Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update ACME docs to include port instructions #4578

Merged
merged 5 commits into from Feb 7, 2019
Merged
Diff settings

Always

Just for now

@@ -0,0 +1 @@
Add port configuration information to ACME instructions.
@@ -41,10 +41,10 @@ placed in Synapse's config directory without the need for any ACME setup.

The main steps for enabling ACME support in short summary are:

1. Allow Synapse to listen on port 80 with authbind, or forward it from a reverse-proxy.
1. Set `acme:enabled` to `true` in homeserver.yaml.
1. Allow Synapse to listen for incoming ACME challenges.
1. Enable ACME support in `homeserver.yaml`.
1. Move your old certificates (files `example.com.tls.crt` and `example.com.tls.key` out of the way if they currently exist at the paths specified in `homeserver.yaml`.
1. Restart Synapse
1. Restart Synapse.

Detailed instructions for each step are provided below.

@@ -71,14 +71,22 @@ location /.well-known/acme-challenge {
}
```

For Apache, add the following to your existing webserver config::
For Apache, add the following to your existing webserver config:

```
ProxyPass /.well-known/acme-challenge http://localhost:8009/.well-known/acme-challenge
```

Make sure to restart/reload your webserver after making changes.

Finally, make the relevant changes in `homeserver.yaml` to enable ACME support:

This comment has been minimized.

Copy link
@richvdh

richvdh Feb 6, 2019

Member

not finally, because you have to restart


```
acme:
enabled: true
port: 8009
```

This comment has been minimized.

Copy link
@richvdh

richvdh Feb 6, 2019

Member

... and restart synapse

This comment has been minimized.

Copy link
@anoadragon453

anoadragon453 Feb 7, 2019

Author Member

It tells you to at the end of the instructions. Is that too far away that people will think to finish at this point?

This comment has been minimized.

Copy link
@richvdh

richvdh Feb 7, 2019

Member

ah ISWYM. hopefully they will figure it out.


#### Authbind

@@ -102,21 +110,18 @@ sudo touch /etc/authbind/byport/80
sudo chmod 777 /etc/authbind/byport/80
```

When Synapse is started, use the following syntax::
When Synapse is started, use the following syntax:

```
authbind --deep <synapse start command>
```

### Config file editing

Once Synapse is able to listen on port 80 for ACME challenge
requests, it must be told to perform ACME provisioning by setting `enabled`
to true under the `acme` section in `homeserver.yaml`:
Make the relevant changes in `homeserver.yaml` to enable ACME support:

This comment has been minimized.

Copy link
@richvdh

richvdh Feb 6, 2019

Member

this would be better before the authbind, because we need to restart synapse afterwards

This comment has been minimized.

Copy link
@anoadragon453

anoadragon453 Feb 7, 2019

Author Member

Not sure I follow.


```
acme:
enabled: true
port: 80

This comment has been minimized.

Copy link
@richvdh

richvdh Feb 6, 2019

Member

this is redundant

```

### Starting synapse
ProTip! Use n and p to navigate between commits in a pull request.
You can’t perform that action at this time.