pub struct Config {Show 267 fields
pub server_name: OwnedServerName,
pub database_path: PathBuf,
pub new_user_displayname_suffix: String,
address: Option<ListeningAddr>,
port: ListeningPort,
pub tls: TlsConfig,
pub unix_socket_path: Option<PathBuf>,
pub unix_socket_perms: u32,
pub error_on_unknown_config_opts: bool,
pub database_backup_path: Option<PathBuf>,
pub database_backups_to_keep: i16,
pub cache_capacity_modifier: f64,
pub db_cache_capacity_mb: f64,
pub db_write_buffer_capacity_mb: f64,
pub pdu_cache_capacity: u32,
pub auth_chain_cache_capacity: u32,
pub shorteventid_cache_capacity: u32,
pub eventidshort_cache_capacity: u32,
pub eventid_pdu_cache_capacity: u32,
pub shortstatekey_cache_capacity: u32,
pub statekeyshort_cache_capacity: u32,
pub servernameevent_data_cache_capacity: u32,
pub stateinfo_cache_capacity: u32,
pub spacehierarchy_cache_ttl_min: u64,
pub spacehierarchy_cache_ttl_max: u64,
pub client_sync_timeout_min: u64,
pub client_sync_timeout_default: u64,
pub client_sync_timeout_max: u64,
pub dns_cache_entries: u32,
pub dns_min_ttl: u64,
pub dns_min_ttl_nxdomain: u64,
pub dns_attempts: u16,
pub dns_timeout: u64,
pub dns_tcp_fallback: bool,
pub query_all_nameservers: bool,
pub query_over_tcp_only: bool,
pub ip_lookup_strategy: u8,
pub dns_passthru_domains: RegexSet,
pub dns_passthru_appservices: bool,
pub dns_case_randomization: bool,
pub max_request_size: usize,
pub max_pending_media_uploads: usize,
pub media_create_unused_expiration_time: u64,
pub media_rc_create_per_second: u32,
pub media_rc_create_burst_count: u32,
pub max_fetch_prev_events: u16,
pub request_conn_timeout: u64,
pub request_timeout: u64,
pub request_total_timeout: u64,
pub request_idle_timeout: u64,
pub request_idle_per_host: u16,
pub well_known_conn_timeout: u64,
pub well_known_timeout: u64,
pub federation_timeout: u64,
pub federation_idle_timeout: u64,
pub federation_idle_per_host: u16,
pub sender_timeout: u64,
pub sender_idle_timeout: u64,
pub sender_retry_backoff_limit: u64,
pub appservice_timeout: u64,
pub appservice_idle_timeout: u64,
pub pusher_idle_timeout: u64,
pub client_receive_timeout: u64,
pub client_request_timeout: u64,
pub client_response_timeout: u64,
pub client_shutdown_timeout: u64,
pub ip_source: Option<IpSource>,
pub sender_shutdown_timeout: u64,
pub allow_registration: bool,
pub yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse: bool,
pub registration_token: Option<String>,
pub registration_token_file: Option<PathBuf>,
pub allow_encryption: bool,
pub encryption_enabled_by_default_for_room_type: Option<String>,
pub allow_federation: bool,
pub federate_created_rooms: bool,
pub federation_loopback: bool,
pub forget_forced_upon_leave: bool,
pub require_auth_for_profile_requests: bool,
pub preserve_room_profile_overrides: bool,
pub allow_public_room_directory_over_federation: bool,
pub allow_public_room_directory_without_auth: bool,
pub allow_public_room_search_by_id: bool,
pub allow_unlisted_room_search_by_id: bool,
pub show_all_local_users_in_user_directory: bool,
pub turn_allow_guests: bool,
pub lockdown_public_room_directory: bool,
pub allow_device_name_federation: bool,
pub allow_inbound_profile_lookup_federation_requests: bool,
pub allow_room_creation: bool,
pub allow_unstable_room_versions: bool,
pub allow_experimental_room_versions: bool,
pub enable_policy_servers: bool,
pub policy_server_request_timeout: u64,
pub default_room_version: RoomVersionId,
pub well_known: WellKnownConfig,
pub allow_jaeger: bool,
pub jaeger_filter: String,
pub tracing_flame: bool,
pub tracing_flame_filter: String,
pub tracing_flame_output_path: String,
pub proxy: ProxyConfig,
pub trusted_servers: Vec<OwnedServerName>,
pub query_trusted_key_servers_first: bool,
