mirror of
https://github.com/spantaleev/matrix-docker-ansible-deploy.git
synced 2024-12-23 21:15:45 +00:00
301 lines
11 KiB
Plaintext
301 lines
11 KiB
Plaintext
|
# SOME DESCRIPTIVE TITLE.
|
||
|
# Copyright (C) 2018-2024, Slavi Pantaleev, Aine Etke, MDAD community
|
||
|
# members
|
||
|
# This file is distributed under the same license as the
|
||
|
# matrix-docker-ansible-deploy package.
|
||
|
# FIRST AUTHOR <EMAIL@ADDRESS>, 2024.
|
||
|
#
|
||
|
#, fuzzy
|
||
|
msgid ""
|
||
|
msgstr ""
|
||
|
"Project-Id-Version: matrix-docker-ansible-deploy \n"
|
||
|
"Report-Msgid-Bugs-To: \n"
|
||
|
"POT-Creation-Date: 2024-12-16 12:05+0900\n"
|
||
|
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
|
||
|
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
|
||
|
"Language: jp\n"
|
||
|
"Language-Team: jp <LL@li.org>\n"
|
||
|
"MIME-Version: 1.0\n"
|
||
|
"Content-Type: text/plain; charset=utf-8\n"
|
||
|
"Content-Transfer-Encoding: 8bit\n"
|
||
|
"Generated-By: Babel 2.16.0\n"
|
||
|
|
||
|
#: ../../../docs/howto-server-delegation.md:1
|
||
|
msgid "Server Delegation"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/howto-server-delegation.md:3
|
||
|
msgid ""
|
||
|
"By default, this playbook sets up services on your Matrix server "
|
||
|
"(`matrix.example.com`). To have this server officially be responsible for"
|
||
|
" Matrix services for the base domain (`example.com`), you need to set up "
|
||
|
"server delegation / redirection."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/howto-server-delegation.md:5
|
||
|
msgid "Server delegation can be configured in either of these ways:"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/howto-server-delegation.md:7
|
||
|
msgid ""
|
||
|
"[Setting up a `/.well-known/matrix/server` file](#server-delegation-via-a"
|
||
|
"-well-known-file) on the base domain (`example.com`)"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/howto-server-delegation.md:8
|
||
|
msgid ""
|
||
|
"[Setting up a `_matrix._tcp` DNS SRV record](#server-delegation-via-a"
|
||
|
"-dns-srv-record-advanced)"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/howto-server-delegation.md:10
|
||
|
msgid ""
|
||
|
"Both methods have their place and will continue to do so. You only need "
|
||
|
"to use just one of these delegation methods."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/howto-server-delegation.md:12
|
||
|
msgid ""
|
||
|
"For simplicity reasons, this playbook recommends you to set up server "
|
||
|
"delegation via a `/.well-known/matrix/server` file. However, that method "
|
||
|
"may have some downsides that are not to your liking. Hence this guide "
|
||
|
"about alternative ways to set up Server Delegation."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/howto-server-delegation.md:14
|
||
|
msgid ""
|
||
|
"**Note**: as an alternative, it is possible to install the server such "
|
||
|
"that it uses only the `matrix.example.com` domain (instead of identifying"
|
||
|
" as the shorter base domain - `example.com`). This should be helpful if "
|
||
|
"you are not in control of anything on the base domain (`example.com`). In"
|
||
|
" this case, you would not need to configure server delegation, but you "
|
||
|
"would need to add other configuration. For more information, see [How do "
|
||
|
"I install on matrix.example.com without involving the base "
|
||
|
"domain?](faq.md#how-do-i-install-on-matrix-example-com-without-involving-"
|
||
|
"the-base-domain) on our FAQ."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/howto-server-delegation.md:16
|
||
|
msgid "Server Delegation via a well-known file"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/howto-server-delegation.md:18
|
||
|
msgid ""
|
||
|
"This playbook recommends you to set up server delegation by means of a "
|
||
|
"`/.well-known/matrix/server` file served from the base domain "
|
||
|
"(`example.com`), as this is the most straightforward way to set up the "
|
||
|
"delegation."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/howto-server-delegation.md:20
|
||
|
msgid ""
|
||
|
"To configure server delegation with the well-known file, check this "
|
||
|
"section on [Configuring Service Discovery via .well-known](configuring-"
|
||
|
"well-known.md): [Installing well-known files on the base domain's server"
|
||
|
"](configuring-well-known.md#installing-well-known-files-on-the-base-"
|
||
|
"domain-s-server)"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/howto-server-delegation.md:22
