forked from infra/ansible
matrix: update config and set max_body_size
This commit is contained in:
parent
453537697d
commit
11bd9019d9
@ -1,3 +1,11 @@
|
|||||||
|
# Configuration file for Synapse.
|
||||||
|
#
|
||||||
|
# This is a YAML file: see [1] for a quick introduction. Note in particular
|
||||||
|
# that *indentation is important*: all the elements of a list or dictionary
|
||||||
|
# should have the same indentation.
|
||||||
|
#
|
||||||
|
# [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html
|
||||||
|
|
||||||
## Server ##
|
## Server ##
|
||||||
|
|
||||||
# The domain name of the server, with optional explicit port.
|
# The domain name of the server, with optional explicit port.
|
||||||
@ -24,7 +32,7 @@ pid_file: "/var/run/matrix-synapse.pid"
|
|||||||
# use synapse with a reverse proxy, this should be the URL to reach
|
# use synapse with a reverse proxy, this should be the URL to reach
|
||||||
# synapse via the proxy.
|
# synapse via the proxy.
|
||||||
#
|
#
|
||||||
#public_baseurl: https://example.com/
|
public_baseurl: https://{{ matrix_domain }}/
|
||||||
|
|
||||||
# Set the soft limit on the number of file descriptors synapse can use
|
# Set the soft limit on the number of file descriptors synapse can use
|
||||||
# Zero is used to indicate synapse should set the soft limit to the
|
# Zero is used to indicate synapse should set the soft limit to the
|
||||||
@ -456,6 +464,11 @@ retention:
|
|||||||
# ACME support: This will configure Synapse to request a valid TLS certificate
|
# ACME support: This will configure Synapse to request a valid TLS certificate
|
||||||
# for your configured `server_name` via Let's Encrypt.
|
# for your configured `server_name` via Let's Encrypt.
|
||||||
#
|
#
|
||||||
|
# Note that ACME v1 is now deprecated, and Synapse currently doesn't support
|
||||||
|
# ACME v2. This means that this feature currently won't work with installs set
|
||||||
|
# up after November 2019. For more info, and alternative solutions, see
|
||||||
|
# https://github.com/matrix-org/synapse/blob/master/docs/ACME.md#deprecation-of-acme-v1
|
||||||
|
#
|
||||||
# Note that provisioning a certificate in this way requires port 80 to be
|
# Note that provisioning a certificate in this way requires port 80 to be
|
||||||
# routed to Synapse so that it can complete the http-01 ACME challenge.
|
# routed to Synapse so that it can complete the http-01 ACME challenge.
|
||||||
# By default, if you enable ACME support, Synapse will attempt to listen on
|
# By default, if you enable ACME support, Synapse will attempt to listen on
|
||||||
@ -688,7 +701,7 @@ media_store_path: "/var/lib/matrix-synapse/media"
|
|||||||
|
|
||||||
# The largest allowed upload size in bytes
|
# The largest allowed upload size in bytes
|
||||||
#
|
#
|
||||||
#max_upload_size: 10M
|
max_upload_size: 5M
|
||||||
|
|
||||||
# Maximum number of pixels that will be thumbnailed
|
# Maximum number of pixels that will be thumbnailed
|
||||||
#
|
#
|
||||||
@ -1325,6 +1338,25 @@ saml2_config:
|
|||||||
#
|
#
|
||||||
#grandfathered_mxid_source_attribute: upn
|
#grandfathered_mxid_source_attribute: upn
|
||||||
|
|
||||||
|
# Directory in which Synapse will try to find the template files below.
|
||||||
|
# If not set, default templates from within the Synapse package will be used.
|
||||||
|
#
|
||||||
|
# DO NOT UNCOMMENT THIS SETTING unless you want to customise the templates.
|
||||||
|
# If you *do* uncomment it, you will need to make sure that all the templates
|
||||||
|
# below are in the directory.
|
||||||
|
#
|
||||||
|
# Synapse will look for the following templates in this directory:
|
||||||
|
#
|
||||||
|
# * HTML page to display to users if something goes wrong during the
|
||||||
|
# authentication process: 'saml_error.html'.
|
||||||
|
#
|
||||||
|
# This template doesn't currently need any variable to render.
|
||||||
|
#
|
||||||
|
# You can see the default templates at:
|
||||||
|
# https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
|
||||||
|
#
|
||||||
|
#template_dir: "res/templates"
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# Enable CAS for registration and login.
