Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy

docs/configuring-playbook-external-postgres.md

@@ -19,4 +19,6 @@ matrix_synapse_database_database: "your-postgres-server-database-name"
 The database (as specified in `matrix_synapse_database_database`) must exist and be accessible with the given credentials.
 It must be empty or contain a valid Synapse database. If empty, Synapse would populate it the first time it runs.
 
-**Note**: the external server that you specify in `matrix_synapse_database_host` must be accessible from within the `matrix-synapse` Docker container (and possibly other containers too). This means that it either needs to be a publicly accessible hostname or that it's a hostname on the same Docker network where all containers installed by this playbook run (a network called `matrix` by default). Using a local PostgreSQL instance on the host (running on the same machine, but not in a container) is not possible.
+**Note**: the external server that you specify in `matrix_synapse_database_host` must be accessible from within the `matrix-synapse` Docker container (and possibly other containers too). This means that it either needs to be a publicly accessible hostname or that it's a hostname on the same Docker network where all containers installed by this playbook run (a network called `matrix` by default). Using a local PostgreSQL instance on the host (running on the same machine, but not in a container) is not possible.
+
+The connection to your external Postgres server **will not be SSL encrypted**, as [we don't support that yet](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/89).

docs/configuring-playbook-rest-auth.md

@@ -8,8 +8,8 @@ If you decide that you'd like to let this playbook install it for you, you need
 
 ```yaml
 matrix_synapse_ext_password_provider_rest_auth_enabled: true
-matrix_synapse_ext_password_provider_rest_auth_endpoint: "http://change.me.example.com:12345"
+matrix_synapse_ext_password_provider_rest_auth_endpoint: "http://matrix-mxisd:8090"
 matrix_synapse_ext_password_provider_rest_auth_registration_enforce_lowercase: false
 matrix_synapse_ext_password_provider_rest_auth_registration_profile_name_autofill: true
 matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: false
-```
+```

docs/registering-users.md

@@ -4,11 +4,15 @@ Run this to create a new user account on your Matrix server.
 
 You can do it via this Ansible playbook (make sure to edit the `<your-username>` and `<your-password>` part below):
 
-	ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=<your-username> password=<your-password> admin=<yes|no>' --tags=register-user
+```
+ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=<your-username> password=<your-password> admin=<yes|no>' --tags=register-user
+```
 
 **or** using the command-line after **SSH**-ing to your server (requires that [all services have been started](#starting-the-services)):
 
-	/usr/local/bin/matrix-synapse-register-user <your-username> <your-password> <admin access: 0 or 1>
+```
+/usr/local/bin/matrix-synapse-register-user <your-username> <your-password> <admin access: 0 or 1>
+```
 
 **Note**: `<your-username>` is just a plain username (like `john`), not your full `@<username>:<your-domain>` identifier.
 
@@ -25,5 +29,6 @@ The script `/usr/local/bin/matrix-make-user-admin` may be used to upgrade a user
 * log on to your server with ssh
 * execute with the username:
 
-    /usr/local/bin/matrix-make-user-admin <username>
-
+```
+/usr/local/bin/matrix-make-user-admin <username>
+```

docs/updating-users-passwords.md

@@ -1,19 +1,43 @@
 # Updating users passwords
 
-If you are using the matrix-postgres container(default), you can do it via this Ansible playbook (make sure to edit the `<your-username>` and `<your-password>` part below):
+## Option 1 (if you are using the default matrix-postgres container):
 
-	ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=<your-username> password=<your-password>' --tags=update-user-password
+You can reset a user's password via the Ansible playbook (make sure to edit the `<your-username>` and `<your-password>` part below):
+
+```
+ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=<your-username> password=<your-password>' --tags=update-user-password
+```
 
 **Note**: `<your-username>` is just a plain username (like `john`), not your full `@<username>:<your-domain>` identifier.
 
 **You can then log in with that user** via the riot-web service that this playbook has created for you at a URL like this: `https://riot.<domain>/`.
 
-If you are NOT using the matrix-postgres container, you can generate the password hash by using the command-line after **SSH**-ing to your server (requires that [all services have been started](#starting-the-services)):
 
-	docker exec -it matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml
+## Option 2 (if you are using an external Postgres server):
+
+You can manually generate the password hash by using the command-line after **SSH**-ing to your server (requires that [all services have been started](installing.md#starting-the-services)):
+
+```
+docker exec -it matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml
+```
 
 and then connecting to the postgres server and executing:
 
-	UPDATE users SET password_hash = '<password-hash>' WHERE name = '@someone:server.com'
-
+```
+UPDATE users SET password_hash = '<password-hash>' WHERE name = '@someone:server.com'
+```
+`
 where `<password-hash>` is the hash returned by the docker command above.
+
+
+## Option 3:
+
+Use the Synapse User Admin API as described here: https://github.com/matrix-org/synapse/blob/master/docs/admin_api/user_admin_api.rst#reset-password
+
+This requires an access token from a server admin account. If you didn't make your account a server admin when you created it, you can use the `/usr/local/bin/matrix-make-user-admin` script as described in [registering-users.md](registering-users.md). Note this method will also log the user out of all of their clients while the other options do not.
+
+### Example:
+To set @user:domain.com's password to `correct_horse_battery_staple` you could use this curl command:
+```
+curl -XPOST -d '{ "new_password": "correct_horse_battery_staple" }' "https://matrix.<domain>/_matrix/client/r0/admin/reset_password/@user:domain.com?access_token=MDA...this_is_my_access_token
+```