On Tue, Apr 21, 2020 at 12:27:50AM +0200, Klemens Nanni wrote: > On Fri, Apr 17, 2020 at 05:59:49PM +0200, Renaud Allard wrote: > > I am by no means a relayd expert, but it looks fine to me. > This can be used right ahead, I'd like to see this go in. > > Thanks Renaud! One thing: you changed the package's content, hence a > REVISION bump is required. Credits go to Andrea Fleckenstein of course, I mixed up the names, sorry.
> OK kn for anyone to commit, > otherwise I'll do so by tomorrow unless I hear objections. CVS diff attached for clarity. Index: Makefile =================================================================== RCS file: /cvs/ports/net/synapse/Makefile,v retrieving revision 1.3 diff -u -p -r1.3 Makefile --- Makefile 3 Apr 2020 07:19:47 -0000 1.3 +++ Makefile 20 Apr 2020 22:27:54 -0000 @@ -3,6 +3,7 @@ COMMENT = open network for secure, decentralized communication MODPY_EGG_VERSION = 1.12.2 +REVISION = 0 GH_ACCOUNT = matrix-org GH_PROJECT = synapse Index: pkg/README =================================================================== RCS file: /cvs/ports/net/synapse/pkg/README,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 README --- pkg/README 8 Mar 2020 17:03:15 -0000 1.1.1.1 +++ pkg/README 20 Apr 2020 22:28:13 -0000 @@ -27,6 +27,29 @@ By default, synapse will run without TLS This means that you will not be able to connect to your server remotely. The best way to achieve remote connectivity is through a reverse proxy. +Here is a relayd.conf(5) example: + + http protocol synapse { + match request header append "X-Forwarded-For" value "$REMOTE_ADDR" + match request header append "X-Forwaded-By" value "$SERVER_ADDR:$SERVER_PORT" + + tls keypair "matrix.example.com" + + match request header set "Connection" value "close" + } + + relay "synapse" { + listen on matrix.example.com port 443 tls + protocol "synapse" + forward to 127.0.0.1 port 8008 + } + + relay "synapse-server" { + listen on matrix.example.com port 8448 tls + protocol "synapse" + forward to 127.0.0.1 port 8008 + } + Here is an Nginx vhost reverse proxy example: server {