This repository has been archived by the owner on Apr 26, 2024. It is now read-only.
Update ACME docs to include port instructions #4578
Merged
Merged
Changes from all commits
Commits
Show all changes
5 commits
Select commit
Hold shift + click to select a range
84ee680
Update ACME docs to include port instructions
anoadragon453 d519fdc
Separate config instructions for rp/authbind
anoadragon453 5138013
Add changelog
anoadragon453 47926ce
Simplify things a bit
anoadragon453 a292168
fixes
anoadragon453 File filter
Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Add port configuration information to ACME instructions. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -41,10 +41,10 @@ placed in Synapse's config directory without the need for any ACME setup. | |
|
||
The main steps for enabling ACME support in short summary are: | ||
|
||
1. Allow Synapse to listen on port 80 with authbind, or forward it from a reverse-proxy. | ||
1. Set `acme:enabled` to `true` in homeserver.yaml. | ||
1. Allow Synapse to listen for incoming ACME challenges. | ||
1. Enable ACME support in `homeserver.yaml`. | ||
1. Move your old certificates (files `example.com.tls.crt` and `example.com.tls.key` out of the way if they currently exist at the paths specified in `homeserver.yaml`. | ||
1. Restart Synapse | ||
1. Restart Synapse. | ||
|
||
Detailed instructions for each step are provided below. | ||
|
||
|
@@ -71,14 +71,22 @@ location /.well-known/acme-challenge { | |
} | ||
``` | ||
|
||
For Apache, add the following to your existing webserver config:: | ||
For Apache, add the following to your existing webserver config: | ||
|
||
``` | ||
ProxyPass /.well-known/acme-challenge http://localhost:8009/.well-known/acme-challenge | ||
``` | ||
|
||
Make sure to restart/reload your webserver after making changes. | ||
|
||
Now make the relevant changes in `homeserver.yaml` to enable ACME support: | ||
|
||
``` | ||
acme: | ||
enabled: true | ||
port: 8009 | ||
``` | ||
|
||
|
||
#### Authbind | ||
|
||
|
@@ -102,24 +110,20 @@ sudo touch /etc/authbind/byport/80 | |
sudo chmod 777 /etc/authbind/byport/80 | ||
``` | ||
|
||
When Synapse is started, use the following syntax:: | ||
When Synapse is started, use the following syntax: | ||
|
||
``` | ||
authbind --deep <synapse start command> | ||
``` | ||
|
||
### Config file editing | ||
|
||
Once Synapse is able to listen on port 80 for ACME challenge | ||
requests, it must be told to perform ACME provisioning by setting `enabled` | ||
to true under the `acme` section in `homeserver.yaml`: | ||
Make the relevant changes in `homeserver.yaml` to enable ACME support: | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. this would be better before the authbind, because we need to restart synapse afterwards There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Not sure I follow. |
||
|
||
``` | ||
acme: | ||
enabled: true | ||
``` | ||
|
||
### Starting synapse | ||
### (Re)starting synapse | ||
|
||
Ensure that the certificate paths specified in `homeserver.yaml` (`tls_certificate_path` and `tls_private_key_path`) do not currently point to any files. Synapse will not provision certificates if files exist, as it does not want to overwrite existing certificates. | ||
|
||
|
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
... and restart synapse
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It tells you to at the end of the instructions. Is that too far away that people will think to finish at this point?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ah ISWYM. hopefully they will figure it out.