Merge pull request #185 from matrix-org/erikj/listeners_config
Change listener config.
This commit is contained in:
commit
bc42ca121f
|
@ -34,7 +34,7 @@ from twisted.application import service
|
||||||
from twisted.enterprise import adbapi
|
from twisted.enterprise import adbapi
|
||||||
from twisted.web.resource import Resource, EncodingResourceWrapper
|
from twisted.web.resource import Resource, EncodingResourceWrapper
|
||||||
from twisted.web.static import File
|
from twisted.web.static import File
|
||||||
from twisted.web.server import Site, GzipEncoderFactory
|
from twisted.web.server import Site, GzipEncoderFactory, Request
|
||||||
from twisted.web.http import proxiedLogFormatter, combinedLogFormatter
|
from twisted.web.http import proxiedLogFormatter, combinedLogFormatter
|
||||||
from synapse.http.server import JsonResource, RootRedirect
|
from synapse.http.server import JsonResource, RootRedirect
|
||||||
from synapse.rest.media.v0.content_repository import ContentRepoResource
|
from synapse.rest.media.v0.content_repository import ContentRepoResource
|
||||||
|
@ -63,7 +63,6 @@ import synapse
|
||||||
|
|
||||||
import logging
|
import logging
|
||||||
import os
|
import os
|
||||||
import re
|
|
||||||
import resource
|
import resource
|
||||||
import subprocess
|
import subprocess
|
||||||
|
|
||||||
|
@ -87,16 +86,10 @@ class SynapseHomeServer(HomeServer):
|
||||||
return MatrixFederationHttpClient(self)
|
return MatrixFederationHttpClient(self)
|
||||||
|
|
||||||
def build_resource_for_client(self):
|
def build_resource_for_client(self):
|
||||||
res = ClientV1RestResource(self)
|
return ClientV1RestResource(self)
|
||||||
if self.config.gzip_responses:
|
|
||||||
res = gz_wrap(res)
|
|
||||||
return res
|
|
||||||
|
|
||||||
def build_resource_for_client_v2_alpha(self):
|
def build_resource_for_client_v2_alpha(self):
|
||||||
res = ClientV2AlphaRestResource(self)
|
return ClientV2AlphaRestResource(self)
|
||||||
if self.config.gzip_responses:
|
|
||||||
res = gz_wrap(res)
|
|
||||||
return res
|
|
||||||
|
|
||||||
def build_resource_for_federation(self):
|
def build_resource_for_federation(self):
|
||||||
return JsonResource(self)
|
return JsonResource(self)
|
||||||
|
@ -145,152 +138,102 @@ class SynapseHomeServer(HomeServer):
|
||||||
**self.db_config.get("args", {})
|
**self.db_config.get("args", {})
|
||||||
)
|
)
|
||||||
|
|
||||||
def create_resource_tree(self, redirect_root_to_web_client):
|
def _listener_http(self, config, listener_config):
|
||||||
"""Create the resource tree for this Home Server.
|
port = listener_config["port"]
|
||||||
|
bind_address = listener_config.get("bind_address", "")
|
||||||
|
tls = listener_config.get("tls", False)
|
||||||
|
|
||||||
This in unduly complicated because Twisted does not support putting
|
if tls and config.no_tls:
|
||||||
child resources more than 1 level deep at a time.
|
return
|
||||||
|
|
||||||
Args:
|
|
||||||
web_client (bool): True to enable the web client.
|
|
||||||
redirect_root_to_web_client (bool): True to redirect '/' to the
|
|
||||||
location of the web client. This does nothing if web_client is not
|
|
||||||
True.
|
|
||||||
"""
|
|
||||||
config = self.get_config()
|
|
||||||
web_client = config.web_client
|
|
||||||
|
|
||||||
# list containing (path_str, Resource) e.g:
|
|
||||||
# [ ("/aaa/bbb/cc", Resource1), ("/aaa/dummy", Resource2) ]
|
|
||||||
desired_tree = [
|
|
||||||
(CLIENT_PREFIX, self.get_resource_for_client()),
|
|
||||||
(CLIENT_V2_ALPHA_PREFIX, self.get_resource_for_client_v2_alpha()),
|
|
||||||
(FEDERATION_PREFIX, self.get_resource_for_federation()),
|
|
||||||
(CONTENT_REPO_PREFIX, self.get_resource_for_content_repo()),
|
|
||||||
(SERVER_KEY_PREFIX, self.get_resource_for_server_key()),
|
|
||||||
(SERVER_KEY_V2_PREFIX, self.get_resource_for_server_key_v2()),
|
|
||||||
(MEDIA_PREFIX, self.get_resource_for_media_repository()),
|
|
||||||
(STATIC_PREFIX, self.get_resource_for_static_content()),
|
|
||||||
]
|
|
||||||
|
|
||||||
if web_client:
|
|
||||||
logger.info("Adding the web client.")
