mirror of
https://github.com/matrix-org/dendrite.git
synced 2024-11-29 17:51:56 -06:00
docs: Add build page; correct proxy info; fix Caddy example (#2579)
* Add build page; correct proxy info; fix Caddy example * Improve Caddyfile example * Apply review comments; add polylith Caddyfile
This commit is contained in:
parent
9507966ebd
commit
35ce551c8f
|
@ -24,7 +24,7 @@ Unfortunately we can't accept contributions without it.
|
||||||
|
|
||||||
## Getting up and running
|
## Getting up and running
|
||||||
|
|
||||||
See the [Installation](INSTALL.md) section for information on how to build an
|
See the [Installation](installation) section for information on how to build an
|
||||||
instance of Dendrite. You will likely need this in order to test your changes.
|
instance of Dendrite. You will likely need this in order to test your changes.
|
||||||
|
|
||||||
## Code style
|
## Code style
|
||||||
|
|
|
@ -1,68 +0,0 @@
|
||||||
{
|
|
||||||
# debug
|
|
||||||
admin off
|
|
||||||
email example@example.com
|
|
||||||
default_sni example.com
|
|
||||||
# Debug endpoint
|
|
||||||
# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
|
|
||||||
}
|
|
||||||
|
|
||||||
#######################################################################
|
|
||||||
# Snippets
|
|
||||||
#______________________________________________________________________
|
|
||||||
|
|
||||||
(handle_errors_maintenance) {
|
|
||||||
handle_errors {
|
|
||||||
@maintenance expression {http.error.status_code} == 502
|
|
||||||
rewrite @maintenance maintenance.html
|
|
||||||
root * "/path/to/service/pages"
|
|
||||||
file_server
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
(matrix-well-known-header) {
|
|
||||||
# Headers
|
|
||||||
header Access-Control-Allow-Origin "*"
|
|
||||||
header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
|
|
||||||
header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
|
|
||||||
header Content-Type "application/json"
