Make ma1sd's SRV record optional
This commit is contained in:
parent
d09609daa8
commit
c6fb7acf5f
@ -15,22 +15,22 @@ As we discuss in [Server Delegation](howto-server-delegation.md), there are 2 di
|
|||||||
This playbook mostly discusses the well-known file method, because it's easier to manage with regard to certificates.
|
This playbook mostly discusses the well-known file method, because it's easier to manage with regard to certificates.
|
||||||
If you decide to go with the alternative method ([Server Delegation via a DNS SRV record (advanced)](howto-server-delegation.md#server-delegation-via-a-dns-srv-record-advanced)), please be aware that the general flow that this playbook guides you through may not match what you need to do.
|
If you decide to go with the alternative method ([Server Delegation via a DNS SRV record (advanced)](howto-server-delegation.md#server-delegation-via-a-dns-srv-record-advanced)), please be aware that the general flow that this playbook guides you through may not match what you need to do.
|
||||||
|
|
||||||
## Required DNS settings for services enabled by default
|
## DNS settings for services enabled by default
|
||||||
|
|
||||||
| Type | Host | Priority | Weight | Port | Target |
|
| Type | Host | Priority | Weight | Port | Target |
|
||||||
| ----- | ---------------------------- | -------- | ------ | ---- | ---------------------- |
|
| ----- | ---------------------------- | -------- | ------ | ---- | ---------------------- |
|
||||||
| A | `matrix` | - | - | - | `matrix-server-IP` |
|
| A | `matrix` | - | - | - | `matrix-server-IP` |
|
||||||
| CNAME | `element` | - | - | - | `matrix.<your-domain>` |
|
| CNAME | `element` | - | - | - | `matrix.<your-domain>` |
|
||||||
| SRV | `_matrix-identity._tcp` | 10 | 0 | 443 | `matrix.<your-domain>` |
|
|
||||||
|
|
||||||
Be mindful as to how long it will take for the DNS records to propagate.
|
Be mindful as to how long it will take for the DNS records to propagate.
|
||||||
|
|
||||||
If you are using Cloudflare DNS, make sure to disable the proxy and set all records to `DNS only`. Otherwise, fetching certificates will fail.
|
If you are using Cloudflare DNS, make sure to disable the proxy and set all records to `DNS only`. Otherwise, fetching certificates will fail.
|
||||||
|
|
||||||
## Required DNS settings for optional services
|
## DNS settings for optional services/features
|
||||||
|
|
||||||
| Type | Host | Priority | Weight | Port | Target |
|
| Type | Host | Priority | Weight | Port | Target |
|
||||||
| ----- | ---------------------------- | -------- | ------ | ---- | ---------------------- |
|
| ----- | ---------------------------- | -------- | ------ | ---- | ---------------------- |
|
||||||
|
| SRV | `_matrix-identity._tcp` | 10 | 0 | 443 | `matrix.<your-domain>` |
|
||||||
| CNAME | `dimension` (*) | - | - | - | `matrix.<your-domain>` |
|
| CNAME | `dimension` (*) | - | - | - | `matrix.<your-domain>` |
|
||||||
| CNAME | `jitsi` (*) | - | - | - | `matrix.<your-domain>` |
|
| CNAME | `jitsi` (*) | - | - | - | `matrix.<your-domain>` |
|
||||||
| CNAME | `stats` (*) | - | - | - | `matrix.<your-domain>` |
|
| CNAME | `stats` (*) | - | - | - | `matrix.<your-domain>` |
|
||||||
@ -41,7 +41,7 @@ If you are using Cloudflare DNS, make sure to disable the proxy and set all reco
|
|||||||
|
|
||||||
As the table above illustrates, you need to create 2 subdomains (`matrix.<your-domain>` and `element.<your-domain>`) and point both of them to your new server's IP address (DNS `A` record or `CNAME` record is fine).
|
As the table above illustrates, you need to create 2 subdomains (`matrix.<your-domain>` and `element.<your-domain>`) and point both of them to your new server's IP address (DNS `A` record or `CNAME` record is fine).
|
||||||
|
|
||||||
The `element.<your-domain>` subdomain is necessary, because this playbook installs the [Element](https://github.com/vector-im/element-web) web client for you.
|
The `element.<your-domain>` subdomain may be necessary, because this playbook installs the [Element](https://github.com/vector-im/element-web) web client for you.
|
||||||
If you'd rather instruct the playbook not to install Element (`matrix_client_element_enabled: false` when [Configuring the playbook](configuring-playbook.md) later), feel free to skip the `element.<your-domain>` DNS record.
|
If you'd rather instruct the playbook not to install Element (`matrix_client_element_enabled: false` when [Configuring the playbook](configuring-playbook.md) later), feel free to skip the `element.<your-domain>` DNS record.
|
||||||
|
|
||||||
The `dimension.<your-domain>` subdomain may be necessary, because this playbook could install the [Dimension integrations manager](http://dimension.t2bot.io/) for you. Dimension installation is disabled by default, because it's only possible to install it after the other Matrix services are working (see [Setting up Dimension](configuring-playbook-dimension.md) later). If you do not wish to set up Dimension, feel free to skip the `dimension.<your-domain>` DNS record.
|
The `dimension.<your-domain>` subdomain may be necessary, because this playbook could install the [Dimension integrations manager](http://dimension.t2bot.io/) for you. Dimension installation is disabled by default, because it's only possible to install it after the other Matrix services are working (see [Setting up Dimension](configuring-playbook-dimension.md) later). If you do not wish to set up Dimension, feel free to skip the `dimension.<your-domain>` DNS record.
|
||||||
@ -57,9 +57,12 @@ The `sygnal.<your-domain>` subdomain may be necessary, because this playbook cou
|
|||||||
|
|
||||||
## `_matrix-identity._tcp` SRV record setup
|
## `_matrix-identity._tcp` SRV record setup
|
||||||
|
|
||||||
To make the [ma1sd](https://github.com/ma1uta/ma1sd) Identity Server (which this playbook installs for you) be authoritative for your domain name, set up one more SRV record that looks like this:
|
To make the [ma1sd](https://github.com/ma1uta/ma1sd) Identity Server (which this playbook installs for you) enable its federation features, set up an SRV record that looks like this:
|
||||||
- Name: `_matrix-identity._tcp` (use this text as-is)
|
- Name: `_matrix-identity._tcp` (use this text as-is)
|
||||||
- Content: `10 0 443 matrix.<your-domain>` (replace `<your-domain>` with your own)
|
- Content: `10 0 443 matrix.<your-domain>` (replace `<your-domain>` with your own)
|
||||||
|
|
||||||
|
This is an optional feature. See [ma1sd's documentation](https://github.com/ma1uta/ma1sd/wiki/mxisd-and-your-privacy#choices-are-never-easy) for information on the privacy implications of setting up this SRV record.
|
||||||
|
|
||||||
|
Note: This `_matrix-identity._tcp` SRV record for the identity server is different from the `_matrix._tcp` that can be used for Synapse delegation. See [howto-server-delegation.md](howto-server-delegation.md) for more information about delegation.
|
||||||
|
|
||||||
When you're done with the DNS configuration and ready to proceed, continue with [Configuring this Ansible playbook](configuring-playbook.md).
|
When you're done with the DNS configuration and ready to proceed, continue with [Configuring this Ansible playbook](configuring-playbook.md).
|
||||||
|
Loading…
Reference in New Issue
Block a user