|
|
||||||
desired_tree.append((WEB_CLIENT_PREFIX,
|
|
||||||
self.get_resource_for_web_client()))
|
|
||||||
|
|
||||||
if web_client and redirect_root_to_web_client:
|
|
||||||
self.root_resource = RootRedirect(WEB_CLIENT_PREFIX)
|
|
||||||
else:
|
|
||||||
self.root_resource = Resource()
|
|
||||||
|
|
||||||
metrics_resource = self.get_resource_for_metrics()
|
metrics_resource = self.get_resource_for_metrics()
|
||||||
if config.metrics_port is None and metrics_resource is not None:
|
|
||||||
desired_tree.append((METRICS_PREFIX, metrics_resource))
|
|
||||||
|
|
||||||
# ideally we'd just use getChild and putChild but getChild doesn't work
|
resources = {}
|
||||||
# unless you give it a Request object IN ADDITION to the name :/ So
|
for res in listener_config["resources"]:
|
||||||
# instead, we'll store a copy of this mapping so we can actually add
|
for name in res["names"]:
|
||||||
# extra resources to existing nodes. See self._resource_id for the key.
|
if name == "client":
|
||||||
resource_mappings = {}
|
if res["compress"]:
|
||||||
for full_path, res in desired_tree:
|
client_v1 = gz_wrap(self.get_resource_for_client())
|
||||||
logger.info("Attaching %s to path %s", res, full_path)
|
client_v2 = gz_wrap(self.get_resource_for_client_v2_alpha())
|
||||||
last_resource = self.root_resource
|
else:
|
||||||
for path_seg in full_path.split('/')[1:-1]:
|
client_v1 = self.get_resource_for_client()
|
||||||
if path_seg not in last_resource.listNames():
|
client_v2 = self.get_resource_for_client_v2_alpha()
|
||||||
# resource doesn't exist, so make a "dummy resource"
|
|
||||||
child_resource = Resource()
|
|
||||||
last_resource.putChild(path_seg, child_resource)
|
|
||||||
res_id = self._resource_id(last_resource, path_seg)
|
|
||||||
resource_mappings[res_id] = child_resource
|
|
||||||
last_resource = child_resource
|
|
||||||
else:
|
|
||||||
# we have an existing Resource, use that instead.
|
|
||||||
res_id = self._resource_id(last_resource, path_seg)
|
|
||||||
last_resource = resource_mappings[res_id]
|
|
||||||
|
|
||||||
# ===========================
|
resources.update({
|
||||||
# now attach the actual desired resource
|
CLIENT_PREFIX: client_v1,
|
||||||
last_path_seg = full_path.split('/')[-1]
|
CLIENT_V2_ALPHA_PREFIX: client_v2,
|
||||||
|
})
|
||||||
|
|
||||||
# if there is already a resource here, thieve its children and
|
if name == "federation":
|
||||||
# replace it
|
resources.update({
|
||||||
res_id = self._resource_id(last_resource, last_path_seg)
|
FEDERATION_PREFIX: self.get_resource_for_federation(),
|
||||||
if res_id in resource_mappings:
|
})
|
||||||
# there is a dummy resource at this path already, which needs
|
|
||||||
# to be replaced with the desired resource.
|
|
||||||
existing_dummy_resource = resource_mappings[res_id]
|
|
||||||
for child_name in existing_dummy_resource.listNames():
|
|
||||||
child_res_id = self._resource_id(existing_dummy_resource,
|
|
||||||
child_name)
|
|
||||||
child_resource = resource_mappings[child_res_id]
|
|
||||||
# steal the children
|
|
||||||
res.putChild(child_name, child_resource)
|
|
||||||
|
|
||||||
# finally, insert the desired resource in the right place
|
if name in ["static", "client"]:
|
||||||
last_resource.putChild(last_path_seg, res)
|
resources.update({
|
||||||
res_id = self._resource_id(last_resource, last_path_seg)
|
STATIC_PREFIX: self.get_resource_for_static_content(),
|
||||||
resource_mappings[res_id] = res
|
})
|
||||||
|
|
||||||
return self.root_resource
|
if name in ["media", "federation", "client"]:
|
||||||
|
resources.update({
|
||||||
|
MEDIA_PREFIX: self.get_resource_for_media_repository(),
|
||||||
|
CONTENT_REPO_PREFIX: self.get_resource_for_content_repo(),
|
||||||
|
})
|
||||||
|
|
||||||
def _resource_id(self, resource, path_seg):
|
if name in ["keys", "federation"]:
|
||||||
"""Construct an arbitrary resource ID so you can retrieve the mapping
|
resources.update({
|
||||||
later.
