matrix-synapse: Change config for server names
This makes a lot of default setups much simpler to deploy
This commit is contained in:
parent
3a7f3cb319
commit
73a9542625
6 changed files with 43 additions and 26 deletions
|
@ -28,13 +28,13 @@ Refer to [the main Synapse docs](https://github.com/matrix-org/synapse/blob/mast
|
||||||
For the simplest possible Matrix install, you can run your Synapse install on the root of the domain you wish in your MXIDs.
|
For the simplest possible Matrix install, you can run your Synapse install on the root of the domain you wish in your MXIDs.
|
||||||
If you - for instance - own the domain `chosenin.space` and want to run Matrix on it, you would simply install the chart as;
|
If you - for instance - own the domain `chosenin.space` and want to run Matrix on it, you would simply install the chart as;
|
||||||
|
|
||||||
helm install matrix-synapse --set config.serverName=chosenin.space --set wellknown.enabled=true
|
helm install matrix-synapse --set serverName=chosenin.space --set wellknown.enabled=true
|
||||||
|
|
||||||
This would set up Synapse with client-server and federation both exposed on `chosenin.space/_matrix`, as well as a tiny lighttpd server that responds to federation lookups on `chosenin.space/.well-known/matrix/server`.
|
This would set up Synapse with client-server and federation both exposed on `chosenin.space/_matrix`, as well as a tiny lighttpd server that responds to federation lookups on `chosenin.space/.well-known/matrix/server`.
|
||||||
|
|
||||||
You can also use this to run a Synapse on a subdomain, with said subdomain as part of your MXIDs; (`@user:matrix.chosenin.space` in this case)
|
You can also use this to run a Synapse on a subdomain, with said subdomain as part of your MXIDs; (`@user:matrix.chosenin.space` in this case)
|
||||||
|
|
||||||
helm install matrix-synapse --set config.serverName=matrix.chosenin.space --set wellknown.enabled=true
|
helm install matrix-synapse --set serverName=matrix.chosenin.space --set wellknown.enabled=true
|
||||||
|
|
||||||
### On separate subdomain
|
### On separate subdomain
|
||||||
|
|
||||||
|
@ -42,17 +42,21 @@ If - on the other hand - you own the domain `example.com`, want your MXIDs in th
|
||||||
|
|
||||||
For DNS, you could install the chart as;
|
For DNS, you could install the chart as;
|
||||||
|
|
||||||
helm install matrix-synapse --set config.serverName=example.com --set config.publicBaseUrl=https://matrix.example.com --set ingress.includeServerName=false --set ingress.hosts={example.com} --set ingress.csHosts={matrix.example.com}
|
helm install matrix-synapse --set serverName=example.com --set publicServerName=matrix.example.com
|
||||||
|
|
||||||
This will add only federation endpoints to `example.com`, along with client endpoints on `matrix.example.com`. You will also need to have valid certs for both `example.com` as well as `matrix.example.com` for your Synapse to use.
|
This will add federation endpoints to `example.com`, along with client endpoints on `matrix.example.com`. For this to work, you will need to have valid certs for both `example.com` as well as `matrix.example.com` for your Synapse to use.
|
||||||
To get federation working with such a setup, you would need to add an SRV record to your DNS - for example;
|
To get federation working with such a setup, you would also need to add an SRV record to your DNS - for example;
|
||||||
`_matrix._tcp.example.com 10 1 443 matrix.example.com`
|
|
||||||
|
|
||||||
If you want to use a well-known file for federation instead, then your install might look more like;
|
_matrix._tcp.example.com 10 1 443 matrix.example.com
|
||||||
|
|
||||||
helm install matrix-synapse --set config.serverName=example.com --set config.publicBaseUrl=https://matrix.example.com --set wellknown.enabled=true --set wellknown.host=matrix.example.com --set ingress.includeServerName=false --set ingress.hosts={matrix.example.com} --set ingress.csHosts={matrix.example.com} --set ingress.wkHosts={example.com}
|
If you want to use a well-known file for federation instead of an SRV record, then your install might look more like;
|
||||||
|
|
||||||
With well-known federation, your client-to-server/public host is the one that needs to handle both client and federation traffic. On your main domain you'll instead only need something that can respond with a JSON file on the URL `example.com/.well-known/matrix/server`, which the included wellknown server will do.
