Merge remote-tracking branch 'github/master'
This commit is contained in:
benkuly
@ -1,24 +1,29 @@
|
||||
# Alternative architectures
|
||||
|
||||
As stated in the [Prerequisites](prerequisites.md), currently only x86_64 is supported. However, it is possible to set the target architecture, and some tools can be built on the host or other measures can be used.
|
||||
|
||||
To that end add the following variable to your `vars.yaml` file:
|
||||
|
||||
```yaml
|
||||
matrix_architecture: <your-matrix-server-architecture>
|
||||
```
|
||||
matrix_architecture = <your-matrix-server-architecture>
|
||||
```
|
||||
|
||||
Currently supported architectures are the following:
|
||||
- `amd64` (the default)
|
||||
- `arm64`
|
||||
- `arm32`
|
||||
|
||||
so for the Raspberry Pi the following should be in your `vars.yaml` file:
|
||||
```
|
||||
matrix_architecture = "arm32"
|
||||
so for the Raspberry Pi, the following should be in your `vars.yaml` file:
|
||||
|
||||
```yaml
|
||||
matrix_architecture: "arm32"
|
||||
```
|
||||
|
||||
## Implementation details
|
||||
This subsection is used for a reminder, how the different roles implement architecture differenes. This is **not** aimed at the users, so one does not have to do anything based on this subsection.
|
||||
|
||||
This subsection is used for a reminder, how the different roles implement architecture differences. This is **not** aimed at the users, so one does not have to do anything based on this subsection.
|
||||
|
||||
On most roles [self-building](self-building.md) is used if the architecture is not `amd64`, however there are some special cases:
|
||||
- matrix-bridge-mautrix-facebook: there is built docker image for arm64 as well,
|
||||
- matrix-bridge-mautrix-hangouts: there is built docker image for arm64 as well,
|
||||
- matrix-nginx-proxy: Certbot has docker image for both arm32 and arm64, however tagging is used, which requires special handling.
|
||||
- `matrix-bridge-mautrix-facebook`: there is a pre-built Docker image for `arm64` as well
|
||||
- `matrix-bridge-mautrix-hangouts`: there is a pre-built Docker image for `arm64` as well
|
||||
- `matrix-nginx-proxy`: Certbot has a pre-built Docker image for both `arm32` and `arm64`, however tagging is used, which requires special handling.
|
||||
|
||||
@ -49,7 +49,7 @@ docker run -it --rm \
|
||||
-v `pwd`:/work \
|
||||
-v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \
|
||||
--entrypoint=/bin/sh \
|
||||
devture/ansible:2.8.1-r0
|
||||
devture/ansible:2.9.9-r0
|
||||
```
|
||||
|
||||
The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`).
|
||||
@ -60,7 +60,7 @@ The `/work` directory contains the playbook's code.
|
||||
|
||||
You can execute `ansible-playbook` commands as per normal now.
|
||||
|
||||
### If you don't use SSH keys for authentication
|
||||
### If you don't use SSH keys for authentication
|
||||
|
||||
If you don't use SSH keys for authentication, simply remove that whole line (`-v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro`).
|
||||
To authenticate at your server using a password, you need to add a package. So, when you are in the shell of the ansible docker container (the previously used `docker run -it ...` command), run:
|
||||
|
||||
@ -23,7 +23,7 @@ matrix_appservice_discord_bot_token: "YOUR DISCORD APP BOT TOKEN"
|
||||
4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready.
