# ============================================================================= # This is the official example config for Conduit. # If you use it for your server, you will need to adjust it to your own needs. # At the very least, change the server_name field! # ============================================================================= [global] # The server_name is the pretty name of this server. It is used as a suffix for user # and room ids. Examples: matrix.org, conduit.rs # The Conduit server needs all /_matrix/ requests to be reachable at # https://your.server.name/ on port 443 (client-server) and 8448 (federation). # If that's not possible for you, you can create /.well-known files to redirect # requests. See # https://matrix.org/docs/spec/client_server/latest#get-well-known-matrix-client # and # https://matrix.org/docs/spec/server_server/r0.1.4#get-well-known-matrix-server # for more information # YOU NEED TO EDIT THIS #server_name = "your.server.name" # This is the only directory where Conduit will save its data database_path = "/var/lib/matrix-conduit/" database_backend = "rocksdb" # The port Conduit will be running on. You need to set up a reverse proxy in # your web server (e.g. apache or nginx), so all requests to /_matrix on port # 443 and 8448 will be forwarded to the Conduit instance running on this port # Docker users: Don't change this, you'll need to map an external port to this. port = 6167 # Max size for uploads max_request_size = 20_000_000 # in bytes # Enables open registration. If set to false, no users can register on this # server (unless a token is configured). # If set to true, users can register with no form of 2nd step only if you set # `yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse` to # in your config. If you would like # registration only via token reg, please set this to *false* and configure the # `registration_token` key. allow_registration = false # A static registration token that new users will have to provide when creating # an account. If unset and `allow_registration` is true, registration is open # without any condition. YOU NEED TO EDIT THIS. registration_token = "change this token for something specific to your server" allow_federation = true allow_check_for_updates = true # Enable the display name lightning bolt on registration. enable_lightning_bolt = true # Servers listed here will be used to gather public keys of other servers. # Generally, copying this exactly should be enough. (Currently, Conduit doesn't # support batched key requests, so this list should only contain Synapse # servers.) trusted_servers = ["matrix.org"] #max_concurrent_requests = 400 # How many requests Conduit sends to other servers at the same time #log = "warn,state_res=warn" address = "127.0.0.1" # This makes sure Conduit can only be reached using the reverse proxy #address = "0.0.0.0" # If Conduit is running in a container, make sure the reverse proxy (ie. Traefik) can reach it. # Set this to true to allow your server's public room directory to be federated. # Set this to false to protect against /publicRooms spiders, but will forbid external users from viewing your server's public room directory. # If federation is disabled entirely (`allow_federation`), this is inherently false. allow_public_room_directory_over_federation = false # Set this to true to allow your server's public room directory to be queried without client authentication (access token) through the Client APIs. # Set this to false to protect against /publicRooms spiders. allow_public_room_directory_without_auth = false # Set this to true to allow federating device display names / allow external users to see your device display name. # If federation is disabled entirely (`allow_federation`), this is inherently false. allow_device_name_federation = false # Uncomment unix_socket_path to listen on a UNIX socket at the specified path. # If listening on a UNIX socket, you must remove the 'address' key if defined and add your # reverse proxy (nginx/Caddy/Apache/etc) to the 'conduit' group, unless world RW # permissions are specified with unix_socket_perms (666 minimum). #unix_socket_path = "/run/conduit/conduit.sock" #unix_socket_perms = 660 # Set this to true for Conduit to compress HTTP response bodies using zstd. # Please be aware that enabling HTTP compression may introduce compression side-channel attacks and response body tampering to potentially defeat TLS. # Most users should not need to enable this. # See https://breachattack.com/ and https://wikipedia.org/wiki/BREACH before deciding to enable this. zstd_compression = false # Set to true to allow user type "guest" registrations allow_guest_registration = false