From 520cf4ab2ca7474a6cce67531b305ed0fee20548 Mon Sep 17 00:00:00 2001 From: squahtx Date: Tue, 5 Apr 2022 14:15:14 +0000 Subject: deploy: ac80bfba4252c3bb8138cc3711271be63182eed8 --- latest/print.html | 87 +++++++++++++++++++++++++++++++++++++------------------ 1 file changed, 59 insertions(+), 28 deletions(-) (limited to 'latest/print.html') diff --git a/latest/print.html b/latest/print.html index 9558290e01..7c49231aac 100644 --- a/latest/print.html +++ b/latest/print.html @@ -851,11 +851,12 @@ new line, it is inserted before:

Fixing incorrect COLLATE or CTYPE

Synapse will refuse to set up a new database if it has the wrong values of -COLLATE and CTYPE set, and will log warnings on existing databases. Using -different locales can cause issues if the locale library is updated from +COLLATE and CTYPE set. Synapse will also refuse to start an existing database with incorrect values +of COLLATE and CTYPE unless the config flag allow_unsafe_locale, found in the +database section of the config, is set to true. Using different locales can cause issues if the locale library is updated from underneath the database, or if a different version of the locale is used on any replicas.

-

The safest way to fix the issue is to dump the database and recreate it with +

If you have a databse with an unsafe locale, the safest way to fix the issue is to dump the database and recreate it with the correct locale parameter (as shown above). It is also possible to change the parameters on a live database and run a REINDEX on the entire database, however extreme care must be taken to avoid database corruption.

@@ -1019,7 +1020,7 @@ matrix.example.com {

NOTE 3: Missing ProxyPreserveHost on can lead to a redirect loop.

HAProxy

frontend https
-  bind :::443 v4v6 ssl crt /etc/ssl/haproxy/ strict-sni alpn h2,http/1.1
+  bind *:443,[::]:443 ssl crt /etc/ssl/haproxy/ strict-sni alpn h2,http/1.1
   http-request set-header X-Forwarded-Proto https if { ssl_fc }
   http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
   http-request set-header X-Forwarded-For %[src]
@@ -1032,7 +1033,7 @@ matrix.example.com {
   use_backend matrix if matrix-host matrix-path
 
 frontend matrix-federation
-  bind :::8448 v4v6 ssl crt /etc/ssl/haproxy/synapse.pem alpn h2,http/1.1
+  bind *:8448,[::]:8448 ssl crt /etc/ssl/haproxy/synapse.pem alpn h2,http/1.1
   http-request set-header X-Forwarded-Proto https if { ssl_fc }
   http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
   http-request set-header X-Forwarded-For %[src]
@@ -1640,6 +1641,9 @@ dpkg -i matrix-synapse-py3_1.3.0+stretch1_amd64.deb
 
 
 
Upgrading to v1.56.0

+
Open registration without verification is now disabled by default

+
Synapse will refuse to start if registration is enabled without email, captcha, or token-based verification unless the new config
+flag enable_registration_without_verification is set to "true".

 
Groups/communities feature has been deprecated

 
The non-standard groups/communities feature in Synapse has been deprecated and will
 be disabled by default in Synapse v1.58.0.

@@ -1647,6 +1651,11 @@ be disabled by default in Synapse v1.58.0.

 
experimental_features:
   groups_enabled: false
 

+
Change in behaviour for PostgreSQL databases with unsafe locale

+
Synapse now refuses to start when using PostgreSQL with non-C values for COLLATE and
+CTYPE unless the config flag allow_unsafe_locale, found in the database section of
+the configuration file, is set to true. See the PostgreSQL documentation
+for more information and instructions on how to fix a database with incorrect values.

