| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Make sure that users' changes to the config files are preserved.
Fixes #4440.
|
|
|
|
|
|
| |
We're counting the number of push notifications, but not the number of badges;
I'd like to see if they are significant.
|
|
|
|
|
| |
* You need an entry in the debian changelog (and not a regular newsfragment)
for debian packaging changes.
* Regular newsfragments must end in full stops.
|
| |
|
| |
|
|
|
| |
I suspect the CPU usage metrics for this are going to /dev/null at the moment.
|
|
|
|
|
|
|
|
|
|
| |
* Added HAProxy example
Proposal of an example with HAProxy. Asked by #4541.
Signed-off-by: Benoît S. (“Benpro”) <gitlab@benpro.fr>
* Following suggestions of @richvdh
|
|\
| |
| | |
Prevent crash on pagination.
|
| | |
|
|\ \
| | |
| | | |
Migration Script: consider e2e_room_keys.is_verified column as boolean
|
|/ /
| |
| |
| |
| |
| |
| | |
This column was considered as an int, crashing the whole
migration process
Signed-off-by: Eric <eric@pedr0.net>
|
|\ \
| | |
| | | |
Fixup generated metrics config
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | | |
I just got bitten by a file being caught by the .gitignore, which shouldn't
have been, and am now pissed off with the .gitignore. I have basically declared
bankruptcy on it and started again.
|
|\ \ \
| |/ /
|/| | |
Attempt to clarify installation/config instructions
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | | |
The general idea here is that config examples should just have a hash and no
extraneous whitespace, both to make it easier for people who don't understand
yaml, and to make the examples stand out from the comments.
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Move RegistrationHandler init to HomeServer
* Move post registration actions to RegistrationHandler
* Add post regisration replication endpoint
* Newsfile
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Run unit tests against python 3.7
... so that we span the full range of our supported python versions
* Switch to xenial
* fix psql fail
* pep8 etc want python 3.6
|
|\ \ \
| |/ /
|/| | |
Batch cache invalidation over replication
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently whenever the current state changes in a room invalidate a lot
of caches, which cause *a lot* of traffic over replication. Instead,
lets batch up all those invalidations and send a single poke down
the replication streams.
Hopefully this will reduce load on the master process by substantially
reducing traffic.
|
|\ \ \
| | | |
| | | | |
Test against Postgres 9.5 as well as 9.4
|
| |/ /
| | |
| | |
| | |
| | | |
Postgres 9.5 is the first to support UPSERTs, so we should really run against
it as well as 9.4.
|
|\ \ \
| | | |
| | | | |
Support .well-known delegation when issuing certificates through ACME
|
| | | | |
|
| | | | |
|
| | | | |
|
| |\ \ \ |
|
| | | | |
| | | | |
| | | | | |
Co-Authored-By: babolivier <contact@brendanabolivier.com>
|
| | | | |
| | | | |
| | | | | |
Co-Authored-By: babolivier <contact@brendanabolivier.com>
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Split /login into client_reader
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | | |
* fix to use makeContext so that we don't need to rebuild the certificateoptions each time
|
| | | | | | | |
|
| | | | | | | |
|
| | |_|_|/ /
| |/| | | |
| | | | | |
| | | | | | |
certificateoptions each time
|
|\ \ \ \ \ \
| |/ / / / /
|/| | | | | |
Transfer bans on room upgrade
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Add basic optional sentry.io integration
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
|\ \ \ \ \ \ \
| | |_|/ / / /
| |/| | | | | |
Split out registration to worker
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | |
| | | | | | |
| | | | | | | |
Co-Authored-By: erikjohnston <erikj@jki.re>
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This allows registration to be handled by a worker, though the actual
write to the database still happens on master.
Note: due to the in-memory session map all registration requests must be
handled by the same worker.
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Correctly handle HttpResponseException when handling device updates
|
| | | | | | | | |
|
| | | | | | | | |
|
| | |_|_|_|/ /
| |/| | | | | |
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Cleanup top level request exception logging
|
| | | | | | | | |
|
| |/ / / / / /
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Firstly, we always logged that the request was being handled via
`JsonResource._async_render`, so we change that to use the servlet name
we add to the request.