pub query_trusted_key_servers_first_on_join: bool,
pub only_query_trusted_key_servers: bool,
pub trusted_server_batch_size: usize,
pub trusted_server_batch_concurrency: usize,
pub log: String,
pub log_colors: bool,
pub log_compact: bool,
pub log_span_events: String,
pub log_filter_regex: bool,
pub log_thread_ids: bool,
pub log_to_stderr: bool,
pub log_enable: bool,
pub log_global_default: bool,
pub openid_token_ttl: u64,
pub login_via_existing_session: bool,
pub login_via_token: bool,
pub login_with_password: bool,
pub login_token_ttl: u64,
pub access_token_ttl: u64,
pub refresh_token_ttl: u64,
pub refresh_token_idle_only: bool,
pub refresh_token_hard_logout: bool,
pub turn_username: String,
pub turn_password: String,
pub turn_uris: Vec<String>,
pub turn_secret: Option<String>,
pub turn_secret_file: Option<PathBuf>,
pub turn_ttl: u64,
pub auto_join_rooms: Vec<OwnedRoomOrAliasId>,
pub auto_deactivate_banned_room_attempts: bool,
pub rocksdb_log_level: String,
pub rocksdb_log_stderr: bool,
pub rocksdb_max_log_file_size: usize,
pub rocksdb_log_time_to_roll: usize,
pub rocksdb_optimize_for_spinning_disks: bool,
pub rocksdb_direct_io: bool,
pub rocksdb_parallelism_threads: usize,
pub rocksdb_max_log_files: usize,
pub rocksdb_compression_algo: String,
pub rocksdb_compression_level: i32,
pub rocksdb_bottommost_compression_level: i32,
pub rocksdb_bottommost_compression: bool,
pub rocksdb_recovery_mode: u8,
pub rocksdb_paranoid_file_checks: bool,
pub rocksdb_checksums: bool,
pub rocksdb_atomic_flush: bool,
pub rocksdb_repair: bool,
pub rocksdb_read_only: bool,
pub rocksdb_secondary: bool,
pub rocksdb_compaction_prio_idle: bool,
pub rocksdb_compaction_ioprio_idle: bool,
pub rocksdb_compaction: bool,
pub rocksdb_stats_level: u8,
pub rocksdb_never_drop_columns: bool,
pub rocksdb_allow_fallocate: bool,
pub emergency_password: Option<String>,
pub notification_push_path: String,
pub push_everything: bool,
pub calculate_heroes: bool,
pub allow_local_presence: bool,
pub allow_incoming_presence: bool,
pub allow_outgoing_presence: bool,
pub presence_idle_timeout_s: u64,
pub presence_offline_timeout_s: u64,
pub presence_timeout_remote_users: bool,
pub suppress_push_when_active: bool,
pub allow_incoming_read_receipts: bool,
pub allow_outgoing_read_receipts: bool,
pub allow_outgoing_typing: bool,
pub allow_incoming_typing: bool,
pub typing_federation_timeout_s: u64,
pub typing_client_timeout_min_s: u64,
pub typing_client_timeout_max_s: u64,
pub zstd_compression: bool,
pub gzip_compression: bool,
pub brotli_compression: bool,
pub allow_guest_registration: bool,
pub log_guest_registrations: bool,
pub allow_guests_auto_join_rooms: bool,
pub allow_legacy_media: bool,
pub request_legacy_media: bool,
pub freeze_legacy_media: bool,
pub media_startup_check: bool,
pub media_compat_file_link: bool,
pub prune_missing_media: bool,
pub media_storage_providers: BTreeSet<String>,
pub store_media_on_providers: BTreeSet<String>,
pub prevent_media_downloads_from: RegexSet,
pub forbidden_remote_server_names: RegexSet,
pub allowed_remote_server_names_experimental: RegexSet,
pub forbidden_remote_room_directory_server_names: RegexSet,
pub ip_range_denylist: Vec<String>,
pub url_preview_bound_interface: Option<Either<IpAddr, String>>,
pub url_preview_domain_contains_allowlist: Vec<String>,
pub url_preview_domain_explicit_allowlist: Vec<String>,
pub url_preview_domain_explicit_denylist: Vec<String>,
pub url_preview_url_contains_allowlist: Vec<String>,
pub url_preview_max_spider_size: usize,
pub url_preview_check_root_domain: bool,
pub forbidden_alias_names: RegexSet,
pub forbidden_usernames: RegexSet,
pub deprioritize_joins_through_servers: RegexSet,
pub max_make_join_attempts_per_join_attempt: usize,
pub max_join_attempts_per_join_request: usize,
pub startup_netburst: bool,
pub startup_netburst_keep: i64,
pub block_non_admin_invites: bool,
pub admin_escape_commands: bool,
pub admin_console_automatic: bool,
pub admin_execute: Vec<String>,
pub admin_execute_errors_ignore: bool,
pub admin_signal_execute: Vec<String>,
pub admin_log_capture: String,
pub admin_room_tag: String,
pub grant_admin_to_first_user: bool,
pub create_admin_room: bool,
pub federate_admin_room: bool,
pub sentry: bool,
pub sentry_endpoint: Option<Url>,
pub sentry_send_server_name: bool,
pub sentry_traces_sample_rate: f32,
pub sentry_attach_stacktrace: bool,
pub sentry_send_panic: bool,
pub sentry_send_error: bool,
pub sentry_filter: String,
pub tokio_console: bool,
pub test: BTreeSet<String>,
pub maintenance: bool,
pub admin_room_notices: bool,
pub save_unredacted_events: bool,
pub redaction_retention_seconds: u64,
pub allow_room_admins_to_request_unredacted_events: bool,
pub disable_local_redactions: bool,
pub db_pool_affinity: bool,
pub db_pool_workers: usize,
pub db_pool_workers_limit: usize,
pub db_pool_max_workers: usize,
pub db_pool_queue_mult: usize,
pub stream_width_default: usize,
pub stream_width_scale: f32,
pub stream_amplification: usize,
pub sender_workers: usize,
pub listening: bool,
pub config_reload_signal: bool,
pub allow_invalid_tls_certificates: bool,
pub access_control_allow_origin: BTreeSet<String>,
pub hydra_backports: bool,
pub delete_rooms_after_leave: bool,
pub one_time_key_limit: usize,
pub single_sso: bool,
pub sso_custom_providers_page: bool,
pub oidc_aware_preferred: bool,
pub appservice_dir: Option<PathBuf>,
pub database_migrations: bool,
pub force_migration: bool,
pub device_key_update_encrypted_rooms_only: bool,
pub blurhashing: BlurhashConfig,
pub storage_provider: BTreeMap<String, StorageProvider>,
pub ldap: LdapConfig,
pub jwt: JwtConfig,
pub appservice: BTreeMap<String, AppService>,
pub identity_provider: BTreeMap<String, IdentityProvider>,
catchall: BTreeMap<String, IgnoredAny>,
}Expand description
All the config options for tuwunel.
Fields§
§server_name: OwnedServerNameThe server_name is the pretty name of this server. It is used as a suffix for user and room IDs/aliases.
See the docs for reverse proxying and delegation: https://tuwunel.chat/deploying/generic.html#setting-up-the-reverse-proxy
Also see the [global.well_known] config section at the very bottom.
Examples of delegation:
- https://matrix.org/.well-known/matrix/server
- https://matrix.org/.well-known/matrix/client
YOU NEED TO EDIT THIS. THIS CANNOT BE CHANGED AFTER WITHOUT A DATABASE WIPE.
example: “girlboss.ceo”
database_path: PathBufThis is the only directory where tuwunel will save its data, including media. Note: this was previously “/var/lib/matrix-conduit”.
default: “/var/lib/tuwunel”
new_user_displayname_suffix: StringText which will be added to the end of the user’s displayname upon registration with a space before the text. In Conduit, this was the lightning bolt emoji.
To disable, set this to “” (an empty string).
reloadable: yes default: “💕”
address: Option<ListeningAddr>The default address (IPv4 or IPv6) tuwunel will listen on.
If you are using Docker or a container NAT networking setup, this must be “0.0.0.0”.
To listen on multiple addresses, specify a vector e.g. [“127.0.0.1”, “::1”]
default: [“127.0.0.1”, “::1”]
port: ListeningPortThe port(s) tuwunel will listen on.
For reverse proxying, see: https://tuwunel.chat/deploying/generic.html#setting-up-the-reverse-proxy
If you are using Docker, don’t change this, you’ll need to map an external port to this.
To listen on multiple ports, specify a vector e.g. [8080, 8448]
default: 8008
tls: TlsConfig§unix_socket_path: Option<PathBuf>The UNIX socket tuwunel will listen on.
