File tree Expand file tree Collapse file tree 2 files changed +5
-4
lines changed Expand file tree Collapse file tree 2 files changed +5
-4
lines changed Original file line number Diff line number Diff line change
1
+ Mention `CAP_NET_BIND_SERVICE` as an alternative to running Synapse as root in order to bind to a privileged port.
Original file line number Diff line number Diff line change @@ -5,10 +5,10 @@ It is recommended to put a reverse proxy such as
5
5
[ Apache] ( https://httpd.apache.org/docs/current/mod/mod_proxy_http.html ) ,
6
6
[ Caddy] ( https://caddyserver.com/docs/quick-starts/reverse-proxy ) ,
7
7
[ HAProxy] ( https://www.haproxy.org/ ) or
8
- [ relayd] ( https://man.openbsd.org/relayd.8 ) in front of Synapse. One advantage
9
- of doing so is that it means that you can expose the default https port
10
- (443) to Matrix clients without needing to run Synapse with root
11
- privileges .
8
+ [ relayd] ( https://man.openbsd.org/relayd.8 ) in front of Synapse.
9
+ This has the advantage of being able to expose the default HTTPS port (443) to Matrix
10
+ clients without requiring Synapse to bind to a privileged port (port numbers less than
11
+ 1024), avoiding the need for ` CAP_NET_BIND_SERVICE ` or running as root .
12
12
13
13
You should configure your reverse proxy to forward requests to ` /_matrix ` or
14
14
` /_synapse/client ` to Synapse, and have it set the ` X-Forwarded-For ` and
You can’t perform that action at this time.
0 commit comments