Secondly, we pass the exception information to the logger rather than
formatting it manually. This makes it consistent with other exception
logging, allwoing logging hooks and formatters to access the exception
information.
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
set CORS on .well-known URI to unbreak modular
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | | |
|
| | |_|_|_|/ /
| |/| | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
otherwise a riot/web running on foo.riot.im can't query
the .well-known on foo.modular.im...
|
|\ \ \ \ \ \ \
| |_|/ / / / /
|/| | | | | | |
Fix kicking guest users in worker mode
|
| | | | | | | |
|
| | |/ / / /
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
When guest_access changes from allowed to forbidden all local guest
users should be kicked from the room. This did not happen when
revocation was received from federation on a worker.
Presumably broken in #4141
|
|\ \ \ \ \ \
| |/ / / / /
|/| | | | | |
Correctly handle RequestSendFailed exceptions
|
| | | | | | |
|
| | |_|/ /
| |/| | |
| | | | |
| | | | | |
This mainly reduces the number of exceptions we log.
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Fix spelling mistakes
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
See: https://en.wiktionary.org/wiki/successful
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
The warning for missing macaroon_secret_key was "missing missing".
|
|/ / / / / |
|
|\ \ \ \ \
| |_|/ / /
|/| | | | |
Add configurable room list publishing rules
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| |/ / /
| | | |
| | | |
| | | |
| | | | |
This allows specifying who and what is allowed to be published onto the
public room list
|
|\ \ \ \ |
|
| |\ \ \ \ |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Make sure it refreshes the apt cache before trying to install stuff
|
| | | | | | |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
* Better logging for errors on startup
* Fix "TypeError: '>' not supported" when starting without an existing
certificate
* Fix a bug where an existing certificate would be reprovisoned every day
|
|\| | | | |
| |_|/ / /
|/| | | | |
|
| |\| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Synapse 0.99.1 (2019-02-14)
===========================
Features
--------
- Include m.room.encryption on invites by default ([\#3902](https://github.com/matrix-org/synapse/issues/3902))
- Federation OpenID listener resource can now be activated even if federation is disabled ([\#4420](https://github.com/matrix-org/synapse/issues/4420))
- Synapse's ACME support will now correctly reprovision a certificate that approaches its expiry while Synapse is running. ([\#4522](https://github.com/matrix-org/synapse/issues/4522))
- Add ability to update backup versions ([\#4580](https://github.com/matrix-org/synapse/issues/4580))
- Allow the "unavailable" presence status for /sync.
This change makes Synapse compliant with r0.4.0 of the Client-Server specification. ([\#4592](https://github.com/matrix-org/synapse/issues/4592))
- There is no longer any need to specify `no_tls`: it is inferred from the absence of TLS listeners ([\#4613](https://github.com/matrix-org/synapse/issues/4613), [\#4615](https://github.com/matrix-org/synapse/issues/4615), [\#4617](https://github.com/matrix-org/synapse/issues/4617), [\#4636](https://github.com/matrix-org/synapse/issues/4636))
- The default configuration no longer requires TLS certificates. ([\#4614](https://github.com/matrix-org/synapse/issues/4614))
Bugfixes
--------
- Copy over room federation ability on room upgrade. ([\#4530](https://github.com/matrix-org/synapse/issues/4530))
- Fix noisy "twisted.internet.task.TaskStopped" errors in logs ([\#4546](https://github.com/matrix-org/synapse/issues/4546))
- Synapse is now tolerant of the `tls_fingerprints` option being None or not specified. ([\#4589](https://github.com/matrix-org/synapse/issues/4589))
- Fix 'no unique or exclusion constraint' error ([\#4591](https://github.com/matrix-org/synapse/issues/4591))
- Transfer Server ACLs on room upgrade. ([\#4608](https://github.com/matrix-org/synapse/issues/4608))
- Fix failure to start when not TLS certificate was given even if TLS was disabled. ([\#4618](https://github.com/matrix-org/synapse/issues/4618))
- Fix self-signed cert notice from generate-config. ([\#4625](https://github.com/matrix-org/synapse/issues/4625))
- Fix performance of `user_ips` table deduplication background update ([\#4626](https://github.com/matrix-org/synapse/issues/4626), [\#4627](https://github.com/matrix-org/synapse/issues/4627))
