diff --git a/docker/README.md b/docker/README.md index 2bdeefd..7893f37 100644 --- a/docker/README.md +++ b/docker/README.md @@ -37,6 +37,13 @@ docker run --name okupamicoche-synapse -p 8008:8008 --mount type=volume,src=syna -v $(pwd)/homeserver.yaml:/homeserver.yaml -v $(pwd)/okupamicoche-appservice.yaml:/okupamicoche-appservice.yaml \ --network=okupamicoche okupamicoche-synapse ``` +10. (Optional) Add keycloak certificate to local machine +Some clients (Quaternion, Nheko) fail with self-signed certificates. You can install the root certificate +(docker/synape/keycloak-root.crt) in you local machine. For example, in Linux: +``` +sudo cp docker/synape/keycloak-root.crt /usr/local/share/ca-certificates/ +sudo update-ca-certificates +``` ## Run `docker start okupamicoche-keycloak` diff --git a/docker/synapse/Dockerfile b/docker/synapse/Dockerfile index c077186..663db84 100644 --- a/docker/synapse/Dockerfile +++ b/docker/synapse/Dockerfile @@ -1,3 +1,3 @@ FROM matrixdotorg/synapse:latest -COPY cert/*.crt /usr/local/share/ca-certificates/ +COPY keycloak-root.crt /usr/local/share/ca-certificates/ RUN update-ca-certificates \ No newline at end of file diff --git a/docker/synapse/cert/ca.crt b/docker/synapse/cert/ca.crt deleted file mode 100644 index c3957c0..0000000 --- a/docker/synapse/cert/ca.crt +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIC/DCCAeSgAwIBAgIEY8cv5jANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRy -b290MB4XDTIxMDQyMjE2MjUyMVoXDTIxMDcyMTE2MjUyMVowDTELMAkGA1UEAxMC -Y2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrabUOthTKjjoV+5Bj -2OVtdNqBYeGNAvxH4Ae0GNx8axuu2O5oyItkYvhTg2HSoBUSK+jL5FT000z+8k+v -wL2HZd7lZhF6xeUFBhkPYepsK62I6w7f6Zg+d7ccnRcA+9Jt3Xok4vaPnYhjvUB5 -Z25VEZZa6/35YZJ7wEdyhFuONnnVM3+1tajq1GVanwSK0y3qhmX2jLy2neMXx1zY -J2neDElHwzYtsmVek9T8TlxLhNJiFcHEscmWrT5NOntfcTYaZosWyH+Nm/+EJuAb -UTTscG6YdAL7p4zvOiZ1j+QKb3UCrtSSi+XUZi/uNS3Ky4asgiaUNCbHc3D0a3G0 -HsmbAgMBAAGjYjBgMB0GA1UdDgQWBBQD7PILP4eCg6TDhEkwZwLiNAb9gzANBgNV -HREEBjAEggJjYTAPBgNVHRMECDAGAQH/AgEAMB8GA1UdIwQYMBaAFORJiEeDfjQa -MvoMZkmv3bWw8/8NMA0GCSqGSIb3DQEBCwUAA4IBAQCFPmXAOgth6wMD6XoPvfw4 -xg0Qr5ky1pUhJj37ocr6aCNbW3dr0jUFcHHkdhyg4uEoUGbPYyKMCjp6DpPq+Sks -Nx+xWXaTeNIiHzXsY1TuQdvvC+rrANmHatYj8/kGNg5tcNvMn7PPBfy9lEYWCSL9 -ql3yim0GuGZ9CyNS/ZCmM2X/pKc3yiZK57iywlHJ7Sp1z5bmjFHE2l6NrkLYLwh6 -5V+JkeHvzgGAiuh9cIbA4XvB0UWD8GAiwyrLhTD3ZzQDe+kXskgMzNj7OYqey3dA -BDnxnTQel4PnYQQ78JeOwCVZurRL4Nph8icY8iQEeXEFp3H9hRpRe+rPs8+9ZnUT ------END CERTIFICATE----- diff --git a/docker/synapse/cert/keycloak.crt b/docker/synapse/cert/keycloak.crt deleted file mode 100644 index 473f4cf..0000000 --- a/docker/synapse/cert/keycloak.crt +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDMzCCAhugAwIBAgIEJ7Mx8DANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJj -YTAeFw0yMTA0MjIxNjI1MjlaFw0yMTA3MjExNjI1MjlaMBMxETAPBgNVBAMTCGtl -eWNsb2FrMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjviXNH4OBjNG -U9L0Jpg3a+WqpiyXFxLom8pe+QTE0pVyjgAMOSBnTaBJUwhFkYjCIqP2hvTWPUYJ -X9K0oTbfPp4QheViNYvDZ1sz/naUAXleTYhgSuPqTzwSZ4k8f+xQHWK1ECL3JmkI -1czJ3LEjNKryWILYbvsyoG1HmbKcIZIKzUKvrgqC9SIEqa0wlZtC+ASi16Jqv1kC -DtGTc2gcNmeudQASfDqbYiPLqXec1GWXSViezhwBO0mrs1NEaN8810h3PRRDWkhC -dZijCjvLC6AqtZRjdHf7m3Cit6kzJ50q27COGNtwCVVaFutOJCiMjNcsjPh8HD1c -uuyI5Q/SnQIDAQABo4GUMIGRMB0GA1UdDgQWBBTNiaKtvdBOTQo+6N/SrVQ3lPA/ -vzAOBgNVHQ8BAf8EBAMCBaAwIAYDVR0RBBkwF4IVb2t1cGFtaWNvY2hlLWtleWNs -b2FrMB8GA1UdIwQYMBaAFAPs8gs/h4KDpMOESTBnAuI0Bv2DMB0GA1UdJQQWMBQG -CCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAMBi43gTMU/Sp -No++b4CQt5HlMXw3tKScKEUvMB6iFm7L25tkDHB/Kq+UG57GMAsOloTqq41a+u7x -RGXGkOZxM12X7RTntU+6bheDkftuLD44eaAsfBhV+ZL7tU1gyx+qQ6xqgRWwilji -+hR/ycrjDSoozkJknIpNBM2puUc4ahAKo68rPufGrrnWSCs/EDre2peAnhi3qqVI -6wqVJp3gdY5F4q96pDVdY5DBkOqdOFdE/Sp12Ybkt9EID0CyZFBF7eefVbS7IVpu -aSfHe8z9GjJz1Yh/iHX8ERsSDt+YnaXk4J/Si0G5xVzd/ApPc7XpEwKXU9CcQdkg -WxsaAmyUfg== ------END CERTIFICATE----- diff --git a/docker/synapse/cert/root.crt b/docker/synapse/keycloak-root.crt similarity index 100% rename from docker/synapse/cert/root.crt rename to docker/synapse/keycloak-root.crt