ansol/matrix-docker-ansible-deploy
7
0
Fork 0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2025-02-23 17:19:47 +00:00
Code Issues Projects Releases Wiki Activity

Update docs for Draupnir and Mjolnir: tidy up the descriptions in the sections for rate limiting

Browse Source 
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
This commit is contained in:
Suguru Hirahara 2025-01-19 15:32:02 +09:00
parent f0e7bb1e1d
commit 034b5e3166
No known key found for this signature in database
GPG Key ID: E4F9743DAB4B7B75
2 changed files with 27 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
docs/configuring-playbook-bot-draupnir.md
View File

@ -84,25 +84,25 @@ If your homeserver's implementation is Synapse, you will need to prevent it from
This can be done using Synapse's [Admin APIs](https://element-hq.github.io/synapse/latest/admin_api/user_admin_api.html#override-ratelimiting-for-users). They can be accessed both externally and internally. This can be done using Synapse's [Admin APIs](https://element-hq.github.io/synapse/latest/admin_api/user_admin_api.html#override-ratelimiting-for-users). They can be accessed both externally and internally.
**Note**: access to the APIs is restricted with a valid access token, so exposing them publicly should not be a real security concern. Still, doing so is not recommended for additional security. See [official Synapse reverse-proxying recommendations](https://element-hq.github.io/synapse/latest/reverse_proxy.html#synapse-administration-endpoints).
The APIs can also be accessed via [Synapse Admin](https://github.com/etkecc/synapse-admin), a web UI tool you can use to administrate users, rooms, media, etc. on your Matrix server. The playbook can install and configure Synapse Admin for you. For details about it, see [this page](configuring-playbook-synapse-admin.md).
#### Add the configuration
To expose the APIs publicly, add the following configuration to your `vars.yml` file: To expose the APIs publicly, add the following configuration to your `vars.yml` file:
```yaml ```yaml
matrix_synapse_container_labels_public_client_synapse_admin_api_enabled: true matrix_synapse_container_labels_public_client_synapse_admin_api_enabled: true
``` ```
**Notes**:
- Access to the APIs is restricted with a valid access token, so exposing them publicly should not be a real security concern. Still, doing so is not recommended for additional security. See [official Synapse reverse-proxying recommendations](https://element-hq.github.io/synapse/latest/reverse_proxy.html#synapse-administration-endpoints).
- The APIs can also be accessed via [Synapse Admin](https://github.com/etkecc/synapse-admin), a web UI tool you can use to administrate users, rooms, media, etc. on your Matrix server. The playbook can install and configure Synapse Admin for you. For details about it, see [this page](configuring-playbook-synapse-admin.md).
#### Obtain an access token for admin account #### Obtain an access token for admin account
Manual access to Synapse's Admin APIs requires an access token for a homeserver admin account. Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md). Manual access to Synapse's Admin APIs requires an access token for a homeserver admin account. Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md).
#### Run the `curl` command #### Run the `curl` command
To discharge rate limiting, run the following command on systems that ship curl (note that it does not work on outdated Windows 10). After obtaining the access token for the admin account, run the following command on systems that ship curl to discharge rate limiting.
Before running it, make sure to replace: Before running it, make sure to replace:
- `ADMIN_ACCESS_TOKEN_HERE` with the access token of the admin account - `ADMIN_ACCESS_TOKEN_HERE` with the access token of the admin account
@ -113,7 +113,11 @@ Before running it, make sure to replace:
curl --header "Authorization: Bearer ADMIN_ACCESS_TOKEN_HERE" -X POST https://matrix.example.com/_synapse/admin/v1/users/@bot.draupnir:example.com/override_ratelimit curl --header "Authorization: Bearer ADMIN_ACCESS_TOKEN_HERE" -X POST https://matrix.example.com/_synapse/admin/v1/users/@bot.draupnir:example.com/override_ratelimit
``` ```
**Note**: even if the APIs are not exposed to the internet, you should still be able to run the command on the homeserver locally. **Notes**:
- The command does not work on the outdated Windows 10.
