Mirrors
/
synapse-old
mirror of https://github.com/matrix-org/synapse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

deploy: d548d8f18d

This commit is contained in:
richvdh 2022-07-29 14:16:07 +00:00
parent 171dd6e719
commit 3f0d739f4f
5 changed files with 298 additions and 316 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

141
develop/print.html
View File

@ -1613,15 +1613,6 @@ dpkg -i matrix-synapse-py3_1.3.0+stretch1_amd64.deb
</li>
</ul>
<h1 id="upgrading-to-v1640"><a class="header" href="#upgrading-to-v1640">Upgrading to v1.64.0</a></h1>
<h2 id="delegation-of-email-validation-no-longer-supported"><a class="header" href="#delegation-of-email-validation-no-longer-supported">Delegation of email validation no longer supported</a></h2>
<p>As of this version, Synapse no longer allows the tasks of verifying email address
ownership, and password reset confirmation, to be delegated to an identity server.</p>
<p>To continue to allow users to add email addresses to their homeserver accounts,
and perform password resets, make sure that Synapse is configured with a
working email server in the <code>email</code> configuration section (including, at a
minimum, a <code>notif_from</code> setting.)</p>
<p>Specifying an <code>email</code> setting under <code>account_threepid_delegates</code> will now cause
an error at startup.</p>
<h2 id="changes-to-the-event-replication-streams"><a class="header" href="#changes-to-the-event-replication-streams">Changes to the event replication streams</a></h2>
<p>Synapse now includes a flag indicating if an event is an outlier when
replicating it to other workers. This is a forwards- and backwards-incompatible
@ -3175,10 +3166,10 @@ messages from the database after 5 minutes, rather than 5 months.</p>
<p>In addition, configuration options referring to size use the following suffixes:</p>
<ul>
<li><code>M</code> = MiB, or 1,048,576 bytes</li>
<li><code>K</code> = KiB, or 1024 bytes </li>
<li><code>K</code> = KiB, or 1024 bytes</li>
</ul>
<p>For example, setting <code>max_avatar_size: 10M</code> means that Synapse will not accept files larger than 10,485,760 bytes
for a user avatar. </p>
for a user avatar.</p>
<h3 id="yaml"><a class="header" href="#yaml">YAML</a></h3>
<p>The configuration file is a <a href="https://yaml.org/">YAML</a> file, which means that certain syntax rules
apply if you want your config file to be read properly. A few helpful things to know:</p>
@ -3203,7 +3194,7 @@ is read as a sub-option of the <code>presence</code> setting, and will be proper
that when reading the config, Synapse will consider both <code>presence</code> and <code>enabled</code> as
different settings. In this case, <code>presence</code> has no value, and thus a default applied, and <code>enabled</code>
is an option that Synapse doesn't recognize and thus ignores.</p>
<p>Example #1: </p>
<p>Example #1:</p>
<pre><code class="language-yaml">presence:
enabled: false
</code></pre>
@ -3215,7 +3206,7 @@ enabled: false
at the beginning of their section (i.e. &quot;### <code>example_setting</code>&quot;) and
the sub-options, if any, are identified and listed in the body of the section.
In addition, each setting has an example of its usage, with the proper indentation
shown. </p>
shown.</p>
</li>
</ul>
<h2 id="contents"><a class="header" href="#contents">Contents</a></h2>
@ -3276,7 +3267,7 @@ a clean <code>server_name</code>.</p>
<p>The <code>server_name</code> cannot be changed later so it is important to
configure this correctly before you start Synapse. It should be all
lowercase and may contain an explicit port.</p>
<p>There is no default for this option. </p>
<p>There is no default for this option.</p>
<p>Example configuration #1:</p>
<pre><code class="language-yaml">server_name: matrix.org
</code></pre>
@ -3291,7 +3282,7 @@ lowercase and may contain an explicit port.</p>
</code></pre>
<hr />
<h3 id="web_client_location"><a class="header" href="#web_client_location"><code>web_client_location</code></a></h3>
<p>The absolute URL to the web client which <code>/</code> will redirect to. Defaults to none. </p>
<p>The absolute URL to the web client which <code>/</code> will redirect to. Defaults to none.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">web_client_location: https://riot.example.com/
</code></pre>
@ -3337,14 +3328,14 @@ alongside the standard properties.</p>
<h3 id="soft_file_limit"><a class="header" href="#soft_file_limit"><code>soft_file_limit</code></a></h3>
<p>Set the soft limit on the number of file descriptors synapse can use.
Zero is used to indicate synapse should set the soft limit to the hard limit.
Defaults to 0. </p>
Defaults to 0.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">soft_file_limit: 3
</code></pre>
<hr />
<h3 id="presence"><a class="header" href="#presence"><code>presence</code></a></h3>
<p>Presence tracking allows users to see the state (e.g online/offline)
of other local and remote users. Set the <code>enabled</code> sub-option to false to<br />
of other local and remote users. Set the <code>enabled</code> sub-option to false to
disable presence tracking on this homeserver. Defaults to true.
This option replaces the previous top-level 'use_presence' option.</p>
<p>Example configuration:</p>
@ -3365,7 +3356,7 @@ via the federation API, unless <code>allow_profile_lookup_over_federation</code>
to retrieve their profile information. Only checked on Client-Server
requests. Profile requests from other servers should be checked by the
requesting server. Defaults to false.</p>
<p>Example configuration: </p>
<p>Example configuration:</p>
<pre><code class="language-yaml">limit_profile_requests_to_users_who_share_rooms: true
</code></pre>
<hr />
@ -3398,7 +3389,7 @@ rooms directory via federation. Defaults to false.</p>
<p>The default room version for newly created rooms on this server.</p>
<p>Known room versions are listed <a href="https://spec.matrix.org/latest/rooms/#complete-list-of-room-versions">here</a></p>
<p>For example, for room version 1, <code>default_room_version</code> should be set
to &quot;1&quot;. </p>
to &quot;1&quot;.</p>
<p>Currently defaults to &quot;9&quot;.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">default_room_version: &quot;8&quot;
@ -3406,7 +3397,7 @@ to &quot;1&quot;. </p>
<hr />
<h3 id="gc_thresholds"><a class="header" href="#gc_thresholds"><code>gc_thresholds</code></a></h3>
<p>The garbage collection threshold parameters to pass to <code>gc.set_threshold</code>, if defined.
Defaults to none. </p>
Defaults to none.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">gc_thresholds: [700, 10, 10]
</code></pre>
@ -3493,7 +3484,7 @@ configuration.</p>
<p>Sub-options for each listener include:</p>
<ul>
<li>
<p><code>port</code>: the TCP port to bind to. </p>
<p><code>port</code>: the TCP port to bind to.</p>
</li>
<li>
<p><code>bind_addresses</code>: a list of local addresses to listen on. The default is
@ -3654,14 +3645,14 @@ delete any device that hasn't been accessed for more than the specified amount o
<p>Useful options for Synapse admins.</p>
<hr />
<h3 id="admin_contact"><a class="header" href="#admin_contact"><code>admin_contact</code></a></h3>
<p>How to reach the server admin, used in <code>ResourceLimitError</code>. Defaults to none. </p>
<p>How to reach the server admin, used in <code>ResourceLimitError</code>. Defaults to none.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">admin_contact: 'mailto:admin@server.com'
</code></pre>
<hr />
<h3 id="hs_disabled-and-hs_disabled_message"><a class="header" href="#hs_disabled-and-hs_disabled_message"><code>hs_disabled</code> and <code>hs_disabled_message</code></a></h3>
<p>Blocks users from connecting to the homeserver and provides a human-readable reason
why the connection was blocked. Defaults to false. </p>
why the connection was blocked. Defaults to false.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">hs_disabled: true
hs_disabled_message: 'Reason for why the HS is blocked'
@ -3688,7 +3679,7 @@ blocking user actions if <code>limit_usage_by_mau</code> is enabled. Defaults to
means that users must be active for the specified number of days before they
can be considered active and guards against the case where lots of users
sign up in a short space of time never to return after their initial
session. Defaults to 0. </p>
session. Defaults to 0.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">mau_trial_days: 5
</code></pre>
@ -3717,7 +3708,7 @@ means that alerting is enabled.</p>
<h3 id="mau_stats_only"><a class="header" href="#mau_stats_only"><code>mau_stats_only</code></a></h3>
<p>If enabled, the metrics for the number of monthly active users will
be populated, however no one will be limited based on these numbers. If <code>limit_usage_by_mau</code>
is true, this is implied to be true. Defaults to false. </p>
is true, this is implied to be true. Defaults to false.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">mau_stats_only: true
</code></pre>
@ -3735,7 +3726,7 @@ reserved threepid (3rd party identifier).</p>
<hr />
<h3 id="server_context"><a class="header" href="#server_context"><code>server_context</code></a></h3>
<p>This option is used by phonehome stats to group together related servers.
