts are also used for CPU and database accounting, so that we
+can track which requests were responsible for high CPU use or database
+activity.</p>
+<p>The <code>synapse.logging.context</code> module provides a facilities for managing
+the current log context (as well as providing the <code>LoggingContextFilter</code>
+class).</p>
+<p>Deferreds make the whole thing complicated, so this document describes
+how it all works, and how to write code which follows the rules.</p>
+<p>##Logcontexts without Deferreds</p>
+<p>In the absence of any Deferred voodoo, things are simple enough. As with
+any code of this nature, the rule is that our function should leave
+things as it found them:</p>
+<pre><code class="language-python">from synapse.logging import context         # omitted from future snippets
+
+def handle_request(request_id):
+    request_context = context.LoggingContext()
+
+    calling_context = context.set_current_context(request_context)
+    try:
+        request_context.request = request_id
+        do_request_handling()
+        logger.debug(&quot;finished&quot;)
+    finally:
+        context.set_current_context(calling_context)
+
+def do_request_handling():
+    logger.debug(&quot;phew&quot;)  # this will be logged against request_id
+</code></pre>
+<p>LoggingContext implements the context management methods, so the above
+can be written much more succinctly as:</p>
+<pre><code class="language-python">def handle_request(request_id):
+    with context.LoggingContext() as request_context:
+        request_context.request = request_id
+        do_request_handling()
+        logger.debug(&quot;finished&quot;)
+
+def do_request_handling():
+    logger.debug(&quot;phew&quot;)
+</code></pre>
+<h2 id="using-logcontexts-with-deferreds"><a class="header" href="#using-logcontexts-with-deferreds">Using logcontexts with Deferreds</a></h2>
+<p>Deferreds --- and in particular, <code>defer.inlineCallbacks</code> --- break the
+linear flow of code so that there is no longer a single entry point
+where we should set the logcontext and a single exit point where we
+should remove it.</p>
+<p>Consider the example above, where <code>do_request_handling</code> needs to do some
+blocking operation, and returns a deferred:</p>
+<pre><code class="language-python">@defer.inlineCallbacks
+def handle_request(request_id):
+    with context.LoggingContext() as request_context:
+        request_context.request = request_id
+        yield do_request_handling()
+        logger.debug(&quot;finished&quot;)
+</code></pre>
+<p>In the above flow:</p>
+<ul>
+<li>The logcontext is set</li>
+<li><code>do_request_handling</code> is called, and returns a deferred</li>
+<li><code>handle_request</code> yields the deferred</li>
+<li>The <code>inlineCallbacks</code> wrapper of <code>handle_request</code> returns a deferred</li>
+</ul>
+<p>So we have stopped processing the request (and will probably go on to
+start processing the next), without clearing the logcontext.</p>
+<p>To circumvent this problem, synapse code assumes that, wherever you have
+a deferred, you will want to yield on it. To that end, whereever
+functions return a deferred, we adopt the following conventions:</p>
+<p><strong>Rules for functions returning deferreds:</strong></p>
+<blockquote>
+<ul>
+<li>If the deferred is already complete, the function returns with the
+same logcontext it started with.</li>
+<li>If the deferred is incomplete, the function clears the logcontext
+before returning; when the deferred completes, it restores the
+logcontext before running any callbacks.</li>
+</ul>
+</blockquote>
+<p>That sounds complicated, but actually it means a lot of code (including
+the example above) &quot;just works&quot;. There are two cases:</p>
+<ul>
+<li>
+<p>If <code>do_request_handling</code> returns a completed deferred, then the
+logcontext will still be in place. In this case, execution will
+continue immediately after the <code>yield</code>; the &quot;finished&quot; line will
+be logged against the right context, and the <code>with</code> block restores
+the original context before we return to the caller.</p>
+</li>
+<li>
+<p>If the returned deferred is incomplete, <code>do_request_handling</code> clears
+the logcontext before returning. The logcontext is therefore clear
+when <code>handle_request</code> yields the deferred. At that point, the
+<code>inlineCallbacks</code> wrapper adds a callback to the deferred, and
+returns another (incomplete) deferred to the caller, and it is safe
+to begin processing the next request.</p>
+<p>Once <code>do_request_handling</code>'s deferred completes, it will reinstate
+the logcontext, before running the callback added by the
+<code>inlineCallbacks</code> wrapper. That callback runs the second half of
+<code>handle_request</code>, so again the &quot;finished&quot; line will be logged
+against the right context, and the <code>with</code> block restores the
+original context.</p>
+</li>
+</ul>
+<p>As an aside, it's worth noting that <code>handle_request</code> follows our rules
+-though that only matters if the caller has its own logcontext which it
+cares about.</p>
+<p>The following sections describe pitfalls and helpful patterns when
+implementing these rules.</p>
+<h2 id="always-yield-your-deferreds"><a class="header" href="#always-yield-your-deferreds">Always yield your deferreds</a></h2>
+<p>Whenever you get a deferred back from a function, you should <code>yield</code> on
+it as soon as possible. (Returning it directly to your caller is ok too,
+if you're not doing <code>inlineCallbacks</code>.) Do not pass go; do not do any
+logging; do not call any other functions.</p>
+<pre><code class="language-python">@defer.inlineCallbacks
+def fun():
+    logger.debug(&quot;starting&quot;)
+    yield do_some_stuff()       # just like this
+
+    d = more_stuff()
+    result = yield d            # also fine, of course
+
+    return result
+
+def nonInlineCallbacksFun():
+    logger.debug(&quot;just a wrapper really&quot;)
+    return do_some_stuff()      # this is ok too - the caller will yield on
+                                # it anyway.
+</code></pre>
+<p>Provided this pattern is followed all the way back up to the callchain
+to where the logcontext was set, this will make things work out ok:
+provided <code>do_some_stuff</code> and <code>more_stuff</code> follow the rules above, then
+so will <code>fun</code> (as wrapped by <code>inlineCallbacks</code>) and
+<code>nonInlineCallbacksFun</code>.</p>
+<p>It's all too easy to forget to <code>yield</code>: for instance if we forgot that
+<code>do_some_stuff</code> returned a deferred, we might plough on regardless. This
+leads to a mess; it will probably work itself out eventually, but not
+before a load of stuff has been logged against the wrong context.
+(Normally, other things will break, more obviously, if you forget to
+<code>yield</code>, so this tends not to be a major problem in practice.)</p>
+<p>Of course sometimes you need to do something a bit fancier with your
+Deferreds - not all code follows the linear A-then-B-then-C pattern.
