From c0c1812e4734726304ee9e3e6a5a8cd963529378 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Mon, 26 Aug 2024 20:22:05 +0000 Subject: [PATCH] Auto-update READMEs --- ALL_README.md | 10 ++ README.md | 16 ++-- README_es.md | 228 ++++++++++++++++++++++++++++++++++++++++++++++ README_eu.md | 228 ++++++++++++++++++++++++++++++++++++++++++++++ README_fr.md | 30 +++--- README_gl.md | 228 ++++++++++++++++++++++++++++++++++++++++++++++ README_id.md | 228 ++++++++++++++++++++++++++++++++++++++++++++++ README_ru.md | 228 ++++++++++++++++++++++++++++++++++++++++++++++ README_zh_Hans.md | 228 ++++++++++++++++++++++++++++++++++++++++++++++ 9 files changed, 1401 insertions(+), 23 deletions(-) create mode 100644 ALL_README.md create mode 100644 README_es.md create mode 100644 README_eu.md create mode 100644 README_gl.md create mode 100644 README_id.md create mode 100644 README_ru.md create mode 100644 README_zh_Hans.md diff --git a/ALL_README.md b/ALL_README.md new file mode 100644 index 0000000..e3c80d2 --- /dev/null +++ b/ALL_README.md @@ -0,0 +1,10 @@ +# All available README files by language + +- [Read the README in English](README.md) +- [Lea el README en español](README_es.md) +- [Irakurri README euskaraz](README_eu.md) +- [Lire le README en français](README_fr.md) +- [Le o README en galego](README_gl.md) +- [Baca README dalam bahasa bahasa Indonesia](README_id.md) +- [Прочитать README на русский](README_ru.md) +- [阅读中文(简体)的 README](README_zh_Hans.md) diff --git a/README.md b/README.md index b4469bf..f06f4b5 100644 --- a/README.md +++ b/README.md @@ -1,18 +1,18 @@ # Synapse for YunoHost -[![Integration level](https://dash.yunohost.org/integration/synapse.svg)](https://dash.yunohost.org/appci/app/synapse) ![Working status](https://ci-apps.yunohost.org/ci/badges/synapse.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/synapse.maintain.svg) +[![Integration level](https://dash.yunohost.org/integration/synapse.svg)](https://ci-apps.yunohost.org/ci/apps/synapse/) ![Working status](https://ci-apps.yunohost.org/ci/badges/synapse.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/synapse.maintain.svg) [![Install Synapse with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=synapse) -*[Lire ce readme en français.](./README_fr.md)* +*[Read this README in other languages.](./ALL_README.md)* -> *This package allows you to install Synapse quickly and simply on a YunoHost server. -If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.* +> *This package allows you to install Synapse quickly and simply on a YunoHost server.* +> *If you don't have YunoHost, please consult [the guide](https://yunohost.org/install) to learn how to install it.* ## Overview @@ -215,11 +215,11 @@ Before installing a second instance of the app it's really recommended to update ## Developer info -Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/synapse_ynh/tree/testing). +Please send your pull request to the [`testing` branch](https://github.com/YunoHost-Apps/synapse_ynh/tree/testing). -To try the testing branch, please proceed like that. +To try the `testing` branch, please proceed like that: -``` bash +```bash sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug or sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug diff --git a/README_es.md b/README_es.md new file mode 100644 index 0000000..365d109 --- /dev/null +++ b/README_es.md @@ -0,0 +1,228 @@ + + +# Synapse para Yunohost + +[![Nivel de integración](https://dash.yunohost.org/integration/synapse.svg)](https://ci-apps.yunohost.org/ci/apps/synapse/) ![Estado funcional](https://ci-apps.yunohost.org/ci/badges/synapse.status.svg) ![Estado En Mantención](https://ci-apps.yunohost.org/ci/badges/synapse.maintain.svg) + +[![Instalar Synapse con Yunhost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=synapse) + +*[Leer este README en otros idiomas.](./ALL_README.md)* + +> *Este paquete le permite instalarSynapse rapidamente y simplement en un servidor YunoHost.* +> *Si no tiene YunoHost, visita [the guide](https://yunohost.org/install) para aprender como instalarla.* + +## Descripción general + +Instant messaging server matrix network. + +Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org) + + +**Versión actual:** 1.100.0~ynh1 +## informaciones importantes + +## Configuration + +### Install for ARM arch (or slow arch) + +For all slow or arm architecture it's recommended to build the dh file before the install to have a quicker install. +You could build it by this cmd : `openssl dhparam -out /etc/ssl/private/dh2048.pem 2048 > /dev/null` +After that you can install it without problem. + +The package uses a prebuilt python virtual environnement. The binary are taken from this repository: https://github.com/Josue-T/synapse_python_build +The script to build the binary is also available. + +### Web client + +If you want a web client you can also install Element with this package: https://github.com/YunoHost-Apps/element_ynh . + +### Access by federation + +If your server name is identical to the domain on which synapse is installed, and the default port 8448 is used, your server is normally already accessible by the federation. + +If not, you can add the following line in the dns configuration but you normally don't need it as a .well-known file is edited during the install to declare your server name and port to the federation. + +``` +_matrix._tcp. IN SRV 10 0 +``` +for example +``` +_matrix._tcp.example.com. 3600 IN SRV 10 0 SYNAPSE_PORT synapse.example.com. +``` +You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME synapse_tls_port` + +For more details, see : https://github.com/matrix-org/synapse/blob/master/docs/federate.md + +If it is not automatically done, you need to open this in your ISP box. + +You also need a valid TLS certificate for the domain used by synapse. To do that you can refer to the documentation here : https://yunohost.org/#/certificate_en + +https://federationtester.matrix.org/ can be used to easily debug federation issues + +### Turnserver + +For Voip and video conferencing a turnserver is also installed (and configured). The turnserver listens on two UDP and TCP ports. You can get them with these commands: +``` +yunohost app setting synapse turnserver_tls_port +yunohost app setting synapse turnserver_alt_tls_port + +``` +The turnserver will also choose a port dynamically when a new call starts. The range is between 49153 - 49193. + +For some security reason the ports range (49153 - 49193) isn't automatically open by default. If you want to use the synapse server for voip or conferencing you will need to open this port range manually. To do this just run this command: + +``` +yunohost firewall allow Both 49153:49193 +``` + +You might also need to open these ports (if it is not automatically done) on your ISP box. + +To prevent the situation when the server is behind a NAT, the public IP is written in the turnserver config. By this the turnserver can send its real public IP to the client. For more information see [the coturn example config file](https://github.com/coturn/coturn/blob/master/examples/etc/turnserver.conf#L102-L120).So if your IP changes, you could run the script `/opt/yunohost/__SYNAPSE_INSTANCE_NAME__/Coturn_config_rotate.sh` to update your config. + +If you have a dynamic IP address, you also might need to update this config automatically. To do that just edit a file named `/etc/cron.d/coturn_config_rotate` and add the following content (just adapt the __SYNAPSE_INSTANCE_NAME__ which could be `synapse` or maybe `synapse__2`). + +``` +*/15 * * * * root bash /opt/yunohost/__SYNAPSE_INSTANCE_NAME__/Coturn_config_rotate.sh; +``` + +#### OpenVPN + +In case of you have an OpenVPN server you might want than `coturn-synapse` restart when the VPN restart. To do this create a file named `/usr/local/bin/openvpn_up_script.sh` with this content: +``` +#!/bin/bash + +( + sleep 5 + sudo systemctl restart coturn-synapse.service +) & +exit 0 +``` + +Add this line in you sudo config file `/etc/sudoers` +``` +openvpn ALL=(ALL) NOPASSWD: /bin/systemctl restart coturn-synapse.service +``` + +And add this line in your OpenVPN config file +``` +ipchange /usr/local/bin/openvpn_up_script.sh +``` + +### Important Security Note + +We do not recommend running Element from the same domain name as your Matrix +homeserver (synapse). The reason is the risk of XSS (cross-site-scripting) +vulnerabilities that could occur if someone caused Element to load and render +malicious user generated content from a Matrix API which then had trusted +access to Element (or other apps) due to sharing the same domain. + +We have put some coarse mitigations into place to try to protect against this +situation, but it's still not a good practice to do it in the first place. See +https://github.com/vector-im/element-web/issues/1977 for more details. + +## YunoHost specific features + +## Limitations + +Synapse uses a lot of ressource. So on slow architecture (like small ARM board), this app could take a lot of CPU and RAM. + +This app doesn't provide any real good web interface. So it's recommended to use Element client to connect to this app. This app is available [here](https://github.com/YunoHost-Apps/element_ynh) + +## Additional information + +## Administration + +**All documentation of this section is not warranted. A bad use of command could break the app and all the data. So use these commands at your own risk.** + +Before any manipulation it's recommended to do a backup by this following command : + +`sudo yunohost backup create --apps synapse` + +### Set user as admin + +Actually there are no functions in the client interface to set a user as admin. So it's possible to enable it manually in the database. + +The following command will grant admin privilege to the specified user: +``` +su --command="psql matrix_synapse" postgres <<< "UPDATE users SET admin = 1 WHERE name = '@user_to_be_admin:domain.tld'" +``` + +### Administration API + +Synapse's administration API endpoints are under `/_synapse` path and protected with the `admin_api` permission. +By default, no one has access to this path. + +If you wish to access it, for example to use [Synapse Admin](https://github.com/YunoHost-Apps/synapse-admin_ynh), +you need to give this permission to visitors. + +Then, to log in the API with your credentials, you need to set your user as admin (cf. precedent section). + +### Upgrade + +By default a backup is made before the upgrade. If for some reason you want to upgrade without backup: +- Call the command with the `-b` flag: `yunohost app upgrade synapse -b` +- Disable the setting `Backup before upgrade` in the Config Panel. Or with command line: + +`yunohost app setting synapse backup_before_upgrade -v 0` + +After this settings will be applied for **all** next upgrade. + +From command line: + +`yunohost app upgrade synapse` + +### Backup + +This app use now the core-only feature of the backup. To keep the integrity of the data and to have a better guarantee of the restoration is recommended to proceed like this: + +- Stop synapse service with theses following command: + +`systemctl stop synapse.service` + +- Launch the backup of synapse with this following command: + +`yunohost backup create --app synapse` + +- Do a backup of your data with your specific strategy (could be with rsync, borg backup or just cp). The data is generally stored in `/home/yunohost.app/matrix-synapse`. +- Restart the synapse service with these command: + +`systemctl start synapse.service` + +### Remove + +Due of the backup core only feature the data directory in `/home/yunohost.app/matrix-synapse` **is not removed**. + +Use the `--purge` flag with the command, or remove it manually to purge app user data. + +### Multi instance support + +To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command: +``` +yunohost app setting synapse__ synapse_tls_port +``` + +Before installing a second instance of the app it's really recommended to update all existing instances. + +## Documentaciones y recursos + +- Sitio web oficial: +- Repositorio del código fuente oficial de la aplicación : +- Catálogo YunoHost: +- Reportar un error: + +## Información para desarrolladores + +Por favor enviar sus correcciones a la [`branch testing`](https://github.com/YunoHost-Apps/synapse_ynh/tree/testing + +Para probar la rama `testing`, sigue asÍ: + +```bash +sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug +o +sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug +``` + +**Mas informaciones sobre el empaquetado de aplicaciones:** diff --git a/README_eu.md b/README_eu.md new file mode 100644 index 0000000..68ec179 --- /dev/null +++ b/README_eu.md @@ -0,0 +1,228 @@ + + +# Synapse YunoHost-erako + +[![Integrazio maila](https://dash.yunohost.org/integration/synapse.svg)](https://ci-apps.yunohost.org/ci/apps/synapse/) ![Funtzionamendu egoera](https://ci-apps.yunohost.org/ci/badges/synapse.status.svg) ![Mantentze egoera](https://ci-apps.yunohost.org/ci/badges/synapse.maintain.svg) + +[![Instalatu Synapse YunoHost-ekin](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=synapse) + +*[Irakurri README hau beste hizkuntzatan.](./ALL_README.md)* + +> *Pakete honek Synapse YunoHost zerbitzari batean azkar eta zailtasunik gabe instalatzea ahalbidetzen dizu.* +> *YunoHost ez baduzu, kontsultatu [gida](https://yunohost.org/install) nola instalatu ikasteko.* + +## Aurreikuspena + +Instant messaging server matrix network. + +Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org) + + +**Paketatutako bertsioa:** 1.100.0~ynh1 +## Ezespena / informazio garrantzitsua + +## Configuration + +### Install for ARM arch (or slow arch) + +For all slow or arm architecture it's recommended to build the dh file before the install to have a quicker install. +You could build it by this cmd : `openssl dhparam -out /etc/ssl/private/dh2048.pem 2048 > /dev/null` +After that you can install it without problem. + +The package uses a prebuilt python virtual environnement. The binary are taken from this repository: https://github.com/Josue-T/synapse_python_build +The script to build the binary is also available. + +### Web client + +If you want a web client you can also install Element with this package: https://github.com/YunoHost-Apps/element_ynh . + +### Access by federation + +If your server name is identical to the domain on which synapse is installed, and the default port 8448 is used, your server is normally already accessible by the federation. + +If not, you can add the following line in the dns configuration but you normally don't need it as a .well-known file is edited during the install to declare your server name and port to the federation. + +``` +_matrix._tcp. IN SRV 10 0 +``` +for example +``` +_matrix._tcp.example.com. 3600 IN SRV 10 0 SYNAPSE_PORT synapse.example.com. +``` +You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME synapse_tls_port` + +For more details, see : https://github.com/matrix-org/synapse/blob/master/docs/federate.md + +If it is not automatically done, you need to open this in your ISP box. + +You also need a valid TLS certificate for the domain used by synapse. To do that you can refer to the documentation here : https://yunohost.org/#/certificate_en + +https://federationtester.matrix.org/ can be used to easily debug federation issues + +### Turnserver + +For Voip and video conferencing a turnserver is also installed (and configured). The turnserver listens on two UDP and TCP ports. You can get them with these commands: +``` +yunohost app setting synapse turnserver_tls_port +yunohost app setting synapse turnserver_alt_tls_port + +``` +The turnserver will also choose a port dynamically when a new call starts. The range is between 49153 - 49193. + +For some security reason the ports range (49153 - 49193) isn't automatically open by default. If you want to use the synapse server for voip or conferencing you will need to open this port range manually. To do this just run this command: + +``` +yunohost firewall allow Both 49153:49193 +``` + +You might also need to open these ports (if it is not automatically done) on your ISP box. + +To prevent the situation when the server is behind a NAT, the public IP is written in the turnserver config. By this the turnserver can send its real public IP to the client. For more information see [the coturn example config file](https://github.com/coturn/coturn/blob/master/examples/etc/turnserver.conf#L102-L120).So if your IP changes, you could run the script `/opt/yunohost/__SYNAPSE_INSTANCE_NAME__/Coturn_config_rotate.sh` to update your config. + +If you have a dynamic IP address, you also might need to update this config automatically. To do that just edit a file named `/etc/cron.d/coturn_config_rotate` and add the following content (just adapt the __SYNAPSE_INSTANCE_NAME__ which could be `synapse` or maybe `synapse__2`). + +``` +*/15 * * * * root bash /opt/yunohost/__SYNAPSE_INSTANCE_NAME__/Coturn_config_rotate.sh; +``` + +#### OpenVPN + +In case of you have an OpenVPN server you might want than `coturn-synapse` restart when the VPN restart. To do this create a file named `/usr/local/bin/openvpn_up_script.sh` with this content: +``` +#!/bin/bash + +( + sleep 5 + sudo systemctl restart coturn-synapse.service +) & +exit 0 +``` + +Add this line in you sudo config file `/etc/sudoers` +``` +openvpn ALL=(ALL) NOPASSWD: /bin/systemctl restart coturn-synapse.service +``` + +And add this line in your OpenVPN config file +``` +ipchange /usr/local/bin/openvpn_up_script.sh +``` + +### Important Security Note + +We do not recommend running Element from the same domain name as your Matrix +homeserver (synapse). The reason is the risk of XSS (cross-site-scripting) +vulnerabilities that could occur if someone caused Element to load and render +malicious user generated content from a Matrix API which then had trusted +access to Element (or other apps) due to sharing the same domain. + +We have put some coarse mitigations into place to try to protect against this +situation, but it's still not a good practice to do it in the first place. See +https://github.com/vector-im/element-web/issues/1977 for more details. + +## YunoHost specific features + +## Limitations + +Synapse uses a lot of ressource. So on slow architecture (like small ARM board), this app could take a lot of CPU and RAM. + +This app doesn't provide any real good web interface. So it's recommended to use Element client to connect to this app. This app is available [here](https://github.com/YunoHost-Apps/element_ynh) + +## Additional information + +## Administration + +**All documentation of this section is not warranted. A bad use of command could break the app and all the data. So use these commands at your own risk.** + +Before any manipulation it's recommended to do a backup by this following command : + +`sudo yunohost backup create --apps synapse` + +### Set user as admin + +Actually there are no functions in the client interface to set a user as admin. So it's possible to enable it manually in the database. + +The following command will grant admin privilege to the specified user: +``` +su --command="psql matrix_synapse" postgres <<< "UPDATE users SET admin = 1 WHERE name = '@user_to_be_admin:domain.tld'" +``` + +### Administration API + +Synapse's administration API endpoints are under `/_synapse` path and protected with the `admin_api` permission. +By default, no one has access to this path. + +If you wish to access it, for example to use [Synapse Admin](https://github.com/YunoHost-Apps/synapse-admin_ynh), +you need to give this permission to visitors. + +Then, to log in the API with your credentials, you need to set your user as admin (cf. precedent section). + +### Upgrade + +By default a backup is made before the upgrade. If for some reason you want to upgrade without backup: +- Call the command with the `-b` flag: `yunohost app upgrade synapse -b` +- Disable the setting `Backup before upgrade` in the Config Panel. Or with command line: + +`yunohost app setting synapse backup_before_upgrade -v 0` + +After this settings will be applied for **all** next upgrade. + +From command line: + +`yunohost app upgrade synapse` + +### Backup + +This app use now the core-only feature of the backup. To keep the integrity of the data and to have a better guarantee of the restoration is recommended to proceed like this: + +- Stop synapse service with theses following command: + +`systemctl stop synapse.service` + +- Launch the backup of synapse with this following command: + +`yunohost backup create --app synapse` + +- Do a backup of your data with your specific strategy (could be with rsync, borg backup or just cp). The data is generally stored in `/home/yunohost.app/matrix-synapse`. +- Restart the synapse service with these command: + +`systemctl start synapse.service` + +### Remove + +Due of the backup core only feature the data directory in `/home/yunohost.app/matrix-synapse` **is not removed**. + +Use the `--purge` flag with the command, or remove it manually to purge app user data. + +### Multi instance support + +To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command: +``` +yunohost app setting synapse__ synapse_tls_port +``` + +Before installing a second instance of the app it's really recommended to update all existing instances. + +## Dokumentazioa eta baliabideak + +- Aplikazioaren webgune ofiziala: +- Jatorrizko aplikazioaren kode-gordailua: +- YunoHost Denda: +- Eman errore baten berri: + +## Garatzaileentzako informazioa + +Bidali `pull request`a [`testing` abarrera](https://github.com/YunoHost-Apps/synapse_ynh/tree/testing). + +`testing` abarra probatzeko, ondorengoa egin: + +```bash +sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug +edo +sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug +``` + +**Informazio gehiago aplikazioaren paketatzeari buruz:** diff --git a/README_fr.md b/README_fr.md index 9a7e7d0..c1f83b2 100644 --- a/README_fr.md +++ b/README_fr.md @@ -1,18 +1,18 @@ # Synapse pour YunoHost -[![Niveau d’intégration](https://dash.yunohost.org/integration/synapse.svg)](https://dash.yunohost.org/appci/app/synapse) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/synapse.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/synapse.maintain.svg) +[![Niveau d’intégration](https://dash.yunohost.org/integration/synapse.svg)](https://ci-apps.yunohost.org/ci/apps/synapse/) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/synapse.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/synapse.maintain.svg) [![Installer Synapse avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=synapse) -*[Read this readme in english.](./README.md)* +*[Lire le README dans d'autres langues.](./ALL_README.md)* -> *Ce package vous permet d’installer Synapse rapidement et simplement sur un serveur YunoHost. -Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l’installer et en profiter.