# ============================================== # Synapse Homeserver Configuration — Production # ============================================== # # Deploy to /opt/mosaic/synapse/homeserver.yaml on the Docker host. # # IMPORTANT: server_name is PERMANENT. It becomes part of every user ID # (@user:server_name) and room alias. It cannot be changed after the # database has been initialized without losing all data. # # Before first deploy, replace ALL placeholders marked REPLACE_*. # # ============================================== # REPLACE with your Matrix domain (e.g. matrix.mosaicstack.dev) # This is permanent — cannot be changed after first startup. server_name: "REPLACE_MATRIX_DOMAIN" pid_file: /data/homeserver.pid public_baseurl: "https://REPLACE_MATRIX_DOMAIN/" # ====================== # Network Listeners # ====================== listeners: - port: 8008 tls: false type: http # Traefik terminates TLS and forwards via X-Forwarded-For x_forwarded: true bind_addresses: ["0.0.0.0"] resources: - names: [client, federation] compress: false # ====================== # Database (Shared PostgreSQL) # ====================== database: name: psycopg2 txn_limit: 10000 args: # Must match SYNAPSE_POSTGRES_USER / SYNAPSE_POSTGRES_PASSWORD # from your Portainer environment variables user: "REPLACE_SYNAPSE_DB_USER" password: "REPLACE_SYNAPSE_DB_PASSWORD" database: "REPLACE_SYNAPSE_DB_NAME" host: "postgres" port: 5432 cp_min: 5 cp_max: 10 # ====================== # Media Storage # ====================== media_store_path: /data/media_store max_upload_size: 50M url_preview_enabled: true url_preview_ip_range_blacklist: - "127.0.0.0/8" - "10.0.0.0/8" - "172.16.0.0/12" - "192.168.0.0/16" - "100.64.0.0/10" - "192.0.0.0/24" - "169.254.0.0/16" - "198.18.0.0/15" - "::1/128" - "fe80::/10" - "fc00::/7" - "2001:db8::/32" - "ff00::/8" - "fec0::/10" # ====================== # Registration # ====================== # Public registration disabled. Create accounts via the admin API or CLI: # docker exec -it register_new_matrix_user \ # -u username -c /data/homeserver.yaml http://localhost:8008 enable_registration: false # ====================== # Signing Keys # ====================== # Auto-generated on first startup and persisted in /opt/mosaic/synapse/keys/ signing_key_path: "/data/keys/signing.key" # ====================== # Trusted Key Servers # ====================== # matrix.org is the default. Set to [] to disable federation key trust. trusted_key_servers: - server_name: "matrix.org" # ====================== # Room Configuration # ====================== enable_room_list_search: true allow_public_rooms_over_federation: false # ====================== # Rate Limiting # ====================== rc_message: per_second: 10 burst_count: 50 rc_registration: per_second: 1 burst_count: 5 rc_login: address: per_second: 3 burst_count: 10 account: per_second: 3 burst_count: 10 # ====================== # Logging # ====================== # Synapse falls back to a basic console logger (stdout) when this file # does not exist, which is ideal for Docker log collection. log_config: "/data/log.config" # ====================== # Secrets # ====================== # Generate with: python3 -c 'import secrets; print(secrets.token_hex(32))' report_stats: false macaroon_secret_key: "REPLACE_MACAROON_SECRET" form_secret: "REPLACE_FORM_SECRET" # ====================== # Presence & Retention # ====================== use_presence: true retention: enabled: true default_policy: min_lifetime: 1d max_lifetime: 365d