+Notes on implementing more complex patterns are in later sections.</p>
+<h2 id="where-you-create-a-new-deferred-make-it-follow-the-rules"><a class="header" href="#where-you-create-a-new-deferred-make-it-follow-the-rules">Where you create a new Deferred, make it follow the rules</a></h2>
+<p>Most of the time, a Deferred comes from another synapse function.
+Sometimes, though, we need to make up a new Deferred, or we get a
+Deferred back from external code. We need to make it follow our rules.</p>
+<p>The easy way to do it is with a combination of <code>defer.inlineCallbacks</code>,
+and <code>context.PreserveLoggingContext</code>. Suppose we want to implement
+<code>sleep</code>, which returns a deferred which will run its callbacks after a
+given number of seconds. That might look like:</p>
+<pre><code class="language-python"># not a logcontext-rules-compliant function
+def get_sleep_deferred(seconds):
+    d = defer.Deferred()
+    reactor.callLater(seconds, d.callback, None)
+    return d
+</code></pre>
+<p>That doesn't follow the rules, but we can fix it by wrapping it with
+<code>PreserveLoggingContext</code> and <code>yield</code> ing on it:</p>
+<pre><code class="language-python">@defer.inlineCallbacks
+def sleep(seconds):
+    with PreserveLoggingContext():
+        yield get_sleep_deferred(seconds)
+</code></pre>
+<p>This technique works equally for external functions which return
+deferreds, or deferreds we have made ourselves.</p>
+<p>You can also use <code>context.make_deferred_yieldable</code>, which just does the
+boilerplate for you, so the above could be written:</p>
+<pre><code class="language-python">def sleep(seconds):
+    return context.make_deferred_yieldable(get_sleep_deferred(seconds))
+</code></pre>
+<h2 id="fire-and-forget"><a class="header" href="#fire-and-forget">Fire-and-forget</a></h2>
+<p>Sometimes you want to fire off a chain of execution, but not wait for
+its result. That might look a bit like this:</p>
+<pre><code class="language-python">@defer.inlineCallbacks
+def do_request_handling():
+    yield foreground_operation()
+
+    # *don't* do this
+    background_operation()
+
+    logger.debug(&quot;Request handling complete&quot;)
+
+@defer.inlineCallbacks
+def background_operation():
+    yield first_background_step()
+    logger.debug(&quot;Completed first step&quot;)
+    yield second_background_step()
+    logger.debug(&quot;Completed second step&quot;)
+</code></pre>
+<p>The above code does a couple of steps in the background after
+<code>do_request_handling</code> has finished. The log lines are still logged
+against the <code>request_context</code> logcontext, which may or may not be
+desirable. There are two big problems with the above, however. The first
+problem is that, if <code>background_operation</code> returns an incomplete
+Deferred, it will expect its caller to <code>yield</code> immediately, so will have
+cleared the logcontext. In this example, that means that 'Request
+handling complete' will be logged without any context.</p>
+<p>The second problem, which is potentially even worse, is that when the
+Deferred returned by <code>background_operation</code> completes, it will restore
+the original logcontext. There is nothing waiting on that Deferred, so
+the logcontext will leak into the reactor and possibly get attached to
+some arbitrary future operation.</p>
+<p>There are two potential solutions to this.</p>
+<p>One option is to surround the call to <code>background_operation</code> with a
+<code>PreserveLoggingContext</code> call. That will reset the logcontext before
+starting <code>background_operation</code> (so the context restored when the
+deferred completes will be the empty logcontext), and will restore the
+current logcontext before continuing the foreground process:</p>
+<pre><code class="language-python">@defer.inlineCallbacks
+def do_request_handling():
+    yield foreground_operation()
+
+    # start background_operation off in the empty logcontext, to
+    # avoid leaking the current context into the reactor.
+    with PreserveLoggingContext():
+        background_operation()
+
+    # this will now be logged against the request context
+    logger.debug(&quot;Request handling complete&quot;)
+</code></pre>
+<p>Obviously that option means that the operations done in
+<code>background_operation</code> would be not be logged against a logcontext
+(though that might be fixed by setting a different logcontext via a
+<code>with LoggingContext(...)</code> in <code>background_operation</code>).</p>
+<p>The second option is to use <code>context.run_in_background</code>, which wraps a
+function so that it doesn't reset the logcontext even when it returns
+an incomplete deferred, and adds a callback to the returned deferred to
+reset the logcontext. In other words, it turns a function that follows
+the Synapse rules about logcontexts and Deferreds into one which behaves
+more like an external function --- the opposite operation to that
+described in the previous section. It can be used like this:</p>
+<pre><code class="language-python">@defer.inlineCallbacks
+def do_request_handling():
+    yield foreground_operation()
+
+    context.run_in_background(background_operation)
+
+    # this will now be logged against the request context
+    logger.debug(&quot;Request handling complete&quot;)
+</code></pre>
+<h2 id="passing-synapse-deferreds-into-third-party-functions"><a class="header" href="#passing-synapse-deferreds-into-third-party-functions">Passing synapse deferreds into third-party functions</a></h2>
+<p>A typical example of this is where we want to collect together two or
+more deferred via <code>defer.gatherResults</code>:</p>
+<pre><code class="language-python">d1 = operation1()
+d2 = operation2()
+d3 = defer.gatherResults([d1, d2])
+</code></pre>
+<p>This is really a variation of the fire-and-forget problem above, in that
+we are firing off <code>d1</code> and <code>d2</code> without yielding on them. The difference
+is that we now have third-party code attached to their callbacks. Anyway
+either technique given in the <a href="log_contexts.html#fire-and-forget">Fire-and-forget</a>
+section will work.</p>
+<p>Of course, the new Deferred returned by <code>gatherResults</code> needs to be
+wrapped in order to make it follow the logcontext rules before we can
+yield it, as described in <a href="log_contexts.html#where-you-create-a-new-deferred-make-it-follow-the-rules">Where you create a new Deferred, make it
+follow the
+rules</a>.</p>
+<p>So, option one: reset the logcontext before starting the operations to
+be gathered:</p>
+<pre><code class="language-python">@defer.inlineCallbacks
+def do_request_handling():
+    with PreserveLoggingContext():
+        d1 = operation1()
+        d2 = operation2()
+        result = yield defer.gatherResults([d1, d2])
+</code></pre>
+<p>In this case particularly, though, option two, of using
+<code>context.preserve_fn</code> almost certainly makes more sense, so that
+<code>operation1</code> and <code>operation2</code> are both logged against the original
+logcontext. This looks like:</p>
+<pre><code class="language-python">@defer.inlineCallbacks
+def do_request_handling():
+    d1 = context.preserve_fn(operation1)()
+    d2 = context.preserve_fn(operation2)()
+
+    with PreserveLoggingContext():
+        result = yield defer.gatherResults([d1, d2])
+</code></pre>
+<h2 id="was-all-this-really-necessary"><a class="header" href="#was-all-this-really-necessary">Was all this really necessary?</a></h2>
+<p>The conventions used work fine for a linear flow where everything
+happens in series via <code>defer.inlineCallbacks</code> and <code>yield</code>, but are
+certainly tricky to follow for any more exotic flows. It's hard not to
+wonder if we could have done something else.</p>
+<p>We're not going to rewrite Synapse now, so the following is entirely of
+academic interest, but I'd like to record some thoughts on an
+alternative approach.</p>
+<p>I briefly prototyped some code following an alternative set of rules. I
+think it would work, but I certainly didn't get as far as thinking how
+it would interact with concepts as complicated as the cache descriptors.</p>
+<p>My alternative rules were:</p>
+<ul>
+<li>functions always preserve the logcontext of their caller, whether or