|
SERVER_KEY_PREFIX: self.get_resource_for_server_key(),
|
||||||
|
SERVER_KEY_V2_PREFIX: self.get_resource_for_server_key_v2(),
|
||||||
|
})
|
||||||
|
|
||||||
If you want to represent resource A putChild resource B with path C,
|
if name == "webclient":
|
||||||
the mapping should looks like _resource_id(A,C) = B.
|
resources[WEB_CLIENT_PREFIX] = self.get_resource_for_web_client()
|
||||||
|
|
||||||
Args:
|
if name == "metrics" and metrics_resource:
|
||||||
resource (Resource): The *parent* Resource
|
resources[METRICS_PREFIX] = metrics_resource
|
||||||
path_seg (str): The name of the child Resource to be attached.
|
|
||||||
Returns:
|
root_resource = create_resource_tree(resources)
|
||||||
str: A unique string which can be a key to the child Resource.
|
if tls:
|
||||||
"""
|
reactor.listenSSL(
|
||||||
return "%s-%s" % (resource, path_seg)
|
port,
|
||||||
|
SynapseSite(
|
||||||
|
"synapse.access.https",
|
||||||
|
listener_config,
|
||||||
|
root_resource,
|
||||||
|
),
|
||||||
|
self.tls_context_factory,
|
||||||
|
interface=bind_address
|
||||||
|
)
|
||||||
|
else:
|
||||||
|
reactor.listenTCP(
|
||||||
|
port,
|
||||||
|
SynapseSite(
|
||||||
|
"synapse.access.https",
|
||||||
|
listener_config,
|
||||||
|
root_resource,
|
||||||
|
),
|
||||||
|
interface=bind_address
|
||||||
|
)
|
||||||
|
logger.info("Synapse now listening on port %d", port)
|
||||||
|
|
||||||
def start_listening(self):
|
def start_listening(self):
|
||||||
config = self.get_config()
|
config = self.get_config()
|
||||||
|
|
||||||
if not config.no_tls and config.bind_port is not None:
|
for listener in config.listeners:
|
||||||
reactor.listenSSL(
|
if listener["type"] == "http":
|
||||||
config.bind_port,
|
self._listener_http(config, listener)
|
||||||
SynapseSite(
|
elif listener["type"] == "manhole":
|
||||||
"synapse.access.https",
|
f = twisted.manhole.telnet.ShellFactory()
|
||||||
config,
|
f.username = "matrix"
|
||||||
self.root_resource,
|
f.password = "rabbithole"
|
||||||
),
|
f.namespace['hs'] = self
|
||||||
self.tls_context_factory,
|
reactor.listenTCP(
|
||||||
interface=config.bind_host
|
listener["port"],
|
||||||
)
|
f,
|
||||||
logger.info("Synapse now listening on port %d", config.bind_port)
|
interface=listener.get("bind_address", '127.0.0.1')
|
||||||
|
)
|
||||||
if config.unsecure_port is not None:
|
else:
|
||||||
reactor.listenTCP(
|
logger.warn("Unrecognized listener type: %s", listener["type"])
|
||||||
config.unsecure_port,
|
|
||||||
SynapseSite(
|
|
||||||
"synapse.access.http",
|
|
||||||
config,
|
|
||||||
self.root_resource,
|
|
||||||
),
|
|
||||||
interface=config.bind_host
|
|
||||||
)
|
|
||||||
logger.info("Synapse now listening on port %d", config.unsecure_port)
|
|
||||||
|
|
||||||
metrics_resource = self.get_resource_for_metrics()
|
|
||||||
if metrics_resource and config.metrics_port is not None:
|
|
||||||
reactor.listenTCP(
|
|
||||||
config.metrics_port,
|
|
||||||
SynapseSite(
|
|
||||||
"synapse.access.metrics",
|
|
||||||
config,
|
|
||||||
metrics_resource,
|
|
||||||
),
|
|
||||||
interface=config.metrics_bind_host,
|
|
||||||
)
|
|
||||||
logger.info(
|
|
||||||
"Metrics now running on %s port %d",
|
|
||||||
config.metrics_bind_host, config.metrics_port,
|
|
||||||
)
|
|
||||||
|
|
||||||
def run_startup_checks(self, db_conn, database_engine):
|
def run_startup_checks(self, db_conn, database_engine):
|
||||||
all_users_native = are_all_users_on_domain(
|
all_users_native = are_all_users_on_domain(
|
||||||
|
@ -425,11 +368,6 @@ def setup(config_options):
|
||||||
|
|
||||||
events.USE_FROZEN_DICTS = config.use_frozen_dicts
|
events.USE_FROZEN_DICTS = config.use_frozen_dicts
|
||||||
|
|
||||||
if re.search(":[0-9]+$", config.server_name):
|
|
||||||
domain_with_port = config.server_name
|
|
||||||
else:
|
|
||||||
domain_with_port = "%s:%s" % (config.server_name, config.bind_port)
|
|
||||||
|
|
||||||
tls_context_factory = context_factory.ServerContextFactory(config)
|