Internal Changes
----------------
- Change the user directory state query to use a filtered call to the db instead of a generic one. ([\#4462](https://github.com/matrix-org/synapse/issues/4462))
- Reject federation transactions if they include more than 50 PDUs or 100 EDUs. ([\#4513](https://github.com/matrix-org/synapse/issues/4513))
- Reduce duplication of ``synapse.app`` code. ([\#4567](https://github.com/matrix-org/synapse/issues/4567))
- Fix docker upload job to push -py2 images. ([\#4576](https://github.com/matrix-org/synapse/issues/4576))
- Add port configuration information to ACME instructions. ([\#4578](https://github.com/matrix-org/synapse/issues/4578))
- Update MSC1711 FAQ to calrify .well-known usage ([\#4584](https://github.com/matrix-org/synapse/issues/4584))
- Clean up default listener configuration ([\#4586](https://github.com/matrix-org/synapse/issues/4586))
- Clarifications for reverse proxy docs ([\#4607](https://github.com/matrix-org/synapse/issues/4607))
- Move ClientTLSOptionsFactory init out of `refresh_certificates` ([\#4611](https://github.com/matrix-org/synapse/issues/4611))
- Fail cleanly if listener config lacks a 'port' ([\#4616](https://github.com/matrix-org/synapse/issues/4616))
- Remove redundant entries from docker config ([\#4619](https://github.com/matrix-org/synapse/issues/4619))
- README updates ([\#4621](https://github.com/matrix-org/synapse/issues/4621))
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* implement `reload` by sending the HUP signal
According to the 0.99 release info* synapse now uses the HUP signal to reload certificates:
> Synapse will now reload TLS certificates from disk upon SIGHUP. (#4495, #4524)
So the matrix-synapse.service unit file should include a reload directive.
Signed-off-by: Дамјан Георгиевски <gdamjan@gmail.com>
|
| | | | | |
|
| | | | |
| | | | |
| | | | | |
Fix incorrect heading level
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Fix error message for optional dependencies
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Willem Mulder <willemmaster@hotmail.com>
|
|\ \ \ \ \ \
| | |_|/ / /
| |/| | | | |
|
| |\ \ \ \ \
| | | | | | |
| | | | | | | |
Fix errors when using default bind_addresses with replication/metrics listeners
|
| | | | | | |
| | | | | | |
| | | | | | | |
Co-Authored-By: richvdh <1389908+richvdh@users.noreply.github.com>
|
| | | | | | | |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Fixes the "can't listen on 0.0.0.0" error. Also makes it more consistent with
what we do elsewhere.
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
I wanted to bring listen_tcp into line with listen_ssl in terms of returning a
list of ports, and wanted to check that was a safe thing to do - hence the
logging in `refresh_certificate`.
Also, pull the 'Synapse now listening' message up to homeserver.py, because it
was being duplicated everywhere else.
|
| |/ / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
turns out it doesn't really support ipv6, so let's hack around that by only
listening on ipv4 by default.
|
|/ / / / / |
|
| | | | | |
|
| | | | | |
|
|\ \ \ \ \
| |_|_|/ /
|/| | | | |
Transfer Server ACLs on room upgrade
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Analyze user_ips before running deduplication
|
| | | | | | |
|
| | | | | | |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Due to the table locks taken out by the naive upsert, the table
statistics may be out of date. During deduplication it is important that
the correct index is used as otherwise a full table scan may be
incorrectly used, which can end up thrashing the database badly.
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Reduce user_ips bloat during dedupe background update
|
| | | | | | | |
|
| |/ / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
The background update to remove duplicate rows naively deleted and
reinserted the duplicates. For large tables with a large number of
duplicates this causes a lot of bloat (with postgres), as the inserted
rows are appended to the table, since deleted rows will not be
overwritten until a VACUUM has happened.
This should hopefully also help ensure that the query in the last batch
uses the correct index, as inserting a large number of new rows without
analyzing will upset the query planner.
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
fix self-signed cert notice from generate-config
|
| |/ / / / /
| | | | | |
| | | | | |
| | | | | | |
fixes #4620
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Lots of updates to the README/INSTALL.md.