 
Upgrading to v1.55.0

 
synctl script has been moved

 
The synctl script
@@ -3734,6 +3743,12 @@ caches:
 # 'txn_limit' gives the maximum number of transactions to run per connection
 # before reconnecting. Defaults to 0, which means no limit.
 #
+# 'allow_unsafe_locale' is an option specific to Postgres. Under the default behavior, Synapse will refuse to
+# start if the postgres db is set to a non-C locale. You can override this behavior (which is *not* recommended)
+# by setting 'allow_unsafe_locale' to true. Note that doing so may corrupt your database. You can find more information
+# here: https://matrix-org.github.io/synapse/latest/postgres.html#fixing-incorrect-collate-or-ctype and here:
+# https://wiki.postgresql.org/wiki/Locale_data_changes
+#
 # 'args' gives options which are passed through to the database engine,
 # except for options starting 'cp_', which are used to configure the Twisted
 # connection pool. For a reference to valid arguments, see:
@@ -4163,10 +4178,18 @@ oembed:
 # Registration can be rate-limited using the parameters in the "Ratelimiting"
 # section of this file.
 
-# Enable registration for new users.
+# Enable registration for new users. Defaults to 'false'. It is highly recommended that if you enable registration,
+# you use either captcha, email, or token-based verification to verify that new users are not bots. In order to enable registration
+# without any verification, you must also set `enable_registration_without_verification`, found below.
 #
 #enable_registration: false
 
+# Enable registration without email or captcha verification. Note: this option is *not* recommended,
+# as registration without verification is a known vector for spam and abuse. Defaults to false. Has no effect
+# unless `enable_registration` is also enabled.
+#
+#enable_registration_without_verification: true
+
 # Time that a user's session remains valid for, after they log in.
 #
 # Note that this is not currently compatible with guest logins.
@@ -6455,6 +6478,7 @@ to install Dex.

 
  • Create an application for synapse in Authentik and link it to the provider.
    • 
 
  • Note the slug of your application, Client ID and Client Secret.
    • 
 
+
    Note: RSA keys must be used for signing for Authentik, ECC keys do not work.
    
 
    Synapse config:
    
 
    oidc_providers:
   - idp_id: authentik
@@ -6469,7 +6493,7 @@ to install Dex.
    
       - "email"
     user_mapping_provider:
       config:
-        localpart_template: "{{ user.preferred_username }}}"
+        localpart_template: "{{ user.preferred_username }}"
         display_name_template: "{{ user.preferred_username|capitalize }}" # TO BE FILLED: If your users have names in Authentik and you want those in Synapse, this should be replaced with user.name|capitalize.
 
    
 
    LemonLDAP
    
@@ -8138,7 +8162,7 @@ callback that does not return True will be used. If this happens, S
 any of the subsequent implementations of this callback.
    
 
    check_username_for_spam
    
 
    First introduced in Synapse v1.37.0
    
-
    async def check_username_for_spam(user_profile: Dict[str, str]) -> bool
+
    async def check_username_for_spam(user_profile: synapse.module_api.UserProfile) -> bool
 
    
 
    Called when computing search results in the user directory. The module must return a
 bool indicating whether the given user should be excluded from user directory 
@@ -8146,9 +8170,11 @@ searches. Return True to indicate that the user is spammy and exclu
 search results; otherwise return False.
    
 
    The profile is represented as a dictionary with the following keys:
    
 
      
-
    • user_id: The Matrix ID for this user.
      • 
-
    • display_name: The user's display name.
      • 
-
    • avatar_url: The mxc:// URL to the user's avatar.
      • 
+
    • user_id: str. The Matrix ID for this user.
      • 
+
    • display_name: Optional[str]. The user's display name, or None if this user
+has not set a display name.
      • 
+
    • avatar_url: Optional[str]. The mxc:// URL to the user's avatar, or None
+if this user has not set an avatar.
      • 
 
    
 
    The module is given a copy of the original dictionary, so modifying it from within the
 module cannot modify a user's profile when included in user directory search results.
    
@@ -8999,8 +9025,8 @@ stream then, for maximum efficiency, additional endpoints should be routed to th
 worker: refer to the stream writers section below for further
 information.
    
 
    # Sync requests
-^/_matrix/client/(v2_alpha|r0|v3)/sync$
-^/_matrix/client/(api/v1|v2_alpha|r0|v3)/events$
+^/_matrix/client/(r0|v3)/sync$
+^/_matrix/client/(api/v1|r0|v3)/events$
 ^/_matrix/client/(api/v1|r0|v3)/initialSync$
 ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$
 
@@ -9014,13 +9040,9 @@ information.
    
