# SOME DESCRIPTIVE TITLE. # Copyright (C) 2018-2024, Slavi Pantaleev, Aine Etke, MDAD community # members # This file is distributed under the same license as the # matrix-docker-ansible-deploy package. # FIRST AUTHOR , 2024. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: matrix-docker-ansible-deploy \n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2024-12-16 12:05+0900\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language: jp\n" "Language-Team: jp \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" "Generated-By: Babel 2.16.0\n" #: ../../../docs/howto-server-delegation.md:1 msgid "Server Delegation" msgstr "" #: ../../../docs/howto-server-delegation.md:3 msgid "" "By default, this playbook sets up services on your Matrix server " "(`matrix.example.com`). To have this server officially be responsible for" " Matrix services for the base domain (`example.com`), you need to set up " "server delegation / redirection." msgstr "" #: ../../../docs/howto-server-delegation.md:5 msgid "Server delegation can be configured in either of these ways:" msgstr "" #: ../../../docs/howto-server-delegation.md:7 msgid "" "[Setting up a `/.well-known/matrix/server` file](#server-delegation-via-a" "-well-known-file) on the base domain (`example.com`)" msgstr "" #: ../../../docs/howto-server-delegation.md:8 msgid "" "[Setting up a `_matrix._tcp` DNS SRV record](#server-delegation-via-a" "-dns-srv-record-advanced)" msgstr "" #: ../../../docs/howto-server-delegation.md:10 msgid "" "Both methods have their place and will continue to do so. You only need " "to use just one of these delegation methods." msgstr "" #: ../../../docs/howto-server-delegation.md:12 msgid "" "For simplicity reasons, this playbook recommends you to set up server " "delegation via a `/.well-known/matrix/server` file. However, that method " "may have some downsides that are not to your liking. Hence this guide " "about alternative ways to set up Server Delegation." msgstr "" #: ../../../docs/howto-server-delegation.md:14 msgid "" "**Note**: as an alternative, it is possible to install the server such " "that it uses only the `matrix.example.com` domain (instead of identifying" " as the shorter base domain - `example.com`). This should be helpful if " "you are not in control of anything on the base domain (`example.com`). In" " this case, you would not need to configure server delegation, but you " "would need to add other configuration. For more information, see [How do " "I install on matrix.example.com without involving the base " "domain?](faq.md#how-do-i-install-on-matrix-example-com-without-involving-" "the-base-domain) on our FAQ." msgstr "" #: ../../../docs/howto-server-delegation.md:16 msgid "Server Delegation via a well-known file" msgstr "" #: ../../../docs/howto-server-delegation.md:18 msgid "" "This playbook recommends you to set up server delegation by means of a " "`/.well-known/matrix/server` file served from the base domain " "(`example.com`), as this is the most straightforward way to set up the " "delegation." msgstr "" #: ../../../docs/howto-server-delegation.md:20 msgid "" "To configure server delegation with the well-known file, check this " "section on [Configuring Service Discovery via .well-known](configuring-" "well-known.md): [Installing well-known files on the base domain's server" "](configuring-well-known.md#installing-well-known-files-on-the-base-" "domain-s-server)" msgstr "" #: ../../../docs/howto-server-delegation.md:22 msgid "Downsides of well-known-based Server Delegation" msgstr "" #: ../../../docs/howto-server-delegation.md:24 msgid "" "Server Delegation by means of a `/.well-known/matrix/server` file is the " "most straightforward, but suffers from the following downsides:" msgstr "" #: ../../../docs/howto-server-delegation.md:26 msgid "" "you need to have a working HTTPS server for the base domain " "(`example.com`). If you don't have any server for the base domain at all," " you can easily solve it by making the playbook [serve the base domain " "from the Matrix server](configuring-playbook-base-domain-serving.md)." msgstr "" #: ../../../docs/howto-server-delegation.md:28 msgid "" "any downtime on the base domain (`example.com`) or network trouble " "between the Matrix subdomain (`matrix.example.com`) and the base " "`example.com` may cause Matrix Federation outages. As the [Server-Server " "spec says](https://matrix.org/docs/spec/server_server/r0.1.0.html#server-" "discovery):" msgstr "" #: ../../../docs/howto-server-delegation.md:30 msgid "" "Errors are recommended to be cached for up to an hour, and servers are " "encouraged to exponentially back off for repeated failures." msgstr "" #: ../../../docs/howto-server-delegation.md:32 msgid "" "**For most people, this is a reasonable tradeoff** given that it's easy " "and straightforward to set up. We recommend you stay on this path." msgstr "" #: ../../../docs/howto-server-delegation.md:34 msgid "" "Otherwise, you can decide to go against the default for this playbook, " "and instead set up [Server Delegation via a DNS SRV record (advanced" ")](#server-delegation-via-a-dns-srv-record-advanced) (much more " "complicated)." msgstr "" #: ../../../docs/howto-server-delegation.md:36 msgid "Server Delegation via a DNS SRV record (advanced)" msgstr "" #: ../../../docs/howto-server-delegation.md:38 msgid "" "**Note**: doing Server Delegation via a DNS SRV record is a more " "**advanced** way to do it and is not the default for this playbook. This " "is usually **much more complicated** to set up, so **we don't recommend " "it**. If you're not an experienced sysadmin, you'd better stay away from " "this." msgstr "" #: ../../../docs/howto-server-delegation.md:40 msgid "" "As per the [Server-Server " "spec](https://matrix.org/docs/spec/server_server/r0.1.0.html#server-" "discovery), it's possible to do Server Delegation using only a SRV record" " (without a `/.well-known/matrix/server` file)." msgstr "" #: ../../../docs/howto-server-delegation.md:42 msgid "" "This prevents you from suffering the [Downsides of well-known-based " "Server Delegation](#downsides-of-well-known-based-server-delegation)." msgstr "" #: ../../../docs/howto-server-delegation.md:44 msgid "To use DNS SRV record validation, you need to:" msgstr "" #: ../../../docs/howto-server-delegation.md:46 msgid "" "ensure that `/.well-known/matrix/server` is **not served** from the base " "domain, as that would interfere with DNS SRV record Server Delegation. To" " make the playbook **not** generate and serve the file, use the following" " configuration: `matrix_static_files_file_matrix_server_enabled: false`." msgstr "" #: ../../../docs/howto-server-delegation.md:48 msgid "" "ensure that you have a `_matrix._tcp` DNS SRV record for your base domain" " (`example.com`) with a value of `10 0 8448 matrix.example.com`" msgstr "" #: ../../../docs/howto-server-delegation.md:50 msgid "" "ensure that you are serving the Matrix Federation API (tcp/8448) with a " "certificate for `example.com` (not `matrix.example.com`!). Getting this " "certificate to the `matrix.example.com` server may be complicated. The " "playbook's automatic SSL obtaining/renewal flow will likely not work and " "you'll need to copy certificates around manually. See below." msgstr "" #: ../../../docs/howto-server-delegation.md:52 msgid "" "For more details on how to configure the playbook to work with SRV " "delegation, take a look at this documentation: [Server Delegation via a " "DNS SRV record (advanced)](howto-srv-server-delegation.md)" msgstr "" #: ../../../docs/howto-server-delegation.md:54 msgid "Obtaining certificates" msgstr "" #: ../../../docs/howto-server-delegation.md:56 msgid "" "How you can obtain a valid certificate for `example.com` on the " "`matrix.example.com` server is up to you." msgstr "" #: ../../../docs/howto-server-delegation.md:58 msgid "" "If `example.com` and `matrix.example.com` are hosted on the same machine," " you can let the playbook obtain the certificate for you, by following " "our [Obtaining SSL certificates for additional domains](configuring-" "playbook-ssl-certificates.md#obtaining-ssl-certificates-for-additional-" "domains) guide." msgstr "" #: ../../../docs/howto-server-delegation.md:60 msgid "" "If `example.com` and `matrix.example.com` are not hosted on the same " "machine, you can copy over the certificate files manually. Don't forget " "that they may get renewed once in a while, so you may also have to " "transfer them periodically. How often you do that is up to you, as long " "as the certificate files don't expire." msgstr "" #: ../../../docs/howto-server-delegation.md:62 msgid "Serving the Federation API with your certificates" msgstr "" #: ../../../docs/howto-server-delegation.md:64 msgid "" "Regardless of which method for obtaining certificates you've used, once " "you've managed to get certificates for your base domain onto the " "`matrix.example.com` machine you can put them to use." msgstr "" #: ../../../docs/howto-server-delegation.md:66 msgid "Based on your setup, you have different ways to go about it:" msgstr "" #: ../../../docs/howto-server-delegation.md:68 msgid "" "Serving the Federation API with your certificates and Synapse handling " "Federation" msgstr "" #: ../../../docs/howto-server-delegation.md:70 msgid "You can let Synapse handle Federation by itself." msgstr "" #: ../../../docs/howto-server-delegation.md:72 msgid "" "To do that, make sure the certificate files are mounted into the Synapse " "container:" msgstr "" #: ../../../docs/howto-server-delegation.md:79 msgid "" "You can then tell Synapse to serve Federation traffic over TLS on " "`tcp/8448`:" msgstr "" #: ../../../docs/howto-server-delegation.md:87 msgid "" "Make sure to reload Synapse once in a while (`systemctl reload matrix-" "synapse`), so that newer certificates can kick in. Reloading doesn't " "cause any downtime." msgstr "" #: ../../../docs/howto-server-delegation.md:89 msgid "Serving the Federation API with your certificates and another webserver" msgstr "" #: ../../../docs/howto-server-delegation.md:91 msgid "" "**Alternatively**, if you are using another webserver, you can set up " "reverse-proxying for the `tcp/8448` port by yourself. Make sure to use " "the proper certificates for `example.com` (not for `matrix.example.com`) " "when serving the `tcp/8448` port." msgstr "" #: ../../../docs/howto-server-delegation.md:93 msgid "" "As recommended in our [Fronting the integrated reverse-proxy webserver " "with another reverse-proxy](./configuring-playbook-own-webserver.md" "#fronting-the-integrated-reverse-proxy-webserver-with-another-reverse-" "proxy) documentation section, we recommend you to expose the Matrix " "Federation entrypoint from traffic at a local port (e.g. " "`127.0.0.1:8449`), so your reverese-proxy should send traffic there." msgstr ""