2020-06-25 09:16:20 +00:00
|
|
|
cdist-type__matrix_synapse(7)
|
|
|
|
======================
|
|
|
|
|
|
|
|
NAME
|
|
|
|
----
|
|
|
|
cdist-type__matrix_synapse - Install and configure Synapse, a Matrix homeserver
|
|
|
|
|
|
|
|
|
|
|
|
DESCRIPTION
|
|
|
|
-----------
|
|
|
|
This type install and configure the Synapse Matrix homeserver. This is a
|
|
|
|
signleton type.
|
|
|
|
|
|
|
|
|
|
|
|
REQUIRED PARAMETERS
|
|
|
|
-------------------
|
2021-02-12 08:58:10 +00:00
|
|
|
server-name
|
2020-06-25 09:16:20 +00:00
|
|
|
Name of your homeserver (e.g. ungleich.ch) used as part of your MXIDs. This
|
2021-02-17 08:44:50 +00:00
|
|
|
value cannot be changed later on.
|
2020-06-25 09:16:20 +00:00
|
|
|
|
2021-02-12 08:58:10 +00:00
|
|
|
base-url
|
2021-02-17 08:44:50 +00:00
|
|
|
Public URL of your homeserver (e.g. `<http://matrix.ungleich.ch>`_).
|
2020-06-25 09:16:20 +00:00
|
|
|
|
2021-02-12 08:58:10 +00:00
|
|
|
database-engine
|
2021-02-17 08:44:50 +00:00
|
|
|
'sqlite3' or 'psycopg2' (= Postgresql).
|
2020-06-25 09:16:20 +00:00
|
|
|
|
2021-02-12 08:58:10 +00:00
|
|
|
database-name
|
2021-02-17 08:44:50 +00:00
|
|
|
Path to database file if SQLite3 is used or database name if PostgresSQL is
|
2020-06-25 09:16:20 +00:00
|
|
|
used.
|
|
|
|
|
|
|
|
OPTIONAL PARAMETERS
|
|
|
|
-------------------
|
2021-02-12 08:58:10 +00:00
|
|
|
database-host
|
2020-06-25 09:16:20 +00:00
|
|
|
Database node address, only used with PostgresSQL.
|
|
|
|
|
2021-02-12 08:58:10 +00:00
|
|
|
database-user
|
2020-06-25 09:16:20 +00:00
|
|
|
Database user, only used with PostgresSQL.
|
|
|
|
|
2021-02-12 08:58:10 +00:00
|
|
|
database-password
|
2020-06-25 09:16:20 +00:00
|
|
|
Database password, only used with PostgresSQL.
|
|
|
|
|
2021-02-24 17:50:01 +00:00
|
|
|
database-connection-pool-min
|
|
|
|
The minimum number of connections in pool, defaults to 3.
|
|
|
|
|
|
|
|
database-connection-pool-max
|
|
|
|
The maximum number of connections in pool, defaults to 5.
|
|
|
|
|
2021-02-12 08:58:10 +00:00
|
|
|
ldap-uri
|
2020-06-25 09:16:20 +00:00
|
|
|
Address of your LDAP server.
|
|
|
|
|
2021-02-12 08:58:10 +00:00
|
|
|
ldap-base-dn
|
2020-06-25 09:16:20 +00:00
|
|
|
Base DN of your LDAP tree.
|
|
|
|
|
2021-02-12 08:58:10 +00:00
|
|
|
ldap-uid-attribute
|
2020-06-25 09:16:20 +00:00
|
|
|
LDAP attriute mapping to Synapse's uid field, default to uid.
|
|
|
|
|
2021-02-12 08:58:10 +00:00
|
|
|
ldap-mail-attribute
|
2020-06-25 09:16:20 +00:00
|
|
|
LDAP attriute mapping to Synapse's mail field, default to mail.
|
|
|
|
|
2021-02-12 08:58:10 +00:00
|
|
|
ldap-name-attribute
|
2020-06-25 09:16:20 +00:00
|
|
|
LDAP attriute mapping to Synapse's name field, default to givenName.
|
|
|
|
|
2021-02-12 08:58:10 +00:00
|
|
|
ldap-bind-dn
|
2020-06-25 09:16:20 +00:00
|
|
|
User used to authenticate against your LDAP server in 'search' mode.
