deploy: 224ef0b669

2023-07-11 18:09:05 +00:00 · 2023-07-11 18:09:05 +00:00 · ad01c39914
parent de8e85d8bb
commit ad01c39914
6 changed files with 122 additions and 10 deletions
--- a/develop/development/contributing_guide.html
+++ b/develop/development/contributing_guide.html
@ -392,6 +392,7 @@ See the <a href="../workers.html">worker documentation</a> for additional inform
 </li>
 <li>Passing <code>ASYNCIO_REACTOR=1</code> as an environment variable to use the Twisted asyncio reactor instead of the default one.</li>
 <li>Passing <code>PODMAN=1</code> will use the <a href="https://podman.io/">podman</a> container runtime, instead of docker.</li>
+<li>Passing <code>UNIX_SOCKETS=1</code> will utilise Unix socket functionality for Synapse, Redis, and Postgres(when applicable).</li>
 </ul>
 <p>To increase the log level for the tests, set <code>SYNAPSE_TEST_LOG_LEVEL</code>, e.g:</p>
 <pre><code class="language-sh">SYNAPSE_TEST_LOG_LEVEL=DEBUG COMPLEMENT_DIR=../complement ./scripts-dev/complement.sh -run TestImportHistoricalMessages
--- a/develop/print.html
+++ b/develop/print.html
@ -4043,6 +4043,23 @@ on this port. Sub-options for each resource are:</p>
 additional endpoints which should be loaded via dynamic modules.</p>
 </li>
 </ul>
+<p>Unix socket support (<em>Added in Synapse 1.88.0</em>):</p>
+<ul>
+<li><code>path</code>: A path and filename for a Unix socket. Make sure it is located in a
+directory with read and write permissions, and that it already exists (the directory
+will not be created). Defaults to <code>None</code>.
+<ul>
+<li><strong>Note</strong>: The use of both <code>path</code> and <code>port</code> options for the same <code>listener</code> is not
+compatible.</li>
+<li>The <code>x_forwarded</code> option defaults to true  when using Unix sockets and can be omitted.</li>
+<li>Other options that would not make sense to use with a UNIX socket, such as 
+<code>bind_addresses</code> and <code>tls</code> will be ignored and can be removed.</li>
+</ul>
+</li>
+<li><code>mode</code>: The file permissions to set on the UNIX socket. Defaults to <code>666</code></li>
+<li><strong>Note:</strong> Must be set as <code>type: http</code> (does not support <code>metrics</code> and <code>manhole</code>). 
+Also make sure that <code>metrics</code> is not included in <code>resources</code> -&gt; <code>names</code></li>
+</ul>
 <p>Valid resource names are:</p>
 <ul>
 <li>
@ -4061,7 +4078,7 @@ additional endpoints which should be loaded via dynamic modules.</p>
 <p><code>media</code>: the media API (/_matrix/media).</p>
 </li>
 <li>
-<p><code>metrics</code>: the metrics interface. See <a href="usage/configuration/../../metrics-howto.html">here</a>.</p>
+<p><code>metrics</code>: the metrics interface. See <a href="usage/configuration/../../metrics-howto.html">here</a>. (Not compatible with Unix sockets)</p>
 </li>
 <li>
 <p><code>openid</code>: OpenID authentication. See <a href="usage/configuration/../../openid.html">here</a>.</p>
@ -4123,6 +4140,20 @@ for <a href="usage/configuration/../../workers.html">workers</a> and containers
    bind_addresses: ['::1', '127.0.0.1']
    type: manhole
 </code></pre>
+<p>Example configuration #3:</p>
+<pre><code class="language-yaml">listeners:
+  # Unix socket listener: Ideal for Synapse deployments behind a reverse proxy, offering
+  # lightweight interprocess communication without TCP/IP overhead, avoid port
+  # conflicts, and providing enhanced security through system file permissions.
+  #
+  # Note that x_forwarded will default to true, when using a UNIX socket. Please see
+  # https://matrix-org.github.io/synapse/latest/reverse_proxy.html.
