Aaron Raimist
5 年之前
沒有發現已知的金鑰在資料庫的簽署中
GPG Key ID: 37419210002890EF
共有 1 個文件被更改,包括 8 次插入 和 5 次删除
統一視圖
Diff Options
-
+8 -5docs/configuring-dns.md
+ 8
- 5
docs/configuring-dns.md
查看文件
| @@ -15,22 +15,22 @@ As we discuss in [Server Delegation](howto-server-delegation.md), there are 2 di | |||||
| This playbook mostly discusses the well-known file method, because it's easier to manage with regard to certificates. | This playbook mostly discusses the well-known file method, because it's easier to manage with regard to certificates. | ||||
| If you decide to go with the alternative method ([Server Delegation via a DNS SRV record (advanced)](howto-server-delegation.md#server-delegation-via-a-dns-srv-record-advanced)), please be aware that the general flow that this playbook guides you through may not match what you need to do. | If you decide to go with the alternative method ([Server Delegation via a DNS SRV record (advanced)](howto-server-delegation.md#server-delegation-via-a-dns-srv-record-advanced)), please be aware that the general flow that this playbook guides you through may not match what you need to do. | ||||
| ## Required DNS settings for services enabled by default | |||||
| ## DNS settings for services enabled by default | |||||
| | Type | Host | Priority | Weight | Port | Target | | | Type | Host | Priority | Weight | Port | Target | | ||||
| | ----- | ---------------------------- | -------- | ------ | ---- | ---------------------- | | | ----- | ---------------------------- | -------- | ------ | ---- | ---------------------- | | ||||
| | A | `matrix` | - | - | - | `matrix-server-IP` | | | A | `matrix` | - | - | - | `matrix-server-IP` | | ||||
| | CNAME | `element` | - | - | - | `matrix.<your-domain>` | | | CNAME | `element` | - | - | - | `matrix.<your-domain>` | | ||||
| | SRV | `_matrix-identity._tcp` | 10 | 0 | 443 | `matrix.<your-domain>` | | |||||
| Be mindful as to how long it will take for the DNS records to propagate. | Be mindful as to how long it will take for the DNS records to propagate. | ||||
| If you are using Cloudflare DNS, make sure to disable the proxy and set all records to `DNS only`. Otherwise, fetching certificates will fail. | If you are using Cloudflare DNS, make sure to disable the proxy and set all records to `DNS only`. Otherwise, fetching certificates will fail. | ||||
| ## Required DNS settings for optional services | |||||
| ## DNS settings for optional services/features | |||||
| | Type | Host | Priority | Weight | Port | Target | | | Type | Host | Priority | Weight | Port | Target | | ||||
| | ----- | ---------------------------- | -------- | ------ | ---- | ---------------------- | | | ----- | ---------------------------- | -------- | ------ | ---- | ---------------------- | | ||||
| | SRV | `_matrix-identity._tcp` | 10 | 0 | 443 | `matrix.<your-domain>` | | |||||
| | CNAME | `dimension` (*) | - | - | - | `matrix.<your-domain>` | | | CNAME | `dimension` (*) | - | - | - | `matrix.<your-domain>` | | ||||
| | CNAME | `jitsi` (*) | - | - | - | `matrix.<your-domain>` | | | CNAME | `jitsi` (*) | - | - | - | `matrix.<your-domain>` | | ||||
| | CNAME | `stats` (*) | - | - | - | `matrix.<your-domain>` | | | CNAME | `stats` (*) | - | - | - | `matrix.<your-domain>` | | ||||
| @@ -41,7 +41,7 @@ If you are using Cloudflare DNS, make sure to disable the proxy and set all reco | |||||
| As the table above illustrates, you need to create 2 subdomains (`matrix.<your-domain>` and `element.<your-domain>`) and point both of them to your new server's IP address (DNS `A` record or `CNAME` record is fine). | As the table above illustrates, you need to create 2 subdomains (`matrix.<your-domain>` and `element.<your-domain>`) and point both of them to your new server's IP address (DNS `A` record or `CNAME` record is fine). | ||||
| The `element.<your-domain>` subdomain is necessary, because this playbook installs the [Element](https://github.com/vector-im/element-web) web client for you. | |||||
| The `element.<your-domain>` subdomain may be necessary, because this playbook installs the [Element](https://github.com/vector-im/element-web) web client for you. | |||||
| If you'd rather instruct the playbook not to install Element (`matrix_client_element_enabled: false` when [Configuring the playbook](configuring-playbook.md) later), feel free to skip the `element.<your-domain>` DNS record. | If you'd rather instruct the playbook not to install Element (`matrix_client_element_enabled: false` when [Configuring the playbook](configuring-playbook.md) later), feel free to skip the `element.<your-domain>` DNS record. | ||||
| The `dimension.<your-domain>` subdomain may be necessary, because this playbook could install the [Dimension integrations manager](http://dimension.t2bot.io/) for you. Dimension installation is disabled by default, because it's only possible to install it after the other Matrix services are working (see [Setting up Dimension](configuring-playbook-dimension.md) later). If you do not wish to set up Dimension, feel free to skip the `dimension.<your-domain>` DNS record. | The `dimension.<your-domain>` subdomain may be necessary, because this playbook could install the [Dimension integrations manager](http://dimension.t2bot.io/) for you. Dimension installation is disabled by default, because it's only possible to install it after the other Matrix services are working (see [Setting up Dimension](configuring-playbook-dimension.md) later). If you do not wish to set up Dimension, feel free to skip the `dimension.<your-domain>` DNS record. | ||||
| @@ -57,9 +57,12 @@ The `sygnal.<your-domain>` subdomain may be necessary, because this playbook cou | |||||
| ## `_matrix-identity._tcp` SRV record setup | ## `_matrix-identity._tcp` SRV record setup | ||||
| To make the [ma1sd](https://github.com/ma1uta/ma1sd) Identity Server (which this playbook installs for you) be authoritative for your domain name, set up one more SRV record that looks like this: | |||||
| To make the [ma1sd](https://github.com/ma1uta/ma1sd) Identity Server (which this playbook installs for you) enable its federation features, set up an SRV record that looks like this: | |||||
| - Name: `_matrix-identity._tcp` (use this text as-is) | - Name: `_matrix-identity._tcp` (use this text as-is) | ||||
| - Content: `10 0 443 matrix.<your-domain>` (replace `<your-domain>` with your own) | - Content: `10 0 443 matrix.<your-domain>` (replace `<your-domain>` with your own) | ||||
| This is an optional feature. See [ma1sd's documentation](https://github.com/ma1uta/ma1sd/wiki/mxisd-and-your-privacy#choices-are-never-easy) for information on the privacy implications of setting up this SRV record. | |||||
| Note: This `_matrix-identity._tcp` SRV record for the identity server is different from the `_matrix._tcp` that can be used for Synapse delegation. See [howto-server-delegation.md](howto-server-delegation.md) for more information about delegation. | |||||
| When you're done with the DNS configuration and ready to proceed, continue with [Configuring this Ansible playbook](configuring-playbook.md). | When you're done with the DNS configuration and ready to proceed, continue with [Configuring this Ansible playbook](configuring-playbook.md). | ||||