summary refs log tree commit diff
path: root/synapse/config/server.py (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #5209 from matrix-org/erikj/reactions_baseErik Johnston2019-05-201-0/+5
|\ | | | | Land basic reaction and edit support.
| * Add aggregations APIErik Johnston2019-05-161-0/+5
| |
* | Add option to disable per-room profilesBrendan Abolivier2019-05-161-0/+11
|/
* Add ability to blacklist ip ranges for federation traffic (#5043)Andrew Morgan2019-05-131-0/+38
|
* add options to require an access_token to GET /profile and /publicRooms on ↵Matthew Hodgson2019-05-081-0/+27
| | | | | | | | | | | | | | | | | CS API (#5083) This commit adds two config options: * `restrict_public_rooms_to_local_users` Requires auth to fetch the public rooms directory through the CS API and disables fetching it through the federation API. * `require_auth_for_profile_requests` When set to `true`, requires that requests to `/profile` over the CS API are authenticated, and only returns the user's profile if the requester shares a room with the profile's owner, as per MSC1301. MSC1301 also specifies a behaviour for federation (only returning the profile if the server asking for it shares a room with the profile's owner), but that's currently really non-trivial to do in a not too expensive way. Next step is writing down a MSC that allows a HS to specify which user sent the profile query. In this implementation, Synapse won't send a profile query over federation if it doesn't believe it already shares a room with the profile's owner, though. Groups have been intentionally omitted from this commit.
* Merge pull request #5124 from matrix-org/babolivier/aliasesBrendan Abolivier2019-05-021-0/+11
|\ | | | | Add some limitations to alias creation
| * Add some limitations to alias creationBrendan Abolivier2019-05-021-0/+11
| |
* | Move admin API to a new prefixRichard van der Hoff2019-05-011-2/+2
|/
* Config option for verifying federation certificates (MSC 1711) (#4967)Andrew Morgan2019-04-251-2/+4
|
* add context to phonehome stats (#5020)Neil Johnson2019-04-081-0/+4
| | | | add context to phonehome stats
* Add a config option for torture-testing worker replication. (#4902)Richard van der Hoff2019-03-201-0/+5
| | | Setting this to 50 or so makes a bunch of sytests fail in worker mode.
* Comment out most options in the generated config. (#4863)Richard van der Hoff2019-03-191-3/+3
| | | | | | | | | | | | | | | | | | | | Make it so that most options in the config are optional, and commented out in the generated config. The reasons this is a good thing are as follows: * If we decide that we should change the default for an option, we can do so, and only those admins that have deliberately chosen to override that option will be stuck on the old setting. * It moves us towards a point where we can get rid of the super-surprising feature of synapse where the default settings for the config come from the generated yaml. * It makes setting up a test config for unit testing an order of magnitude easier (see forthcoming PR). * It makes the generated config more consistent, and hopefully easier for users to understand.
* Include a default configuration file in the 'docs' directory. (#4791)Richard van der Hoff2019-03-041-0/+4
|
* Attempt to make default config more consistentRichard van der Hoff2019-02-191-42/+50
| | | | | | The general idea here is that config examples should just have a hash and no extraneous whitespace, both to make it easier for people who don't understand yaml, and to make the examples stand out from the comments.
* Special-case the default bind_addresses for metrics listenerRichard van der Hoff2019-02-131-1/+5
| | | | | turns out it doesn't really support ipv6, so let's hack around that by only listening on ipv4 by default.
* Disable TLS by default (#4614)Richard van der Hoff2019-02-121-24/+24
|
* Infer no_tls from presence of TLS listenersRichard van der Hoff2019-02-111-3/+20
| | | | | Rather than have to specify `no_tls` explicitly, infer whether we need to load the TLS keys etc from whether we have any TLS-enabled listeners.
* Fail cleanly if listener config lacks a 'port'Richard van der Hoff2019-02-111-0/+5
| | | | ... otherwise we would fail with a mysterious KeyError or something later.
