SecBSD/ports
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ports/net/synapse/pkg
History
purplerain 74706e64f4
sync ports with The Matrix
2023-10-11 18:19:00 +00:00
..
DESCR SecBSD's official ports repository 2023-08-16 22:26:55 +00:00
PLIST sync ports with The Matrix 2023-10-11 18:19:00 +00:00
README SecBSD's official ports repository 2023-08-16 22:26:55 +00:00
synapse.rc SecBSD's official ports repository 2023-08-16 22:26:55 +00:00

README 

+-------------------------------------------------------------------------------
| Running ${PKGSTEM} on OpenBSD
+-------------------------------------------------------------------------------

Generate a config
=================

As root (or _synapse), go into ${LOCALSTATEDIR}/synapse, then use
doas -u _synapse ${MODPY_BIN} -m synapse.app.homeserver \
	-c ${LOCALSTATEDIR}/synapse/homeserver.yaml --generate-config \
	--server-name matrix.example.com --report-stats=no \
	--generate-keys --keys-directory ${LOCALSTATEDIR}/synapse

Register a user
===============
doas -u _synapse \
	${PREFIX}/bin/register_new_matrix_user \
	-c ${LOCALSTATEDIR}/synapse/homeserver.yaml \
	http://localhost:8008

Configuration with TLS
======================

By default, synapse will run without TLS on localhost:8008
This means that you will not be able to connect to your server remotely.
The best way to achieve remote connectivity is through a reverse proxy.

Here is a relayd.conf(5) example:

  http protocol synapse {
    match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
    match request header append "X-Forwaded-By" value "$SERVER_ADDR:$SERVER_PORT"

    tls keypair "matrix.example.com"

    match request header set "Connection" value "close"
  }

  relay "synapse" {
    listen on matrix.example.com port 443 tls
    protocol "synapse"
    forward to 127.0.0.1 port 8008
  }

  relay "synapse-server" {
    listen on matrix.example.com port 8448 tls
    protocol "synapse"
    forward to 127.0.0.1 port 8008
  }

Here is an Nginx vhost reverse proxy example:

    server {
        listen 443 ssl;
        listen [::]:443 ssl;
        ssl_certificate /etc/ssl/matrix.example.com.pem;
        ssl_certificate_key /etc/ssl/private/matrix.example.com.key;
        server_name matrix.example.com;

        location /_matrix {
            proxy_pass http://localhost:8008;
            proxy_set_header X-Forwarded-For $remote_addr;
        }
    }

    server {
        listen 8448 ssl default_server;
        listen [::]:8448 ssl default_server;
        ssl_certificate /etc/ssl/matrix.example.com.pem;
        ssl_certificate_key /etc/ssl/private/matrix.example.com.key;
        server_name matrix.example.com;

        location / {
            proxy_pass http://localhost:8008;
            proxy_set_header X-Forwarded-For $remote_addr;
        }
    }