From b71315fee159230dafec4e1ae5a2946653ffcb1f Mon Sep 17 00:00:00 2001
From: wroot
 <21157384+f35f0ef9d0e827dae86552d3899f78fc@users.noreply.github.com>
Date: Mon, 1 Apr 2019 21:56:24 -0500
Subject: [PATCH 1/9] Correct default POSTGRES_USER

---
 docker/README.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/docker/README.md b/docker/README.md
index 44ade63f2768..b48d74e09cab 100644
--- a/docker/README.md
+++ b/docker/README.md
@@ -60,7 +60,8 @@ Synapse requires a valid TLS certificate. You can do one of the following:
  * Provide your own certificate and key (as
    `${DATA_PATH}/${SYNAPSE_SERVER_NAME}.tls.crt` and
    `${DATA_PATH}/${SYNAPSE_SERVER_NAME}.tls.key`, or elsewhere by providing an
-   entire config as `${SYNAPSE_CONFIG_PATH}`).
+   entire config as `${SYNAPSE_CONFIG_PATH}`). In this case, you should forward
+   traffic to port 8448 in the container, for example with `-p 443:8448`.
 
  * Use a reverse proxy to terminate incoming TLS, and forward the plain http
    traffic to port 8008 in the container. In this case you should set `-e
@@ -138,7 +139,7 @@ Database specific values (will use SQLite if not set):
   **NOTE**: You are highly encouraged to use postgresql! Please use the compose
   file to make it easier to deploy.
 * `POSTGRES_USER` - The user for the synapse postgres database. [default:
-  `matrix`]
+  `synapse`]
 
 Mail server specific values (will not send emails if not set):
 

From 310962016ceabb86c87a351d883f2e471f5016c7 Mon Sep 17 00:00:00 2001
From: wroot
 <21157384+f35f0ef9d0e827dae86552d3899f78fc@users.noreply.github.com>
Date: Mon, 1 Apr 2019 22:26:51 -0500
Subject: [PATCH 2/9] Add changelog file

---
 changelog.d/4987.misc | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 changelog.d/4987.misc

diff --git a/changelog.d/4987.misc b/changelog.d/4987.misc
new file mode 100644
index 000000000000..33490e146f2e
--- /dev/null
+++ b/changelog.d/4987.misc
@@ -0,0 +1 @@
+README updates: Corrected the default POSTGRES_USER. Added port forwarding hint in TLS section.

From ceeae4d1b105241a07900fb74411bcdd4468aacd Mon Sep 17 00:00:00 2001
From: wroot
 <21157384+f35f0ef9d0e827dae86552d3899f78fc@users.noreply.github.com>
Date: Tue, 2 Apr 2019 23:25:37 -0500
Subject: [PATCH 3/9] Fixing #4663

---
 docker/conf/homeserver.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker/conf/homeserver.yaml b/docker/conf/homeserver.yaml
index babd5bef9e35..487fa1922035 100644
--- a/docker/conf/homeserver.yaml
+++ b/docker/conf/homeserver.yaml
@@ -2,7 +2,7 @@
 
 ## TLS ##
 
-{% if not SYNAPSE_NO_TLS %}
+{% if not SYNAPSE_NO_TLS == '1' %}
 
 tls_certificate_path: "/data/{{ SYNAPSE_SERVER_NAME }}.tls.crt"
 tls_private_key_path: "/data/{{ SYNAPSE_SERVER_NAME }}.tls.key"
@@ -26,7 +26,7 @@ log_config: "/compiled/log.config"
 ## Ports ##
 
 listeners:
-  {% if not SYNAPSE_NO_TLS %}
+  {% if not SYNAPSE_NO_TLS == '1' %}
   -
     port: 8448
     bind_addresses: ['::']

From ccaa32c483d454663fdd557c50dd8c8bd249b510 Mon Sep 17 00:00:00 2001
From: wroot
 <21157384+f35f0ef9d0e827dae86552d3899f78fc@users.noreply.github.com>
Date: Tue, 2 Apr 2019 23:31:49 -0500
Subject: [PATCH 4/9] Updated changelog

---
 changelog.d/4987.misc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/changelog.d/4987.misc b/changelog.d/4987.misc
index 33490e146f2e..a56d3cda6edf 100644
--- a/changelog.d/4987.misc
+++ b/changelog.d/4987.misc
@@ -1 +1,2 @@
 README updates: Corrected the default POSTGRES_USER. Added port forwarding hint in TLS section.
+Adjusted Docker conf for issue #4663.

From d1cde29772fba134de235bb5538297dcf2379f5e Mon Sep 17 00:00:00 2001
From: wroot
 <21157384+f35f0ef9d0e827dae86552d3899f78fc@users.noreply.github.com>
Date: Wed, 3 Apr 2019 21:45:47 -0500
Subject: [PATCH 5/9] Revert "Updated changelog"

This reverts commit ccaa32c483d454663fdd557c50dd8c8bd249b510.
---
 changelog.d/4987.misc | 1 -
 1 file changed, 1 deletion(-)

diff --git a/changelog.d/4987.misc b/changelog.d/4987.misc
index a56d3cda6edf..33490e146f2e 100644
--- a/changelog.d/4987.misc
+++ b/changelog.d/4987.misc
@@ -1,2 +1 @@
 README updates: Corrected the default POSTGRES_USER. Added port forwarding hint in TLS section.
-Adjusted Docker conf for issue #4663.

From 10fd0af4b664a4a0a26c5506473d8220d06a9e01 Mon Sep 17 00:00:00 2001
From: wroot
 <21157384+f35f0ef9d0e827dae86552d3899f78fc@users.noreply.github.com>
Date: Wed, 3 Apr 2019 21:46:21 -0500
Subject: [PATCH 6/9] Revert "Fixing #4663"

This reverts commit ceeae4d1b105241a07900fb74411bcdd4468aacd.
---
 docker/conf/homeserver.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker/conf/homeserver.yaml b/docker/conf/homeserver.yaml
index 487fa1922035..babd5bef9e35 100644
--- a/docker/conf/homeserver.yaml
+++ b/docker/conf/homeserver.yaml
@@ -2,7 +2,7 @@
 
 ## TLS ##
 
-{% if not SYNAPSE_NO_TLS == '1' %}
+{% if not SYNAPSE_NO_TLS %}
 
 tls_certificate_path: "/data/{{ SYNAPSE_SERVER_NAME }}.tls.crt"
 tls_private_key_path: "/data/{{ SYNAPSE_SERVER_NAME }}.tls.key"
@@ -26,7 +26,7 @@ log_config: "/compiled/log.config"
 ## Ports ##
 
 listeners:
-  {% if not SYNAPSE_NO_TLS == '1' %}
+  {% if not SYNAPSE_NO_TLS %}
   -
     port: 8448
     bind_addresses: ['::']

From 926c7165a7d178bad635e4b13f41ab8b0a1f9387 Mon Sep 17 00:00:00 2001
From: wroot
 <21157384+f35f0ef9d0e827dae86552d3899f78fc@users.noreply.github.com>
Date: Wed, 3 Apr 2019 23:59:16 -0500
Subject: [PATCH 7/9] Fixing 4663

---
 docker/start.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/docker/start.py b/docker/start.py
index 941d9996a826..decb4a173d54 100755
--- a/docker/start.py
+++ b/docker/start.py
@@ -59,6 +59,13 @@ def generate_secrets(environ, secrets):
         if not os.path.exists("/compiled"): os.mkdir("/compiled")
 
         config_path = "/compiled/homeserver.yaml"
+        
+        # Convert SYNAPSE_NO_TLS to boolean if exists
+        if "SYNAPSE_NO_TLS" in environ:
+            if str.lower(environ["SYNAPSE_NO_TLS"]) in ("true", "on", "1", "yes"):
+                environ["SYNAPSE_NO_TLS"] = True
+            else:
+                environ["SYNAPSE_NO_TLS"] = False
 
         convert("/conf/homeserver.yaml", config_path, environ)
         convert("/conf/log.config", "/compiled/log.config", environ)

