|
|
|
@@ -7,6 +7,22 @@ |
|
|
|
# |
|
|
|
# [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html |
|
|
|
|
|
|
|
|
|
|
|
## Modules ## |
|
|
|
|
|
|
|
# Server admins can expand Synapse's functionality with external modules. |
|
|
|
# |
|
|
|
# See https://matrix-org.github.io/synapse/develop/modules.html for more |
|
|
|
# documentation on how to configure or create custom modules for Synapse. |
|
|
|
# |
|
|
|
modules: |
|
|
|
# - module: my_super_module.MySuperClass |
|
|
|
# config: |
|
|
|
# do_thing: true |
|
|
|
# - module: my_other_super_module.SomeClass |
|
|
|
# config: {} |
|
|
|
|
|
|
|
|
|
|
|
## Server ## |
|
|
|
|
|
|
|
# The public-facing domain of the server |
|
|
|
@@ -574,13 +590,9 @@ retention: |
|
|
|
# This certificate, as of Synapse 1.0, will need to be a valid and verifiable |
|
|
|
# certificate, signed by a recognised Certificate Authority. |
|
|
|
# |
|
|
|
# See 'ACME support' below to enable auto-provisioning this certificate via |
|
|
|
# Let's Encrypt. |
|
|
|
# |
|
|
|
# If supplying your own, be sure to use a `.pem` file that includes the |
|
|
|
# full certificate chain including any intermediate certificates (for |
|
|
|
# instance, if using certbot, use `fullchain.pem` as your certificate, |
|
|
|
# not `cert.pem`). |
|
|
|
# Be sure to use a `.pem` file that includes the full certificate chain including |
|
|
|
# any intermediate certificates (for instance, if using certbot, use |
|
|
|
# `fullchain.pem` as your certificate, not `cert.pem`). |
|
|
|
# |
|
|
|
tls_certificate_path: {{ matrix_synapse_tls_certificate_path|to_json }} |
|
|
|
|
|
|
|
@@ -631,80 +643,6 @@ tls_private_key_path: {{ matrix_synapse_tls_private_key_path|to_json }} |
|
|
|
# - myCA2.pem |
|
|
|
# - myCA3.pem |
|
|
|
|
|
|
|
# ACME support: This will configure Synapse to request a valid TLS certificate |
|
|
|
# for your configured `server_name` via Let's Encrypt. |
|
|
|
# |
|
|
|
# Note that ACME v1 is now deprecated, and Synapse currently doesn't support |
|
|
|
# ACME v2. This means that this feature currently won't work with installs set |
|
|
|
# up after November 2019. For more info, and alternative solutions, see |
|
|
|
# https://github.com/matrix-org/synapse/blob/master/docs/ACME.md#deprecation-of-acme-v1 |
|
|
|
# |
|
|
|
# Note that provisioning a certificate in this way requires port 80 to be |
|
|
|
# routed to Synapse so that it can complete the http-01 ACME challenge. |
|
|
|
# By default, if you enable ACME support, Synapse will attempt to listen on |
|
|
|
# port 80 for incoming http-01 challenges - however, this will likely fail |
|
|
|
# with 'Permission denied' or a similar error. |
|
|
|
# |
|
|
|
# There are a couple of potential solutions to this: |
|
|
|
# |
|
|
|
# * If you already have an Apache, Nginx, or similar listening on port 80, |
|
|
|
# you can configure Synapse to use an alternate port, and have your web |
|
|
|
# server forward the requests. For example, assuming you set 'port: 8009' |
|
|
|
# below, on Apache, you would write: |
|
|
|
# |
|
|
|
# ProxyPass /.well-known/acme-challenge http://localhost:8009/.well-known/acme-challenge |
|
|
|
# |
|
|
|
# * Alternatively, you can use something like `authbind` to give Synapse |
|
|
|
# permission to listen on port 80. |
|
|
|
# |
|
|
|
acme: |
|
|
|
# ACME support is disabled by default. Uncomment the following line |
|
|
|
# (and tls_certificate_path and tls_private_key_path above) to enable it. |
|
|
|
# |
|
|
|
#enabled: true |
|
|
|
|
|
|
|
# Endpoint to use to request certificates. If you only want to test, |
|
|
|
# use Let's Encrypt's staging url: |
|
|
|
# https://acme-staging.api.letsencrypt.org/directory |
|