Fixes #4601.
|
| | | | | | |
|
|/ / / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
If TLS is disabled, it should not be an error if no cert is given.
Fixes #4554.
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Remove redundant entries from docker config
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
* no_tls is now redundant (#4613)
* we don't need a dummy cert any more (#4618)
|
|\ \ \ \ \ \
| |/ / / / /
|/| | | | | |
Infer no_tls from presence of TLS listeners
|
| | | | | | |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Rather than have to specify `no_tls` explicitly, infer whether we need to load
the TLS keys etc from whether we have any TLS-enabled listeners.
|
| |\ \ \ \ \ |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
we aren't going to use them anyway.
|
| |\| | | | | |
|
| |/ / / / /
|/| | | | |
| | | | | |
| | | | | |
| | | | | | |
Log which file we're reading keys and certs from, and refactor the code a bit
in preparation for other work
|
|/ / / / /
| | | | |
| | | | |
| | | | | |
... otherwise we would fail with a mysterious KeyError or something later.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
It's nothing to do with refreshing the certificates. No idea why it was here.
|
|\ \ \ \ \
| | | | | |
| | | | | | |
add updating of backup versions
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
also add tests
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Rearrange the comments to try to clarify them, and expand on what some of it
means.
Use a sensible default 'bind_addresses' setting.
For the insecure port, only bind to localhost, and enable x_forwarded, since
apparently it's for use behind a load-balancer.
|
| |/ / / /
|/| | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Factor out the reverse proxy info to a separate file, add some more info on
reverse-proxying the federation port.
|
| | | | | |
|
| | | | | |
|
|\ \ \ \ \
| | | | | |
| | | | | | |
New listener resource for the federation API "openid/userinfo" endpoint
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Jason Robinson <jasonr@matrix.org>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Jason Robinson <jasonr@matrix.org>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Jason Robinson <jasonr@matrix.org>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Jason Robinson <jasonr@matrix.org>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Instead document it commented out.
Signed-off-by: Jason Robinson <jasonr@matrix.org>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Jason Robinson <jasonr@matrix.org>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Jason Robinson <jasonr@matrix.org>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This allows the OpenID userinfo endpoint to be active even if the
federation resource is not active. The OpenID userinfo endpoint
is called by integration managers to verify user actions using the
client API OpenID access token. Without this verification, the
integration manager cannot know that the access token is valid.
The OpenID userinfo endpoint will be loaded in the case that either
"federation" or "openid" resource is defined. The new "openid"
resource is defaulted to active in default configuration.
Signed-off-by: Jason Robinson <jasonr@matrix.org>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Check all possible variants of openid and federation listener on/off
possibilities.
Signed-off-by: Jason Robinson <jasonr@matrix.org>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
For all the homeserver classes, only the FrontendProxyServer passes
its reactor when doing the http listen. Looking at previous PR's looks
like this was introduced to make it possible to write a test, otherwise
when you try to run a test with the test homeserver it tries to
do a real bind to a port. Passing the reactor that the homeserver
is instantiated with should probably be the right thing to do anyway?
Signed-off-by: Jason Robinson <jasonr@matrix.org>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Check all possible variants of openid and federation listener on/off
possibilities.
Signed-off-by: Jason Robinson <jasonr@matrix.org>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
For all the homeserver classes, only the FrontendProxyServer passes
its reactor when doing the http listen. Looking at previous PR's looks
like this was introduced to make it possible to write a test, otherwise
when you try to run a test with the test homeserver it tries to
do a real bind to a port. Passing the reactor that the homeserver
is instantiated with should probably be the right thing to do anyway?
Signed-off-by: Jason Robinson <jasonr@matrix.org>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Allows running parameterized tests. BSD license.
Signed-off-by: Jason Robinson <jasonr@matrix.org>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Jason Robinson <jasonr@matrix.org>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
* Allow "unavailable" presence status for /sync
Closes #3772, closes #3779
Signed-off-by: Valentin Anger <valentin.an.1999@gmail.com>
* Add changelog for PR 4592
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Add more tables to the list of tables which need a background update to
complete before we can upsert into them, which fixes a race against the
background updates.
|
| | | | | | |
|
|\ \ \ \ \ \
| | |_|_|/ /
| |/| | | | |
|
| | | | | | |
|
| |\ \ \ \ \ |
|
| | | | | | | |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
A surprising number of people are using the well-known method, and are
simply copying the example configuration. This is problematic as the
example includes an explicit port, which causes inbound federation
requests to have the HTTP Host header include the port, upsetting some
reverse proxies.
