Merge branch 'develop' of github.com:matrix-org/synapse into erikj/add_rate_limiting_to_joins

faba873d · Erik Johnston · 9b3ab57a · e2a4ba6f · faba873d · faba873d
Commit faba873d authored 4 years ago by Erik Johnston
--- a/INSTALL.md
+++ b/INSTALL.md
 - [Choosing your server name](#choosing-your-server-name)
+- [Picking a database engine](#picking-a-database-engine)
 - [Installing Synapse](#installing-synapse)
  - [Installing from source](#installing-from-source)
    - [Platform-Specific Instructions](#platform-specific-instructions)
  - [Prebuilt packages](#prebuilt-packages)
 - [Setting up Synapse](#setting-up-synapse)
  - [TLS certificates](#tls-certificates)
+  - [Client Well-Known URI](#client-well-known-uri)
  - [Email](#email)
  - [Registering a user](#registering-a-user)
  - [Setting up a TURN server](#setting-up-a-turn-server)
@@ -27,6 +29,25 @@ that your email address is probably `user@example.com` rather than
 `user@email.example.com`) - but doing so may require more advanced setup: see
 [Setting up Federation](docs/federate.md).
+# Picking a database engine
+Synapse offers two database engines:
+ * [PostgreSQL](https://www.postgresql.org)
+ * [SQLite](https://sqlite.org/)
+Almost all installations should opt to use PostgreSQL. Advantages include:
+* significant performance improvements due to the superior threading and
+  caching model, smarter query optimiser
+* allowing the DB to be run on separate hardware
+For information on how to install and use PostgreSQL, please see
+[docs/postgres.md](docs/postgres.md)
+By default Synapse uses SQLite and in doing so trades performance for convenience.
+SQLite is only recommended in Synapse for testing purposes or for servers with
+light workloads.
 # Installing Synapse
 ## Installing from source
@@ -234,9 +255,9 @@ for a number of platforms.
 There is an offical synapse image available at
 https://hub.docker.com/r/matrixdotorg/synapse which can be used with
-the docker-compose file available at [contrib/docker](contrib/docker). Further information on
+the docker-compose file available at [contrib/docker](contrib/docker). Further
-this including configuration options is available in the README on
+information on this including configuration options is available in the README
-hub.docker.com.
+on hub.docker.com.
 Alternatively, Andreas Peters (previously Silvio Fricke) has contributed a
 Dockerfile to automate a synapse server in a single Docker image, at
@@ -244,7 +265,8 @@ https://hub.docker.com/r/avhost/docker-matrix/tags/
 Slavi Pantaleev has created an Ansible playbook,
 which installs the offical Docker image of Matrix Synapse
-along with many other Matrix-related services (Postgres database, riot-web, coturn, mxisd, SSL support, etc.).
+along with many other Matrix-related services (Postgres database, Element, coturn,
+ma1sd, SSL support, etc.).
 For more details, see
 https://github.com/spantaleev/matrix-docker-ansible-deploy
@@ -277,22 +299,27 @@ The fingerprint of the repository signing key (as shown by `gpg
 /usr/share/keyrings/matrix-org-archive-keyring.gpg`) is
 `AAF9AE843A7584B5A3E4CD2BCF45A512DE2DA058`.
-#### Downstream Debian/Ubuntu packages
+#### Downstream Debian packages
-For `buster` and `sid`, Synapse is available in the Debian repositories and
+We do not recommend using the packages from the default Debian `buster`
-it should be possible to install it with simply:
+repository at this time, as they are old and suffer from known security
+vulnerabilities. You can install the latest version of Synapse from
+[our repository](#matrixorg-packages) or from `buster-backports`. Please
+see the [Debian documentation](https://backports.debian.org/Instructions/)
+for information on how to use backports.
+If you are using Debian `sid` or testing, Synapse is available in the default
+repositories and it should be possible to install it simply with:
 ```
 sudo apt install matrix-synapse
 ```
-There is also a version of `matrix-synapse` in `stretch-backports`. Please see
+#### Downstream Ubuntu packages
-the [Debian documentation on
-backports](https://backports.debian.org/Instructions/) for information on how
-to use them.
-We do not recommend using the packages in downstream Ubuntu at this time, as
+We do not recommend using the packages in the default Ubuntu repository
-they are old and suffer from known security vulnerabilities.
+at this time, as they are old and suffer from known security vulnerabilities.
