Last active
April 5, 2022 21:47
-
-
Save ouchadam/e3ad09ec382bd91a66d88ab575ea7c31 to your computer and use it in GitHub Desktop.
Run a single https synapse instance
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
PYTHONPATH=$(readlink -f "$(pwd)") | |
export PYTHONPATH | |
DIR="$( cd "$( dirname "$0" )" && pwd )" | |
echo "$PYTHONPATH" | |
port=8080 | |
mkdir -p $port | |
pushd $port || exit | |
echo "Starting server on port $port... " | |
# Generate the configuration for the homeserver at localhost:848x. | |
python3 -m synapse.app.homeserver \ | |
--generate-config \ | |
--server-name "localhost:$port" \ | |
--config-path "$port.config" \ | |
--report-stats no | |
# Generate TLS keys. | |
openssl req -x509 -newkey rsa:4096 \ | |
-keyout "localhost:$port.tls.key" \ | |
-out "localhost:$port.tls.crt" \ | |
-days 365 -nodes -subj "/O=matrix" | |
# Add customisations to the configuration. | |
{ | |
printf '\n\n# Customisation made by demo/start.sh\n\n' | |
echo "public_baseurl: https://localhost:$port/" | |
echo 'enable_registration: true' | |
echo 'enable_registration_without_verification: true' | |
echo '' | |
# Warning, this heredoc depends on the interaction of tabs and spaces. | |
# Please don't accidentaly bork me with your fancy settings. | |
listeners=$(cat <<-PORTLISTENERS | |
# Configure server to listen on both $https_port and $port | |
# This overides some of the default settings above | |
listeners: | |
- port: $port | |
tls: true | |
bind_addresses: ['::1', '127.0.0.1'] | |
type: http | |
x_forwarded: true | |
resources: | |
- names: [client, federation] | |
compress: false | |
PORTLISTENERS | |
) | |
echo "${listeners}" | |
# Disable TLS for the servers | |
printf '\n\n# Disable TLS for the servers.' | |
echo '# DO NOT USE IN PRODUCTION' | |
echo 'use_insecure_ssl_client_just_for_testing_do_not_use: true' | |
echo 'federation_verify_certificates: false' | |
# Set paths for the TLS certificates. | |
echo "tls_certificate_path: \"$DIR/$port/localhost:$port.tls.crt\"" | |
echo "tls_private_key_path: \"$DIR/$port/localhost:$port.tls.key\"" | |
# Ignore keys from the trusted keys server | |
echo '# Ignore keys from the trusted keys server' | |
echo 'trusted_key_servers:' | |
echo ' - server_name: "matrix.org"' | |
echo ' accept_keys_insecurely: true' | |
echo '' | |
# Allow the servers to communicate over localhost. | |
allow_list=$(cat <<-ALLOW_LIST | |
# Allow the servers to communicate over localhost. | |
ip_range_whitelist: | |
- '127.0.0.1/8' | |
- '::1/128' | |
ALLOW_LIST | |
) | |
echo "${allow_list}" | |
} >> "$port.config" | |
# Check script parameters | |
if [ $# -eq 1 ]; then | |
if [ "$1" = "--no-rate-limit" ]; then | |
# Disable any rate limiting | |
ratelimiting=$(cat <<-RC | |
rc_message: | |
per_second: 1000 | |
burst_count: 1000 | |
rc_registration: | |
per_second: 1000 | |
burst_count: 1000 | |
rc_login: | |
address: | |
per_second: 1000 | |
burst_count: 1000 | |
account: | |
per_second: 1000 | |
burst_count: 1000 | |
failed_attempts: | |
per_second: 1000 | |
burst_count: 1000 | |
rc_admin_redaction: | |
per_second: 1000 | |
burst_count: 1000 | |
rc_joins: | |
local: | |
per_second: 1000 | |
burst_count: 1000 | |
remote: | |
per_second: 1000 | |
burst_count: 1000 | |
rc_3pid_validation: | |
per_second: 1000 | |
burst_count: 1000 | |
rc_invites: | |
per_room: | |
per_second: 1000 | |
burst_count: 1000 | |
per_user: | |
per_second: 1000 | |
burst_count: 1000 | |
RC | |
) | |
echo "${ratelimiting}" >> "$port.config" | |
fi | |
fi | |
# Always disable reporting of stats if the option is not there. | |
if ! grep -F "report_stats" -q "$port.config" ; then | |
echo "report_stats: false" >> "$port.config" | |
fi | |
# Run the homeserver in the background. | |
python3 -m synapse.app.homeserver \ | |
--config-path "$port.config" \ | |
-D | |
cd "$CWD" || exit |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment