-
-
Notifications
You must be signed in to change notification settings - Fork 2.1k
support federation queries through http connect proxy #10475
support federation queries through http connect proxy #10475
Conversation
Can be specified by HTTPS_PROXY env var. pass unfiltered reactor to federation agent for proxy support Signed-off-by: Marcus Hoffmann <[email protected]>
This is used for proxy authentication, we just continue our "solution" of copying code from proxyagent -> matrix_federation_agent.
As a result, each test creates its own certificates now. A little bit more overhead
similar to `test_proxyagent`
1b98ec7
to
0bf5ac8
Compare
federation_through_proxy Conflicts: synapse/http/proxyagent.py
) = proxyagent.http_proxy_endpoint( | ||
https_proxy, | ||
proxy_reactor, | ||
tls_client_options_factory or BrowserLikePolicyForHTTPS(), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not sure if BrowserLikePolicyForHTTPS
is the best default policy.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think we need a default policy here. tls_client_options_factory=None
is supposed to disable TLS, not fall back to a default. I would make the tls_options_factory
parameter to _http_proxy_endpoint
Optional, and raise an Exception if the scheme is https
but there is no tls factory.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Im not sure what is the best error to raise. ValueError
, ConfigError
, RuntimeError
or anything else?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks generally great, thank you! Particular thanks for taking the time to figure out the tests.
A few minor suggestions here.
@@ -343,6 +343,7 @@ def __init__(self, hs, tls_client_options_factory): | |||
tls_client_options_factory, | |||
user_agent, | |||
hs.config.federation_ip_range_blacklist, | |||
proxy_reactor=hs.get_reactor(), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
per #9306 (comment):
I suggest you move the code at lines 330-334 which builds a BlacklistingReactorWrapper
into MatrixFederationAgent
. There is no need for MatrixFederationHttpClient.reactor
to be a BlacklistingReactorWrapper
.
) = proxyagent.http_proxy_endpoint( | ||
https_proxy, | ||
proxy_reactor, | ||
tls_client_options_factory or BrowserLikePolicyForHTTPS(), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think we need a default policy here. tls_client_options_factory=None
is supposed to disable TLS, not fall back to a default. I would make the tls_options_factory
parameter to _http_proxy_endpoint
Optional, and raise an Exception if the scheme is https
but there is no tls factory.
connect_headers = Headers() | ||
# Determine whether we need to set Proxy-Authorization headers | ||
if self.https_proxy_creds: | ||
# Set a Proxy-Authorization header | ||
connect_headers.addRawHeader( | ||
b"Proxy-Authorization", | ||
self.https_proxy_creds.as_proxy_authorization_value(), | ||
) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should we just move this into HTTPConnectProxyEndpoint
, to save doing it each time we construct one?
(in other words: make HTTPConnectProxyEndpoint
take an Optional[ProxyCredentials]
parameter instead of a custom headers
parameter)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This change was larger.
I had to move ProxyCredentials
from proxyagent
to connectproxyclient
. The reason was a circular import.
I have replaced headers
parameter because it was introduced in #9657 only for proxy connections and is not needed anymore.
_srv_resolver=self.mock_resolver, | ||
_well_known_resolver=self.well_known_resolver, | ||
) | ||
self.agent = self._make_agent() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it would be better not to create an agent here at all, than to create it and then recreate for some of the tests.
Am I correct to assume that this also solves #8859 , i.e. http proxy outbound federation ? |
#8859 is a duplictae of #8660 (#8859 (comment)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm. Thank you so much for working on this!
I am using tinyproxy currently for this test environment. I have connected the element webinterface and it authenticated against the synapse server. I am able to send messages between a user on the webinterface and a user on a mobile device. I have configured synapse to run with these environment variables:
I am using firefox, and that seems to work for http and https sites with this proxy. However when I 'explore public rooms' search for test on matrix.org, I am getting this error
To be sure I also used curl to test the connections, which seem ok.
If this is related to the certificate being used for outgoing connections (as maybe mentioned here #5684) How should I configure multiple certificates. I have my synapse container running with task/host names '111.222.333.444.555' while my 'front end' is using a 'aaa.bbb.cccc' hostname. Currently most containers are running on my own CA so, multiple instances of synapse (workers?) will communicate via such hostnames 111.222.333.444.555. |
Are you sure that tinyproxy is able to use it with |
But incoming requests are going to my reverse proxy, haproxy and there I have the correct certificate. With the outgoing request to matrix-federation.matrix.org.cdn.cloudflare.net:8443 is there some client certificate being used and verified? What does this exactly mean? |
Oh oh, looks like maybe cloudflare issue or where do you get this hostname from? This is what I get when I open the url in firefox. https://matrix-federation.matrix.org.cdn.cloudflare.net:8443/ Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for matrix-federation.matrix.org.cdn.cloudflare.net:8443. The certificate is only valid for the following names: about.riot.im, arewereadyyet.com, lfs.matrix.org, matrix-client.matrix.org, matrix-federation.matrix.org, matrix.org, matrix.to, modular.im, riot.im, spec.matrix.org, status.matrix.org, vector.im, www.matrix.org, www.modular.im Error code: SSL_ERROR_BAD_CERT_DOMAIN |
synapse log
Curl
|
How did you configure that tinyproxy supports
Tinyproxy log:
This what I am expect. Because tinyproxy cannot create a connection with https. It has no TLS certificate for this. A normal http connection with tinyproxy:
|
btw thanks for helping and testing this, I really appreciate it. ;) I am really looking forward to having this synapse in my container environment. This is the config I have. I just redacted some more allow lines. I have tinyproxy running on two networks one connected to the internet and one connected to a container/vm environment. Maybe running this on localhost is not the best way to test, because local routing could mess up the outgoing traffic? My tinyproxy is running separate, from my test2 and synapse. All have their own ip addresses. I know for sure my environment is getting the ssl websites. Yesterday I even checked if the container was validating the certificates of matrix.org correctly, which are letsencrypt and curl just worked fine. To me it starts to look like some client certificate is being used communicating with matrix.org. But this error message is just not clear.