Remember to make sure that your reverse proxy has access to this socket
file, either by adding your reverse proxy to the ‘tuwunel’ group or
granting world R/W permissions with unix_socket_perms (666 minimum).
example: “/run/tuwunel/tuwunel.sock”
unix_socket_perms: u32The default permissions (in octal) to create the UNIX socket with.
default: 660
error_on_unknown_config_opts: boolError on startup if any config option specified is unknown to Tuwunel.
This is false by default to allow easier deprecation or removal of config options in the future without breaking existing deployments. The default behaviour is to simply warn on startup. reloadable: yes
database_backup_path: Option<PathBuf>tuwunel supports online database backups using RocksDB’s Backup engine API. To use this, set a database backup path that tuwunel can write to.
For more information, see: https://tuwunel.chat/maintenance.html#backups
reloadable: yes example: “/opt/tuwunel-db-backups”
database_backups_to_keep: i16The amount of online RocksDB database backups to keep/retain, if using “database_backup_path”, before deleting the oldest one.
reloadable: yes default: 1
cache_capacity_modifier: f64Set this to any float value to multiply tuwunel’s in-memory LRU caches with such as “auth_chain_cache_capacity”.
May be useful if you have significant memory to spare to increase performance.
If you have low memory, reducing this may be viable.
By default, the individual caches such as “auth_chain_cache_capacity” are scaled by your CPU core count.
default: 1.0
db_cache_capacity_mb: f64Set this to any float value in megabytes for tuwunel to tell the database engine that this much memory is available for database read caches.
May be useful if you have significant memory to spare to increase performance.
Similar to the individual LRU caches, this is scaled up with your CPU core count.
This defaults to 128.0 + (64.0 * CPU core count).
default: varies by system
db_write_buffer_capacity_mb: f64Set this to any float value in megabytes for tuwunel to tell the database engine that this much memory is available for database write caches.
May be useful if you have significant memory to spare to increase performance.
Similar to the individual LRU caches, this is scaled up with your CPU core count.
This defaults to 48.0 + (4.0 * CPU core count).
default: varies by system
pdu_cache_capacity: u32default: varies by system
auth_chain_cache_capacity: u32default: varies by system
shorteventid_cache_capacity: u32default: varies by system
eventidshort_cache_capacity: u32default: varies by system
eventid_pdu_cache_capacity: u32default: varies by system
shortstatekey_cache_capacity: u32default: varies by system
statekeyshort_cache_capacity: u32default: varies by system
servernameevent_data_cache_capacity: u32default: varies by system
stateinfo_cache_capacity: u32default: varies by system
spacehierarchy_cache_ttl_min: u64Minimum time-to-live in seconds for room summary entries in the spaces cache.
reloadable: yes default: 21600
spacehierarchy_cache_ttl_max: u64Maximum time-to-live in seconds for room summary entries in the spaces cache.
reloadable: yes default: 129600
client_sync_timeout_min: u64Minimum timeout a client can request for long-polling sync. Requests will be clamped up to this value if smaller.
reloadable: yes default: 5000
client_sync_timeout_default: u64Default timeout for long-polling sync if a client does not request another in their query-string.
reloadable: yes default: 30000
client_sync_timeout_max: u64Maximum timeout a client can request for long-polling sync. Requests will be clamped down to this value if larger.
reloadable: yes default: 90000
dns_cache_entries: u32Maximum entries stored in DNS memory-cache. The size of an entry may vary so please take care if raising this value excessively. Only decrease this when using an external DNS cache. Please note that systemd-resolved does not count as an external cache, even when configured to do so.
default: 32768
dns_min_ttl: u64Minimum time-to-live in seconds for entries in the DNS cache. The default may appear high to most administrators; this is by design as the exotic loads of federating to many other servers require a higher TTL than many domains have set. Even when using an external DNS cache the problem is shifted to that cache which is ignorant of its role for this application and can adhere to many low TTL’s increasing its load.
default: 10800
dns_min_ttl_nxdomain: u64Minimum time-to-live in seconds for NXDOMAIN entries in the DNS cache. This value is critical for the server to federate efficiently. NXDOMAIN’s are assumed to not be returning to the federation and aggressively cached rather than constantly rechecked.
Defaults to 3 days as these are very rarely false negatives.
default: 259200
dns_attempts: u16Number of DNS nameserver retries after a timeout or error.
default: 10
dns_timeout: u64The number of seconds to wait for a reply to a DNS query. Please note that recursive queries can take up to several seconds for some domains, so this value should not be too low, especially on slower hardware or resolvers.
default: 10
dns_tcp_fallback: boolFallback to TCP on DNS errors. Set this to false if unsupported by nameserver.
query_all_nameservers: boolEnable to query all nameservers until the domain is found. Referred to as “trust_negative_responses” in hickory_resolver. This can avoid useless DNS queries if the first nameserver responds with NXDOMAIN or an empty NOERROR response.
query_over_tcp_only: boolEnable using only TCP for querying your specified nameservers instead of UDP.