+  #
+  - path: /var/run/synapse/main_public.sock
+    type: http
+    resources:
+      - names: [client, federation]
+</code></pre>
 <hr />
 <h3 id="manhole_settings"><a class="header" href="#manhole_settings"><code>manhole_settings</code></a></h3>
 <p>Connection settings for the manhole. You can find more information
@ -7051,6 +7082,13 @@ inside the <code>listener</code> block for a <code>replication</code> listener.<
    host: localhost
    port: 8034
 </code></pre>
+<p>Example configuration(#2, for UNIX sockets):</p>
+<pre><code class="language-yaml">instance_map:
+  main:
+    path: /var/run/synapse/main_replication.sock
+  worker1:
+    path: /var/run/synapse/worker1_replication.sock
+</code></pre>
 <hr />
 <h3 id="stream_writers"><a class="header" href="#stream_writers"><code>stream_writers</code></a></h3>
 <p>Experimental: When using workers you can define which workers should
@ -7190,6 +7228,17 @@ requests from other workers.</p>
    resources:
      - names: [client, federation]
 </code></pre>
+<p>Example configuration(#2, using UNIX sockets with a <code>replication</code> listener):</p>
+<pre><code class="language-yaml">worker_listeners:
+  - type: http
+    path: /var/run/synapse/worker_public.sock
+    resources:
+      - names: [client, federation]
+  - type: http
+    path: /var/run/synapse/worker_replication.sock
+    resources:
+      - names: [replication]
+</code></pre>
 <hr />
 <h3 id="worker_manhole"><a class="header" href="#worker_manhole"><code>worker_manhole</code></a></h3>
 <p>A worker may have a listener for <a href="usage/configuration/../../manhole.html"><code>manhole</code></a>.
@ -10832,9 +10881,15 @@ for the main process</li>
 <li>Secondly, you need to enable
 <a href="usage/configuration/config_documentation.html#redis">redis-based replication</a></li>
 <li>You will need to add an <a href="usage/configuration/config_documentation.html#instance_map"><code>instance_map</code></a> 
-with the <code>main</code> process defined, as well as the relevant connection information from 
-it's HTTP <code>replication</code> listener (defined in step 1 above). Note that the <code>host</code> defined 
-is the address the worker needs to look for the <code>main</code> process at, not necessarily the same address that is bound to.</li>
+with the <code>main</code> process defined, as well as the relevant connection information from
+it's HTTP <code>replication</code> listener (defined in step 1 above).
+<ul>
+<li>Note that the <code>host</code> defined is the address the worker needs to look for the <code>main</code>
+process at, not necessarily the same address that is bound to.</li>
+<li>If you are using Unix sockets for the <code>replication</code> resource, make sure to
+use a <code>path</code> to the socket file instead of a <code>port</code>.</li>
+</ul>
+</li>
 <li>Optionally, a <a href="usage/configuration/config_documentation.html#worker_replication_secret">shared secret</a>
 can be used to authenticate HTTP traffic between workers. For example:</li>
 </ul>
@ -16111,6 +16166,7 @@ See the <a href="development/../workers.html">worker documentation</a> for addit
 </li>
 <li>Passing <code>ASYNCIO_REACTOR=1</code> as an environment variable to use the Twisted asyncio reactor instead of the default one.</li>
 <li>Passing <code>PODMAN=1</code> will use the <a href="https://podman.io/">podman</a> container runtime, instead of docker.</li>
+<li>Passing <code>UNIX_SOCKETS=1</code> will utilise Unix socket functionality for Synapse, Redis, and Postgres(when applicable).</li>
 </ul>
 <p>To increase the log level for the tests, set <code>SYNAPSE_TEST_LOG_LEVEL</code>, e.g:</p>
 <pre><code class="language-sh">SYNAPSE_TEST_LOG_LEVEL=DEBUG COMPLEMENT_DIR=../complement ./scripts-dev/complement.sh -run TestImportHistoricalMessages
--- a/develop/searchindex.js
+++ b/develop/searchindex.js
--- a/develop/searchindex.json
+++ b/develop/searchindex.json
--- a/develop/usage/configuration/config_documentation.html
+++ b/develop/usage/configuration/config_documentation.html
@ -523,6 +523,23 @@ on this port. Sub-options for each resource are:</p>
 additional endpoints which should be loaded via dynamic modules.</p>
 </li>
 </ul>
+<p>Unix socket support (<em>Added in Synapse 1.88.0</em>):</p>
+<ul>
+<li><code>path</code>: A path and filename for a Unix socket. Make sure it is located in a
+directory with read and write permissions, and that it already exists (the directory
+will not be created). Defaults to <code>None</code>.
+<ul>
+<li><strong>Note</strong>: The use of both <code>path</code> and <code>port</code> options for the same <code>listener</code> is not
+compatible.</li>
+<li>The <code>x_forwarded</code> option defaults to true  when using Unix sockets and can be omitted.</li>
+<li>Other options that would not make sense to use with a UNIX socket, such as 
+<code>bind_addresses</code> and <code>tls</code> will be ignored and can be removed.</li>
+</ul>
+</li>
+<li><code>mode</code>: The file permissions to set on the UNIX socket. Defaults to <code>666</code></li>
+<li><strong>Note:</strong> Must be set as <code>type: http</code> (does not support <code>metrics</code> and <code>manhole</code>). 
