Branch: bbz/info-mainline-1.24.0

anoa/3pid_check_invite_exemption

anoa/admin_room_account_data

anoa/allow_admins_delist_as_rooms

anoa/as_edu_fixes

anoa/backfill_release

anoa/bbb

anoa/bla

anoa/blablabla

anoa/blacklist_ip_ranges

anoa/blah

anoa/bundle_aggregations_state

anoa/client_secret_ios_test

anoa/content_length_header_none

anoa/create_room_cleanup

anoa/custom_room_presets

anoa/debug_gcc

anoa/debug_poetry

anoa/debug_push

anoa/delete_format_tap

anoa/deprecate_no_device_access_tokens

anoa/devenv

anoa/device_sql_v2

anoa/doc_hierarchy

anoa/docs_header_margin

anoa/docs_version_picker

anoa/dpkg_force

anoa/e2e_as

anoa/e2e_as_device_lists_go

anoa/e2e_as_internal_testing

anoa/e2e_as_new

anoa/e2e_as_room_stream_token_new

anoa/e2e_as_to_device_deletion

anoa/e2e_as_to_device_dirty

anoa/fix_event_return_code

anoa/fix_format_strings

anoa/get_users_in_room_debugging

anoa/halfy_try_this

anoa/halp

anoa/hs_password_reset

anoa/info-mainline-no-check-password-reset-backport

anoa/install_docs

anoa/knock

anoa/leave_rooms_on_forget

anoa/legacy_login_medium

anoa/locally_rejected_invites_fix

anoa/log_11772

anoa/log_exceptions_async_json

anoa/logcontext_warning

anoa/mass_redactions

anoa/mdbook_ci_versions

anoa/migrate_flake

anoa/module_api_callbacks_split

anoa/module_api_federation_requests

anoa/module_api_full_presence_fix_wip

anoa/morgan.software

anoa/move_db_schema_migration

anoa/msc2229

anoa/msc2403_cleanup

anoa/msc3391_future

anoa/msc3480

anoa/msc_1711

anoa/mypy_sqlite3_check

anoa/new_cache

anoa/newsfragment_info

anoa/nix_dev_env_ci

anoa/nix_flake_22.11

anoa/pass_all_users_to_as_edu

anoa/presence_events_as_set

anoa/presence_hook_temp

anoa/presence_join_fix_mkii

anoa/presence_speedups

anoa/public_rooms_module_api

anoa/public_rooms_module_api_backup

anoa/ratelimit_config_perf_wip

anoa/redirect_instances

anoa/regression_proof

anoa/remove_return_parans

anoa/remove_smtp_docker_functionality

anoa/remove_trailing_slashes

anoa/rooms_for_as_edu_handler

anoa/simple_delete_all

anoa/synapse_coap_proxy

anoa/synapse_proxy

anoa/tag_transfer_logging

anoa/temp_working_cache_config

anoa/test

anoa/test_me

anoa/test_to_device

anoa/test_update_presence

anoa/testbla

anoa/testit

anoa/threepid_unbind_callback

anoa/typehint_tests_utils

anoa/typehint_tests_utils_backup

anoa/unread_notif_count

anoa/unsecure_port

anoa/update_upsert_many_test_case

anoa/user_deactivated_code

anoa/user_param_ui_auth

anoa/v2_is

anoa/v2_lookup

anoa/widgets_room_upgrade

anoa/worker_types_phase_1

azren/compressor_integration

azren/port_saml2_mapping_providers

babolivier/avatar_restriction

babolivier/low-bandwidth

babolivier/mau_cache

babolivier/mau_sn_invite

babolivier/media_api_docstring

babolivier/msc3881_device_id_tmp

babolivier/rewrite_is_url

babolivier/sign_json_module

babolivier/sonar_coverage

babolivier/username_reg_v2

bbz/info-mainline-1.15

bbz/info-mainline-1.20.0

bbz/info-mainline-1.20.1

bbz/info-mainline-1.21.2

bbz/info-mainline-1.24.0

bbz/info-mainline-1.27.0

bbz/info-mainline2

bwindels-pep517-instructions

bwindels/adminapibeforepy277

bwindels/registerasregularuser

clokep/blacklisting-endpoint

clokep/bs4

clokep/datastore-rejigger

clokep/db-upgrades

clokep/erikj/rust_lru_cache

clokep/http-conn-pool

clokep/lm

clokep/morg-readme

clokep/no-tcp-repl

clokep/oembed-and-html

clokep/psycopg3