* Clean up default listener configuration (#4586)Richard van der Hoff2019-02-111-48/+81
| | | | | | | | | | Rearrange the comments to try to clarify them, and expand on what some of it means. Use a sensible default 'bind_addresses' setting. For the insecure port, only bind to localhost, and enable x_forwarded, since apparently it's for use behind a load-balancer.
* Merge pull request #4420 from matrix-org/jaywink/openid-listenerErik Johnston2019-02-111-0/+10
|\ | | | | New listener resource for the federation API "openid/userinfo" endpoint
| * Fix flake8 issuesJason Robinson2019-01-231-1/+1
| | | | | | | | Signed-off-by: Jason Robinson <jasonr@matrix.org>
| * Remove openid resource from default configJason Robinson2019-01-231-4/+13
| | | | | | | | | | | | Instead document it commented out. Signed-off-by: Jason Robinson <jasonr@matrix.org>
| * Split federation OpenID userinfo endpoint out of the federation resourceJason Robinson2019-01-231-4/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows the OpenID userinfo endpoint to be active even if the federation resource is not active. The OpenID userinfo endpoint is called by integration managers to verify user actions using the client API OpenID access token. Without this verification, the integration manager cannot know that the access token is valid. The OpenID userinfo endpoint will be loaded in the case that either "federation" or "openid" resource is defined. The new "openid" resource is defaulted to active in default configuration. Signed-off-by: Jason Robinson <jasonr@matrix.org>
* | Don't recommend :8448 to people on public_baseurlTravis Ralston2019-01-281-1/+1
| |
* | Merge pull request #4435 from matrix-org/neilj/fix_threepid_auth_checkNeil Johnson2019-01-241-5/+4
|\ \ | | | | | | Neilj/fix threepid auth check
| * | move guard out of is_threepid_reserved and into register.pyNeil Johnson2019-01-221-2/+0
| | |
| * | Fix None guard in config.server.is_threepid_reservedNeil Johnson2019-01-221-5/+6
| |/
* / Clarify docs for public_baseurlDavid Baker2019-01-241-1/+5
|/ | | | | | This is leading to problems with people upgrading to clients that support MSC1730 because people have this misconfigured, so try to make the docs completely unambiguous.
* Check jinja version for consent resource (#4327)Richard van der Hoff2019-01-071-1/+37
| | | | | | | | * Raise a ConfigError if an invalid resource is specified * Require Jinja 2.9 for the consent resource * changelog
* Add a script to generate a clean config file (#4315)Richard van der Hoff2018-12-221-2/+3
|
* Fix indentation in default config (#4313)Richard van der Hoff2018-12-221-35/+35
| | | These settings are not supposed to be under 'listeners'.
* Stop installing Matrix Console by defaultRichard van der Hoff2018-12-111-15/+27
| | | | This is based on the work done by @krombel in #2601.
* Add an option to disable search for homeservers which may not be interested ↵Travis Ralston2018-12-041-1/+11
| | | | | | in it (#4230) This is useful for homeservers not intended for users, such as bot-only homeservers or ones that only process IoT data.
* Add option to track MAU stats (but not limit people) (#3830)Travis Ralston2018-11-151-0/+6
|
* move threepid checker to config, add missing yieldsNeil Johnson2018-08-311-0/+17
|
* Change admin_uri to admin_contact in config and errorsErik Johnston2018-08-241-2/+2
|
* Implement trail usersErik Johnston2018-08-231-0/+6
|
* Integrate presence from hotfixes (#3694)Amber Brown2018-08-181-0/+6
|
* server limits config docsNeil Johnson2018-08-171-0/+26
|
* add new error type ResourceLimitNeil Johnson2018-08-161-0/+1
|
* update admin email to uriNeil Johnson2018-08-151-1/+1
|
* replace admin_email with admin_uri for greater flexibilityNeil Johnson2018-08-151-1/+1
|
* support admin_email config and pass through into blocking errors, return ↵Neil Johnson2018-08-131-0/+4
| | | | AuthError in all cases
* Revert "support admin_email config and pass through into blocking errors, ↵Neil Johnson2018-08-131-4/+0
| | | | | | return AuthError in all cases" This reverts commit 0d43f991a19840a224d3dac78d79f13d78212ee6.
* support admin_email config and pass through into blocking errors, return ↵Neil Johnson2018-08-131-0/+4
| | | | AuthError in all cases
* Merge branch 'develop' into neilj/disable_hsNeil Johnson2018-08-081-0/+3
|\
| * implement reserved users for mau limitsNeil Johnson2018-08-071-1/+1
| |
| * load mau limit threepidsNeil Johnson2018-08-061-0/+3
| |
* | disable HS from configNeil Johnson2018-08-041-0/+4
|/
* fix (lots of) py3 test failuresNeil Johnson2018-08-031-2/+2
|
* Merge branch 'master' into developRichard van der Hoff2018-08-021-0/+2
|\
| * Merge pull request #3377 from Valodim/note-affinityRichard van der Hoff2018-07-191-0/+2
| |\ | | | | | | document that the affinity package is required for the cpu_affinity setting
| | * add note that the affinity package is required for the cpu_affinity settingVincent Breitmoser2018-06-091-0/+2
| | |
* | | remove need to plot limit_usage_by_mauNeil Johnson2018-08-011-3/+6
| | |
* | | coding styleNeil Johnson2018-07-311-1/+1
| | |
* | | limit register and sign in on number of monthly usersNeil Johnson2018-07-301-0/+5
|/ /
* | run isortAmber Brown2018-07-091-0/+1
| |
* | More server_name validationRichard van der Hoff2018-07-041-2/+9
|/ | | | | | | | We need to do a bit more validation when we get a server name, but don't want to be re-doing it all over the shop, so factor out a separate parse_and_validate_server_name, and do the extra validation. Also, use it to verify the server name in the config file.
* Run Prometheus on a different port, optionally. (#3274)Amber Brown2018-05-311-0/+10
|
* Add federation_domain_whitelist option (#2820)Matthew Hodgson2018-01-221-0/+22
| | | | | | Add federation_domain_whitelist gives a way to restrict which domains your HS is allowed to federate with. useful mainly for gracefully preventing a private but internet-connected HS from trying to federate to the wider public Matrix network
* Allow binds to both :: and 0.0.0.0Silke Hofstra2017-12-171-5/+3
| | | | | | | | | | Binding on 0.0.0.0 when :: is specified in the bind_addresses is now allowed. This causes a warning explaining the behaviour. Configuration changed to match. See #2232 Signed-off-by: Silke Hofstra <silke@slxh.eu>
* Adapt the default config to bind on IPv6.Willem Mulder2017-12-171-8/+9
| | | | | | | | | Most deployments are on Linux (or Mac OS), so this would actually bind on both IPv4 and IPv6. Resolves #1886. Signed-off-by: Willem Mulder <willemmaster@hotmail.com>
* Add config option to disable media_repo on main synapseRichard van der Hoff2017-11-221-0/+6
| | | | ... to stop us doing the cache cleanup jobs on the master.
* Add a hook for custom rest endpointsRichard van der Hoff2017-11-021-0/+7
| | | | | Let the user specify custom modules which can be used for implementing extra endpoints.
* replace 'except:' with 'except Exception:'Richard van der Hoff2017-10-231-1/+1
| | | | what could possibly go wrong
* Add a config option to block all room invites (#2457)Richard van der Hoff2017-09-191-0/+10
| | | | | - allows sysadmins the ability to lock down their servers so that people can't send their users room invites.
* Fix process startupRichard van der Hoff2017-08-161-10/+13
| | | | escape the % that got added in 92168cb so that the process starts up ok.
* explain why CPU affinity is a good ideaMatthew Hodgson2017-08-151-0/+8
|
* Allow configuration of CPU affinityRichard van der Hoff2017-08-151-0/+12
| | | | | Make it possible to set the CPU affinity in the config file, so that we don't need to remember to do it manually every time.