+not they are returning a Deferred.</li>
+<li>Deferreds returned by synapse functions run their callbacks in the
+same context as the function was orignally called in.</li>
+</ul>
+<p>The main point of this scheme is that everywhere that sets the
+logcontext is responsible for clearing it before returning control to
+the reactor.</p>
+<p>So, for example, if you were the function which started a
+<code>with LoggingContext</code> block, you wouldn't <code>yield</code> within it --- instead
+you'd start off the background process, and then leave the <code>with</code> block
+to wait for it:</p>
+<pre><code class="language-python">def handle_request(request_id):
+    with context.LoggingContext() as request_context:
+        request_context.request = request_id
+        d = do_request_handling()
+
+    def cb(r):
+        logger.debug(&quot;finished&quot;)
+
+    d.addCallback(cb)
+    return d
+</code></pre>
+<p>(in general, mixing <code>with LoggingContext</code> blocks and
+<code>defer.inlineCallbacks</code> in the same function leads to slighly
+counter-intuitive code, under this scheme).</p>
+<p>Because we leave the original <code>with</code> block as soon as the Deferred is
+returned (as opposed to waiting for it to be resolved, as we do today),
+the logcontext is cleared before control passes back to the reactor; so
+if there is some code within <code>do_request_handling</code> which needs to wait
+for a Deferred to complete, there is no need for it to worry about
+clearing the logcontext before doing so:</p>
+<pre><code class="language-python">def handle_request():
+    r = do_some_stuff()
+    r.addCallback(do_some_more_stuff)
+    return r
+</code></pre>
+<p>--- and provided <code>do_some_stuff</code> follows the rules of returning a
+Deferred which runs its callbacks in the original logcontext, all is
+happy.</p>
+<p>The business of a Deferred which runs its callbacks in the original
+logcontext isn't hard to achieve --- we have it today, in the shape of
+<code>context._PreservingContextDeferred</code>:</p>
+<pre><code class="language-python">def do_some_stuff():
+    deferred = do_some_io()
+    pcd = _PreservingContextDeferred(LoggingContext.current_context())
+    deferred.chainDeferred(pcd)
+    return pcd
+</code></pre>
+<p>It turns out that, thanks to the way that Deferreds chain together, we
+automatically get the property of a context-preserving deferred with
+<code>defer.inlineCallbacks</code>, provided the final Defered the function
+<code>yields</code> on has that property. So we can just write:</p>
+<pre><code class="language-python">@defer.inlineCallbacks
+def handle_request():
+    yield do_some_stuff()
+    yield do_some_more_stuff()
+</code></pre>
+<p>To conclude: I think this scheme would have worked equally well, with
+less danger of messing it up, and probably made some more esoteric code
+easier to write. But again --- changing the conventions of the entire
+Synapse codebase is not a sensible option for the marginal improvement
+offered.</p>
+<h2 id="a-note-on-garbage-collection-of-deferred-chains"><a class="header" href="#a-note-on-garbage-collection-of-deferred-chains">A note on garbage-collection of Deferred chains</a></h2>
+<p>It turns out that our logcontext rules do not play nicely with Deferred
+chains which get orphaned and garbage-collected.</p>
+<p>Imagine we have some code that looks like this:</p>
+<pre><code class="language-python">listener_queue = []
+
+def on_something_interesting():
+    for d in listener_queue:
+        d.callback(&quot;foo&quot;)
+
+@defer.inlineCallbacks
+def await_something_interesting():
+    new_deferred = defer.Deferred()
+    listener_queue.append(new_deferred)
+
+    with PreserveLoggingContext():
+        yield new_deferred
+</code></pre>
+<p>Obviously, the idea here is that we have a bunch of things which are
+waiting for an event. (It's just an example of the problem here, but a
+relatively common one.)</p>
+<p>Now let's imagine two further things happen. First of all, whatever was
+waiting for the interesting thing goes away. (Perhaps the request times
+out, or something <em>even more</em> interesting happens.)</p>
+<p>Secondly, let's suppose that we decide that the interesting thing is
+never going to happen, and we reset the listener queue:</p>
+<pre><code class="language-python">def reset_listener_queue():
+    listener_queue.clear()
+</code></pre>
+<p>So, both ends of the deferred chain have now dropped their references,
+and the deferred chain is now orphaned, and will be garbage-collected at
+some point. Note that <code>await_something_interesting</code> is a generator
+function, and when Python garbage-collects generator functions, it gives
+them a chance to clean up by making the <code>yield</code> raise a <code>GeneratorExit</code>
+exception. In our case, that means that the <code>__exit__</code> handler of
+<code>PreserveLoggingContext</code> will carefully restore the request context, but
+there is now nothing waiting for its return, so the request context is
+never cleared.</p>
+<p>To reiterate, this problem only arises when <em>both</em> ends of a deferred
+chain are dropped. Dropping the the reference to a deferred you're
+supposed to be calling is probably bad practice, so this doesn't
+actually happen too much. Unfortunately, when it does happen, it will
+lead to leaked logcontexts which are incredibly hard to track down.</p>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="replication-architecture"><a class="header" href="#replication-architecture">Replication Architecture</a></h1>
+<h2 id="motivation"><a class="header" href="#motivation">Motivation</a></h2>
+<p>We'd like to be able to split some of the work that synapse does into
+multiple python processes. In theory multiple synapse processes could
+share a single postgresql database and we'd scale up by running more
+synapse processes. However much of synapse assumes that only one process
+is interacting with the database, both for assigning unique identifiers
+when inserting into tables, notifying components about new updates, and
+for invalidating its caches.</p>
+<p>So running multiple copies of the current code isn't an option. One way
+to run multiple processes would be to have a single writer process and
+multiple reader processes connected to the same database. In order to do
+this we'd need a way for the reader process to invalidate its in-memory
+caches when an update happens on the writer. One way to do this is for
+the writer to present an append-only log of updates which the readers
+can consume to invalidate their caches and to push updates to listening
+clients or pushers.</p>
+<p>Synapse already stores much of its data as an append-only log so that it
+can correctly respond to <code>/sync</code> requests so the amount of code changes
+needed to expose the append-only log to the readers should be fairly
+minimal.</p>
+<h2 id="architecture"><a class="header" href="#architecture">Architecture</a></h2>
+<h3 id="the-replication-protocol"><a class="header" href="#the-replication-protocol">The Replication Protocol</a></h3>
+<p>See <a href="tcp_replication.html">tcp_replication.md</a></p>
+<h3 id="the-slaved-datastore"><a class="header" href="#the-slaved-datastore">The Slaved DataStore</a></h3>
+<p>There are read-only version of the synapse storage layer in
+<code>synapse/replication/slave/storage</code> that use the response of the
+replication API to invalidate their caches.</p>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="tcp-replication"><a class="header" href="#tcp-replication">TCP Replication</a></h1>
+<h2 id="motivation-1"><a class="header" href="#motivation-1">Motivation</a></h2>
+<p>Previously the workers used an HTTP long poll mechanism to get updates
+from the master, which had the problem of causing a lot of duplicate
+work on the server. This TCP protocol replaces those APIs with the aim
+of increased efficiency.</p>
+<h2 id="overview-3"><a class="header" href="#overview-3">Overview</a></h2>
+<p>The protocol is based on fire and forget, line based commands. An
+example flow would be (where '&gt;' indicates master to worker and
+'&lt;' worker to master flows):</p>
+<pre><code>&gt; SERVER example.com
+&lt; REPLICATE
+&gt; POSITION events master 53 53
+&gt; RDATA events master 54 [&quot;$foo1:bar.com&quot;, ...]
