finallycoffee/matrix-docker-ansible-deploy
5
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add mxisd Identity Server support

Browse Source
This commit is contained in:
Slavi Pantaleev
2018-08-15 10:23:22 +03:00
parent 617712000e
commit 74093dfb15
15 changed files with 247 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
docs/configuring-dns.md
View File

@ -12,8 +12,12 @@ The SRV record should look like this:
- Name: `_matrix._tcp` (use this text as-is)
- Content: `10 0 8448 matrix.<your-domain>` (replace `<your-domain>` with your own)
Once you've set up this DNS SRV record, you should create 2 other domain names (`matrix.<your-domain>` and `riot.<your-domain>`) and point both of them to your new server's IP address (DNS `A` record or `CNAME` is fine).
To make the [mxisd](https://github.com/kamax-io/mxisd) Identity Server (which this playbook installs for you) be authoritative for your domain name, set up one more SRV record that looks like this:
- Name: `_matrix-identity._tcp` (use this text as-is)
- Content: `10 0 443 matrix.<your-domain>` (replace `<your-domain>` with your own)
This playbook can then install all the services on that new server and you'll be able to join the Matrix network as `@<username>:<your-domain>`, even though everything is installed elsewhere (not on `<your-domain>`).
Once you've set up these DNS SRV records, you should create 2 other domain names (`matrix.<your-domain>` and `riot.<your-domain>`) and point both of them to your new server's IP address (DNS `A` record or `CNAME` is fine).
This playbook can then install all the services on that new server and you'll be able to join the Matrix network as `@<username>:<your-domain>`.
When ready to proceed, continue with [Configuring this Ansible playbook](configuring-playbook.md).

33
docs/configuring-playbook-mxisd.md Normal file
View File

@ -0,0 +1,33 @@
# Adjusting mxisd Identity Server configuration (optional)
By default, this playbook configures an [mxisd](https://github.com/kamax-io/mxisd) Identity Server for you.
This server is private by default, potentially at the expense of user discoverability.
## Matrix.org lookup forwarding
To ensure maximum discovery, you can make your identity server also forward lookups to the central matrix.org Identity server (at the cost of potentially leaking all your contacts information).
Enabling this is discouraged and you'd better [learn more](https://github.com/kamax-io/mxisd/blob/master/docs/features/identity.md#lookups) before proceeding.
Enabling matrix.org forwarding can happen with the following configuration:
```yaml
matrix_mxisd_matrixorg_forwarding_enabled: true
```
## Additional features
What this playbook configures for your is some bare minimum Identity Server functionality, so that you won't need to rely on external 3rd party services.
Still, mxisd can do much more.
You can refer to the [mxisd website](https://github.com/kamax-io/mxisd) for more details.
You can override the `matrix_mxisd_template_config` variable and use your own custom configuration template.
## Troubleshooting
If email address validation emails sent by mxisd are not reaching you, you should look into [Adjusting email-sending settings](configuring-playbook-email.md).

2
docs/configuring-playbook.md
View File

@ -29,4 +29,6 @@ When you're done with all the configuration you'd like to do, continue with [Ins
- [Using an external PostgreSQL server](configuring-playbook-external-postgres.md) (optional)
- [Adjusting mxisd Identity Server configuration](configuring-playbook-mxisd.md) (optional)
- [Using your own webserver, instead of this playbook's nginx proxy](configuring-playbook-own-webserver.md) (optional)