This commit is contained in:
erikjohnston 2021-07-13 11:08:22 +00:00
parent 31cb5254d4
commit 9cc1d48a38
5 changed files with 42 additions and 16 deletions

View file

@ -5779,7 +5779,7 @@ root:
handlers: [buffer]
disable_existing_loggers: false
``__`</code></pre>
</code></pre>
<div id="chapter_begin" style="break-before: page; page-break-before: always;"></div><h1 id="structured-logging"><a class="header" href="#structured-logging">Structured Logging</a></h1>
<p>A structured logging system can be useful when your logs are destined for a
machine to parse and process. By maintaining its machine-readable characteristics,
@ -8286,9 +8286,22 @@ for the systemd unit files.</p>
contains an example configuration for the <code>federation_reader</code> worker.</p>
<h2 id="synapse-configuration-files"><a class="header" href="#synapse-configuration-files">Synapse configuration files</a></h2>
<p>See <a href="systemd-with-workers/../workers.html">workers.md</a> for information on how to set up the
configuration files and reverse-proxy correctly. You can find an example worker
config in the <a href="https://github.com/matrix-org/synapse/tree/develop/docs/systemd-with-workers/workers/">workers</a>
folder.</p>
configuration files and reverse-proxy correctly.
Below is a sample <code>federation_reader</code> worker configuration file.</p>
<pre><code class="language-yaml">worker_app: synapse.app.federation_reader
worker_name: federation_reader1
worker_replication_host: 127.0.0.1
worker_replication_http_port: 9093
worker_listeners:
- type: http
port: 8011
resources:
- names: [federation]
worker_log_config: /etc/matrix-synapse/federation-reader-log.yaml
</code></pre>
<p>Systemd manages daemonization itself, so ensure that none of the configuration
files set either <code>daemonize</code> or <code>worker_daemonize</code>.</p>
<p>The config files of all workers are expected to be located in
@ -8333,12 +8346,12 @@ systemctl restart matrix-synapse.target
<h2 id="hardening"><a class="header" href="#hardening">Hardening</a></h2>
<p><strong>Optional:</strong> If further hardening is desired, the file
<code>override-hardened.conf</code> may be copied from
<code>contrib/systemd/override-hardened.conf</code> in this repository to the location
<a href="https://github.com/matrix-org/synapse/tree/develop/contrib/systemd/">contrib/systemd/override-hardened.conf</a>
in this repository to the location
<code>/etc/systemd/system/matrix-synapse.service.d/override-hardened.conf</code> (the
directory may have to be created). It enables certain sandboxing features in
systemd to further secure the synapse service. You may read the comments to
understand what the override file is doing. The same file will need to be copied
to
understand what the override file is doing. The same file will need to be copied to
<code>/etc/systemd/system/matrix-synapse-worker@.service.d/override-hardened-worker.conf</code>
(this directory may also have to be created) in order to apply the same
hardening options to any worker processes.</p>

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

View file

@ -194,9 +194,22 @@ for the systemd unit files.</p>
contains an example configuration for the <code>federation_reader</code> worker.</p>
<h2 id="synapse-configuration-files"><a class="header" href="#synapse-configuration-files">Synapse configuration files</a></h2>
<p>See <a href="../workers.html">workers.md</a> for information on how to set up the
configuration files and reverse-proxy correctly. You can find an example worker
config in the <a href="https://github.com/matrix-org/synapse/tree/develop/docs/systemd-with-workers/workers/">workers</a>
folder.</p>
configuration files and reverse-proxy correctly.
Below is a sample <code>federation_reader</code> worker configuration file.</p>
<pre><code class="language-yaml">worker_app: synapse.app.federation_reader
worker_name: federation_reader1
worker_replication_host: 127.0.0.1
worker_replication_http_port: 9093
worker_listeners:
- type: http
port: 8011
resources:
- names: [federation]
worker_log_config: /etc/matrix-synapse/federation-reader-log.yaml
</code></pre>
<p>Systemd manages daemonization itself, so ensure that none of the configuration
files set either <code>daemonize</code> or <code>worker_daemonize</code>.</p>
<p>The config files of all workers are expected to be located in
@ -241,12 +254,12 @@ systemctl restart matrix-synapse.target
<h2 id="hardening"><a class="header" href="#hardening">Hardening</a></h2>
<p><strong>Optional:</strong> If further hardening is desired, the file
<code>override-hardened.conf</code> may be copied from
<code>contrib/systemd/override-hardened.conf</code> in this repository to the location
<a href="https://github.com/matrix-org/synapse/tree/develop/contrib/systemd/">contrib/systemd/override-hardened.conf</a>
in this repository to the location
<code>/etc/systemd/system/matrix-synapse.service.d/override-hardened.conf</code> (the
directory may have to be created). It enables certain sandboxing features in
systemd to further secure the synapse service. You may read the comments to
understand what the override file is doing. The same file will need to be copied
to
understand what the override file is doing. The same file will need to be copied to
<code>/etc/systemd/system/matrix-synapse-worker@.service.d/override-hardened-worker.conf</code>
(this directory may also have to be created) in order to apply the same
hardening options to any worker processes.</p>

View file

@ -261,7 +261,7 @@ root:
handlers: [buffer]
disable_existing_loggers: false
``__`</code></pre>
</code></pre>
</main>