|
helm install matrix-synapse --set serverName=example.com --set publicServerName=matrix.example.com --set wellknown.enabled=true
|
||||||
When using well-known federation, your Synapse cert would only need to be valid for `matrix.example.com`.
|
|
||||||
|
|
||||||
|
With well-known federation, your client-to-server/public host is the one that needs to handle both client and federation traffic. On your main domain you'll instead only need something that can respond with a JSON file on the URL `example.com/.well-known/matrix/server` - which the included wellknown server will gladly do for you.
|
||||||
|
Additionally, when using well-known federation, your Synapse cert only needs to be valid for `matrix.example.com`.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
More advanced setups can be made using `ingress.hosts`, `ingress.csHosts`, and `ingress.wkHosts` for server-server, client-server, and well-known endpoints respectively.
|
||||||
|
Alternatively, you can use your own ingress setup, or switch the main service to `LoadBalancer` and add a TLS listener.
|
||||||
|
|
|
@ -34,7 +34,7 @@ data:
|
||||||
## Server ##
|
## Server ##
|
||||||
|
|
||||||
server_name: {{ required "You need to specify a server name" .Values.config.serverName | quote }}
|
server_name: {{ required "You need to specify a server name" .Values.config.serverName | quote }}
|
||||||
public_baseurl: {{ .Values.config.publicBaseurl | default (printf "https://%s" .Values.config.serverName) | quote }}
|
public_baseurl: {{ .Values.config.publicBaseurl | default (printf "https://%s" (.Values.config.publicServerName | default .Values.config.serverName)) | quote }}
|
||||||
pid_file: /homeserver.pid
|
pid_file: /homeserver.pid
|
||||||
web_client: False
|
web_client: False
|
||||||
soft_file_limit: 0
|
soft_file_limit: 0
|
||||||
|
|
|
@ -29,7 +29,7 @@ spec:
|
||||||
rules:
|
rules:
|
||||||
{{- $csHosts := .Values.ingress.csHosts }}
|
{{- $csHosts := .Values.ingress.csHosts }}
|
||||||
{{- if .Values.ingress.includeServerName }}
|
{{- if .Values.ingress.includeServerName }}
|
||||||
{{- $csHosts = concat (list .Values.config.serverName) $csHosts }}
|
{{- $csHosts = concat (list (.Values.config.publicServerName | default .Values.config.serverName)) $csHosts }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- $s2sHosts := .Values.ingress.hosts }}
|
{{- $s2sHosts := .Values.ingress.hosts }}
|
||||||
{{- if .Values.ingress.includeServerName }}
|
{{- if .Values.ingress.includeServerName }}
|
||||||
|
|
|
@ -8,8 +8,8 @@ metadata:
|
||||||
spec:
|
spec:
|
||||||
type: ClusterIP
|
type: ClusterIP
|
||||||
ports:
|
ports:
|
||||||
- port: 8008
|
- port: {{ .Values.serviceport | default 8008 }}
|
||||||
targetPort: http
|
targetPort: {{ .Values.service.targetPort | default "http" }}
|
||||||
protocol: TCP
|
protocol: TCP
|
||||||
name: http
|
name: http
|
||||||
selector:
|
selector:
|
||||||
|
|
|
@ -39,5 +39,5 @@ data:
|
||||||
"content-type" => "application/json"
|
"content-type" => "application/json"
|
||||||
)
|
)
|
||||||
server.json: |-
|
server.json: |-
|
||||||
{{ dict "m.server" (printf "%s:%d" (.Values.wellknown.host | default .Values.config.serverName) (.Values.wellknown.port | default 443)) | toJson | indent 4 }}
|
{{ dict "m.server" (printf "%s:%d" (.Values.wellknown.host | default (.Values.config.publicServerName | default .Values.config.serverName)) (.Values.wellknown.port | default 443)) | toJson | indent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
|
@ -36,19 +36,23 @@ signingkey:
|
||||||
# existingSecret:
|
# existingSecret:
|
||||||
# existingSecretKey: signing.key
|
# existingSecretKey: signing.key
|
||||||
|
|
||||||
## Common Matrix configuration values, for any value not handled by this block,
|
|
||||||
## you will want to instead set it in extraConfig.
|
|
||||||
##
|
|
||||||
config:
|
|
||||||
## The Matrix domain name, this is what will be used for the domain part in
|
## The Matrix domain name, this is what will be used for the domain part in
|
||||||
## your MXIDs.
|
## your MXIDs.
|
||||||
##
|
##
|
||||||
# serverName: 'example.com'
|
# serverName: 'example.com'
|
||||||
|
|
||||||
## The publicly accessible URL for the Synapse instance, will default to
|
## The public Matrix server name, this will be used for any public URLs
|
||||||
## https://<serverName>.
|
## in config as well as for client API links in the ingress.
|
||||||
|
# publicServerName: 'matrix.example.com'
|
||||||
|
|
||||||
|
## Common Matrix configuration values, for any value not handled by this block,
|
||||||
|
## you will want to instead set it in extraConfig.
|
||||||
##
|
##
|
||||||
# publicBaseurl: 'https://example.com'
|
config:
|
||||||
|
## The publicly accessible URL for the Synapse instance, will default to
|
||||||
|
## https://<publicServerName>.
|
||||||
|
##
|
||||||
|
# publicBaseurl: 'https://matrix.example.com'
|
||||||
|
|
||||||
## The size of the event cache.
|
## The size of the event cache.
|
||||||
##
|
##
|
||||||
|
@ -143,8 +147,8 @@ synapse:
|
||||||
# - name: SYNAPSE_CACHE_FACTOR
|
# - name: SYNAPSE_CACHE_FACTOR
|
||||||
# value: "2"
|
# value: "2"
|
||||||
|
|
||||||
## Configuration for the pod security policy, Synapse will by default run as its
|
## Configuration for the pod security policy, Synapse will by always run as
|
||||||
## own user, even if not set.
|
## its own user, even if not set.
|
||||||
## Note that changing this may also require you to use the volumePermission
|
## Note that changing this may also require you to use the volumePermission
|
||||||
## helper depending on your storage.
|
## helper depending on your storage.
|
||||||
##
|
##
|
||||||
|
@ -541,8 +545,17 @@ volumePermissions:
|
||||||
# memory: 128Mi
|
# memory: 128Mi
|
||||||
# cpu: 100m
|
# cpu: 100m
|
||||||
|
|
||||||
## The K8s ingress configuration, this will be quite heavily used in order to set
|
## Configuration for the main Synapse service.
|
||||||
## up all routing necessary for use with a sharded Synapse instance.
|
## To use TLS inside Synapse itself, add an TLS listener, and change the ports
|
||||||
|
## configured in here.
|
||||||
|
##
|
||||||
|
service:
|
||||||
|
type: ClusterIP
|
||||||
|
port: 8008
|
||||||
|
targetPort: http
|
||||||
|
|
||||||
|
## The K8s ingress configuration, this will be quite heavily used in order to
|
||||||
|
## set up all routing necessary for use with a sharded Synapse instance.
|
||||||
## If you're not using a Ingress compatible K8s ingress, you will need to set up
|
## If you're not using a Ingress compatible K8s ingress, you will need to set up
|
||||||
## your own routing instead.
|
## your own routing instead.
|
||||||
##
|
##
|
||||||
|
|
Loading…
Reference in a new issue