This commit is contained in:
parent
7db1d5856a
commit
333e97342a
|
@ -66,7 +66,9 @@ listeners:
|
||||||
bind_addresses:
|
bind_addresses:
|
||||||
{{ matrix_https_bind_ips | to_nice_yaml | indent(6) }}
|
{{ matrix_https_bind_ips | to_nice_yaml | indent(6) }}
|
||||||
type: http
|
type: http
|
||||||
|
{% if matrix_tls_enabled %}
|
||||||
tls: true
|
tls: true
|
||||||
|
{% endif %}
|
||||||
x_forwarded: false
|
x_forwarded: false
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
@ -146,15 +148,13 @@ listeners:
|
||||||
# Defaults to 'true'.
|
# Defaults to 'true'.
|
||||||
#
|
#
|
||||||
#allow_per_room_profiles: false
|
#allow_per_room_profiles: false
|
||||||
|
{% if matrix_tls_enabled %}
|
||||||
|
|
||||||
## TLS ##
|
## TLS ##
|
||||||
{% if matrix_tls_enabled %}
|
|
||||||
tls_certificate_path: "{{ matrix_tls_cert_path }}"
|
tls_certificate_path: "{{ matrix_tls_cert_path }}"
|
||||||
tls_private_key_path: "{{ matrix_tls_key_path }}"
|
tls_private_key_path: "{{ matrix_tls_key_path }}"
|
||||||
tls_dh_params_path: "{{ matrix_tls_dhparam_path }}"
|
tls_dh_params_path: "{{ matrix_tls_dhparam_path }}"
|
||||||
|
|
||||||
{% endif %}
|
|
||||||
# Whether to verify TLS server certificates for outbound federation requests.
|
# Whether to verify TLS server certificates for outbound federation requests.
|
||||||
federation_verify_certificates: true
|
federation_verify_certificates: true
|
||||||
|
|
||||||
|
@ -164,46 +164,7 @@ federation_client_minimum_tls_version: 1.2
|
||||||
# Skip federation certificate verification on the following whitelist
|
# Skip federation certificate verification on the following whitelist
|
||||||
# of domains.
|
# of domains.
|
||||||
federation_certificate_verification_whitelist: []
|
federation_certificate_verification_whitelist: []
|
||||||
|
{% endif %}
|
||||||
# List of custom certificate authorities for federation traffic.
|
|
||||||
#
|
|
||||||
# This setting should only normally be used within a private network of
|
|
||||||
# homeservers.
|
|
||||||
#
|
|
||||||
# Note that this list will replace those that are provided by your
|
|
||||||
# operating environment. Certificates must be in PEM format.
|
|
||||||
#
|
|
||||||
#federation_custom_ca_list:
|
|
||||||
# - myCA1.pem
|
|
||||||
# - myCA2.pem
|
|
||||||
# - myCA3.pem
|
|
||||||
|
|
||||||
# List of allowed TLS fingerprints for this server to publish along
|
|
||||||
# with the signing keys for this server. Other matrix servers that
|
|
||||||
# make HTTPS requests to this server will check that the TLS
|
|
||||||
# certificates returned by this server match one of the fingerprints.
|
|
||||||
#
|
|
||||||
# Synapse automatically adds the fingerprint of its own certificate
|
|
||||||
# to the list. So if federation traffic is handled directly by synapse
|
|
||||||
# then no modification to the list is required.
|
|
||||||
#
|
|
||||||
# If synapse is run behind a load balancer that handles the TLS then it
|
|
||||||
# will be necessary to add the fingerprints of the certificates used by
|
|
||||||
# the loadbalancers to this list if they are different to the one
|
|
||||||
# synapse is using.
|
|
||||||
#
|
|
||||||
# Homeservers are permitted to cache the list of TLS fingerprints
|
|
||||||
# returned in the key responses up to the "valid_until_ts" returned in
|
|
||||||
# key. It may be necessary to publish the fingerprints of a new
|
|
||||||
# certificate and wait until the "valid_until_ts" of the previous key
|
|
||||||
# responses have passed before deploying it.
|
|
||||||
#
|
|
||||||
# You can calculate a fingerprint from a given TLS listener via:
|
|
||||||
# openssl s_client -connect $host:$port < /dev/null 2> /dev/null |
|
|
||||||
# openssl x509 -outform DER | openssl sha256 -binary | base64 | tr -d '='
|
|
||||||
# or by checking matrix.org/federationtester/api/report?server_name=$host
|
|
||||||
#
|
|
||||||
#tls_fingerprints: [{"sha256": "<base64_encoded_sha256_fingerprint>"}]
|
|
||||||
|
|
||||||
## Database ##
|
## Database ##
|
||||||
database:
|
database:
|
||||||
|
|
Loading…
Reference in New Issue
Block a user