PS. If you want access to my test environment, you can have it. |
I think you env var is not correct.
You have to use:
You can connect to your proxy via http and not https. |
I think tinyproxy by default supports ssl/tls and just switches automatically based on the protocol it receives. I think you should be able to do this[1] also. It does not really make sense not supporting ssl these days. I will try and have a look at this (ssl?) library and see what this error means. [1]
|
Do you have a code snippet that I can use to test with? Something that would generate the same error message in my environment? |
I do not have a code snippet. I did a request with a proxy that is able to talk https (squid), I can see 2 TLS handshakes.
|
curl 7.29.0 is not up to date. Release date was Feb 6 2013. |
We should let RedHat worry about such things, the el7 is still a supported distribution ;) |
Yes it is supported for security bugfixes. But curl 7.29.0 does not support proxy connections with TLS.
But 2013! ;) |
Genius, genius of you. I just tried on the docker image with curl 7.78, and whoppa url: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number And while I was doing this, I thought lets run the container with And this seems to work!!!!!! Explore rooms is being filled with external data. I am embarrassed about wasting your time on this |
I just switched back from using a hostname in the proxy config to an ip address, hoping it would resolve the timeout messages that I am getting (in case python is not using the correct ip address). But I keep getting lots of these. Joining a room seems to be slow, however I managed to join 2.
|
I think this is not easy to debug. |
Synapse 1.41.0rc1 (2021-08-18) ============================== Features -------- - Add `get_userinfo_by_id` method to ModuleApi. ([\#9581](#9581)) - Initial local support for [MSC3266](#10394), Room Summary over the unstable `/rooms/{roomIdOrAlias}/summary` API. ([\#10394](#10394)) - Experimental support for [MSC3288](matrix-org/matrix-spec-proposals#3288), sending `room_type` to the identity server for 3pid invites over the `/store-invite` API. ([\#10435](#10435)) - Add support for sending federation requests through a proxy. Contributed by @Bubu and @dklimpel. ([\#10475](#10475)) - Add support for "marker" events which makes historical events discoverable for servers that already have all of the scrollback history (part of [MSC2716](matrix-org/matrix-spec-proposals#2716)). ([\#10498](#10498)) - Add a configuration setting for the time a `/sync` response is cached for. ([\#10513](#10513)) - The default logging handler for new installations is now `PeriodicallyFlushingMemoryHandler`, a buffered logging handler which periodically flushes itself. ([\#10518](#10518)) - Add support for new redaction rules for historical events specified in [MSC2716](matrix-org/matrix-spec-proposals#2716). ([\#10538](#10538)) - Add a setting to disable TLS when sending email. ([\#10546](#10546)) - Add pagination to the spaces summary based on updates to [MSC2946](matrix-org/matrix-spec-proposals#2946). ([\#10549](#10549), [\#10560](#10560), [\#10569](#10569), [\#10574](#10574), [\#10575](#10575), [\#10579](#10579), [\#10583](#10583)) - Admin API to delete several media for a specific user. Contributed by @dklimpel. ([\#10558](#10558), [\#10628](#10628)) - Add support for routing `/createRoom` to workers. ([\#10564](#10564)) - Update the Synapse Grafana dashboard. ([\#10570](#10570)) - Add an admin API (`GET /_synapse/admin/username_available`) to check if a username is available (regardless of registration settings). ([\#10578](#10578)) - Allow editing a user's `external_ids` via the "Edit User" admin API. Contributed by @dklimpel. ([\#10598](#10598)) - The Synapse manhole no longer needs coroutines to be wrapped in `defer.ensureDeferred`. ([\#10602](#10602)) - Add option to allow modules to run periodic tasks on all instances, rather than just the one configured to run background tasks. ([\#10638](#10638)) Bugfixes -------- - Add some clarification to the sample config file. Contributed by @Kentokamoto. ([\#10129](#10129)) - Fix a long-standing bug where protocols which are not implemented by any appservices were incorrectly returned via `GET /_matrix/client/r0/thirdparty/protocols`. ([\#10532](#10532)) - Fix exceptions in logs when failing to get remote room list. ([\#10541](#10541)) - Fix longstanding bug which caused the user "status" to be reset when the user went offline. Contributed by @dklimpel. ([\#10550](#10550)) - Allow public rooms to be previewed in the spaces summary APIs from [MSC2946](matrix-org/matrix-spec-proposals#2946). ([\#10580](#10580)) - Fix a bug introduced in v1.37.1 where an error could occur in the asynchronous processing of PDUs when the queue was empty. ([\#10592](#10592)) - Fix errors on /sync when read receipt data is a string. Only affects homeservers with the experimental flag for [MSC2285](matrix-org/matrix-spec-proposals#2285) enabled. Contributed by @SimonBrandner. ([\#10606](#10606)) - Additional