|
||
|
msgid "Downsides of well-known-based Server Delegation"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/howto-server-delegation.md:24
|
||
|
msgid ""
|
||
|
"Server Delegation by means of a `/.well-known/matrix/server` file is the "
|
||
|
"most straightforward, but suffers from the following downsides:"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/howto-server-delegation.md:26
|
||
|
msgid ""
|
||
|
"you need to have a working HTTPS server for the base domain "
|
||
|
"(`example.com`). If you don't have any server for the base domain at all,"
|
||
|
" you can easily solve it by making the playbook [serve the base domain "
|
||
|
"from the Matrix server](configuring-playbook-base-domain-serving.md)."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/howto-server-delegation.md:28
|
||
|
msgid ""
|
||
|
"any downtime on the base domain (`example.com`) or network trouble "
|
||
|
"between the Matrix subdomain (`matrix.example.com`) and the base "
|
||
|
"`example.com` may cause Matrix Federation outages. As the [Server-Server "
|
||
|
"spec says](https://matrix.org/docs/spec/server_server/r0.1.0.html#server-"
|
||
|
"discovery):"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/howto-server-delegation.md:30
|
||
|
msgid ""
|
||
|
"Errors are recommended to be cached for up to an hour, and servers are "
|
||
|
"encouraged to exponentially back off for repeated failures."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/howto-server-delegation.md:32
|
||
|
msgid ""
|
||
|
"**For most people, this is a reasonable tradeoff** given that it's easy "
|
||
|
"and straightforward to set up. We recommend you stay on this path."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/howto-server-delegation.md:34
|
||
|
msgid ""
|
||
|
"Otherwise, you can decide to go against the default for this playbook, "
|
||
|
"and instead set up [Server Delegation via a DNS SRV record (advanced"
|
||
|
")](#server-delegation-via-a-dns-srv-record-advanced) (much more "
|
||
|
"complicated)."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/howto-server-delegation.md:36
|
||
|
msgid "Server Delegation via a DNS SRV record (advanced)"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/howto-server-delegation.md:38
|
||
|
msgid ""
|
||
|
"**Note**: doing Server Delegation via a DNS SRV record is a more "
|
||
|
"**advanced** way to do it and is not the default for this playbook. This "
|
||
|
"is usually **much more complicated** to set up, so **we don't recommend "
|
||
|
"it**. If you're not an experienced sysadmin, you'd better stay away from "
|
||
|
"this."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/howto-server-delegation.md:40
|
||
|
msgid ""
|
||
|
"As per the [Server-Server "
|
||
|
"spec](https://matrix.org/docs/spec/server_server/r0.1.0.html#server-"
|
||
|
"discovery), it's possible to do Server Delegation using only a SRV record"
|
||
|
" (without a `/.well-known/matrix/server` file)."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/howto-server-delegation.md:42
|
||
|
msgid ""
|
||
|
"This prevents you from suffering the [Downsides of well-known-based "
|
||
|
"Server Delegation](#downsides-of-well-known-based-server-delegation)."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/howto-server-delegation.md:44
|
||
|
msgid "To use DNS SRV record validation, you need to:"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/howto-server-delegation.md:46
|
||
|
msgid ""
|
||
|
"ensure that `/.well-known/matrix/server` is **not served** from the base "
|
||
|
"domain, as that would interfere with DNS SRV record Server Delegation. To"
|
||
|
" make the playbook **not** generate and serve the file, use the following"
|
||
|
" configuration: `matrix_static_files_file_matrix_server_enabled: false`."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/howto-server-delegation.md:48
|
||
|
msgid ""
|
||
|
"ensure that you have a `_matrix._tcp` DNS SRV record for your base domain"
|
||
|
" (`example.com`) with a value of `10 0 8448 matrix.example.com`"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/howto-server-delegation.md:50
|
||
|
msgid ""
|
||
|
"ensure that you are serving the Matrix Federation API (tcp/8448) with a "
|
||
|
"certificate for `example.com` (not `matrix.example.com`!). Getting this "
|
||
|
"certificate to the `matrix.example.com` server may be complicated. The "
|
||
|
"playbook's automatic SSL obtaining/renewal flow will likely not work and "
