matrix: update config and set max_body_size

This commit is contained in:
Markus 2020-03-29 11:48:38 +02:00
parent 453537697d
commit 11bd9019d9
2 changed files with 93 additions and 6 deletions

View File

@ -1,3 +1,11 @@
# Configuration file for Synapse.
#
# This is a YAML file: see [1] for a quick introduction. Note in particular
# that *indentation is important*: all the elements of a list or dictionary
# should have the same indentation.
#
# [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html
## Server ## ## Server ##
# The domain name of the server, with optional explicit port. # The domain name of the server, with optional explicit port.
@ -24,7 +32,7 @@ pid_file: "/var/run/matrix-synapse.pid"
# use synapse with a reverse proxy, this should be the URL to reach # use synapse with a reverse proxy, this should be the URL to reach
# synapse via the proxy. # synapse via the proxy.
# #
#public_baseurl: https://example.com/ public_baseurl: https://{{ matrix_domain }}/
# Set the soft limit on the number of file descriptors synapse can use # Set the soft limit on the number of file descriptors synapse can use
# Zero is used to indicate synapse should set the soft limit to the # Zero is used to indicate synapse should set the soft limit to the
@ -456,6 +464,11 @@ retention:
# ACME support: This will configure Synapse to request a valid TLS certificate # ACME support: This will configure Synapse to request a valid TLS certificate
# for your configured `server_name` via Let's Encrypt. # for your configured `server_name` via Let's Encrypt.
# #
# Note that ACME v1 is now deprecated, and Synapse currently doesn't support
# ACME v2. This means that this feature currently won't work with installs set
# up after November 2019. For more info, and alternative solutions, see
# https://github.com/matrix-org/synapse/blob/master/docs/ACME.md#deprecation-of-acme-v1
#
# Note that provisioning a certificate in this way requires port 80 to be # Note that provisioning a certificate in this way requires port 80 to be
# routed to Synapse so that it can complete the http-01 ACME challenge. # routed to Synapse so that it can complete the http-01 ACME challenge.
# By default, if you enable ACME support, Synapse will attempt to listen on # By default, if you enable ACME support, Synapse will attempt to listen on
@ -688,7 +701,7 @@ media_store_path: "/var/lib/matrix-synapse/media"
# The largest allowed upload size in bytes # The largest allowed upload size in bytes
# #
#max_upload_size: 10M max_upload_size: 5M
# Maximum number of pixels that will be thumbnailed # Maximum number of pixels that will be thumbnailed
# #
@ -1325,6 +1338,25 @@ saml2_config:
# #
#grandfathered_mxid_source_attribute: upn #grandfathered_mxid_source_attribute: upn
# Directory in which Synapse will try to find the template files below.
# If not set, default templates from within the Synapse package will be used.
#
# DO NOT UNCOMMENT THIS SETTING unless you want to customise the templates.
# If you *do* uncomment it, you will need to make sure that all the templates
# below are in the directory.
#
# Synapse will look for the following templates in this directory:
#
# * HTML page to display to users if something goes wrong during the
# authentication process: 'saml_error.html'.
#
# This template doesn't currently need any variable to render.
#
# You can see the default templates at:
# https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
#
#template_dir: "res/templates"
# Enable CAS for registration and login. # Enable CAS for registration and login.
@ -1338,6 +1370,56 @@ saml2_config:
# # name: value # # name: value
# Additional settings to use with single-sign on systems such as SAML2 and CAS.
#
sso:
# A list of client URLs which are whitelisted so that the user does not
# have to confirm giving access to their account to the URL. Any client
# whose URL starts with an entry in the following list will not be subject
# to an additional confirmation step after the SSO login is completed.
#
# WARNING: An entry such as "https://my.client" is insecure, because it
# will also match "https://my.client.evil.site", exposing your users to
# phishing attacks from evil.site. To avoid this, include a slash after the
# hostname: "https://my.client/".
#
# By default, this list is empty.
#
#client_whitelist:
# - https://riot.im/develop
# - https://my.custom.client/
# Directory in which Synapse will try to find the template files below.
# If not set, default templates from within the Synapse package will be used.
#
# DO NOT UNCOMMENT THIS SETTING unless you want to customise the templates.
# If you *do* uncomment it, you will need to make sure that all the templates
# below are in the directory.
#
# Synapse will look for the following templates in this directory:
#
# * HTML page for a confirmation step before redirecting back to the client
# with the login token: 'sso_redirect_confirm.html'.
#
# When rendering, this template is given three variables:
# * redirect_url: the URL the user is about to be redirected to. Needs
# manual escaping (see
# https://jinja.palletsprojects.com/en/2.11.x/templates/#html-escaping).
#
# * display_url: the same as `redirect_url`, but with the query
# parameters stripped. The intention is to have a
# human-readable URL to show to users, not to use it as
# the final address to redirect to. Needs manual escaping
# (see https://jinja.palletsprojects.com/en/2.11.x/templates/#html-escaping).
#
# * server_name: the homeserver's name.
#
# You can see the default templates at:
# https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
#
#template_dir: "res/templates"
# The JWT needs to contain a globally unique "sub" (subject) claim. # The JWT needs to contain a globally unique "sub" (subject) claim.
# #
#jwt_config: #jwt_config:
@ -1387,10 +1469,6 @@ email:
# #
#require_transport_security: true #require_transport_security: true
# Enable sending emails for messages that the user has missed
#
#enable_notifs: false
# notif_from defines the "From" address to use when sending emails. # notif_from defines the "From" address to use when sending emails.
# It must be set if email sending is enabled. # It must be set if email sending is enabled.
# #
@ -1408,6 +1486,11 @@ email:
# #
#app_name: my_branded_matrix_server #app_name: my_branded_matrix_server
# Uncomment the following to enable sending emails for messages that the user
# has missed. Disabled by default.
#
#enable_notifs: true
# Uncomment the following to disable automatic subscription to email # Uncomment the following to disable automatic subscription to email
# notifications for new users. Enabled by default. # notifications for new users. Enabled by default.
# #

View File

@ -23,6 +23,8 @@ server {
ssl_certificate_key /etc/nginx/ssl/{{ matrix_domain }}.key; ssl_certificate_key /etc/nginx/ssl/{{ matrix_domain }}.key;
ssl_certificate /etc/nginx/ssl/{{ matrix_domain }}.crt; ssl_certificate /etc/nginx/ssl/{{ matrix_domain }}.crt;
client_max_body_size 5M;
location / { location / {
proxy_pass http://localhost:8008; proxy_pass http://localhost:8008;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For $remote_addr;
@ -38,6 +40,8 @@ server {
ssl_certificate_key /etc/nginx/ssl/{{ matrix_domain }}.key; ssl_certificate_key /etc/nginx/ssl/{{ matrix_domain }}.key;
ssl_certificate /etc/nginx/ssl/{{ matrix_domain }}.crt; ssl_certificate /etc/nginx/ssl/{{ matrix_domain }}.crt;
client_max_body_size 5M;
location / { location / {
proxy_pass http://localhost:8008; proxy_pass http://localhost:8008;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For $remote_addr;