This repository has been archived by the owner on Apr 26, 2024. It is now read-only.
-
-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Move complement setup stuff into the Synapse repo
- Loading branch information
Showing
11 changed files
with
428 additions
and
29 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Add files used to build the Docker image used for complement testing into the Synapse repository. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
# A dockerfile which builds an image suitable for testing Synapse under | ||
# complement. | ||
|
||
ARG SYNAPSE_VERSION=latest | ||
|
||
FROM matrixdotorg/synapse:${SYNAPSE_VERSION} | ||
|
||
ENV SERVER_NAME=localhost | ||
|
||
COPY conf/* /conf/ | ||
|
||
# generate a signing key | ||
RUN generate_signing_key -o /conf/server.signing.key | ||
|
||
WORKDIR /data | ||
|
||
EXPOSE 8008 8448 | ||
|
||
ENTRYPOINT ["/conf/start.sh"] | ||
|
||
HEALTHCHECK --start-period=5s --interval=1s --timeout=1s \ | ||
CMD curl -fSs http://localhost:8008/health || exit 1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Stuff for building the docker image used for testing under complement. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
# This dockerfile builds on top of 'docker/Dockerfile-worker' in matrix-org/synapse | ||
# by including a built-in postgres instance, as well as setting up the homeserver so | ||
# that it is ready for testing via Complement. | ||
# | ||
# Instructions for building this image from those it depends on is detailed in this guide: | ||
# https://github.com/matrix-org/synapse/blob/develop/docker/README-testing.md#testing-with-postgresql-and-single-or-multi-process-synapse | ||
FROM matrixdotorg/synapse-workers | ||
|
||
# Download a caddy server to stand in front of nginx and terminate TLS using Complement's | ||
# custom CA. | ||
# We include this near the top of the file in order to cache the result. | ||
RUN curl -OL "https://github.com/caddyserver/caddy/releases/download/v2.3.0/caddy_2.3.0_linux_amd64.tar.gz" && \ | ||
tar xzf caddy_2.3.0_linux_amd64.tar.gz && rm caddy_2.3.0_linux_amd64.tar.gz && mv caddy /root | ||
|
||
# Install postgresql | ||
RUN apt-get update | ||
RUN apt-get install -y postgresql | ||
|
||
# Configure a user and create a database for Synapse | ||
RUN pg_ctlcluster 13 main start && su postgres -c "echo \ | ||
\"ALTER USER postgres PASSWORD 'somesecret'; \ | ||
CREATE DATABASE synapse \ | ||
ENCODING 'UTF8' \ | ||
LC_COLLATE='C' \ | ||
LC_CTYPE='C' \ | ||
template=template0;\" | psql" && pg_ctlcluster 13 main stop | ||
|
||
# Modify the shared homeserver config with postgres support, certificate setup | ||
# and the disabling of rate-limiting | ||
COPY conf-workers/workers-shared.yaml /conf/workers/shared.yaml | ||
|
||
WORKDIR /data | ||
|
||
# Copy the caddy config | ||
COPY conf-workers/caddy.complement.json /root/caddy.json | ||
|
||
# Expose caddy's listener ports | ||
EXPOSE 8008 8448 | ||
|
||
ENTRYPOINT \ | ||
# Replace the server name in the caddy config | ||
sed -i "s/{{ server_name }}/${SERVER_NAME}/g" /root/caddy.json && \ | ||
# Start postgres | ||
pg_ctlcluster 13 main start 2>&1 && \ | ||
# Start caddy | ||
/root/caddy start --config /root/caddy.json 2>&1 && \ | ||
# Set the server name of the homeserver | ||
SYNAPSE_SERVER_NAME=${SERVER_NAME} \ | ||
# No need to report stats here | ||
SYNAPSE_REPORT_STATS=no \ | ||
# Set postgres authentication details which will be placed in the homeserver config file | ||
POSTGRES_PASSWORD=somesecret POSTGRES_USER=postgres POSTGRES_HOST=localhost \ | ||