|
||
|
"you'll need to copy certificates around manually. See below."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/howto-server-delegation.md:52
|
||
|
msgid ""
|
||
|
"For more details on how to configure the playbook to work with SRV "
|
||
|
"delegation, take a look at this documentation: [Server Delegation via a "
|
||
|
"DNS SRV record (advanced)](howto-srv-server-delegation.md)"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/howto-server-delegation.md:54
|
||
|
msgid "Obtaining certificates"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/howto-server-delegation.md:56
|
||
|
msgid ""
|
||
|
"How you can obtain a valid certificate for `example.com` on the "
|
||
|
"`matrix.example.com` server is up to you."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/howto-server-delegation.md:58
|
||
|
msgid ""
|
||
|
"If `example.com` and `matrix.example.com` are hosted on the same machine,"
|
||
|
" you can let the playbook obtain the certificate for you, by following "
|
||
|
"our [Obtaining SSL certificates for additional domains](configuring-"
|
||
|
"playbook-ssl-certificates.md#obtaining-ssl-certificates-for-additional-"
|
||
|
"domains) guide."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/howto-server-delegation.md:60
|
||
|
msgid ""
|
||
|
"If `example.com` and `matrix.example.com` are not hosted on the same "
|
||
|
"machine, you can copy over the certificate files manually. Don't forget "
|
||
|
"that they may get renewed once in a while, so you may also have to "
|
||
|
"transfer them periodically. How often you do that is up to you, as long "
|
||
|
"as the certificate files don't expire."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/howto-server-delegation.md:62
|
||
|
msgid "Serving the Federation API with your certificates"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/howto-server-delegation.md:64
|
||
|
msgid ""
|
||
|
"Regardless of which method for obtaining certificates you've used, once "
|
||
|
"you've managed to get certificates for your base domain onto the "
|
||
|
"`matrix.example.com` machine you can put them to use."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/howto-server-delegation.md:66
|
||
|
msgid "Based on your setup, you have different ways to go about it:"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/howto-server-delegation.md:68
|
||
|
msgid ""
|
||
|
"Serving the Federation API with your certificates and Synapse handling "
|
||
|
"Federation"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/howto-server-delegation.md:70
|
||
|
msgid "You can let Synapse handle Federation by itself."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/howto-server-delegation.md:72
|
||
|
msgid ""
|
||
|
"To do that, make sure the certificate files are mounted into the Synapse "
|
||
|
"container:"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/howto-server-delegation.md:79
|
||
|
msgid ""
|
||
|
"You can then tell Synapse to serve Federation traffic over TLS on "
|
||
|
"`tcp/8448`:"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/howto-server-delegation.md:87
|
||
|
msgid ""
|
||
|
"Make sure to reload Synapse once in a while (`systemctl reload matrix-"
|
||
|
"synapse`), so that newer certificates can kick in. Reloading doesn't "
|
||
|
"cause any downtime."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/howto-server-delegation.md:89
|
||
|
msgid "Serving the Federation API with your certificates and another webserver"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/howto-server-delegation.md:91
|
||
|
msgid ""
|
||
|
"**Alternatively**, if you are using another webserver, you can set up "
|
||
|
"reverse-proxying for the `tcp/8448` port by yourself. Make sure to use "
|
||
|
"the proper certificates for `example.com` (not for `matrix.example.com`) "
|
||
|
"when serving the `tcp/8448` port."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/howto-server-delegation.md:93
|
||
|
msgid ""
|
||
|
"As recommended in our [Fronting the integrated reverse-proxy webserver "
|
||
|
"with another reverse-proxy](./configuring-playbook-own-webserver.md"
|
||
|
"#fronting-the-integrated-reverse-proxy-webserver-with-another-reverse-"
|
||
|
"proxy) documentation section, we recommend you to expose the Matrix "
|
||
|
"Federation entrypoint from traffic at a local port (e.g. "
|
||
|
"`127.0.0.1:8449`), so your reverese-proxy should send traffic there."
|
||
|
msgstr ""
|
||
|
|