* Initial worker implErik Johnston2017-06-161-0/+4
|
* Configurable maximum number of events requested by /sync and /messages (#2220)Pablo Saavedra2017-05-131-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Set the limit on the returned events in the timeline in the get and sync operations. The default value is -1, means no upper limit. For example, using `filter_timeline_limit: 5000`: POST /_matrix/client/r0/user/user:id/filter { room: { timeline: { limit: 1000000000000000000 } } } GET /_matrix/client/r0/user/user:id/filter/filter:id { room: { timeline: { limit: 5000 } } } The server cuts down the room.timeline.limit.
* web_server_root documentation fixMatthew Wolff2017-04-171-0/+6
| | | | Signed-off-by: Matthew Wolff <matthewjwolff@gmail.com>
* Pop bind_addressErik Johnston2017-01-101-1/+1
|
* Restore default bind addressErik Johnston2017-01-101-4/+13
|
* Add IPv6 comment to default configJohannes Löthberg2016-12-181-0/+4
| | | | Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
* Make default homeserver config use bind_addressesJohannes Löthberg2016-12-181-4/+5
| | | | Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
* Hook up the send queue and create a federation sender workerErik Johnston2016-11-161-0/+5
|
* Remove support for aggregate room listsErik Johnston2016-09-151-9/+0
|
* remove vector.im from default secondary DS listMatthew Hodgson2016-06-271-1/+0
|
* Remove the legacy v0 content upload API.Mark Haines2016-06-211-20/+0
| | | | | | The existing content can still be downloaded. The last upload to the matrix.org server was in January 2015, so it is probably safe to remove the upload API.
* Turn use_frozen_events off by defaultErik Johnston2016-06-171-1/+1
|
* Inline the synchrotron and pusher configs into the main configMark Haines2016-06-161-13/+18
|
* Allow setting of gc.set_thresholdsErik Johnston2016-06-071-1/+18
|
* Add vector.im to default secondary_directory_servers and add comment ↵David Baker2016-05-311-0/+4
| | | | explaining it's not a permanent solution
* Add federation room list servletDavid Baker2016-05-311-0/+6
|
* Correct public_baseurl defaultDavid Baker2016-04-291-2/+2
|
* Merge remote-tracking branch 'origin/develop' into dbkr/email_notifsDavid Baker2016-04-291-0/+1
|\
| * Optionally split out the pushers into a separate processMark Haines2016-04-211-0/+1
| |
* | Hopefully all remaining bits for email notifsDavid Baker2016-04-271-0/+8
|/ | | | Add public facing base url to the server so synapse knows what URL to use when converting mxc to http urls for use in emails
* Merge pull request #473 from matrix-org/erikj/ssh_manholeErik Johnston2016-01-071-1/+1
|\ | | | | Change manhole to use ssh
| * s/telnet/ssh/Erik Johnston2016-01-071-1/+1
| |
* | copyrightsMatthew Hodgson2016-01-071-1/+1
|/
* Added a single line to explain what the server_name is used forMads R. Christensen2015-12-021-0/+1
|
* Preserve version string in user agentDaniel Wagner-Hall2015-10-051-1/+1
|
* Allow synapse's useragent to be customizedDaniel Wagner-Hall2015-10-021-0/+1
| | | | | This will allow me to write tests which verify which server made HTTP requests in a federation context.
* Implement configurable stats reportingDaniel Wagner-Hall2015-09-221-1/+1
| | | | | | | | | | SYN-287 This requires that HS owners either opt in or out of stats reporting. When --generate-config is passed, --report-stats must be specified If an already-generated config is used, and doesn't have the report_stats key, it is requested to be set.
