From a302a7d7489eca3c16f8ba0b046fa6f7fbb07730 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Fri, 17 Aug 2018 07:27:02 +0300
Subject: [PATCH] Only run federation on 8448 and client on 80

This disables federation on the 80 port, as it's
not necessary. We also disable the old Angular webclient.

For the federation port (8448), we disable the client APIs
as those are not necessary. Those can even cause trouble
if one doesn't know about them and thinks that guarding the client
APIs at the 80 port is enough.
---
 CHANGELOG.md                                      | 12 ++++++++++++
 .../templates/synapse/homeserver.yaml.j2          | 15 +--------------
 2 files changed, 13 insertions(+), 14 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f079951d2..10ff3ae99 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,15 @@
+# 2018-08-17
+
+## Disabling some unnecessary Synapse services
+
+The following services are not necessary, so they have been disabled:
+- on the federation port (8448): the `client` service
+- on the http port (80): the old Angular `webclient` and the `federation` service
+
+Federation runs only on the federation port (8448) now.
+The Client APIs run only on the http port (80) now.
+
+
 # 2018-08-15
 
 ## mxisd Identity Server support
diff --git a/roles/matrix-server/templates/synapse/homeserver.yaml.j2 b/roles/matrix-server/templates/synapse/homeserver.yaml.j2
index 64020d331..106c8f161 100644
--- a/roles/matrix-server/templates/synapse/homeserver.yaml.j2
+++ b/roles/matrix-server/templates/synapse/homeserver.yaml.j2
@@ -143,17 +143,6 @@ listeners:
 
     # List of HTTP resources to serve on this listener.
     resources:
-      -
-        # List of resources to host on this listener.
-        names:
-          - client     # The client-server APIs, both v1 and v2
-          - webclient  # The bundled webclient.
-
-        # Should synapse compress HTTP responses to clients that support it?
-        # This should be disabled if running synapse behind a load balancer
-        # that can do automatic compression.
-        compress: true
-
       - names: [federation]  # Federation APIs
         compress: false
 
@@ -174,10 +163,8 @@ listeners:
     x_forwarded: true
 
     resources:
-      - names: [client, webclient]
+      - names: [client]
         compress: true
-      - names: [federation]
-        compress: false
 
   # Turn on the twisted ssh manhole service on localhost on the given
   # port.