30c2325eaf
* Configurable X.509 certificate validation * Fix dendritejs * Update go.mod/go.sum for matrix-org/gomatrixserverlib#214 * Update sample config
179 lines
7.2 KiB
YAML
179 lines
7.2 KiB
YAML
# The config file format version
|
|
# This is used by dendrite to tell if it understands the config format.
|
|
# This will change if the structure of the config file changes or if the meaning
|
|
# of an existing config key changes.
|
|
version: 0
|
|
|
|
# The matrix specific config
|
|
matrix:
|
|
# The name of the server. This is usually the domain name, e.g 'matrix.org', 'localhost'.
|
|
server_name: "example.com"
|
|
# The path to the PEM formatted matrix private key.
|
|
private_key: "/etc/dendrite/matrix_key.pem"
|
|
# The x509 certificates used by the federation listeners for this server
|
|
federation_certificates: ["/etc/dendrite/server.crt"]
|
|
# The list of identity servers trusted to verify third party identifiers by this server.
|
|
# Defaults to no trusted servers.
|
|
trusted_third_party_id_servers:
|
|
- vector.im
|
|
- matrix.org
|
|
# Perspective key servers which are used when direct key requests fail
|
|
#key_perspectives:
|
|
# - server_name: matrix.org
|
|
# keys:
|
|
# - key_id: ed25519:auto
|
|
# public_key: Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw
|
|
# - key_id: ed25519:a_RXGa
|
|
# public_key: l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ
|
|
# Disables new users from registering (except via shared secrets)
|
|
registration_disabled: false
|
|
# Whether to disable TLS certificate validation. Warning: this reduces federation
|
|
# security and should not be enabled in production!
|
|
federation_disable_tls_validation: false
|
|
|
|
# The media repository config
|
|
media:
|
|
# The base path to where the media files will be stored. May be relative or absolute.
|
|
base_path: /var/dendrite/media
|
|
|
|
# The maximum file size in bytes that is allowed to be stored on this server.
|
|
# Note: if max_file_size_bytes is set to 0, the size is unlimited.
|
|
# Note: if max_file_size_bytes is not set, it will default to 10485760 (10MB)
|
|
max_file_size_bytes: 10485760
|
|
|
|
# Whether to dynamically generate thumbnails on-the-fly if the requested resolution is not already generated
|
|
# NOTE: This is a possible denial-of-service attack vector - use at your own risk
|
|
dynamic_thumbnails: false
|
|
|
|
# A list of thumbnail sizes to be pre-generated for downloaded remote / uploaded content
|
|
# method is one of crop or scale. If omitted, it will default to scale.
|
|
# crop scales to fill the requested dimensions and crops the excess.
|
|
# scale scales to fit the requested dimensions and one dimension may be smaller than requested.
|
|
thumbnail_sizes:
|
|
- width: 32
|
|
height: 32
|
|
method: crop
|
|
- width: 96
|
|
height: 96
|
|
method: crop
|
|
- width: 320
|
|
height: 240
|
|
method: scale
|
|
- width: 640
|
|
height: 480
|
|
method: scale
|
|
- width: 800
|
|
height: 600
|
|
method: scale
|
|
|
|
# Metrics config for Prometheus
|
|
metrics:
|
|
# Whether or not metrics are enabled
|
|
enabled: false
|
|
# Use basic auth to protect the metrics. Uncomment to the complete block to enable.
|
|
#basic_auth:
|
|
# username: prometheusUser
|
|
# password: y0ursecr3tPa$$w0rd
|
|
|
|
# The config for the TURN server
|
|
turn:
|
|
# Whether or not guests can request TURN credentials
|
|
turn_allow_guests: true
|
|
# How long the authorization should last
|
|
turn_user_lifetime: "1h"
|
|
# The list of TURN URIs to pass to clients
|
|
turn_uris: []
|
|
|
|
# Authorization via Shared Secret
|
|
# The shared secret from coturn
|
|
turn_shared_secret: "<SECRET STRING GOES HERE>"
|
|
|
|
# Authorization via Static Username & Password
|
|
# Hardcoded Username and Password
|
|
turn_username: ""
|
|
turn_password: ""
|
|
|
|
# The config for communicating with kafka
|
|
kafka:
|
|
# Where the kafka servers are running.
|
|
addresses: ["localhost:9092"]
|
|
# Whether to use naffka instead of kafka.
|
|
# Naffka can only be used when running dendrite as a single monolithic server.
|
|
# Kafka can be used both with a monolithic server and when running the
|
|
# components as separate servers.
|
|
# If enabled database.naffka must also be specified.
|
|
use_naffka: false
|
|
# The names of the kafka topics to use.
|
|
topics:
|
|
output_room_event: roomserverOutput
|
|
output_client_data: clientapiOutput
|
|
output_typing_event: eduServerTypingOutput
|
|
output_send_to_device_event: eduServerSendToDeviceOutput
|
|
user_updates: userUpdates
|
|
|
|
# The postgres connection configs for connecting to the databases, e.g.
|
|
# for Postgres: postgres://username:password@hostname/database
|
|
# for SQLite: file:filename.db or file:///path/to/filename.db
|
|
database:
|
|
account: "postgres://dendrite:itsasecret@localhost/dendrite_account?sslmode=disable"
|
|
device: "postgres://dendrite:itsasecret@localhost/dendrite_device?sslmode=disable"
|
|
media_api: "postgres://dendrite:itsasecret@localhost/dendrite_mediaapi?sslmode=disable"
|
|
sync_api: "postgres://dendrite:itsasecret@localhost/dendrite_syncapi?sslmode=disable"
|
|
room_server: "postgres://dendrite:itsasecret@localhost/dendrite_roomserver?sslmode=disable"
|
|
server_key: "postgres://dendrite:itsasecret@localhost/dendrite_serverkey?sslmode=disable"
|
|
federation_sender: "postgres://dendrite:itsasecret@localhost/dendrite_federationsender?sslmode=disable"
|
|
appservice: "postgres://dendrite:itsasecret@localhost/dendrite_appservice?sslmode=disable"
|
|
current_state: "postgres://dendrite:itsasecret@localhost/dendrite_currentstate?sslmode=disable"
|
|
e2e_key: "postgres://dendrite:itsasecret@localhost/dendrite_e2ekey?sslmode=disable"
|
|
max_open_conns: 100
|
|
max_idle_conns: 2
|
|
conn_max_lifetime: -1
|
|
# If 'use_naffka: true' set above then you need to specify a naffka database
|
|
# naffka: "postgres://dendrite:itsasecret@localhost/dendrite_naffka?sslmode=disable"
|
|
|
|
# The TCP host:port pairs to bind the internal HTTP APIs to.
|
|
# These shouldn't be exposed to the public internet.
|
|
# These aren't needed when running dendrite as a monolithic server.
|
|
listen:
|
|
room_server: "localhost:7770"
|
|
client_api: "localhost:7771"
|
|
federation_api: "localhost:7772"
|
|
sync_api: "localhost:7773"
|
|
media_api: "localhost:7774"
|
|
federation_sender: "localhost:7776"
|
|
appservice_api: "localhost:7777"
|
|
edu_server: "localhost:7778"
|
|
key_server: "localhost:7779"
|
|
server_key_api: "localhost:7780"
|
|
user_api: "localhost:7781"
|
|
current_state_server: "localhost:7782"
|
|
|
|
# The configuration for tracing the dendrite components.
|
|
tracing:
|
|
# Config for the jaeger opentracing reporter.
|
|
# See https://godoc.org/github.com/uber/jaeger-client-go/config#Configuration
|
|
# for documentation.
|
|
jaeger:
|
|
disabled: true
|
|
|
|
# A list of application service config files to use
|
|
application_services:
|
|
config_files: []
|
|
|
|
# The configuration for dendrite logs
|
|
logging:
|
|
# The logging type, only "file" is supported at the moment
|
|
- type: "file"
|
|
# The logging level, must be one of debug, info, warn, error, fatal, panic.
|
|
level: "info"
|
|
# Parameters for this type of log
|
|
params:
|
|
# File logging must be given a path to a directory. Each component will write to a different file. Logs are rotated each day and gzipped
|
|
path: "/var/log/dendrite"
|
|
# It is possible to have multiple logging hooks at the same time.
|
|
# To save only errors in a different directory, uncomment the following.
|
|
# - type: "file"
|
|
# level: "error"
|
|
# params:
|
|
# path: "/var/log/dendrite/errors"
|