validation for the spaces summary API to avoid errors like `ValueError: Stop argument for islice() must be None or an integer`. The missing validation has existed since v1.31.0. ([\#10611](#10611)) - Revert behaviour introduced in v1.38.0 that strips `org.matrix.msc2732.device_unused_fallback_key_types` from `/sync` when its value is empty. This field should instead always be present according to [MSC2732](https://github.com/matrix-org/matrix-doc/blob/master/proposals/2732-olm-fallback-keys.md). ([\#10623](#10623)) Improved Documentation ---------------------- - Add documentation for configuration a forward proxy. ([\#10443](#10443)) - Updated the reverse proxy documentation to highlight the homserver configuration that is needed to make Synapse aware that is is intentionally reverse proxied. ([\#10551](#10551)) - Update CONTRIBUTING.md to fix index links and the instructions for SyTest in docker. ([\#10599](#10599)) Deprecations and Removals ------------------------- - No longer build `.deb` packages for Ubuntu 20.10 LTS Groovy Gorilla, which has now EOLed. ([\#10588](#10588)) - The `template_dir` configuration settings in the `sso`, `account_validity` and `email` sections of the configuration file are now deprecated in favour of the global `templates.custom_template_directory` setting. See the [upgrade notes](https://matrix-org.github.io/synapse/latest/upgrade.html) for more information. ([\#10596](#10596)) Internal Changes ---------------- - Improve event caching mechanism to avoid having multiple copies of an event in memory at a time. ([\#10119](#10119)) - Reduce errors in PostgreSQL logs due to concurrent serialization errors. ([\#10504](#10504)) - Include room ID in ignored EDU log messages. Contributed by @ilmari. ([\#10507](#10507)) - Add pagination to the spaces summary based on updates to [MSC2946](matrix-org/matrix-spec-proposals#2946). ([\#10527](#10527), [\#10530](#10530)) - Fix CI to not break when run against branches rather than pull requests. ([\#10529](#10529)) - Mark all events stemming from the [MSC2716](matrix-org/matrix-spec-proposals#2716) `/batch_send` endpoint as historical. ([\#10537](#10537)) - Clean up some of the federation event authentication code for clarity. ([\#10539](#10539), [\#10591](#10591)) - Convert `Transaction` and `Edu` objects to attrs. ([\#10542](#10542)) - Update `/batch_send` endpoint to only return `state_events` created by the `state_events_from_before` passed in. ([\#10552](#10552)) - Update contributing.md to warn against rebasing an open PR. ([\#10563](#10563)) - Remove the unused public rooms replication stream. ([\#10565](#10565)) - Clarify error message when failing to join a restricted room. ([\#10572](#10572)) - Remove references to BuildKite in favour of GitHub Actions. ([\#10573](#10573)) - Move `/batch_send` endpoint defined by [MSC2716](matrix-org/matrix-spec-proposals#2716) to the `/v2_alpha` directory. ([\#10576](#10576)) - Allow multiple custom directories in `read_templates`. ([\#10587](#10587)) - Re-organize the `synapse.federation.transport.server` module to create smaller files. ([\#10590](#10590)) - Flatten the `synapse.rest.client` package by moving the contents of `v1` and `v2_alpha` into the parent. ([\#10600](#10600)) - Build Debian packages for Debian 12 (Bookworm). ([\#10612](#10612)) - Fix up a couple of links to the database schema documentation. ([\#10620](#10620)) - Fix a broken link to the upgrade notes. ([\#10631](#10631))
Synapse 1.41.0 (2021-08-24) =========================== This release adds support for Debian 12 (Bookworm), but **removes support for Ubuntu 20.10 (Groovy Gorilla)**, which reached End of Life last month. Note that when using workers the `/_synapse/admin/v1/users/{userId}/media` must now be handled by media workers. See the [upgrade notes](https://matrix-org.github.io/synapse/latest/upgrade.html) for more information. Features -------- - Enable room capabilities ([MSC3244](matrix-org/matrix-spec-proposals#3244)) by default and set room version 8 as the preferred room version when creating restricted rooms. ([\matrix-org#10571](matrix-org#10571)) Synapse 1.41.0rc1 (2021-08-18) ============================== Features -------- - Add `get_userinfo_by_id` method to ModuleApi. ([\matrix-org#9581](matrix-org#9581)) - Initial local support for [MSC3266](matrix-org#10394), Room Summary over the unstable `/rooms/{roomIdOrAlias}/summary` API. ([\matrix-org#10394](matrix-org#10394)) - Experimental support for [MSC3288](matrix-org/matrix-spec-proposals#3288), sending `room_type` to the identity server for 3pid invites over the `/store-invite` API. ([\matrix-org#10435](matrix-org#10435)) - Add support for sending federation requests through a proxy. Contributed by @Bubu and @dklimpel. See the [upgrade notes](https://matrix-org.github.io/synapse/latest/upgrade.html) for more information. ([\matrix-org#10596](matrix-org#10596)). ([\matrix-org#10475](matrix-org#10475)) - Add support for "marker" events which makes historical events discoverable for servers that already have all