* +> *Ce package vous permet d’installer Synapse rapidement et simplement sur un serveur YunoHost.* +> *Si vous n’avez pas YunoHost, consultez [ce guide](https://yunohost.org/install) pour savoir comment l’installer et en profiter.* ## Vue d’ensemble @@ -21,7 +21,7 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org) -**Version incluse :** 1.100.0~ynh1 +**Version incluse :** 1.100.0~ynh1 ## Avertissements / informations importantes ## Configuration @@ -208,21 +208,21 @@ Before installing a second instance of the app it's really recommended to update ## Documentations et ressources -- Site officiel de l’app : -- Dépôt de code officiel de l’app : -- YunoHost Store : -- Signaler un bug : +- Site officiel de l’app : +- Dépôt de code officiel de l’app : +- YunoHost Store : +- Signaler un bug : ## Informations pour les développeurs -Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/synapse_ynh/tree/testing). +Merci de faire vos pull request sur la [branche `testing`](https://github.com/YunoHost-Apps/synapse_ynh/tree/testing). -Pour essayer la branche testing, procédez comme suit. +Pour essayer la branche `testing`, procédez comme suit : -``` bash +```bash sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug ou sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug ``` -**Plus d’infos sur le packaging d’applications :** +**Plus d’infos sur le packaging d’applications :** diff --git a/README_gl.md b/README_gl.md new file mode 100644 index 0000000..a9ce7a1 --- /dev/null +++ b/README_gl.md @@ -0,0 +1,228 @@ + + +# Synapse para YunoHost + +[![Nivel de integración](https://dash.yunohost.org/integration/synapse.svg)](https://ci-apps.yunohost.org/ci/apps/synapse/) ![Estado de funcionamento](https://ci-apps.yunohost.org/ci/badges/synapse.status.svg) ![Estado de mantemento](https://ci-apps.yunohost.org/ci/badges/synapse.maintain.svg) + +[![Instalar Synapse con YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=synapse) + +*[Le este README en outros idiomas.](./ALL_README.md)* + +> *Este paquete permíteche instalar Synapse de xeito rápido e doado nun servidor YunoHost.* +> *Se non usas YunoHost, le a [documentación](https://yunohost.org/install) para saber como instalalo.* + +## Vista xeral + +Instant messaging server matrix network. + +Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org) + + +**Versión proporcionada:** 1.100.0~ynh1 +## Avisos / información importante + +## Configuration + +### Install for ARM arch (or slow arch) + +For all slow or arm architecture it's recommended to build the dh file before the install to have a quicker install. +You could build it by this cmd : `openssl dhparam -out /etc/ssl/private/dh2048.pem 2048 > /dev/null` +After that you can install it without problem. + +The package uses a prebuilt python virtual environnement. The binary are taken from this repository: https://github.com/Josue-T/synapse_python_build +The script to build the binary is also available. + +### Web client + +If you want a web client you can also install Element with this package: https://github.com/YunoHost-Apps/element_ynh . + +### Access by federation + +If your server name is identical to the domain on which synapse is installed, and the default port 8448 is used, your server is normally already accessible by the federation. + +If not, you can add the following line in the dns configuration but you normally don't need it as a .well-known file is edited during the install to declare your server name and port to the federation. + +``` +_matrix._tcp. IN SRV 10 0 +``` +for example +``` +_matrix._tcp.example.com. 3600 IN SRV 10 0 SYNAPSE_PORT synapse.example.com. +``` +You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME synapse_tls_port` + +For more details, see : https://github.com/matrix-org/synapse/blob/master/docs/federate.md + +If it is not automatically done, you need to open this in your ISP box. + +You also need a valid TLS certificate for the domain used by synapse. To do that you can refer to the documentation here : https://yunohost.org/#/certificate_en + +https://federationtester.matrix.org/ can be used to easily debug federation issues + +### Turnserver + +For Voip and video conferencing a turnserver is also installed (and configured). The turnserver listens on two UDP and TCP ports. You can get them with these commands: +``` +yunohost app setting synapse turnserver_tls_port +yunohost app setting synapse turnserver_alt_tls_port + +``` +The turnserver will also choose a port dynamically when a new call starts. The range is between 49153 - 49193. + +For some security reason the ports range (49153 - 49193) isn't automatically open by default. If you want to use the synapse server for voip or conferencing you will need to open this port range manually. To do this just run this command: + +``` +yunohost firewall allow Both 49153:49193 +``` + +You might also need to open these ports (if it is not automatically done) on your ISP box. + +To prevent the situation when the server is behind a NAT, the public IP is written in the turnserver config. By this the turnserver can send its real public IP to the client. For more information see [the coturn example config file](https://github.com/coturn/coturn/blob/master/examples/etc/turnserver.conf#L102-L120).So if your IP changes, you could run the script `/opt/yunohost/__SYNAPSE_INSTANCE_NAME__/Coturn_config_rotate.sh` to update your config. + +If you have a dynamic IP address, you also might need to update this config automatically. To do that just edit a file named `/etc/cron.d/coturn_config_rotate` and add the following content (just adapt the __SYNAPSE_INSTANCE_NAME__ which could be `synapse` or maybe `synapse__2`). + +``` +*/15 * * * * root bash /opt/yunohost/__SYNAPSE_INSTANCE_NAME__/Coturn_config_rotate.sh; +``` + +#### OpenVPN + +In case of you have an OpenVPN server you might want than `coturn-synapse` restart when the VPN restart. To do this create a file named `/usr/local/bin/openvpn_up_script.sh` with this content: +``` +#!/bin/bash + +( + sleep 5 + sudo systemctl restart coturn-synapse.service +) & +exit 0 +``` + +Add this line in you sudo config file `/etc/sudoers` +``` +openvpn ALL=(ALL) NOPASSWD: /bin/systemctl restart coturn-synapse.service +``` + +And add this line in your OpenVPN config file +``` +ipchange /usr/local/bin/openvpn_up_script.sh +``` + +### Important Security Note + +We do not recommend running Element from the same domain name as your Matrix +homeserver (synapse). The reason is the risk of XSS (cross-site-scripting) +vulnerabilities that could occur if someone caused Element to load and render +malicious user generated content from a Matrix API which then had trusted +access to Element (or other apps) due to sharing the same domain. + +We have put some coarse mitigations into place to try to protect against this +situation, but it's still not a good practice to do it in the first place. See +https://github.com/vector-im/element-web/issues/1977 for more details. + +## YunoHost specific features + +## Limitations + +Synapse uses a lot of ressource. So on slow architecture (like small ARM board), this app could take a lot of CPU and RAM. + +This app doesn't provide any real good web interface. So it's recommended to use Element client to connect to this app. This app is available [here](https://github.com/YunoHost-Apps/element_ynh) + +## Additional information + +## Administration + +**All documentation of this section is not warranted. A bad use of command could break the app and all the data. So use these commands at your own risk.