From 0ac14558ea0c8638e7a11387d6408335b8e96504 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Sat, 28 Dec 2019 14:54:28 -0600 Subject: [PATCH 1/2] Remove sections of federate.md explaining delegation at time of Synapse 1.0 transition Signed-off-by: Aaron Raimist --- docs/federate.md | 24 +++--------------------- 1 file changed, 3 insertions(+), 21 deletions(-) diff --git a/docs/federate.md b/docs/federate.md index 193e2d2dfe33..f9f17fcca501 100644 --- a/docs/federate.md +++ b/docs/federate.md @@ -66,10 +66,6 @@ therefore cannot gain access to the necessary certificate. With .well-known, federation servers will check for a valid TLS certificate for the delegated hostname (in our example: ``synapse.example.com``). -.well-known support first appeared in Synapse v0.99.0. To federate with older -servers you may need to additionally configure SRV delegation. Alternatively, -encourage the server admin in question to upgrade :). - ### DNS SRV delegation To use this delegation method, you need to have write access to your @@ -111,29 +107,15 @@ giving it a `server_name` of `example.com`, and once [ACME](acme.md) support is it would automatically generate a valid TLS certificate for you via Let's Encrypt and no SRV record or .well-known URI would be needed. -This is the common case, although you can add an SRV record or -`.well-known/matrix/server` URI for completeness if you wish. - **However**, if your server does not listen on port 8448, or if your `server_name` does not point to the host that your homeserver runs on, you will need to let other servers know how to find it. The way to do this is via .well-known or an SRV record. -#### I have created a .well-known URI. Do I still need an SRV record? - -As of Synapse 0.99, Synapse will first check for the existence of a .well-known -URI and follow any delegation it suggests. It will only then check for the -existence of an SRV record. - -That means that the SRV record will often be redundant. However, you should -remember that there may still be older versions of Synapse in the federation -which do not understand .well-known URIs, so if you removed your SRV record -you would no longer be able to federate with them. +#### I have created a .well-known URI. Do I also need an SRV record? -It is therefore best to leave the SRV record in place for now. Synapse 0.34 and -earlier will follow the SRV record (and not care about the invalid -certificate). Synapse 0.99 and later will follow the .well-known URI, with the -correct certificate chain. +No. You can use either `.well-known` delegation or use an SRV record for delegation. You +do not need to use both to delegate to the same location. #### Can I manage my own certificates rather than having Synapse renew certificates itself? From bc10a73358e7a92260a3f20ec805939e1af81a84 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Sat, 28 Dec 2019 15:03:20 -0600 Subject: [PATCH 2/2] Add changelog Signed-off-by: Aaron Raimist --- changelog.d/6601.doc | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelog.d/6601.doc diff --git a/changelog.d/6601.doc b/changelog.d/6601.doc new file mode 100644 index 000000000000..08c5b3d21588 --- /dev/null +++ b/changelog.d/6601.doc @@ -0,0 +1 @@ +Reword sections of federate.md that explained delegation at time of Synapse 1.0 transition. \ No newline at end of file