of the scrollback history (part of [MSC2716](matrix-org/matrix-spec-proposals#2716)). ([\matrix-org#10498](matrix-org#10498)) - Add a configuration setting for the time a `/sync` response is cached for. ([\matrix-org#10513](matrix-org#10513)) - The default logging handler for new installations is now `PeriodicallyFlushingMemoryHandler`, a buffered logging handler which periodically flushes itself. ([\matrix-org#10518](matrix-org#10518)) - Add support for new redaction rules for historical events specified in [MSC2716](matrix-org/matrix-spec-proposals#2716). ([\matrix-org#10538](matrix-org#10538)) - Add a setting to disable TLS when sending email. ([\matrix-org#10546](matrix-org#10546)) - Add pagination to the spaces summary based on updates to [MSC2946](matrix-org/matrix-spec-proposals#2946). ([\matrix-org#10549](matrix-org#10549), [\matrix-org#10560](matrix-org#10560), [\matrix-org#10569](matrix-org#10569), [\matrix-org#10574](matrix-org#10574), [\matrix-org#10575](matrix-org#10575), [\matrix-org#10579](matrix-org#10579), [\matrix-org#10583](matrix-org#10583)) - Admin API to delete several media for a specific user. Contributed by @dklimpel. ([\matrix-org#10558](matrix-org#10558), [\matrix-org#10628](matrix-org#10628)) - Add support for routing `/createRoom` to workers. ([\matrix-org#10564](matrix-org#10564)) - Update the Synapse Grafana dashboard. ([\matrix-org#10570](matrix-org#10570)) - Add an admin API (`GET /_synapse/admin/username_available`) to check if a username is available (regardless of registration settings). ([\matrix-org#10578](matrix-org#10578)) - Allow editing a user's `external_ids` via the "Edit User" admin API. Contributed by @dklimpel. ([\matrix-org#10598](matrix-org#10598)) - The Synapse manhole no longer needs coroutines to be wrapped in `defer.ensureDeferred`. ([\matrix-org#10602](matrix-org#10602)) - Add option to allow modules to run periodic tasks on all instances, rather than just the one configured to run background tasks. ([\matrix-org#10638](matrix-org#10638)) Bugfixes -------- - Add some clarification to the sample config file. Contributed by @Kentokamoto. ([\matrix-org#10129](matrix-org#10129)) - Fix a long-standing bug where protocols which are not implemented by any appservices were incorrectly returned via `GET /_matrix/client/r0/thirdparty/protocols`. ([\matrix-org#10532](matrix-org#10532)) - Fix exceptions in logs when failing to get remote room list. ([\matrix-org#10541](matrix-org#10541)) - Fix longstanding bug which caused the user's presence "status message" to be reset when the user went offline. Contributed by @dklimpel. ([\matrix-org#10550](matrix-org#10550)) - Allow public rooms to be previewed in the spaces summary APIs from [MSC2946](matrix-org/matrix-spec-proposals#2946). ([\matrix-org#10580](matrix-org#10580)) - Fix a bug introduced in v1.37.1 where an error could occur in the asynchronous processing of PDUs when the queue was empty. ([\matrix-org#10592](matrix-org#10592)) - Fix errors on /sync when read receipt data is a string. Only affects homeservers with the experimental flag for [MSC2285](matrix-org/matrix-spec-proposals#2285) enabled. Contributed by @SimonBrandner. ([\matrix-org#10606](matrix-org#10606)) - Additional validation for the spaces summary API to avoid errors like `ValueError: Stop argument for islice() must be None or an integer`. The missing validation has existed since v1.31.0. ([\matrix-org#10611](matrix-org#10611)) - Revert behaviour introduced in v1.38.0 that strips `org.matrix.msc2732.device_unused_fallback_key_types` from `/sync` when its value is empty. This field should instead always be present according to [MSC2732](https://github.com/matrix-org/matrix-doc/blob/master/proposals/2732-olm-fallback-keys.md). ([\matrix-org#10623](matrix-org#10623)) Improved Documentation ---------------------- - Add documentation for configuring a forward proxy. ([\matrix-org#10443](matrix-org#10443)) - Updated the reverse proxy documentation to highlight the homserver configuration that is needed to make Synapse aware that is is intentionally reverse proxied. ([\matrix-org#10551](matrix-org#10551)) - Update CONTRIBUTING.md to fix index links and the instructions for SyTest in docker. ([\matrix-org#10599](matrix-org#10599)) Deprecations and Removals ------------------------- - No longer build `.deb` packages for Ubuntu 20.10 Groovy Gorilla, which has now EOLed. ([\matrix-org#10588](matrix-org#10588)) - The `template_dir` configuration settings in the `sso`, `account_validity` and `email` sections of the configuration file are now deprecated in favour of the global `templates.custom_template_directory` setting. See the [upgrade notes](https://matrix-org.github.io/synapse/latest/upgrade.html) for more information. ([\matrix-org#10596](matrix-org#10596)) Internal Changes ---------------- - Improve event caching mechanism to avoid having multiple copies of an event in memory at a time. ([\matrix-org#10119](matrix-org#10119)) - Reduce errors in PostgreSQL logs due to concurrent serialization