Add support for controlling Matrix federation
This commit is contained in:
parent
caa32b6d76
commit
67a445a74a
@ -1,3 +1,10 @@
|
|||||||
|
# 2018-10-25
|
||||||
|
|
||||||
|
## Support for controlling Matrix federation
|
||||||
|
|
||||||
|
The playbook can now help you with [Controlling Matrix federation](docs/configuration-playbook-federation.md), should you wish to run a more private (isolated) server.
|
||||||
|
|
||||||
|
|
||||||
# 2018-10-24
|
# 2018-10-24
|
||||||
|
|
||||||
## Disabling riot-web guests
|
## Disabling riot-web guests
|
||||||
|
28
docs/configuration-playbook-federation.md
Normal file
28
docs/configuration-playbook-federation.md
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
# Controlling Matrix federation
|
||||||
|
|
||||||
|
By default, your server federates with the whole Matrix network.
|
||||||
|
That is, people on your server can communicate with people on any other Matrix server.
|
||||||
|
|
||||||
|
|
||||||
|
## Federating only with select servers
|
||||||
|
|
||||||
|
To make your server only federate with servers of your choosing, add this to your configuration file (`inventory/matrix.<your-domain>/vars.yml`):
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
matrix_synapse_federation_domain_whitelist:
|
||||||
|
- example.com
|
||||||
|
- another.com
|
||||||
|
```
|
||||||
|
|
||||||
|
If you wish to disable federation, you can do that with an empty list (`[]`), or better yet by completely disabling federation (see below).
|
||||||
|
|
||||||
|
|
||||||
|
## Disabling federation
|
||||||
|
|
||||||
|
To completely disable federation, isolating your server from the rest of the Matrix network, add this to your configuration file (`inventory/matrix.<your-domain>/vars.yml`):
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
matrix_synapse_federation_enabled: false
|
||||||
|
```
|
||||||
|
|
||||||
|
With that, your server's users will only be able to talk among themselves, but not to anyone who is on another server.
|
@ -23,6 +23,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
|
|||||||
|
|
||||||
## Other configuration options
|
## Other configuration options
|
||||||
|
|
||||||
|
- [Controlling Matrix federation](configuration-playbook-federation.md) (optional)
|
||||||
|
|
||||||
- [Adjusting email-sending settings](configuring-playbook-email.md) (optional)
|
- [Adjusting email-sending settings](configuring-playbook-email.md) (optional)
|
||||||
|
|
||||||
- [Storing Matrix media files on Amazon S3](configuring-playbook-s3.md) (optional)
|
- [Storing Matrix media files on Amazon S3](configuring-playbook-s3.md) (optional)
|
||||||
|
@ -86,6 +86,15 @@ matrix_synapse_event_cache_size: "100K"
|
|||||||
# - https://github.com/matrix-org/synapse/issues/3939
|
# - https://github.com/matrix-org/synapse/issues/3939
|
||||||
matrix_synapse_cache_factor: 0.5
|
matrix_synapse_cache_factor: 0.5
|
||||||
|
|
||||||
|
# Controls whether Matrix Synapse will federate at all.
|
||||||
|
# Disable this to completely isolate your server from the rest of the Matrix network.
|
||||||
|
matrix_synapse_federation_enabled: true
|
||||||
|
|
||||||
|
# A list of domain names that are allowed to federate with the given Matrix Synapse server.
|
||||||
|
# An empty list value (`[]`) will also effectively stop federation, but if that's the desired
|
||||||
|
# result, it's better to accomplish it by changing `matrix_synapse_federation_enabled`.
|
||||||
|
matrix_synapse_federation_domain_whitelist: ~
|
||||||
|
|
||||||
# A list of additional "volumes" to mount in the container.
|
# A list of additional "volumes" to mount in the container.
|
||||||
# This list gets populated dynamically based on Synapse extensions that have been enabled.
|
# This list gets populated dynamically based on Synapse extensions that have been enabled.
|
||||||
# Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."}
|
# Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."}
|
||||||
|
@ -119,12 +119,16 @@ use_presence: {{ matrix_synapse_use_presence|to_json }}
|
|||||||
# - lon.example.com
|
# - lon.example.com
|
||||||
# - nyc.example.com
|
# - nyc.example.com
|
||||||
# - syd.example.com
|
# - syd.example.com
|
||||||
|
{% if matrix_synapse_federation_domain_whitelist is not none %}
|
||||||
|
federation_domain_whitelist: {{ matrix_synapse_federation_domain_whitelist|to_json }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
# List of ports that Synapse should listen on, their purpose and their
|
# List of ports that Synapse should listen on, their purpose and their
|
||||||
# configuration.
|
# configuration.
|
||||||
listeners:
|
listeners:
|
||||||
# Main HTTPS listener
|
# Main HTTPS listener
|
||||||
# For when matrix traffic is sent directly to synapse.
|
# For when matrix traffic is sent directly to synapse.
|
||||||
|
{% if matrix_synapse_federation_enabled %}
|
||||||
-
|
-
|
||||||
# The port to listen for HTTPS requests on.
|
# The port to listen for HTTPS requests on.
|
||||||
port: 8448
|
port: 8448
|
||||||
@ -157,6 +161,7 @@ listeners:
|
|||||||
# "/_matrix/my/custom/endpoint":
|
# "/_matrix/my/custom/endpoint":
|
||||||
# module: my_module.CustomRequestHandler
|
# module: my_module.CustomRequestHandler
|
||||||
# config: {}
|
# config: {}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
# Unsecure HTTP listener,
|
# Unsecure HTTP listener,
|
||||||
# For when matrix traffic passes through loadbalancer that unwraps TLS.
|
# For when matrix traffic passes through loadbalancer that unwraps TLS.
|
||||||
|
@ -29,7 +29,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-synapse \
|
|||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--env-file={{ matrix_environment_variables_data_path }}/synapse \
|
--env-file={{ matrix_environment_variables_data_path }}/synapse \
|
||||||
--network={{ matrix_docker_network }} \
|
--network={{ matrix_docker_network }} \
|
||||||
|
{% if matrix_synapse_federation_enabled %}
|
||||||
-p 8448:8448 \
|
-p 8448:8448 \
|
||||||
|
{% endif %}
|
||||||
{% if not matrix_nginx_proxy_enabled %}
|
{% if not matrix_nginx_proxy_enabled %}
|
||||||
-p 127.0.0.1:8008:8008 \
|
-p 127.0.0.1:8008:8008 \
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
Loading…
Reference in New Issue
Block a user