Add support for controlling Matrix federation
This commit is contained in:
parent
caa32b6d76
commit
67a445a74a
|
@ -1,3 +1,10 @@
|
|||
# 2018-10-25
|
||||
|
||||
## Support for controlling Matrix federation
|
||||
|
||||
The playbook can now help you with [Controlling Matrix federation](docs/configuration-playbook-federation.md), should you wish to run a more private (isolated) server.
|
||||
|
||||
|
||||
# 2018-10-24
|
||||
|
||||
## Disabling riot-web guests
|
||||
|
|
28
docs/configuration-playbook-federation.md
Normal file
28
docs/configuration-playbook-federation.md
Normal file
|
@ -0,0 +1,28 @@
|
|||
# Controlling Matrix federation
|
||||
|
||||
By default, your server federates with the whole Matrix network.
|
||||
That is, people on your server can communicate with people on any other Matrix server.
|
||||
|
||||
|
||||
## Federating only with select servers
|
||||
|
||||
To make your server only federate with servers of your choosing, add this to your configuration file (`inventory/matrix.<your-domain>/vars.yml`):
|
||||
|
||||
```yaml
|
||||
matrix_synapse_federation_domain_whitelist:
|
||||
- example.com
|
||||
- another.com
|
||||
```
|
||||
|
||||
If you wish to disable federation, you can do that with an empty list (`[]`), or better yet by completely disabling federation (see below).
|
||||
|
||||
|
||||
## Disabling federation
|
||||
|
||||
To completely disable federation, isolating your server from the rest of the Matrix network, add this to your configuration file (`inventory/matrix.<your-domain>/vars.yml`):
|
||||
|
||||
```yaml
|
||||
matrix_synapse_federation_enabled: false
|
||||
```
|
||||
|
||||
With that, your server's users will only be able to talk among themselves, but not to anyone who is on another server.
|
|
@ -23,6 +23,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
|
|||
|
||||
## Other configuration options
|
||||
|
||||
- [Controlling Matrix federation](configuration-playbook-federation.md) (optional)
|
||||
|
||||
- [Adjusting email-sending settings](configuring-playbook-email.md) (optional)
|
||||
|
||||
- [Storing Matrix media files on Amazon S3](configuring-playbook-s3.md) (optional)
|
||||
|
|
|
@ -86,6 +86,15 @@ matrix_synapse_event_cache_size: "100K"
|
|||
# - https://github.com/matrix-org/synapse/issues/3939
|
||||
matrix_synapse_cache_factor: 0.5
|
||||
|
||||
# Controls whether Matrix Synapse will federate at all.
|
||||
# Disable this to completely isolate your server from the rest of the Matrix network.
|
||||
matrix_synapse_federation_enabled: true
|
||||
|
||||
# A list of domain names that are allowed to federate with the given Matrix Synapse server.
|
||||
# An empty list value (`[]`) will also effectively stop federation, but if that's the desired
|
||||
# result, it's better to accomplish it by changing `matrix_synapse_federation_enabled`.
|
||||
matrix_synapse_federation_domain_whitelist: ~
|
||||
|
||||
# A list of additional "volumes" to mount in the container.
|
||||
# This list gets populated dynamically based on Synapse extensions that have been enabled.
|
||||
# Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."}
|
||||
|
|
|
@ -119,12 +119,16 @@ use_presence: {{ matrix_synapse_use_presence|to_json }}
|
|||
# - lon.example.com
|
||||
# - nyc.example.com
|
||||
# - syd.example.com
|
||||
{% if matrix_synapse_federation_domain_whitelist is not none %}
|
||||
federation_domain_whitelist: {{ matrix_synapse_federation_domain_whitelist|to_json }}
|
||||
{% endif %}
|
||||
|
||||
# List of ports that Synapse should listen on, their purpose and their
|
||||
# configuration.
|
||||
listeners:
|
||||
# Main HTTPS listener
|
||||
# For when matrix traffic is sent directly to synapse.
|
||||
{% if matrix_synapse_federation_enabled %}
|
||||
-
|
||||
# The port to listen for HTTPS requests on.
|
||||
port: 8448
|
||||
|
@ -157,6 +161,7 @@ listeners:
|
|||
# "/_matrix/my/custom/endpoint":
|
||||
# module: my_module.CustomRequestHandler
|
||||
# config: {}
|
||||
{% endif %}
|
||||
|
||||
# Unsecure HTTP listener,
|
||||
# For when matrix traffic passes through loadbalancer that unwraps TLS.
|
||||
|
|
|
@ -29,7 +29,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-synapse \
|
|||
--log-driver=none \
|
||||
--env-file={{ matrix_environment_variables_data_path }}/synapse \
|
||||
--network={{ matrix_docker_network }} \
|
||||
{% if matrix_synapse_federation_enabled %}
|
||||
-p 8448:8448 \
|
||||
{% endif %}
|
||||
{% if not matrix_nginx_proxy_enabled %}
|
||||
-p 127.0.0.1:8008:8008 \
|
||||
{% endif %}
|
||||
|
|
Loading…
Reference in a new issue