Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Disable TLS by default #4614

Merged
merged 1 commit into from
Feb 12, 2019
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.d/4614.feature
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
The default configuration no longer requires TLS certificates.
48 changes: 24 additions & 24 deletions synapse/config/server.py
Original file line number Diff line number Diff line change
Expand Up @@ -365,47 +365,47 @@ def default_config(self, server_name, data_dir_path, **kwargs):
# webclient: A web client. Requires web_client_location to be set.
#
listeners:
# Main HTTPS listener.
# For when matrix traffic is sent directly to synapse.
- port: %(bind_port)s
# TLS-enabled listener: for when matrix traffic is sent directly to synapse.
#
# Disabled by default. To enable it, uncomment the following. (Note that you
# will also need to give Synapse a TLS key and certificate: see the TLS section
# below.)
#
# - port: %(bind_port)s
# type: http
# tls: true
# resources:
# - names: [client, federation]

# Unsecure HTTP listener: for when matrix traffic passes through a reverse proxy
# that unwraps TLS.
#
# If you plan to use a reverse proxy, please see
# https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.rst.
#
- port: %(unsecure_port)s
tls: false
bind_addresses: ['::1', '127.0.0.1']
type: http
tls: true
x_forwarded: true

# List of HTTP resources to serve on this listener.
resources:
- names: [client]
compress: true
- names: [federation]
- names: [client, federation]
compress: false

# example addional_resources:
# example additonal_resources:
#
# additional_resources:
# "/_matrix/my/custom/endpoint":
# module: my_module.CustomRequestHandler
# config: {}

# Unsecure HTTP listener
# For when matrix traffic passes through a reverse-proxy that unwraps TLS.
- port: %(unsecure_port)s
tls: false
bind_addresses: ['::1', '127.0.0.1']
type: http
x_forwarded: true

resources:
- names: [client]
compress: true
- names: [federation]
compress: false

# Turn on the twisted ssh manhole service on localhost on the given
# port.
# - port: 9000
# bind_addresses: ['::1', '127.0.0.1']
# type: manhole


# Homeserver blocking
#
# How to reach the server admin, used in ResourceLimitError
Expand Down
6 changes: 3 additions & 3 deletions synapse/config/tls.py
Original file line number Diff line number Diff line change
Expand Up @@ -158,10 +158,10 @@ def default_config(self, config_dir_path, server_name, **kwargs):
# See 'ACME support' below to enable auto-provisioning this certificate via
# Let's Encrypt.
#
tls_certificate_path: "%(tls_certificate_path)s"
# tls_certificate_path: "%(tls_certificate_path)s"

# PEM-encoded private key for TLS
tls_private_key_path: "%(tls_private_key_path)s"
# tls_private_key_path: "%(tls_private_key_path)s"

# ACME support: This will configure Synapse to request a valid TLS certificate
# for your configured `server_name` via Let's Encrypt.
Expand All @@ -186,7 +186,7 @@ def default_config(self, config_dir_path, server_name, **kwargs):
#
acme:
# ACME support is disabled by default. Uncomment the following line
# to enable it.
# (and tls_certificate_path and tls_private_key_path above) to enable it.
#
# enabled: true

Expand Down