|
|
@@ -29,69 +29,72 @@ for port in 8080 8081 8082; do |
|
|
|
--report-stats no |
|
|
|
|
|
|
|
if ! grep -F "Customisation made by demo/start.sh" -q "$DIR/etc/$port.config"; then |
|
|
|
printf '\n\n# Customisation made by demo/start.sh\n' >> "$DIR/etc/$port.config" |
|
|
|
|
|
|
|
echo "public_baseurl: http://localhost:$port/" >> "$DIR/etc/$port.config" |
|
|
|
|
|
|
|
echo 'enable_registration: true' >> "$DIR/etc/$port.config" |
|
|
|
|
|
|
|
# Warning, this heredoc depends on the interaction of tabs and spaces. Please don't |
|
|
|
# accidentaly bork me with your fancy settings. |
|
|
|
listeners=$(cat <<-PORTLISTENERS |
|
|
|
# Configure server to listen on both $https_port and $port |
|
|
|
# This overides some of the default settings above |
|
|
|
listeners: |
|
|
|
- port: $https_port |
|
|
|
type: http |
|
|
|
tls: true |
|
|
|
resources: |
|
|
|
- names: [client, federation] |
|
|
|
|
|
|
|
- port: $port |
|
|
|
tls: false |
|
|
|
bind_addresses: ['::1', '127.0.0.1'] |
|
|
|
type: http |
|
|
|
x_forwarded: true |
|
|
|
resources: |
|
|
|
- names: [client, federation] |
|
|
|
compress: false |
|
|
|
PORTLISTENERS |
|
|
|
) |
|
|
|
echo "${listeners}" >> "$DIR/etc/$port.config" |
|
|
|
|
|
|
|
# Disable tls for the servers |
|
|
|
printf '\n\n# Disable tls on the servers.' >> "$DIR/etc/$port.config" |
|
|
|
echo '# DO NOT USE IN PRODUCTION' >> "$DIR/etc/$port.config" |
|
|
|
echo 'use_insecure_ssl_client_just_for_testing_do_not_use: true' >> "$DIR/etc/$port.config" |
|
|
|
echo 'federation_verify_certificates: false' >> "$DIR/etc/$port.config" |
|
|
|
|
|
|
|
# Set tls paths |
|
|
|
echo "tls_certificate_path: \"$DIR/etc/localhost:$https_port.tls.crt\"" >> "$DIR/etc/$port.config" |
|
|
|
echo "tls_private_key_path: \"$DIR/etc/localhost:$https_port.tls.key\"" >> "$DIR/etc/$port.config" |
|
|
|
|
|
|
|
# Generate tls keys |
|
|
|
openssl req -x509 -newkey rsa:4096 -keyout "$DIR/etc/localhost:$https_port.tls.key" -out "$DIR/etc/localhost:$https_port.tls.crt" -days 365 -nodes -subj "/O=matrix" |
|
|
|
|
|
|
|
# Ignore keys from the trusted keys server |
|
|
|
echo '# Ignore keys from the trusted keys server' >> "$DIR/etc/$port.config" |
|
|
|
echo 'trusted_key_servers:' >> "$DIR/etc/$port.config" |
|
|
|
echo ' - server_name: "matrix.org"' >> "$DIR/etc/$port.config" |
|
|
|
echo ' accept_keys_insecurely: true' >> "$DIR/etc/$port.config" |
|
|
|
|
|
|
|
# Reduce the blacklist |
|
|
|
blacklist=$(cat <<-BLACK |
|
|
|
# Set the blacklist so that it doesn't include 127.0.0.1, ::1 |
|
|
|
federation_ip_range_blacklist: |
|
|
|
- '10.0.0.0/8' |
|
|
|
- '172.16.0.0/12' |
|
|
|
- '192.168.0.0/16' |
|
|
|
- '100.64.0.0/10' |
|
|
|
- '169.254.0.0/16' |
|
|
|
- 'fe80::/64' |
|
|
|
- 'fc00::/7' |
|
|
|
BLACK |
|
|
|
) |
|
|
|
echo "${blacklist}" >> "$DIR/etc/$port.config" |
|
|
|
# Regenerate configuration |
|
|
|
{ |
|
|
|
printf '\n\n# Customisation made by demo/start.sh\n' |
|
|
|
echo "public_baseurl: http://localhost:$port/" |
|
|
|
echo 'enable_registration: true' |
|
|
|
|
|
|
|
# Warning, this heredoc depends on the interaction of tabs and spaces. |
|
|
|
# Please don't accidentaly bork me with your fancy settings. |
|
|
|
listeners=$(cat <<-PORTLISTENERS |
|
|
|
# Configure server to listen on both $https_port and $port |
|
|
|
# This overides some of the default settings above |
|
|
|
listeners: |
|
|
|
- port: $https_port |
|
|
|
type: http |
|
|
|
tls: true |
|
|
|
resources: |
|
|
|
- names: [client, federation] |
|
|
|
|
|
|
|
- port: $port |
|
|
|
tls: false |
|
|
|
bind_addresses: ['::1', '127.0.0.1'] |
|
|
|
type: http |
|
|
|
x_forwarded: true |
|
|
|
resources: |
|
|
|
- names: [client, federation] |
|
|
|
compress: false |
|
|
|
PORTLISTENERS |
|
|
|
) |
|
|
|
|
|
|
|
echo "${listeners}" |
|
|
|
|
|
|
|
# Disable tls for the servers |
|
|
|
printf '\n\n# Disable tls on the servers.' |
|
|
|
echo '# DO NOT USE IN PRODUCTION' |
|
|
|
echo 'use_insecure_ssl_client_just_for_testing_do_not_use: true' |
|
|
|
echo 'federation_verify_certificates: false' |
|
|
|
|
|
|
|
# Set tls paths |
|
|
|
echo "tls_certificate_path: \"$DIR/etc/localhost:$https_port.tls.crt\"" |
|
|
|
echo "tls_private_key_path: \"$DIR/etc/localhost:$https_port.tls.key\"" |
|
|
|
|
|
|
|
# Ignore keys from the trusted keys server |
|
|
|
echo '# Ignore keys from the trusted keys server' |
|
|
|
echo 'trusted_key_servers:' |
|
|
|
echo ' - server_name: "matrix.org"' |
|
|
|
echo ' accept_keys_insecurely: true' |
|
|
|
|
|
|
|
# Reduce the blacklist |
|
|
|
blacklist=$(cat <<-BLACK |
|
|
|
# Set the blacklist so that it doesn't include 127.0.0.1, ::1 |
|
|
|
federation_ip_range_blacklist: |
|
|
|
- '10.0.0.0/8' |
|
|
|
- '172.16.0.0/12' |
|
|
|
- '192.168.0.0/16' |
|
|
|
- '100.64.0.0/10' |
|
|
|
- '169.254.0.0/16' |
|
|
|
- 'fe80::/64' |
|
|
|
- 'fc00::/7' |
|
|
|
BLACK |
|
|
|
) |
|
|
|
|
|
|
|
echo "${blacklist}" |
|
|
|
} >> "$DIR/etc/$port.config" |
|
|
|
fi |
|
|
|
|
|
|
|
# Check script parameters |
|
|
|