openbsd-ports

cpet/openbsd-ports

Fork 0

History

sthen 5bbac44ee1 remove daemon from @newuser again

2022-12-07 16:24:58 +00:00

DESCR

…

PLIST

remove daemon from @newuser again

2022-12-07 16:24:58 +00:00

README

net/synapse: fix path to register_new_matrix_user in README

2022-11-21 14:03:29 +00:00

synapse.rc

net/synapse: upgrade to 1.65.0.

2022-08-20 07:27:03 +00:00

README

+-------------------------------------------------------------------------------
| Running ${PKGSTEM} on OpenBSD
+-------------------------------------------------------------------------------

Generate a config
=================

As root (or _synapse), go into ${LOCALSTATEDIR}/synapse, then use
doas -u _synapse ${MODPY_BIN} -m synapse.app.homeserver \
	-c ${LOCALSTATEDIR}/synapse/homeserver.yaml --generate-config \
	--server-name matrix.example.com --report-stats=no \
	--generate-keys --keys-directory ${LOCALSTATEDIR}/synapse

Register a user
===============
doas -u _synapse \
	${PREFIX}/bin/register_new_matrix_user \
	-c ${LOCALSTATEDIR}/synapse/homeserver.yaml \
	http://localhost:8008

Configuration with TLS
======================

By default, synapse will run without TLS on localhost:8008
This means that you will not be able to connect to your server remotely.
The best way to achieve remote connectivity is through a reverse proxy.

Here is a relayd.conf(5) example:

  http protocol synapse {
    match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
    match request header append "X-Forwaded-By" value "$SERVER_ADDR:$SERVER_PORT"

    tls keypair "matrix.example.com"

    match request header set "Connection" value "close"
  }

  relay "synapse" {
    listen on matrix.example.com port 443 tls
    protocol "synapse"
    forward to 127.0.0.1 port 8008
  }

  relay "synapse-server" {
    listen on matrix.example.com port 8448 tls
    protocol "synapse"
    forward to 127.0.0.1 port 8008
  }

Here is an Nginx vhost reverse proxy example:

    server {
        listen 443 ssl;
        listen [::]:443 ssl;
        ssl_certificate /etc/ssl/matrix.example.com.pem;
        ssl_certificate_key /etc/ssl/private/matrix.example.com.key;
        server_name matrix.example.com;

        location /_matrix {
            proxy_pass http://localhost:8008;
            proxy_set_header X-Forwarded-For $remote_addr;
        }
    }

    server {
        listen 8448 ssl default_server;
        listen [::]:8448 ssl default_server;
        ssl_certificate /etc/ssl/matrix.example.com.pem;
        ssl_certificate_key /etc/ssl/private/matrix.example.com.key;
        server_name matrix.example.com;

        location / {
            proxy_pass http://localhost:8008;
            proxy_set_header X-Forwarded-For $remote_addr;
        }
    }