|
|
@ -110,6 +110,24 @@ use_presence: {{ matrix_synapse_use_presence|to_json }}
|
|
|
|
federation_domain_whitelist: {{ matrix_synapse_federation_domain_whitelist|to_json }}
|
|
|
|
federation_domain_whitelist: {{ matrix_synapse_federation_domain_whitelist|to_json }}
|
|
|
|
{% endif %}
|
|
|
|
{% endif %}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Prevent federation requests from being sent to the following
|
|
|
|
|
|
|
|
# blacklist IP address CIDR ranges. If this option is not specified, or
|
|
|
|
|
|
|
|
# specified with an empty list, no ip range blacklist will be enforced.
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# (0.0.0.0 and :: are always blacklisted, whether or not they are explicitly
|
|
|
|
|
|
|
|
# listed here, since they correspond to unroutable addresses.)
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
federation_ip_range_blacklist:
|
|
|
|
|
|
|
|
- '127.0.0.0/8'
|
|
|
|
|
|
|
|
- '10.0.0.0/8'
|
|
|
|
|
|
|
|
- '172.16.0.0/12'
|
|
|
|
|
|
|
|
- '192.168.0.0/16'
|
|
|
|
|
|
|
|
- '100.64.0.0/10'
|
|
|
|
|
|
|
|
- '169.254.0.0/16'
|
|
|
|
|
|
|
|
- '::1/128'
|
|
|
|
|
|
|
|
- 'fe80::/64'
|
|
|
|
|
|
|
|
- 'fc00::/7'
|
|
|
|
|
|
|
|
|
|
|
|
# List of ports that Synapse should listen on, their purpose and their
|
|
|
|
# List of ports that Synapse should listen on, their purpose and their
|
|
|
|
# configuration.
|
|
|
|
# configuration.
|
|
|
|
#
|
|
|
|
#
|
|
|
@ -260,6 +278,12 @@ listeners:
|
|
|
|
#
|
|
|
|
#
|
|
|
|
#require_membership_for_aliases: false
|
|
|
|
#require_membership_for_aliases: false
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Whether to allow per-room membership profiles through the send of membership
|
|
|
|
|
|
|
|
# events with profile information that differ from the target's global profile.
|
|
|
|
|
|
|
|
# Defaults to 'true'.
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
#allow_per_room_profiles: false
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## TLS ##
|
|
|
|
## TLS ##
|
|
|
|
|
|
|
|
|
|
|
@ -433,21 +457,15 @@ log_config: "/data/{{ matrix_server_fqn_matrix }}.log.config"
|
|
|
|
|
|
|
|
|
|
|
|
## Ratelimiting ##
|
|
|
|
## Ratelimiting ##
|
|
|
|
|
|
|
|
|
|
|
|
# Number of messages a client can send per second
|
|
|
|
# Ratelimiting settings for client actions (registration, login, messaging).
|
|
|
|
#
|
|
|
|
|
|
|
|
rc_messages_per_second: {{ matrix_synapse_rc_messages_per_second }}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Number of message a client can send before being throttled
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
rc_message_burst_count: {{ matrix_synapse_rc_message_burst_count }}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Ratelimiting settings for registration and login.
|
|
|
|
|
|
|
|
#
|
|
|
|
#
|
|
|
|
# Each ratelimiting configuration is made of two parameters:
|
|
|
|
# Each ratelimiting configuration is made of two parameters:
|
|
|
|
# - per_second: number of requests a client can send per second.
|
|
|
|
# - per_second: number of requests a client can send per second.
|
|
|
|
# - burst_count: number of requests a client can send before being throttled.
|
|
|
|
# - burst_count: number of requests a client can send before being throttled.
|
|
|
|
#
|
|
|
|
#
|
|
|
|
# Synapse currently uses the following configurations:
|
|
|
|
# Synapse currently uses the following configurations:
|
|
|
|
|
|
|
|
# - one for messages that ratelimits sending based on the account the client
|
|
|
|
|
|
|
|
# is using
|
|
|
|
# - one for registration that ratelimits registration requests based on the
|
|
|
|
# - one for registration that ratelimits registration requests based on the
|
|
|
|
# client's IP address.
|
|
|
|
# client's IP address.
|
|
|
|
# - one for login that ratelimits login requests based on the client's IP
|
|
|
|
# - one for login that ratelimits login requests based on the client's IP
|
|
|
@ -460,6 +478,12 @@ rc_message_burst_count: {{ matrix_synapse_rc_message_burst_count }}
|
|
|
|
#
|
|
|
|
#
|
|
|
|
# The defaults are as shown below.
|
|
|
|
# The defaults are as shown below.
|
|
|
|
#
|
|
|
|
#
|
|
|
|
|
|
|
|
#rc_message:
|
|
|
|
|
|
|
|
# per_second: 0.2
|
|
|
|
|
|
|
|
# burst_count: 10
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
rc_message: {{ matrix_synapse_rc_message|to_json }}
|
|
|
|
|
|
|
|
#
|
|
|
|
#rc_registration:
|
|
|
|
#rc_registration:
|
|
|
|
# per_second: 0.17
|
|
|
|
# per_second: 0.17
|
|
|
|
# burst_count: 3
|
|
|
|
# burst_count: 3
|
|
|
@ -477,34 +501,29 @@ rc_registration: {{ matrix_synapse_rc_registration|to_json }}
|
|
|
|
# burst_count: 3
|
|
|
|
# burst_count: 3
|
|
|
|
rc_login: {{ matrix_synapse_rc_login|to_json }}
|
|
|
|
rc_login: {{ matrix_synapse_rc_login|to_json }}
|
|
|
|
|
|
|
|
|
|
|
|
# The federation window size in milliseconds
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
#federation_rc_window_size: 1000
|
|
|
|
|
|
|
|
federation_rc_window_size: {{ matrix_synapse_federation_rc_window_size }}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# The number of federation requests from a single server in a window