Defaults to none. </p>
Defaults to none.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">server_context: context
</code></pre>
@ -3749,11 +3740,11 @@ resource-constrained. Options for this setting include:</p>
<li><code>enabled</code>: whether this check is enabled. Defaults to false.</li>
<li><code>complexity</code>: the limit above which rooms cannot be joined. The default is 1.0.</li>
<li><code>complexity_error</code>: override the error which is returned when the room is too complex with a
custom message. </li>
custom message.</li>
<li><code>admins_can_join</code>: allow server admins to join complex rooms. Default is false.</li>
</ul>
<p>Room complexity is an arbitrary measure based on factors such as the number of
users in the room. </p>
users in the room.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">limit_remote_rooms:
enabled: true
@ -3779,7 +3770,7 @@ Defaults to true.</p>
<hr />
<h3 id="max_avatar_size"><a class="header" href="#max_avatar_size"><code>max_avatar_size</code></a></h3>
<p>The largest permissible file size in bytes for a user avatar. Defaults to no restriction.
Use M for MB and K for KB. </p>
Use M for MB and K for KB.</p>
<p>Note that user avatar changes will not work if this is set without using Synapse's media repository.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">max_avatar_size: 10M
@ -3858,7 +3849,7 @@ the <code>allowed_lifetime_min</code> and <code>allowed_lifetime_max</code> conf
<p>If this feature is enabled, Synapse will regularly look for and purge events
which are older than the room's maximum retention period. Synapse will also
filter events received over federation so that events that should have been
purged are ignored and not stored again. </p>
purged are ignored and not stored again.</p>
<p>The message retention policies feature is disabled by default.</p>
<p>This setting has the following sub-options:</p>
<ul>
@ -3866,7 +3857,7 @@ purged are ignored and not stored again. </p>
<p><code>default_policy</code>: Default retention policy. If set, Synapse will apply it to rooms that lack the
'm.room.retention' state event. This option is further specified by the
<code>min_lifetime</code> and <code>max_lifetime</code> sub-options associated with it. Note that the
value of <code>min_lifetime</code> doesn't matter much because Synapse doesn't take it into account yet. </p>
value of <code>min_lifetime</code> doesn't matter much because Synapse doesn't take it into account yet.</p>
</li>
<li>
<p><code>allowed_lifetime_min</code> and <code>allowed_lifetime_max</code>: Retention policy limits. If
@ -3924,16 +3915,16 @@ configuration).</p>
<h3 id="tls_certificate_path"><a class="header" href="#tls_certificate_path"><code>tls_certificate_path</code></a></h3>
<p>This option specifies a PEM-encoded X509 certificate for TLS.
This certificate, as of Synapse 1.0, will need to be a valid and verifiable
certificate, signed by a recognised Certificate Authority. Defaults to none. </p>
certificate, signed by a recognised Certificate Authority. Defaults to none.</p>
<p>Be sure to use a <code>.pem</code> file that includes the full certificate chain including
any intermediate certificates (for instance, if using certbot, use
<code>fullchain.pem</code> as your certificate, not <code>cert.pem</code>). </p>
<code>fullchain.pem</code> as your certificate, not <code>cert.pem</code>).</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">tls_certificate_path: &quot;CONFDIR/SERVERNAME.tls.crt&quot;
</code></pre>
<hr />
<h3 id="tls_private_key_path"><a class="header" href="#tls_private_key_path"><code>tls_private_key_path</code></a></h3>
<p>PEM-encoded private key for TLS. Defaults to none. </p>
<p>PEM-encoded private key for TLS. Defaults to none.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">tls_private_key_path: &quot;CONFDIR/SERVERNAME.tls.key&quot;
</code></pre>
@ -4068,12 +4059,12 @@ variable would be <code>SYNAPSE_CACHE_FACTOR_STATEGROUPCACHE=2.0</code>.</p>
<li>
<p><code>expire_caches</code>: Controls whether cache entries are evicted after a specified time
period. Defaults to true. Set to false to disable this feature. Note that never expiring
caches may result in excessive memory usage. </p>
caches may result in excessive memory usage.</p>
</li>
<li>
<p><code>cache_entry_ttl</code>: If <code>expire_caches</code> is enabled, this flag controls how long an entry can
be in a cache without having been accessed before being evicted.
Defaults to 30m. </p>
Defaults to 30m.</p>
</li>
<li>
<p><code>sync_response_cache_duration</code>: Controls how long the results of a /sync request are
@ -4100,7 +4091,7 @@ the setting below, or until the <code>min_cache_ttl</code> is hit. There is no d
for this option.</li>
<li><code>min_cache_ttl</code> sets a limit under which newer cache entries are not evicted and is only applied when
caches are actively being evicted/<code>max_cache_memory_usage</code> has been exceeded. This is to protect hot caches
from being emptied while Synapse is evicting due to memory. There is no default value for this option. </li>
from being emptied while Synapse is evicting due to memory. There is no default value for this option.</li>
</ul>
</li>
</ul>
@ -4136,7 +4127,7 @@ its data.</p>
<ul>
<li>
<p><code>name</code>: this option specifies the database engine to use: either <code>sqlite3</code> (for SQLite)
or <code>psycopg2</code> (for PostgreSQL). If no name is specified Synapse will default to SQLite. </p>
or <code>psycopg2</code> (for PostgreSQL). If no name is specified Synapse will default to SQLite.</p>
</li>
<li>
<p><code>txn_limit</code> gives the maximum number of transactions to run per connection
@ -4277,7 +4268,7 @@ when Synapse is started.</p>
</code></pre>
<hr />
<h2 id="logging"><a class="header" href="#logging">Logging</a></h2>
<p>Config options related to logging. </p>
<p>Config options related to logging.</p>
<hr />
<h3 id="log_config"><a class="header" href="#log_config"><code>log_config</code></a></h3>
<p>This option specifies a yaml python logging config file as described <a href="https://docs.python.org/3.7/library/logging.config.html#configuration-dictionary-schema">here</a>.</p>
@ -4286,7 +4277,7 @@ when Synapse is started.</p>
</code></pre>
<hr />
<h2 id="ratelimiting"><a class="header" href="#ratelimiting">Ratelimiting</a></h2>
<p>Options related to ratelimiting in Synapse. </p>
<p>Options related to ratelimiting in Synapse.</p>
<p>Each ratelimiting configuration is made of two parameters:</p>
<ul>
<li><code>per_second</code>: number of requests a client can send per second.</li>
@ -4305,7 +4296,7 @@ is using. It defaults to: <code>per_second: 0.2</code>, <code>burst_count: 10</c
<hr />
<h3 id="rc_registration"><a class="header" href="#rc_registration"><code>rc_registration</code></a></h3>
<p>This option ratelimits registration requests based on the client's IP address.
