start.sh 4.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158
  1. #!/usr/bin/env bash
  2. DIR="$( cd "$( dirname "$0" )" && pwd )"
  3. CWD=$(pwd)
  4. cd "$DIR/.."
  5. mkdir -p demo/etc
  6. export PYTHONPATH=$(readlink -f $(pwd))
  7. echo $PYTHONPATH
  8. for port in 8080 8081 8082; do
  9. echo "Starting server on port $port... "
  10. https_port=$((port + 400))
  11. mkdir -p demo/$port
  12. pushd demo/$port
  13. #rm $DIR/etc/$port.config
  14. python3 -m synapse.app.homeserver \
  15. --generate-config \
  16. -H "localhost:$https_port" \
  17. --config-path "$DIR/etc/$port.config" \
  18. --report-stats no
  19. if ! grep -F "Customisation made by demo/start.sh" -q $DIR/etc/$port.config; then
  20. printf '\n\n# Customisation made by demo/start.sh\n' >> $DIR/etc/$port.config
  21. echo "public_baseurl: http://localhost:$port/" >> $DIR/etc/$port.config
  22. echo 'enable_registration: true' >> $DIR/etc/$port.config
  23. # Warning, this heredoc depends on the interaction of tabs and spaces. Please don't
  24. # accidentaly bork me with your fancy settings.
  25. listeners=$(cat <<-PORTLISTENERS
  26. # Configure server to listen on both $https_port and $port
  27. # This overides some of the default settings above
  28. listeners:
  29. - port: $https_port
  30. type: http
  31. tls: true
  32. resources:
  33. - names: [client, federation]
  34. - port: $port
  35. tls: false
  36. bind_addresses: ['::1', '127.0.0.1']
  37. type: http
  38. x_forwarded: true
  39. resources:
  40. - names: [client, federation]
  41. compress: false
  42. PORTLISTENERS
  43. )
  44. echo "${listeners}" >> $DIR/etc/$port.config
  45. # Disable tls for the servers
  46. printf '\n\n# Disable tls on the servers.' >> $DIR/etc/$port.config
  47. echo '# DO NOT USE IN PRODUCTION' >> $DIR/etc/$port.config
  48. echo 'use_insecure_ssl_client_just_for_testing_do_not_use: true' >> $DIR/etc/$port.config
  49. echo 'federation_verify_certificates: false' >> $DIR/etc/$port.config
  50. # Set tls paths
  51. echo "tls_certificate_path: \"$DIR/etc/localhost:$https_port.tls.crt\"" >> $DIR/etc/$port.config
  52. echo "tls_private_key_path: \"$DIR/etc/localhost:$https_port.tls.key\"" >> $DIR/etc/$port.config
  53. # Generate tls keys
  54. openssl req -x509 -newkey rsa:4096 -keyout $DIR/etc/localhost\:$https_port.tls.key -out $DIR/etc/localhost\:$https_port.tls.crt -days 365 -nodes -subj "/O=matrix"
  55. # Ignore keys from the trusted keys server
  56. echo '# Ignore keys from the trusted keys server' >> $DIR/etc/$port.config
  57. echo 'trusted_key_servers:' >> $DIR/etc/$port.config
  58. echo ' - server_name: "matrix.org"' >> $DIR/etc/$port.config
  59. echo ' accept_keys_insecurely: true' >> $DIR/etc/$port.config
  60. # Reduce the blacklist
  61. blacklist=$(cat <<-BLACK
  62. # Set the blacklist so that it doesn't include 127.0.0.1, ::1
  63. federation_ip_range_blacklist:
  64. - '10.0.0.0/8'
  65. - '172.16.0.0/12'
  66. - '192.168.0.0/16'
  67. - '100.64.0.0/10'
  68. - '169.254.0.0/16'
  69. - 'fe80::/64'
  70. - 'fc00::/7'
  71. BLACK
  72. )
  73. echo "${blacklist}" >> $DIR/etc/$port.config
  74. fi
  75. # Check script parameters
  76. if [ $# -eq 1 ]; then
  77. if [ $1 = "--no-rate-limit" ]; then
  78. # Disable any rate limiting
  79. ratelimiting=$(cat <<-RC
  80. rc_message:
  81. per_second: 1000
  82. burst_count: 1000
  83. rc_registration:
  84. per_second: 1000
  85. burst_count: 1000
  86. rc_login:
  87. address:
  88. per_second: 1000
  89. burst_count: 1000
  90. account:
  91. per_second: 1000
  92. burst_count: 1000
  93. failed_attempts:
  94. per_second: 1000
  95. burst_count: 1000
  96. rc_admin_redaction:
  97. per_second: 1000
  98. burst_count: 1000
  99. rc_joins:
  100. local:
  101. per_second: 1000
  102. burst_count: 1000
  103. remote:
  104. per_second: 1000
  105. burst_count: 1000
  106. rc_3pid_validation:
  107. per_second: 1000
  108. burst_count: 1000
  109. rc_invites:
  110. per_room:
  111. per_second: 1000
  112. burst_count: 1000
  113. per_user:
  114. per_second: 1000
  115. burst_count: 1000
  116. RC
  117. )
  118. echo "${ratelimiting}" >> $DIR/etc/$port.config
  119. fi
  120. fi
  121. if ! grep -F "full_twisted_stacktraces" -q $DIR/etc/$port.config; then
  122. echo "full_twisted_stacktraces: true" >> $DIR/etc/$port.config
  123. fi
  124. if ! grep -F "report_stats" -q $DIR/etc/$port.config ; then
  125. echo "report_stats: false" >> $DIR/etc/$port.config
  126. fi
  127. python3 -m synapse.app.homeserver \
  128. --config-path "$DIR/etc/$port.config" \
  129. -D \
  130. popd
  131. done
  132. cd "$CWD"