tls_context_factory = context_factory.ServerContextFactory(config)
|
||||||
|
|
||||||
database_engine = create_engine(config.database_config["name"])
|
database_engine = create_engine(config.database_config["name"])
|
||||||
|
@ -437,7 +375,6 @@ def setup(config_options):
|
||||||
|
|
||||||
hs = SynapseHomeServer(
|
hs = SynapseHomeServer(
|
||||||
config.server_name,
|
config.server_name,
|
||||||
domain_with_port=domain_with_port,
|
|
||||||
upload_dir=os.path.abspath("uploads"),
|
upload_dir=os.path.abspath("uploads"),
|
||||||
db_config=config.database_config,
|
db_config=config.database_config,
|
||||||
tls_context_factory=tls_context_factory,
|
tls_context_factory=tls_context_factory,
|
||||||
|
@ -447,10 +384,6 @@ def setup(config_options):
|
||||||
database_engine=database_engine,
|
database_engine=database_engine,
|
||||||
)
|
)
|
||||||
|
|
||||||
hs.create_resource_tree(
|
|
||||||
redirect_root_to_web_client=True,
|
|
||||||
)
|
|
||||||
|
|
||||||
logger.info("Preparing database: %r...", config.database_config)
|
logger.info("Preparing database: %r...", config.database_config)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
|
@ -475,13 +408,6 @@ def setup(config_options):
|
||||||
|
|
||||||
logger.info("Database prepared in %r.", config.database_config)
|
logger.info("Database prepared in %r.", config.database_config)
|
||||||
|
|
||||||
if config.manhole:
|
|
||||||
f = twisted.manhole.telnet.ShellFactory()
|
|
||||||
f.username = "matrix"
|
|
||||||
f.password = "rabbithole"
|
|
||||||
f.namespace['hs'] = hs
|
|
||||||
reactor.listenTCP(config.manhole, f, interface='127.0.0.1')
|
|
||||||
|
|
||||||
hs.start_listening()
|
hs.start_listening()
|
||||||
|
|
||||||
hs.get_pusherpool().start()
|
hs.get_pusherpool().start()
|
||||||
|
@ -507,6 +433,28 @@ class SynapseService(service.Service):
|
||||||
return self._port.stopListening()
|
return self._port.stopListening()
|
||||||
|
|
||||||
|
|
||||||
|
class XForwardedForRequest(Request):
|
||||||
|
def __init__(self, *args, **kw):
|
||||||
|
Request.__init__(self, *args, **kw)
|
||||||
|
|
||||||
|
"""
|
||||||
|
Add a layer on top of another request that only uses the value of an
|
||||||
|
X-Forwarded-For header as the result of C{getClientIP}.
|
||||||
|
"""
|
||||||
|
def getClientIP(self):
|
||||||
|
"""
|
||||||
|
@return: The client address (the first address) in the value of the
|
||||||
|
I{X-Forwarded-For header}. If the header is not present, return
|
||||||
|
C{b"-"}.
|
||||||
|
"""
|
||||||
|
return self.requestHeaders.getRawHeaders(
|
||||||
|
b"x-forwarded-for", [b"-"])[0].split(b",")[0].strip()
|
||||||
|
|
||||||
|
|
||||||
|
def XForwardedFactory(*args, **kwargs):
|
||||||
|
return XForwardedForRequest(*args, **kwargs)
|
||||||
|
|
||||||
|
|
||||||
class SynapseSite(Site):
|
class SynapseSite(Site):
|
||||||
"""
|
"""
|
||||||
Subclass of a twisted http Site that does access logging with python's
|
Subclass of a twisted http Site that does access logging with python's
|
||||||
|
@ -514,7 +462,8 @@ class SynapseSite(Site):
|
||||||
"""
|
"""
|
||||||
def __init__(self, logger_name, config, resource, *args, **kwargs):
|
def __init__(self, logger_name, config, resource, *args, **kwargs):
|
||||||
Site.__init__(self, resource, *args, **kwargs)
|
Site.__init__(self, resource, *args, **kwargs)
|
||||||
if config.captcha_ip_origin_is_x_forwarded:
|
if config.get("x_forwarded", False):
|
||||||
|
self.requestFactory = XForwardedFactory
|
||||||
self._log_formatter = proxiedLogFormatter
|
self._log_formatter = proxiedLogFormatter
|
||||||
else:
|
else:
|
||||||
self._log_formatter = combinedLogFormatter
|
self._log_formatter = combinedLogFormatter
|
||||||
|
@ -525,6 +474,87 @@ class SynapseSite(Site):
|
||||||
self.access_logger.info(line)
|
self.access_logger.info(line)
|
||||||
|
|
||||||
|
|
||||||
|
def create_resource_tree(desired_tree, redirect_root_to_web_client=True):
|
||||||
|
"""Create the resource tree for this Home Server.