+The latest version of Synapse can be installed from [our repository](#matrixorg-packages).
 ### Fedora
@@ -419,6 +446,60 @@ so, you will need to edit `homeserver.yaml`, as follows:
 For a more detailed guide to configuring your server for federation, see
 [federate.md](docs/federate.md).
+## Client Well-Known URI
+Setting up the client Well-Known URI is optional but if you set it up, it will
+allow users to enter their full username (e.g. `@user:<server_name>`) into clients
+which support well-known lookup to automatically configure the homeserver and
+identity server URLs. This is useful so that users don't have to memorize or think
+about the actual homeserver URL you are using.
+The URL `https://<server_name>/.well-known/matrix/client` should return JSON in
+the following format.
+```
+{
+  "m.homeserver": {
+    "base_url": "https://<matrix.example.com>"
+  }
+}
+```
+It can optionally contain identity server information as well.
+```
+{
+  "m.homeserver": {
+    "base_url": "https://<matrix.example.com>"
+  },
+  "m.identity_server": {
+    "base_url": "https://<identity.example.com>"
+  }
+}
+```
+To work in browser based clients, the file must be served with the appropriate
+Cross-Origin Resource Sharing (CORS) headers. A recommended value would be
+`Access-Control-Allow-Origin: *` which would allow all browser based clients to
+view it.
+In nginx this would be something like:
+```
+location /.well-known/matrix/client {
+    return 200 '{"m.homeserver": {"base_url": "https://<matrix.example.com>"}}';
+    add_header Content-Type application/json;
+    add_header Access-Control-Allow-Origin *;
+}
+```
+You should also ensure the `public_baseurl` option in `homeserver.yaml` is set
+correctly. `public_baseurl` should be set to the URL that clients will use to
+connect to your server. This is the same URL you put for the `m.homeserver`
+`base_url` above.
+```
+public_baseurl: "https://<matrix.example.com>"
+```
 ## Email
@@ -437,7 +518,7 @@ email will be disabled.
 ## Registering a user
-The easiest way to create a new user is to do so from a client like [Riot](https://riot.im).
+The easiest way to create a new user is to do so from a client like [Element](https://element.io/).
 Alternatively you can do so from the command line if you have installed via pip.

--- a/README.rst
+++ b/README.rst
@@ -45,7 +45,7 @@ which handle:
 - Eventually-consistent cryptographically secure synchronisation of room
  state across a global open network of federated servers and services
 - Sending and receiving extensible messages in a room with (optional)
-  end-to-end encryption[1]
+  end-to-end encryption
 - Inviting, joining, leaving, kicking, banning room members
 - Managing user accounts (registration, login, logout)
 - Using 3rd Party IDs (3PIDs) such as email addresses, phone numbers,
@@ -82,9 +82,6 @@ at the `Matrix spec <https://matrix.org/docs/spec>`_, and experiment with the
 Thanks for using Matrix!
-[1] End-to-end encryption is currently in beta: `blog post <https://matrix.org/blog/2016/11/21/matrixs-olm-end-to-end-encryption-security-assessment-released-and-implemented-cross-platform-on-riot-at-last>`_.
 Support
 =======
@@ -115,12 +112,11 @@ Unless you are running a test instance of Synapse on your local machine, in
 general, you will need to enable TLS support before you can successfully
 connect from a client: see `<INSTALL.md#tls-certificates>`_.
-An easy way to get started is to login or register via Riot at
+An easy way to get started is to login or register via Element at
-https://riot.im/app/#/login or https://riot.im/app/#/register respectively.
+https://app.element.io/#/login or https://app.element.io/#/register respectively.
 You will need to change the server you are logging into from ``matrix.org``
 and instead specify a Homeserver URL of ``https://<server_name>:8448``
 (or just ``https://<server_name>`` if you are using a reverse proxy).
-(Leave the identity server as the default - see `Identity servers`_.)
 If you prefer to use another client, refer to our
 `client breakdown <https://matrix.org/docs/projects/clients-matrix>`_.
@@ -137,7 +133,7 @@ it, specify ``enable_registration: true`` in ``homeserver.yaml``. (It is then
 recommended to also set up CAPTCHA - see `<docs/CAPTCHA_SETUP.md>`_.)
 Once ``enable_registration`` is set to ``true``, it is possible to register a
-user via `riot.im <https://riot.im/app/#/register>`_ or other Matrix clients.
+user via a Matrix client.