+&gt; RDATA events master 55 [&quot;$foo4:bar.com&quot;, ...]
+</code></pre>
+<p>The example shows the server accepting a new connection and sending its identity
+with the <code>SERVER</code> command, followed by the client server to respond with the
+position of all streams. The server then periodically sends <code>RDATA</code> commands
+which have the format <code>RDATA &lt;stream_name&gt; &lt;instance_name&gt; &lt;token&gt; &lt;row&gt;</code>, where
+the format of <code>&lt;row&gt;</code> is defined by the individual streams. The
+<code>&lt;instance_name&gt;</code> is the name of the Synapse process that generated the data
+(usually &quot;master&quot;).</p>
+<p>Error reporting happens by either the client or server sending an ERROR
+command, and usually the connection will be closed.</p>
+<p>Since the protocol is a simple line based, its possible to manually
+connect to the server using a tool like netcat. A few things should be
+noted when manually using the protocol:</p>
+<ul>
+<li>The federation stream is only available if federation sending has
+been disabled on the main process.</li>
+<li>The server will only time connections out that have sent a <code>PING</code>
+command. If a ping is sent then the connection will be closed if no
+further commands are receieved within 15s. Both the client and
+server protocol implementations will send an initial PING on
+connection and ensure at least one command every 5s is sent (not
+necessarily <code>PING</code>).</li>
+<li><code>RDATA</code> commands <em>usually</em> include a numeric token, however if the
+stream has multiple rows to replicate per token the server will send
+multiple <code>RDATA</code> commands, with all but the last having a token of
+<code>batch</code>. See the documentation on <code>commands.RdataCommand</code> for
+further details.</li>
+</ul>
+<h2 id="architecture-1"><a class="header" href="#architecture-1">Architecture</a></h2>
+<p>The basic structure of the protocol is line based, where the initial
+word of each line specifies the command. The rest of the line is parsed
+based on the command. For example, the RDATA command is defined as:</p>
+<pre><code>RDATA &lt;stream_name&gt; &lt;instance_name&gt; &lt;token&gt; &lt;row_json&gt;
+</code></pre>
+<p>(Note that &lt;row_json&gt; may contains spaces, but cannot contain
+newlines.)</p>
+<p>Blank lines are ignored.</p>
+<h3 id="keep-alives"><a class="header" href="#keep-alives">Keep alives</a></h3>
+<p>Both sides are expected to send at least one command every 5s or so, and
+should send a <code>PING</code> command if necessary. If either side do not receive
+a command within e.g. 15s then the connection should be closed.</p>
+<p>Because the server may be connected to manually using e.g. netcat, the
+timeouts aren't enabled until an initial <code>PING</code> command is seen. Both
+the client and server implementations below send a <code>PING</code> command
+immediately on connection to ensure the timeouts are enabled.</p>
+<p>This ensures that both sides can quickly realize if the tcp connection
+has gone and handle the situation appropriately.</p>
+<h3 id="start-up"><a class="header" href="#start-up">Start up</a></h3>
+<p>When a new connection is made, the server:</p>
+<ul>
+<li>Sends a <code>SERVER</code> command, which includes the identity of the server,
+allowing the client to detect if its connected to the expected
+server</li>
+<li>Sends a <code>PING</code> command as above, to enable the client to time out
+connections promptly.</li>
+</ul>
+<p>The client:</p>
+<ul>
+<li>Sends a <code>NAME</code> command, allowing the server to associate a human
+friendly name with the connection. This is optional.</li>
+<li>Sends a <code>PING</code> as above</li>
+<li>Sends a <code>REPLICATE</code> to get the current position of all streams.</li>
+<li>On receipt of a <code>SERVER</code> command, checks that the server name
+matches the expected server name.</li>
+</ul>
+<h3 id="error-handling"><a class="header" href="#error-handling">Error handling</a></h3>
+<p>If either side detects an error it can send an <code>ERROR</code> command and close
+the connection.</p>
+<p>If the client side loses the connection to the server it should
+reconnect, following the steps above.</p>
+<h3 id="congestion"><a class="header" href="#congestion">Congestion</a></h3>
+<p>If the server sends messages faster than the client can consume them the
+server will first buffer a (fairly large) number of commands and then
+disconnect the client. This ensures that we don't queue up an unbounded
+number of commands in memory and gives us a potential oppurtunity to
+squawk loudly. When/if the client recovers it can reconnect to the
+server and ask for missed messages.</p>
+<h3 id="reliability"><a class="header" href="#reliability">Reliability</a></h3>
+<p>In general the replication stream should be considered an unreliable
+transport since e.g. commands are not resent if the connection
+disappears.</p>
+<p>The exception to that are the replication streams, i.e. RDATA commands,
+since these include tokens which can be used to restart the stream on
+connection errors.</p>
+<p>The client should keep track of the token in the last RDATA command
+received for each stream so that on reconneciton it can start streaming
+from the correct place. Note: not all RDATA have valid tokens due to
+batching. See <code>RdataCommand</code> for more details.</p>
+<h3 id="example-5"><a class="header" href="#example-5">Example</a></h3>
+<p>An example iteraction is shown below. Each line is prefixed with '&gt;'
+or '&lt;' to indicate which side is sending, these are <em>not</em> included on
+the wire:</p>
+<pre><code>* connection established *
+&gt; SERVER localhost:8823
+&gt; PING 1490197665618
+&lt; NAME synapse.app.appservice
+&lt; PING 1490197665618
+&lt; REPLICATE
+&gt; POSITION events master 1 1
+&gt; POSITION backfill master 1 1
+&gt; POSITION caches master 1 1
+&gt; RDATA caches master 2 [&quot;get_user_by_id&quot;,[&quot;@01register-user:localhost:8823&quot;],1490197670513]
+&gt; RDATA events master 14 [&quot;$149019767112vOHxz:localhost:8823&quot;,