It defaults to <code>per_second: 0.17</code>, <code>burst_count: 3</code>. </p>
It defaults to <code>per_second: 0.17</code>, <code>burst_count: 3</code>.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">rc_registration:
per_second: 0.15
@ -4356,7 +4347,7 @@ attempts for this account. Defaults to <code>per_second: 0.17</code>, <code>burs
<h3 id="rc_admin_redaction"><a class="header" href="#rc_admin_redaction"><code>rc_admin_redaction</code></a></h3>
<p>This option sets ratelimiting redactions by room admins. If this is not explicitly
set then it uses the same ratelimiting as per <code>rc_message</code>. This is useful
to allow room admins to deal with abuse quickly. </p>
to allow room admins to deal with abuse quickly.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">rc_admin_redaction:
per_second: 1
@ -4373,7 +4364,7 @@ Defaults to <code>per_second: 0.1</code>, <code>burst_count: 10</code>.</p>
<li>
<p><code>remote</code>: ratelimits when users are trying to join rooms not on the server (which
can be more computationally expensive than restricting locally). Defaults to
<code>per_second: 0.01</code>, <code>burst_count: 10</code> </p>
<code>per_second: 0.01</code>, <code>burst_count: 10</code></p>
</li>
</ul>
<p>Example configuration:</p>
@ -4411,7 +4402,7 @@ Defaults to <code>per_second: 0.003</code>, <code>burst_count: 5</code>.</p>
<h3 id="rc_invites"><a class="header" href="#rc_invites"><code>rc_invites</code></a></h3>
<p>This option sets ratelimiting how often invites can be sent in a room or to a
specific user. <code>per_room</code> defaults to <code>per_second: 0.3</code>, <code>burst_count: 10</code> and
<code>per_user</code> defaults to <code>per_second: 0.003</code>, <code>burst_count: 5</code>. </p>
<code>per_user</code> defaults to <code>per_second: 0.003</code>, <code>burst_count: 5</code>.</p>
<p>Client requests that invite user(s) when <a href="https://spec.matrix.org/v1.2/client-server-api/#post_matrixclientv3createroom">creating a
room</a>
will count against the <code>rc_invites.per_room</code> limit, whereas
@ -4449,7 +4440,7 @@ sending the invite. Defaults to <code>per_second: 0.2</code>, <code>burst_count:
</code></pre>
<hr />
<h3 id="rc_federation"><a class="header" href="#rc_federation"><code>rc_federation</code></a></h3>
<p>Defines limits on federation requests. </p>
<p>Defines limits on federation requests.</p>
<p>The <code>rc_federation</code> configuration has the following sub-options:</p>
<ul>
<li><code>window_size</code>: window size in milliseconds. Defaults to 1000.</li>
@ -4475,7 +4466,7 @@ from a single server. Defaults to 3.</li>
<p>Sets outgoing federation transaction frequency for sending read-receipts,
per-room.</p>
<p>If we end up trying to send out more read-receipts, they will get buffered up
into fewer transactions. Defaults to 50. </p>
into fewer transactions. Defaults to 50.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">federation_rr_transactions_per_room_per_second: 40
</code></pre>
@ -4504,7 +4495,7 @@ locations. Defaults to none. Associated sub-options are:</p>
<li><code>store_local</code>: whether to store newly uploaded local files</li>
<li><code>store_remote</code>: whether to store newly downloaded local files</li>
<li><code>store_synchronous</code>: whether to wait for successful storage for local uploads</li>
<li><code>config</code>: sets a path to the resource through the <code>directory</code> option </li>
<li><code>config</code>: sets a path to the resource through the <code>directory</code> option</li>
</ul>
<p>Example configuration:</p>
<pre><code class="language-yaml">media_storage_providers:
@ -4520,7 +4511,7 @@ locations. Defaults to none. Associated sub-options are:</p>
<p>The largest allowed upload size in bytes.</p>
<p>If you are using a reverse proxy you may also need to set this value in
your reverse proxy's config. Defaults to 50M. Notably Nginx has a small max body size by default.
See <a href="usage/configuration/../../reverse_proxy.html">here</a> for more on using a reverse proxy with Synapse. </p>
See <a href="usage/configuration/../../reverse_proxy.html">here</a> for more on using a reverse proxy with Synapse.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">max_upload_size: 60M
</code></pre>
@ -4536,7 +4527,7 @@ See <a href="usage/configuration/../../reverse_proxy.html">here</a> for more on
the resolution requested by the client. If true then whenever
a new resolution is requested by the client the server will
generate a new thumbnail. If false the server will pick a thumbnail
from a precalculated list. Defaults to false. </p>
from a precalculated list. Defaults to false.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">dynamic_thumbnails: true
</code></pre>
@ -4642,7 +4633,7 @@ you use the following example list as a starting point.</p>
to access even if they are specified in <code>url_preview_ip_range_blacklist</code>.
This is useful for specifying exceptions to wide-ranging blacklisted
target IP ranges - e.g. for enabling URL previews for a specific private
website only visible in your network. Defaults to none. </p>
website only visible in your network. Defaults to none.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">url_preview_ip_range_whitelist:
- '192.168.1.1'
@ -4720,7 +4711,7 @@ using quality value syntax (;q=). '*' translates to any language.</p>
used for generating URLs previews of services which support it. A default list of oEmbed providers
is included with Synapse. Set <code>disable_default_providers</code> to true to disable using
these default oEmbed URLs. Use <code>additional_providers</code> to specify additional files with oEmbed configuration (each
should be in the form of providers.json). By default this list is empty. </p>
should be in the form of providers.json). By default this list is empty.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">oembed:
disable_default_providers: true
@ -4951,7 +4942,7 @@ their account.</p>
<p>(Servers handling the these requests must answer the <code>/requestToken</code> endpoints defined
by the Matrix Identity Service API
<a href="https://matrix.org/docs/spec/identity_service/latest">specification</a>.)</p>
<p><em>Updated in Synapse 1.64.0</em>: No longer accepts an <code>email</code> option.</p>
<p><em>Updated in Synapse 1.64.0</em>: The <code>email</code> option is deprecated.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">account_threepid_delegates:
msisdn: http://localhost:8090 # Delegate SMS sending to this local process
@ -4990,7 +4981,7 @@ to the rooms listed under this option.</p>
as a publicly joinable room when the first user registers for the
homeserver. If the room already exists, make certain it is a publicly joinable
room, i.e. the join rule of the room must be set to 'public'. You can find more options
relating to auto-joining rooms below. </p>
relating to auto-joining rooms below.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">auto_join_rooms:
- &quot;#exampleroom:example.com&quot;
@ -5030,9 +5021,9 @@ effect if <code>autocreate_auto_join_rooms</code> is true.</p>
<ul>
<li>&quot;public_chat&quot;: the room is joinable by anyone, including
federated servers if <code>autocreate_auto_join_rooms_federated</code> is true (the default).</li>
<li>&quot;private_chat&quot;: an invitation is required to join these rooms. </li>
<li>&quot;private_chat&quot;: an invitation is required to join these rooms.</li>
<li>&quot;trusted_private_chat&quot;: an invitation is required to join this room and the invitee is
assigned a power level of 100 upon joining the room. </li>
assigned a power level of 100 upon joining the room.</li>
</ul>
<p>If a value of &quot;private_chat&quot; or &quot;trusted_private_chat&quot; is used then
<code>auto_join_mxid_localpart</code> must also be configured.</p>
@ -5089,7 +5080,7 @@ Defaults to false.</p>
<hr />
<h3 id="sentry"><a class="header" href="#sentry"><code>sentry</code></a></h3>
<p>Use this option to enable sentry integration. Provide the DSN assigned to you by sentry
with the <code>dsn</code> setting. </p>
with the <code>dsn</code> setting.</p>
<p>NOTE: While attempts are made to ensure that the logs don't contain
any sensitive information, this cannot be guaranteed. By enabling
this option the sentry server may therefore receive sensitive
@ -5333,7 +5324,7 @@ complete the authentication process, if <code>allow_unsolicited</code> is unset.
custom solution to mapping attributes returned from a saml provider onto a matrix user. The
<code>user_mapping_provider</code> has the following attributes:
<ul>
<li><code>module</code>: The custom module's class. </li>
<li><code>module</code>: The custom module's class.</li>
<li><code>config</code>: Custom configuration values for the module. Use the values provided in the
example if you are using the built-in user_mapping_provider, or provide your own
config values for a custom class if you are using one. This section will be passed as a Python
@ -5356,7 +5347,7 @@ The default is <code>hexencode</code>. Note: This used to be configured by the
MXID was always calculated dynamically rather than stored in a table. For backwards- compatibility, we will look for <code>user_ids</code>
matching such a pattern before creating a new account. This setting controls the SAML attribute which will be used for this
backwards-compatibility lookup. Typically it should be 'uid', but if the attribute maps are changed, it may be necessary to change it.