** + +Before any manipulation it's recommended to do a backup by this following command : + +`sudo yunohost backup create --apps synapse` + +### Set user as admin + +Actually there are no functions in the client interface to set a user as admin. So it's possible to enable it manually in the database. + +The following command will grant admin privilege to the specified user: +``` +su --command="psql matrix_synapse" postgres <<< "UPDATE users SET admin = 1 WHERE name = '@user_to_be_admin:domain.tld'" +``` + +### Administration API + +Synapse's administration API endpoints are under `/_synapse` path and protected with the `admin_api` permission. +By default, no one has access to this path. + +If you wish to access it, for example to use [Synapse Admin](https://github.com/YunoHost-Apps/synapse-admin_ynh), +you need to give this permission to visitors. + +Then, to log in the API with your credentials, you need to set your user as admin (cf. precedent section). + +### Upgrade + +By default a backup is made before the upgrade. If for some reason you want to upgrade without backup: +- Call the command with the `-b` flag: `yunohost app upgrade synapse -b` +- Disable the setting `Backup before upgrade` in the Config Panel. Or with command line: + +`yunohost app setting synapse backup_before_upgrade -v 0` + +After this settings will be applied for **all** next upgrade. + +From command line: + +`yunohost app upgrade synapse` + +### Backup + +This app use now the core-only feature of the backup. To keep the integrity of the data and to have a better guarantee of the restoration is recommended to proceed like this: + +- Stop synapse service with theses following command: + +`systemctl stop synapse.service` + +- Launch the backup of synapse with this following command: + +`yunohost backup create --app synapse` + +- Do a backup of your data with your specific strategy (could be with rsync, borg backup or just cp). The data is generally stored in `/home/yunohost.app/matrix-synapse`. +- Restart the synapse service with these command: + +`systemctl start synapse.service` + +### Remove + +Due of the backup core only feature the data directory in `/home/yunohost.app/matrix-synapse` **is not removed**. + +Use the `--purge` flag with the command, or remove it manually to purge app user data. + +### Multi instance support + +To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command: +``` +yunohost app setting synapse__ synapse_tls_port +``` + +Before installing a second instance of the app it's really recommended to update all existing instances. + +## Documentación e recursos + +- Web oficial da app: +- Repositorio de orixe do código: +- Tenda YunoHost: +- Informar dun problema: + +## Info de desenvolvemento + +Envía a túa colaboración á [rama `testing`](https://github.com/YunoHost-Apps/synapse_ynh/tree/testing). + +Para probar a rama `testing`, procede deste xeito: + +```bash +sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug +ou +sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug +``` + +**Máis info sobre o empaquetado da app:** diff --git a/README_id.md b/README_id.md new file mode 100644 index 0000000..f02a39b --- /dev/null +++ b/README_id.md @@ -0,0 +1,228 @@ + + +# Synapse untuk YunoHost + +[![Tingkat integrasi](https://dash.yunohost.org/integration/synapse.svg)](https://ci-apps.yunohost.org/ci/apps/synapse/) ![Status kerja](https://ci-apps.yunohost.org/ci/badges/synapse.status.svg) ![Status pemeliharaan](https://ci-apps.yunohost.org/ci/badges/synapse.maintain.svg) + +[![Pasang Synapse dengan YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=synapse) + +*[Baca README ini dengan bahasa yang lain.](./ALL_README.md)* + +> *Paket ini memperbolehkan Anda untuk memasang Synapse secara cepat dan mudah pada server YunoHost.* +> *Bila Anda tidak mempunyai YunoHost, silakan berkonsultasi dengan [panduan](https://yunohost.org/install) untuk mempelajari bagaimana untuk memasangnya.* + +## Ringkasan + +Instant messaging server matrix network. + +Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org) + + +**Versi terkirim:** 1.100.0~ynh1 +## Sangkalan / informasi penting + +## Configuration + +### Install for ARM arch (or slow arch) + +For all slow or arm architecture it's recommended to build the dh file before the install to have a quicker install. +You could build it by this cmd : `openssl dhparam -out /etc/ssl/private/dh2048.pem 2048 > /dev/null` +After that you can install it without problem. + +The package uses a prebuilt python virtual environnement. The binary are taken from this repository: https://github.com/Josue-T/synapse_python_build +The script to build the binary is also available. + +### Web client + +If you want a web client you can also install Element with this package: https://github.com/YunoHost-Apps/element_ynh . + +### Access by federation + +If your server name is identical to the domain on which synapse is installed, and the default port 8448 is used, your server is normally already accessible by the federation. + +If not, you can add the following line in the dns configuration but you normally don't need it as a .well-known file is edited during the install to declare your server name and port to the federation. + +``` +_matrix._tcp. IN SRV 10 0 +``` +for example +``` +_matrix._tcp.example.com. 3600 IN SRV 10 0 SYNAPSE_PORT synapse.example.com. +``` +You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME synapse_tls_port` + +For more details, see : https://github.com/matrix-org/synapse/blob/master/docs/federate.md + +If it is not automatically done, you need to open this in your ISP box. + +You also need a valid TLS certificate for the domain used by synapse. To do that you can refer to the documentation here : https://yunohost.org/#/certificate_en + +https://federationtester.matrix.org/ can be used to easily debug federation issues + +### Turnserver + +For Voip and video conferencing a turnserver is also installed (and configured). The turnserver listens on two UDP and TCP ports. You can get them with these commands: +``` +yunohost app setting synapse turnserver_tls_port +yunohost app setting synapse turnserver_alt_tls_port + +``` +The turnserver will also choose a port dynamically when a new call starts. The range is between 49153 - 49193. + +For some security reason the ports range (49153 - 49193) isn't automatically open by default. If you want to use the synapse server for voip or conferencing you will need to open this port range manually. To do this just run this command: + +``` +yunohost firewall allow Both 49153:49193 +``` + +You might also need to open these ports (if it is not automatically done) on your ISP box. + +To prevent the situation when the server is behind a NAT, the public IP is written in the turnserver config. By this the turnserver can send its real public IP to the client. For more information see [the coturn example config file](https://github.com/coturn/coturn/blob/master/examples/etc/turnserver.conf#L102-L120).So if your IP changes, you could run the script `/opt/yunohost/__SYNAPSE_INSTANCE_NAME__/Coturn_config_rotate.sh` to update your config. + +If you have a dynamic IP address, you also might need to update this config automatically. To do that just edit a file named `/etc/cron.d/coturn_config_rotate` and add the following content (just adapt the __SYNAPSE_INSTANCE_NAME__ which could be `synapse` or maybe `synapse__2`). + +``` +*/15 * * * * root bash /opt/yunohost/__SYNAPSE_INSTANCE_NAME__/Coturn_config_rotate.sh; +``` + +#### OpenVPN + +In case of you have an OpenVPN server you might want than `coturn-synapse` restart when the VPN restart. To do this create a file named `/usr/local/bin/openvpn_up_script.sh` with this content: +``` +#!