Kaynağa Gözat

Run matrix federation also over apache to get proper TLS. For some reason not working with tls from synapse itself.

Thomas Buck 5 yıl önce
ebeveyn
işleme
85e7c343c5

+ 0
- 6
roles/matrix/tasks/synapse.yml Dosyayı Görüntüle

@@ -72,12 +72,6 @@
72 72
 - name: Add cert postrenew task
73 73
   copy: src=etc_letsencrypt_postrenew_synapse.sh dest=/etc/letsencrypt/postrenew/synapse.sh mode=0755
74 74
 
75
-- name: Set firewall rules for Synapse
76
-  ufw: rule=allow port={{ item }} proto=tcp
77
-  with_items:
78
-    - 8448  # matrix federation
79
-  tags: ufw
80
-
81 75
 - name: Register new Synapse service
82 76
   systemd: name=matrix-synapse daemon_reload=yes enabled=yes
83 77
 

+ 8
- 8
roles/matrix/templates/etc_matrix-synapse_homeserver.j2 Dosyayı Görüntüle

@@ -155,14 +155,14 @@ listeners:
155 155
   # will also need to give Synapse a TLS key and certificate: see the TLS section
156 156
   # below.)
157 157
   #
158
-  - port: 8448
159
-    type: http
160
-    tls: true
161
-    bind_addresses:
162
-      - '::'
163
-    
164
-    resources:
165
-      - names: [client, federation, webclient]
158
+  #- port: 8448
159
+  #  type: http
160
+  #  tls: true
161
+  #  bind_addresses:
162
+  #    - '::'
163
+  #
164
+  #  resources:
165
+  #    - names: [client, federation, webclient]
166 166
 
167 167
   # Unsecure HTTP listener: for when matrix traffic passes through a reverse proxy
168 168
   # that unwraps TLS.

+ 1
- 1
roles/matrix/templates/var_www_well-known_matrix_server.j2 Dosyayı Görüntüle

@@ -1,3 +1,3 @@
1 1
 {
2
-    "m.server": "{{ matrix_domain }}:8448"
2
+    "m.server": "{{ matrix_domain }}:443"
3 3
 }

+ 1
- 1
roles/monitoring/files/etc_monit_conf.d_matrix Dosyayı Görüntüle

@@ -2,7 +2,7 @@ check process synapse matching /opt/venvs/matrix-synapse/bin/python
2 2
   group social
3 3
   start program = "/bin/systemctl start matrix-synapse"
4 4
   stop program = "/bin/systemctl stop matrix-synapse"
5
-  if failed port 8448 type tcp
5
+  if failed port 8008 type tcp
6 6
     with timeout 10 seconds
7 7
     then restart
8 8
   if 5 restarts within 5 cycles then timeout

Loading…
İptal
Kaydet