Do not expose server room directory by default

Prompted by: https://matrix.org/blog/2019/11/09/avoiding-unwelcome-visitors-on-private-matrix-servers This is a bit controversial, because.. the Synapse default remains open, while the general advice (as per the blog post) is to make it more private. I'm not sure exactly what kind of server people set up and whether they want to make the room directory public. Our general goal is to favor privacy and security when running personal (family & friends) and corporate homeservers, both of which likely benefit from having a more secure default.
2019-11-10 08:48:42 +02:00
parent 50614f1bad
commit 2da40c729a
3 changed files with 23 additions and 2 deletions
--- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
+++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
@ -48,12 +48,12 @@ use_presence: {{ matrix_synapse_use_presence|to_json }}
 # If set to 'false', requires authentication to access the server's public rooms
 # directory through the client API. Defaults to 'true'.
 #
-#allow_public_rooms_without_auth: false
+allow_public_rooms_without_auth: {{ matrix_synapse_allow_public_rooms_without_auth|to_json }}

 # If set to 'false', forbids any other homeserver to fetch the server's public
 # rooms directory via federation. Defaults to 'true'.
 #
-#allow_public_rooms_over_federation: false
+allow_public_rooms_over_federation: {{ matrix_synapse_allow_public_rooms_over_federation|to_json }}

 # The default room version for newly created rooms.
 #