This repository was archived by the owner on Apr 26, 2024. It is now read-only.
Update ACME docs to include port instructions#4578
Merged
Conversation
richvdh
reviewed
Feb 6, 2019
Member
richvdh
left a comment
richvdh
left a comment
There was a problem hiding this comment.
looks good, but would it be clearer to just have the config file info twice (once for reverse-proxy, once for authbind)?
Member
Author
|
Yeah probably. |
Codecov Report
@@ Coverage Diff @@
## release-v0.99.0 #4578 +/- ##
==================================================
- Coverage 74.9% 74.9% -0.01%
==================================================
Files 338 338
Lines 34495 34495
Branches 5619 5619
==================================================
- Hits 25840 25839 -1
+ Misses 7074 7072 -2
- Partials 1581 1584 +3 |
richvdh
suggested changes
Feb 6, 2019
| 1. Allow Synapse to listen on port 80 with authbind, or forward it from a reverse-proxy. | ||
| 1. Set `acme:enabled` to `true` in homeserver.yaml. | ||
| 1. Allow Synapse to listen on port 80 with `authbind`, or forward it to port `8009` from a reverse-proxy. | ||
| 1. Set `acme:enabled` to `true` and `acme:port` to the appropriate port (`8009` for reverse-proxy, `80` for listening directly with `authbind`) in homeserver.yaml. |
Member
There was a problem hiding this comment.
you don't need to set acme:port if its port 80, and it's starting to just be a duplicate of the information below. Can we make this snappier and handwavier: "enable acme support in homeserver.yaml".
|
|
||
| 1. Allow Synapse to listen on port 80 with authbind, or forward it from a reverse-proxy. | ||
| 1. Set `acme:enabled` to `true` in homeserver.yaml. | ||
| 1. Allow Synapse to listen on port 80 with `authbind`, or forward it to port `8009` from a reverse-proxy. |
Member
There was a problem hiding this comment.
again, I think specifying the destination port here is overdetailed
| Once Synapse is able to listen on port 80 for ACME challenge | ||
| requests, it must be told to perform ACME provisioning by setting `enabled` | ||
| to true under the `acme` section in `homeserver.yaml`: | ||
| Once Synapse is able to listen on port 80 for ACME challenge requests, either |
Member
There was a problem hiding this comment.
surely just stick the two halves of this under the relevant sections above?
richvdh
suggested changes
Feb 6, 2019
| ``` | ||
| acme: | ||
| enabled: true | ||
| port: 80 |
| enabled: true | ||
| port: 8009 | ||
| ``` | ||
|
|
Member
Author
There was a problem hiding this comment.
It tells you to at the end of the instructions. Is that too far away that people will think to finish at this point?
Member
There was a problem hiding this comment.
ah ISWYM. hopefully they will figure it out.
|
|
||
| Make sure to restart/reload your webserver after making changes. | ||
|
|
||
| Finally, make the relevant changes in `homeserver.yaml` to enable ACME support: |
Member
There was a problem hiding this comment.
not finally, because you have to restart
| Once Synapse is able to listen on port 80 for ACME challenge | ||
| requests, it must be told to perform ACME provisioning by setting `enabled` | ||
| to true under the `acme` section in `homeserver.yaml`: | ||
| Make the relevant changes in `homeserver.yaml` to enable ACME support: |
Member
There was a problem hiding this comment.
this would be better before the authbind, because we need to restart synapse afterwards
richvdh
added a commit
that referenced
this pull request
Feb 14, 2019
Synapse 0.99.1 (2019-02-14) =========================== Features -------- - Include m.room.encryption on invites by default ([\#3902](#3902)) - Federation OpenID listener resource can now be activated even if federation is disabled ([\#4420](#4420)) - Synapse's ACME support will now correctly reprovision a certificate that approaches its expiry while Synapse is running. ([\#4522](#4522)) - Add ability to update backup versions ([\#4580](#4580)) - Allow the "unavailable" presence status for /sync. This change makes Synapse compliant with r0.4.0 of the Client-Server specification. ([\#4592](#4592)) - There is no longer any need to specify `no_tls`: it is inferred from the absence of TLS listeners ([\#4613](#4613), [\#4615](#4615), [\#4617](#4617), [\#4636](#4636)) - The default configuration no longer requires TLS certificates. ([\#4614](#4614)) Bugfixes -------- - Copy over room federation ability on room upgrade. ([\#4530](#4530)) - Fix noisy "twisted.internet.task.TaskStopped" errors in logs ([\#4546](#4546)) - Synapse is now tolerant of the `tls_fingerprints` option being None or not specified. ([\#4589](#4589)) - Fix 'no unique or exclusion constraint' error ([\#4591](#4591)) - Transfer Server ACLs on room upgrade. ([\#4608](#4608)) - Fix failure to start when not TLS certificate was given even if TLS was disabled. ([\#4618](#4618)) - Fix self-signed cert notice from generate-config. ([\#4625](#4625)) - Fix performance of `user_ips` table deduplication background update ([\#4626](#4626), [\#4627](#4627)) Internal Changes ---------------- - Change the user directory state query to use a filtered call to the db instead of a generic one. ([\#4462](#4462)) - Reject federation transactions if they include more than 50 PDUs or 100 EDUs. ([\#4513](#4513)) - Reduce duplication of ``synapse.app`` code. ([\#4567](#4567)) - Fix docker upload job to push -py2 images. ([\#4576](#4576)) - Add port configuration information to ACME instructions. ([\#4578](#4578)) - Update MSC1711 FAQ to calrify .well-known usage ([\#4584](#4584)) - Clean up default listener configuration ([\#4586](#4586)) - Clarifications for reverse proxy docs ([\#4607](#4607)) - Move ClientTLSOptionsFactory init out of `refresh_certificates` ([\#4611](#4611)) - Fail cleanly if listener config lacks a 'port' ([\#4616](#4616)) - Remove redundant entries from docker config ([\#4619](#4619)) - README updates ([\#4621](#4621))
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Update ACME docs to add information for port configuration.