|
|
|
|
|
2021-02-12 08:58:10 +00:00
|
|
|
ldap-bind-password
|
2020-06-25 09:16:20 +00:00
|
|
|
Password used to authenticate against your LDAP server in 'search' mode.
|
|
|
|
|
2021-02-12 08:58:10 +00:00
|
|
|
ldap-filter
|
2020-06-25 09:16:20 +00:00
|
|
|
LDAP user filter, defaulting to `(objectClass=posixAccount)`.
|
|
|
|
|
2021-02-18 10:27:34 +00:00
|
|
|
tls-cert
|
|
|
|
Path to PEM-encoded X509 TLS certificate. Not needed if TLS termination is
|
|
|
|
handled by a reverse Proxy such as NGINX.
|
|
|
|
|
|
|
|
tls-private-key
|
|
|
|
Path to PEM-encoded TLS private key. Not needed if TLS termination is
|
|
|
|
handled by a reverse Proxy such as NGINX.
|
|
|
|
|
2021-02-17 08:44:50 +00:00
|
|
|
smtp-host
|
|
|
|
The hostname of the outgoing SMTP server to use. Defaults to 'localhost'.
|
|
|
|
|
|
|
|
smtp-port
|
|
|
|
# The port on the mail server for outgoing SMTP. Defaults to 25.
|
|
|
|
|
|
|
|
smtp-user
|
|
|
|
Username for authentication to the SMTP server. By
|
|
|
|
default, no authentication is attempted.
|
|
|
|
|
|
|
|
smtp-password
|
|
|
|
Password for authentication to the SMTP server. By
|
|
|
|
default, no authentication is attempted.
|
|
|
|
|
|
|
|
notification-from
|
|
|
|
From address to use when sending emails. Defaults
|
|
|
|
to "%(app)s <no-reply@$SERVER_NAME>".
|
|
|
|
|
|
|
|
message-max-lifetime
|
|
|
|
Default retention policy. If set, Synapse will apply it to rooms that lack
|
|
|
|
the 'm.room.retention' state event. Ignored if
|
|
|
|
enable-message-retention-policy is not set. Defaults to 1y.
|
|
|
|
|
|
|
|
web-client-url
|
|
|
|
Custom URL for client links within the email
|
|
|
|
notifications. By default links will be based on
|
|
|
|
"https://matrix.to".
|
|
|
|
|
|
|
|
global-cache-factor
|
|
|
|
Controls the global cache factor, which is the default cache factor for all
|
|
|
|
caches if a specific factor for that cache is not otherwise set. Defaults to
|
|
|
|
0.5, which will half the size of all caches.
|
|
|
|
|
|
|
|
event-cache-size
|
|
|
|
The number of events to cache in memory. Not affected by
|
|
|
|
caches.global_factor. Defaults to 10K.
|
|
|
|
|
|
|
|
remote-room-complexity-threshold
|
|
|
|
The limit above which rooms cannot be joined when
|
|
|
|
limit-remote-room-complexity is set. Room complexity is an arbitrary measure
|
|
|
|
based on factors such as the number of users in the room. The default is 1.0.
|
|
|
|
|
|
|
|
room-encrypt-policy
|
|
|
|
Controls whether locally-created rooms should be end-to-end encrypted by
|
|
|
|
default. Possible options are "all" (any locally-created room), "invite"
|
|
|
|
(any room created with the private_chat or trusted_private_chat room
|
|
|
|
creation presets , and "off" (this option will take no effect). Defaults to
|
|
|
|
"off".
|
|
|
|
|
2021-02-12 08:58:10 +00:00
|
|
|
turn-uri
|
2020-06-25 09:16:20 +00:00
|
|
|
URI to TURN server, can be provided multiple times if there is more than one
|
|
|
|
server.
|
|
|
|
|
2021-02-12 08:58:10 +00:00
|
|
|
turn-shared-secret
|
2020-06-25 09:16:20 +00:00
|
|
|
Shared secret used to access the TURN REST API.
|
|
|
|
|
2021-02-12 08:58:10 +00:00
|
|
|
turn-user-lifetime
|
2020-06-25 09:16:20 +00:00
|
|
|
Lifetime of TURN credentials. Defaults to 1h.