|
|
# |
|
|
|
#url: https://acme-v01.api.letsencrypt.org/directory |
|
|
|
|
|
|
|
# Port number to listen on for the HTTP-01 challenge. Change this if |
|
|
|
# you are forwarding connections through Apache/Nginx/etc. |
|
|
|
# |
|
|
|
#port: 80 |
|
|
|
|
|
|
|
# Local addresses to listen on for incoming connections. |
|
|
|
# Again, you may want to change this if you are forwarding connections |
|
|
|
# through Apache/Nginx/etc. |
|
|
|
# |
|
|
|
#bind_addresses: ['::', '0.0.0.0'] |
|
|
|
|
|
|
|
# How many days remaining on a certificate before it is renewed. |
|
|
|
# |
|
|
|
#reprovision_threshold: 30 |
|
|
|
|
|
|
|
# The domain that the certificate should be for. Normally this |
|
|
|
# should be the same as your Matrix domain (i.e., 'server_name'), but, |
|
|
|
# by putting a file at 'https://<server_name>/.well-known/matrix/server', |
|
|
|
# you can delegate incoming traffic to another server. If you do that, |
|
|
|
# you should give the target of the delegation here. |
|
|
|
# |
|
|
|
# For example: if your 'server_name' is 'example.com', but |
|
|
|
# 'https://example.com/.well-known/matrix/server' delegates to |
|
|
|
# 'matrix.example.com', you should put 'matrix.example.com' here. |
|
|
|
# |
|
|
|
# If not set, defaults to your 'server_name'. |
|
|
|
# |
|
|
|
#domain: matrix.example.com |
|
|
|
|
|
|
|
# file to use for the account key. This will be generated if it doesn't |
|
|
|
# exist. |
|
|
|
# |
|
|
|
# If unspecified, we will use CONFDIR/client.key. |
|
|
|
# |
|
|
|
#account_key_file: /data/acme_account.key |
|
|
|
|
|
|
|
|
|
|
|
## Federation ## |
|
|
|
|
|
|
|
@@ -957,6 +895,10 @@ media_store_path: "/matrix-media-store-parent/{{ matrix_synapse_media_store_dire |
|
|
|
|
|
|
|
# The largest allowed upload size in bytes |
|
|
|
# |
|
|
|
# If you are using a reverse proxy you may also need to set this value in |
|
|
|
# your reverse proxy's config. Notably Nginx has a small max body size by default. |
|
|
|
# See https://matrix-org.github.io/synapse/develop/reverse_proxy.html. |
|
|
|
# |
|
|
|
max_upload_size: "{{ matrix_synapse_max_upload_size_mb }}M" |
|
|
|
|
|
|
|
# Maximum number of pixels that will be thumbnailed |
|
|
|
@@ -2045,6 +1987,17 @@ sso: |
|
|
|
# - https://riot.im/develop |
|
|
|
# - https://my.custom.client/ |
|
|
|
|
|
|
|
# Uncomment to keep a user's profile fields in sync with information from |
|
|
|
# the identity provider. Currently only syncing the displayname is |
|
|
|
# supported. Fields are checked on every SSO login, and are updated |
|
|
|
# if necessary. |
|
|
|
# |
|
|
|
# Note that enabling this option will override user profile information, |
|
|
|
# regardless of whether users have opted-out of syncing that |
|
|
|
# information when first signing in. Defaults to false. |
|
|
|
# |
|
|
|
#update_profile_information: true |
|
|
|
|
|
|
|
# Directory in which Synapse will try to find the template files below. |
|
|
|
# If not set, or the files named below are not found within the template |
|
|
|
# directory, default templates from within the Synapse package will be used. |
|
|
|
@@ -2326,6 +2279,10 @@ ui_auth: |
|
|
|
# the user-interactive authentication process, by allowing for multiple |
|
|
|
# (and potentially different) operations to use the same validation session. |
|
|
|
# |
|
|
|
# This is ignored for potentially "dangerous" operations (including |
|
|
|
# deactivating an account, modifying an account password, and |
|
|
|
# adding a 3PID). |
|
|
|
# |
|
|
|
# Uncomment below to allow for credential validation to last for 15 |
|
|
|
# seconds. |
|
|
|
# |
|
|
|
|
Slavi Pantaleev
před 4 roky