The default is 'uid'. </li>
The default is 'uid'.</li>
<li><code>attribute_requirements</code>: It is possible to configure Synapse to only allow logins if SAML attributes
match particular values. The requirements can be listed under
<code>attribute_requirements</code> as shown in the example. All of the listed attributes must
@ -5760,7 +5751,7 @@ validation will fail without configuring audiences.</li>
</code></pre>
<hr />
<h3 id="password_config"><a class="header" href="#password_config"><code>password_config</code></a></h3>
<p>Use this setting to enable password-based logins. </p>
<p>Use this setting to enable password-based logins.</p>
<p>This setting has the following sub-options:</p>
<ul>
<li><code>enabled</code>: Defaults to true.
@ -5769,7 +5760,7 @@ Set to <code>only_for_reauth</code> to allow users with existing passwords to us
to log in and reauthenticate, whilst preventing new users from setting passwords.</li>
<li><code>localdb_enabled</code>: Set to false to disable authentication against the local password
database. This is ignored if <code>enabled</code> is false, and is only useful
if you have other <code>password_providers</code>. Defaults to true. </li>
if you have other <code>password_providers</code>. Defaults to true.</li>
<li><code>pepper</code>: Set the value here to a secret random string for extra security.
DO NOT CHANGE THIS AFTER INITIAL SETUP!</li>
<li><code>policy</code>: Define and enforce a password policy, such as minimum lengths for passwords, etc.
@ -5895,7 +5886,7 @@ of the user(s) that sent the message(s), e.g. &quot;Alice and Bob&quot;, and '%(
message(s) have been sent to, e.g. &quot;My super room&quot;. In addition, emails related to account administration will
can use the '%(server_name)s' placeholder, which will be replaced by the value of the
<code>server_name</code> setting in your Synapse configuration.</p>
<p>Here is a list of subjects for notification emails that can be set: </p>
<p>Here is a list of subjects for notification emails that can be set:</p>
<ul>
<li><code>message_from_person_in_room</code>: Subject to use to notify about one message from one or more user(s) in a
room which has a name. Defaults to &quot;[%(app)s] You have a message on %(app)s from %(person)s in the %(room)s room...&quot;</li>
@ -5955,7 +5946,7 @@ ownership. Defaults to &quot;[%(server_name)s] Validate your email&quot;</li>
<p>Configuration settings related to push notifications</p>
<hr />
<h3 id="push-1"><a class="header" href="#push-1"><code>push</code></a></h3>
<p>This setting defines options for push notifications. </p>
<p>This setting defines options for push notifications.</p>
<p>This option has a number of sub-options. They are as follows:</p>
<ul>
<li><code>include_content</code>: Clients requesting push notifications can either have the body of
@ -6002,7 +5993,7 @@ will also not affect rooms created by other servers.</p>
</code></pre>
<hr />
<h3 id="user_directory"><a class="header" href="#user_directory"><code>user_directory</code></a></h3>
<p>This setting defines options related to the user directory. </p>
<p>This setting defines options related to the user directory.</p>
<p>This option has the following sub-options:</p>
<ul>
<li><code>enabled</code>: Defines whether users can search the user directory. If false then
@ -6087,11 +6078,11 @@ Defaults to &quot;Privacy Policy&quot;.</p>
<hr />
<h3 id="stats"><a class="header" href="#stats"><code>stats</code></a></h3>
<p>Settings for local room and user statistics collection. See <a href="usage/configuration/../../room_and_user_statistics.html">here</a>
for more. </p>
for more.</p>
<ul>
<li><code>enabled</code>: Set to false to disable room and user statistics. Note that doing
so may cause certain features (such as the room directory) not to work
correctly. Defaults to true. </li>
correctly. Defaults to true.</li>
</ul>
<p>Example configuration:</p>
<pre><code class="language-yaml">stats:
@ -6122,7 +6113,7 @@ notices.</p>
<h3 id="enable_room_list_search"><a class="header" href="#enable_room_list_search"><code>enable_room_list_search</code></a></h3>
<p>Set to false to disable searching the public room list. When disabled
blocks searching local and remote room lists for local and remote
users by always returning an empty list for all queries. Defaults to true. </p>
users by always returning an empty list for all queries. Defaults to true.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">enable_room_list_search: false
</code></pre>
@ -6142,7 +6133,7 @@ can create aliases.</p>
<li><code>user_id</code>: Matches against the creator of the alias. Defaults to &quot;*&quot;.</li>
<li><code>alias</code>: Matches against the alias being created. Defaults to &quot;*&quot;.</li>
<li><code>room_id</code>: Matches against the room ID the alias is being pointed at. Defaults to &quot;*&quot;</li>
<li><code>action</code>: Whether to &quot;allow&quot; or &quot;deny&quot; the request if the rule matches. Defaults to allow. </li>
<li><code>action</code>: Whether to &quot;allow&quot; or &quot;deny&quot; the request if the rule matches. Defaults to allow.</li>
</ul>
<p>Example configuration:</p>
<pre><code class="language-yaml">alias_creation_rules:
@ -6167,7 +6158,7 @@ can publish rooms.</p>
<li><code>user_id</code>: Matches against the creator of the alias. Defaults to &quot;*&quot;.</li>
<li><code>alias</code>: Matches against any current local or canonical aliases associated with the room. Defaults to &quot;*&quot;.</li>
<li><code>room_id</code>: Matches against the room ID being published. Defaults to &quot;*&quot;.</li>
<li><code>action</code>: Whether to &quot;allow&quot; or &quot;deny&quot; the request if the rule matches. Defaults to allow. </li>
<li><code>action</code>: Whether to &quot;allow&quot; or &quot;deny&quot; the request if the rule matches. Defaults to allow.</li>
</ul>
<p>Example configuration:</p>
<pre><code class="language-yaml">room_list_publication_rules:
@ -6241,18 +6232,18 @@ mostly related to trace sampling which is documented <a href="https://www.jaeger
<hr />
<h3 id="send_federation"><a class="header" href="#send_federation"><code>send_federation</code></a></h3>
<p>Controls sending of outbound federation transactions on the main process.
Set to false if using a federation sender worker. Defaults to true. </p>
Set to false if using a federation sender worker. Defaults to true.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">send_federation: false
</code></pre>
<hr />
<h3 id="federation_sender_instances"><a class="header" href="#federation_sender_instances"><code>federation_sender_instances</code></a></h3>
<p>It is possible to run multiple federation sender workers, in which case the
work is balanced across them. Use this setting to list the senders. </p>
work is balanced across them. Use this setting to list the senders.</p>
<p>This configuration setting must be shared between all federation sender workers, and if
changed all federation sender workers must be stopped at the same time and then
started, to ensure that all instances are running with the same config (otherwise
events may be dropped). </p>
events may be dropped).</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">federation_sender_instances:
- federation_sender1
@ -6260,7 +6251,7 @@ events may be dropped). </p>
<hr />
<h3 id="instance_map"><a class="header" href="#instance_map"><code>instance_map</code></a></h3>
<p>When using workers this should be a map from worker name to the
HTTP replication listener of the worker, if configured. </p>
HTTP replication listener of the worker, if configured.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">instance_map:
worker1:
@ -6297,7 +6288,7 @@ from workers.</p>
using workers (unless using old style direct TCP configuration).
This setting has the following sub-options:</p>
<ul>
<li><code>enabled</code>: whether to use Redis support. Defaults to false. </li>
<li><code>enabled</code>: whether to use Redis support. Defaults to false.</li>
<li><code>host</code> and <code>port</code>: Optional host and port to use to connect to redis. Defaults to
localhost and 6379</li>
<li><code>password</code>: Optional password if configured on the Redis instance.</li>
@ -6310,7 +6301,7 @@ localhost and 6379</li>
password: &lt;secret_password&gt;
</code></pre>
<h2 id="background-updates"><a class="header" href="#background-updates">Background Updates</a></h2>
<p>Configuration settings related to background updates. </p>
<p>Configuration settings related to background updates.</p>
<hr />
<h3 id="background_updates"><a class="header" href="#background_updates"><code>background_updates</code></a></h3>
<p>Background updates are database updates that are run in the background in batches.
@ -6328,7 +6319,7 @@ Set a size to change the default.</li>
<li><code>default_batch_size</code>: The batch size to use for the first iteration of a new background update. The default is 100.