|
|
|
|
|
2021-02-12 08:58:10 +00:00
|
|
|
max-upload-size
|
2020-06-25 09:16:20 +00:00
|
|
|
Maximum size for user-uploaded files. Defaults to 10M.
|
|
|
|
|
2021-02-12 08:58:10 +00:00
|
|
|
rc-message-per-second
|
2020-06-25 09:16:20 +00:00
|
|
|
Message rate-limiting (per second). Defaults to 0.17.
|
|
|
|
|
2021-02-12 08:58:10 +00:00
|
|
|
rc-message-burst
|
2020-06-25 09:16:20 +00:00
|
|
|
Message rate-limiting (burst). Defaults to 3.
|
|
|
|
|
2021-02-12 08:58:10 +00:00
|
|
|
rc-login-per-second
|
2020-06-25 09:16:20 +00:00
|
|
|
Login rate-limiting (per-second). Defaults to 0.17.
|
|
|
|
|
2021-02-12 08:58:10 +00:00
|
|
|
rc-login-burst
|
2020-06-25 09:16:20 +00:00
|
|
|
Login rate-limiting (burst). Defaults to 3.
|
|
|
|
|
2021-02-12 08:58:10 +00:00
|
|
|
registration-allows-email-pattern
|
2020-06-25 09:16:20 +00:00
|
|
|
Only allow email addresses matching specified filter. Can be specified multiple times. A pattern must look like `.*@vector\.im`.
|
|
|
|
|
2021-02-12 08:58:10 +00:00
|
|
|
auto-join-room
|
2020-06-25 09:16:20 +00:00
|
|
|
Room where newly-registered users are automatically added. Can be specified multiple times.
|
|
|
|
|
2021-02-12 08:58:10 +00:00
|
|
|
app-service-config-file
|
2020-06-25 09:16:20 +00:00
|
|
|
Path (on remote) of an application service configuration file to load. Can be specified multiple times.
|
|
|
|
|
2021-02-17 09:05:26 +00:00
|
|
|
worker-replication-secret
|
|
|
|
A shared secret used by the replication APIs to authenticate HTTP requests
|
|
|
|
from workers. Ignored if worker-mode is not set. By default this is unused and
|
|
|
|
traffic is not authenticated.
|
|
|
|
|
2021-02-24 16:58:42 +00:00
|
|
|
background-tasks-worker
|
2021-02-17 09:05:26 +00:00
|
|
|
The worker that is used to run background tasks (e.g. cleaning up expired
|
|
|
|
data). If not provided this defaults to the main process.
|
|
|
|
|
2021-02-18 13:09:07 +00:00
|
|
|
registration-shared-secret
|
|
|
|
If set, allows registration of standard or admin accounts by anyone who
|
|
|
|
has the shared secret, even if registration is otherwise disabled.
|
|
|
|
|
2021-02-19 10:25:16 +00:00
|
|
|
bind-address
|
|
|
|
Address used to bind the synapse listeners. Can be specified multiple times.
|
|
|
|
Defaults to '::1' and '127.0.0.1'.
|
|
|
|
|
2021-02-12 08:58:10 +00:00
|
|
|
extra-setting
|
2020-06-25 09:16:20 +00:00
|
|
|
Arbitrary string to be added to the configuration file. Can be specified multiple times.
|
|
|
|
|
|
|
|
BOOLEAN PARAMETERS
|
|
|
|
------------------
|
2021-02-17 08:44:50 +00:00
|
|
|
enable-registrations
|
2020-06-25 09:16:20 +00:00
|
|
|
Enables user registration on the homeserver.
|
|
|
|
|
2021-02-12 08:58:10 +00:00
|
|
|
enable-ldap-auth
|
2020-06-25 09:16:20 +00:00
|
|
|
Enables ldap-backed authentication.
|
|
|
|
|
2021-02-17 08:44:50 +00:00
|
|
|
ldap-use-starttls
|
|
|
|
Use STARTTLS when connection to the LDAP server.
|
2020-06-25 09:16:20 +00:00
|
|
|
|
2021-02-12 08:58:10 +00:00
|
|
|
report-stats
|
2020-06-25 09:16:20 +00:00
|
|
|
Whether or not to report anonymized homeserver usage statistics.
