mirror of
https://github.com/element-hq/synapse.git
synced 2024-11-26 19:47:05 +03:00
Disable TLS by default (#4614)
This commit is contained in:
parent
32b781bfe2
commit
a4ce91396b
3 changed files with 29 additions and 28 deletions
1
changelog.d/4614.feature
Normal file
1
changelog.d/4614.feature
Normal file
|
@ -0,0 +1 @@
|
|||
The default configuration no longer requires TLS certificates.
|
|
@ -387,28 +387,24 @@ class ServerConfig(Config):
|
|||
# webclient: A web client. Requires web_client_location to be set.
|
||||
#
|
||||
listeners:
|
||||
# Main HTTPS listener.
|
||||
# For when matrix traffic is sent directly to synapse.
|
||||
- port: %(bind_port)s
|
||||
type: http
|
||||
tls: true
|
||||
|
||||
# List of HTTP resources to serve on this listener.
|
||||
resources:
|
||||
- names: [client]
|
||||
compress: true
|
||||
- names: [federation]
|
||||
compress: false
|
||||
|
||||
# example addional_resources:
|
||||
# TLS-enabled listener: for when matrix traffic is sent directly to synapse.
|
||||
#
|
||||
# additional_resources:
|
||||
# "/_matrix/my/custom/endpoint":
|
||||
# module: my_module.CustomRequestHandler
|
||||
# config: {}
|
||||
# Disabled by default. To enable it, uncomment the following. (Note that you
|
||||
# will also need to give Synapse a TLS key and certificate: see the TLS section
|
||||
# below.)
|
||||
#
|
||||
# - port: %(bind_port)s
|
||||
# type: http
|
||||
# tls: true
|
||||
# resources:
|
||||
# - names: [client, federation]
|
||||
|
||||
# Unsecure HTTP listener
|
||||
# For when matrix traffic passes through a reverse-proxy that unwraps TLS.
|
||||
# Unsecure HTTP listener: for when matrix traffic passes through a reverse proxy
|
||||
# that unwraps TLS.
|
||||
#
|
||||
# If you plan to use a reverse proxy, please see
|
||||
# https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.rst.
|
||||
#
|
||||
- port: %(unsecure_port)s
|
||||
tls: false
|
||||
bind_addresses: ['::1', '127.0.0.1']
|
||||
|
@ -416,18 +412,22 @@ class ServerConfig(Config):
|
|||
x_forwarded: true
|
||||
|
||||
resources:
|
||||
- names: [client]
|
||||
compress: true
|
||||
- names: [federation]
|
||||
- names: [client, federation]
|
||||
compress: false
|
||||
|
||||
# example additonal_resources:
|
||||
#
|
||||
# additional_resources:
|
||||
# "/_matrix/my/custom/endpoint":
|
||||
# module: my_module.CustomRequestHandler
|
||||
# config: {}
|
||||
|
||||
# Turn on the twisted ssh manhole service on localhost on the given
|
||||
# port.
|
||||
# - port: 9000
|
||||
# bind_addresses: ['::1', '127.0.0.1']
|
||||
# type: manhole
|
||||
|
||||
|
||||
# Homeserver blocking
|
||||
#
|
||||
# How to reach the server admin, used in ResourceLimitError
|
||||
|
|
|
@ -176,10 +176,10 @@ class TlsConfig(Config):
|
|||
# See 'ACME support' below to enable auto-provisioning this certificate via
|
||||
# Let's Encrypt.
|
||||
#
|
||||
tls_certificate_path: "%(tls_certificate_path)s"
|
||||
# tls_certificate_path: "%(tls_certificate_path)s"
|
||||
|
||||
# PEM-encoded private key for TLS
|
||||
tls_private_key_path: "%(tls_private_key_path)s"
|
||||
# tls_private_key_path: "%(tls_private_key_path)s"
|
||||
|
||||
# ACME support: This will configure Synapse to request a valid TLS certificate
|
||||
# for your configured `server_name` via Let's Encrypt.
|
||||
|
@ -204,7 +204,7 @@ class TlsConfig(Config):
|
|||
#
|
||||
acme:
|
||||
# ACME support is disabled by default. Uncomment the following line
|
||||
# to enable it.
|
||||
# (and tls_certificate_path and tls_private_key_path above) to enable it.
|
||||
#
|
||||
# enabled: true
|
||||
|
||||
|
|
Loading…
Reference in a new issue