|
|
|
|
|
|
|
|
# before the server will delay processing the request.
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
#federation_rc_sleep_limit: 10
|
|
|
|
|
|
|
|
federation_rc_sleep_limit: {{ matrix_synapse_federation_rc_sleep_limit }}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# The duration in milliseconds to delay processing events from
|
|
|
|
# Ratelimiting settings for incoming federation
|
|
|
|
# remote servers by if they go over the sleep limit.
|
|
|
|
|
|
|
|
#
|
|
|
|
#
|
|
|
|
#federation_rc_sleep_delay: 500
|
|
|
|
# The rc_federation configuration is made up of the following settings:
|
|
|
|
federation_rc_sleep_delay: {{ matrix_synapse_federation_rc_sleep_delay }}
|
|
|
|
# - window_size: window size in milliseconds
|
|
|
|
|
|
|
|
# - sleep_limit: number of federation requests from a single server in
|
|
|
|
# The maximum number of concurrent federation requests allowed
|
|
|
|
# a window before the server will delay processing the request.
|
|
|
|
# from a single server
|
|
|
|
# - sleep_delay: duration in milliseconds to delay processing events
|
|
|
|
|
|
|
|
# from remote servers by if they go over the sleep limit.
|
|
|
|
|
|
|
|
# - reject_limit: maximum number of concurrent federation requests
|
|
|
|
|
|
|
|
# allowed from a single server
|
|
|
|
|
|
|
|
# - concurrent: number of federation requests to concurrently process
|
|
|
|
|
|
|
|
# from a single server
|
|
|
|
#
|
|
|
|
#
|
|
|
|
#federation_rc_reject_limit: 50
|
|
|
|
# The defaults are as shown below.
|
|
|
|
federation_rc_reject_limit: {{ matrix_synapse_federation_rc_reject_limit }}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# The number of federation requests to concurrently process from a
|
|
|
|
|
|
|
|
# single server
|
|
|
|
|
|
|
|
#
|
|
|
|
#
|
|
|
|
#federation_rc_concurrent: 3
|
|
|
|
#rc_federation:
|
|
|
|
federation_rc_concurrent: {{ matrix_synapse_federation_rc_concurrent }}
|
|
|
|
# window_size: 1000
|
|
|
|
|
|
|
|
# sleep_limit: 10
|
|
|
|
|
|
|
|
# sleep_delay: 500
|
|
|
|
|
|
|
|
# reject_limit: 50
|
|
|
|
|
|
|
|
# concurrent: 3
|
|
|
|
|
|
|
|
rc_federation: {{ matrix_synapse_rc_federation|to_json }}
|
|
|
|
|
|
|
|
|
|
|
|
# Target outgoing federation transaction frequency for sending read-receipts,
|
|
|
|
# Target outgoing federation transaction frequency for sending read-receipts,
|
|
|
|
# per-room.
|
|
|
|
# per-room.
|
|
|
@ -719,6 +738,40 @@ turn_allow_guests: False
|
|
|
|
#
|
|
|
|
#
|
|
|
|
enable_registration: {{ matrix_synapse_enable_registration|to_json }}
|
|
|
|
enable_registration: {{ matrix_synapse_enable_registration|to_json }}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Optional account validity configuration. This allows for accounts to be denied
|
|
|
|
|
|
|
|
# any request after a given period.
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# ``enabled`` defines whether the account validity feature is enabled. Defaults
|
|
|
|
|
|
|
|
# to False.
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# ``period`` allows setting the period after which an account is valid
|
|
|
|
|
|
|
|
# after its registration. When renewing the account, its validity period
|
|
|
|
|
|
|
|
# will be extended by this amount of time. This parameter is required when using
|
|
|
|
|
|
|
|
# the account validity feature.
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# ``renew_at`` is the amount of time before an account's expiry date at which
|
|
|
|
|
|
|
|
# Synapse will send an email to the account's email address with a renewal link.
|
|
|
|
|
|
|
|
# This needs the ``email`` and ``public_baseurl`` configuration sections to be
|
|
|
|
|
|
|
|
# filled.
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# ``renew_email_subject`` is the subject of the email sent out with the renewal
|
|
|
|
|
|
|
|
# link. ``%(app)s`` can be used as a placeholder for the ``app_name`` parameter
|
|
|
|
|
|
|
|
# from the ``email`` section.
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# Once this feature is enabled, Synapse will look for registered users without an
|
|
|
|
|
|
|
|
# expiration date at startup and will add one to every account it found using the
|
|
|
|
|
|
|
|
# current settings at that time.
|
|
|
|
|
|
|
|
# This means that, if a validity period is set, and Synapse is restarted (it will
|
|
|
|
|
|
|
|
# then derive an expiration date from the current validity period), and some time
|
|
|
|
|
|
|
|
# after that the validity period changes and Synapse is restarted, the users'
|
|
|
|
|
|
|
|
# expiration dates won't be updated unless their account is manually renewed.
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
#account_validity:
|
|
|
|
|
|
|
|
# enabled: True
|
|
|
|
|
|
|
|
# period: 6w
|
|
|
|
|
|
|
|
# renew_at: 1w
|
|
|
|
|
|
|
|
# renew_email_subject: "Renew your %(app)s account"
|
|
|
|
|
|
|
|
|
|
|
|
# The user must provide all of the below types of 3PID when registering.
|
|
|
|
# The user must provide all of the below types of 3PID when registering.
|
|
|
|
#
|
|
|
|
#
|
|
|
|
#registrations_require_3pid:
|
|
|
|
#registrations_require_3pid:
|
|
|
|