From e09ea540a0cc77497cbd24f73db04dd897bd9150 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 17 Mar 2026 12:21:03 +0200 Subject: [PATCH] matrix-synapse: prefer local sockets for db connections --- CHANGELOG.md | 17 +++++++++++++++++ group_vars/matrix_servers | 8 ++++---- 2 files changed, 21 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7c80f7193..4055f2da2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,20 @@ +# 2026-03-17 + +## Synapse now prefers UNIX sockets for playbook-managed Postgres and Valkey + +When Synapse uses the playbook-managed Postgres and Valkey services, it now connects to them via [UNIX sockets](https://en.wikipedia.org/wiki/Unix_domain_socket) by default instead of TCP. + +This reduces unnecessary container-network wiring and keeps local IPC off the network stack, which is a bit simpler and slightly more secure. + +If you use an external Postgres server or external Redis/Valkey for Synapse, this does not change your setup. + +If you'd like to keep the previous TCP-based behavior, add the following configuration to your `vars.yml`: + +```yaml +matrix_synapse_database_socket_enabled: false +matrix_synapse_redis_path_enabled: false +``` + # 2026-03-01 ## (Potential BC Break) Synapse S3 media prefix is now applied consistently diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index f244afdd8..a5c47a38c 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -4805,8 +4805,8 @@ matrix_synapse_workers_container_host_bind_address: "{{ matrix_playbook_service_ matrix_synapse_database_host: "{{ postgres_connection_hostname if matrix_playbook_synapse_uses_managed_postgres else '' }}" matrix_synapse_database_password: "{{ (matrix_homeserver_generic_secret_key + ':synapse.db') | hash('sha512') | to_uuid }}" -# unix socket connection, disabled by default temporarily until properly tested -matrix_synapse_database_socket_enabled: false +# unix socket connection +matrix_synapse_database_socket_enabled: "{{ matrix_playbook_synapse_uses_managed_postgres }}" # path to the Postgres socket's parent dir inside the Synapse container matrix_synapse_database_socket_path: "{{ '/tmp/postgres' if matrix_playbook_synapse_uses_managed_postgres else '' }}" # path to the Postgres socket on the host, using Postgres @@ -4863,8 +4863,8 @@ matrix_synapse_redis_enabled: "{{ valkey_enabled }}" matrix_synapse_redis_host: "{{ valkey_identifier if matrix_playbook_synapse_uses_managed_valkey else '' }}" matrix_synapse_redis_password: "{{ valkey_connection_password if matrix_playbook_synapse_uses_managed_valkey else '' }}" -# unix socket connection, disabled by default temporarily until properly tested -matrix_synapse_redis_path_enabled: false +# unix socket connection +matrix_synapse_redis_path_enabled: "{{ matrix_playbook_synapse_uses_managed_valkey }}" # path to the Redis socket's parent dir inside the Synapse container matrix_synapse_redis_path: "{{ '/tmp/valkey' if matrix_playbook_synapse_uses_managed_valkey else '' }}" # redis socket filename