Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update ACME docs to include port instructions #4578

Merged
merged 5 commits into from Feb 7, 2019
Merged
Diff settings

Always

Just for now

Copy path View file
@@ -0,0 +1 @@
Add port configuration information to ACME instructions.
Copy path View file
@@ -41,8 +41,8 @@ placed in Synapse's config directory without the need for any ACME setup.

The main steps for enabling ACME support in short summary are:

1. Allow Synapse to listen on port 80 with authbind, or forward it from a reverse-proxy.
1. Set `acme:enabled` to `true` in homeserver.yaml.
1. Allow Synapse to listen on port 80 with `authbind`, or forward it to port `8009` from a reverse-proxy.

This comment has been minimized.

Copy link
@richvdh

richvdh Feb 6, 2019

Member

again, I think specifying the destination port here is overdetailed

1. Set `acme:enabled` to `true` and `acme:port` to the appropriate port (`8009` for reverse-proxy, `80` for listening directly with `authbind`) in homeserver.yaml.

This comment has been minimized.

Copy link
@richvdh

richvdh Feb 6, 2019

Member

you don't need to set acme:port if its port 80, and it's starting to just be a duplicate of the information below. Can we make this snappier and handwavier: "enable acme support in homeserver.yaml".

1. Move your old certificates (files `example.com.tls.crt` and `example.com.tls.key` out of the way if they currently exist at the paths specified in `homeserver.yaml`.
1. Restart Synapse

@@ -110,13 +110,24 @@ authbind --deep <synapse start command>

### Config file editing

Once Synapse is able to listen on port 80 for ACME challenge
requests, it must be told to perform ACME provisioning by setting `enabled`
to true under the `acme` section in `homeserver.yaml`:
Once Synapse is able to listen on port 80 for ACME challenge requests, either

This comment has been minimized.

Copy link
@richvdh

richvdh Feb 6, 2019

Member

surely just stick the two halves of this under the relevant sections above?

directly or reverse-proxied to a higher port such as `8009`, we can enable
functionality in the config.

For the reverse-proxy method:

```
acme:
enabled: true
port: 8009
```

For the `authbind` method:

```
acme:
enabled: true
port: 80

This comment has been minimized.

Copy link
@richvdh

richvdh Feb 6, 2019

Member

this is redundant

```

### Starting synapse
ProTip! Use n and p to navigate between commits in a pull request.
You can’t perform that action at this time.