* Allow specifying a directory to host a web client fromErik Johnston2015-08-251-0/+1
|
* Only print the pidfile path on startup if requested by a commandline flagPaul "LeoNerd" Evans2015-08-071-0/+7
|
* Remove redundant newlineErik Johnston2015-06-151-2/+1
|
* Document listener config. Remove deprecated config optionsErik Johnston2015-06-151-28/+42
|
* Add backwards compat support for metrics, manhole and webclient config optionsErik Johnston2015-06-121-3/+27
|
* Correctly handle x_forwaded listener optionErik Johnston2015-06-121-0/+2
|
* Use config.listenersErik Johnston2015-06-121-30/+84
|
* Begin changing the config formatErik Johnston2015-06-111-8/+24
|
* Add config option to disable compression of http responsesErik Johnston2015-06-011-0/+6
|
* Add config option to turn off freezing events. Use new encode_json api and ↵Erik Johnston2015-05-291-0/+1
| | | | ujson.loads
* Use the daemonize key from the config if it existsMark Haines2015-05-011-1/+4
|
* Allow "manhole" to be ommited from the configMark Haines2015-04-301-1/+1
|
* Remove the ~, comment the lines insteadMark Haines2015-04-301-1/+1
|
* Manually generate the default config yaml, remove most of the commandline ↵Mark Haines2015-04-301-48/+69
| | | | arguments for synapse anticipating that people will use the yaml instead. Simpify implementing config options by not requiring the classes to hit the super class
* Move the key related config parser into a separate fileMark Haines2015-04-241-84/+1
|
* Better help for the old-signing-key optionMark Haines2015-04-241-1/+4
|
* Implement remote key lookup apiMark Haines2015-04-221-2/+2
|
* Add a version 2 of the key server apiMark Haines2015-04-141-1/+33
|
* Wire up the webclient optionDavid Baker2015-03-171-1/+3
| | | | | | It existed but was hardcoded to True. Give it an underscore for consistency. Also don't pull in syweb unless we're actually using the web client.
* Don't look for an TLS private key if we have set --no-tlsErik Johnston2015-03-061-3/+0
|
* By default set soft limit to hard limitErik Johnston2015-02-201-5/+5
|
* Add config option to set the soft fd limit on startErik Johnston2015-02-191-0/+7
|
* Add better help message for --server-name config option.Erik Johnston2015-01-081-2/+6
|
* Update copyright noticesMark Haines2015-01-061-1/+1
|
* SYN-187: Set a more sensible default for the content_addr v0.5.3bMark Haines2014-12-021-2/+5
|
* Add option to not bind to HTTPS port. This is useful if running behind an ↵Erik Johnston2014-11-031-0/+3
| | | | ssl load balancer
* Fix pep8 warningsMark Haines2014-10-301-1/+1
|
* Fix pyflakes warningsMark Haines2014-10-271-1/+1
|
* Fix auto generating signing_keysMark Haines2014-10-181-1/+1
|
* Read signing keys using methods from syutil. convert keys that are in the ↵Mark Haines2014-09-231-9/+30
| | | | wrong format
* Default PID file should be 'homeserver.pid' to match the other ↵Paul "LeoNerd" Evans2014-09-031-1/+1
| | | | 'homeserver.*' naming convention
* fix the copyright holder from matrix.org to OpenMarket Ltd, as matrix.org ↵Matthew Hodgson2014-09-031-1/+1
| | | | hasn't been incorporated in time for launch.
* Add option to change content repo locationErik Johnston2014-09-031-0/+12
|
* Remove option for disabling webclient because it was confusingMark Haines2014-09-021-4/+1
|
* Default HTTP and HTTPS ports to 8008 and 8448Erik Johnston2014-09-021-2/+4
|
* More helpful error messages for missing configMark Haines2014-09-021-1/+1
|
* Add unsecure listener port to homeserverMark Haines2014-09-011-2/+5
|
* specify metavars in argparseMatthew Hodgson2014-09-011-2/+3
|
* Listen using SSLMark Haines2014-09-011-1/+1
|
* Fix homeserver config parsingMark Haines2014-09-011-5/+6
|
* Add config tree to synapse. Add support for reading config from a fileMark Haines2014-08-311-0/+75