|
|
|
|
|
2021-02-12 08:58:10 +00:00
|
|
|
expose-metrics
|
2020-06-25 09:16:20 +00:00
|
|
|
Expose metrics endpoint for Prometheus.
|
|
|
|
|
2021-02-17 08:44:50 +00:00
|
|
|
enable-notifications
|
|
|
|
Enable mail notifications (see smtp-* optinal parameters).
|
|
|
|
|
|
|
|
smtp-use-starttls
|
|
|
|
Use STARTTLS when connection to the SMTP server.
|
|
|
|
|
2021-02-12 08:58:10 +00:00
|
|
|
disable-federation
|
2020-06-25 09:16:20 +00:00
|
|
|
Disable federation to the broader matrix network.
|
|
|
|
|
2021-02-12 08:58:10 +00:00
|
|
|
registration-require-email
|
2020-06-25 09:16:20 +00:00
|
|
|
Make email a required field on registration.
|
|
|
|
|
2021-02-12 08:58:10 +00:00
|
|
|
allow-public-rooms-over-federation
|
2020-06-25 09:16:20 +00:00
|
|
|
Allow other homeservers to fetch this server's public room directory.
|
|
|
|
|
2021-02-12 08:58:10 +00:00
|
|
|
allow-public-rooms-without-auth
|
2020-06-25 09:16:20 +00:00
|
|
|
If set to 'false', requires authentication to access the server's public rooms directory through the client API.
|
|
|
|
|
2021-02-12 08:58:10 +00:00
|
|
|
enable-server-notices
|
2020-06-25 09:16:20 +00:00
|
|
|
Enable the server notices room.
|
|
|
|
|
2021-02-12 08:58:10 +00:00
|
|
|
allow-guest-access
|
2020-06-25 09:16:20 +00:00
|
|
|
Allows users to register as guests without a password/email/etc, and
|
2021-02-17 08:44:50 +00:00
|
|
|
participate in rooms hosted on this server which have been made accessible
|
|
|
|
to anonymous users.
|
|
|
|
|
|
|
|
limit-remote-room-complexity
|
|
|
|
When this is enabled, the room "complexity" will be checked before a user joins
|
|
|
|
a new remote room. If it is above the complexity limit (see
|
|
|
|
remote-room-complexity-threshold parameter), the server will disallow
|
|
|
|
joining, or will instantly leave.
|
|
|
|
|
|
|
|
disable-presence
|
|
|
|
Disable presence tracking on this homeserver.
|
|
|
|
|
|
|
|
user-directory-search-all-users
|
|
|
|
Defines whether to search all users visible to your HS when searching the
|
|
|
|
user directory, rather than limiting to users visible in public rooms.
|
|
|
|
If you set it True, you'll have to rebuild the user_directory search indexes,
|
|
|
|
see
|
|
|
|
`<https://github.com/matrix-org/synapse/blob/master/docs/user_directory.md>`_.
|
|
|
|
|
|
|
|
enable-message-retention-policy
|
|
|
|
If this feature is enabled, Synapse will regularly look for and purge events
|
|
|
|
which are older than the room's maximum retention period. Synapse will also
|
|
|
|
filter events received over federation so that events that should have been
|
|
|
|
purged are ignored and not stored again. See message-max-lifetime flag.
|
|
|
|
|
2021-02-17 09:05:26 +00:00
|
|
|
worker-mode
|
|
|
|
For small instances it recommended to run Synapse in the default monolith
|
|
|
|
mode. For larger instances where performance is a concern it can be helpful
|
|
|
|
to split out functionality into multiple separate python processes. These
|
|
|
|
processes are called 'workers'. Please read the WORKER MODE section of this
|
|
|
|
manpage before enabling, as extra work and considerations are required.
