From 0ecafaa1d14b4e5e2d3465f65290aeca9c4622e9 Mon Sep 17 00:00:00 2001 From: palmcoasty Date: Fri, 13 Mar 2026 00:37:13 -0700 Subject: [PATCH 1/6] Create well-known.conf --- .../configs/server-http/well-known.conf | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 templates/synapse-no-turn/configs/server-http/well-known.conf diff --git a/templates/synapse-no-turn/configs/server-http/well-known.conf b/templates/synapse-no-turn/configs/server-http/well-known.conf new file mode 100644 index 0000000..b10a84b --- /dev/null +++ b/templates/synapse-no-turn/configs/server-http/well-known.conf @@ -0,0 +1,11 @@ +location /.well-known/matrix/client { + default_type application/json; + add_header Access-Control-Allow-Origin *; + return 200 '{"m.homeserver":{"base_url":"https://matrix.palmcoasty.com"}}'; +} + +location /.well-known/matrix/server { + default_type application/json; + add_header Access-Control-Allow-Origin *; + return 200 '{"m.server":"matrix.palmcoasty.com:443"}'; +} From ad3da2d6da9bf31cf366a49121f4ff141615b2a0 Mon Sep 17 00:00:00 2001 From: palmcoasty Date: Fri, 13 Mar 2026 00:45:22 -0700 Subject: [PATCH 2/6] Create template.json --- templates/synapse-no-turn/template.json | 47 +++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 templates/synapse-no-turn/template.json diff --git a/templates/synapse-no-turn/template.json b/templates/synapse-no-turn/template.json new file mode 100644 index 0000000..18433ac --- /dev/null +++ b/templates/synapse-no-turn/template.json @@ -0,0 +1,47 @@ +{ + "id": "synapse-no-turn", + "name": "Synapse Matrix server without Turn, secure template with essential hardening defaults", + "settings": { + "SERVER_NAME": "example.com", + "AUTO_LETS_ENCRYPT": "yes", + "USE_LETS_ENCRYPT_STAGING": "no", + "USE_LETS_ENCRYPT_WILDCARD": "no", + "LETS_ENCRYPT_CHALLENGE": "http", + "LETS_ENCRYPT_DNS_PROVIDER": "", + "LETS_ENCRYPT_DNS_PROPAGATION": "default", + "LETS_ENCRYPT_DNS_CREDENTIAL_ITEM": "", + "USE_CUSTOM_SSL": "no", + "CUSTOM_SSL_CERT_PRIORITY": "file", + "CUSTOM_SSL_CERT": "", + "CUSTOM_SSL_KEY": "", + "CUSTOM_SSL_CERT_DATA": "", + "CUSTOM_SSL_KEY_DATA": "", + "USE_REVERSE_PROXY": "yes", + "REVERSE_PROXY_URL": "/_matrix/", + "REVERSE_PROXY_HOST": "http://mysynapse-server:8008", + "REVERSE_PROXY_INTERCEPT_ERRORS": "no", + "REVERSE_PROXY_KEEPALIVE": "yes", + "REVERSE_PROXY_HIDE_HEADERS": "", + "REVERSE_PROXY_CONNECT_TIMEOUT": "30s", + "REVERSE_PROXY_READ_TIMEOUT": "300s", + "REVERSE_PROXY_SEND_TIMEOUT": "60s", + "HTTP3": "no", + "LISTEN_HTTP": "no", + "MAX_CLIENT_SIZE": "50m", + "ALLOWED_METHODS": "GET|POST|HEAD|PUT|DELETE|OPTIONS|PATCH", + "USE_LIMIT_REQ": "yes", + "LIMIT_REQ_URL": "/", + "LIMIT_REQ_RATE": "15r/s", + "INTERCEPTED_ERROR_CODES": "400 401 403 404 405 413 429 501 502 503 504", + "USE_WHITELIST": "yes", + "BAD_BEHAVIOR_STATUS_CODES": "405", + "BAD_BEHAVIOR_THRESHOLD": "100", + "WHITELIST_IP": "", + "WHITELIST_RDNS": ".google.com .googlebot.com .yandex.ru .yandex.net .yandex.com .search.msn.com .baidu.com .baidu.jp .crawl.yahoo.net .fwd.linkedin.com", + "WHITELIST_RDNS_GLOBAL": "yes", + "WHITELIST_ASN": "", + "SERVE_FILES": "no", + "USE_CLIENT_CACHE": "n0", + "USE_GZIP": "yes", + "USE_BROTLI": "yes", + } From a10c8b04a0b24eb4d7f34d69204d401bc7bc4b07 Mon Sep 17 00:00:00 2001 From: palmcoasty Date: Fri, 13 Mar 2026 15:51:03 -0700 Subject: [PATCH 3/6] Rename template.json to template.json --- templates/{synapse-no-turn => synapse}/template.json | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename templates/{synapse-no-turn => synapse}/template.json (100%) diff --git a/templates/synapse-no-turn/template.json b/templates/synapse/template.json similarity index 100% rename from templates/synapse-no-turn/template.json rename to templates/synapse/template.json From f208fd2c3f2917c346aa013751e4cb317cb4a6eb Mon Sep 17 00:00:00 2001 From: palmcoasty Date: Fri, 13 Mar 2026 15:51:32 -0700 Subject: [PATCH 4/6] Rename well-known.conf to well-known.conf --- .../configs/server-http/well-known.conf | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename templates/{synapse-no-turn => synapse}/configs/server-http/well-known.conf (100%) diff --git a/templates/synapse-no-turn/configs/server-http/well-known.conf b/templates/synapse/configs/server-http/well-known.conf similarity index 100% rename from templates/synapse-no-turn/configs/server-http/well-known.conf rename to templates/synapse/configs/server-http/well-known.conf From 2a887abd60b1eaca7ce3371cb7ce813fac7e245a Mon Sep 17 00:00:00 2001 From: palmcoasty Date: Fri, 13 Mar 2026 15:53:04 -0700 Subject: [PATCH 5/6] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index c2ef036..ce86195 100644 --- a/README.md +++ b/README.md @@ -66,6 +66,7 @@ This repository packages those JSON definitions alongside their configuration sn | [NetBird](templates/netbird/) | Self-hosted template with gRPC and websocket routing | `templates/netbird/` | | [Tomcat](templates/tomcat/) | Reverse proxy template with servlet-friendly defaults | `templates/tomcat/` | | [WordPress](templates/wordpress/) | Secure template with essential hardening defaults | `templates/wordpress/` | +| [Synapse](templates/synapse/) | Secure template with essential hardening defaults for the matrix server synapse | `templates/synapse/` | ```text templates/ From b45bd30fa9594b46483e5b878b9becfee910ba0d Mon Sep 17 00:00:00 2001 From: palmcoasty Date: Fri, 13 Mar 2026 15:56:33 -0700 Subject: [PATCH 6/6] Update template.json --- templates/synapse/template.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/synapse/template.json b/templates/synapse/template.json index 18433ac..497fab9 100644 --- a/templates/synapse/template.json +++ b/templates/synapse/template.json @@ -31,7 +31,7 @@ "ALLOWED_METHODS": "GET|POST|HEAD|PUT|DELETE|OPTIONS|PATCH", "USE_LIMIT_REQ": "yes", "LIMIT_REQ_URL": "/", - "LIMIT_REQ_RATE": "15r/s", + "LIMIT_REQ_RATE": "10r/s", "INTERCEPTED_ERROR_CODES": "400 401 403 404 405 413 429 501 502 503 504", "USE_WHITELIST": "yes", "BAD_BEHAVIOR_STATUS_CODES": "405",