errors. ([\matrix-org#10504](matrix-org#10504)) - Include room ID in ignored EDU log messages. Contributed by @ilmari. ([\matrix-org#10507](matrix-org#10507)) - Add pagination to the spaces summary based on updates to [MSC2946](matrix-org/matrix-spec-proposals#2946). ([\matrix-org#10527](matrix-org#10527), [\matrix-org#10530](matrix-org#10530)) - Fix CI to not break when run against branches rather than pull requests. ([\matrix-org#10529](matrix-org#10529)) - Mark all events stemming from the [MSC2716](matrix-org/matrix-spec-proposals#2716) `/batch_send` endpoint as historical. ([\matrix-org#10537](matrix-org#10537)) - Clean up some of the federation event authentication code for clarity. ([\matrix-org#10539](matrix-org#10539), [\matrix-org#10591](matrix-org#10591)) - Convert `Transaction` and `Edu` objects to attrs. ([\matrix-org#10542](matrix-org#10542)) - Update `/batch_send` endpoint to only return `state_events` created by the `state_events_from_before` passed in. ([\matrix-org#10552](matrix-org#10552)) - Update contributing.md to warn against rebasing an open PR. ([\matrix-org#10563](matrix-org#10563)) - Remove the unused public rooms replication stream. ([\matrix-org#10565](matrix-org#10565)) - Clarify error message when failing to join a restricted room. ([\matrix-org#10572](matrix-org#10572)) - Remove references to BuildKite in favour of GitHub Actions. ([\matrix-org#10573](matrix-org#10573)) - Move `/batch_send` endpoint defined by [MSC2716](matrix-org/matrix-spec-proposals#2716) to the `/v2_alpha` directory. ([\matrix-org#10576](matrix-org#10576)) - Allow multiple custom directories in `read_templates`. ([\matrix-org#10587](matrix-org#10587)) - Re-organize the `synapse.federation.transport.server` module to create smaller files. ([\matrix-org#10590](matrix-org#10590)) - Flatten the `synapse.rest.client` package by moving the contents of `v1` and `v2_alpha` into the parent. ([\matrix-org#10600](matrix-org#10600)) - Build Debian packages for Debian 12 (Bookworm). ([\matrix-org#10612](matrix-org#10612)) - Fix up a couple of links to the database schema documentation. ([\matrix-org#10620](matrix-org#10620)) - Fix a broken link to the upgrade notes. ([\matrix-org#10631](matrix-org#10631))
Synapse 1.41.0 (2021-08-24) =========================== This release adds support for Debian 12 (Bookworm), but **removes support for Ubuntu 20.10 (Groovy Gorilla)**, which reached End of Life last month. Note that when using workers the `/_synapse/admin/v1/users/{userId}/media` must now be handled by media workers. See the [upgrade notes](https://matrix-org.github.io/synapse/latest/upgrade.html) for more information. Features -------- - Enable room capabilities ([MSC3244](matrix-org/matrix-spec-proposals#3244)) by default and set room version 8 as the preferred room version when creating restricted rooms. ([\#10571](matrix-org/synapse#10571)) Synapse 1.41.0rc1 (2021-08-18) ============================== Features -------- - Add `get_userinfo_by_id` method to ModuleApi. ([\#9581](matrix-org/synapse#9581)) - Initial local support for [MSC3266](matrix-org/synapse#10394), Room Summary over the unstable `/rooms/{roomIdOrAlias}/summary` API. ([\#10394](matrix-org/synapse#10394)) - Experimental support for [MSC3288](matrix-org/matrix-spec-proposals#3288), sending `room_type` to the identity server for 3pid invites over the `/store-invite` API. ([\#10435](matrix-org/synapse#10435)) - Add support for sending federation requests through a proxy. Contributed by @Bubu and @dklimpel. See the [upgrade notes](https://matrix-org.github.io/synapse/latest/upgrade.html) for more information. ([\#10596](matrix-org/synapse#10596)). ([\#10475](matrix-org/synapse#10475)) - Add support for "marker" events which makes historical events discoverable for servers that already have all of the scrollback history (part of [MSC2716](matrix-org/matrix-spec-proposals#2716)). ([\#10498](matrix-org/synapse#10498)) - Add a configuration setting for the time a `/sync` response is cached for. ([\#10513](matrix-org/synapse#10513)) - The default logging handler for new installations is now `PeriodicallyFlushingMemoryHandler`, a buffered logging handler which periodically flushes itself. ([\#10518](matrix-org/synapse#10518)) - Add support for new redaction rules for historical events specified in [MSC2716](matrix-org/matrix-spec-proposals#2716). ([\#10538](matrix-org/synapse#10538)) - Add a setting to disable TLS when sending email. ([\#10546](matrix-org/synapse#10546)) - Add pagination to the spaces summary based on updates to [MSC2946](matrix-org/matrix-spec-proposals#2946). ([\#10549](matrix-org/synapse#10549), [\#10560](matrix-org/synapse#10560), [\#10569](matrix-org/synapse#10569), [\#10574](matrix-org/synapse#10574), [\#10575](matrix-org/synapse#10575), [\#10579](matrix-org/synapse#10579), [\#10583](matrix-org/synapse#10583)) - Admin API to delete several media for a specific user. Contributed by @dklimpel. ([\#10558](matrix-org/synapse#10558), [\#10628](matrix-org/synapse#10628)) - Add support for routing `/createRoom` to