| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |\
| |
| | |
Move /account/3pid to client_reader
|
| | |
| |
| | |
Co-Authored-By: erikjohnston <erikj@jki.re>
|
| | | |
|
| | | |
|
| |\ \
| | |
| | | |
When presence is disabled don't send over replication
|
| | | | |
|
| | |/ |
|
| |\ \
| |/
|/| |
Move server key queries to federation reader
|
| | | |
|
| | | |
|
| |/ |
|
| |\
| |
| | |
Fix tightloop over connecting to replication server
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| | |
Otherwise if you have many workers they can easily take out master with
their connection attempts
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If the client failed to process incoming commands during the initial set
up of the replication connection it would immediately disconnect and
reconnect, resulting in a tightloop.
This can happen, for example, when subscribing to a stream that has a
row that is too long in the backlog.
The fix here is to not consider the connection successfully set up until
the client has succesfully subscribed and caught up with the streams.
This ensures that the retry logic timers aren't reset until then,
meaning that if an error does happen during start up the client will
continue backing off before retrying again.
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Fix check-newsfragment script
I previously broke this so that it always succeeded...
* more fixes
* fix newsfiles
|
| |/
|
|
|
| |
So that it actually works. See https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypass
Signed-off-by: Paul Tötterman <paul.totterman@iki.fi>
|
| |\
| |
| | |
Prevent showing non-fed rooms in fed /publicRooms v2
|
| | |\
| |/
|/|
| | |
anoa/public_rooms_federate_develop
|
| |\ \
| | |
| | | |
Revert "Prevent showing non-fed rooms in fed /publicRooms"
|
| |/ / |
|
| |\ \
| | |
| | | |
Config option to prevent showing non-fed rooms in fed /publicRooms
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | |\ \
| | | |
| | | |
| | | | |
anoa/public_rooms_federate
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* Don't log stack trace when client has gone away during media download
* Newsfile
* Fixup newsfile
|
| | | | |
| | | |
| | | | |
Fixes #4675.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* add trivial clarification about jemalloc
* switch from google.com to recaptcha.net
because https://developers.google.com/recaptcha/docs/faq#can-i-use-recaptcha-globally
|
| |\ \ \ \
| | | | |
| | | | | |
Log tracebacks correctly
|
| | | | | | |
|
| | | |/ /
| |/| | |
|
| |\ \ \ \
| | | | |
| | | | | |
Fix backfill storing incorrect state for events
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
MSC 1866 - Use M_UNSUPPORTED_ROOM_VERSION for invite API
|
| | | | | | | |
|
| | | | | | | |
|
| |\ \ \ \ \ \
| |_|_|/ / /
|/| | | | |
| | | | | |
| | | | | | |
matrix-org/erikj/correctly_handle_keyring_exceptions
Handle errors when fetching remote server keys
|
| | | | | | | |
|
| | | | | | | |
|
| | |/ / / / |
|
| |\ \ \ \ \
| |/ / / /
|/| | | | |
Correctly proxy exception in frontend_proxy worker
|
| | | | | | |
|
| |/ / / / |
|
| |\ \ \ \
| | | | |
| | | | | |
Fix up pusher logging a bit
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| | |/ / / |
|
| |\ \ \ \
| | | | |
| | | | | |
Fix state cache invalidation on workers
|
| | | | | | |
|
| | |/ / / |
|
| |/ / /
| | |
| | |
| | |
| | |
| | | |
Make sure that users' changes to the config files are preserved.
Fixes #4440.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
We're counting the number of push notifications, but not the number of badges;
I'd like to see if they are significant.
|
| | | |
| | |
| | |
| | |
| | | |
* You need an entry in the debian changelog (and not a regular newsfragment)
for debian packaging changes.
* Regular newsfragments must end in full stops.
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | | |
I suspect the CPU usage metrics for this are going to /dev/null at the moment.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Added HAProxy example
Proposal of an example with HAProxy. Asked by #4541.
