Upgrade Synapse (1.46.0 -> 1.47.0)
We had to remove UID/GID environment variables that we used to pass to the Synapse container, because it was causing a problem after https://github.com/matrix-org/synapse/pull/11209 We were using both `--user` and UID/GID environment variables until now.
This commit is contained in:
parent
75cb4ce3b0
commit
e1a6d1e4b2
|
@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont
|
|||
# amd64 gets released first.
|
||||
# arm32 relies on self-building, so the same version can be built immediately.
|
||||
# arm64 users need to wait for a prebuilt image to become available.
|
||||
matrix_synapse_version: v1.46.0
|
||||
matrix_synapse_version_arm64: v1.46.0
|
||||
matrix_synapse_version: v1.47.0
|
||||
matrix_synapse_version_arm64: v1.47.0
|
||||
matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}"
|
||||
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
|
||||
|
||||
|
|
|
@ -67,8 +67,6 @@
|
|||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
||||
--cap-drop=ALL
|
||||
--mount type=bind,src={{ matrix_synapse_config_dir_path }},dst=/data
|
||||
-e UID={{ matrix_user_uid }}
|
||||
-e GID={{ matrix_user_gid }}
|
||||
-e SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
|
||||
-e SYNAPSE_SERVER_NAME={{ matrix_server_fqn_matrix }}
|
||||
-e SYNAPSE_REPORT_STATS=no
|
||||
|
|
|
@ -66,8 +66,28 @@ pid_file: /homeserver.pid
|
|||
# Otherwise, it should be the URL to reach Synapse's client HTTP listener (see
|
||||
# 'listeners' below).
|
||||
#
|
||||
# Defaults to 'https://<server_name>/'.
|
||||
#
|
||||
public_baseurl: https://{{ matrix_server_fqn_matrix }}/
|
||||
|
||||
# Uncomment the following to tell other servers to send federation traffic on
|
||||
# port 443.
|
||||
#
|
||||
# By default, other servers will try to reach our server on port 8448, which can
|
||||
# be inconvenient in some environments.
|
||||
#
|
||||
# Provided 'https://<server_name>/' on port 443 is routed to Synapse, this
|
||||
# option configures Synapse to serve a file at
|
||||
# 'https://<server_name>/.well-known/matrix/server'. This will tell other
|
||||
# servers to send traffic to port 443 instead.
|
||||
#
|
||||
# See https://matrix-org.github.io/synapse/latest/delegate.html for more
|
||||
# information.
|
||||
#
|
||||
# Defaults to 'false'.
|
||||
#
|
||||
#serve_server_wellknown: true
|
||||
|
||||
# Set the soft limit on the number of file descriptors synapse can use
|
||||
# Zero is used to indicate synapse should set the soft limit to the
|
||||
# hard limit.
|
||||
|
@ -1271,7 +1291,7 @@ allow_guest_access: {{ matrix_synapse_allow_guest_access|to_json }}
|
|||
# in on this server.
|
||||
#
|
||||
# (By default, no suggestion is made, so it is left up to the client.
|
||||
# This setting is ignored unless public_baseurl is also set.)
|
||||
# This setting is ignored unless public_baseurl is also explicitly set.)
|
||||
#
|
||||
#default_identity_server: https://matrix.org
|
||||
|
||||
|
@ -1296,8 +1316,6 @@ allow_guest_access: {{ matrix_synapse_allow_guest_access|to_json }}
|
|||
# by the Matrix Identity Service API specification:
|
||||
# https://matrix.org/docs/spec/identity_service/latest
|
||||
#
|
||||
# If a delegate is specified, the config option public_baseurl must also be filled out.
|
||||
#
|
||||
account_threepid_delegates:
|
||||
email: {{ matrix_synapse_account_threepid_delegates_email|to_json }}
|
||||
msisdn: {{ matrix_synapse_account_threepid_delegates_msisdn|to_json }}
|
||||
|
@ -1990,11 +2008,10 @@ sso:
|
|||
# phishing attacks from evil.site. To avoid this, include a slash after the
|
||||
# hostname: "https://my.client/".
|
||||
#
|
||||
# If public_baseurl is set, then the login fallback page (used by clients
|
||||
# that don't natively support the required login flows) is whitelisted in
|
||||
# addition to any URLs in this list.
|
||||
# The login fallback page (used by clients that don't natively support the
|
||||
# required login flows) is whitelisted in addition to any URLs in this list.
|
||||
#
|
||||
# By default, this list is empty.
|
||||
# By default, this list contains only the login fallback page.
|
||||
#
|
||||
#client_whitelist:
|
||||
# - https://riot.im/develop
|
||||
|
|
|
@ -17,8 +17,6 @@ ExecStartPre={{ matrix_host_command_sleep }} 5
|
|||
ExecStart={{ matrix_host_command_docker }} run --rm --name {{ matrix_synapse_worker_container_name }} \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
-e UID={{ matrix_user_uid }} \
|
||||
-e GID={{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
--read-only \
|
||||
--tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_synapse_tmp_directory_size_mb }}m \
|
||||
|
|
|
@ -33,8 +33,6 @@ ExecStartPre={{ matrix_host_command_sleep }} 3
|
|||
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--env=UID={{ matrix_user_uid }} \
|
||||
--env=GID={{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
--read-only \
|
||||
--tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_synapse_tmp_directory_size_mb }}m \
|
||||
|
|
|
@ -271,19 +271,19 @@ matrix_synapse_workers_media_repository_endpoints:
|
|||
# expose the `media` resource. For example:
|
||||
|
||||
# ```yaml
|
||||
# worker_listeners:
|
||||
# - type: http
|
||||
# port: 8085
|
||||
# resources:
|
||||
# - names:
|
||||
# - media
|
||||
# worker_listeners:
|
||||
# - type: http
|
||||
# port: 8085
|
||||
# resources:
|
||||
# - names:
|
||||
# - media
|
||||
# ```
|
||||
|
||||
# Note that if running multiple media repositories they must be on the same server
|
||||
# and you must configure a single instance to run the background tasks, e.g.:
|
||||
|
||||
# ```yaml
|
||||
# media_instance_running_background_jobs: "media-repository-1"
|
||||
# media_instance_running_background_jobs: "media-repository-1"
|
||||
# ```
|
||||
|
||||
# Note that if a reverse proxy is used , then `/_matrix/media/` must be routed for both inbound client and federation requests (if they are handled separately).
|
||||
|
@ -319,7 +319,9 @@ matrix_synapse_workers_frontend_proxy_endpoints:
|
|||
# the `worker_main_http_uri` setting in the `frontend_proxy` worker configuration
|
||||
# file. For example:
|
||||
|
||||
# worker_main_http_uri: http://127.0.0.1:{{ matrix_synapse_container_client_api_port }}
|
||||
# ```yaml
|
||||
# worker_main_http_uri: http://127.0.0.1:8008
|
||||
# ```
|
||||
|
||||
matrix_synapse_workers_avail_list:
|
||||
- appservice
|
||||
|
|
Loading…
Reference in a new issue