Given that, we update the well-known example to be more explicit about
the various ways you can set it up, and the consequence of using an
explict port.
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
A surprising number of people are using the well-known method, and are
simply copying the example configuration. This is problematic as the
example includes an explicit port, which causes inbound federation
requests to have the HTTP Host header include the port, upsetting some
reverse proxies.
Given that, we update the well-known example to be more explicit about
the various ways you can set it up, and the consequence of using an
explict port.
|
|\ \ \ \ \ \ \
| | |/ / / / /
| |/| | | | | |
|
| |\ \ \ \ \ \ |
|
| | | | | | | | |
|
| | |/ / / / /
| |/| | | | | |
|
|\| | | | | | |
|
| | | | | | | |
|
|\| | | | | | |
|
| |/ / / / / |
|
|\| | | | | |
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| |\ \ \ \ \
| | | | | | |
| | | | | | | |
Add ACME docs and link to it from README and INSTALL
|
| | | | | | | |
|
| | |\ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | | |
into anoa/self_signed_upgrade
|
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Co-Authored-By: anoadragon453 <1342360+anoadragon453@users.noreply.github.com>
|
| | | | | | | | |
|
| | | | | | | | |
|
| | |/ / / / / |
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| | |\ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | | |
anoa/self_signed_upgrade
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | | |
|
| | |/ / / / /
| |/| | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
MSC1711 certificates FAQ
|
| | | | | | |
| | | | | | |
| | | | | | | |
The readme was getting pretty unmanageable and hard to grok. This is an attempt to simplify things by moving installation instructions from the README to a separate file. I've tried to resist the temptation to fix too much stuff while I'm here - it mostly just copies-and-pastes from one doc to the other, and changes from rst to md syntax.
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Also:
* Fix wrapping in docker readme
* Clean up some docs on the docker image
* a workaround for #4554
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
There are two reasons this is a good thing:
* first, it means that you don't end up with stuff kicking around your working
copy ending up in the build image by mistake (which can upset the pip
install process)
* second: it means that the docker image cache is more effective, and we can
reuse docker images when iterating on the docker stuff.
|
| | | | | | |
| | | | | | |
| | | | | | | |
Fixes #4559
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Switch the matrixdotorg/synapse:latest Docker image to use python 3
|
| |/ / / / / |
|
| |\ \ \ \ \
| | | | | | |
| | | | | | | |
Add docs for ACME setup
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | |
| | | | | | |
| | | | | | | |
Co-Authored-By: anoadragon453 <1342360+anoadragon453@users.noreply.github.com>
|
| | | | | | |
| | | | | | |
| | | | | | | |
Co-Authored-By: anoadragon453 <1342360+anoadragon453@users.noreply.github.com>
|
| | | | | | | |
|
| | |\ \ \ \ \
| | |/ / / / /
| |/| | | | |
| | | | | | | |
anoa/acme_docs
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| |/ / / / / |
|
| |_|/ / /
|/| | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* Filter user directory state query to a subset of state events
* Add changelog
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
matrix-org/rav/silence_critical_error_from_federation
Fix noisy "twisted.internet.task.TaskStopped" errors in logs
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Fixes #4003
|
|\ \ \ \ \ \
| | |/ / / /
| |/| | | | |
|
| |\ \ \ \ \
| | | | | | |
| | | | | | | |
Treat an invalid .well-known the same as an absent one
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
... basically, carry on and fall back to SRV etc.
|
| |/ / / / / |
|
|\| | | | | |
|
| |\ \ \ \ \
| | | | | | |
| | | | | | | |
Caching for invalid .well-knowns
|
| | | | | | | |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Also add a Measure block around the .well-known fetch
|
| | | | | | | |
|
| |\| | | | |
| | |/ / / /
| |/| | | | |
Update federation routing logic to check .well-known before SRV
|