Signed-off-by: Benoît S. (“Benpro”) <gitlab@benpro.fr>
* Following suggestions of @richvdh
|
| |\ \ \
| | | |
| | | | |
Prevent crash on pagination.
|
| | | | | |
|
| |\ \ \ \
| | | | |
| | | | | |
Migration Script: consider e2e_room_keys.is_verified column as boolean
|
| |/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This column was considered as an int, crashing the whole
migration process
Signed-off-by: Eric <eric@pedr0.net>
|
| |\ \ \ \
| | | | |
| | | | | |
Fixup generated metrics config
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
I just got bitten by a file being caught by the .gitignore, which shouldn't
have been, and am now pissed off with the .gitignore. I have basically declared
bankruptcy on it and started again.
|
| |\ \ \ \ \
| |/ / / /
|/| | | | |
Attempt to clarify installation/config instructions
|
| | | | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The general idea here is that config examples should just have a hash and no
extraneous whitespace, both to make it easier for people who don't understand
yaml, and to make the examples stand out from the comments.
|
| | | | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* Move RegistrationHandler init to HomeServer
* Move post registration actions to RegistrationHandler
* Add post regisration replication endpoint
* Newsfile
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* Run unit tests against python 3.7
... so that we span the full range of our supported python versions
* Switch to xenial
* fix psql fail
* pep8 etc want python 3.6
|
| |\ \ \ \ \
| |/ / / /
|/| | | | |
Batch cache invalidation over replication
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Currently whenever the current state changes in a room invalidate a lot
of caches, which cause *a lot* of traffic over replication. Instead,
lets batch up all those invalidations and send a single poke down
the replication streams.
Hopefully this will reduce load on the master process by substantially
reducing traffic.
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
Test against Postgres 9.5 as well as 9.4
|
| | |/ / / /
| | | | |
| | | | |
| | | | |
| | | | | |
Postgres 9.5 is the first to support UPSERTs, so we should really run against
it as well as 9.4.
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
Support .well-known delegation when issuing certificates through ACME
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| | |\ \ \ \ \ |
|
| | | | | | | |
| | | | | | |
| | | | | | | |
Co-Authored-By: babolivier <contact@brendanabolivier.com>
|
| | | | | | | |
| | | | | | |
| | | | | | | |
Co-Authored-By: babolivier <contact@brendanabolivier.com>
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | | |
|
| |\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Split /login into client_reader
|
| | | | | | | | | |
|
| | | | | | | | | |
|
| | | | | | | | | |
|
| |\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
* fix to use makeContext so that we don't need to rebuild the certificateoptions each time
|
| | | | | | | | | | |
|
| | | | | | | | | | |
|
| | | |_|_|/ / / /
| |/| | | | | |
| | | | | | | |
| | | | | | | | |
certificateoptions each time
|
| |\ \ \ \ \ \ \ \
| |/ / / / / / /
|/| | | | | | | |
Transfer bans on room upgrade
|
| | | | | | | | | |
|
| | | | | | | | | |
|
| | | | | | | | | |
|
| | | | | | | | | |
|
| | | | | | | | | |
|
| |\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
Add basic optional sentry.io integration
|
| | | | | | | | | | |
|
| | | | | | | | | | |
|
| | | | | | | | | | |
|
| | | | | | | | | | |
|
| | | | | | | | | | |
|
| | | | | | | | | | |
|
| | | | | | | | | | |
|
| |\ \ \ \ \ \ \ \ \
| | |_|/ / / / / /
| |/| | | | | | | |
Split out registration to worker
|
| | | | | | | | | | |
|
| | | | | | | | | | |
|
| | | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Co-Authored-By: erikjohnston <erikj@jki.re>
|
| | | | | | | | | | |
|
| | | | | | | | | | |
|
| | | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
This allows registration to be handled by a worker, though the actual
write to the database still happens on master.
Note: due to the in-memory session map all registration requests must be
handled by the same worker.
|
| |\ \ \ \ \ \ \ \ \
| | | | | | | | | |
| | | | | | | | | | |
Correctly handle HttpResponseException when handling device updates
|
| | | | | | | | | | | |
|
| | | | | | | | | | | |
|
| | | |_|_|_|/ / / /
| |/| | | | | | | |
|
| |\ \ \ \ \ \ \ \ \
| | | | | | | | | |
| | | | | | | | | | |
Cleanup top level request exception logging
|
| | | | | | | | | | | |
|
| | |/ / / / / / / /
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Firstly, we always logged that the request was being handled via
`JsonResource._async_render`, so we change that to use the servlet name
we add to the request.