|
|
||||||
}
|
|
||||||
|
|
||||||
#######################################################################
|
|
||||||
|
|
||||||
example.com {
|
|
||||||
|
|
||||||
# ...
|
|
||||||
|
|
||||||
handle /.well-known/matrix/server {
|
|
||||||
import matrix-well-known-header
|
|
||||||
respond `{ "m.server": "matrix.example.com:443" }` 200
|
|
||||||
}
|
|
||||||
|
|
||||||
handle /.well-known/matrix/client {
|
|
||||||
import matrix-well-known-header
|
|
||||||
respond `{ "m.homeserver": { "base_url": "https://matrix.example.com" } }` 200
|
|
||||||
}
|
|
||||||
|
|
||||||
import handle_errors_maintenance
|
|
||||||
}
|
|
||||||
|
|
||||||
example.com:8448 {
|
|
||||||
# server<->server HTTPS traffic
|
|
||||||
reverse_proxy http://dendrite-host:8008
|
|
||||||
}
|
|
||||||
|
|
||||||
matrix.example.com {
|
|
||||||
|
|
||||||
handle /_matrix/* {
|
|
||||||
# client<->server HTTPS traffic
|
|
||||||
reverse_proxy http://dendrite-host:8008
|
|
||||||
}
|
|
||||||
|
|
||||||
handle_path /* {
|
|
||||||
# Client webapp (Element SPA or ...)
|
|
||||||
file_server {
|
|
||||||
root /path/to/www/example.com/matrix-web-client/
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
57
docs/caddy/monolith/Caddyfile
Normal file
57
docs/caddy/monolith/Caddyfile
Normal file
|
@ -0,0 +1,57 @@
|
||||||
|
# Sample Caddyfile for using Caddy in front of Dendrite.
|
||||||
|
#
|
||||||
|
# Customize email address and domain names.
|
||||||
|
# Optional settings commented out.
|
||||||
|
#
|
||||||
|
# BE SURE YOUR DOMAINS ARE POINTED AT YOUR SERVER FIRST.
|
||||||
|
# Documentation: https://caddyserver.com/docs/
|
||||||
|
#
|
||||||
|
# Bonus tip: If your IP address changes, use Caddy's
|
||||||
|
# dynamic DNS plugin to update your DNS records to
|
||||||
|
# point to your new IP automatically:
|
||||||
|
# https://github.com/mholt/caddy-dynamicdns
|
||||||
|
#
|
||||||
|
|
||||||
|
|
||||||
|
# Global options block
|
||||||
|
{
|
||||||
|
# In case there is a problem with your certificates.
|
||||||
|
# email example@example.com
|
||||||
|
|
||||||
|
# Turn off the admin endpoint if you don't need graceful config
|
||||||
|
# changes and/or are running untrusted code on your machine.
|
||||||
|
# admin off
|
||||||
|
|
||||||
|
# Enable this if your clients don't send ServerName in TLS handshakes.
|
||||||
|
# default_sni example.com
|
||||||
|
|
||||||
|
# Enable debug mode for verbose logging.
|
||||||
|
# debug
|
||||||
|
|
||||||
|
# Use Let's Encrypt's staging endpoint for testing.
|
||||||
|
# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
|
||||||
|
|
||||||
|
# If you're port-forwarding HTTP/HTTPS ports from 80/443 to something
|
||||||
|
# else, enable these and put the alternate port numbers here.
|
||||||
|
# http_port 8080
|
||||||
|
# https_port 8443
|
||||||
|
}
|
||||||
|
|
||||||
|
# The server name of your matrix homeserver. This example shows
|
||||||
|
# "well-known delegation" from the registered domain to a subdomain,
|
||||||
|
# which is only needed if your server_name doesn't match your Matrix
|
||||||
|
# homeserver URL (i.e. you can show users a vanity domain that looks
|
||||||
|
# nice and is easy to remember but still have your Matrix server on
|
||||||
|
# its own subdomain or hosted service).
|
||||||
|
example.com {
|
||||||
|
header /.well-known/matrix/* Content-Type application/json
|
||||||
|
header /.well-known/matrix/* Access-Control-Allow-Origin *
|
||||||
|
respond /.well-known/matrix/server `{"m.server": "matrix.example.com:443"}`
|
||||||
|
respond /.well-known/matrix/client `{"m.homeserver": {"base_url": "https://matrix.example.com"}}`
