|
|
@ -141,6 +141,7 @@ default_room_version: {{ matrix_synapse_default_room_version|to_json }}
|
|
|
|
# - '100.64.0.0/10'
|
|
|
|
# - '100.64.0.0/10'
|
|
|
|
# - '192.0.0.0/24'
|
|
|
|
# - '192.0.0.0/24'
|
|
|
|
# - '169.254.0.0/16'
|
|
|
|
# - '169.254.0.0/16'
|
|
|
|
|
|
|
|
# - '192.88.99.0/24'
|
|
|
|
# - '198.18.0.0/15'
|
|
|
|
# - '198.18.0.0/15'
|
|
|
|
# - '192.0.2.0/24'
|
|
|
|
# - '192.0.2.0/24'
|
|
|
|
# - '198.51.100.0/24'
|
|
|
|
# - '198.51.100.0/24'
|
|
|
@ -149,6 +150,9 @@ default_room_version: {{ matrix_synapse_default_room_version|to_json }}
|
|
|
|
# - '::1/128'
|
|
|
|
# - '::1/128'
|
|
|
|
# - 'fe80::/10'
|
|
|
|
# - 'fe80::/10'
|
|
|
|
# - 'fc00::/7'
|
|
|
|
# - 'fc00::/7'
|
|
|
|
|
|
|
|
# - '2001:db8::/32'
|
|
|
|
|
|
|
|
# - 'ff00::/8'
|
|
|
|
|
|
|
|
# - 'fec0::/10'
|
|
|
|
|
|
|
|
|
|
|
|
# List of IP address CIDR ranges that should be allowed for federation,
|
|
|
|
# List of IP address CIDR ranges that should be allowed for federation,
|
|
|
|
# identity servers, push servers, and for checking key validity for
|
|
|
|
# identity servers, push servers, and for checking key validity for
|
|
|
@ -993,6 +997,7 @@ url_preview_ip_range_blacklist:
|
|
|
|
- '100.64.0.0/10'
|
|
|
|
- '100.64.0.0/10'
|
|
|
|
- '192.0.0.0/24'
|
|
|
|
- '192.0.0.0/24'
|
|
|
|
- '169.254.0.0/16'
|
|
|
|
- '169.254.0.0/16'
|
|
|
|
|
|
|
|
- '192.88.99.0/24'
|
|
|
|
- '198.18.0.0/15'
|
|
|
|
- '198.18.0.0/15'
|
|
|
|
- '192.0.2.0/24'
|
|
|
|
- '192.0.2.0/24'
|
|
|
|
- '198.51.100.0/24'
|
|
|
|
- '198.51.100.0/24'
|
|
|
@ -1001,6 +1006,9 @@ url_preview_ip_range_blacklist:
|
|
|
|
- '::1/128'
|
|
|
|
- '::1/128'
|
|
|
|
- 'fe80::/10'
|
|
|
|
- 'fe80::/10'
|
|
|
|
- 'fc00::/7'
|
|
|
|
- 'fc00::/7'
|
|
|
|
|
|
|
|
- '2001:db8::/32'
|
|
|
|
|
|
|
|
- 'ff00::/8'
|
|
|
|
|
|
|
|
- 'fec0::/10'
|
|
|
|
|
|
|
|
|
|
|
|
# List of IP address CIDR ranges that the URL preview spider is allowed
|
|
|
|
# List of IP address CIDR ranges that the URL preview spider is allowed
|
|
|
|
# to access even if they are specified in url_preview_ip_range_blacklist.
|
|
|
|
# to access even if they are specified in url_preview_ip_range_blacklist.
|
|
|
@ -1327,6 +1335,8 @@ account_threepid_delegates:
|
|
|
|
# By default, any room aliases included in this list will be created
|
|
|
|
# By default, any room aliases included in this list will be created
|
|
|
|
# as a publicly joinable room when the first user registers for the
|
|
|
|
# as a publicly joinable room when the first user registers for the
|
|
|
|
# homeserver. This behaviour can be customised with the settings below.
|
|
|
|
# homeserver. This behaviour can be customised with the settings below.
|
|
|
|
|
|
|
|
# If the room already exists, make certain it is a publicly joinable
|
|
|
|
|
|
|
|
# room. The join rule of the room must be set to 'public'.
|
|
|
|
#
|
|
|
|
#
|
|
|
|
#auto_join_rooms:
|
|
|
|
#auto_join_rooms:
|
|
|
|
# - "#example:example.com"
|
|
|
|
# - "#example:example.com"
|
|
|
@ -1869,9 +1879,9 @@ oidc_providers:
|
|
|
|
# user_mapping_provider:
|
|
|
|
# user_mapping_provider:
|
|
|
|
# config:
|
|
|
|
# config:
|
|
|
|
# subject_claim: "id"
|
|
|
|
# subject_claim: "id"
|
|
|
|
# localpart_template: "{ user.login }"
|
|
|
|
# localpart_template: "{% raw %}{{ user.login }}{% endraw %}"
|
|
|
|
# display_name_template: "{ user.name }"
|
|
|
|
# display_name_template: "{% raw %}{{ user.name }}{% endraw %}"
|
|
|
|
# email_template: "{ user.email }"
|
|
|
|
# email_template: "{% raw %}{{ user.email }}{% endraw %}"
|
|
|
|
|
|
|
|
|
|
|
|
# For use with Keycloak
|
|
|
|
# For use with Keycloak
|
|
|
|
#
|
|
|
|
#
|
|
|
@ -1898,8 +1908,8 @@ oidc_providers:
|
|
|
|
# user_mapping_provider:
|
|
|
|
# user_mapping_provider:
|
|
|
|
# config:
|
|
|
|
# config:
|
|
|
|
# subject_claim: "id"
|
|
|
|
# subject_claim: "id"
|
|
|
|
# localpart_template: "{ user.login }"
|
|
|
|
# localpart_template: "{% raw %}{{ user.login }}{% endraw %}"
|
|
|
|
# display_name_template: "{ user.name }"
|
|
|
|
# display_name_template: "{% raw %}{{ user.name }}{% endraw %}"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Enable Central Authentication Service (CAS) for registration and login.
|
|
|
|
# Enable Central Authentication Service (CAS) for registration and login.
|
|
|
@ -2227,11 +2237,11 @@ password_config:
|
|
|
|
#require_uppercase: true
|
|
|
|
#require_uppercase: true
|
|
|
|
|
|
|
|
|
|
|
|
ui_auth:
|
|
|
|
ui_auth:
|
|
|
|
# The number of milliseconds to allow a user-interactive authentication
|
|
|
|
# The amount of time to allow a user-interactive authentication session
|
|
|
|
# session to be active.
|
|
|
|
# to be active.
|
|
|
|
#
|
|
|
|
#
|
|
|
|
# This defaults to 0, meaning the user is queried for their credentials
|
|
|
|
# This defaults to 0, meaning the user is queried for their credentials
|
|
|
|
# before every action, but this can be overridden to alow a single
|
|
|
|
# before every action, but this can be overridden to allow a single
|
|
|
|
# validation to be re-used. This weakens the protections afforded by
|
|
|
|
# validation to be re-used. This weakens the protections afforded by
|
|
|
|
# the user-interactive authentication process, by allowing for multiple
|
|
|
|
# the user-interactive authentication process, by allowing for multiple
|
|
|
|
# (and potentially different) operations to use the same validation session.
|
|
|
|
# (and potentially different) operations to use the same validation session.
|
|
|
@ -2239,7 +2249,7 @@ ui_auth:
|
|
|
|
# Uncomment below to allow for credential validation to last for 15
|
|
|
|
# Uncomment below to allow for credential validation to last for 15
|
|
|
|
# seconds.
|
|
|
|
# seconds.
|
|
|
|
#
|
|
|
|
#
|
|
|
|
#session_timeout: 15000
|
|
|
|
#session_timeout: "15s"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
{% if matrix_synapse_email_enabled %}
|
|
|
|
{% if matrix_synapse_email_enabled %}
|
|
|
|