/bin/bash + +( + sleep 5 + sudo systemctl restart coturn-synapse.service +) & +exit 0 +``` + +Add this line in you sudo config file `/etc/sudoers` +``` +openvpn ALL=(ALL) NOPASSWD: /bin/systemctl restart coturn-synapse.service +``` + +And add this line in your OpenVPN config file +``` +ipchange /usr/local/bin/openvpn_up_script.sh +``` + +### Important Security Note + +We do not recommend running Element from the same domain name as your Matrix +homeserver (synapse). The reason is the risk of XSS (cross-site-scripting) +vulnerabilities that could occur if someone caused Element to load and render +malicious user generated content from a Matrix API which then had trusted +access to Element (or other apps) due to sharing the same domain. + +We have put some coarse mitigations into place to try to protect against this +situation, but it's still not a good practice to do it in the first place. See +https://github.com/vector-im/element-web/issues/1977 for more details. + +## YunoHost specific features + +## Limitations + +Synapse uses a lot of ressource. So on slow architecture (like small ARM board), this app could take a lot of CPU and RAM. + +This app doesn't provide any real good web interface. So it's recommended to use Element client to connect to this app. This app is available [here](https://github.com/YunoHost-Apps/element_ynh) + +## Additional information + +## Administration + +**All documentation of this section is not warranted. A bad use of command could break the app and all the data. So use these commands at your own risk.** + +Before any manipulation it's recommended to do a backup by this following command : + +`sudo yunohost backup create --apps synapse` + +### Set user as admin + +Actually there are no functions in the client interface to set a user as admin. So it's possible to enable it manually in the database. + +The following command will grant admin privilege to the specified user: +``` +su --command="psql matrix_synapse" postgres <<< "UPDATE users SET admin = 1 WHERE name = '@user_to_be_admin:domain.tld'" +``` + +### Administration API + +Synapse's administration API endpoints are under `/_synapse` path and protected with the `admin_api` permission. +By default, no one has access to this path. + +If you wish to access it, for example to use [Synapse Admin](https://github.com/YunoHost-Apps/synapse-admin_ynh), +you need to give this permission to visitors. + +Then, to log in the API with your credentials, you need to set your user as admin (cf. precedent section). + +### Upgrade + +By default a backup is made before the upgrade. If for some reason you want to upgrade without backup: +- Call the command with the `-b` flag: `yunohost app upgrade synapse -b` +- Disable the setting `Backup before upgrade` in the Config Panel. Or with command line: + +`yunohost app setting synapse backup_before_upgrade -v 0` + +After this settings will be applied for **all** next upgrade. + +From command line: + +`yunohost app upgrade synapse` + +### Backup + +This app use now the core-only feature of the backup. To keep the integrity of the data and to have a better guarantee of the restoration is recommended to proceed like this: + +- Stop synapse service with theses following command: + +`systemctl stop synapse.service` + +- Launch the backup of synapse with this following command: + +`yunohost backup create --app synapse` + +- Do a backup of your data with your specific strategy (could be with rsync, borg backup or just cp). The data is generally stored in `/home/yunohost.app/matrix-synapse`. +- Restart the synapse service with these command: + +`systemctl start synapse.service` + +### Remove + +Due of the backup core only feature the data directory in `/home/yunohost.app/matrix-synapse` **is not removed**. + +Use the `--purge` flag with the command, or remove it manually to purge app user data. + +### Multi instance support + +To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command: +``` +yunohost app setting synapse__ synapse_tls_port +``` + +Before installing a second instance of the app it's really recommended to update all existing instances. + +## Dokumentasi dan sumber daya + +- Website aplikasi resmi: +- Depot kode aplikasi hulu: +- Gudang YunoHost: +- Laporkan bug: + +## Info developer + +Silakan kirim pull request ke [`testing` branch](https://github.com/YunoHost-Apps/synapse_ynh/tree/testing). + +Untuk mencoba branch `testing`, silakan dilanjutkan seperti: + +```bash +sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug +atau +sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug +``` + +**Info lebih lanjut mengenai pemaketan aplikasi:** diff --git a/README_ru.md b/README_ru.md new file mode 100644 index 0000000..c5a441b --- /dev/null +++ b/README_ru.md @@ -0,0 +1,228 @@ + + +# Synapse для YunoHost + +[![Уровень интеграции](https://dash.yunohost.org/integration/synapse.svg)](https://ci-apps.yunohost.org/ci/apps/synapse/) ![Состояние работы](https://ci-apps.yunohost.org/ci/badges/synapse.status.svg) ![Состояние сопровождения](https://ci-apps.yunohost.org/ci/badges/synapse.maintain.svg) + +[![Установите Synapse с YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=synapse) + +*[Прочтите этот README на других языках.](./ALL_README.md)* + +> *Этот пакет позволяет Вам установить Synapse быстро и просто на YunoHost-сервер.* +> *Если у Вас нет YunoHost, пожалуйста, посмотрите [инструкцию](https://yunohost.org/install), чтобы узнать, как установить его.* + +## Обзор + +Instant messaging server matrix network. + +Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org) + + +**Поставляемая версия:** 1.100.0~ynh1 +## Дисклеймеры / важная информация + +## Configuration + +### Install for ARM arch (or slow arch) + +For all slow or arm architecture it's recommended to build the dh file before the install to have a quicker install. +You could build it by this cmd : `openssl dhparam -out /etc/ssl/private/dh2048.pem 2048 > /dev/null` +After that you can install it without problem. + +The package uses a prebuilt python virtual environnement. The binary are taken from this repository: https://github.com/Josue-T/synapse_python_build +The script to build the binary is also available. + +### Web client + +If you want a web client you can also install Element with this package: https://github.com/YunoHost-Apps/element_ynh . + +### Access by federation + +If your server name is identical to the domain on which synapse is installed, and the default port 8448 is used, your server is normally already accessible by the federation. + +If not, you can add the following line in the dns configuration but you normally don't need it as a .well-known file is edited during the install to declare your server name and port to the federation. + +``` +_matrix._tcp. IN SRV 10 0 +``` +for example +``` +_matrix._tcp.example.com. 3600 IN SRV 10 0 SYNAPSE_PORT synapse.example.com. +``` +You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME synapse_tls_port` + +For more details, see : https://github.com/matrix-org/synapse/blob/master/docs/federate.md + +If it is not automatically done, you need to open this in your ISP box. + +You also need a valid TLS certificate for the domain used by synapse. To do that you can refer to the documentation here : https://yunohost.org/#/certificate_en + +https://federationtester.matrix.org/ can be used to easily debug federation issues + +### Turnserver + +For Voip and video conferencing a turnserver is also installed (and configured). The turnserver listens on two UDP and TCP ports. You can get them with these commands: +``` +yunohost