From 068df9be8262e7df8dc2737cd391b58b8f136bcd Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Sun, 6 Jan 2019 16:43:02 +0100 Subject: [PATCH] readd dhparams --- Dockerfile | 2 -- rootfs/etc/confd/templates/server.yaml.tmpl | 1 + rootfs/etc/cont-init.d/synapse-keys | 9 +++++++++ 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index cb07ab1..33aeff1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -53,6 +53,4 @@ ADD /rootfs / RUN chown -R matrix-synapse:matrix-synapse /var/lib/matrix-synapse ENV HOME /var/lib/matrix-synapse -EXPOSE 8448 - VOLUME /var/lib/matrix-synapse/media_store/ /var/lib/matrix-synapse/uploads /var/lib/matrix-synapse/signing/ /etc/ssl/matrix-synapse/ /var/lib/matrix-synapse/registrations/ diff --git a/rootfs/etc/confd/templates/server.yaml.tmpl b/rootfs/etc/confd/templates/server.yaml.tmpl index 12613dd..62fff29 100644 --- a/rootfs/etc/confd/templates/server.yaml.tmpl +++ b/rootfs/etc/confd/templates/server.yaml.tmpl @@ -1,4 +1,5 @@ tls_certificate_path: "/etc/ssl/matrix-synapse/{{getenv "CERT_DOMAIN"}}.crt" +tls_dh_params_path: "/var/lib/matrix-synapse/signing/dhparams.pem" no_tls: True diff --git a/rootfs/etc/cont-init.d/synapse-keys b/rootfs/etc/cont-init.d/synapse-keys index b835538..5beb002 100644 --- a/rootfs/etc/cont-init.d/synapse-keys +++ b/rootfs/etc/cont-init.d/synapse-keys @@ -3,3 +3,12 @@ if [ ! -f /var/lib/matrix-synapse/signing/signing.key ]; then s6-setuidgid matrix-synapse python -B -m synapse.app.homeserver -c /var/lib/matrix-synapse/server.yaml --generate-config -H $SERVER_NAME --report-stats=no fi + +if [ ! -f /var/lib/matrix-synapse/signing/dhparams.pem ]; then + openssl dhparam -out /var/lib/matrix-synapse/signing/dhparams.pem $DHPARAM_LENGTH +fi + +chmod 755 "/etc/ssl/matrix-synapse/" +if [ -f "/etc/ssl/matrix-synapse/$CERT_DOMAIN.crt"y ]; then + chmod 644 "/etc/ssl/matrix-synapse/$CERT_DOMAIN.crt" +fi