|
||||||
|
}
|
||||||
|
|
||||||
|
# The actual domain name whereby your Matrix server is accessed.
|
||||||
|
matrix.example.com {
|
||||||
|
# Set localhost:8008 to the address of your Dendrite server, if different
|
||||||
|
reverse_proxy /_matrix/* localhost:8008
|
||||||
|
}
|
66
docs/caddy/polylith/Caddyfile
Normal file
66
docs/caddy/polylith/Caddyfile
Normal file
|
@ -0,0 +1,66 @@
|
||||||
|
# Sample Caddyfile for using Caddy in front of Dendrite.
|
||||||
|
#
|
||||||
|
# Customize email address and domain names.
|
||||||
|
# Optional settings commented out.
|
||||||
|
#
|
||||||
|
# BE SURE YOUR DOMAINS ARE POINTED AT YOUR SERVER FIRST.
|
||||||
|
# Documentation: https://caddyserver.com/docs/
|
||||||
|
#
|
||||||
|
# Bonus tip: If your IP address changes, use Caddy's
|
||||||
|
# dynamic DNS plugin to update your DNS records to
|
||||||
|
# point to your new IP automatically:
|
||||||
|
# https://github.com/mholt/caddy-dynamicdns
|
||||||
|
#
|
||||||
|
|
||||||
|
|
||||||
|
# Global options block
|
||||||
|
{
|
||||||
|
# In case there is a problem with your certificates.
|
||||||
|
# email example@example.com
|
||||||
|
|
||||||
|
# Turn off the admin endpoint if you don't need graceful config
|
||||||
|
# changes and/or are running untrusted code on your machine.
|
||||||
|
# admin off
|
||||||
|
|
||||||
|
# Enable this if your clients don't send ServerName in TLS handshakes.
|
||||||
|
# default_sni example.com
|
||||||
|
|
||||||
|
# Enable debug mode for verbose logging.
|
||||||
|
# debug
|
||||||
|
|
||||||
|
# Use Let's Encrypt's staging endpoint for testing.
|
||||||
|
# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
|
||||||
|
|
||||||
|
# If you're port-forwarding HTTP/HTTPS ports from 80/443 to something
|
||||||
|
# else, enable these and put the alternate port numbers here.
|
||||||
|
# http_port 8080
|
||||||
|
# https_port 8443
|
||||||
|
}
|
||||||
|
|
||||||
|
# The server name of your matrix homeserver. This example shows
|
||||||
|
# "well-known delegation" from the registered domain to a subdomain,
|
||||||
|
# which is only needed if your server_name doesn't match your Matrix
|
||||||
|
# homeserver URL (i.e. you can show users a vanity domain that looks
|
||||||
|
# nice and is easy to remember but still have your Matrix server on
|
||||||
|
# its own subdomain or hosted service).
|
||||||
|
example.com {
|
||||||
|
header /.well-known/matrix/* Content-Type application/json
|
||||||
|
header /.well-known/matrix/* Access-Control-Allow-Origin *
|
||||||
|
respond /.well-known/matrix/server `{"m.server": "matrix.example.com:443"}`
|
||||||
|
respond /.well-known/matrix/client `{"m.homeserver": {"base_url": "https://matrix.example.com"}}`
|
||||||
|
}
|
||||||
|
|
||||||
|
# The actual domain name whereby your Matrix server is accessed.
|
||||||
|
matrix.example.com {
|
||||||
|
# Change the end of each reverse_proxy line to the correct
|
||||||
|
# address for your various services.
|
||||||
|
@sync_api {
|
||||||
|
path_regexp /_matrix/client/.*?/(sync|user/.*?/filter/?.*|keys/changes|rooms/.*?/messages)$
|
||||||
|
}
|
||||||
|
reverse_proxy @sync_api sync_api:8073
|
||||||
|
|
||||||
|
reverse_proxy /_matrix/client* client_api:8071
|
||||||
|
reverse_proxy /_matrix/federation* federation_api:8071
|
||||||
|
reverse_proxy /_matrix/key* federation_api:8071
|
||||||
|
reverse_proxy /_matrix/media* media_api:8071
|
||||||
|
}
|
|
@ -2,7 +2,7 @@
|
||||||
title: Starting the polylith
|
title: Starting the polylith
|
||||||
parent: Installation
|
parent: Installation
|
||||||
has_toc: true
|
has_toc: true
|
||||||
nav_order: 9
|
nav_order: 10
|
||||||
permalink: /installation/start/polylith
|
permalink: /installation/start/polylith
|
||||||
---
|
---
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
title: Optimise your installation
|
title: Optimise your installation
|
||||||
parent: Installation
|
parent: Installation
|
||||||
has_toc: true
|
has_toc: true
|
||||||
nav_order: 10
|
nav_order: 11
|
||||||
permalink: /installation/start/optimisation
|
permalink: /installation/start/optimisation
|
||||||
---
|
---
|
||||||
|
|
|
@ -95,12 +95,13 @@ enabled.
|
||||||
To do so, follow the [NATS Server installation instructions](https://docs.nats.io/running-a-nats-service/introduction/installation) and then [start your NATS deployment](https://docs.nats.io/running-a-nats-service/introduction/running). JetStream must be enabled, either by passing the `-js` flag to `nats-server`,
|
To do so, follow the [NATS Server installation instructions](https://docs.nats.io/running-a-nats-service/introduction/installation) and then [start your NATS deployment](https://docs.nats.io/running-a-nats-service/introduction/running). JetStream must be enabled, either by passing the `-js` flag to `nats-server`,
|
||||||
or by specifying the `store_dir` option in the the `jetstream` configuration.
|
or by specifying the `store_dir` option in the the `jetstream` configuration.
|
||||||
|
|
||||||
### Reverse proxy (polylith deployments)
|
### Reverse proxy
|
||||||
|
|
||||||
Polylith deployments require a reverse proxy, such as [NGINX](https://www.nginx.com) or
|
A reverse proxy such as [Caddy](https://caddyserver.com), [NGINX](https://www.nginx.com) or
|
||||||
[HAProxy](http://www.haproxy.org). Configuring those is not covered in this documentation,
|
[HAProxy](http://www.haproxy.org) is required for polylith deployments and is useful for monolith
|
||||||
although a [sample configuration for NGINX](https://github.com/matrix-org/dendrite/blob/main/docs/nginx/polylith-sample.conf)
|
deployments. Configuring those is not covered in this documentation, although sample configurations
|
||||||
is provided.
|
for [Caddy](https://github.com/matrix-org/dendrite/blob/main/docs/caddy) and
|
||||||
|
[NGINX](https://github.com/matrix-org/dendrite/blob/main/docs/nginx) are provided.