|
||||||
|
|
||||||
|
This in unduly complicated because Twisted does not support putting
|
||||||
|
child resources more than 1 level deep at a time.
|
||||||
|
|
||||||
|
Args:
|
||||||
|
web_client (bool): True to enable the web client.
|
||||||
|
redirect_root_to_web_client (bool): True to redirect '/' to the
|
||||||
|
location of the web client. This does nothing if web_client is not
|
||||||
|
True.
|
||||||
|
"""
|
||||||
|
if redirect_root_to_web_client and WEB_CLIENT_PREFIX in desired_tree:
|
||||||
|
root_resource = RootRedirect(WEB_CLIENT_PREFIX)
|
||||||
|
else:
|
||||||
|
root_resource = Resource()
|
||||||
|
|
||||||
|
# ideally we'd just use getChild and putChild but getChild doesn't work
|
||||||
|
# unless you give it a Request object IN ADDITION to the name :/ So
|
||||||
|
# instead, we'll store a copy of this mapping so we can actually add
|
||||||
|
# extra resources to existing nodes. See self._resource_id for the key.
|
||||||
|
resource_mappings = {}
|
||||||
|
for full_path, res in desired_tree.items():
|
||||||
|
logger.info("Attaching %s to path %s", res, full_path)
|
||||||
|
last_resource = root_resource
|
||||||
|
for path_seg in full_path.split('/')[1:-1]:
|
||||||
|
if path_seg not in last_resource.listNames():
|
||||||
|
# resource doesn't exist, so make a "dummy resource"
|
||||||
|
child_resource = Resource()
|
||||||
|
last_resource.putChild(path_seg, child_resource)
|
||||||
|
res_id = _resource_id(last_resource, path_seg)
|
||||||
|
resource_mappings[res_id] = child_resource
|
||||||
|
last_resource = child_resource
|
||||||
|
else:
|
||||||
|
# we have an existing Resource, use that instead.
|
||||||
|
res_id = _resource_id(last_resource, path_seg)
|
||||||
|
last_resource = resource_mappings[res_id]
|
||||||
|
|
||||||
|
# ===========================
|
||||||
|
# now attach the actual desired resource
|
||||||
|
last_path_seg = full_path.split('/')[-1]
|
||||||
|
|
||||||
|
# if there is already a resource here, thieve its children and
|
||||||
|
# replace it
|
||||||
|
res_id = _resource_id(last_resource, last_path_seg)
|
||||||
|
if res_id in resource_mappings:
|
||||||
|
# there is a dummy resource at this path already, which needs
|
||||||
|
# to be replaced with the desired resource.
|
||||||
|
existing_dummy_resource = resource_mappings[res_id]
|
||||||
|
for child_name in existing_dummy_resource.listNames():
|
||||||
|
child_res_id = _resource_id(
|
||||||
|
existing_dummy_resource, child_name
|
||||||
|
)
|
||||||
|
child_resource = resource_mappings[child_res_id]
|
||||||
|
# steal the children
|
||||||
|
res.putChild(child_name, child_resource)
|
||||||
|
|
||||||
|
# finally, insert the desired resource in the right place
|
||||||
|
last_resource.putChild(last_path_seg, res)
|
||||||
|
res_id = _resource_id(last_resource, last_path_seg)
|
||||||
|
resource_mappings[res_id] = res
|
||||||
|
|
||||||
|
return root_resource
|
||||||
|
|
||||||
|
|
||||||
|
def _resource_id(resource, path_seg):
|
||||||
|
"""Construct an arbitrary resource ID so you can retrieve the mapping
|
||||||
|
later.
|
||||||
|
|
||||||
|
If you want to represent resource A putChild resource B with path C,
|
||||||
|
the mapping should looks like _resource_id(A,C) = B.
|
||||||
|
|
||||||
|
Args:
|
||||||
|
resource (Resource): The *parent* Resource
|
||||||
|
path_seg (str): The name of the child Resource to be attached.
|
||||||
|
Returns:
|
||||||
|
str: A unique string which can be a key to the child Resource.