workers. ([\#10564](matrix-org/synapse#10564)) - Update the Synapse Grafana dashboard. ([\#10570](matrix-org/synapse#10570)) - Add an admin API (`GET /_synapse/admin/username_available`) to check if a username is available (regardless of registration settings). ([\#10578](matrix-org/synapse#10578)) - Allow editing a user's `external_ids` via the "Edit User" admin API. Contributed by @dklimpel. ([\#10598](matrix-org/synapse#10598)) - The Synapse manhole no longer needs coroutines to be wrapped in `defer.ensureDeferred`. ([\#10602](matrix-org/synapse#10602)) - Add option to allow modules to run periodic tasks on all instances, rather than just the one configured to run background tasks. ([\#10638](matrix-org/synapse#10638)) Bugfixes -------- - Add some clarification to the sample config file. Contributed by @Kentokamoto. ([\#10129](matrix-org/synapse#10129)) - Fix a long-standing bug where protocols which are not implemented by any appservices were incorrectly returned via `GET /_matrix/client/r0/thirdparty/protocols`. ([\#10532](matrix-org/synapse#10532)) - Fix exceptions in logs when failing to get remote room list. ([\#10541](matrix-org/synapse#10541)) - Fix longstanding bug which caused the user's presence "status message" to be reset when the user went offline. Contributed by @dklimpel. ([\#10550](matrix-org/synapse#10550)) - Allow public rooms to be previewed in the spaces summary APIs from [MSC2946](matrix-org/matrix-spec-proposals#2946). ([\#10580](matrix-org/synapse#10580)) - Fix a bug introduced in v1.37.1 where an error could occur in the asynchronous processing of PDUs when the queue was empty. ([\#10592](matrix-org/synapse#10592)) - Fix errors on /sync when read receipt data is a string. Only affects homeservers with the experimental flag for [MSC2285](matrix-org/matrix-spec-proposals#2285) enabled. Contributed by @SimonBrandner. ([\#10606](matrix-org/synapse#10606)) - Additional validation for the spaces summary API to avoid errors like `ValueError: Stop argument for islice() must be None or an integer`. The missing validation has existed since v1.31.0. ([\#10611](matrix-org/synapse#10611)) - Revert behaviour introduced in v1.38.0 that strips `org.matrix.msc2732.device_unused_fallback_key_types` from `/sync` when its value is empty. This field should instead always be present according to [MSC2732](https://github.com/matrix-org/matrix-doc/blob/master/proposals/2732-olm-fallback-keys.md). ([\#10623](matrix-org/synapse#10623)) Improved Documentation ---------------------- - Add documentation for configuring a forward proxy. ([\#10443](matrix-org/synapse#10443)) - Updated the reverse proxy documentation to highlight the homserver configuration that is needed to make Synapse aware that is is intentionally reverse proxied. ([\#10551](matrix-org/synapse#10551)) - Update CONTRIBUTING.md to fix index links and the instructions for SyTest in docker. ([\#10599](matrix-org/synapse#10599)) Deprecations and Removals ------------------------- - No longer build `.deb` packages for Ubuntu 20.10 Groovy Gorilla, which has now EOLed. ([\#10588](matrix-org/synapse#10588)) - The `template_dir` configuration settings in the `sso`, `account_validity` and `email` sections of the configuration file are now deprecated in favour of the global `templates.custom_template_directory` setting. See the [upgrade notes](https://matrix-org.github.io/synapse/latest/upgrade.html) for more information. ([\#10596](matrix-org/synapse#10596)) Internal Changes ---------------- - Improve event caching mechanism to avoid having multiple copies of an event in memory at a time. ([\#10119](matrix-org/synapse#10119)) - Reduce errors in PostgreSQL logs due to concurrent serialization errors. ([\#10504](matrix-org/synapse#10504)) - Include room ID in ignored EDU log messages. Contributed by @ilmari. ([\#10507](matrix-org/synapse#10507)) - Add pagination to the spaces summary based on updates to [MSC2946](matrix-org/matrix-spec-proposals#2946). ([\#10527](matrix-org/synapse#10527), [\#10530](matrix-org/synapse#10530)) - Fix CI to not break when run against branches rather than pull requests. ([\#10529](matrix-org/synapse#10529)) - Mark all events stemming from the [MSC2716](matrix-org/matrix-spec-proposals#2716) `/batch_send` endpoint as historical. ([\#10537](matrix-org/synapse#10537)) - Clean up some of the federation event authentication code for clarity. ([\#10539](matrix-org/synapse#10539), [\#10591](matrix-org/synapse#10591)) - Convert `Transaction` and `Edu` objects to attrs. ([\#10542](matrix-org/synapse#10542)) - Update `/batch_send` endpoint to only return `state_events` created by the `state_events_from_before` passed in. ([\#10552](matrix-org/synapse#10552)) - Update contributing.md to warn against rebasing an open PR. ([\#10563](matrix-org/synapse#10563)) - Remove the unused public rooms replication stream. ([\#10565](matrix-org/synapse#10565)) - Clarify error message when failing to join a restricted room. ([\#10572](matrix-org/synapse#10572)) - Remove references to BuildKite in favour of