clokep/psycopg3-driver

clokep/push-parallel-2

clokep/push-rule-tags

clokep/ranged-read-receipts-poc

clokep/schema-validate

clokep/setuptools-rust-pyproject

clokep/stable-threads

clokep/statement-timeout

clokep/test-redis

clokep/thread-poc

dbkr/3pid_verification_logging

dbkr/media_erasure

dbkr/room_notifs_use_fakeurl

dbkr/saml_auth0_test

dbkr/saml_custom_attestations

dependabot/cargo/anyhow-1.0.82

dependabot/cargo/log-0.4.21

dependabot/cargo/pyo3-0.20.3

dependabot/cargo/serde-1.0.198

dependabot/cargo/serde_json-1.0.116

dependabot/github_actions/JasonEtco/create-an-issue-2.9.2

dependabot/github_actions/actions/cache-4

dependabot/github_actions/dawidd6/action-download-artifact-3.1.4

dependabot/github_actions/peaceiris/actions-gh-pages-4.0.0

dependabot/github_actions/peaceiris/actions-mdbook-2.0.0

dependabot/pip/black-24.3.0

dependabot/pip/gitpython-3.1.41

dependabot/pip/idna-3.7

dependabot/pip/immutabledict-4.2.0

dependabot/pip/jinja2-3.1.3

dependabot/pip/pillow-10.3.0

develop

dinsic

dinsic_2019-04-05_hotfix

dinsic_anoa/public_rooms

dmr/arm-wheels

dmr/complement-refreshing-tokens-lifetime

dmr/cut-schema

dmr/debug-check-deps

dmr/deflake/TestWriteMDirectAccountData

dmr/docs-tidy

dmr/faster-joins-leave-during-resync

dmr/fix-latest-deps-mypy

dmr/fix-mac-wheels

dmr/gotestfmt-tweak

dmr/help-erik-project-graphql

dmr/importlib-dep-2

dmr/key-requests-from-fed-senders

dmr/log-exceptions-in-tests

dmr/missing_to_device

dmr/oidc-config-pydantic

dmr/poetry-pieces

dmr/pyproject-poetry

dmr/pypy-wheels

dmr/rate-limit-remote-joins

dmr/reject-null-codepoints-user-dir

dmr/release-script-tweaks

dmr/restrict_outbound_federation

dmr/return-request-id

dmr/revert-fts-changes-on-hotfix

dmr/review-hotfixes

dmr/stateres/auth_difference_computation

dmr/stateres/debug

dmr/storage-inheritance-script

dmr/synapse.logging-typing

dmr/sync-tidy-3

dmr/test-mypy-zope-92

dmr/test-poetry-ci

dmr/trim-inheritance

dmr/try-black-cache

dmr/typing/run-interaction

dmr/typing/storage/cache

dmr/typing/tests-server

dmr/typing/tests.util.caches

dmr/typing/tests2

dmr/typing/wip

dmr/unblock-catchup

dmr/unblock-catchup-2

dmr/unhashable-eventbase

dmr/user-dir/dont-remove-local-users

dmr/validate-keys-upload

dmr/warn-missing-metadata

erik-hackery

erikj/acl_perf

erikj/appservice_state

erikj/arm_docker_cache

erikj/as_user_cache

erikj/backfill_fix

erikj/bloom_doorkeeper

erikj/cache_memory_usage

erikj/cache_overrides

erikj/cache_tracking

erikj/check_alias

erikj/chunk_pag_2

erikj/chunk_pag_3

erikj/chunk_pag_4

erikj/chunk_pagination

erikj/chunks_backwards

erikj/chunks_bg_update

erikj/chunks_pagination_token

erikj/chunks_stern

erikj/compact_event

erikj/context_cpu_timing

erikj/create_room_ratelimit

erikj/debug_direct_message_checks

erikj/debug_hs

erikj/device_list_changes_perf

erikj/device_list_sync_update

erikj/disable_catchup_to_hq

erikj/efficient_host_query

erikj/epa_delete

erikj/event_cleanup

erikj/event_rs

erikj/event_token_type

erikj/events_store

erikj/exemplars

erikj/extremeties_txn

erikj/faster_json_response

erikj/faster_purge

erikj/federation_proxy

erikj/file_api

erikj/filter_speed2

erikj/fix_port_script

erikj/fix_remote_join_predecessor

erikj/fix_things

erikj/fix_wait_for_stream

erikj/fixes_batch

erikj/fixup_autotuning_config

erikj/gc_freeze_on_start

erikj/get_domain_from_id