# Specify the workers to test with | ||
SYNAPSE_WORKER_TYPES="\ | ||
event_persister, \ | ||
event_persister, \ | ||
background_worker, \ | ||
frontend_proxy, \ | ||
event_creator, \ | ||
user_dir, \ | ||
media_repository, \ | ||
federation_inbound, \ | ||
federation_reader, \ | ||
federation_sender, \ | ||
synchrotron, \ | ||
appservice, \ | ||
pusher" \ | ||
# Run the script that writes the necessary config files and starts supervisord, which in turn | ||
# starts everything else | ||
/configure_workers_and_start.py | ||
|
||
HEALTHCHECK --start-period=5s --interval=1s --timeout=1s \ | ||
CMD /bin/sh /healthcheck.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
{ | ||
"apps": { | ||
"http": { | ||
"servers": { | ||
"srv0": { | ||
"listen": [ | ||
":8448" | ||
], | ||
"routes": [ | ||
{ | ||
"match": [ | ||
{ | ||
"host": [ | ||
"{{ server_name }}" | ||
] | ||
} | ||
], | ||
"handle": [ | ||
{ | ||
"handler": "subroute", | ||
"routes": [ | ||
{ | ||
"handle": [ | ||
{ | ||
"handler": "reverse_proxy", | ||
"upstreams": [ | ||
{ | ||
"dial": "localhost:8008" | ||
} | ||
] | ||
} | ||
] | ||
} | ||
] | ||
} | ||
], | ||
"terminal": true | ||
} | ||
] | ||
} | ||
} | ||
}, | ||
"tls": { | ||
"automation": { | ||
"policies": [ | ||
{ | ||
"subjects": [ | ||
"{{ server_name }}" | ||
], | ||
"issuers": [ | ||
{ | ||
"module": "internal" | ||
} | ||
], | ||
"on_demand": true | ||
} | ||
] | ||
} | ||
}, | ||
"pki": { | ||
"certificate_authorities": { | ||
"local": { | ||
"name": "Complement CA", | ||
"root": { | ||
"certificate": "/complement/ca/ca.crt", | ||
"private_key": "/complement/ca/ca.key" | ||
} | ||
} | ||
} | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
## Server ## | ||
report_stats: False | ||
trusted_key_servers: [] | ||
enable_registration: true | ||
enable_registration_without_verification: true | ||
bcrypt_rounds: 4 | ||
|
||
## Federation ## | ||
|
||
# disable verification of federation certificates | ||
# | ||
# TODO: Figure out why this is still needed even though we are making use of the custom CA | ||
federation_verify_certificates: false | ||
|
||
# trust certs signed by Complement's CA | ||
federation_custom_ca_list: | ||
- /complement/ca/ca.crt | ||
|
||
# unblacklist RFC1918 addresses | ||
federation_ip_range_blacklist: [] | ||
|
||
# Disable server rate-limiting | ||
rc_federation: | ||
window_size: 1000 | ||
sleep_limit: 10 | ||
sleep_delay: 500 | ||
reject_limit: 99999 | ||
concurrent: 3 | ||
|
||
rc_message: | ||
per_second: 9999 | ||
burst_count: 9999 | ||
|
||
rc_registration: | ||
per_second: 9999 | ||
burst_count: 9999 | ||
|
||
rc_login: | ||
address: | ||
per_second: 9999 | ||
burst_count: 9999 | ||
account: | ||
per_second: 9999 | ||
burst_count: 9999 | ||
failed_attempts: | ||
per_second: 9999 | ||
burst_count: 9999 | ||
|
||
rc_admin_redaction: | ||
per_second: 9999 | ||
burst_count: 9999 | ||
|
||
rc_joins: | ||
local: | ||
per_second: 9999 | ||
burst_count: 9999 | ||
remote: | ||
per_second: 9999 | ||
burst_count: 9999 | ||
|
||
federation_rr_transactions_per_room_per_second: 9999 | ||
|
||
## Experimental Features ## | ||
|
||
experimental_features: | ||
# Enable history backfilling support | ||
msc2716_enabled: true | ||
# Enable spaces support | ||
spaces_enabled: true | ||
# Enable jump to date endpoint | ||
msc3030_enabled: true | ||
|
||
server_notices: | ||
system_mxid_localpart: _server | ||
system_mxid_display_name: "Server Alert" | ||
system_mxid_avatar_url: "" | ||
room_name: "Server Alert" |
Oops, something went wrong.