app setting synapse turnserver_tls_port +yunohost app setting synapse turnserver_alt_tls_port + +``` +The turnserver will also choose a port dynamically when a new call starts. The range is between 49153 - 49193. + +For some security reason the ports range (49153 - 49193) isn't automatically open by default. If you want to use the synapse server for voip or conferencing you will need to open this port range manually. To do this just run this command: + +``` +yunohost firewall allow Both 49153:49193 +``` + +You might also need to open these ports (if it is not automatically done) on your ISP box. + +To prevent the situation when the server is behind a NAT, the public IP is written in the turnserver config. By this the turnserver can send its real public IP to the client. For more information see [the coturn example config file](https://github.com/coturn/coturn/blob/master/examples/etc/turnserver.conf#L102-L120).So if your IP changes, you could run the script `/opt/yunohost/__SYNAPSE_INSTANCE_NAME__/Coturn_config_rotate.sh` to update your config. + +If you have a dynamic IP address, you also might need to update this config automatically. To do that just edit a file named `/etc/cron.d/coturn_config_rotate` and add the following content (just adapt the __SYNAPSE_INSTANCE_NAME__ which could be `synapse` or maybe `synapse__2`). + +``` +*/15 * * * * root bash /opt/yunohost/__SYNAPSE_INSTANCE_NAME__/Coturn_config_rotate.sh; +``` + +#### OpenVPN + +In case of you have an OpenVPN server you might want than `coturn-synapse` restart when the VPN restart. To do this create a file named `/usr/local/bin/openvpn_up_script.sh` with this content: +``` +#!/bin/bash + +( + sleep 5 + sudo systemctl restart coturn-synapse.service +) & +exit 0 +``` + +Add this line in you sudo config file `/etc/sudoers` +``` +openvpn ALL=(ALL) NOPASSWD: /bin/systemctl restart coturn-synapse.service +``` + +And add this line in your OpenVPN config file +``` +ipchange /usr/local/bin/openvpn_up_script.sh +``` + +### Important Security Note + +We do not recommend running Element from the same domain name as your Matrix +homeserver (synapse). The reason is the risk of XSS (cross-site-scripting) +vulnerabilities that could occur if someone caused Element to load and render +malicious user generated content from a Matrix API which then had trusted +access to Element (or other apps) due to sharing the same domain. + +We have put some coarse mitigations into place to try to protect against this +situation, but it's still not a good practice to do it in the first place. See +https://github.com/vector-im/element-web/issues/1977 for more details. + +## YunoHost specific features + +## Limitations + +Synapse uses a lot of ressource. So on slow architecture (like small ARM board), this app could take a lot of CPU and RAM. + +This app doesn't provide any real good web interface. So it's recommended to use Element client to connect to this app. This app is available [here](https://github.com/YunoHost-Apps/element_ynh) + +## Additional information + +## Administration + +**All documentation of this section is not warranted. A bad use of command could break the app and all the data. So use these commands at your own risk.** + +Before any manipulation it's recommended to do a backup by this following command : + +`sudo yunohost backup create --apps synapse` + +### Set user as admin + +Actually there are no functions in the client interface to set a user as admin. So it's possible to enable it manually in the database. + +The following command will grant admin privilege to the specified user: +``` +su --command="psql matrix_synapse" postgres <<< "UPDATE users SET admin = 1 WHERE name = '@user_to_be_admin:domain.tld'" +``` + +### Administration API + +Synapse's administration API endpoints are under `/_synapse` path and protected with the `admin_api` permission. +By default, no one has access to this path. + +If you wish to access it, for example to use [Synapse Admin](https://github.com/YunoHost-Apps/synapse-admin_ynh), +you need to give this permission to visitors. + +Then, to log in the API with your credentials, you need to set your user as admin (cf. precedent section). + +### Upgrade + +By default a backup is made before the upgrade. If for some reason you want to upgrade without backup: +- Call the command with the `-b` flag: `yunohost app upgrade synapse -b` +- Disable the setting `Backup before upgrade` in the Config Panel. Or with command line: + +`yunohost app setting synapse backup_before_upgrade -v 0` + +After this settings will be applied for **all** next upgrade. + +From command line: + +`yunohost app upgrade synapse` + +### Backup + +This app use now the core-only feature of the backup. To keep the integrity of the data and to have a better guarantee of the restoration is recommended to proceed like this: + +- Stop synapse service with theses following command: + +`systemctl stop synapse.service` + +- Launch the backup of synapse with this following command: + +`yunohost backup create --app synapse` + +- Do a backup of your data with your specific strategy (could be with rsync, borg backup or just cp). The data is generally stored in `/home/yunohost.app/matrix-synapse`. +- Restart the synapse service with these command: + +`systemctl start synapse.service` + +### Remove + +Due of the backup core only feature the data directory in `/home/yunohost.app/matrix-synapse` **is not removed**. + +Use the `--purge` flag with the command, or remove it manually to purge app user data. + +### Multi instance support + +To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command: +``` +yunohost app setting synapse__ synapse_tls_port +``` + +Before installing a second instance of the app it's really recommended to update all existing instances. + +## Документация и ресурсы + +- Официальный веб-сайт приложения: +- Репозиторий кода главной ветки приложения: +- Магазин YunoHost: +- Сообщите об ошибке: + +## Информация для разработчиков + +Пришлите Ваш запрос на слияние в [ветку `testing`](https://github.com/YunoHost-Apps/synapse_ynh/tree/testing). + +Чтобы попробовать ветку `testing`, пожалуйста, сделайте что-то вроде этого: + +```bash +sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug +или +sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug +``` + +**Больше информации о пакетировании приложений:** diff --git a/README_zh_Hans.md b/README_zh_Hans.md new file mode 100644 index 0000000..d1ad4c1 --- /dev/null +++ b/README_zh_Hans.md @@ -0,0 +1,228 @@ + + +# YunoHost 上的 Synapse + +[![集成程度](https://dash.yunohost.org/integration/synapse.svg)](https://ci-apps.yunohost.org/ci/apps/synapse/) ![工作状态](https://ci-apps.yunohost.org/ci/badges/synapse.status.svg) ![维护状态](https://ci-apps.yunohost.org/ci/badges/synapse.maintain.svg) + +[![使用 YunoHost 安装 Synapse](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=synapse) + +*[阅读此 README 的其它语言版本。](./ALL_README.md)* + +> *通过此软件包,您可以在 YunoHost 服务器上快速、简单地安装 Synapse。* +> *如果您还没有 YunoHost,请参阅[指南](https://yunohost.org/install)了解如何安装它。