|
||||||
|
|
||||||
### Windows
|
### Windows
|
||||||
|
|
||||||
|
|
|
@ -29,15 +29,23 @@ The exact details of how server name resolution works can be found in
|
||||||
## TLS certificates
|
## TLS certificates
|
||||||
|
|
||||||
Matrix federation requires that valid TLS certificates are present on the domain. You must
|
Matrix federation requires that valid TLS certificates are present on the domain. You must
|
||||||
obtain certificates from a publicly accepted Certificate Authority (CA). [LetsEncrypt](https://letsencrypt.org)
|
obtain certificates from a publicly-trusted certificate authority (CA). [Let's Encrypt](https://letsencrypt.org)
|
||||||
is an example of such a CA that can be used. Self-signed certificates are not suitable for
|
is a popular choice of CA because the certificates are publicly-trusted, free, and automated
|
||||||
federation and will typically not be accepted by other homeservers.
|
via the ACME protocol. (Self-signed certificates are not suitable for federation and will typically
|
||||||
|
not be accepted by other homeservers.)
|
||||||
|
|
||||||
A common practice to help ease the management of certificates is to install a reverse proxy in
|
Automating the renewal of TLS certificates is best practice. There are many tools for this,
|
||||||
front of Dendrite which manages the TLS certificates and HTTPS proxying itself. Software such as
|
but the simplest way to achieve TLS automation is to have your reverse proxy do it for you.
|
||||||
[NGINX](https://www.nginx.com) and [HAProxy](http://www.haproxy.org) can be used for the task.
|
[Caddy](https://caddyserver.com) is recommended as a production-grade reverse proxy with
|
||||||
Although the finer details of configuring these are not described here, you must reverse proxy
|
automatic TLS which is commonly used in front of Dendrite. It obtains and renews TLS certificates
|
||||||
all `/_matrix` paths to your Dendrite server.
|
automatically and by default as long as your domain name is pointed at your server first.
|
||||||
|
Although the finer details of [configuring Caddy](https://caddyserver.com/docs/) is not described
|
||||||
|
here, in general, you must reverse proxy all `/_matrix` paths to your Dendrite server. For example,
|
||||||
|
with Caddy:
|
||||||
|
|
||||||
|
```
|
||||||
|
reverse_proxy /_matrix/* localhost:8008
|
||||||
|
```
|
||||||
|
|
||||||
It is possible for the reverse proxy to listen on the standard HTTPS port TCP/443 so long as your
|
It is possible for the reverse proxy to listen on the standard HTTPS port TCP/443 so long as your
|
||||||
domain delegation is configured to point to port TCP/443.
|
domain delegation is configured to point to port TCP/443.
|
||||||
|
@ -76,6 +84,16 @@ and contain the following JSON document:
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
For example, this can be done with the following Caddy config:
|
||||||
|
|
||||||
|
```
|
||||||
|
handle /.well-known/matrix/client {
|
||||||
|
header Content-Type application/json
|
||||||
|
header Access-Control-Allow-Origin *
|
||||||
|
respond `{"m.homeserver": {"base_url": "https://matrix.example.com:8448"}}`
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
You can also serve `.well-known` with Dendrite itself by setting the `well_known_server_name` config
|
You can also serve `.well-known` with Dendrite itself by setting the `well_known_server_name` config
|
||||||
option to the value you want for `m.server`. This is primarily useful if Dendrite is exposed on
|
option to the value you want for `m.server`. This is primarily useful if Dendrite is exposed on
|
||||||
`example.com:443` and you don't want to set up a separate webserver just for serving the `.well-known`
|
`example.com:443` and you don't want to set up a separate webserver just for serving the `.well-known`
|
||||||
|
|
38
docs/installation/3_build.md
Normal file
38
docs/installation/3_build.md
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
---
|
||||||
|
title: Building Dendrite
|
||||||
|
parent: Installation
|
||||||
|
has_toc: true
|
||||||
|
nav_order: 3
|
||||||
|
permalink: /installation/build
|
||||||
|
---
|
||||||
|
|
||||||
|
# Build all Dendrite commands
|
||||||
|
|
||||||
|
Dendrite has numerous utility commands in addition to the actual server binaries.
|
||||||
|
Build them all from the root of the source repo with `build.sh` (Linux/Mac):
|
||||||
|
|
||||||
|
```sh
|
||||||
|
./build.sh
|
||||||
|
```
|
||||||
|
|
||||||
|
or `build.cmd` (Windows):
|
||||||
|
|
||||||
|
```powershell
|
||||||
|
build.cmd
|
||||||
|
```
|
||||||
|
|
||||||
|
The resulting binaries will be placed in the `bin` subfolder.
