From 02d5b54fa5df43285aaf38558ebd8fe7139d2c5b Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 20 Aug 2018 21:24:54 +0300 Subject: [PATCH] Add controls for influencing Matrix Synapse's rate-limiting --- CHANGELOG.md | 20 ++++++++++++++++++- roles/matrix-server/defaults/main.yml | 4 ++++ .../templates/synapse/homeserver.yaml.j2 | 4 ++-- 3 files changed, 25 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 508f0fa4c..c300301a7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,21 @@ +# 2018-08-20 + +## Matrix Synapse rate limit control variables + +The following new variables can now be configured to control Matrix Synapse's rate-limiting (default values are shown below). + +```yaml +matrix_synapse_rc_messages_per_second: 0.2 +matrix_synapse_rc_message_burst_count: 10.0 +``` + +## Shared Secret Auth support via matrix-synapse-shared-secret-auth + +The playbook can now install and configure [matrix-synapse-shared-secret-auth](https://github.com/devture/matrix-synapse-shared-secret-auth) for you. + +Additional details are available in [Setting up the Shared Secret Auth password provider module](configuring-playbook-shared-secret-auth.md). + + # 2018-08-17 ## REST auth support via matrix-synapse-rest-auth @@ -71,4 +89,4 @@ The `setup-main` tag got renamed to `setup-all`. ## Docker container linking -Changed the way the Docker containers are linked together. The ones that need to communicate with others operate in a `matrix` network now and not in the default bridge network. \ No newline at end of file +Changed the way the Docker containers are linked together. The ones that need to communicate with others operate in a `matrix` network now and not in the default bridge network. diff --git a/roles/matrix-server/defaults/main.yml b/roles/matrix-server/defaults/main.yml index 13408d520..de0307044 100644 --- a/roles/matrix-server/defaults/main.yml +++ b/roles/matrix-server/defaults/main.yml @@ -61,6 +61,10 @@ matrix_synapse_max_upload_size_mb: 10 matrix_synapse_max_log_file_size_mb: 100 matrix_synapse_max_log_files_count: 10 +# Rate limits +matrix_synapse_rc_messages_per_second: 0.2 +matrix_synapse_rc_message_burst_count: 10.0 + # A list of additional "volumes" to mount in the container. # This list gets populated dynamically based on Synapse extensions that have been enabled. # Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."} diff --git a/roles/matrix-server/templates/synapse/homeserver.yaml.j2 b/roles/matrix-server/templates/synapse/homeserver.yaml.j2 index 4a60a6be3..97b8a9941 100644 --- a/roles/matrix-server/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-server/templates/synapse/homeserver.yaml.j2 @@ -197,10 +197,10 @@ log_config: "/data/{{ hostname_matrix }}.log.config" ## Ratelimiting ## # Number of messages a client can send per second -rc_messages_per_second: 0.2 +rc_messages_per_second: {{ matrix_synapse_rc_messages_per_second }} # Number of message a client can send before being throttled -rc_message_burst_count: 10.0 +rc_message_burst_count: {{ matrix_synapse_rc_message_burst_count }} # The federation window size in milliseconds federation_rc_window_size: 1000