GitHub Actions. ([\#10573](matrix-org/synapse#10573)) - Move `/batch_send` endpoint defined by [MSC2716](matrix-org/matrix-spec-proposals#2716) to the `/v2_alpha` directory. ([\#10576](matrix-org/synapse#10576)) - Allow multiple custom directories in `read_templates`. ([\#10587](matrix-org/synapse#10587)) - Re-organize the `synapse.federation.transport.server` module to create smaller files. ([\#10590](matrix-org/synapse#10590)) - Flatten the `synapse.rest.client` package by moving the contents of `v1` and `v2_alpha` into the parent. ([\#10600](matrix-org/synapse#10600)) - Build Debian packages for Debian 12 (Bookworm). ([\#10612](matrix-org/synapse#10612)) - Fix up a couple of links to the database schema documentation. ([\#10620](matrix-org/synapse#10620)) - Fix a broken link to the upgrade notes. ([\#10631](matrix-org/synapse#10631))
Synapse 1.41.0 (2021-08-24) =========================== This release adds support for Debian 12 (Bookworm), but **removes support for Ubuntu 20.10 (Groovy Gorilla)**, which reached End of Life last month. Note that when using workers the `/_synapse/admin/v1/users/{userId}/media` must now be handled by media workers. See the [upgrade notes](https://matrix-org.github.io/synapse/latest/upgrade.html) for more information. Features -------- - Enable room capabilities ([MSC3244](matrix-org/matrix-spec-proposals#3244)) by default and set room version 8 as the preferred room version when creating restricted rooms. ([\matrix-org#10571](matrix-org#10571)) Synapse 1.41.0rc1 (2021-08-18) ============================== Features -------- - Add `get_userinfo_by_id` method to ModuleApi. ([\matrix-org#9581](matrix-org#9581)) - Initial local support for [MSC3266](matrix-org#10394), Room Summary over the unstable `/rooms/{roomIdOrAlias}/summary` API. ([\matrix-org#10394](matrix-org#10394)) - Experimental support for [MSC3288](matrix-org/matrix-spec-proposals#3288), sending `room_type` to the identity server for 3pid invites over the `/store-invite` API. ([\matrix-org#10435](matrix-org#10435)) - Add support for sending federation requests through a proxy. Contributed by @Bubu and @dklimpel. See the [upgrade notes](https://matrix-org.github.io/synapse/latest/upgrade.html) for more information. ([\matrix-org#10596](matrix-org#10596)). ([\matrix-org#10475](matrix-org#10475)) - Add support for "marker" events which makes historical events discoverable for servers that already have all of the scrollback history (part of [MSC2716](matrix-org/matrix-spec-proposals#2716)). ([\matrix-org#10498](matrix-org#10498)) - Add a configuration setting for the time a `/sync` response is cached for. ([\matrix-org#10513](matrix-org#10513)) - The default logging handler for new installations is now `PeriodicallyFlushingMemoryHandler`, a buffered logging handler which periodically flushes itself. ([\matrix-org#10518](matrix-org#10518)) - Add support for new redaction rules for historical events specified in [MSC2716](matrix-org/matrix-spec-proposals#2716). ([\matrix-org#10538](matrix-org#10538)) - Add a setting to disable TLS when sending email. ([\matrix-org#10546](matrix-org#10546)) - Add pagination to the spaces summary based on updates to [MSC2946](matrix-org/matrix-spec-proposals#2946). ([\matrix-org#10549](matrix-org#10549), [\matrix-org#10560](matrix-org#10560), [\matrix-org#10569](matrix-org#10569), [\matrix-org#10574](matrix-org#10574), [\matrix-org#10575](matrix-org#10575), [\matrix-org#10579](matrix-org#10579), [\matrix-org#10583](matrix-org#10583)) - Admin API to delete several media for a specific user. Contributed by @dklimpel. ([\matrix-org#10558](matrix-org#10558), [\matrix-org#10628](matrix-org#10628)) - Add support for routing `/createRoom` to workers. ([\matrix-org#10564](matrix-org#10564)) - Update the Synapse Grafana dashboard. ([\matrix-org#10570](matrix-org#10570)) - Add an admin API (`GET /_synapse/admin/username_available`) to check if a username is available (regardless of registration settings). ([\matrix-org#10578](matrix-org#10578)) - Allow editing a user's `external_ids` via the "Edit User" admin API. Contributed by @dklimpel. ([\matrix-org#10598](matrix-org#10598)) - The Synapse manhole no longer needs coroutines to be wrapped in `defer.ensureDeferred`. ([\matrix-org#10602](matrix-org#10602)) - Add option to allow modules to run periodic tasks on all instances, rather than just the one configured to run background tasks. ([\matrix-org#10638](matrix-org#10638)) Bugfixes -------- - Add some clarification to the sample config file. Contributed by @Kentokamoto. ([\matrix-org#10129](matrix-org#10129)) - Fix a long-standing bug where protocols which are not implemented by any appservices were incorrectly returned via `GET /_matrix/client/r0/thirdparty/protocols`. ([\matrix-org#10532](matrix-org#10532)) - Fix exceptions in logs when failing to get remote room list. ([\matrix-org#10541](matrix-org#10541)) - Fix longstanding bug which caused the user's presence "status message" to be reset when the user went offline. Contributed by @dklimpel. ([\matrix-org#10550](matrix-org#10550)) - Allow public rooms to be previewed in the spaces summary APIs from [MSC2946](matrix-org/matrix-spec-proposals#2946). ([\matrix-org#10580](matrix-org#10580)) - Fix a bug introduced in v1.37.1 where an error could occur in the asynchronous processing of PDUs when the queue was empty. ([\matrix-org#10592](matrix-org#10592)) - Fix errors on /sync when read receipt data is a string. Only affects homeservers with the experimental flag for [MSC2285](matrix-org/matrix-spec-proposals#2285) enabled. Contributed by @SimonBrandner. ([\matrix-org#10606](matrix-org#10606)) - Additional validation for the spaces summary API to avoid errors like `ValueError: Stop argument for islice() must be None or an integer`. The missing validation has existed since v1.31.0. ([\matrix-org#10611](matrix-org#10611)) - Revert behaviour introduced in v1.38.0 that strips `org.matrix.msc2732.device_unused_fallback_key_types` from `/sync` when its value is empty. This field should instead always be present according to [MSC2732](https://github.com/matrix-org/matrix-doc/blob/master/proposals/2732-olm-fallback-keys.md). ([\matrix-org#10623](matrix-org#10623)) Improved Documentation ---------------------- - Add documentation for configuring a forward proxy. ([\matrix-org#10443](matrix-org#10443)) - Updated the reverse proxy documentation to highlight the homserver configuration that is needed to make Synapse aware that is is intentionally reverse proxied. ([\matrix-org#10551](matrix-org#10551)) - Update CONTRIBUTING.md to fix index links and the instructions for SyTest in docker. ([\matrix-org#10599](matrix-org#10599)) Deprecations and Removals ------------------------- - No longer build `.deb` packages for Ubuntu 20.10 Groovy Gorilla, which has now EOLed. ([\matrix-org#10588](matrix-org#10588)) - The `template_dir` configuration settings in the `sso`, `account_validity` and `email` sections of the configuration file are now deprecated in favour of the global `templates.custom_template_directory` setting. See the [upgrade notes](https://matrix-org.github.io/synapse/latest/upgrade.html) for more information. ([\matrix-org#10596](matrix-org#10596)) Internal Changes ---------------- - Improve event caching mechanism to avoid having multiple copies of an event in memory at a time. ([\matrix-org#10119](matrix-org#10119)) - Reduce errors in PostgreSQL logs due to concurrent serialization errors. ([\matrix-org#10504](matrix-org#10504)) - Include room ID in ignored EDU log messages. Contributed by @ilmari. ([\matrix-org#10507](matrix-org#10507)) - Add pagination to the spaces summary based on updates to [MSC2946](matrix-org/matrix-spec-proposals#2946). ([\matrix-org#10527](matrix-org#10527), [\matrix-org#10530](matrix-org#10530)) - Fix CI to not break when run against branches rather than pull requests. ([\matrix-org#10529](matrix-org#10529)) - Mark all events stemming from the [MSC2716](matrix-org/matrix-spec-proposals#2716) `/batch_send` endpoint as historical. ([\matrix-org#10537](matrix-org#10537)) - Clean up some of the federation event authentication code for clarity. ([\matrix-org#10539](matrix-org#10539), [\matrix-org#10591](matrix-org#10591)) - Convert `Transaction` and `Edu` objects to attrs. ([\matrix-org#10542](matrix-org#10542)) - Update `/batch_send` endpoint to only return `state_events` created by the `state_events_from_before` passed in. ([\matrix-org#10552](matrix-org#10552)) - Update contributing.md to warn against rebasing an open PR. ([\matrix-org#10563](matrix-org#10563)) - Remove the unused public rooms replication stream. ([\matrix-org#10565](matrix-org#10565)) - Clarify error message when failing to join a restricted room. ([\matrix-org#10572](matrix-org#10572)) - Remove references to BuildKite in favour of GitHub Actions. ([\matrix-org#10573](matrix-org#10573)) - Move `/batch_send` endpoint defined by [MSC2716](matrix-org/matrix-spec-proposals#2716) to the `/v2_alpha` directory. ([\matrix-org#10576](matrix-org#10576)) - Allow multiple custom directories in `read_templates`. ([\matrix-org#10587](matrix-org#10587)) - Re-organize the `synapse.federation.transport.server` module to create smaller files. ([\matrix-org#10590](matrix-org#10590)) - Flatten the `synapse.rest.client` package by moving the contents of `v1` and `v2_alpha` into the parent. ([\matrix-org#10600](matrix-org#10600)) - Build Debian packages for Debian 12 (Bookworm). ([\matrix-org#10612](matrix-org#10612)) - Fix up a couple of links to the database schema documentation. ([\matrix-org#10620](matrix-org#10620)) - Fix a broken link to the upgrade notes. ([\matrix-org#10631](matrix-org#10631))
Can be specified by HTTPS_PROXY env var.
pass unfiltered reactor to federation agent for proxy support
Sorry for so much lines of code in one PR.
I have tried to do smaller commits.
Replaces: #9306
Fixes: #8660
Blocked by:ToDo:
Need help / review
Unfortunately I do not know how to do this.
Pull Request Checklist
EventStore
toEventWorkerStore
.".code blocks
.Signed-off-by: Dirk Klimpel [email protected]