From 148ef7f4c077c27a8639cd422c5dbe8497a9e4f9 Mon Sep 17 00:00:00 2001
From: wroot
 <21157384+f35f0ef9d0e827dae86552d3899f78fc@users.noreply.github.com>
Date: Thu, 4 Apr 2019 00:12:00 -0500
Subject: [PATCH 8/9] Slight SYNAPSE_NO_TLS README adjustment

---
 docker/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker/README.md b/docker/README.md
index b48d74e09cab..57ffb06d5751 100644
--- a/docker/README.md
+++ b/docker/README.md
@@ -102,7 +102,7 @@ when ``SYNAPSE_CONFIG_PATH`` is not set.
 * ``SYNAPSE_SERVER_NAME`` (mandatory), the server public hostname.
 * ``SYNAPSE_REPORT_STATS``, (mandatory, ``yes`` or ``no``), enable anonymous
   statistics reporting back to the Matrix project which helps us to get funding.
-* ``SYNAPSE_NO_TLS``, set this variable to disable TLS in Synapse (use this if
+* ``SYNAPSE_NO_TLS``, set this variable to true to disable TLS in Synapse (use this if
   you run your own TLS-capable reverse proxy).
 * ``SYNAPSE_ENABLE_REGISTRATION``, set this variable to enable registration on
   the Synapse instance.

From f26b889c996e562d8878ff165d6924f999e1d496 Mon Sep 17 00:00:00 2001
From: wroot
 <21157384+f35f0ef9d0e827dae86552d3899f78fc@users.noreply.github.com>
Date: Thu, 4 Apr 2019 00:37:04 -0500
Subject: [PATCH 9/9] Revert "Merge pull request #1 from
 f35f0ef9d0e827dae86552d3899f78fc/fix4663"

This reverts commit 800f74077fa222a6471501def5d23295669c2e7a, reversing
changes made to 10fd0af4b664a4a0a26c5506473d8220d06a9e01.
---
 docker/README.md | 2 +-
 docker/start.py  | 7 -------
 2 files changed, 1 insertion(+), 8 deletions(-)

diff --git a/docker/README.md b/docker/README.md
index 57ffb06d5751..b48d74e09cab 100644
--- a/docker/README.md
+++ b/docker/README.md
@@ -102,7 +102,7 @@ when ``SYNAPSE_CONFIG_PATH`` is not set.
 * ``SYNAPSE_SERVER_NAME`` (mandatory), the server public hostname.
 * ``SYNAPSE_REPORT_STATS``, (mandatory, ``yes`` or ``no``), enable anonymous
   statistics reporting back to the Matrix project which helps us to get funding.
-* ``SYNAPSE_NO_TLS``, set this variable to true to disable TLS in Synapse (use this if
+* ``SYNAPSE_NO_TLS``, set this variable to disable TLS in Synapse (use this if
   you run your own TLS-capable reverse proxy).
 * ``SYNAPSE_ENABLE_REGISTRATION``, set this variable to enable registration on
   the Synapse instance.
diff --git a/docker/start.py b/docker/start.py
index decb4a173d54..941d9996a826 100755
--- a/docker/start.py
+++ b/docker/start.py
@@ -59,13 +59,6 @@ def generate_secrets(environ, secrets):
         if not os.path.exists("/compiled"): os.mkdir("/compiled")
 
         config_path = "/compiled/homeserver.yaml"
-        
-        # Convert SYNAPSE_NO_TLS to boolean if exists
-        if "SYNAPSE_NO_TLS" in environ:
-            if str.lower(environ["SYNAPSE_NO_TLS"]) in ("true", "on", "1", "yes"):
-                environ["SYNAPSE_NO_TLS"] = True
-            else:
-                environ["SYNAPSE_NO_TLS"] = False
 
         convert("/conf/homeserver.yaml", config_path, environ)
         convert("/conf/log.config", "/compiled/log.config", environ)