Set a size to change the default.</li>
</ul>
<p>Example configuration: </p>
<p>Example configuration:</p>
<pre><code class="language-yaml">background_updates:
background_update_duration_ms: 500
sleep_enabled: false

2
develop/searchindex.js
View File

File diff suppressed because one or more lines are too long

2
develop/searchindex.json
View File

File diff suppressed because one or more lines are too long

9
develop/upgrade.html
View File

@ -233,15 +233,6 @@ dpkg -i matrix-synapse-py3_1.3.0+stretch1_amd64.deb
</li>
</ul>
<h1 id="upgrading-to-v1640"><a class="header" href="#upgrading-to-v1640">Upgrading to v1.64.0</a></h1>
<h2 id="delegation-of-email-validation-no-longer-supported"><a class="header" href="#delegation-of-email-validation-no-longer-supported">Delegation of email validation no longer supported</a></h2>
<p>As of this version, Synapse no longer allows the tasks of verifying email address
ownership, and password reset confirmation, to be delegated to an identity server.</p>
<p>To continue to allow users to add email addresses to their homeserver accounts,
and perform password resets, make sure that Synapse is configured with a
working email server in the <code>email</code> configuration section (including, at a
minimum, a <code>notif_from</code> setting.)</p>
<p>Specifying an <code>email</code> setting under <code>account_threepid_delegates</code> will now cause
an error at startup.</p>
<h2 id="changes-to-the-event-replication-streams"><a class="header" href="#changes-to-the-event-replication-streams">Changes to the event replication streams</a></h2>
<p>Synapse now includes a flag indicating if an event is an outlier when
replicating it to other workers. This is a forwards- and backwards-incompatible

132
develop/usage/configuration/config_documentation.html
View File

@ -170,10 +170,10 @@ messages from the database after 5 minutes, rather than 5 months.</p>
<p>In addition, configuration options referring to size use the following suffixes:</p>
<ul>
<li><code>M</code> = MiB, or 1,048,576 bytes</li>
<li><code>K</code> = KiB, or 1024 bytes </li>
<li><code>K</code> = KiB, or 1024 bytes</li>
</ul>
<p>For example, setting <code>max_avatar_size: 10M</code> means that Synapse will not accept files larger than 10,485,760 bytes
for a user avatar. </p>
for a user avatar.</p>
<h3 id="yaml"><a class="header" href="#yaml">YAML</a></h3>
<p>The configuration file is a <a href="https://yaml.org/">YAML</a> file, which means that certain syntax rules
apply if you want your config file to be read properly. A few helpful things to know:</p>
@ -198,7 +198,7 @@ is read as a sub-option of the <code>presence</code> setting, and will be proper
that when reading the config, Synapse will consider both <code>presence</code> and <code>enabled</code> as
different settings. In this case, <code>presence</code> has no value, and thus a default applied, and <code>enabled</code>
is an option that Synapse doesn't recognize and thus ignores.</p>
<p>Example #1: </p>
<p>Example #1:</p>
<pre><code class="language-yaml">presence:
enabled: false
</code></pre>
@ -210,7 +210,7 @@ enabled: false
at the beginning of their section (i.e. &quot;### <code>example_setting</code>&quot;) and
the sub-options, if any, are identified and listed in the body of the section.
In addition, each setting has an example of its usage, with the proper indentation
shown. </p>
shown.</p>
</li>
</ul>
<h2 id="contents"><a class="header" href="#contents">Contents</a></h2>
@ -271,7 +271,7 @@ a clean <code>server_name</code>.</p>
<p>The <code>server_name</code> cannot be changed later so it is important to
configure this correctly before you start Synapse. It should be all
lowercase and may contain an explicit port.</p>
<p>There is no default for this option. </p>
<p>There is no default for this option.</p>
<p>Example configuration #1:</p>
<pre><code class="language-yaml">server_name: matrix.org
</code></pre>
@ -286,7 +286,7 @@ lowercase and may contain an explicit port.</p>
</code></pre>
<hr />
<h3 id="web_client_location"><a class="header" href="#web_client_location"><code>web_client_location</code></a></h3>
<p>The absolute URL to the web client which <code>/</code> will redirect to. Defaults to none. </p>
<p>The absolute URL to the web client which <code>/</code> will redirect to. Defaults to none.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">web_client_location: https://riot.example.com/
</code></pre>
@ -332,14 +332,14 @@ alongside the standard properties.</p>
<h3 id="soft_file_limit"><a class="header" href="#soft_file_limit"><code>soft_file_limit</code></a></h3>
<p>Set the soft limit on the number of file descriptors synapse can use.
Zero is used to indicate synapse should set the soft limit to the hard limit.
Defaults to 0. </p>
Defaults to 0.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">soft_file_limit: 3
</code></pre>
<hr />
<h3 id="presence"><a class="header" href="#presence"><code>presence</code></a></h3>
<p>Presence tracking allows users to see the state (e.g online/offline)
of other local and remote users. Set the <code>enabled</code> sub-option to false to<br />
of other local and remote users. Set the <code>enabled</code> sub-option to false to
disable presence tracking on this homeserver. Defaults to true.
This option replaces the previous top-level 'use_presence' option.</p>
<p>Example configuration:</p>
@ -360,7 +360,7 @@ via the federation API, unless <code>allow_profile_lookup_over_federation</code>
to retrieve their profile information. Only checked on Client-Server
requests. Profile requests from other servers should be checked by the
requesting server. Defaults to false.</p>
<p>Example configuration: </p>
<p>Example configuration:</p>
<pre><code class="language-yaml">limit_profile_requests_to_users_who_share_rooms: true
</code></pre>
<hr />
@ -393,7 +393,7 @@ rooms directory via federation. Defaults to false.</p>
<p>The default room version for newly created rooms on this server.</p>
<p>Known room versions are listed <a href="https://spec.matrix.org/latest/rooms/#complete-list-of-room-versions">here</a></p>
<p>For example, for room version 1, <code>default_room_version</code> should be set
to &quot;1&quot;. </p>
to &quot;1&quot;.</p>
<p>Currently defaults to &quot;9&quot;.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">default_room_version: &quot;8&quot;
@ -401,7 +401,7 @@ to &quot;1&quot;. </p>
<hr />
<h3 id="gc_thresholds"><a class="header" href="#gc_thresholds"><code>gc_thresholds</code></a></h3>
<p>The garbage collection threshold parameters to pass to <code>gc.set_threshold</code>, if defined.
Defaults to none. </p>
Defaults to none.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">gc_thresholds: [700, 10, 10]
</code></pre>
@ -488,7 +488,7 @@ configuration.</p>
<p>Sub-options for each listener include:</p>
<ul>
<li>
<p><code>port</code>: the TCP port to bind to. </p>
<p><code>port</code>: the TCP port to bind to.</p>
</li>
<li>
<p><code>bind_addresses</code>: a list of local addresses to listen on. The default is
@ -649,14 +649,14 @@ delete any device that hasn't been accessed for more than the specified amount o
<p>Useful options for Synapse admins.</p>
<hr />
<h3 id="admin_contact"><a class="header" href="#admin_contact"><code>admin_contact</code></a></h3>
<p>How to reach the server admin, used in <code>ResourceLimitError</code>. Defaults to none. </p>
<p>How to reach the server admin, used in <code>ResourceLimitError</code>. Defaults to none.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">admin_contact: 'mailto:admin@server.com'
</code></pre>
<hr />
<h3 id="hs_disabled-and-hs_disabled_message"><a class="header" href="#hs_disabled-and-hs_disabled_message"><code>hs_disabled</code> and <code>hs_disabled_message</code></a></h3>
<p>Blocks users from connecting to the homeserver and provides a human-readable reason
why the connection was blocked. Defaults to false. </p>
why the connection was blocked. Defaults to false.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">hs_disabled: true
hs_disabled_message: 'Reason for why the HS is blocked'
@ -683,7 +683,7 @@ blocking user actions if <code>limit_usage_by_mau</code> is enabled. Defaults to
means that users must be active for the specified number of days before they
can be considered active and guards against the case where lots of users
sign up in a short space of time never to return after their initial
session. Defaults to 0. </p>
session. Defaults to 0.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">mau_trial_days: 5
</code></pre>
@ -712,7 +712,7 @@ means that alerting is enabled.</p>
<h3 id="mau_stats_only"><a class="header" href="#mau_stats_only"><code>mau_stats_only</code></a></h3>
<p>If enabled, the metrics for the number of monthly active users will
be populated, however no one will be limited based on these numbers. If <code>limit_usage_by_mau</code>
is true, this is implied to be true. Defaults to false. </p>
is true, this is implied to be true. Defaults to false.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">mau_stats_only: true
</code></pre>
@ -730,7 +730,7 @@ reserved threepid (3rd party identifier).</p>
<hr />
<h3 id="server_context"><a class="header" href="#server_context"><code>server_context</code></a></h3>
<p>This option is used by phonehome stats to group together related servers.