* + +## 概况 + +Instant messaging server matrix network. + +Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org) + + +**分发版本:** 1.100.0~ynh1 +## 免责声明 / 重要信息 + +## Configuration + +### Install for ARM arch (or slow arch) + +For all slow or arm architecture it's recommended to build the dh file before the install to have a quicker install. +You could build it by this cmd : `openssl dhparam -out /etc/ssl/private/dh2048.pem 2048 > /dev/null` +After that you can install it without problem. + +The package uses a prebuilt python virtual environnement. The binary are taken from this repository: https://github.com/Josue-T/synapse_python_build +The script to build the binary is also available. + +### Web client + +If you want a web client you can also install Element with this package: https://github.com/YunoHost-Apps/element_ynh . + +### Access by federation + +If your server name is identical to the domain on which synapse is installed, and the default port 8448 is used, your server is normally already accessible by the federation. + +If not, you can add the following line in the dns configuration but you normally don't need it as a .well-known file is edited during the install to declare your server name and port to the federation. + +``` +_matrix._tcp. IN SRV 10 0 +``` +for example +``` +_matrix._tcp.example.com. 3600 IN SRV 10 0 SYNAPSE_PORT synapse.example.com. +``` +You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME synapse_tls_port` + +For more details, see : https://github.com/matrix-org/synapse/blob/master/docs/federate.md + +If it is not automatically done, you need to open this in your ISP box. + +You also need a valid TLS certificate for the domain used by synapse. To do that you can refer to the documentation here : https://yunohost.org/#/certificate_en + +https://federationtester.matrix.org/ can be used to easily debug federation issues + +### Turnserver + +For Voip and video conferencing a turnserver is also installed (and configured). The turnserver listens on two UDP and TCP ports. You can get them with these commands: +``` +yunohost app setting synapse turnserver_tls_port +yunohost app setting synapse turnserver_alt_tls_port + +``` +The turnserver will also choose a port dynamically when a new call starts. The range is between 49153 - 49193. + +For some security reason the ports range (49153 - 49193) isn't automatically open by default. If you want to use the synapse server for voip or conferencing you will need to open this port range manually. To do this just run this command: + +``` +yunohost firewall allow Both 49153:49193 +``` + +You might also need to open these ports (if it is not automatically done) on your ISP box. + +To prevent the situation when the server is behind a NAT, the public IP is written in the turnserver config. By this the turnserver can send its real public IP to the client. For more information see [the coturn example config file](https://github.com/coturn/coturn/blob/master/examples/etc/turnserver.conf#L102-L120).So if your IP changes, you could run the script `/opt/yunohost/__SYNAPSE_INSTANCE_NAME__/Coturn_config_rotate.sh` to update your config. + +If you have a dynamic IP address, you also might need to update this config automatically. To do that just edit a file named `/etc/cron.d/coturn_config_rotate` and add the following content (just adapt the __SYNAPSE_INSTANCE_NAME__ which could be `synapse` or maybe `synapse__2`). + +``` +*/15 * * * * root bash /opt/yunohost/__SYNAPSE_INSTANCE_NAME__/Coturn_config_rotate.sh; +``` + +#### OpenVPN + +In case of you have an OpenVPN server you might want than `coturn-synapse` restart when the VPN restart. To do this create a file named `/usr/local/bin/openvpn_up_script.sh` with this content: +``` +#!/bin/bash + +( + sleep 5 + sudo systemctl restart coturn-synapse.service +) & +exit 0 +``` + +Add this line in you sudo config file `/etc/sudoers` +``` +openvpn ALL=(ALL) NOPASSWD: /bin/systemctl restart coturn-synapse.service +``` + +And add this line in your OpenVPN config file +``` +ipchange /usr/local/bin/openvpn_up_script.sh +``` + +### Important Security Note + +We do not recommend running Element from the same domain name as your Matrix +homeserver (synapse). The reason is the risk of XSS (cross-site-scripting) +vulnerabilities that could occur if someone caused Element to load and render +malicious user generated content from a Matrix API which then had trusted +access to Element (or other apps) due to sharing the same domain. + +We have put some coarse mitigations into place to try to protect against this +situation, but it's still not a good practice to do it in the first place. See +https://github.com/vector-im/element-web/issues/1977 for more details. + +## YunoHost specific features + +## Limitations + +Synapse uses a lot of ressource. So on slow architecture (like small ARM board), this app could take a lot of CPU and RAM. + +This app doesn't provide any real good web interface. So it's recommended to use Element client to connect to this app. This app is available [here](https://github.com/YunoHost-Apps/element_ynh) + +## Additional information + +## Administration + +**All documentation of this section is not warranted. A bad use of command could break the app and all the data. So use these commands at your own risk.** + +Before any manipulation it's recommended to do a backup by this following command : + +`sudo yunohost backup create --apps synapse` + +### Set user as admin + +Actually there are no functions in the client interface to set a user as admin. So it's possible to enable it manually in the database. + +The following command will grant admin privilege to the specified user: +``` +su --command="psql matrix_synapse" postgres <<< "UPDATE users SET admin = 1 WHERE name = '@user_to_be_admin:domain.tld'" +``` + +### Administration API + +Synapse's administration API endpoints are under `/_synapse` path and protected with the `admin_api` permission. +By default, no one has access to this path. + +If you wish to access it, for example to use [Synapse Admin](https://github.com/YunoHost-Apps/synapse-admin_ynh), +you need to give this permission to visitors. + +Then, to log in the API with your credentials, you need to set your user as admin (cf. precedent section). + +### Upgrade + +By default a backup is made before the upgrade. If for some reason you want to upgrade without backup: +- Call the command with the `-b` flag: `yunohost app upgrade synapse -b` +- Disable the setting `Backup before upgrade` in the Config Panel. Or with command line: + +`yunohost app setting synapse backup_before_upgrade -v 0` + +After this settings will be applied for **all** next upgrade. + +From command line: + +`yunohost app upgrade synapse` + +### Backup + +This app use now the core-only feature of the backup. To keep the integrity of the data and to have a better guarantee of the restoration is recommended to proceed like this: + +- Stop synapse service with theses following command: + +`systemctl stop synapse.service` + +- Launch the backup of synapse with this following command: + +`yunohost backup create --app synapse` + +- Do a backup of your data with your specific strategy (could be with rsync, borg backup or just cp). The data is generally stored in `/home/yunohost.app/matrix-synapse`. +- Restart the synapse service with these command: + +`systemctl start synapse.service` + +### Remove + +Due of the backup core only feature the data directory in `/home/yunohost.app/matrix-synapse` **is not removed**. + +Use the `--purge` flag with the command, or remove it manually to purge app user data. + +### Multi instance support + +To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command: +``` +yunohost app setting synapse__ synapse_tls_port +``` + +Before installing a second instance of the app it's really recommended to update all existing instances. + +## 文档与资源 + +- 官方应用网站: +- 上游应用代码库: +- YunoHost 商店: +- 报告 bug: + +## 开发者信息 + +请向 [`testing` 分支](https://github.com/YunoHost-Apps/synapse_ynh/tree/testing) 发送拉取请求。 + +如要尝试 `testing` 分支,请这样操作: + +```bash +sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug +或 +sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug +``` + +**有关应用打包的更多信息:**