|
|
|
|
|
2021-02-17 08:44:50 +00:00
|
|
|
PERFORMANCE
|
|
|
|
-----------
|
|
|
|
|
|
|
|
The Synapse server is not very performant (initial implementation, pretty
|
|
|
|
resource hungry, etc.) and will eventually be replaced by Dendrite. The
|
|
|
|
following parameters (see above descriptions) will help you with performance
|
|
|
|
tuning:
|
|
|
|
|
|
|
|
* global-cache-factor
|
|
|
|
* event-cache-size
|
|
|
|
* disable-presence
|
|
|
|
* limit-remote-room-complexity and remote-room-complexity-threshold
|
|
|
|
|
|
|
|
WORKER MODE
|
|
|
|
-----------
|
|
|
|
|
2021-02-17 09:05:26 +00:00
|
|
|
Worker mode allows to move some processing out of the main synapse process for
|
|
|
|
horizontal scaling. You are expected to use the
|
|
|
|
`cdist-type__matrix_synapse_worker(7)
|
|
|
|
<cdist-type__matrix_synapse_worker.html>`_ type to set up workers when the
|
|
|
|
worker-mode flag is set.
|
|
|
|
|
|
|
|
Worker mode depend on the following components:
|
|
|
|
|
|
|
|
* A working `redis <https://redis.io/>`_ server
|
|
|
|
* The hiredis python package (`python3-hiredis
|
|
|
|
<https://packages.debian.org/buster/python3-hiredis>`_ on debian, not
|
|
|
|
packaged in alpine as of 2021-02-17).
|
|
|
|
* The txredisapi python package, which is not packaged on debian nor alpine
|
|
|
|
as of 2021-02-17.
|
|
|
|
|
|
|
|
The current way to install the above two python packages (if not packaged in
|
|
|
|
your distribution) is sadly to use pip (see `cdist-type__python_pip(7)
|
|
|
|
<cdist-type__python_pip.html>`_ core cdist type).
|
|
|
|
|
|
|
|
It is also recommended to first take a look at:
|
|
|
|
|
|
|
|
- `upstream's high-level overview on workers (matrix.org blog post) <https://matrix.org/blog/2020/11/03/how-we-fixed-synapses-scalability>`_
|
|
|
|
- `upstream's documentation on workers <https://github.com/matrix-org/synapse/blob/develop/docs/workers.md>`_
|
2020-06-25 09:16:20 +00:00
|
|
|
|
|
|
|
EXAMPLES
|
|
|
|
--------
|
|
|
|
|
|
|
|
.. code-block:: sh
|
|
|
|
|
2021-02-12 08:58:10 +00:00
|
|
|
__matrix_synapse --server-name ungleich.ch \
|
|
|
|
--base-url https://matrix.ungleich.ch \
|
|
|
|
--database-engine sqlite3 \
|
|
|
|
--database-name /var/lib/matrix-syanpse/homeserver.db
|
2020-06-25 09:16:20 +00:00
|
|
|
|
2021-02-17 08:44:50 +00:00
|
|
|
You might also be interested in ungleich's `__ungleich_matrix
|
|
|
|
<https://code.ungleich.ch/ungleich-public/cdist-ungleich/-/tree/master/type/__ungleich_matrix>`_
|
|
|
|
meta-type.
|
|
|
|
|
2020-06-25 09:16:20 +00:00
|
|
|
SEE ALSO
|
|
|
|
--------
|
2021-02-12 08:58:10 +00:00
|
|
|
- `cdist-type__matrix_element(7) <cdist-type__matrix_element.html>`_
|
2021-02-17 08:44:50 +00:00
|
|
|
- `cdist-type__matrix_synapse_admin(7) <cdist-type__matrix_synapse_admin.html>`_
|
|
|
|
- `cdist-type__matrix_synapse_worker(7) <cdist-type__matrix_synapse_worker.html>`_
|
2020-06-25 09:16:20 +00:00
|
|
|
|
|
|
|
|
|
|
|
AUTHORS
|
|
|
|
-------
|
|
|
|
Timothée Floure <timothee.floure@ungleich.ch>
|
|
|
|
|
|
|
|
|
|
|
|
COPYING
|
|
|
|
-------
|
2021-02-17 08:44:50 +00:00
|
|
|
Copyright \(C) 2019-2021 Timothée Floure. You can redistribute it
|
2020-06-25 09:16:20 +00:00
|
|
|
and/or modify it under the terms of the GNU General Public License as
|
|
|
|
published by the Free Software Foundation, either version 3 of the
|
|
|
|
License, or (at your option) any later version.
|