Defaults to none. </p>
Defaults to none.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">server_context: context
</code></pre>
@ -744,11 +744,11 @@ resource-constrained. Options for this setting include:</p>
<li><code>enabled</code>: whether this check is enabled. Defaults to false.</li>
<li><code>complexity</code>: the limit above which rooms cannot be joined. The default is 1.0.</li>
<li><code>complexity_error</code>: override the error which is returned when the room is too complex with a
custom message. </li>
custom message.</li>
<li><code>admins_can_join</code>: allow server admins to join complex rooms. Default is false.</li>
</ul>
<p>Room complexity is an arbitrary measure based on factors such as the number of
users in the room. </p>
users in the room.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">limit_remote_rooms:
enabled: true
@ -774,7 +774,7 @@ Defaults to true.</p>
<hr />
<h3 id="max_avatar_size"><a class="header" href="#max_avatar_size"><code>max_avatar_size</code></a></h3>
<p>The largest permissible file size in bytes for a user avatar. Defaults to no restriction.
Use M for MB and K for KB. </p>
Use M for MB and K for KB.</p>
<p>Note that user avatar changes will not work if this is set without using Synapse's media repository.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">max_avatar_size: 10M
@ -853,7 +853,7 @@ the <code>allowed_lifetime_min</code> and <code>allowed_lifetime_max</code> conf
<p>If this feature is enabled, Synapse will regularly look for and purge events
which are older than the room's maximum retention period. Synapse will also
filter events received over federation so that events that should have been
purged are ignored and not stored again. </p>
purged are ignored and not stored again.</p>
<p>The message retention policies feature is disabled by default.</p>
<p>This setting has the following sub-options:</p>
<ul>
@ -861,7 +861,7 @@ purged are ignored and not stored again. </p>
<p><code>default_policy</code>: Default retention policy. If set, Synapse will apply it to rooms that lack the
'm.room.retention' state event. This option is further specified by the
<code>min_lifetime</code> and <code>max_lifetime</code> sub-options associated with it. Note that the
value of <code>min_lifetime</code> doesn't matter much because Synapse doesn't take it into account yet. </p>
value of <code>min_lifetime</code> doesn't matter much because Synapse doesn't take it into account yet.</p>
</li>
<li>
<p><code>allowed_lifetime_min</code> and <code>allowed_lifetime_max</code>: Retention policy limits. If
@ -919,16 +919,16 @@ configuration).</p>
<h3 id="tls_certificate_path"><a class="header" href="#tls_certificate_path"><code>tls_certificate_path</code></a></h3>
<p>This option specifies a PEM-encoded X509 certificate for TLS.
This certificate, as of Synapse 1.0, will need to be a valid and verifiable
certificate, signed by a recognised Certificate Authority. Defaults to none. </p>
certificate, signed by a recognised Certificate Authority. Defaults to none.</p>
<p>Be sure to use a <code>.pem</code> file that includes the full certificate chain including
any intermediate certificates (for instance, if using certbot, use
<code>fullchain.pem</code> as your certificate, not <code>cert.pem</code>). </p>
<code>fullchain.pem</code> as your certificate, not <code>cert.pem</code>).</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">tls_certificate_path: &quot;CONFDIR/SERVERNAME.tls.crt&quot;
</code></pre>
<hr />
<h3 id="tls_private_key_path"><a class="header" href="#tls_private_key_path"><code>tls_private_key_path</code></a></h3>
<p>PEM-encoded private key for TLS. Defaults to none. </p>
<p>PEM-encoded private key for TLS. Defaults to none.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">tls_private_key_path: &quot;CONFDIR/SERVERNAME.tls.key&quot;
</code></pre>
@ -1063,12 +1063,12 @@ variable would be <code>SYNAPSE_CACHE_FACTOR_STATEGROUPCACHE=2.0</code>.</p>
<li>
<p><code>expire_caches</code>: Controls whether cache entries are evicted after a specified time
period. Defaults to true. Set to false to disable this feature. Note that never expiring
caches may result in excessive memory usage. </p>
caches may result in excessive memory usage.</p>
</li>
<li>
<p><code>cache_entry_ttl</code>: If <code>expire_caches</code> is enabled, this flag controls how long an entry can
be in a cache without having been accessed before being evicted.
Defaults to 30m. </p>
Defaults to 30m.</p>
</li>
<li>
<p><code>sync_response_cache_duration</code>: Controls how long the results of a /sync request are
@ -1095,7 +1095,7 @@ the setting below, or until the <code>min_cache_ttl</code> is hit. There is no d
for this option.</li>
<li><code>min_cache_ttl</code> sets a limit under which newer cache entries are not evicted and is only applied when
caches are actively being evicted/<code>max_cache_memory_usage</code> has been exceeded. This is to protect hot caches
from being emptied while Synapse is evicting due to memory. There is no default value for this option. </li>
from being emptied while Synapse is evicting due to memory. There is no default value for this option.</li>
</ul>
</li>
</ul>
@ -1131,7 +1131,7 @@ its data.</p>
<ul>
<li>
<p><code>name</code>: this option specifies the database engine to use: either <code>sqlite3</code> (for SQLite)
or <code>psycopg2</code> (for PostgreSQL). If no name is specified Synapse will default to SQLite. </p>
or <code>psycopg2</code> (for PostgreSQL). If no name is specified Synapse will default to SQLite.</p>
</li>
<li>
<p><code>txn_limit</code> gives the maximum number of transactions to run per connection
@ -1272,7 +1272,7 @@ when Synapse is started.</p>
</code></pre>
<hr />
<h2 id="logging"><a class="header" href="#logging">Logging</a></h2>
<p>Config options related to logging. </p>
<p>Config options related to logging.</p>
<hr />
<h3 id="log_config"><a class="header" href="#log_config"><code>log_config</code></a></h3>
<p>This option specifies a yaml python logging config file as described <a href="https://docs.python.org/3.7/library/logging.config.html#configuration-dictionary-schema">here</a>.</p>
@ -1281,7 +1281,7 @@ when Synapse is started.</p>
</code></pre>
<hr />
<h2 id="ratelimiting"><a class="header" href="#ratelimiting">Ratelimiting</a></h2>
<p>Options related to ratelimiting in Synapse. </p>
<p>Options related to ratelimiting in Synapse.</p>
<p>Each ratelimiting configuration is made of two parameters:</p>
<ul>
<li><code>per_second</code>: number of requests a client can send per second.</li>
@ -1300,7 +1300,7 @@ is using. It defaults to: <code>per_second: 0.2</code>, <code>burst_count: 10</c
<hr />
<h3 id="rc_registration"><a class="header" href="#rc_registration"><code>rc_registration</code></a></h3>
<p>This option ratelimits registration requests based on the client's IP address.