+    &quot;!AFDCvgApUmpdfVjIXm:localhost:8823&quot;,&quot;m.room.guest_access&quot;,&quot;&quot;,null]
+&lt; PING 1490197675618
+&gt; ERROR server stopping
+* connection closed by server *
+</code></pre>
+<p>The <code>POSITION</code> command sent by the server is used to set the clients
+position without needing to send data with the <code>RDATA</code> command.</p>
+<p>An example of a batched set of <code>RDATA</code> is:</p>
+<pre><code>&gt; RDATA caches master batch [&quot;get_user_by_id&quot;,[&quot;@test:localhost:8823&quot;],1490197670513]
+&gt; RDATA caches master batch [&quot;get_user_by_id&quot;,[&quot;@test2:localhost:8823&quot;],1490197670513]
+&gt; RDATA caches master batch [&quot;get_user_by_id&quot;,[&quot;@test3:localhost:8823&quot;],1490197670513]
+&gt; RDATA caches master 54 [&quot;get_user_by_id&quot;,[&quot;@test4:localhost:8823&quot;],1490197670513]
+</code></pre>
+<p>In this case the client shouldn't advance their caches token until it
+sees the the last <code>RDATA</code>.</p>
+<h3 id="list-of-commands"><a class="header" href="#list-of-commands">List of commands</a></h3>
+<p>The list of valid commands, with which side can send it: server (S) or
+client (C):</p>
+<h4 id="server-s"><a class="header" href="#server-s">SERVER (S)</a></h4>
+<p>Sent at the start to identify which server the client is talking to</p>
+<h4 id="rdata-s"><a class="header" href="#rdata-s">RDATA (S)</a></h4>
+<p>A single update in a stream</p>
+<h4 id="position-s"><a class="header" href="#position-s">POSITION (S)</a></h4>
+<p>On receipt of a POSITION command clients should check if they have missed any
+updates, and if so then fetch them out of band. Sent in response to a
+REPLICATE command (but can happen at any time).</p>
+<p>The POSITION command includes the source of the stream. Currently all streams
+are written by a single process (usually &quot;master&quot;). If fetching missing
+updates via HTTP API, rather than via the DB, then processes should make the
+request to the appropriate process.</p>
+<p>Two positions are included, the &quot;new&quot; position and the last position sent respectively.
+This allows servers to tell instances that the positions have advanced but no
+data has been written, without clients needlessly checking to see if they
+have missed any updates.</p>
+<h4 id="error-s-c"><a class="header" href="#error-s-c">ERROR (S, C)</a></h4>
+<p>There was an error</p>
+<h4 id="ping-s-c"><a class="header" href="#ping-s-c">PING (S, C)</a></h4>
+<p>Sent periodically to ensure the connection is still alive</p>
+<h4 id="name-c"><a class="header" href="#name-c">NAME (C)</a></h4>
+<p>Sent at the start by client to inform the server who they are</p>
+<h4 id="replicate-c"><a class="header" href="#replicate-c">REPLICATE (C)</a></h4>
+<p>Asks the server for the current position of all streams.</p>
+<h4 id="user_sync-c"><a class="header" href="#user_sync-c">USER_SYNC (C)</a></h4>
+<p>A user has started or stopped syncing on this process.</p>
+<h4 id="clear_user_sync-c"><a class="header" href="#clear_user_sync-c">CLEAR_USER_SYNC (C)</a></h4>
+<p>The server should clear all associated user sync data from the worker.</p>
+<p>This is used when a worker is shutting down.</p>
+<h4 id="federation_ack-c"><a class="header" href="#federation_ack-c">FEDERATION_ACK (C)</a></h4>
+<p>Acknowledge receipt of some federation data</p>
+<h3 id="remote_server_up-s-c"><a class="header" href="#remote_server_up-s-c">REMOTE_SERVER_UP (S, C)</a></h3>
+<p>Inform other processes that a remote server may have come back online.</p>
+<p>See <code>synapse/replication/tcp/commands.py</code> for a detailed description and
+the format of each command.</p>
+<h3 id="cache-invalidation-stream"><a class="header" href="#cache-invalidation-stream">Cache Invalidation Stream</a></h3>
+<p>The cache invalidation stream is used to inform workers when they need
+to invalidate any of their caches in the data store. This is done by
+streaming all cache invalidations done on master down to the workers,
+assuming that any caches on the workers also exist on the master.</p>
+<p>Each individual cache invalidation results in a row being sent down
+replication, which includes the cache name (the name of the function)
+and they key to invalidate. For example:</p>
+<pre><code>&gt; RDATA caches master 550953771 [&quot;get_user_by_id&quot;, [&quot;@bob:example.com&quot;], 1550574873251]
+</code></pre>
+<p>Alternatively, an entire cache can be invalidated by sending down a <code>null</code>
+instead of the key. For example:</p>
+<pre><code>&gt; RDATA caches master 550953772 [&quot;get_user_by_id&quot;, null, 1550574873252]
+</code></pre>
+<p>However, there are times when a number of caches need to be invalidated
+at the same time with the same key. To reduce traffic we batch those
+invalidations into a single poke by defining a special cache name that
+workers understand to mean to expand to invalidate the correct caches.</p>
+<p>Currently the special cache names are declared in
+<code>synapse/storage/_base.py</code> and are:</p>
+<ol>
+<li><code>cs_cache_fake</code> ─ invalidates caches that depend on the current
+state</li>
+</ol>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="internal-documentation"><a class="header" href="#internal-documentation">Internal Documentation</a></h1>
+<p>This section covers implementation documentation for various parts of Synapse.</p>
+<p>If a developer is planning to make a change to a feature of Synapse, it can be useful for
+general documentation of how that feature is implemented to be available. This saves the
+developer time in place of needing to understand how the feature works by reading the
+code.</p>
+<p>Documentation that would be more useful for the perspective of a system administrator,
+rather than a developer who's intending to change to code, should instead be placed
+under the Usage section of the documentation.</p>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="how-to-test-saml-as-a-developer-without-a-server"><a class="header" href="#how-to-test-saml-as-a-developer-without-a-server">How to test SAML as a developer without a server</a></h1>