 ^/_matrix/federation/v1/query/
 ^/_matrix/federation/v1/make_join/
 ^/_matrix/federation/v1/make_leave/
-^/_matrix/federation/v1/send_join/
-^/_matrix/federation/v2/send_join/
-^/_matrix/federation/v1/send_leave/
-^/_matrix/federation/v2/send_leave/
-^/_matrix/federation/v1/invite/
-^/_matrix/federation/v2/invite/
-^/_matrix/federation/v1/query_auth/
+^/_matrix/federation/(v1|v2)/send_join/
+^/_matrix/federation/(v1|v2)/send_leave/
+^/_matrix/federation/(v1|v2)/invite/
 ^/_matrix/federation/v1/event_auth/
 ^/_matrix/federation/v1/exchange_third_party_invite/
 ^/_matrix/federation/v1/user/devices/
@@ -9086,6 +9108,8 @@ information.
    
 
    
 
    Additionally, the following REST endpoints can be handled for GET requests:
    
 
    ^/_matrix/federation/v1/groups/
+^/_matrix/client/(api/v1|r0|v3|unstable)/pushrules/
+^/_matrix/client/(r0|v3|unstable)/groups/
 
    
 
    Pagination requests can also be handled, but all requests for a given
 room must be routed to the same instance. Additionally, care must be taken to
@@ -9183,19 +9207,19 @@ the stream writer for the typing stream:
    
 
    The to_device stream
    
 
    The following endpoints should be routed directly to the worker configured as
 the stream writer for the to_device stream:
    
-
    ^/_matrix/client/(api/v1|r0|v3|unstable)/sendToDevice/
+
    ^/_matrix/client/(r0|v3|unstable)/sendToDevice/
 
    
 
    The account_data stream
    
 
    The following endpoints should be routed directly to the worker configured as
 the stream writer for the account_data stream:
    
-
    ^/_matrix/client/(api/v1|r0|v3|unstable)/.*/tags
-^/_matrix/client/(api/v1|r0|v3|unstable)/.*/account_data
+
    ^/_matrix/client/(r0|v3|unstable)/.*/tags
+^/_matrix/client/(r0|v3|unstable)/.*/account_data
 
    
 
    The receipts stream
    
 
    The following endpoints should be routed directly to the worker configured as
 the stream writer for the receipts stream:
    
-
    ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/receipt
-^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/read_markers
+
    ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt
+^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers
 
    
 
    The presence stream
    
 
    The following endpoints should be routed directly to the worker configured as
@@ -9274,16 +9298,23 @@ and you must configure a single instance to run the background tasks, e.g.:
    
 
    synapse.app.user_dir
    
 
    Handles searches in the user directory. It can handle REST endpoints matching
 the following regular expressions:
    
-
    ^/_matrix/client/(api/v1|r0|v3|unstable)/user_directory/search$
+
    ^/_matrix/client/(r0|v3|unstable)/user_directory/search$
 
    
-
    When using this worker you must also set update_user_directory: False in the
+
    When using this worker you must also set update_user_directory: false in the
 shared configuration file to stop the main synapse running background
 jobs related to updating the user directory.
    
+
    Above endpoint is not required to be routed to this worker. By default,
+update_user_directory is set to true, which means the main process
+will handle updates. All workers configured with client can handle the above
+endpoint as long as either this worker or the main process are configured to
+handle it, and are online.
    
+
    If update_user_directory is set to false, and this worker is not running,
+the above endpoint may give outdated results.
    
 
    synapse.app.frontend_proxy
    
 
    Proxies some frequently-requested client endpoints to add caching and remove
 load from the main synapse. It can handle REST endpoints matching the following
 regular expressions:
    
-
    ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/upload
+
    ^/_matrix/client/(r0|v3|unstable)/keys/upload
 
    
 
    If use_presence is False in the homeserver config, it can also handle REST
 endpoints matching the following regular expressions:
    
-- 
cgit 1.5.1