|
||||||
|
"""
|
||||||
|
return "%s-%s" % (resource, path_seg)
|
||||||
|
|
||||||
|
|
||||||
def run(hs):
|
def run(hs):
|
||||||
PROFILE_SYNAPSE = False
|
PROFILE_SYNAPSE = False
|
||||||
if PROFILE_SYNAPSE:
|
if PROFILE_SYNAPSE:
|
||||||
|
|
|
@ -21,10 +21,6 @@ class CaptchaConfig(Config):
|
||||||
self.recaptcha_private_key = config["recaptcha_private_key"]
|
self.recaptcha_private_key = config["recaptcha_private_key"]
|
||||||
self.recaptcha_public_key = config["recaptcha_public_key"]
|
self.recaptcha_public_key = config["recaptcha_public_key"]
|
||||||
self.enable_registration_captcha = config["enable_registration_captcha"]
|
self.enable_registration_captcha = config["enable_registration_captcha"]
|
||||||
# XXX: This is used for more than just captcha
|
|
||||||
self.captcha_ip_origin_is_x_forwarded = (
|
|
||||||
config["captcha_ip_origin_is_x_forwarded"]
|
|
||||||
)
|
|
||||||
self.captcha_bypass_secret = config.get("captcha_bypass_secret")
|
self.captcha_bypass_secret = config.get("captcha_bypass_secret")
|
||||||
self.recaptcha_siteverify_api = config["recaptcha_siteverify_api"]
|
self.recaptcha_siteverify_api = config["recaptcha_siteverify_api"]
|
||||||
|
|
||||||
|
@ -43,10 +39,6 @@ class CaptchaConfig(Config):
|
||||||
# public/private key.
|
# public/private key.
|
||||||
enable_registration_captcha: False
|
enable_registration_captcha: False
|
||||||
|
|
||||||
# When checking captchas, use the X-Forwarded-For (XFF) header
|
|
||||||
# as the client IP and not the actual client IP.
|
|
||||||
captcha_ip_origin_is_x_forwarded: False
|
|
||||||
|
|
||||||
# A secret key used to bypass the captcha test entirely.
|
# A secret key used to bypass the captcha test entirely.
|
||||||
#captcha_bypass_secret: "YOUR_SECRET_HERE"
|
#captcha_bypass_secret: "YOUR_SECRET_HERE"
|
||||||
|
|
||||||
|
|
|
@ -28,10 +28,4 @@ class MetricsConfig(Config):
|
||||||
|
|
||||||
# Enable collection and rendering of performance metrics
|
# Enable collection and rendering of performance metrics
|
||||||
enable_metrics: False
|
enable_metrics: False
|
||||||
|
|
||||||
# Separate port to accept metrics requests on
|
|
||||||
# metrics_port: 8081
|
|
||||||
|
|
||||||
# Which host to bind the metric listener to
|
|
||||||
# metrics_bind_host: 127.0.0.1
|
|
||||||
"""
|
"""
|
||||||
|
|
|
@ -20,26 +20,97 @@ class ServerConfig(Config):
|
||||||
|
|
||||||
def read_config(self, config):
|
def read_config(self, config):
|
||||||
self.server_name = config["server_name"]
|
self.server_name = config["server_name"]
|
||||||
self.bind_port = config["bind_port"]
|
|
||||||
self.bind_host = config["bind_host"]
|
|
||||||
self.unsecure_port = config["unsecure_port"]
|
|
||||||
self.manhole = config.get("manhole")
|
|
||||||
self.pid_file = self.abspath(config.get("pid_file"))
|
self.pid_file = self.abspath(config.get("pid_file"))
|
||||||
self.web_client = config["web_client"]
|
self.web_client = config["web_client"]
|
||||||
self.soft_file_limit = config["soft_file_limit"]
|
self.soft_file_limit = config["soft_file_limit"]
|
||||||
self.daemonize = config.get("daemonize")
|
self.daemonize = config.get("daemonize")
|
||||||
self.use_frozen_dicts = config.get("use_frozen_dicts", True)
|
self.use_frozen_dicts = config.get("use_frozen_dicts", True)
|
||||||
self.gzip_responses = config["gzip_responses"]
|
|
||||||
|
self.listeners = config.get("listeners", [])
|
||||||
|
|
||||||
|
bind_port = config.get("bind_port")
|
||||||
|
if bind_port:
|
||||||
|
self.listeners = []
|
||||||
|
bind_host = config.get("bind_host", "")
|
||||||
|
gzip_responses = config.get("gzip_responses", True)
|
||||||
|
|
||||||
|
names = ["client", "webclient"] if self.web_client else ["client"]
|
||||||