It defaults to <code>per_second: 0.17</code>, <code>burst_count: 3</code>. </p>
It defaults to <code>per_second: 0.17</code>, <code>burst_count: 3</code>.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">rc_registration:
per_second: 0.15
@ -1351,7 +1351,7 @@ attempts for this account. Defaults to <code>per_second: 0.17</code>, <code>burs
<h3 id="rc_admin_redaction"><a class="header" href="#rc_admin_redaction"><code>rc_admin_redaction</code></a></h3>
<p>This option sets ratelimiting redactions by room admins. If this is not explicitly
set then it uses the same ratelimiting as per <code>rc_message</code>. This is useful
to allow room admins to deal with abuse quickly. </p>
to allow room admins to deal with abuse quickly.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">rc_admin_redaction:
per_second: 1
@ -1368,7 +1368,7 @@ Defaults to <code>per_second: 0.1</code>, <code>burst_count: 10</code>.</p>
<li>
<p><code>remote</code>: ratelimits when users are trying to join rooms not on the server (which
can be more computationally expensive than restricting locally). Defaults to
<code>per_second: 0.01</code>, <code>burst_count: 10</code> </p>
<code>per_second: 0.01</code>, <code>burst_count: 10</code></p>
</li>
</ul>
<p>Example configuration:</p>
@ -1406,7 +1406,7 @@ Defaults to <code>per_second: 0.003</code>, <code>burst_count: 5</code>.</p>
<h3 id="rc_invites"><a class="header" href="#rc_invites"><code>rc_invites</code></a></h3>
<p>This option sets ratelimiting how often invites can be sent in a room or to a
specific user. <code>per_room</code> defaults to <code>per_second: 0.3</code>, <code>burst_count: 10</code> and
<code>per_user</code> defaults to <code>per_second: 0.003</code>, <code>burst_count: 5</code>. </p>
<code>per_user</code> defaults to <code>per_second: 0.003</code>, <code>burst_count: 5</code>.</p>
<p>Client requests that invite user(s) when <a href="https://spec.matrix.org/v1.2/client-server-api/#post_matrixclientv3createroom">creating a
room</a>
will count against the <code>rc_invites.per_room</code> limit, whereas
@ -1444,7 +1444,7 @@ sending the invite. Defaults to <code>per_second: 0.2</code>, <code>burst_count:
</code></pre>
<hr />
<h3 id="rc_federation"><a class="header" href="#rc_federation"><code>rc_federation</code></a></h3>
<p>Defines limits on federation requests. </p>
<p>Defines limits on federation requests.</p>
<p>The <code>rc_federation</code> configuration has the following sub-options:</p>
<ul>
<li><code>window_size</code>: window size in milliseconds. Defaults to 1000.</li>
@ -1470,7 +1470,7 @@ from a single server. Defaults to 3.</li>
<p>Sets outgoing federation transaction frequency for sending read-receipts,
per-room.</p>
<p>If we end up trying to send out more read-receipts, they will get buffered up
into fewer transactions. Defaults to 50. </p>
into fewer transactions. Defaults to 50.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">federation_rr_transactions_per_room_per_second: 40
</code></pre>
@ -1499,7 +1499,7 @@ locations. Defaults to none. Associated sub-options are:</p>
<li><code>store_local</code>: whether to store newly uploaded local files</li>
<li><code>store_remote</code>: whether to store newly downloaded local files</li>
<li><code>store_synchronous</code>: whether to wait for successful storage for local uploads</li>
<li><code>config</code>: sets a path to the resource through the <code>directory</code> option </li>
<li><code>config</code>: sets a path to the resource through the <code>directory</code> option</li>
</ul>
<p>Example configuration:</p>
<pre><code class="language-yaml">media_storage_providers:
@ -1515,7 +1515,7 @@ locations. Defaults to none. Associated sub-options are:</p>
<p>The largest allowed upload size in bytes.</p>
<p>If you are using a reverse proxy you may also need to set this value in
your reverse proxy's config. Defaults to 50M. Notably Nginx has a small max body size by default.
See <a href="../../reverse_proxy.html">here</a> for more on using a reverse proxy with Synapse. </p>
See <a href="../../reverse_proxy.html">here</a> for more on using a reverse proxy with Synapse.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">max_upload_size: 60M
</code></pre>
@ -1531,7 +1531,7 @@ See <a href="../../reverse_proxy.html">here</a> for more on using a reverse prox
the resolution requested by the client. If true then whenever
a new resolution is requested by the client the server will
generate a new thumbnail. If false the server will pick a thumbnail
from a precalculated list. Defaults to false. </p>
from a precalculated list. Defaults to false.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">dynamic_thumbnails: true
</code></pre>
@ -1637,7 +1637,7 @@ you use the following example list as a starting point.</p>
to access even if they are specified in <code>url_preview_ip_range_blacklist</code>.
This is useful for specifying exceptions to wide-ranging blacklisted
target IP ranges - e.g. for enabling URL previews for a specific private
website only visible in your network. Defaults to none. </p>
website only visible in your network. Defaults to none.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">url_preview_ip_range_whitelist:
- '192.168.1.1'
@ -1715,7 +1715,7 @@ using quality value syntax (;q=). '*' translates to any language.</p>
used for generating URLs previews of services which support it. A default list of oEmbed providers
is included with Synapse. Set <code>disable_default_providers</code> to true to disable using
these default oEmbed URLs. Use <code>additional_providers</code> to specify additional files with oEmbed configuration (each
should be in the form of providers.json). By default this list is empty. </p>
should be in the form of providers.json). By default this list is empty.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">oembed:
disable_default_providers: true
@ -1946,7 +1946,7 @@ their account.</p>
<p>(Servers handling the these requests must answer the <code>/requestToken</code> endpoints defined
by the Matrix Identity Service API
<a href="https://matrix.org/docs/spec/identity_service/latest">specification</a>.)</p>
<p><em>Updated in Synapse 1.64.0</em>: No longer accepts an <code>email</code> option.</p>
<p><em>Updated in Synapse 1.64.0</em>: The <code>email</code> option is deprecated.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">account_threepid_delegates:
msisdn: http://localhost:8090 # Delegate SMS sending to this local process
@ -1985,7 +1985,7 @@ to the rooms listed under this option.</p>
as a publicly joinable room when the first user registers for the
homeserver. If the room already exists, make certain it is a publicly joinable
room, i.e. the join rule of the room must be set to 'public'. You can find more options
relating to auto-joining rooms below. </p>
relating to auto-joining rooms below.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">auto_join_rooms:
- &quot;#exampleroom:example.com&quot;
@ -2025,9 +2025,9 @@ effect if <code>autocreate_auto_join_rooms</code> is true.</p>
<ul>
<li>&quot;public_chat&quot;: the room is joinable by anyone, including
federated servers if <code>autocreate_auto_join_rooms_federated</code> is true (the default).</li>
<li>&quot;private_chat&quot;: an invitation is required to join these rooms. </li>
<li>&quot;private_chat&quot;: an invitation is required to join these rooms.</li>
<li>&quot;trusted_private_chat&quot;: an invitation is required to join this room and the invitee is
assigned a power level of 100 upon joining the room. </li>
assigned a power level of 100 upon joining the room.</li>
</ul>
<p>If a value of &quot;private_chat&quot; or &quot;trusted_private_chat&quot; is used then
<code>auto_join_mxid_localpart</code> must also be configured.</p>
@ -2084,7 +2084,7 @@ Defaults to false.</p>
<hr />
<h3 id="sentry"><a class="header" href="#sentry"><code>sentry</code></a></h3>
<p>Use this option to enable sentry integration. Provide the DSN assigned to you by sentry
with the <code>dsn</code> setting. </p>
with the <code>dsn</code> setting.</p>
<p>NOTE: While attempts are made to ensure that the logs don't contain
any sensitive information, this cannot be guaranteed. By enabling
this option the sentry server may therefore receive sensitive
@ -2328,7 +2328,7 @@ complete the authentication process, if <code>allow_unsolicited</code> is unset.
custom solution to mapping attributes returned from a saml provider onto a matrix user. The
<code>user_mapping_provider</code> has the following attributes:
<ul>
<li><code>module</code>: The custom module's class. </li>
<li><code>module</code>: The custom module's class.</li>
<li><code>config</code>: Custom configuration values for the module. Use the values provided in the
example if you are using the built-in user_mapping_provider, or provide your own
config values for a custom class if you are using one. This section will be passed as a Python
@ -2351,7 +2351,7 @@ The default is <code>hexencode</code>. Note: This used to be configured by the
MXID was always calculated dynamically rather than stored in a table. For backwards- compatibility, we will look for <code>user_ids</code>
matching such a pattern before creating a new account. This setting controls the SAML attribute which will be used for this
backwards-compatibility lookup. Typically it should be 'uid', but if the attribute maps are changed, it may be necessary to change it.