+Also make sure that <code>metrics</code> is not included in <code>resources</code> -&gt; <code>names</code></li>
+</ul>
 <p>Valid resource names are:</p>
 <ul>
 <li>
@ -541,7 +558,7 @@ additional endpoints which should be loaded via dynamic modules.</p>
 <p><code>media</code>: the media API (/_matrix/media).</p>
 </li>
 <li>
-<p><code>metrics</code>: the metrics interface. See <a href="../../metrics-howto.html">here</a>.</p>
+<p><code>metrics</code>: the metrics interface. See <a href="../../metrics-howto.html">here</a>. (Not compatible with Unix sockets)</p>
 </li>
 <li>
 <p><code>openid</code>: OpenID authentication. See <a href="../../openid.html">here</a>.</p>
@ -603,6 +620,20 @@ for <a href="../../workers.html">workers</a> and containers without listener e.g
    bind_addresses: ['::1', '127.0.0.1']
    type: manhole
 </code></pre>
+<p>Example configuration #3:</p>
+<pre><code class="language-yaml">listeners:
+  # Unix socket listener: Ideal for Synapse deployments behind a reverse proxy, offering
+  # lightweight interprocess communication without TCP/IP overhead, avoid port
+  # conflicts, and providing enhanced security through system file permissions.
+  #
+  # Note that x_forwarded will default to true, when using a UNIX socket. Please see
+  # https://matrix-org.github.io/synapse/latest/reverse_proxy.html.
+  #
+  - path: /var/run/synapse/main_public.sock
+    type: http
+    resources:
+      - names: [client, federation]
+</code></pre>
 <hr />
 <h3 id="manhole_settings"><a class="header" href="#manhole_settings"><code>manhole_settings</code></a></h3>
 <p>Connection settings for the manhole. You can find more information
@ -3531,6 +3562,13 @@ inside the <code>listener</code> block for a <code>replication</code> listener.<
    host: localhost
    port: 8034
 </code></pre>
+<p>Example configuration(#2, for UNIX sockets):</p>
+<pre><code class="language-yaml">instance_map:
+  main:
+    path: /var/run/synapse/main_replication.sock
+  worker1:
+    path: /var/run/synapse/worker1_replication.sock
+</code></pre>
 <hr />
 <h3 id="stream_writers"><a class="header" href="#stream_writers"><code>stream_writers</code></a></h3>
 <p>Experimental: When using workers you can define which workers should
@ -3670,6 +3708,17 @@ requests from other workers.</p>
    resources:
      - names: [client, federation]
 </code></pre>
+<p>Example configuration(#2, using UNIX sockets with a <code>replication</code> listener):</p>
+<pre><code class="language-yaml">worker_listeners:
+  - type: http
+    path: /var/run/synapse/worker_public.sock
+    resources:
+      - names: [client, federation]
+  - type: http
+    path: /var/run/synapse/worker_replication.sock
+    resources:
+      - names: [replication]
+</code></pre>
 <hr />
 <h3 id="worker_manhole"><a class="header" href="#worker_manhole"><code>worker_manhole</code></a></h3>
 <p>A worker may have a listener for <a href="../../manhole.html"><code>manhole</code></a>.
--- a/develop/workers.html
+++ b/develop/workers.html
@ -218,9 +218,15 @@ for the main process</li>
 <li>Secondly, you need to enable
 <a href="usage/configuration/config_documentation.html#redis">redis-based replication</a></li>
 <li>You will need to add an <a href="usage/configuration/config_documentation.html#instance_map"><code>instance_map</code></a> 
-with the <code>main</code> process defined, as well as the relevant connection information from 
-it's HTTP <code>replication</code> listener (defined in step 1 above). Note that the <code>host</code> defined 
-is the address the worker needs to look for the <code>main</code> process at, not necessarily the same address that is bound to.</li>
+with the <code>main</code> process defined, as well as the relevant connection information from
+it's HTTP <code>replication</code> listener (defined in step 1 above).
+<ul>
+<li>Note that the <code>host</code> defined is the address the worker needs to look for the <code>main</code>
+process at, not necessarily the same address that is bound to.</li>
+<li>If you are using Unix sockets for the <code>replication</code> resource, make sure to
+use a <code>path</code> to the socket file instead of a <code>port</code>.</li>
+</ul>
+</li>
 <li>Optionally, a <a href="usage/configuration/config_documentation.html#worker_replication_secret">shared secret</a>
 can be used to authenticate HTTP traffic between workers. For example:</li>
 </ul>