erikj/gha_auto_fixup

erikj/handle_invalid_images

erikj/hope_ratelimit

erikj/initial_sync_perf

erikj/jaeger_measure

erikj/join_logging

erikj/krkn

erikj/less_state_membership

erikj/less_state_on_missing

erikj/log_state_v2

erikj/login_token

erikj/many_edu_logging

erikj/mem_limit_caches

erikj/merge_cache_prs

erikj/minor_auth_chain_perf_improvements

erikj/modular_1.3.2_prerelease

erikj/move_base_store

erikj/move_events

erikj/mypy_ci_speed

erikj/new_profile

erikj/notifier_debug

erikj/only_send_latest_events

erikj/opentracing_db_measure

erikj/paginate_sync

erikj/paranoia_logging

erikj/perf_get_room_members

erikj/perf_room_members_fix

erikj/persist_event_perf

erikj/persisted_upto_command

erikj/profile_rununtilconcurrent

erikj/puppet_tokens

erikj/push_hack

erikj/push_rule_eval_speedup

erikj/py312_asyncio

erikj/pypy

erikj/release_script

erikj/remove_auth_difference_code

erikj/remove_event_auth

erikj/remove_send_queue

erikj/repl_http_timeout

erikj/repl_merge_client_server

erikj/restart_on_explode

erikj/room_chunks

erikj/room_member_worker

erikj/rust_http

erikj/rust_lru_cache

erikj/rust_push_evaluator

erikj/separate_event_creation

erikj/shard_persister

erikj/slow_sync_diag

erikj/smoother

erikj/split_out_fed_stream

erikj/sqlite_min_version

erikj/state_delta_writeup

erikj/state_fast_path

erikj/state_res_v2.1_clousre

erikj/stateless_contexts

erikj/stream_position

erikj/synapse_server_refactor

erikj/test_fixup

erikj/test_old_dep_postgres

erikj/test_send

erikj/tests_move_events

erikj/theseus

erikj/timings

erikj/track_cpu_usage_of_txns

erikj/tree_cache

erikj/tree_cache_typing

erikj/urlencode_paths

erikj/weakref_events

erikj/worker_can_read_streams

erikj/worker_proxy

erikj/workers

experimental2

fosdem-2021

function_tracer

get_state_groups-perf

gh-pages

hawkowl/fsb

hhs-9/hs/log-mods

hotfixes-v0.18.5

hs/allow-as-login

hs/as-server-banlist

hs/as-synthetic-events

hs/deactivate-leave-metadata

hs/default_emails_to_use

hs/hacked-together-event-cache

hs/limit-profile-len

hs/log-unknown-room

hs/many-joined-members

hs/presence-caps

hs/push-reports-to-as

hs/sssh-testing-redis-things

hs/super-wip-edus-down-sync

hs/synapse-as-v1-endpoints

hs/use-malloc-in-docker

hughns/http-listener-cors-response-headers

hughns/msc3882-unstable-r1

hughns/remove-unstable-msc3882

hughns/stable-msc3882-default

improve-sync-delete-device-msgs

initial_sync_perf

jaywink/build-test

jaywink/gitter

jaywink/rav/optimise_maybe_backfill

jaywink/release-v1.77-f09db5c9918b6aaeb1f53ab4fac3a7f05f512c5f

jaywink/v1.74.0-py311

jaywink/v1.91.0-patches

jcgruenhage/nuke-users_who_share_rooms

joriks/3pid_comment_discrepancy

joriks/3pid_config_args

joriks/clearer_logging_file_origin

joriks/config_util

joriks/exit_code_fix

joriks/opentracing_e2e

joriks/opentracing_missing_servlet_wrappers

joriks/opentracing_span_conscription

joriks/opentracing_to_device_messages

joriks/opentracing_trace_sendtime

joriks/opentracing_user

joriks/synctl_config_dir

joriks/uisi_fix_with_opentracing

jryans/3pid-unbind-unstable

jryans/email-sid

jryans/logcontext-spam

jryans/push-rule-reactions

kegan/enable-dirty-runs

luke/get-admins-in-group-first

maddlittlemods/msc2716-many-batches-optimization

madlitlemods/can-we-work-with-less-state

madlittlemods/11025-fix-user-directory-throwing-exception-when-interacting-with-appservice-sender

madlittlemods/11300-refactor-backfilled-pt1

madlittlemods/11850-migrate-to-opentelemetry

madlittlemods/13356-messages-investigation-scratch-v1

madlittlemods/13685-correlate-traces-when-cf-times-out

madlittlemods/13856-scratch-have-seen-event-monolith-invalidation

madlittlemods/14108-optimize-filter_events_for_client

madlittlemods/15603-fix-literal-type

madlittlemods/15657-export-synapse-version-as-metric

madlittlemods/FederationDeniedError-is-not-SynapseError

madlittlemods/add-stable-unstable-version-for-jump-to-date

madlittlemods/appservice-interested-in-local-and-remote

madlittlemods/deflake-msc3030-backfill-test-with-workers

madlittlemods/document-benefit-for-event_id-room_id-pair-for-purging

madlittlemods/event_id_always_failed_to_fetch

madlittlemods/fix-proxy-tls

madlittlemods/gitter-patch-ignore-our-own-events

madlittlemods/msc2716-resolve-state-for-all-historical-events

madlittlemods/msc2716-room-capabilities

madlittlemods/msc3030-backfill-at-remote-event-fetched

madlittlemods/no-more-floating-msc2716-batches

madlittlemods/optimize-have_seen_events

madlittlemods/optimize-msc2716-v1

madlittlemods/re-use-work-to-grab-state-from-previous-group

madlittlemods/register-lower-case-version-of-mxid

madlittlemods/remove-current-state-events-join-from-queries-to-grab-profile-info

madlittlemods/remove-sqlite-tech-debt-in_get_state_groups_from_groups_txn

madlittlemods/response-time-buckets

madlittlemods/simplify-_count_known_servers

madlittlemods/test-backfill-and-messages-still-works-with-many-batches

madlittlemods/use-rust-jaeger-python-client

markjh/event_auth

markjh/split_pusher

markjh/synchrotron

master

matrix-org-hotfixes

matrix-org-hotfixes-identity

matrix-org-hotfixes-refactor

matrix-org-hotfixes-tcp-repl

matrix-org/fix_event_sig_checks

matthew/as_ts

matthew/bodge_device_update_dos

matthew/configurable_default_pl

matthew/custom-edus

matthew/delegate_register

matthew/disable-ll-on-incr-syncs

matthew/e2e_backups

matthew/encrypt-for-invited-users

matthew/fix-4329

matthew/fix-log-redaction

matthew/fix-roomdir-pagination

matthew/fix_filtered_types_in_current_state

matthew/fix_overzealous_ll_state

matthew/free_mau

matthew/free_mau_alt

matthew/heroes-for-avatars

matthew/hide-public-rooms

matthew/ignore-rogue-events

matthew/improve_get_users_in_room_cache_for_as

matthew/lazy_load_yourself

matthew/logging-memleak

matthew/no-as-ratelimit-for-noop-joins

matthew/red_list

matthew/room-summary-on-invites

matthew/sample-config

matthew/shadow-server

matthew/speed-up-dedup

matthew/stats

michaelk/be_liberal_with_info_api

michaelk/remove_log_error_well-known_client

michaelkaye/add_to_dockerignore

michaelkaye/configure_structured_logging

michaelkaye/dinsic_rewrite_identity_server_urls

michaelkaye/docker_optionall_suexec

michaelkaye/link_to_federation_docs

michaelkaye/make_hash_password_clearer

michaelkaye/matrix_org_hotfixes_increase_replication_timeout

michaelkaye/merge_0-33_to_dinsic

michaelkaye/rearrange_docker

michaelkaye/remove_warning

michaelkaye/synapse.storage.TIME_log_level

michaelkaye/synapse_config_check

mv/add-mxid-validation-log

mv/batch-partial-states-lookups-more

mv/cago-test-skippable

mv/complement-pg-data

mv/increase-timeout-joins

mv/key_request_limit

mv/msc3944

mv/mypy-unused-awaitable

mv/non-ll-sync-fast-join

mv/parse-duration

mv/purge-room-when-forgotten-wip

mv/synapse_worker_docker

mv/sync-to-device-limit

mv/test-account-validity

mv/unbind-callback

neilj/1.0-upgrade-notes

neilj/1711faq

neilj/add-r0.5-to-versions

neilj/add_rel_attr_to_index

neilj/add_ua_to_udv_table

neilj/batch-unsert-mau-users

neilj/context_parameter

neilj/default-room-version-v4

neilj/disable-mau-alerting-for-small-instances

neilj/drop_tables_in_1830

neilj/fix_4229

neilj/fix_broken_registration_test

neilj/fix_check_threepid_for_msisdns

neilj/fix_double_counting_mau_reaping

neilj/fix_mau_initial_reserved_users

neilj/fix_trailing_slashes

neilj/improve-federation-docs

neilj/improve_logg_for_4239

neilj/mau-tracking-config-explainer

neilj/mau_phonehome

neilj/notary_server_warning

neilj/readme-wellknown

neilj/remove_logging_password

neilj/update_limits_error_codes

paul/SYN-560

paul/schema_breaking_changes

pr/9803

pull/3184/merge

quenting/fix-device-deletion

quenting/hotfix-delegated-auth-admin

rav/drop_event_edges_cols

rav/drop_state_events

rav/faster_joins/work

rav/log_invalid_bodies

rav/out_of_keys_claims

rav/sw1v-hotfixes

readme-client-link-fix

rei/1.50.1_viztracer

rei/12281_reproduce

rei/2528_catchup_fed_outage

rei/429s_in_msc3878_conflict

rei/DEMO-test-logging-noise

rei/TOOLS/workers_setup

rei/admin_setadmin

rei/ci_par_4

rei/complement_workers_knives_and_forks

rei/cwas_extension

rei/dev-lsp

rei/df_sync_sentinel

rei/docker_workers_for_testing

rei/efv_as_enum

rei/fetch_evt_report_slight_query_optimi

rei/fix_hotserve_breakage

rei/flake

rei/flake_gcc

rei/flake_gcc_etc

rei/forget_nobody_warn

rei/fork_comp-worker-shorthand

rei/frrj_safecomponent_prevevents

rei/grafana_fix_request_times

rei/gsgfg

rei/gsgfg2

rei/improve_debuggability_docker_ghost

rei/jumptodate_statement_limit

rei/librepush.net-stcache

rei/logging_1_64_0_ic1294

rei/lpnet

rei/lt_launch

rei/measure_servlet_time

rei/modapi_gg_stricter_types

rei/moh-commit_span

rei/moh-orjson-replication

rei/not_null_drop_indices_after

rei/p/2021-12-29_develop_PLUS_msc3202_otks_fbks

rei/p/stcache

rei/p/stcache-1.57

rei/phonehome_r30_tests

rei/psql_lint_ensure_pkey

rei/room_dir

rei/room_stats_dodgy_if

rei/room_stats_separated

rei/room_stats_total_events

rei/roomdir_alt

rei/rss_inc1

rei/rss_inc2

rei/rss_inc3

rei/rss_inc4

rei/rss_inc5

rei/rss_inc6

rei/rss_inc7

rei/rss_target

rei/selective_scalene

rei/strict_json_types

rei/synwork_TestMembersLocal

rei/synwork_TestSendPartialJoinState

rei/synwork_rr_join_flake

rei/testignore

rei/type_tlcfc

rei/update_client_ips_bgw_de1

rei/userdirpriv3_queue_to_refresh_initialpop

rei/uvloop

rei/worker_endpoint_factory

release-v0.12.0

release-v0.12.1

release-v0.14.0

release-v0.18.5

release-v0.19.0

release-v0.19.1

release-v0.19.2

release-v0.19.3

release-v0.20.0

release-v0.21.0

release-v0.22.0

release-v0.23.0

release-v0.24.0

release-v0.24.1

release-v0.25.0

release-v0.25.1

release-v0.26.0

release-v0.27.0

release-v0.28.0-rc1

release-v0.28.1

release-v0.29.0

release-v0.30.0

release-v0.31.0

release-v0.31.1

release-v0.31.2

release-v0.32.0

release-v0.32.1

release-v0.32.2

release-v0.33.0

release-v0.33.1

release-v0.33.2

release-v0.33.2.1

release-v0.33.3

release-v0.33.3.1

release-v0.33.4

release-v0.33.5

release-v0.33.5.1

release-v0.33.6

release-v0.33.7

release-v0.33.8

release-v0.33.9

release-v0.34.0

release-v0.34.0.1

release-v0.34.1

release-v0.34.1.1

release-v0.9.4

release-v0.99.0

release-v0.99.1

release-v0.99.2

release-v0.99.3

release-v0.99.3.1

release-v0.99.3.2

release-v0.99.4

release-v0.99.5

release-v1.0.0

release-v1.1.0

release-v1.10.0

release-v1.10.1

release-v1.11.0

release-v1.11.1

release-v1.12.0

release-v1.12.1

release-v1.12.2

release-v1.12.3

release-v1.12.4

release-v1.13.0

release-v1.14.0

release-v1.15.0

release-v1.15.1

release-v1.15.2

release-v1.16.0

release-v1.16.1

release-v1.17.0

release-v1.18.0

release-v1.19.0

release-v1.19.1

release-v1.19.2

release-v1.19.3

release-v1.2.0

release-v1.2.1

release-v1.20.0

release-v1.20.1

release-v1.21.0

release-v1.21.1

release-v1.21.2

release-v1.21.3

release-v1.22.0

release-v1.22.1

release-v1.23.0

release-v1.23.1

release-v1.24.0

release-v1.25.0

release-v1.26.0

release-v1.27.0

release-v1.28.0

release-v1.29.0

release-v1.3.0

release-v1.3.1

release-v1.30.0

release-v1.30.1

release-v1.31.0

release-v1.32.0

release-v1.32.1

release-v1.32.2

release-v1.33.0

release-v1.33.1

release-v1.33.2

release-v1.34.0

release-v1.35

release-v1.35.0

release-v1.36

release-v1.37

release-v1.38

release-v1.39

release-v1.4.0

release-v1.4.1

release-v1.40

release-v1.41

release-v1.42

release-v1.43

release-v1.44

release-v1.45

release-v1.46

release-v1.47

release-v1.48

release-v1.49

release-v1.5.0

release-v1.5.1

release-v1.50

release-v1.51

release-v1.52

release-v1.53

release-v1.54

release-v1.55

release-v1.56

release-v1.57

release-v1.58

release-v1.59

release-v1.6.0

release-v1.6.1

release-v1.60

release-v1.61

release-v1.62

release-v1.63

release-v1.64

release-v1.65

release-v1.66

release-v1.67

release-v1.68

release-v1.69

release-v1.7.0

release-v1.7.1

release-v1.7.1_modular_profile_hotfix

release-v1.7.2

release-v1.7.3

release-v1.70

release-v1.71

release-v1.72

release-v1.73

release-v1.74

release-v1.75

release-v1.76

release-v1.77

release-v1.78

release-v1.79

release-v1.8.0

release-v1.80

release-v1.81

release-v1.82

release-v1.83

release-v1.84

release-v1.85

release-v1.86

release-v1.87

release-v1.88

release-v1.89

release-v1.9.0

release-v1.9.1

release-v1.90

release-v1.91

release-v1.91.0

release-v1.92

release-v1.93

release-v1.94

release-v1.95

release-v1.96

release-v1.97

release-v1.98

revert-14404-partial-join-filter-non-local

revert-2037-fix_readme_centos_issues

room-publishing

shay/add_check_constraint

shay/add_types_opentracing.py

shay/batch_membership_event

shay/batch_state_groups

shay/dh-poetry

shay/experimental_flags_part_2

shay/fix_batch_history

shay/fix_dependency

shay/fix_git_hx_batch

shay/fix_sqlite

shay/more_batching

shay/more_no_read

shay/mx_map_to_module

shay/pyupgrade

shay/ratelimit

shay/remove_trust_id_server

shay/revoke_token

shay/rework_module

shay/stop_writing_user_id

shay/super_docs

shhs

squah/add_endpoint_cancellation_flag

squah/cancel_disconnected_requests

squah/expand_localpart_columns_1

squah/faster_room_joins_handle_second_join_while_resyncing

squah/faster_room_joins_unblock_lazy_loading_sync_1

squah/faster_room_joins_unblock_lazy_loading_sync_2

squah/leave_space_admin_api

squah/pyproject-poetry-contribs

squah/test_device_list_tracking

squah/trial_memory_leak_tracking

squah/unrevert-fts-changes-on-hotfix

t3chguy/do_not_create_room_invalid_power_level_content_override

t3chguy/fix_contains-url_filtering

t3chguy/hide-join-parts

tc-disrupt-london-midi

toml/keycloak_hints

travis/alt-todev-masq-otk-fbkey

travis/fake-soft-logout

travis/fix-stuck-invites

travis/fosdem/admin-api-groups

travis/fosdem/hotfixes

travis/group-admin

travis/hidden_rr

travis/intentional-timeout

travis/nullable-relation

travis/saml-dev-docs

ts/spam-errors

uhoreg/cross_signing_bulk

uhoreg/dehydration_release

uhoreg/e2e_backup_hash

uhoreg/e2e_cross-signing

uhoreg/e2e_cross-signing2

v1.23.1-multiarch

v1.24.0-multiarch

yoric/throttling-invites-doc

Using a reverse proxy with Synapse

It is recommended to put a reverse proxy such as nginx, Apache, Caddy or HAProxy in front of Synapse. One advantage of doing so is that it means that you can expose the default https port (443) to Matrix clients without needing to run Synapse with root privileges.

NOTE: Your reverse proxy must not canonicalise or normalise the requested URI in any way (for example, by decoding %xx escapes). Beware that Apache will canonicalise URIs unless you specify nocanon.

When setting up a reverse proxy, remember that Matrix clients and other Matrix servers do not necessarily need to connect to your server via the same server name or port. Indeed, clients will use port 443 by default, whereas servers default to port 8448. Where these are different, we refer to the 'client port' and the 'federation port'. See the Matrix specification for more details of the algorithm used for federation connections, and delegate.md for instructions on setting up delegation.