|
||||||
|
|
||||||
|
# Installing as a monolith
|
||||||
|
|
||||||
|
You can install the Dendrite monolith binary into `$GOPATH/bin` by using `go install`:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
go install ./cmd/dendrite-monolith-server
|
||||||
|
```
|
||||||
|
|
||||||
|
Alternatively, you can specify a custom path for the binary to be written to using `go build`:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
go build -o /usr/local/bin/ ./cmd/dendrite-monolith-server
|
||||||
|
```
|
|
@ -17,7 +17,9 @@ filenames in the Dendrite configuration file and start Dendrite. The databases w
|
||||||
and populated automatically.
|
and populated automatically.
|
||||||
|
|
||||||
Note that Dendrite **cannot share a single SQLite database across multiple components**. Each
|
Note that Dendrite **cannot share a single SQLite database across multiple components**. Each
|
||||||
component must be configured with its own SQLite database filename.
|
component must be configured with its own SQLite database filename. You will have to remove
|
||||||
|
the `global.database` section from your Dendrite config and add it to each individual section
|
||||||
|
instead in order to use SQLite.
|
||||||
|
|
||||||
### Connection strings
|
### Connection strings
|
||||||
|
|
|
@ -29,5 +29,6 @@ Polylith deployments require a reverse proxy in order to ensure that requests ar
|
||||||
sent to the correct endpoint. You must ensure that a suitable reverse proxy is installed
|
sent to the correct endpoint. You must ensure that a suitable reverse proxy is installed
|
||||||
and configured.
|
and configured.
|
||||||
|
|
||||||
A [sample configuration file](https://github.com/matrix-org/dendrite/blob/main/docs/nginx/polylith-sample.conf)
|
Sample configurations are provided
|
||||||
is provided for [NGINX](https://www.nginx.com).
|
for [Caddy](https://github.com/matrix-org/dendrite/blob/main/docs/caddy/polylith/Caddyfile)
|
||||||
|
and [NGINX](https://github.com/matrix-org/dendrite/blob/main/docs/nginx/polylith-sample.conf).
|
|
@ -1,13 +1,13 @@
|
||||||
---
|
---
|
||||||
title: Populate the configuration
|
title: Configuring Dendrite
|
||||||
parent: Installation
|
parent: Installation
|
||||||
nav_order: 7
|
nav_order: 7
|
||||||
permalink: /installation/configuration
|
permalink: /installation/configuration
|
||||||
---
|
---
|
||||||
|
|
||||||
# Populate the configuration
|
# Configuring Dendrite
|
||||||
|
|
||||||
The configuration file is used to configure Dendrite. Sample configuration files are
|
A YAML configuration file is used to configure Dendrite. Sample configuration files are
|
||||||
present in the top level of the Dendrite repository:
|
present in the top level of the Dendrite repository:
|
||||||
|
|
||||||
* [`dendrite-sample.monolith.yaml`](https://github.com/matrix-org/dendrite/blob/main/dendrite-sample.monolith.yaml)
|
* [`dendrite-sample.monolith.yaml`](https://github.com/matrix-org/dendrite/blob/main/dendrite-sample.monolith.yaml)
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
title: Generating signing keys
|
title: Generating signing keys
|
||||||
parent: Installation
|
parent: Installation
|
||||||
nav_order: 4
|
nav_order: 8
|
||||||
permalink: /installation/signingkeys
|
permalink: /installation/signingkeys
|
||||||
---
|
---
|
||||||
|
|
|
@ -15,8 +15,9 @@ you can start your Dendrite monolith deployment by starting the `dendrite-monoli
|
||||||
./dendrite-monolith-server -config /path/to/dendrite.yaml
|
./dendrite-monolith-server -config /path/to/dendrite.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
If you want to change the addresses or ports that Dendrite listens on, you
|
By default, Dendrite will listen HTTP on port 8008. If you want to change the addresses
|
||||||
can use the `-http-bind-address` and `-https-bind-address` command line arguments:
|
or ports that Dendrite listens on, you can use the `-http-bind-address` and
|
||||||
|
`-https-bind-address` command line arguments:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
./dendrite-monolith-server -config /path/to/dendrite.yaml \
|
./dendrite-monolith-server -config /path/to/dendrite.yaml \
|
Loading…
Reference in a new issue