From 45bb55c6de8b50fdd00893a6ef86623d2f34b864 Mon Sep 17 00:00:00 2001
From: Brendan Abolivier <babolivier@matrix.org>
Date: Mon, 18 Feb 2019 15:46:23 +0000
Subject: Use a configuration parameter to give the domain to generate a
 certificate for

---
 synapse/config/tls.py | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'synapse/config/tls.py')

diff --git a/synapse/config/tls.py b/synapse/config/tls.py
index 5fb3486db1..a3a5ece681 100644
--- a/synapse/config/tls.py
+++ b/synapse/config/tls.py
@@ -42,6 +42,7 @@ class TlsConfig(Config):
         self.acme_port = acme_config.get("port", 80)
         self.acme_bind_addresses = acme_config.get("bind_addresses", ['::', '0.0.0.0'])
         self.acme_reprovision_threshold = acme_config.get("reprovision_threshold", 30)
+        self.acme_domain = acme_config.get("domain", config.get("server_name"))
 
         self.tls_certificate_file = self.abspath(config.get("tls_certificate_path"))
         self.tls_private_key_file = self.abspath(config.get("tls_private_key_path"))
@@ -229,6 +230,12 @@ class TlsConfig(Config):
             #
             # reprovision_threshold: 30
 
+            # What domain the certificate should be for. Only useful if
+            # delegation via a /.well-known/matrix/server file is being used.
+            # Defaults to the server_name configuration parameter.
+            #
+            # domain: matrix.example.com
+
         # List of allowed TLS fingerprints for this server to publish along
         # with the signing keys for this server. Other matrix servers that
         # make HTTPS requests to this server will check that the TLS
-- 
cgit 1.4.1


From 5a707a2f9a82ed67f5339ff2c6898790341ce20f Mon Sep 17 00:00:00 2001
From: Brendan Abolivier <babolivier@matrix.org>
Date: Tue, 19 Feb 2019 10:59:26 +0000
Subject: Improve config documentation

---
 synapse/config/tls.py | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

(limited to 'synapse/config/tls.py')

diff --git a/synapse/config/tls.py b/synapse/config/tls.py
index a3a5ece681..38425bb056 100644
--- a/synapse/config/tls.py
+++ b/synapse/config/tls.py
@@ -230,9 +230,17 @@ class TlsConfig(Config):
             #
             # reprovision_threshold: 30
 
-            # What domain the certificate should be for. Only useful if
-            # delegation via a /.well-known/matrix/server file is being used.
-            # Defaults to the server_name configuration parameter.
+            # The domain that the certificate should be for. Normally this
+            # should be the same as your Matrix domain (i.e., 'server_name'), but,
+            # by putting a file at 'https://<server_name>/.well-known/matrix/server',
+            # you can delegate incoming traffic to another server. If you do that,
+            # you should give the target of the delegation here.
+            #
+            # For example: if your 'server_name' is 'example.com', but
+            # 'https://example.com/.well-known/matrix/server' delegates to
+            # 'matrix.example.com', you should put 'matrix.example.com' here.
+            #
+            # If not set, defaults to your 'server_name'.
             #
             # domain: matrix.example.com
 
-- 
cgit 1.4.1