Add support for controlling Matrix federation

This commit is contained in:
Slavi Pantaleev 2018-10-25 18:02:04 +03:00
parent caa32b6d76
commit 67a445a74a
6 changed files with 53 additions and 0 deletions

View file

@ -1,3 +1,10 @@
# 2018-10-25
## Support for controlling Matrix federation
The playbook can now help you with [Controlling Matrix federation](docs/configuration-playbook-federation.md), should you wish to run a more private (isolated) server.
# 2018-10-24
## Disabling riot-web guests

View file

@ -0,0 +1,28 @@
# Controlling Matrix federation
By default, your server federates with the whole Matrix network.
That is, people on your server can communicate with people on any other Matrix server.
## Federating only with select servers
To make your server only federate with servers of your choosing, add this to your configuration file (`inventory/matrix.<your-domain>/vars.yml`):
```yaml
matrix_synapse_federation_domain_whitelist:
- example.com
- another.com
```
If you wish to disable federation, you can do that with an empty list (`[]`), or better yet by completely disabling federation (see below).
## Disabling federation
To completely disable federation, isolating your server from the rest of the Matrix network, add this to your configuration file (`inventory/matrix.<your-domain>/vars.yml`):
```yaml
matrix_synapse_federation_enabled: false
```
With that, your server's users will only be able to talk among themselves, but not to anyone who is on another server.

View file

@ -23,6 +23,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
## Other configuration options
- [Controlling Matrix federation](configuration-playbook-federation.md) (optional)
- [Adjusting email-sending settings](configuring-playbook-email.md) (optional)
- [Storing Matrix media files on Amazon S3](configuring-playbook-s3.md) (optional)

View file

@ -86,6 +86,15 @@ matrix_synapse_event_cache_size: "100K"
# - https://github.com/matrix-org/synapse/issues/3939
matrix_synapse_cache_factor: 0.5
# Controls whether Matrix Synapse will federate at all.
# Disable this to completely isolate your server from the rest of the Matrix network.
matrix_synapse_federation_enabled: true
# A list of domain names that are allowed to federate with the given Matrix Synapse server.
# An empty list value (`[]`) will also effectively stop federation, but if that's the desired
# result, it's better to accomplish it by changing `matrix_synapse_federation_enabled`.
matrix_synapse_federation_domain_whitelist: ~
# A list of additional "volumes" to mount in the container.
# This list gets populated dynamically based on Synapse extensions that have been enabled.
# Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."}

View file

@ -119,12 +119,16 @@ use_presence: {{ matrix_synapse_use_presence|to_json }}
# - lon.example.com
# - nyc.example.com
# - syd.example.com
{% if matrix_synapse_federation_domain_whitelist is not none %}
federation_domain_whitelist: {{ matrix_synapse_federation_domain_whitelist|to_json }}
{% endif %}
# List of ports that Synapse should listen on, their purpose and their
# configuration.
listeners:
# Main HTTPS listener
# For when matrix traffic is sent directly to synapse.
{% if matrix_synapse_federation_enabled %}
-
# The port to listen for HTTPS requests on.
port: 8448
@ -157,6 +161,7 @@ listeners:
# "/_matrix/my/custom/endpoint":
# module: my_module.CustomRequestHandler
# config: {}
{% endif %}
# Unsecure HTTP listener,
# For when matrix traffic passes through loadbalancer that unwraps TLS.

View file

@ -29,7 +29,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-synapse \
--log-driver=none \
--env-file={{ matrix_environment_variables_data_path }}/synapse \
--network={{ matrix_docker_network }} \
{% if matrix_synapse_federation_enabled %}
-p 8448:8448 \
{% endif %}
{% if not matrix_nginx_proxy_enabled %}
-p 127.0.0.1:8008:8008 \
{% endif %}