Secondly, we pass the exception information to the logger rather than
formatting it manually. This makes it consistent with other exception
logging, allwoing logging hooks and formatters to access the exception
information.
|
| |\ \ \ \ \ \ \ \ \
| | | | | | | | | |
| | | | | | | | | | |
set CORS on .well-known URI to unbreak modular
|
| | | | | | | | | | | |
|
| | | | | | | | | | | |
|
| | | | | | | | | | | |
|
| | | | | | | | | | | |
|
| | | |_|_|_|/ / / /
| |/| | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
otherwise a riot/web running on foo.riot.im can't query
the .well-known on foo.modular.im...
|
| |\ \ \ \ \ \ \ \ \
| |_|/ / / / / / /
|/| | | | | | | | |
Fix kicking guest users in worker mode
|
| | | | | | | | | | |
|
| | | |/ / / / / /
| |/| | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
When guest_access changes from allowed to forbidden all local guest
users should be kicked from the room. This did not happen when
revocation was received from federation on a worker.
Presumably broken in #4141
|
| |\ \ \ \ \ \ \ \
| |/ / / / / / /
|/| | | | | | | |
Correctly handle RequestSendFailed exceptions
|
| | | | | | | | | |
|
| | | |_|/ / / /
| |/| | | | |
| | | | | | |
| | | | | | | |
This mainly reduces the number of exceptions we log.
|
| |\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Fix spelling mistakes
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
See: https://en.wiktionary.org/wiki/successful
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
The warning for missing macaroon_secret_key was "missing missing".
|
| |/ / / / / / / |
|
| |\ \ \ \ \ \ \
| |_|/ / / / /
|/| | | | | | |
Add configurable room list publishing rules
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | | |
|
| | |/ / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This allows specifying who and what is allowed to be published onto the
public room list
|
| |\ \ \ \ \ \ |
|
| | |\ \ \ \ \ \ |
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Make sure it refreshes the apt cache before trying to install stuff
|
| | | | | | | | | |
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
* Better logging for errors on startup
* Fix "TypeError: '>' not supported" when starting without an existing
certificate
* Fix a bug where an existing certificate would be reprovisoned every day
|
| |\| | | | | | |
| |_|/ / / / /
|/| | | | | | |
|
| | |\| | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Synapse 0.99.1 (2019-02-14)
===========================
Features
--------
- Include m.room.encryption on invites by default ([\#3902](https://github.com/matrix-org/synapse/issues/3902))
- Federation OpenID listener resource can now be activated even if federation is disabled ([\#4420](https://github.com/matrix-org/synapse/issues/4420))
- Synapse's ACME support will now correctly reprovision a certificate that approaches its expiry while Synapse is running. ([\#4522](https://github.com/matrix-org/synapse/issues/4522))
- Add ability to update backup versions ([\#4580](https://github.com/matrix-org/synapse/issues/4580))
- Allow the "unavailable" presence status for /sync.
