[Pkg-matrix-maintainers] Bug#960305: matrix-synapse: No instructions on setting up TLS
devel at sumpfralle.de
devel at sumpfralle.de
Thu Feb 2 21:14:11 GMT 2023
Hello,
On Sun, 1 Aug 2021 12:08:50 +0200 Nicolas George <george at nsup.org> wrote:
> I have a tidbit of information to add:
>
> The systemd service configuration says:
>
> ExecStartPre=/usr/bin/python3 -m synapse.app.homeserver --config-path=/etc/matrix-synapse/homeserver.yaml --config-path=/etc/matrix-synapse/conf.d/ --generate-keys
>
> The "--generate-keys" exists in the source code Python files.
>
> Yet if I run this command explicitly, it does nothing at all, and strace
> shows it does nothing about the keys.
yes, since synapse!4509 [1] the `--generate-keys` argument does not trigger the
creation of TLS files anymore.
(the new alias `--generate-missing-config` for that option is less misleading)
Thus it would probably be a good idea for the matrix-synapse package to disable
the TLS configuration by default and to use the new `--generate-missing-config`
(instead of `--generate-keys`) to avoid any confusion.
Disabled TLS is also the default configuration provided by
`/usr/bin/synapse_generate_config`.
Probably most users will use a separate reverse proxy. Thus, the enabled TLS
setting could infact complicate deployment for many people.
Thank you for maintaining the package!
Cheers,
Lars
[1] https://github.com/matrix-org/synapse/pull/4509
More information about the Pkg-matrix-maintainers
mailing list