1.9 KiB
Well-Known
The mapping for a server name to a hostname for federation is done via
SRV
records. Synapse v1.0 mandates valid X.509 certificates for the
federation endpoint where the certificate must match the server name.
This presents difficulties for hosted server offerings: ExampleCorp
may want to delegate responsibility for running its Matrix homeserver to an
outside supplier, but it may be difficult for that supplier to obtain a TLS
certificate for exmaple.com
(and ExampleCorp may be reluctant to let them have
one).
.well-known
solves this problem by augmenting the current SRV
record
with a .well-known
lookup.
Configuring .well-known
-
Give synapse a certificate corresponding to the target domain (
customer.example.net
). Currently Synapse's ACME support does not support this, so you will have to acquire a certificate yourself and give it to Synapse viatls_certificate_path
andtls_private_key_path
. -
Restart Synapse to ensure the new certificate is loaded.
-
Arrange for a
.well-known
file athttps://<server_name>/.well-known/matrix/server
with contents:{"m.server": "<target server name>"}
where the target server name is resolved as usual (i.e. SRV lookup, falling back to talking to port 8448).
In the above example, where synapse is listening on port 8000,
https://example.com/.well-known/matrix/server
should havem.server
set to one of:-
customer.example.net
─ with a SRV record on_matrix._tcp.customer.example.com
pointing to port 8000, or: -
customer.example.net
─ updating synapse to listen on the default port 8448, or: -
customer.example.net:8000
─ ensuring that if there is a reverse proxy oncustomer.example.net:8000
it correctly handles HTTP requests with Host header set tocustomer.example.net:8000
.
-