|
||||
5. Retrieve Discord invite link from the `{{ matrix_appservice_discord_config_path }}/invite_link` file on the server (this defaults to `/matrix/appservice-discord/config/invite_link`)
|
||||
6. Invite the Bot to Discord servers you wish to bridge. Administrator permission is recommended.
|
||||
7. Join the rooms by following this syntax `#_discord_guildid_channelid` - can be easily retrieved by logging into Discord in a browser and opening the desired channel. URL will have this format: `discordapp.com/channels/guild_id/channel_id`
|
||||
7. Room addresses follow this syntax: `#_discord_guildid_channelid`. You can easily find the guild and channel ids by logging into Discord in a browser and opening the desired channel. The URL will have this format: `discordapp.com/channels/guild_id/channel_id`. Once you have figured out the appropriate room addrss, you can join by doing `/join #_discord_guildid_channelid` in your Matrix client.
|
||||
|
||||
Other configuration options are available via the `matrix_appservice_discord_configuration_extension_yaml` variable.
|
||||
|
||||
|
||||
@ -11,6 +11,8 @@ matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true
|
||||
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: YOUR_SHARED_SECRET_GOES_HERE
|
||||
```
|
||||
|
||||
You can generate a strong shared secret with a command like this: `pwgen -s 64 1`
|
||||
|
||||
|
||||
## Authenticating only using a password provider
|
||||
|
||||
|
||||
@ -136,7 +136,7 @@ backend matrix-backend
|
||||
reqirep ^(GET|POST|HEAD)\ /.well-known/matrix/(.*) \1\ /\2
|
||||
# Rewrite redirects as ProxyPassReverse does
|
||||
acl response-is-redirect res.hdr(Location) -m found
|
||||
rsprep ^Location:\ (http|https)://matrix.example.com\/(.*) Location:\ \1://matrix.exapmle.com/.well-known/matrix/\2 if response-is-redirect
|
||||
rsprep ^Location:\ (http|https)://matrix.example.com\/(.*) Location:\ \1://matrix.example.com/.well-known/matrix/\2 if response-is-redirect
|
||||
```
|
||||
|
||||
Make sure to:
|
||||
|
||||
@ -4,14 +4,14 @@ This playbook not only installs the various Matrix services for you, but can als
|
||||
|
||||
If you want to be notified when new versions of Synapse are released, you should join the Synapse Homeowners room: [#homeowners:matrix.org](https://matrix.to/#/#homeowners:matrix.org).
|
||||
|
||||
To upgrade the services:
|
||||
To upgrade services:
|
||||
|
||||
- update your playbook directory (`git pull`), so you'd obtain everything new we've done
|
||||
|
||||
- take a look at [the changelog](../CHANGELOG.md) to see if there have been any backward-incomptabile changes that you need to take care of
|
||||
- take a look at [the changelog](../CHANGELOG.md) to see if there have been any backward-incompatible changes that you need to take care of
|
||||
|
||||
- re-run the [playbook setup](installing.md): `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all`
|
||||
|
||||
- restart the services: `ansible-playbook -i inventory/hosts setup.yml --tags=start`
|
||||
|
||||
**Note**: major version upgrades are not done to the internal PostgreSQL database. To upgrade that one, refer to the [upgrading PostgreSQL guide](maintenance-postgres.md#upgrading-postgresql).
|
||||
**Note**: major version upgrades to the internal PostgreSQL database are not done automatically. To upgrade it, refer to the [upgrading PostgreSQL guide](maintenance-postgres.md#upgrading-postgresql).
|
||||
|
||||
@ -6,16 +6,16 @@
|
||||
|
||||
- [Python](https://www.python.org/) being installed on the server. Most distributions install Python by default, but some don't (e.g. Ubuntu 18.04) and require manual installation (something like `apt-get install python`).
|
||||
|
||||
- a `cron`-like tool installed on the server such as `cron` or `anacron` to automatically schedule the Let's Encrypt SSL certificates's renewal. *This can be ignored if you use your own SSL certificates.*
|
||||
- A `cron`-like tool installed on the server such as `cron` or `anacron` to automatically schedule the Let's Encrypt SSL certificates's renewal. *This can be ignored if you use your own SSL certificates.*
|
||||
|
||||
- the [Ansible](http://ansible.com/) program being installed on your own computer. It's used to run this playbook and configures your server for you. Take a look at [our guide about Ansible](ansible.md) for more information, as well as [version requirements](ansible.md#supported-ansible-versions) and alternative ways to run Ansible.