+<p>https://capriza.github.io/samling/samling.html (https://github.com/capriza/samling) is a great
+resource for being able to tinker with the SAML options within Synapse without needing to
+deploy and configure a complicated software stack.</p>
+<p>To make Synapse (and therefore Riot) use it:</p>
+<ol>
+<li>Use the samling.html URL above or deploy your own and visit the IdP Metadata tab.</li>
+<li>Copy the XML to your clipboard.</li>
+<li>On your Synapse server, create a new file <code>samling.xml</code> next to your <code>homeserver.yaml</code> with
+the XML from step 2 as the contents.</li>
+<li>Edit your <code>homeserver.yaml</code> to include:
+<pre><code class="language-yaml">saml2_config:
+  sp_config:
+    allow_unknown_attributes: true  # Works around a bug with AVA Hashes: https://github.com/IdentityPython/pysaml2/issues/388
+    metadata:
+      local: [&quot;samling.xml&quot;]   
+</code></pre>
+</li>
+<li>Ensure that your <code>homeserver.yaml</code> has a setting for <code>public_baseurl</code>:
+<pre><code class="language-yaml">public_baseurl: http://localhost:8080/
+</code></pre>
+</li>
+<li>Run <code>apt-get install xmlsec1</code> and <code>pip install --upgrade --force 'pysaml2&gt;=4.5.0'</code> to ensure
+the dependencies are installed and ready to go.</li>
+<li>Restart Synapse.</li>
+</ol>
+<p>Then in Riot:</p>
+<ol>
+<li>Visit the login page with a Riot pointing at your homeserver.</li>
+<li>Click the Single Sign-On button.</li>
+<li>On the samling page, enter a Name Identifier and add a SAML Attribute for <code>uid=your_localpart</code>.
+The response must also be signed.</li>
+<li>Click &quot;Next&quot;.</li>
+<li>Click &quot;Post Response&quot; (change nothing).</li>
+<li>You should be logged in.</li>
+</ol>
+<p>If you try and repeat this process, you may be automatically logged in using the information you
+gave previously. To fix this, open your developer console (<code>F12</code> or <code>Ctrl+Shift+I</code>) while on the
+samling page and clear the site data. In Chrome, this will be a button on the Application tab.</p>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="how-to-test-cas-as-a-developer-without-a-server"><a class="header" href="#how-to-test-cas-as-a-developer-without-a-server">How to test CAS as a developer without a server</a></h1>
+<p>The <a href="https://github.com/jbittel/django-mama-cas">django-mama-cas</a> project is an
+easy to run CAS implementation built on top of Django.</p>
+<h2 id="prerequisites"><a class="header" href="#prerequisites">Prerequisites</a></h2>
+<ol>
+<li>Create a new virtualenv: <code>python3 -m venv &lt;your virtualenv&gt;</code></li>
+<li>Activate your virtualenv: <code>source /path/to/your/virtualenv/bin/activate</code></li>
+<li>Install Django and django-mama-cas:
+<pre><code>python -m pip install &quot;django&lt;3&quot; &quot;django-mama-cas==2.4.0&quot;
+</code></pre>
+</li>
+<li>Create a Django project in the current directory:
+<pre><code>django-admin startproject cas_test .
+</code></pre>
+</li>
+<li>Follow the <a href="https://django-mama-cas.readthedocs.io/en/latest/installation.html#configuring">install directions</a> for django-mama-cas</li>
+<li>Setup the SQLite database: <code>python manage.py migrate</code></li>
+<li>Create a user:
+<pre><code>python manage.py createsuperuser
+</code></pre>
+<ol>
+<li>Use whatever you want as the username and password.</li>
+<li>Leave the other fields blank.</li>
+</ol>
+</li>
+<li>Use the built-in Django test server to serve the CAS endpoints on port 8000:
+<pre><code>python manage.py runserver
+</code></pre>
+</li>
+</ol>
+<p>You should now have a Django project configured to serve CAS authentication with
+a single user created.</p>
+<h2 id="configure-synapse-and-element-to-use-cas"><a class="header" href="#configure-synapse-and-element-to-use-cas">Configure Synapse (and Element) to use CAS</a></h2>
+<ol>
+<li>Modify your <code>homeserver.yaml</code> to enable CAS and point it to your locally
+running Django test server:
+<pre><code class="language-yaml">cas_config:
+  enabled: true
+  server_url: &quot;http://localhost:8000&quot;
+  service_url: &quot;http://localhost:8081&quot;
+  #displayname_attribute: name
+  #required_attributes:
+  #    name: value
+</code></pre>
+</li>
+<li>Restart Synapse.</li>
+</ol>
+<p>Note that the above configuration assumes the homeserver is running on port 8081
+and that the CAS server is on port 8000, both on localhost.</p>
+<h2 id="testing-the-configuration"><a class="header" href="#testing-the-configuration">Testing the configuration</a></h2>
+<p>Then in Element:</p>
+<ol>
+<li>Visit the login page with a Element pointing at your homeserver.</li>
+<li>Click the Single Sign-On button.</li>
+<li>Login using the credentials created with <code>createsuperuser</code>.</li>
+<li>You should be logged in.</li>
+</ol>
+<p>If you want to repeat this process you'll need to manually logout first:</p>
+<ol>
+<li>http://localhost:8000/admin/</li>
+<li>Click &quot;logout&quot; in the top right.</li>
+</ol>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="auth-chain-difference-algorithm"><a class="header" href="#auth-chain-difference-algorithm">Auth Chain Difference Algorithm</a></h1>
+<p>The auth chain difference algorithm is used by V2 state resolution, where a
+naive implementation can be a significant source of CPU and DB usage.</p>
+<h3 id="definitions"><a class="header" href="#definitions">Definitions</a></h3>
+<p>A <em>state set</em> is a set of state events; e.g. the input of a state resolution
+algorithm is a collection of state sets.</p>
+<p>The <em>auth chain</em> of a set of events are all the events' auth events and <em>their</em>
+auth events, recursively (i.e. the events reachable by walking the graph induced
+by an event's auth events links).</p>
+<p>The <em>auth chain difference</em> of a collection of state sets is the union minus the
+intersection of the sets of auth chains corresponding to the state sets, i.e an
+event is in the auth chain difference if it is reachable by walking the auth