The default is 'uid'. </li>
The default is 'uid'.</li>
<li><code>attribute_requirements</code>: It is possible to configure Synapse to only allow logins if SAML attributes
match particular values. The requirements can be listed under
<code>attribute_requirements</code> as shown in the example. All of the listed attributes must
@ -2755,7 +2755,7 @@ validation will fail without configuring audiences.</li>
</code></pre>
<hr />
<h3 id="password_config"><a class="header" href="#password_config"><code>password_config</code></a></h3>
<p>Use this setting to enable password-based logins. </p>
<p>Use this setting to enable password-based logins.</p>
<p>This setting has the following sub-options:</p>
<ul>
<li><code>enabled</code>: Defaults to true.
@ -2764,7 +2764,7 @@ Set to <code>only_for_reauth</code> to allow users with existing passwords to us
to log in and reauthenticate, whilst preventing new users from setting passwords.</li>
<li><code>localdb_enabled</code>: Set to false to disable authentication against the local password
database. This is ignored if <code>enabled</code> is false, and is only useful
if you have other <code>password_providers</code>. Defaults to true. </li>
if you have other <code>password_providers</code>. Defaults to true.</li>
<li><code>pepper</code>: Set the value here to a secret random string for extra security.
DO NOT CHANGE THIS AFTER INITIAL SETUP!</li>
<li><code>policy</code>: Define and enforce a password policy, such as minimum lengths for passwords, etc.
@ -2890,7 +2890,7 @@ of the user(s) that sent the message(s), e.g. &quot;Alice and Bob&quot;, and '%(
message(s) have been sent to, e.g. &quot;My super room&quot;. In addition, emails related to account administration will
can use the '%(server_name)s' placeholder, which will be replaced by the value of the
<code>server_name</code> setting in your Synapse configuration.</p>
<p>Here is a list of subjects for notification emails that can be set: </p>
<p>Here is a list of subjects for notification emails that can be set:</p>
<ul>
<li><code>message_from_person_in_room</code>: Subject to use to notify about one message from one or more user(s) in a
room which has a name. Defaults to &quot;[%(app)s] You have a message on %(app)s from %(person)s in the %(room)s room...&quot;</li>
@ -2950,7 +2950,7 @@ ownership. Defaults to &quot;[%(server_name)s] Validate your email&quot;</li>
<p>Configuration settings related to push notifications</p>
<hr />
<h3 id="push-1"><a class="header" href="#push-1"><code>push</code></a></h3>
<p>This setting defines options for push notifications. </p>
<p>This setting defines options for push notifications.</p>
<p>This option has a number of sub-options. They are as follows:</p>
<ul>
<li><code>include_content</code>: Clients requesting push notifications can either have the body of
@ -2997,7 +2997,7 @@ will also not affect rooms created by other servers.</p>
</code></pre>
<hr />
<h3 id="user_directory"><a class="header" href="#user_directory"><code>user_directory</code></a></h3>
<p>This setting defines options related to the user directory. </p>
<p>This setting defines options related to the user directory.</p>
<p>This option has the following sub-options:</p>
<ul>
<li><code>enabled</code>: Defines whether users can search the user directory. If false then
@ -3082,11 +3082,11 @@ Defaults to &quot;Privacy Policy&quot;.</p>
<hr />
<h3 id="stats"><a class="header" href="#stats"><code>stats</code></a></h3>
<p>Settings for local room and user statistics collection. See <a href="../../room_and_user_statistics.html">here</a>
for more. </p>
for more.</p>
<ul>
<li><code>enabled</code>: Set to false to disable room and user statistics. Note that doing
so may cause certain features (such as the room directory) not to work
correctly. Defaults to true. </li>
correctly. Defaults to true.</li>
</ul>
<p>Example configuration:</p>
<pre><code class="language-yaml">stats:
@ -3117,7 +3117,7 @@ notices.</p>
<h3 id="enable_room_list_search"><a class="header" href="#enable_room_list_search"><code>enable_room_list_search</code></a></h3>
<p>Set to false to disable searching the public room list. When disabled
blocks searching local and remote room lists for local and remote
users by always returning an empty list for all queries. Defaults to true. </p>
users by always returning an empty list for all queries. Defaults to true.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">enable_room_list_search: false
</code></pre>
@ -3137,7 +3137,7 @@ can create aliases.</p>
<li><code>user_id</code>: Matches against the creator of the alias. Defaults to &quot;*&quot;.</li>
<li><code>alias</code>: Matches against the alias being created. Defaults to &quot;*&quot;.</li>
<li><code>room_id</code>: Matches against the room ID the alias is being pointed at. Defaults to &quot;*&quot;</li>
<li><code>action</code>: Whether to &quot;allow&quot; or &quot;deny&quot; the request if the rule matches. Defaults to allow. </li>
<li><code>action</code>: Whether to &quot;allow&quot; or &quot;deny&quot; the request if the rule matches. Defaults to allow.</li>
</ul>
<p>Example configuration:</p>
<pre><code class="language-yaml">alias_creation_rules:
@ -3162,7 +3162,7 @@ can publish rooms.</p>
<li><code>user_id</code>: Matches against the creator of the alias. Defaults to &quot;*&quot;.</li>
<li><code>alias</code>: Matches against any current local or canonical aliases associated with the room. Defaults to &quot;*&quot;.</li>
<li><code>room_id</code>: Matches against the room ID being published. Defaults to &quot;*&quot;.</li>
<li><code>action</code>: Whether to &quot;allow&quot; or &quot;deny&quot; the request if the rule matches. Defaults to allow. </li>
<li><code>action</code>: Whether to &quot;allow&quot; or &quot;deny&quot; the request if the rule matches. Defaults to allow.</li>
</ul>
<p>Example configuration:</p>
<pre><code class="language-yaml">room_list_publication_rules:
@ -3236,18 +3236,18 @@ mostly related to trace sampling which is documented <a href="https://www.jaeger
<hr />
<h3 id="send_federation"><a class="header" href="#send_federation"><code>send_federation</code></a></h3>
<p>Controls sending of outbound federation transactions on the main process.
Set to false if using a federation sender worker. Defaults to true. </p>
Set to false if using a federation sender worker. Defaults to true.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">send_federation: false
</code></pre>
<hr />
<h3 id="federation_sender_instances"><a class="header" href="#federation_sender_instances"><code>federation_sender_instances</code></a></h3>
<p>It is possible to run multiple federation sender workers, in which case the
work is balanced across them. Use this setting to list the senders. </p>
work is balanced across them. Use this setting to list the senders.</p>
<p>This configuration setting must be shared between all federation sender workers, and if
changed all federation sender workers must be stopped at the same time and then
started, to ensure that all instances are running with the same config (otherwise
events may be dropped). </p>
events may be dropped).</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">federation_sender_instances:
- federation_sender1
@ -3255,7 +3255,7 @@ events may be dropped). </p>
<hr />
<h3 id="instance_map"><a class="header" href="#instance_map"><code>instance_map</code></a></h3>
<p>When using workers this should be a map from worker name to the
HTTP replication listener of the worker, if configured. </p>
HTTP replication listener of the worker, if configured.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">instance_map:
worker1:
@ -3292,7 +3292,7 @@ from workers.</p>
using workers (unless using old style direct TCP configuration).
This setting has the following sub-options:</p>
<ul>
<li><code>enabled</code>: whether to use Redis support. Defaults to false. </li>
<li><code>enabled</code>: whether to use Redis support. Defaults to false.</li>
<li><code>host</code> and <code>port</code>: Optional host and port to use to connect to redis. Defaults to
localhost and 6379</li>
<li><code>password</code>: Optional password if configured on the Redis instance.</li>
@ -3305,7 +3305,7 @@ localhost and 6379</li>
password: &lt;secret_password&gt;
</code></pre>
<h2 id="background-updates"><a class="header" href="#background-updates">Background Updates</a></h2>
<p>Configuration settings related to background updates. </p>
<p>Configuration settings related to background updates.</p>
<hr />
<h3 id="background_updates"><a class="header" href="#background_updates"><code>background_updates</code></a></h3>
<p>Background updates are database updates that are run in the background in batches.
@ -3323,7 +3323,7 @@ Set a size to change the default.</li>
<li><code>default_batch_size</code>: The batch size to use for the first iteration of a new background update. The default is 100.
Set a size to change the default.</li>
</ul>
<p>Example configuration: </p>
<p>Example configuration:</p>
<pre><code class="language-yaml">background_updates:
background_update_duration_ms: 500
sleep_enabled: false