From da05bbd779b361ad52a2ec891f69cea849d41bf1 Mon Sep 17 00:00:00 2001
From: erikjohnston <erikjohnston@users.noreply.github.com>
Date: Tue, 18 Jul 2023 08:50:18 +0000
Subject: deploy: 1c802de626de3293049206cb788af15cbc8ea17f

---
 develop/workers.html | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

(limited to 'develop/workers.html')

diff --git a/develop/workers.html b/develop/workers.html
index 8d12f04eb2..9691db0e55 100644
--- a/develop/workers.html
+++ b/develop/workers.html
@@ -627,6 +627,26 @@ the stream writer for the <code>receipts</code> stream:</p>
 the stream writer for the <code>presence</code> stream:</p>
 <pre><code>^/_matrix/client/(api/v1|r0|v3|unstable)/presence/
 </code></pre>
+<h4 id="restrict-outbound-federation-traffic-to-a-specific-set-of-workers"><a class="header" href="#restrict-outbound-federation-traffic-to-a-specific-set-of-workers">Restrict outbound federation traffic to a specific set of workers</a></h4>
+<p>The
+<a href="usage/configuration/config_documentation.html#outbound_federation_restricted_to"><code>outbound_federation_restricted_to</code></a>
+configuration is useful to make sure outbound federation traffic only goes through a
+specified subset of workers. This allows you to set more strict access controls (like a
+firewall) for all workers and only allow the <code>federation_sender</code>'s to contact the
+outside world.</p>
+<pre><code class="language-yaml">instance_map:
+    main:
+        host: localhost
+        port: 8030
+    federation_sender1:
+        host: localhost
+        port: 8034
+
+outbound_federation_restricted_to:
+  - federation_sender1
+
+worker_replication_secret: &quot;secret_secret&quot;
+</code></pre>
 <h4 id="background-tasks"><a class="header" href="#background-tasks">Background tasks</a></h4>
 <p>There is also support for moving background tasks to a separate
 worker. Background tasks are run periodically or started via replication. Exactly
-- 
cgit 1.5.1