|
|
||||||
|
self.listeners.append({
|
||||||
|
"port": bind_port,
|
||||||
|
"bind_address": bind_host,
|
||||||
|
"tls": True,
|
||||||
|
"type": "http",
|
||||||
|
"resources": [
|
||||||
|
{
|
||||||
|
"names": names,
|
||||||
|
"compress": gzip_responses,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"names": ["federation"],
|
||||||
|
"compress": False,
|
||||||
|
}
|
||||||
|
]
|
||||||
|
})
|
||||||
|
|
||||||
|
unsecure_port = config.get("unsecure_port", bind_port - 400)
|
||||||
|
if unsecure_port:
|
||||||
|
self.listeners.append({
|
||||||
|
"port": unsecure_port,
|
||||||
|
"bind_address": bind_host,
|
||||||
|
"tls": False,
|
||||||
|
"type": "http",
|
||||||
|
"resources": [
|
||||||
|
{
|
||||||
|
"names": names,
|
||||||
|
"compress": gzip_responses,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"names": ["federation"],
|
||||||
|
"compress": False,
|
||||||
|
}
|
||||||
|
]
|
||||||
|
})
|
||||||
|
|
||||||
|
manhole = config.get("manhole")
|
||||||
|
if manhole:
|
||||||
|
self.listeners.append({
|
||||||
|
"port": manhole,
|
||||||
|
"bind_address": "127.0.0.1",
|
||||||
|
"type": "manhole",
|
||||||
|
})
|
||||||
|
|
||||||
|
metrics_port = config.get("metrics_port")
|
||||||
|
if metrics_port:
|
||||||
|
self.listeners.append({
|
||||||
|
"port": metrics_port,
|
||||||
|
"bind_address": config.get("metrics_bind_host", "127.0.0.1"),
|
||||||
|
"tls": False,
|
||||||
|
"type": "http",
|
||||||
|
"resources": [
|
||||||
|
{
|
||||||
|
"names": ["metrics"],
|
||||||
|
"compress": False,
|
||||||
|
},
|
||||||
|
]
|
||||||
|
})
|
||||||
|
|
||||||
# Attempt to guess the content_addr for the v0 content repostitory
|
# Attempt to guess the content_addr for the v0 content repostitory
|
||||||
content_addr = config.get("content_addr")
|
content_addr = config.get("content_addr")
|
||||||
if not content_addr:
|
if not content_addr:
|
||||||
|
for listener in self.listeners:
|
||||||
|
if listener["type"] == "http" and not listener.get("tls", False):
|
||||||
|
unsecure_port = listener["port"]
|
||||||
|
break
|
||||||
|
else:
|
||||||
|
raise RuntimeError("Could not determine 'content_addr'")
|
||||||
|
|
||||||
host = self.server_name
|
host = self.server_name
|
||||||
if ':' not in host:
|
if ':' not in host:
|
||||||
host = "%s:%d" % (host, self.unsecure_port)
|
host = "%s:%d" % (host, unsecure_port)
|
||||||
else:
|
else:
|
||||||
host = host.split(':')[0]
|
host = host.split(':')[0]
|
||||||
host = "%s:%d" % (host, self.unsecure_port)
|
host = "%s:%d" % (host, unsecure_port)
|
||||||
content_addr = "http://%s" % (host,)
|
content_addr = "http://%s" % (host,)
|
||||||
|
|
||||||
self.content_addr = content_addr
|
self.content_addr = content_addr
|
||||||
|
@ -61,18 +132,6 @@ class ServerConfig(Config):
|
||||||
# e.g. matrix.org, localhost:8080, etc.
|
# e.g. matrix.org, localhost:8080, etc.
|
||||||
server_name: "%(server_name)s"
|
server_name: "%(server_name)s"
|
||||||
|
|
||||||
# The port to listen for HTTPS requests on.
|
|
||||||
# For when matrix traffic is sent directly to synapse.
|
|
||||||
bind_port: %(bind_port)s
|
|
||||||
|
|
||||||
# The port to listen for HTTP requests on.
|
|
||||||
# For when matrix traffic passes through loadbalancer that unwraps TLS.
|
|
||||||
unsecure_port: %(unsecure_port)s
|
|
||||||
|
|
||||||
# Local interface to listen on.
|
|
||||||
# The empty string will cause synapse to listen on all interfaces.
|
|
||||||
bind_host: ""
|
|
||||||
|
|
||||||
# When running as a daemon, the file to store the pid in
|
# When running as a daemon, the file to store the pid in
|
||||||
pid_file: %(pid_file)s
|
pid_file: %(pid_file)s
|
||||||
|
|
||||||
|
@ -84,14 +143,64 @@ class ServerConfig(Config):
