docs: Add build page; correct proxy info; fix Caddy example (#2579)

* Add build page; correct proxy info; fix Caddy example * Improve Caddyfile example * Apply review comments; add polylith Caddyfile
2024-11-22 11:41:38 +00:00 · 2022-07-20 23:08:17 -06:00 · 2022-07-20 23:08:17 -06:00 · 35ce551c8f
commit 35ce551c8f
parent 9507966ebd
14 changed files with 209 additions and 93 deletions
--- a/docs/CONTRIBUTING.md
+++ b/docs/CONTRIBUTING.md
@ -24,7 +24,7 @@ Unfortunately we can't accept contributions without it.
 ## Getting up and running
-See the [Installation](INSTALL.md) section for information on how to build an
+See the [Installation](installation) section for information on how to build an
 instance of Dendrite. You will likely need this in order to test your changes.
 ## Code style
--- a/docs/caddy/monolith/CaddyFile
+++ b/docs/caddy/monolith/CaddyFile
@ -1,68 +0,0 @@
 {
    # debug
    admin off
    email example@example.com
    default_sni example.com
    # Debug endpoint
    # acme_ca https://acme-staging-v02.api.letsencrypt.org/directory	
 }
 #######################################################################
 #   Snippets
 #______________________________________________________________________
 (handle_errors_maintenance) {
 	handle_errors {
 		@maintenance expression {http.error.status_code} == 502
 		rewrite @maintenance maintenance.html
 		root * "/path/to/service/pages"
 		file_server
 	}
 }
 (matrix-well-known-header) {
    # Headers
    header Access-Control-Allow-Origin "*"
    header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
    header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
    header Content-Type "application/json"
 }
 #######################################################################
 example.com {
 	# ...
 	handle /.well-known/matrix/server {
 		import matrix-well-known-header
 		respond `{ "m.server": "matrix.example.com:443" }` 200
 	}
 	handle /.well-known/matrix/client {
 		import matrix-well-known-header
 		respond `{ "m.homeserver": { "base_url": "https://matrix.example.com" } }` 200
 	}
 	import handle_errors_maintenance
 }
 example.com:8448 {
 	# server<->server HTTPS traffic
    reverse_proxy http://dendrite-host:8008
 }
 matrix.example.com {
 	handle /_matrix/* {
 		# client<->server HTTPS traffic
 		reverse_proxy  http://dendrite-host:8008
 	}
 	handle_path /* {
 		# Client webapp (Element SPA or ...)
 		file_server {
 			root /path/to/www/example.com/matrix-web-client/
 		}	
 	}
 }
--- a/docs/caddy/monolith/Caddyfile
+++ b/docs/caddy/monolith/Caddyfile
@ -0,0 +1,57 @@
 # Sample Caddyfile for using Caddy in front of Dendrite.
 #
 # Customize email address and domain names.
 # Optional settings commented out.
 #
 # BE SURE YOUR DOMAINS ARE POINTED AT YOUR SERVER FIRST.
 # Documentation: https://caddyserver.com/docs/
 #
 # Bonus tip: If your IP address changes, use Caddy's
 # dynamic DNS plugin to update your DNS records to
 # point to your new IP automatically:
 # https://github.com/mholt/caddy-dynamicdns
 #
 # Global options block
 {
 	# In case there is a problem with your certificates.
 	# email example@example.com
 	# Turn off the admin endpoint if you don't need graceful config
 	# changes and/or are running untrusted code on your machine.
 	# admin off
 	# Enable this if your clients don't send ServerName in TLS handshakes.
 	# default_sni example.com
 	# Enable debug mode for verbose logging.
 	# debug
 	# Use Let's Encrypt's staging endpoint for testing.
 	# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
 	# If you're port-forwarding HTTP/HTTPS ports from 80/443 to something
 	# else, enable these and put the alternate port numbers here.
 	# http_port  8080
 	# https_port 8443
 }
 # The server name of your matrix homeserver. This example shows
 # "well-known delegation" from the registered domain to a subdomain,
 # which is only needed if your server_name doesn't match your Matrix
 # homeserver URL (i.e. you can show users a vanity domain that looks
 # nice and is easy to remember but still have your Matrix server on
 # its own subdomain or hosted service).
 example.com {
 	header /.well-known/matrix/* Content-Type application/json
 	header /.well-known/matrix/* Access-Control-Allow-Origin *
 	respond /.well-known/matrix/server `{"m.server": "matrix.example.com:443"}`
 	respond /.well-known/matrix/client `{"m.homeserver": {"base_url": "https://matrix.example.com"}}`
 }
 # The actual domain name whereby your Matrix server is accessed.
 matrix.example.com {
 	# Set localhost:8008 to the address of your Dendrite server, if different
 	reverse_proxy /_matrix/* localhost:8008
 }
--- a/docs/caddy/polylith/Caddyfile
+++ b/docs/caddy/polylith/Caddyfile
@ -0,0 +1,66 @@
 # Sample Caddyfile for using Caddy in front of Dendrite.
 #
 # Customize email address and domain names.
 # Optional settings commented out.
 #
 # BE SURE YOUR DOMAINS ARE POINTED AT YOUR SERVER FIRST.
 # Documentation: https://caddyserver.com/docs/
 #
 # Bonus tip: If your IP address changes, use Caddy's
 # dynamic DNS plugin to update your DNS records to
 # point to your new IP automatically:
 # https://github.com/mholt/caddy-dynamicdns
 #
 # Global options block
 {
 	# In case there is a problem with your certificates.
 	# email example@example.com
 	# Turn off the admin endpoint if you don't need graceful config
 	# changes and/or are running untrusted code on your machine.
 	# admin off
 	# Enable this if your clients don't send ServerName in TLS handshakes.
 	# default_sni example.com
 	# Enable debug mode for verbose logging.
 	# debug
 	# Use Let's Encrypt's staging endpoint for testing.
 	# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
 	# If you're port-forwarding HTTP/HTTPS ports from 80/443 to something
 	# else, enable these and put the alternate port numbers here.
 	# http_port  8080
 	# https_port 8443
 }
 # The server name of your matrix homeserver. This example shows
 # "well-known delegation" from the registered domain to a subdomain,
 # which is only needed if your server_name doesn't match your Matrix
 # homeserver URL (i.e. you can show users a vanity domain that looks
 # nice and is easy to remember but still have your Matrix server on
 # its own subdomain or hosted service).
 example.com {
 	header /.well-known/matrix/* Content-Type application/json
 	header /.well-known/matrix/* Access-Control-Allow-Origin *
 	respond /.well-known/matrix/server `{"m.server": "matrix.example.com:443"}`
 	respond /.well-known/matrix/client `{"m.homeserver": {"base_url": "https://matrix.example.com"}}`
 }
 # The actual domain name whereby your Matrix server is accessed.
 matrix.example.com {
 	# Change the end of each reverse_proxy line to the correct
 	# address for your various services.
 	@sync_api {
 		path_regexp /_matrix/client/.*?/(sync|user/.*?/filter/?.*|keys/changes|rooms/.*?/messages)$
 	}
 	reverse_proxy @sync_api sync_api:8073
 	reverse_proxy /_matrix/client* client_api:8071
 	reverse_proxy /_matrix/federation* federation_api:8071
 	reverse_proxy /_matrix/key* federation_api:8071
 	reverse_proxy /_matrix/media* media_api:8071
 }
--- a/docs/installation/10_starting_polylith.md
+++ b/docs/installation/10_starting_polylith.md
@ -2,7 +2,7 @@
 title: Starting the polylith
 parent: Installation
 has_toc: true
-nav_order: 9
+nav_order: 10
 permalink: /installation/start/polylith
 ---
--- a/docs/installation/11_optimisation.md
+++ b/docs/installation/11_optimisation.md
@ -2,7 +2,7 @@
 title: Optimise your installation
 parent: Installation
 has_toc: true
-nav_order: 10
+nav_order: 11
 permalink: /installation/start/optimisation
 ---
--- a/docs/installation/1_planning.md
+++ b/docs/installation/1_planning.md
@ -95,12 +95,13 @@ enabled.
 To do so, follow the [NATS Server installation instructions](https://docs.nats.io/running-a-nats-service/introduction/installation) and then [start your NATS deployment](https://docs.nats.io/running-a-nats-service/introduction/running). JetStream must be enabled, either by passing the `-js` flag to `nats-server`,
 or by specifying the `store_dir` option in the the `jetstream` configuration.
-### Reverse proxy (polylith deployments)
+### Reverse proxy
-Polylith deployments require a reverse proxy, such as [NGINX](https://www.nginx.com) or
+A reverse proxy such as [Caddy](https://caddyserver.com), [NGINX](https://www.nginx.com) or
-[HAProxy](http://www.haproxy.org). Configuring those is not covered in this documentation,
+[HAProxy](http://www.haproxy.org) is required for polylith deployments and is useful for monolith
-although a [sample configuration for NGINX](https://github.com/matrix-org/dendrite/blob/main/docs/nginx/polylith-sample.conf)
+deployments. Configuring those is not covered in this documentation, although sample configurations
-is provided.
+for [Caddy](https://github.com/matrix-org/dendrite/blob/main/docs/caddy) and
 [NGINX](https://github.com/matrix-org/dendrite/blob/main/docs/nginx) are provided.
 ### Windows
--- a/docs/installation/2_domainname.md
+++ b/docs/installation/2_domainname.md
@ -29,15 +29,23 @@ The exact details of how server name resolution works can be found in
 ## TLS certificates
 Matrix federation requires that valid TLS certificates are present on the domain. You must
-obtain certificates from a publicly accepted Certificate Authority (CA). [LetsEncrypt](https://letsencrypt.org)
+obtain certificates from a publicly-trusted certificate authority (CA). [Let's Encrypt](https://letsencrypt.org)
-is an example of such a CA that can be used. Self-signed certificates are not suitable for
+is a popular choice of CA because the certificates are publicly-trusted, free, and automated
-federation and will typically not be accepted by other homeservers.
+via the ACME protocol. (Self-signed certificates are not suitable for federation and will typically
 not be accepted by other homeservers.)
-A common practice to help ease the management of certificates is to install a reverse proxy in
+Automating the renewal of TLS certificates is best practice. There are many tools for this,
-front of Dendrite which manages the TLS certificates and HTTPS proxying itself. Software such as
+but the simplest way to achieve TLS automation is to have your reverse proxy do it for you.
-[NGINX](https://www.nginx.com) and [HAProxy](http://www.haproxy.org) can be used for the task.
+[Caddy](https://caddyserver.com) is recommended as a production-grade reverse proxy with
-Although the finer details of configuring these are not described here, you must reverse proxy
+automatic TLS which is commonly used in front of Dendrite. It obtains and renews TLS certificates
-all `/_matrix` paths to your Dendrite server.
+automatically and by default as long as your domain name is pointed at your server first.
 Although the finer details of [configuring Caddy](https://caddyserver.com/docs/) is not described
 here, in general, you must reverse proxy all `/_matrix` paths to your Dendrite server. For example,
 with Caddy:
 ```
 reverse_proxy /_matrix/* localhost:8008
 ```
 It is possible for the reverse proxy to listen on the standard HTTPS port TCP/443 so long as your
 domain delegation is configured to point to port TCP/443.
@ -76,6 +84,16 @@ and contain the following JSON document:
 }
 ```
 For example, this can be done with the following Caddy config:
 ```
 handle /.well-known/matrix/client {
 	header Content-Type application/json
 	header Access-Control-Allow-Origin *
 	respond `{"m.homeserver": {"base_url": "https://matrix.example.com:8448"}}`
 }
 ```
 You can also serve `.well-known` with Dendrite itself by setting the `well_known_server_name` config
 option to the value you want for `m.server`. This is primarily useful if Dendrite is exposed on
 `example.com:443` and you don't want to set up a separate webserver just for serving the `.well-known`
--- a/docs/installation/3_build.md
+++ b/docs/installation/3_build.md
@ -0,0 +1,38 @@
 ---
 title: Building Dendrite
 parent: Installation
 has_toc: true
 nav_order: 3
 permalink: /installation/build
 ---
 # Build all Dendrite commands
 Dendrite has numerous utility commands in addition to the actual server binaries.
 Build them all from the root of the source repo with `build.sh` (Linux/Mac):
 ```sh
 ./build.sh
 ```
 or `build.cmd` (Windows):
 ```powershell
 build.cmd
 ```
 The resulting binaries will be placed in the `bin` subfolder.
 # Installing as a monolith
 You can install the Dendrite monolith binary into `$GOPATH/bin` by using `go install`:
 ```sh
 go install ./cmd/dendrite-monolith-server
 ```
 Alternatively, you can specify a custom path for the binary to be written to using `go build`:
 ```sh
 go build -o /usr/local/bin/ ./cmd/dendrite-monolith-server
 ```
--- a/docs/installation/4_database.md
+++ b/docs/installation/4_database.md
@ -17,7 +17,9 @@ filenames in the Dendrite configuration file and start Dendrite. The databases w
 and populated automatically.
 Note that Dendrite **cannot share a single SQLite database across multiple components**. Each
-component must be configured with its own SQLite database filename.
+component must be configured with its own SQLite database filename. You will have to remove
 the `global.database` section from your Dendrite config and add it to each individual section
 instead in order to use SQLite.
 ### Connection strings
--- a/docs/installation/6_install_polylith.md
+++ b/docs/installation/6_install_polylith.md
@ -29,5 +29,6 @@ Polylith deployments require a reverse proxy in order to ensure that requests ar
 sent to the correct endpoint. You must ensure that a suitable reverse proxy is installed
 and configured.
-A [sample configuration file](https://github.com/matrix-org/dendrite/blob/main/docs/nginx/polylith-sample.conf)
+Sample configurations are provided
-is provided for [NGINX](https://www.nginx.com).
+for [Caddy](https://github.com/matrix-org/dendrite/blob/main/docs/caddy/polylith/Caddyfile)
 and [NGINX](https://github.com/matrix-org/dendrite/blob/main/docs/nginx/polylith-sample.conf).
--- a/docs/installation/7_configuration.md
+++ b/docs/installation/7_configuration.md
@ -1,13 +1,13 @@
 ---
-title: Populate the configuration
+title: Configuring Dendrite
 parent: Installation
 nav_order: 7
 permalink: /installation/configuration
 ---
-# Populate the configuration
+# Configuring Dendrite
-The configuration file is used to configure Dendrite. Sample configuration files are
+A YAML configuration file is used to configure Dendrite. Sample configuration files are
 present in the top level of the Dendrite repository:
 * [`dendrite-sample.monolith.yaml`](https://github.com/matrix-org/dendrite/blob/main/dendrite-sample.monolith.yaml)
--- a/docs/installation/8_signingkey.md
+++ b/docs/installation/8_signingkey.md
@ -1,7 +1,7 @@
 ---
 title: Generating signing keys
 parent: Installation
-nav_order: 4
+nav_order: 8
 permalink: /installation/signingkeys
 ---
--- a/docs/installation/9_starting_monolith.md
+++ b/docs/installation/9_starting_monolith.md
@ -15,8 +15,9 @@ you can start your Dendrite monolith deployment by starting the `dendrite-monoli
 ./dendrite-monolith-server -config /path/to/dendrite.yaml
 ```
-If you want to change the addresses or ports that Dendrite listens on, you
+By default, Dendrite will listen HTTP on port 8008. If you want to change the addresses
-can use the `-http-bind-address` and `-https-bind-address` command line arguments:
+or ports that Dendrite listens on, you can use the `-http-bind-address` and
 `-https-bind-address` command line arguments:
 ```bash
 ./dendrite-monolith-server -config /path/to/dendrite.yaml \