This change makes Synapse compliant with r0.4.0 of the Client-Server specification. ([\#4592](https://github.com/matrix-org/synapse/issues/4592))
- There is no longer any need to specify `no_tls`: it is inferred from the absence of TLS listeners ([\#4613](https://github.com/matrix-org/synapse/issues/4613), [\#4615](https://github.com/matrix-org/synapse/issues/4615), [\#4617](https://github.com/matrix-org/synapse/issues/4617), [\#4636](https://github.com/matrix-org/synapse/issues/4636))
- The default configuration no longer requires TLS certificates. ([\#4614](https://github.com/matrix-org/synapse/issues/4614))
Bugfixes
--------
- Copy over room federation ability on room upgrade. ([\#4530](https://github.com/matrix-org/synapse/issues/4530))
- Fix noisy "twisted.internet.task.TaskStopped" errors in logs ([\#4546](https://github.com/matrix-org/synapse/issues/4546))
- Synapse is now tolerant of the `tls_fingerprints` option being None or not specified. ([\#4589](https://github.com/matrix-org/synapse/issues/4589))
- Fix 'no unique or exclusion constraint' error ([\#4591](https://github.com/matrix-org/synapse/issues/4591))
- Transfer Server ACLs on room upgrade. ([\#4608](https://github.com/matrix-org/synapse/issues/4608))
- Fix failure to start when not TLS certificate was given even if TLS was disabled. ([\#4618](https://github.com/matrix-org/synapse/issues/4618))
- Fix self-signed cert notice from generate-config. ([\#4625](https://github.com/matrix-org/synapse/issues/4625))
- Fix performance of `user_ips` table deduplication background update ([\#4626](https://github.com/matrix-org/synapse/issues/4626), [\#4627](https://github.com/matrix-org/synapse/issues/4627))
Internal Changes
----------------
- Change the user directory state query to use a filtered call to the db instead of a generic one. ([\#4462](https://github.com/matrix-org/synapse/issues/4462))
- Reject federation transactions if they include more than 50 PDUs or 100 EDUs. ([\#4513](https://github.com/matrix-org/synapse/issues/4513))
- Reduce duplication of ``synapse.app`` code. ([\#4567](https://github.com/matrix-org/synapse/issues/4567))
- Fix docker upload job to push -py2 images. ([\#4576](https://github.com/matrix-org/synapse/issues/4576))
- Add port configuration information to ACME instructions. ([\#4578](https://github.com/matrix-org/synapse/issues/4578))
- Update MSC1711 FAQ to calrify .well-known usage ([\#4584](https://github.com/matrix-org/synapse/issues/4584))
- Clean up default listener configuration ([\#4586](https://github.com/matrix-org/synapse/issues/4586))
- Clarifications for reverse proxy docs ([\#4607](https://github.com/matrix-org/synapse/issues/4607))
- Move ClientTLSOptionsFactory init out of `refresh_certificates` ([\#4611](https://github.com/matrix-org/synapse/issues/4611))
- Fail cleanly if listener config lacks a 'port' ([\#4616](https://github.com/matrix-org/synapse/issues/4616))
- Remove redundant entries from docker config ([\#4619](https://github.com/matrix-org/synapse/issues/4619))
- README updates ([\#4621](https://github.com/matrix-org/synapse/issues/4621))
|
| | | | | | | | |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
* implement `reload` by sending the HUP signal
According to the 0.99 release info* synapse now uses the HUP signal to reload certificates:
> Synapse will now reload TLS certificates from disk upon SIGHUP. (#4495, #4524)
So the matrix-synapse.service unit file should include a reload directive.
Signed-off-by: Дамјан Георгиевски <gdamjan@gmail.com>
|
| | | | | | | | |
|
| | | | | | | |
| | | | | | |
| | | | | | | |
Fix incorrect heading level
|
| |\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Fix error message for optional dependencies
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Signed-off-by: Willem Mulder <willemmaster@hotmail.com>
|
| |\ \ \ \ \ \ \ \
| | |_|/ / / / /
| |/| | | | | | |
|
| | |\ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
Fix errors when using default bind_addresses with replication/metrics listeners
|
| | | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Co-Authored-By: richvdh <1389908+richvdh@users.noreply.github.com>
|
| | | | | | | | | | |
|
| | | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Fixes the "can't listen on 0.0.0.0" error. Also makes it more consistent with
what we do elsewhere.
|
| | | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
I wanted to bring listen_tcp into line with listen_ssl in terms of returning a
list of ports, and wanted to check that was a safe thing to do - hence the
logging in `refresh_certificate`.
