Documentation on how to set up delegation with .well-known

2023-07-30 20:49:07 +02:00 · 2023-07-30 20:49:07 +02:00 · 1d89b21170
commit 1d89b21170
parent a059c5bcf1
1 changed files with 51 additions and 1 deletions
--- a/DEPLOY.md
+++ b/DEPLOY.md
@ -209,9 +209,59 @@ A matrix username has the format `@username:example.com`, where `example.com` co

 > Note: Some proxies (for example Cloudflare) don't support port 8448, making delegation necessary.

+### Setting up delegation
+
+Delegation can be set up with an [SRV DNS record](https://matrix-org.github.io/synapse/latest/delegate.html#srv-dns-record-delegation) or by serving a JSON response, usually referred to as `.well-known` delegation. This documentation only discusses the second option, which is generally recommended. It is important to note that  `.well-known` has to be served on `example.com:443`, which corresponds to the server name and the standard HTTPS port, not where Conduit actually is. See the following examples for more information and choose the right one for your reverse proxy.


-This depends on whether you use Apache, Caddy, Nginx or another web server.
+#### Nginx
+
+```nginx
+server {
+    
+        server_name example.com; # Change to the name of your server
+
+        ### Federation traffic, i.e. server-to-server communication
+        location /.well-known/matrix/server {
+                types { } default_type "application/json; charset=utf-8";
+                return 200 '{"m.server": "conduit.example.com:443"}'; # the address and port of Conduit
+        }
+        ### Client-server traffic
+        location /.well-known/matrix/client {
+                types { } default_type "application/json; charset=utf-8";
+                add_header 'Access-Control-Allow-Origin' *;
+                add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
+                add_header 'Access-Control-Allow-Headers' 'X-Requested-With, Content-Type, Authorization';
+                return 200 '{"m.homeserver": {"base_url": "https://conduit.example.com"}}'; # the address of Conduit
+        }
+        # Don't forget to set up TLS
+}
+
+```
+
+#### Caddy
+There are multiple ways to configure Caddy. This example uses a Caddyfile.
+```conf
+example.com {
+        handle_path /.well-known/matrix/* {
+                ### Federation traffic, i.e. server-to-server communication
+                respond /server `{"m.server": "conduit.example.com:443"}`
+                ### Client-server traffic
+                handle_path /client {
+                        header Access-Control-Allow-Origin *
+                        header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
+                        header Access-Control-Allow-Headers "X-Requested-With, Content-Type, Authorization"
+                        respond `{"m.homeserver": {"base_url": "https://conduit.example.com"}}`
+                }
+        }
+}
+```
+
+
+
+## Forwarding traffic to Conduit
+
+Since Conduit listens on port 6167, you need a reverse proxy to forward incoming requests to it. By default, ports 8448 and 443 need to be forwarded, although this may vary if you have set up delegation in the previous step. Example configurations for various reverse proxies can be found below.

 ### Apache