|
||||||
# hard limit.
|
# hard limit.
|
||||||
soft_file_limit: 0
|
soft_file_limit: 0
|
||||||
|
|
||||||
# Turn on the twisted telnet manhole service on localhost on the given
|
# List of ports that Synapse should listen on, their purpose and their
|
||||||
# port.
|
# configuration.
|
||||||
#manhole: 9000
|
listeners:
|
||||||
|
# Main HTTPS listener
|
||||||
|
# For when matrix traffic is sent directly to synapse.
|
||||||
|
-
|
||||||
|
# The port to listen for HTTPS requests on.
|
||||||
|
port: %(bind_port)s
|
||||||
|
|
||||||
# Should synapse compress HTTP responses to clients that support it?
|
# Local interface to listen on.
|
||||||
# This should be disabled if running synapse behind a load balancer
|
# The empty string will cause synapse to listen on all interfaces.
|
||||||
# that can do automatic compression.
|
bind_address: ''
|
||||||
gzip_responses: True
|
|
||||||
|
# This is a 'http' listener, allows us to specify 'resources'.
|
||||||
|
type: http
|
||||||
|
|
||||||
|
tls: true
|
||||||
|
|
||||||
|
# Use the X-Forwarded-For (XFF) header as the client IP and not the
|
||||||
|
# actual client IP.
|
||||||
|
x_forwarded: false
|
||||||
|
|
||||||
|
# List of HTTP resources to serve on this listener.
|
||||||
|
resources:
|
||||||
|
-
|
||||||
|
# List of resources to host on this listener.
|
||||||
|
names:
|
||||||
|
- client # The client-server APIs, both v1 and v2
|
||||||
|
- webclient # The bundled webclient.
|
||||||
|
|
||||||
|
# Should synapse compress HTTP responses to clients that support it?
|
||||||
|
# This should be disabled if running synapse behind a load balancer
|
||||||
|
# that can do automatic compression.
|
||||||
|
compress: true
|
||||||
|
|
||||||
|
- names: [federation] # Federation APIs
|
||||||
|
compress: false
|
||||||
|
|
||||||
|
# Unsecure HTTP listener,
|
||||||
|
# For when matrix traffic passes through loadbalancer that unwraps TLS.
|
||||||
|
- port: %(unsecure_port)s
|
||||||
|
tls: false
|
||||||
|
bind_address: ''
|
||||||
|
type: http
|
||||||
|
|
||||||
|
x_forwarded: false
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- names: [client, webclient]
|
||||||
|
compress: true
|
||||||
|
- names: [federation]
|
||||||
|
compress: false
|
||||||
|
|
||||||
|
# Turn on the twisted telnet manhole service on localhost on the given
|
||||||
|
# port.
|
||||||
|
# - port: 9000
|
||||||
|
# bind_address: 127.0.0.1
|
||||||
|
# type: manhole
|
||||||
""" % locals()
|
""" % locals()
|
||||||
|
|
||||||
def read_arguments(self, args):
|
def read_arguments(self, args):
|
||||||
|
|
|
@ -132,16 +132,8 @@ class BaseHomeServer(object):
|
||||||
setattr(BaseHomeServer, "get_%s" % (depname), _get)
|
setattr(BaseHomeServer, "get_%s" % (depname), _get)
|
||||||
|
|
||||||
def get_ip_from_request(self, request):
|
def get_ip_from_request(self, request):
|
||||||
# May be an X-Forwarding-For header depending on config
|
# X-Forwarded-For is handled by our custom request type.
|
||||||
ip_addr = request.getClientIP()
|
return request.getClientIP()
|
||||||
if self.config.captcha_ip_origin_is_x_forwarded:
|
|
||||||
# use the header
|
|
||||||
if request.requestHeaders.hasHeader("X-Forwarded-For"):
|
|
||||||
ip_addr = request.requestHeaders.getRawHeaders(
|
|
||||||
"X-Forwarded-For"
|
|
||||||
)[0]
|
|
||||||
|
|
||||||
return ip_addr
|
|
||||||
|
|
||||||
def is_mine(self, domain_specific_string):
|
def is_mine(self, domain_specific_string):
|
||||||
return domain_specific_string.domain == self.hostname
|
return domain_specific_string.domain == self.hostname
|
||||||
|
|
|
@ -114,6 +114,8 @@ class MockHttpResource(HttpServer):
|
||||||
mock_request.method = http_method
|
mock_request.method = http_method
|
||||||
mock_request.uri = path
|
mock_request.uri = path
|
||||||
|
|
||||||
|
mock_request.getClientIP.return_value = "-"
|
||||||
|
|
||||||
mock_request.requestHeaders.getRawHeaders.return_value=[
|
mock_request.requestHeaders.getRawHeaders.return_value=[
|
||||||
"X-Matrix origin=test,key=,sig="
|
"X-Matrix origin=test,key=,sig="
|
||||||
]
|
]
|
||||||
|
|
Loading…
Reference in New Issue