|
# Enable CAS for registration and login.
|
||||||
@ -1338,6 +1370,56 @@ saml2_config:
|
|||||||
# # name: value
|
# # name: value
|
||||||
|
|
||||||
|
|
||||||
|
# Additional settings to use with single-sign on systems such as SAML2 and CAS.
|
||||||
|
#
|
||||||
|
sso:
|
||||||
|
# A list of client URLs which are whitelisted so that the user does not
|
||||||
|
# have to confirm giving access to their account to the URL. Any client
|
||||||
|
# whose URL starts with an entry in the following list will not be subject
|
||||||
|
# to an additional confirmation step after the SSO login is completed.
|
||||||
|
#
|
||||||
|
# WARNING: An entry such as "https://my.client" is insecure, because it
|
||||||
|
# will also match "https://my.client.evil.site", exposing your users to
|
||||||
|
# phishing attacks from evil.site. To avoid this, include a slash after the
|
||||||
|
# hostname: "https://my.client/".
|
||||||
|
#
|
||||||
|
# By default, this list is empty.
|
||||||
|
#
|
||||||
|
#client_whitelist:
|
||||||
|
# - https://riot.im/develop
|
||||||
|
# - https://my.custom.client/
|
||||||
|
|
||||||
|
# Directory in which Synapse will try to find the template files below.
|
||||||
|
# If not set, default templates from within the Synapse package will be used.
|
||||||
|
#
|
||||||
|
# DO NOT UNCOMMENT THIS SETTING unless you want to customise the templates.
|
||||||
|
# If you *do* uncomment it, you will need to make sure that all the templates
|
||||||
|
# below are in the directory.
|
||||||
|
#
|
||||||
|
# Synapse will look for the following templates in this directory:
|
||||||
|
#
|
||||||
|
# * HTML page for a confirmation step before redirecting back to the client
|
||||||
|
# with the login token: 'sso_redirect_confirm.html'.
|
||||||
|
#
|
||||||
|
# When rendering, this template is given three variables:
|
||||||
|
# * redirect_url: the URL the user is about to be redirected to. Needs
|
||||||
|
# manual escaping (see
|
||||||
|
# https://jinja.palletsprojects.com/en/2.11.x/templates/#html-escaping).
|
||||||
|
#
|
||||||
|
# * display_url: the same as `redirect_url`, but with the query
|
||||||
|
# parameters stripped. The intention is to have a
|
||||||
|
# human-readable URL to show to users, not to use it as
|
||||||
|
# the final address to redirect to. Needs manual escaping
|
||||||
|
# (see https://jinja.palletsprojects.com/en/2.11.x/templates/#html-escaping).
|
||||||
|
#
|
||||||
|
# * server_name: the homeserver's name.
|
||||||
|
#
|
||||||
|
# You can see the default templates at:
|
||||||
|
# https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
|
||||||
|
#
|
||||||
|
#template_dir: "res/templates"
|
||||||
|
|
||||||
|
|
||||||
# The JWT needs to contain a globally unique "sub" (subject) claim.
|
# The JWT needs to contain a globally unique "sub" (subject) claim.
|
||||||
#
|
#
|
||||||
#jwt_config:
|
#jwt_config:
|
||||||
@ -1387,10 +1469,6 @@ email:
|
|||||||
#
|
#
|
||||||
#require_transport_security: true
|
#require_transport_security: true
|
||||||
|
|
||||||
# Enable sending emails for messages that the user has missed
|
|
||||||
#
|
|
||||||
#enable_notifs: false
|
|
||||||
|
|
||||||
# notif_from defines the "From" address to use when sending emails.
|
# notif_from defines the "From" address to use when sending emails.
|
||||||
# It must be set if email sending is enabled.
|
# It must be set if email sending is enabled.
|
||||||
#
|
#
|
||||||
@ -1408,6 +1486,11 @@ email:
|
|||||||
#
|
#
|
||||||
#app_name: my_branded_matrix_server
|
#app_name: my_branded_matrix_server
|
||||||
|
|
||||||
|
# Uncomment the following to enable sending emails for messages that the user
|
||||||
|
# has missed. Disabled by default.
|
||||||
|
#
|
||||||
|
#enable_notifs: true
|
||||||
|
|
||||||
# Uncomment the following to disable automatic subscription to email
|
# Uncomment the following to disable automatic subscription to email
|
||||||
# notifications for new users. Enabled by default.
|
# notifications for new users. Enabled by default.
|
||||||
#
|
#
|
||||||
|
@ -23,6 +23,8 @@ server {
|
|||||||
ssl_certificate_key /etc/nginx/ssl/{{ matrix_domain }}.key;
|
ssl_certificate_key /etc/nginx/ssl/{{ matrix_domain }}.key;
|
||||||
ssl_certificate /etc/nginx/ssl/{{ matrix_domain }}.crt;
|
ssl_certificate /etc/nginx/ssl/{{ matrix_domain }}.crt;
|
||||||
|
|
||||||
|
client_max_body_size 5M;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_pass http://localhost:8008;
|
proxy_pass http://localhost:8008;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
@ -38,6 +40,8 @@ server {
|
|||||||
ssl_certificate_key /etc/nginx/ssl/{{ matrix_domain }}.key;
|
ssl_certificate_key /etc/nginx/ssl/{{ matrix_domain }}.key;
|
||||||
ssl_certificate /etc/nginx/ssl/{{ matrix_domain }}.crt;
|
ssl_certificate /etc/nginx/ssl/{{ matrix_domain }}.crt;
|
||||||
|
|
||||||
|
client_max_body_size 5M;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_pass http://localhost:8008;
|
proxy_pass http://localhost:8008;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
Loading…
Reference in New Issue
Block a user