Endpoints that are part of the standardised Matrix specification are located under /_matrix, whereas endpoints specific to Synapse are located under /_synapse/client.

Let's assume that we expect clients to connect to our server at https://matrix.example.com, and other servers to connect at https://example.com:8448. The following sections detail the configuration of the reverse proxy and the homeserver.

Reverse-proxy configuration examples

NOTE: You only need one of these.

nginx

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    # For the federation port
    listen 8448 ssl default_server;
    listen [::]:8448 ssl default_server;

    server_name matrix.example.com;

    location ~* ^(\/_matrix|\/_synapse\/client) {
        proxy_pass http://localhost:8008;
        proxy_set_header X-Forwarded-For $remote_addr;
        # Nginx by default only allows file uploads up to 1M in size
        # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
        client_max_body_size 50M;
    }
}

NOTE: Do not add a path after the port in proxy_pass, otherwise nginx will canonicalise/normalise the URI.

Caddy 1

matrix.example.com {
  proxy /_matrix http://localhost:8008 {
    transparent
  }

  proxy /_synapse/client http://localhost:8008 {
    transparent
  }
}

example.com:8448 {
  proxy / http://localhost:8008 {
    transparent
  }
}

Caddy 2

matrix.example.com {
  reverse_proxy /_matrix/* http://localhost:8008
  reverse_proxy /_synapse/client/* http://localhost:8008
}

example.com:8448 {
  reverse_proxy http://localhost:8008
}

Apache

<VirtualHost *:443>
    SSLEngine on
    ServerName matrix.example.com;

    AllowEncodedSlashes NoDecode
    ProxyPass /_matrix http://127.0.0.1:8008/_matrix nocanon
    ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix
    ProxyPass /_synapse/client http://127.0.0.1:8008/_synapse/client nocanon
    ProxyPassReverse /_synapse/client http://127.0.0.1:8008/_synapse/client
</VirtualHost>

<VirtualHost *:8448>
    SSLEngine on
    ServerName example.com;

    AllowEncodedSlashes NoDecode
    ProxyPass /_matrix http://127.0.0.1:8008/_matrix nocanon
    ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix
</VirtualHost>

NOTE: ensure the nocanon options are included.

NOTE 2: It appears that Synapse is currently incompatible with the ModSecurity module for Apache (mod_security2). If you need it enabled for other services on your web server, you can disable it for Synapse's two VirtualHosts by including the following lines before each of the two </VirtualHost> above:

<IfModule security2_module>
    SecRuleEngine off
</IfModule>

HAProxy

frontend https
  bind :::443 v4v6 ssl crt /etc/ssl/haproxy/ strict-sni alpn h2,http/1.1

  # Matrix client traffic
  acl matrix-host hdr(host) -i matrix.example.com
  acl matrix-path path_beg /_matrix
  acl matrix-path path_beg /_synapse/client

  use_backend matrix if matrix-host matrix-path

frontend matrix-federation
  bind :::8448 v4v6 ssl crt /etc/ssl/haproxy/synapse.pem alpn h2,http/1.1
  default_backend matrix

backend matrix
  server matrix 127.0.0.1:8008

Homeserver Configuration

You will also want to set bind_addresses: ['127.0.0.1'] and x_forwarded: true for port 8008 in homeserver.yaml to ensure that client IP addresses are recorded correctly.

Having done so, you can then use https://matrix.example.com (instead of https://matrix.example.com:8448) as the "Custom server" when connecting to Synapse from a client.

Health check endpoint

Synapse exposes a health check endpoint for use by reverse proxies. Each configured HTTP listener has a /health endpoint which always returns 200 OK (and doesn't get logged).

Synapse administration endpoints

Endpoints for administering your Synapse instance are placed under /_synapse/admin. These require authentication through an access token of an admin user. However as access to these endpoints grants the caller a lot of power, we do not recommend exposing them to the public internet without good reason.

reverse_proxy.md 5.3 KB Permalink History Raw