From 2da40c729ae29bbee25f405355266c0ea87826ec Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 10 Nov 2019 08:48:42 +0200 Subject: [PATCH] Do not expose server room directory by default Prompted by: https://matrix.org/blog/2019/11/09/avoiding-unwelcome-visitors-on-private-matrix-servers This is a bit controversial, because.. the Synapse default remains open, while the general advice (as per the blog post) is to make it more private. I'm not sure exactly what kind of server people set up and whether they want to make the room directory public. Our general goal is to favor privacy and security when running personal (family & friends) and corporate homeservers, both of which likely benefit from having a more secure default. --- CHANGELOG.md | 12 ++++++++++++ roles/matrix-synapse/defaults/main.yml | 9 +++++++++ .../templates/synapse/homeserver.yaml.j2 | 4 ++-- 3 files changed, 23 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 19df1b28..e6dedf38 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,15 @@ +# 2019-11-10 + +## Tightened security around room directory publishing + +As per this [advisory blog post](https://matrix.org/blog/2019/11/09/avoiding-unwelcome-visitors-on-private-matrix-servers), we've decided to change the default publishing rules for the Matrix room directory. + +Our general goal is to favor privacy and security when running personal (family & friends) and corporate homeservers. +Both of these likely benefit from having a more secure default of **not showing the room directory without authentication** and **not publishing the room directory over federation**. + +As with anything else, these new defaults can be overriden by changing the `matrix_synapse_allow_public_rooms_without_auth` and `matrix_synapse_allow_public_rooms_over_federation` variables, respectively. + + # 2019-10-05 ## Improved Postgres upgrading/importing diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index f1b453f3..7651bf64 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -136,6 +136,15 @@ matrix_synapse_report_stats: false # disabling this will decrease server load significantly. matrix_synapse_use_presence: true +# Controls whether accessing the server's public rooms directory can be done without authentication. +# For private servers, you most likely wish to require authentication, +# unless you know what list of rooms you're publishing to the world and explicitly want to do it. +matrix_synapse_allow_public_rooms_without_auth: false + +# Controls whether remote servers can fetch this server's public rooms directory via federation. +# For private servers, you most likely wish to forbid it. +matrix_synapse_allow_public_rooms_over_federation: false + # Controls whether people with access to the homeserver can register by themselves. matrix_synapse_enable_registration: false diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 9d8da346..d7adb26a 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -48,12 +48,12 @@ use_presence: {{ matrix_synapse_use_presence|to_json }} # If set to 'false', requires authentication to access the server's public rooms # directory through the client API. Defaults to 'true'. # -#allow_public_rooms_without_auth: false +allow_public_rooms_without_auth: {{ matrix_synapse_allow_public_rooms_without_auth|to_json }} # If set to 'false', forbids any other homeserver to fetch the server's public # rooms directory via federation. Defaults to 'true'. # -#allow_public_rooms_over_federation: false +allow_public_rooms_over_federation: {{ matrix_synapse_allow_public_rooms_over_federation|to_json }} # The default room version for newly created rooms. #