From 0c8f57f8c877c052d1b42ef8a1afdbd9fc100bca Mon Sep 17 00:00:00 2001 From: David von Oheimb Date: Sun, 16 Feb 2025 17:21:34 +0100 Subject: [PATCH] docs: mention important advantage of using a reverse proxy: TLS credential management adding this text: Another important advantage is that such a reverse proxy is better suited for handling TLS, in particular for managing the needed credentials (certificate etc.). --- README.rst | 2 ++ docs/reverse_proxy.md | 5 +++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/README.rst b/README.rst index 77f861e788..53429394a5 100644 --- a/README.rst +++ b/README.rst @@ -56,6 +56,8 @@ It is recommended to put a reverse proxy such as `relayd `_ in front of Synapse. One advantage of doing so is that it means that you can expose the default https port (443) to Matrix clients without needing to run Synapse with root privileges. +Another important advantage is that such a reverse proxy is better suited for +handling TLS, in particular for managing the needed credentials (certificate etc.). For information on configuring one, see `the reverse proxy docs `_. diff --git a/docs/reverse_proxy.md b/docs/reverse_proxy.md index 45de2b1f65..175d1cfcb4 100644 --- a/docs/reverse_proxy.md +++ b/docs/reverse_proxy.md @@ -7,8 +7,9 @@ It is recommended to put a reverse proxy such as [HAProxy](https://www.haproxy.org/) or [relayd](https://man.openbsd.org/relayd.8) in front of Synapse. One advantage of doing so is that it means that you can expose the default https port -(443) to Matrix clients without needing to run Synapse with root -privileges. +(443) to Matrix clients without needing to run Synapse with root privileges. +Another important advantage is that such a reverse proxy is better suited for +handling TLS, in particular for managing the needed credentials (certificate etc.). You should configure your reverse proxy to forward requests to `/_matrix` or `/_synapse/client` to Synapse, and have it set the `X-Forwarded-For` and