diff --git a/docs/configuring-playbook-federation.md b/docs/configuring-playbook-federation.md index ad818ab24..1e4ad61e3 100644 --- a/docs/configuring-playbook-federation.md +++ b/docs/configuring-playbook-federation.md @@ -17,6 +17,17 @@ matrix_synapse_federation_domain_whitelist: If you wish to disable federation, you can do that with an empty list (`[]`), or better yet by completely disabling federation (see below). +## Exposing the room directory over federation + +By default, your server's public rooms directory is not exposed to other servers via federation. + +If you wish to expose it, add this to your configuration file (`inventory/host_vars/matrix./vars.yml`): + +```yaml +matrix_synapse_allow_public_rooms_over_federation: true +``` + + ## Disabling federation To completely disable federation, isolating your server from the rest of the Matrix network, add this to your configuration file (`inventory/host_vars/matrix./vars.yml`): diff --git a/docs/configuring-playbook-ma1sd.md b/docs/configuring-playbook-ma1sd.md index da9ff21e1..03d1ecded 100644 --- a/docs/configuring-playbook-ma1sd.md +++ b/docs/configuring-playbook-ma1sd.md @@ -72,6 +72,21 @@ To use a more custom configuration, you can define a `matrix_ma1sd_configuration and put your configuration in it. To learn more about how to do this, refer to the information about `matrix_ma1sd_configuration_extension_yaml` in the [default variables file](../roles/matrix-ma1sd/defaults/main.yml) of the ma1sd component. +## Example: SMS verification + +If your use case requires mobile verification, it is quite simple to integrate ma1sd with [Twilio](https://www.twilio.com/), an online telephony services gateway. Their prices are reasonable for low-volume projects and integration can be done with the following configuration: + +```yaml +matrix_ma1sd_configuration_extension_yaml: | + threepid: + medium: + msisdn: + connectors: + twilio: + account_sid: '' + auth_token: '' + number: '+' +``` ## Troubleshooting diff --git a/docs/configuring-playbook-own-webserver.md b/docs/configuring-playbook-own-webserver.md index 4adcd934b..f97f622f7 100644 --- a/docs/configuring-playbook-own-webserver.md +++ b/docs/configuring-playbook-own-webserver.md @@ -144,8 +144,7 @@ matrix_nginx_proxy_container_extra_arguments: - '--label "traefik.enable=true"' # The Nginx proxy container will receive traffic from these subdomains - # (Replace DOMAIN with your domain, e.g. example.com) - - '--label "traefik.http.routers.matrix-nginx-proxy.rule=Host(`matrix.DOMAIN`,`riot.DOMAIN`,`dimension.DOMAIN`)"' + - '--label "traefik.http.routers.matrix-nginx-proxy.rule=Host(`{{ matrix_server_fqn_matrix }}`,`{{ matrix_server_fqn_riot }}`,`{{ matrix_server_fqn_dimension }}`)"' # (The 'web-secure' entrypoint must bind to port 443 in Traefik config) - '--label "traefik.http.routers.matrix-nginx-proxy.entrypoints=web-secure"' @@ -161,8 +160,7 @@ matrix_synapse_container_extra_arguments: - '--label "traefik.enable=true"' # The Synapse container will receive traffic from this subdomain - # (Replace DOMAIN with your domain, e.g. example.com) - - '--label "traefik.http.routers.matrix-synapse.rule=Host(`matrix.DOMAIN`)"' + - '--label "traefik.http.routers.matrix-synapse.rule=Host(`{{ matrix_server_fqn_matrix }}`)"' # (The 'synapse' entrypoint must bind to port 8448 in Traefik config) - '--label "traefik.http.routers.matrix-synapse.entrypoints=synapse"' diff --git a/docs/configuring-well-known.md b/docs/configuring-well-known.md index 21a4343e9..959d3506e 100644 --- a/docs/configuring-well-known.md +++ b/docs/configuring-well-known.md @@ -48,12 +48,12 @@ If you're managing the base domain by yourself somehow, you'll need to set up se To make things easy for you to set up, this playbook generates and hosts 2 well-known files on the Matrix domain's server (e.g. `https://matrix.example.com/.well-known/matrix/server` and `https://matrix.example.com/.well-known/matrix/client`), even though this is the wrong place to host them. -You have 2 options when it comes to installing the files on the base domain's server: +You have 3 options when it comes to installing the files on the base domain's server: ### (Option 1): **Copying the files manually** to your base domain's server -**Hint**: Option 2 (below) is generally a better way to do this. Make sure to go with that one, if possible. +**Hint**: Option 2 and 3 (below) are generally a better way to do this. Make sure to go with them, if possible. All you need to do is: @@ -65,7 +65,16 @@ This is relatively easy to do and possibly your only choice if you can only host It is, however, **a little fragile**, as future updates performed by this playbook may regenerate the well-known files and you may need to notice that and copy them over again. -### (Option 2): **Setting up reverse-proxying** of the well-known files from the base domain's server to the Matrix server +### (Option 2): **Serving the base domain** from the Matrix server via the playbook + +If you don't need the base domain (e.g. `example.com`) for anything else (hosting a website, etc.), you can point it to the Matrix server's IP address and tell the playbook to configure it. + +This is the easiest way to set up well-known serving -- letting the playbook handle the whole base domain for you (including SSL certificates, etc.). However, if you need to use the base domain for other things (such as hosting some website, etc.), going with Option 1 or Option 2 might be more suitable. + +See [Serving the base domain](configuring-playbook-base-domain-serving.md) to learn how the playbook can help you set it up. + + +### (Option 3): **Setting up reverse-proxying** of the well-known files from the base domain's server to the Matrix server This option is less fragile and generally better. diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index 8a860b1ea..3a147124e 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -56,6 +56,11 @@ matrix_integration_manager_ui_url: ~ # See: https://github.com/vector-im/riot-web/blob/develop/docs/jitsi.md#configuring-riot-to-use-your-self-hosted-jitsi-server matrix_riot_jitsi_preferredDomain: '' +# Controls whether Riot should use End-to-End Encryption by default. +# Setting this to false will update `/.well-known/matrix/client` and tell Riot clients to avoid E2EE. +# See: https://github.com/vector-im/riot-web/blob/develop/docs/e2ee.md +matrix_riot_e2ee_default: true + # The Docker network that all services would be put into matrix_docker_network: "matrix" diff --git a/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 b/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 index edbaa62eb..a4c1c4391 100644 --- a/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 +++ b/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 @@ -23,4 +23,9 @@ "preferredDomain": {{ matrix_riot_jitsi_preferredDomain|to_json }} } {% endif %} + {% if not matrix_riot_e2ee_default %}, + "im.vector.riot.e2ee": { + "default": false + } + {% endif %} }