mirror of
				https://github.com/spantaleev/matrix-docker-ansible-deploy.git
				synced 2025-10-26 10:03:25 +00:00 
			
		
		
		
	As described here ( https://github.com/matrix-org/synapse/issues/2438#issuecomment-327424711 ), using own SSL certificates for the federation port is more fragile, as renewing them could cause federation outages. The recommended setup is to use the self-signed certificates generated by Synapse. On the 443 port (matrix-nginx-proxy) side, we still use the Let's Encrypt certificates, which ensures API consumers work without having to trust "our own CA". Having done this, we also don't need to ever restart Synapse anymore, as no new SSL certificates need to be applied there. It's just matrix-nginx-proxy that needs to be restarted, and it doesn't even need a full restart as an "nginx reload" does the job of swithing to the new SSL certificates.
		
			
				
	
	
		
			40 lines
		
	
	
		
			1.3 KiB
		
	
	
	
		
			Django/Jinja
		
	
	
	
	
	
			
		
		
	
	
			40 lines
		
	
	
		
			1.3 KiB
		
	
	
	
		
			Django/Jinja
		
	
	
	
	
	
| [Unit]
 | |
| Description=Matrix Synapse server
 | |
| After=docker.service
 | |
| Requires=docker.service
 | |
| {% if not matrix_postgres_use_external %}
 | |
| Requires=matrix-postgres.service
 | |
| After=matrix-postgres.service
 | |
| {% endif %}
 | |
| {% if matrix_s3_media_store_enabled %}
 | |
| After=matrix-s3fs.service
 | |
| Requires=matrix-s3fs.service
 | |
| {% endif %}
 | |
| 
 | |
| [Service]
 | |
| Type=simple
 | |
| ExecStartPre=-/usr/bin/docker kill matrix-synapse
 | |
| ExecStartPre=-/usr/bin/docker rm matrix-synapse
 | |
| ExecStart=/usr/bin/docker run --rm --name matrix-synapse \
 | |
| 			{% if not matrix_postgres_use_external %}
 | |
| 			--link matrix-postgres:{{ matrix_postgres_connection_hostname }} \
 | |
| 			{% endif %}
 | |
| 			-p 8448:8448 \
 | |
| 			{% if not matrix_nginx_proxy_enabled %}
 | |
| 			-p 127.0.0.1:8008:8008 \
 | |
| 			{% endif %}
 | |
| 			-p 3478:3478 \
 | |
| 			-p 3478:3478/udp \
 | |
| 			-p {{ matrix_coturn_turn_udp_min_port }}-{{ matrix_coturn_turn_udp_max_port }}:{{ matrix_coturn_turn_udp_min_port }}-{{ matrix_coturn_turn_udp_max_port }}/udp \
 | |
| 			-v {{ matrix_synapse_config_dir_path }}:/data \
 | |
| 			-v {{ matrix_synapse_run_path }}:/matrix-run \
 | |
| 			-v {{ matrix_synapse_media_store_path }}:/matrix-media-store \
 | |
| 			{{ docker_matrix_image }}
 | |
| ExecStop=-/usr/bin/docker kill matrix-synapse
 | |
| ExecStop=-/usr/bin/docker rm matrix-synapse
 | |
| Restart=always
 | |
| RestartSec=30
 | |
| 
 | |
| [Install]
 | |
| WantedBy=multi-user.target
 |