+-------------------------------------------------------------------------------
| Running ${PKGSTEM} on OpenBSD
+-------------------------------------------------------------------------------

Generate a config
=================

As root (or _synapse), go into ${LOCALSTATEDIR}/synapse, then use
doas -u _synapse ${MODPY_BIN} -m synapse.app.homeserver \
	-c ${LOCALSTATEDIR}/synapse/homeserver.yaml --generate-config \
	--server-name matrix.example.com --report-stats=no \
	--keys-directory ${LOCALSTATEDIR}/synapse

Register a user
===============
doas -u _synapse \
	${PREFIX}/bin/register_new_matrix_user \
	-c ${LOCALSTATEDIR}/synapse/homeserver.yaml \
	http://localhost:8008

Updating the database after an upgrade
======================================
On startup, synapse will fail to start if the database schema is too old.
So, after an upgrade of synapse, you should update the database.
It can be done with a command like this one:
doas -u _synapse ${PREFIX}/bin/update_synapse_database \
	--database-config /var/synapse/homeserver.yaml \
	--run-background-updates

Configuration with TLS
======================

By default, synapse will run without TLS on localhost:8008
This means that you will not be able to connect to your server remotely.
The best way to achieve remote connectivity is through a reverse proxy.

Here is a relayd.conf(5) example:

  http protocol synapse {
    match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
    match request header append "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT"

    tls keypair "matrix.example.com"

    match request header set "Connection" value "close"
  }

  relay "synapse" {
    listen on matrix.example.com port 443 tls
    protocol "synapse"
    forward to 127.0.0.1 port 8008
  }

  relay "synapse-server" {
    listen on matrix.example.com port 8448 tls
    protocol "synapse"
    forward to 127.0.0.1 port 8008
  }

Here is an Nginx vhost reverse proxy example:

    server {
        listen 443 ssl;
        listen [::]:443 ssl;
        ssl_certificate /etc/ssl/matrix.example.com.pem;
        ssl_certificate_key /etc/ssl/private/matrix.example.com.key;
        server_name matrix.example.com;

        location /_matrix {
            proxy_pass http://localhost:8008;
            proxy_set_header X-Forwarded-For $remote_addr;
        }
    }

    server {
        listen 8448 ssl default_server;
        listen [::]:8448 ssl default_server;
        ssl_certificate /etc/ssl/matrix.example.com.pem;
        ssl_certificate_key /etc/ssl/private/matrix.example.com.key;
        server_name matrix.example.com;

        location / {
            proxy_pass http://localhost:8008;
            proxy_set_header X-Forwarded-For $remote_addr;
        }
    }