- Even if the APIs are not exposed to the internet, you should still be able to run the command on the homeserver locally.
### Abuse Reports ### Abuse Reports

24
docs/configuring-playbook-bot-mjolnir.md
View File

@ -32,25 +32,27 @@ If your homeserver's implementation is Synapse, you will need to prevent it from
This can be done using Synapse's [Admin APIs](https://element-hq.github.io/synapse/latest/admin_api/user_admin_api.html#override-ratelimiting-for-users). They can be accessed both externally and internally. This can be done using Synapse's [Admin APIs](https://element-hq.github.io/synapse/latest/admin_api/user_admin_api.html#override-ratelimiting-for-users). They can be accessed both externally and internally.
**Note**: access to the APIs is restricted with a valid access token, so exposing them publicly should not be a real security concern. Still, doing so is not recommended for additional security. See [official Synapse reverse-proxying recommendations](https://element-hq.github.io/synapse/latest/reverse_proxy.html#synapse-administration-endpoints).
The APIs can also be accessed via [Synapse Admin](https://github.com/etkecc/synapse-admin), a web UI tool you can use to administrate users, rooms, media, etc. on your Matrix server. The playbook can install and configure Synapse Admin for you. For details about it, see [this page](configuring-playbook-synapse-admin.md).
#### Add the configuration
To expose the APIs publicly, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file: To expose the APIs publicly, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
```yaml ```yaml
matrix_synapse_container_labels_public_client_synapse_admin_api_enabled: true matrix_synapse_container_labels_public_client_synapse_admin_api_enabled: true
``` ```
**Notes**:
- Access to the APIs is restricted with a valid access token, so exposing them publicly should not be a real security concern. Still, doing so is not recommended for additional security. See [official Synapse reverse-proxying recommendations](https://element-hq.github.io/synapse/latest/reverse_proxy.html#synapse-administration-endpoints).
- The APIs can also be accessed via [Synapse Admin](https://github.com/etkecc/synapse-admin), a web UI tool you can use to administrate users, rooms, media, etc. on your Matrix server. The playbook can install and configure Synapse Admin for you. For details about it, see [this page](configuring-playbook-synapse-admin.md).
#### Obtain an access token for admin account #### Obtain an access token for admin account
Manual access to Synapse's Admin APIs requires an access token for a homeserver admin account. Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md). If you have made Mjolnir an admin, you can just use the Mjolnir token. Manual access to Synapse's Admin APIs requires an access token for a homeserver admin account. Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md).
If you have made Mjolnir an admin, you can just use the Mjolnir token.
#### Run the `curl` command #### Run the `curl` command
To discharge rate limiting, run the following command on systems that ship curl (note that it does not work on outdated Windows 10). After obtaining the access token for the admin account, run the following command on systems that ship curl to discharge rate limiting.
Before running it, make sure to replace: Before running it, make sure to replace:
- `ADMIN_ACCESS_TOKEN_HERE` with the access token of the admin account - `ADMIN_ACCESS_TOKEN_HERE` with the access token of the admin account
@ -61,7 +63,11 @@ Before running it, make sure to replace:
curl --header "Authorization: Bearer ADMIN_ACCESS_TOKEN_HERE" -X POST https://matrix.example.com/_synapse/admin/v1/users/@bot.mjolnir:example.com/override_ratelimit curl --header "Authorization: Bearer ADMIN_ACCESS_TOKEN_HERE" -X POST https://matrix.example.com/_synapse/admin/v1/users/@bot.mjolnir:example.com/override_ratelimit
``` ```
**Note**: even if the APIs are not exposed to the internet, you should still be able to run the command on the homeserver locally. **Notes**:
- The command does not work on the outdated Windows 10.
- Even if the APIs are not exposed to the internet, you should still be able to run the command on the homeserver locally.
### Create a management room ### Create a management room