mirror of
https://github.com/element-hq/synapse.git
synced 2024-12-15 17:51:10 +00:00
Add "--open-private-ports" cmdline option
This is helpful when generating a config file for running synapse under docker.
This commit is contained in:
parent
6a92b06cbb
commit
3f8a252dd8
3 changed files with 27 additions and 6 deletions
|
@ -209,7 +209,7 @@ listeners:
|
||||||
- names: [client, federation]
|
- names: [client, federation]
|
||||||
compress: false
|
compress: false
|
||||||
|
|
||||||
# example additonal_resources:
|
# example additional_resources:
|
||||||
#
|
#
|
||||||
#additional_resources:
|
#additional_resources:
|
||||||
# "/_matrix/my/custom/endpoint":
|
# "/_matrix/my/custom/endpoint":
|
||||||
|
|
|
@ -150,6 +150,7 @@ class Config(object):
|
||||||
server_name,
|
server_name,
|
||||||
generate_secrets=False,
|
generate_secrets=False,
|
||||||
report_stats=None,
|
report_stats=None,
|
||||||
|
open_private_ports=False,
|
||||||
):
|
):
|
||||||
"""Build a default configuration file
|
"""Build a default configuration file
|
||||||
|
|
||||||
|
@ -173,6 +174,9 @@ class Config(object):
|
||||||
report_stats (bool|None): Initial setting for the report_stats setting.
|
report_stats (bool|None): Initial setting for the report_stats setting.
|
||||||
If None, report_stats will be left unset.
|
If None, report_stats will be left unset.
|
||||||
|
|
||||||
|
open_private_ports (bool): True to leave private ports (such as the non-TLS
|
||||||
|
HTTP listener) open to the internet.
|
||||||
|
|
||||||
Returns:
|
Returns:
|
||||||
str: the yaml config file
|
str: the yaml config file
|
||||||
"""
|
"""
|
||||||
|
@ -185,6 +189,7 @@ class Config(object):
|
||||||
server_name=server_name,
|
server_name=server_name,
|
||||||
generate_secrets=generate_secrets,
|
generate_secrets=generate_secrets,
|
||||||
report_stats=report_stats,
|
report_stats=report_stats,
|
||||||
|
open_private_ports=open_private_ports,
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -298,6 +303,14 @@ class Config(object):
|
||||||
" stored. Defaults to the current working directory."
|
" stored. Defaults to the current working directory."
|
||||||
),
|
),
|
||||||
)
|
)
|
||||||
|
generate_group.add_argument(
|
||||||
|
"--open-private-ports",
|
||||||
|
action="store_true",
|
||||||
|
help=(
|
||||||
|
"Leave private ports (such as the non-TLS HTTP listener) open to the"
|
||||||
|
" internet. Do not use this unless you know what you are doing."
|
||||||
|
),
|
||||||
|
)
|
||||||
|
|
||||||
config_args, remaining_args = config_parser.parse_known_args(argv)
|
config_args, remaining_args = config_parser.parse_known_args(argv)
|
||||||
|
|
||||||
|
@ -351,6 +364,7 @@ class Config(object):
|
||||||
server_name=server_name,
|
server_name=server_name,
|
||||||
report_stats=(config_args.report_stats == "yes"),
|
report_stats=(config_args.report_stats == "yes"),
|
||||||
generate_secrets=True,
|
generate_secrets=True,
|
||||||
|
open_private_ports=config_args.open_private_ports,
|
||||||
)
|
)
|
||||||
|
|
||||||
if not cls.path_exists(config_dir_path):
|
if not cls.path_exists(config_dir_path):
|
||||||
|
|
|
@ -307,7 +307,9 @@ class ServerConfig(Config):
|
||||||
def has_tls_listener(self):
|
def has_tls_listener(self):
|
||||||
return any(l["tls"] for l in self.listeners)
|
return any(l["tls"] for l in self.listeners)
|
||||||
|
|
||||||
def generate_config_section(self, server_name, data_dir_path, **kwargs):
|
def generate_config_section(
|
||||||
|
self, server_name, data_dir_path, open_private_ports, **kwargs
|
||||||
|
):
|
||||||
_, bind_port = parse_and_validate_server_name(server_name)
|
_, bind_port = parse_and_validate_server_name(server_name)
|
||||||
if bind_port is not None:
|
if bind_port is not None:
|
||||||
unsecure_port = bind_port - 400
|
unsecure_port = bind_port - 400
|
||||||
|
@ -320,6 +322,13 @@ class ServerConfig(Config):
|
||||||
# Bring DEFAULT_ROOM_VERSION into the local-scope for use in the
|
# Bring DEFAULT_ROOM_VERSION into the local-scope for use in the
|
||||||
# default config string
|
# default config string
|
||||||
default_room_version = DEFAULT_ROOM_VERSION
|
default_room_version = DEFAULT_ROOM_VERSION
|
||||||
|
|
||||||
|
unsecure_http_binding = "port: %i\n tls: false" % (unsecure_port,)
|
||||||
|
if not open_private_ports:
|
||||||
|
unsecure_http_binding += (
|
||||||
|
"\n bind_addresses: ['::1', '127.0.0.1']"
|
||||||
|
)
|
||||||
|
|
||||||
return (
|
return (
|
||||||
"""\
|
"""\
|
||||||
## Server ##
|
## Server ##
|
||||||
|
@ -511,9 +520,7 @@ class ServerConfig(Config):
|
||||||
# If you plan to use a reverse proxy, please see
|
# If you plan to use a reverse proxy, please see
|
||||||
# https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.rst.
|
# https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.rst.
|
||||||
#
|
#
|
||||||
- port: %(unsecure_port)s
|
- %(unsecure_http_binding)s
|
||||||
tls: false
|
|
||||||
bind_addresses: ['::1', '127.0.0.1']
|
|
||||||
type: http
|
type: http
|
||||||
x_forwarded: true
|
x_forwarded: true
|
||||||
|
|
||||||
|
@ -521,7 +528,7 @@ class ServerConfig(Config):
|
||||||
- names: [client, federation]
|
- names: [client, federation]
|
||||||
compress: false
|
compress: false
|
||||||
|
|
||||||
# example additonal_resources:
|
# example additional_resources:
|
||||||
#
|
#
|
||||||
#additional_resources:
|
#additional_resources:
|
||||||
# "/_matrix/my/custom/endpoint":
|
# "/_matrix/my/custom/endpoint":
|
||||||
|
|
Loading…
Reference in a new issue