|
||||
- The [Ansible](http://ansible.com/) program being installed on your own computer. It's used to run this playbook and configures your server for you. Take a look at [our guide about Ansible](ansible.md) for more information, as well as [version requirements](ansible.md#supported-ansible-versions) and alternative ways to run Ansible.
|
||||
|
||||
- either the `dig` tool or `python-dns` installed on your own computer. Used later on, by the playbook's [services check](maintenance-checking-services.md) feature.
|
||||
- Either the `dig` tool or `python-dns` installed on your own computer. Used later on, by the playbook's [services check](maintenance-checking-services.md) feature.
|
||||
|
||||
- an HTTPS-capable web server at the base domain name (`<your-domain>`) which is capable of serving static files. Unless you decide to [Serve the base domain from the Matrix server](configuring-playbook-base-domain-serving.md) or alternatively, to use DNS SRV records for [Server Delegation](howto-server-delegation.md).
|
||||
- An HTTPS-capable web server at the base domain name (`<your-domain>`) which is capable of serving static files. Unless you decide to [Serve the base domain from the Matrix server](configuring-playbook-base-domain-serving.md) or alternatively, to use DNS SRV records for [Server Delegation](howto-server-delegation.md).
|
||||
|
||||
- properly configured DNS records for `<your-domain>` (details in [Configuring DNS](configuring-dns.md))
|
||||
- Properly configured DNS records for `<your-domain>` (details in [Configuring DNS](configuring-dns.md)).
|
||||
|
||||
- some TCP/UDP ports open. This playbook configures the server's internal firewall for you. In most cases, you don't need to do anything special. But **if your server is running behind another firewall**, you'd need to open these ports: `80/tcp` (HTTP webserver), `443/tcp` (HTTPS webserver), `3478/tcp` (TURN over TCP), `3478/udp` (TURN over UDP), `5349/tcp` (TURN over TCP), `5349/udp` (TURN over UDP), `8448/tcp` (Matrix Federation API HTTPS webserver), the range `49152-49172/udp` (TURN over UDP), `4443/tcp` (Jitsi Harvester fallback), `10000/udp` (Jitsi video RTP)
|
||||
- Some TCP/UDP ports open. This playbook configures the server's internal firewall for you. In most cases, you don't need to do anything special. But **if your server is running behind another firewall**, you'd need to open these ports: `80/tcp` (HTTP webserver), `443/tcp` (HTTPS webserver), `3478/tcp` (TURN over TCP), `3478/udp` (TURN over UDP), `5349/tcp` (TURN over TCP), `5349/udp` (TURN over UDP), `8448/tcp` (Matrix Federation API HTTPS webserver), the range `49152-49172/udp` (TURN over UDP), `4443/tcp` (Jitsi Harvester fallback), `10000/udp` (Jitsi video RTP). Depending on your firewall/NAT setup, incoming RTP packets on port 10000 may have the external IP of your firewall as destination address, due to the usage of STUN in JVB (see [`matrix_jitsi_jvb_stun_servers`](../roles/matrix-jitsi/defaults/main.yml)).
|
||||
|
||||
When ready to proceed, continue with [Configuring DNS](configuring-dns.md).
|
||||
|
||||
@ -15,6 +15,7 @@ List of roles where self-building the Docker image is currently possible:
|
||||
- `matrix-riot-web`
|
||||
- `matrix-coturn`
|
||||
- `matrix-ma1sd`
|
||||
- `matrix-mailer`
|
||||
- `matrix-mautrix-facebook`
|
||||
- `matrix-mautrix-hangouts`
|
||||
- `matrix-mx-puppet-skype`
|
||||
|
||||
Reference in New Issue
Block a user