 Your new user name will be formed partly from the ``server_name``, and partly
 from a localpart you specify when you create the account. Your name will take
@@ -183,30 +179,6 @@ versions of synapse.
 .. _UPGRADE.rst: UPGRADE.rst
-Using PostgreSQL
-================
-Synapse offers two database engines:
- * `PostgreSQL <https://www.postgresql.org>`_
- * `SQLite <https://sqlite.org/>`_
-Almost all installations should opt to use PostgreSQL. Advantages include:
-* significant performance improvements due to the superior threading and
-  caching model, smarter query optimiser
-* allowing the DB to be run on separate hardware
-* allowing basic active/backup high-availability with a "hot spare" synapse
-  pointing at the same DB master, as well as enabling DB replication in
-  synapse itself.
-For information on how to install and use PostgreSQL, please see
-`docs/postgres.md <docs/postgres.md>`_.
-By default Synapse uses SQLite and in doing so trades performance for convenience.
-SQLite is only recommended in Synapse for testing purposes or for servers with
-light workloads.
 .. _reverse-proxy:
 Using a reverse proxy with Synapse
@@ -255,10 +227,9 @@ email address.
 Password reset
 ==============
-If a user has registered an email address to their account using an identity
+Users can reset their password through their client. Alternatively, a server admin
-server, they can request a password-reset token via clients such as Riot.
+can reset a users password using the `admin API <docs/admin_api/user_admin_api.rst#reset-password>`_
+or by directly editing the database as shown below.
-A manual password reset can be done via direct database access as follows.
 First calculate the hash of the new password::

--- a/changelog.d/7736.feature
+++ b/changelog.d/7736.feature
+Add unread messages count to sync responses, as specified in [MSC2654](https://github.com/matrix-org/matrix-doc/pull/2654).
--- a/changelog.d/7899.doc
+++ b/changelog.d/7899.doc
+Document how to set up a Client Well-Known file and fix several pieces of outdated documentation.
--- a/changelog.d/7902.feature
+++ b/changelog.d/7902.feature
+Add option to allow server admins to join rooms which fail complexity checks. Contributed by @lugino-emeritus.
--- a/changelog.d/7936.misc
+++ b/changelog.d/7936.misc
+Switch to the JSON implementation from the standard library and bump the minimum version of the canonicaljson library to 1.2.0.
--- a/changelog.d/7947.misc
+++ b/changelog.d/7947.misc
+Convert various parts of the codebase to async/await.
--- a/changelog.d/7948.misc
+++ b/changelog.d/7948.misc
+Convert various parts of the codebase to async/await.
--- a/changelog.d/7949.misc
+++ b/changelog.d/7949.misc
+Convert various parts of the codebase to async/await.
--- a/changelog.d/7951.misc
+++ b/changelog.d/7951.misc
+Convert various parts of the codebase to async/await.
--- a/changelog.d/7952.misc
+++ b/changelog.d/7952.misc
+Move some database-related log lines from the default logger to the database/transaction loggers.
\ No newline at end of file
--- a/changelog.d/7963.misc
+++ b/changelog.d/7963.misc
+Convert various parts of the codebase to async/await.
--- a/changelog.d/7964.feature
+++ b/changelog.d/7964.feature
+Add an option to purge room or not with delete room admin endpoint (`POST /_synapse/admin/v1/rooms/<room_id>/delete`). Contributed by @dklimpel.
\ No newline at end of file
--- a/changelog.d/7965.misc
+++ b/changelog.d/7965.misc
+Add a script to detect source code files using non-unix line terminators.
\ No newline at end of file
--- a/changelog.d/7970.misc
+++ b/changelog.d/7970.misc
+Add a script to detect source code files using non-unix line terminators.
\ No newline at end of file
--- a/changelog.d/7971.misc
+++ b/changelog.d/7971.misc
+Log the SAML session ID during creation.
--- a/changelog.d/7973.misc
+++ b/changelog.d/7973.misc
+Convert various parts of the codebase to async/await.
--- a/changelog.d/7975.misc
+++ b/changelog.d/7975.misc
+Convert various parts of the codebase to async/await.
--- a/changelog.d/7976.misc
+++ b/changelog.d/7976.misc
+Convert various parts of the codebase to async/await.
--- a/changelog.d/7978.bugfix
+++ b/changelog.d/7978.bugfix
+Fix a long standing bug: 'Duplicate key value violates unique constraint "event_relations_id"' when message retention is configured.