+event graph from at least one of the state sets but not from <em>all</em> of the state
+sets.</p>
+<h2 id="breadth-first-walk-algorithm"><a class="header" href="#breadth-first-walk-algorithm">Breadth First Walk Algorithm</a></h2>
+<p>A way of calculating the auth chain difference without calculating the full auth
+chains for each state set is to do a parallel breadth first walk (ordered by
+depth) of each state set's auth chain. By tracking which events are reachable
+from each state set we can finish early if every pending event is reachable from
+every state set.</p>
+<p>This can work well for state sets that have a small auth chain difference, but
+can be very inefficient for larger differences. However, this algorithm is still
+used if we don't have a chain cover index for the room (e.g. because we're in
+the process of indexing it).</p>
+<h2 id="chain-cover-index"><a class="header" href="#chain-cover-index">Chain Cover Index</a></h2>
+<p>Synapse computes auth chain differences by pre-computing a &quot;chain cover&quot; index
+for the auth chain in a room, allowing efficient reachability queries like &quot;is
+event A in the auth chain of event B&quot;. This is done by assigning every event a
+<em>chain ID</em> and <em>sequence number</em> (e.g. <code>(5,3)</code>), and having a map of <em>links</em>
+between chains (e.g. <code>(5,3) -&gt; (2,4)</code>) such that A is reachable by B (i.e. <code>A</code>
+is in the auth chain of <code>B</code>) if and only if either:</p>
+<ol>
+<li>A and B have the same chain ID and <code>A</code>'s sequence number is less than <code>B</code>'s
+sequence number; or</li>
+<li>there is a link <code>L</code> between <code>B</code>'s chain ID and <code>A</code>'s chain ID such that
+<code>L.start_seq_no</code> &lt;= <code>B.seq_no</code> and <code>A.seq_no</code> &lt;= <code>L.end_seq_no</code>.</li>
+</ol>
+<p>There are actually two potential implementations, one where we store links from
+each chain to every other reachable chain (the transitive closure of the links
+graph), and one where we remove redundant links (the transitive reduction of the
+links graph) e.g. if we have chains <code>C3 -&gt; C2 -&gt; C1</code> then the link <code>C3 -&gt; C1</code>
+would not be stored. Synapse uses the former implementations so that it doesn't
+need to recurse to test reachability between chains.</p>
+<h3 id="example-6"><a class="header" href="#example-6">Example</a></h3>
+<p>An example auth graph would look like the following, where chains have been
+formed based on type/state_key and are denoted by colour and are labelled with
+<code>(chain ID, sequence number)</code>. Links are denoted by the arrows (links in grey
+are those that would be remove in the second implementation described above).</p>
+<p><img src="auth_chain_diff.dot.png" alt="Example" /></p>
+<p>Note that we don't include all links between events and their auth events, as
+most of those links would be redundant. For example, all events point to the
+create event, but each chain only needs the one link from it's base to the
+create event.</p>
+<h2 id="using-the-index"><a class="header" href="#using-the-index">Using the Index</a></h2>
+<p>This index can be used to calculate the auth chain difference of the state sets
+by looking at the chain ID and sequence numbers reachable from each state set:</p>
+<ol>
+<li>For every state set lookup the chain ID/sequence numbers of each state event</li>
+<li>Use the index to find all chains and the maximum sequence number reachable
+from each state set.</li>
+<li>The auth chain difference is then all events in each chain that have sequence
+numbers between the maximum sequence number reachable from <em>any</em> state set and
+the minimum reachable by <em>all</em> state sets (if any).</li>
+</ol>
+<p>Note that steps 2 is effectively calculating the auth chain for each state set
+(in terms of chain IDs and sequence numbers), and step 3 is calculating the
+difference between the union and intersection of the auth chains.</p>
+<h3 id="worked-example"><a class="header" href="#worked-example">Worked Example</a></h3>
+<p>For example, given the above graph, we can calculate the difference between
+state sets consisting of:</p>
+<ol>
+<li><code>S1</code>: Alice's invite <code>(4,1)</code> and Bob's second join <code>(2,2)</code>; and</li>
+<li><code>S2</code>: Alice's second join <code>(4,3)</code> and Bob's first join <code>(2,1)</code>.</li>
+</ol>
+<p>Using the index we see that the following auth chains are reachable from each
+state set:</p>
+<ol>
+<li><code>S1</code>: <code>(1,1)</code>, <code>(2,2)</code>, <code>(3,1)</code> &amp; <code>(4,1)</code></li>
+<li><code>S2</code>: <code>(1,1)</code>, <code>(2,1)</code>, <code>(3,2)</code> &amp; <code>(4,3)</code></li>
+</ol>
+<p>And so, for each the ranges that are in the auth chain difference:</p>
+<ol>
+<li>Chain 1: None, (since everything can reach the create event).</li>
+<li>Chain 2: The range <code>(1, 2]</code> (i.e. just <code>2</code>), as <code>1</code> is reachable by all state
+sets and the maximum reachable is <code>2</code> (corresponding to Bob's second join).</li>
+<li>Chain 3: Similarly the range <code>(1, 2]</code> (corresponding to the second power
+level).</li>
+<li>Chain 4: The range <code>(1, 3]</code> (corresponding to both of Alice's joins).</li>
+</ol>
+<p>So the final result is: Bob's second join <code>(2,2)</code>, the second power level
+<code>(3,2)</code> and both of Alice's joins <code>(4,2)</code> &amp; <code>(4,3)</code>.</p>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="media-repository"><a class="header" href="#media-repository">Media Repository</a></h1>
+<p><em>Synapse implementation-specific details for the media repository</em></p>
+<p>The media repository is where attachments and avatar photos are stored.
+It stores attachment content and thumbnails for media uploaded by local users.
+It caches attachment content and thumbnails for media uploaded by remote users.</p>
+<h2 id="storage"><a class="header" href="#storage">Storage</a></h2>
+<p>Each item of media is assigned a <code>media_id</code> when it is uploaded.
+The <code>media_id</code> is a randomly chosen, URL safe 24 character string.</p>
+<p>Metadata such as the MIME type, upload time and length are stored in the
+sqlite3 database indexed by <code>media_id</code>.</p>
+<p>Content is stored on the filesystem under a <code>&quot;local_content&quot;</code> directory.</p>
+<p>Thumbnails are stored under a <code>&quot;local_thumbnails&quot;</code> directory.</p>
+<p>The item with <code>media_id</code> <code>&quot;aabbccccccccdddddddddddd&quot;</code> is stored under
+<code>&quot;local_content/aa/bb/ccccccccdddddddddddd&quot;</code>. Its thumbnail with width
+<code>128</code> and height <code>96</code> and type <code>&quot;image/jpeg&quot;</code> is stored under
+<code>&quot;local_thumbnails/aa/bb/ccccccccdddddddddddd/128-96-image-jpeg&quot;</code></p>
+<p>Remote content is cached under <code>&quot;remote_content&quot;</code> directory. Each item of
+remote content is assigned a local <code>&quot;filesystem_id&quot;</code> to ensure that the
+directory structure <code>&quot;remote_content/server_name/aa/bb/ccccccccdddddddddddd&quot;</code>
+is appropriate. Thumbnails for remote content are stored under
+<code>&quot;remote_thumbnails/server_name/...&quot;</code></p>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="room-and-user-statistics"><a class="header" href="#room-and-user-statistics">Room and User Statistics</a></h1>
+<p>Synapse maintains room and user statistics (as well as a cache of room state),
+in various tables. These can be used for administrative purposes but are also
+used when generating the public room directory.</p>
+<h1 id="synapse-developer-documentation"><a class="header" href="#synapse-developer-documentation">Synapse Developer Documentation</a></h1>
+<h2 id="high-level-concepts"><a class="header" href="#high-level-concepts">High-Level Concepts</a></h2>
+<h3 id="definitions-1"><a class="header" href="#definitions-1">Definitions</a></h3>
+<ul>
+<li><strong>subject</strong>: Something we are tracking stats about – currently a room or user.</li>
+<li><strong>current row</strong>: An entry for a subject in the appropriate current statistics
+table. Each subject can have only one.</li>
+<li><strong>historical row</strong>: An entry for a subject in the appropriate historical
+statistics table. Each subject can have any number of these.</li>
+</ul>
+<h3 id="overview-4"><a class="header" href="#overview-4">Overview</a></h3>
+<p>Stats are maintained as time series. There are two kinds of column:</p>
+<ul>
+<li>absolute columns – where the value is correct for the time given by <code>end_ts</code>
+in the stats row. (Imagine a line graph for these values)
+<ul>
+<li>They can also be thought of as 'gauges' in Prometheus, if you are familiar.</li>
+</ul>
+</li>
+<li>per-slice columns – where the value corresponds to how many of the occurrences
+occurred within the time slice given by <code>(end_ts − bucket_size)…end_ts</code>
+or <code>start_ts…end_ts</code>. (Imagine a histogram for these values)</li>
+</ul>
+<p>Stats are maintained in two tables (for each type): current and historical.</p>
+<p>Current stats correspond to the present values. Each subject can only have one
+entry.</p>
+<p>Historical stats correspond to values in the past. Subjects may have multiple
+entries.</p>
+<h2 id="concepts-around-the-management-of-stats"><a class="header" href="#concepts-around-the-management-of-stats">Concepts around the management of stats</a></h2>
+<h3 id="current-rows"><a class="header" href="#current-rows">Current rows</a></h3>
+<p>Current rows contain the most up-to-date statistics for a room.
+They only contain absolute columns</p>
+<h3 id="historical-rows"><a class="header" href="#historical-rows">Historical rows</a></h3>
+<p>Historical rows can always be considered to be valid for the time slice and
+end time specified.</p>
+<ul>
+<li>historical rows will not exist for every time slice – they will be omitted
+if there were no changes. In this case, the following assumptions can be
+made to interpolate/recreate missing rows:
+<ul>
+<li>absolute fields have the same values as in the preceding row</li>
+<li>per-slice fields are zero (<code>0</code>)</li>
+</ul>
+</li>
+<li>historical rows will not be retained forever – rows older than a configurable
+time will be purged.</li>
+</ul>
+<h4 id="purge"><a class="header" href="#purge">Purge</a></h4>
+<p>The purging of historical rows is not yet implemented.</p>
+<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="deprecation-policy-for-platform-dependencies"><a class="header" href="#deprecation-policy-for-platform-dependencies">Deprecation Policy for Platform Dependencies</a></h1>
+<p>Synapse has a number of platform dependencies, including Python and PostgreSQL.
+This document outlines the policy towards which versions we support, and when we
+drop support for versions in the future.</p>
+<h2 id="policy"><a class="header" href="#policy">Policy</a></h2>
+<p>Synapse follows the upstream support life cycles for Python and PostgreSQL,
+i.e. when a version reaches End of Life Synapse will withdraw support for that
+version in future releases.</p>
+<p>Details on the upstream support life cycles for Python and PostgreSQL are
+documented at https://endoflife.date/python and
+https://endoflife.date/postgresql.</p>
+<h2 id="context"><a class="header" href="#context">Context</a></h2>
+<p>It is important for system admins to have a clear understanding of the platform
+requirements of Synapse and its deprecation policies so that they can
+effectively plan upgrading their infrastructure ahead of time. This is
+especially important in contexts where upgrading the infrastructure requires
+auditing and approval from a security team, or where otherwise upgrading is a
+long process.</p>
+<p>By following the upstream support life cycles Synapse can ensure that its
+dependencies continue to get security patches, while not requiring system admins
+to constantly update their platform dependencies to the latest versions.</p>
+
+                    </main>
+
+                    <nav class="nav-wrapper" aria-label="Page navigation">
+                        <!-- Mobile navigation buttons -->
+                        
+
+                        
+
+                        <div style="clear: both"></div>
+                    </nav>
+                </div>
+            </div>
+
+            <nav class="nav-wide-wrapper" aria-label="Page navigation">
+                
+
+                
+            </nav>
+
+        </div>
+
+        
+
+        
+
+        
+
+        
+        <script type="text/javascript">
+            window.playground_copyable = true;
+        </script>
+        
+
+        
+
+        
+        <script src="elasticlunr.min.js" type="text/javascript" charset="utf-8"></script>
+        <script src="mark.min.js" type="text/javascript" charset="utf-8"></script>
+        <script src="searcher.js" type="text/javascript" charset="utf-8"></script>
+        
+
+        <script src="clipboard.min.js" type="text/javascript" charset="utf-8"></script>
+        <script src="highlight.js" type="text/javascript" charset="utf-8"></script>
+        <script src="book.js" type="text/javascript" charset="utf-8"></script>
+
+        <!-- Custom JS scripts -->
+        
+        <script type="text/javascript" src="docs/website_files/table-of-contents.js"></script>
+        
+
+        
+        
+        <script type="text/javascript">
+        window.addEventListener('load', function() {
+            window.setTimeout(window.print, 100);
+        });
+        </script>
+        
+        
+
+    </body>
+</html>
\ No newline at end of file