Also, pull the 'Synapse now listening' message up to homeserver.py, because it
was being duplicated everywhere else.
|
| | |/ / / / / / /
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
turns out it doesn't really support ipv6, so let's hack around that by only
listening on ipv4 by default.
|
| |/ / / / / / / |
|
| | | | | | | | |
|
| | | | | | | | |
|
| |\ \ \ \ \ \ \
| |_|_|/ / / /
|/| | | | | | |
Transfer Server ACLs on room upgrade
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | | |
|
| |\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Analyze user_ips before running deduplication
|
| | | | | | | | | |
|
| | | | | | | | | |
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Due to the table locks taken out by the naive upsert, the table
statistics may be out of date. During deduplication it is important that
the correct index is used as otherwise a full table scan may be
incorrectly used, which can end up thrashing the database badly.
|
| |\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
Reduce user_ips bloat during dedupe background update
|
| | | | | | | | | | |
|
| | |/ / / / / / /
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
The background update to remove duplicate rows naively deleted and
reinserted the duplicates. For large tables with a large number of
duplicates this causes a lot of bloat (with postgres), as the inserted
rows are appended to the table, since deleted rows will not be
overwritten until a VACUUM has happened.
This should hopefully also help ensure that the query in the last batch
uses the correct index, as inserting a large number of new rows without
analyzing will upset the query planner.
|
| |\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
fix self-signed cert notice from generate-config
|
| | |/ / / / / / /
| | | | | | | |
| | | | | | | |
| | | | | | | | |
fixes #4620
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Lots of updates to the README/INSTALL.md.
Fixes #4601.
|
| | | | | | | | | |
|
| |/ / / / / / /
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
If TLS is disabled, it should not be an error if no cert is given.
Fixes #4554.
|
| |\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Remove redundant entries from docker config
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
* no_tls is now redundant (#4613)
* we don't need a dummy cert any more (#4618)
|
| |\ \ \ \ \ \ \ \
| |/ / / / / / /
|/| | | | | | | |
Infer no_tls from presence of TLS listeners
|
| | | | | | | | | |
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Rather than have to specify `no_tls` explicitly, infer whether we need to load
the TLS keys etc from whether we have any TLS-enabled listeners.
|
| | |\ \ \ \ \ \ \ |
|
| | | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
we aren't going to use them anyway.
|
| | |\| | | | | | | |
|
| | |/ / / / / / /
|/| | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Log which file we're reading keys and certs from, and refactor the code a bit
in preparation for other work
|
| |/ / / / / / /
| | | | | | |
| | | | | | |
| | | | | | | |
... otherwise we would fail with a mysterious KeyError or something later.
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
It's nothing to do with refreshing the certificates. No idea why it was here.
|
| |\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
add updating of backup versions
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
also add tests
|
| | | | | | | | | |
|
| | | | | | | | | |
|
| | | | | | | | | |
|
| | | | | | | | | |
|
| | | | | | | | | |
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Rearrange the comments to try to clarify them, and expand on what some of it
means.
Use a sensible default 'bind_addresses' setting.
For the insecure port, only bind to localhost, and enable x_forwarded, since
apparently it's for use behind a load-balancer.
|
| | |/ / / / / /
|/| | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Factor out the reverse proxy info to a separate file, add some more info on
reverse-proxying the federation port.
|
| | | | | | | | |
|
| | | | | | | | |
|
| |\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
New listener resource for the federation API "openid/userinfo" endpoint
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Signed-off-by: Jason Robinson <jasonr@matrix.org>
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Signed-off-by: Jason Robinson <jasonr@matrix.org>
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Signed-off-by: Jason Robinson <jasonr@matrix.org>
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Signed-off-by: Jason Robinson <jasonr@matrix.org>
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Instead document it commented out.
Signed-off-by: Jason Robinson <jasonr@matrix.org>
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Signed-off-by: Jason Robinson <jasonr@matrix.org>
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Signed-off-by: Jason Robinson <jasonr@matrix.org>
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
This allows the OpenID userinfo endpoint to be active even if the
federation resource is not active. The OpenID userinfo endpoint
is called by integration managers to verify user actions using the
client API OpenID access token. Without this verification, the
integration manager cannot know that the access token is valid.
The OpenID userinfo endpoint will be loaded in the case that either
"federation" or "openid" resource is defined. The new "openid"
resource is defaulted to active in default configuration.
Signed-off-by: Jason Robinson <jasonr@matrix.org>
|