If you are running tuwunel in a container environment, this config option may need to be enabled. For more details, see: https://tuwunel.chat/troubleshooting.html#potential-dns-issues-when-using-docker
ip_lookup_strategy: u8DNS A/AAAA record lookup strategy
Takes a number of one of the following options: 1 - Ipv4Only (Only query for A records, no AAAA/IPv6)
2 - Ipv6Only (Only query for AAAA records, no A/IPv4)
3 - Ipv4AndIpv6 (Query for A and AAAA records in parallel, uses whatever returns a successful response first)
4 - Ipv6thenIpv4 (Query for AAAA record, if that fails then query the A record)
5 - Ipv4thenIpv6 (Query for A record, if that fails then query the AAAA record)
If you don’t have IPv6 networking, then for better DNS performance it may be suitable to set this to Ipv4Only (1) as you will never ever use the AAAA record contents even if the AAAA record is successful instead of the A record.
default: 5
dns_passthru_domains: RegexSetList of domain patterns resolved via the alternative path without any persistent cache, very small memory cache, and no enforced TTL. This is intended for internal network and application services which require these specific properties. This path does not support federation or general purposes.
reloadable: yes example: [“*.dns.podman$”]
default: []
dns_passthru_appservices: boolWhether to resolve appservices via the alternative path; setting this is
superior to providing domains in dns_passthru_domains if all
appservices intend to be matched anyway. The overhead of matching regex
and maintaining the list of domains can be avoided.
dns_case_randomization: boolEnable or disable case randomization for DNS queries. This is a security mitigation where answer spoofing is prevented by having to exactly match the question. Occasional errors seen in logs which may have lead you here tend to be from overloading DNS. Nevertheless for servers which are truly incapable this can be set to false.
This currently defaults to false due to user reports regarding some popular DNS caches which may or may not be patched soon. It may again default to true in an upcoming release.
max_request_size: usizeMax request size for file uploads. Accepts an integer byte count or a string with SI/IEC suffix such as “24 MiB”.
default: 24 MiB
max_pending_media_uploads: usizeMaximum number of concurrently pending (asynchronous) media uploads a user can have.
reloadable: yes default: 5
media_create_unused_expiration_time: u64The time in seconds before an unused pending MXC URI expires and is removed.
reloadable: yes default: 86400 (24 hours)
media_rc_create_per_second: u32The maximum number of media create requests per second allowed from a single user.
reloadable: yes default: 10
media_rc_create_burst_count: u32The maximum burst count for media create requests from a single user.
reloadable: yes default: 50
max_fetch_prev_events: u16reloadable: yes default: 192
request_conn_timeout: u64Default/base connection timeout (seconds). This is used only by URL previews and update/news endpoint checks.
default: 10
request_timeout: u64Default/base request timeout (seconds). The time waiting to receive more data from another server. This is used only by URL previews, update/news, and misc endpoint checks.
default: 35
request_total_timeout: u64Default/base request total timeout (seconds). The time limit for a whole request. This is set very high to not cancel healthy requests while serving as a backstop. This is used only by URL previews and update/news endpoint checks.
default: 320
request_idle_timeout: u64Default/base idle connection pool timeout (seconds). This is used only by URL previews and update/news endpoint checks.
default: 5
request_idle_per_host: u16Default/base max idle connections per host. This is used only by URL previews and update/news endpoint checks. Defaults to 1 as generally the same open connection can be re-used.
default: 1
well_known_conn_timeout: u64Federation well-known resolution connection timeout (seconds).
default: 6
well_known_timeout: u64Federation HTTP well-known resolution request timeout (seconds).
default: 10
federation_timeout: u64Federation client request timeout (seconds). You most definitely want this to be high to account for extremely large room joins, slow homeservers, your own resources etc.
default: 300
federation_idle_timeout: u64Federation client idle connection pool timeout (seconds).
default: 25
federation_idle_per_host: u16Federation client max idle connections per host. Defaults to 1 as generally the same open connection can be re-used.
default: 1
sender_timeout: u64Federation sender request timeout (seconds). The time it takes for the remote server to process sent transactions can take a while.
default: 180
sender_idle_timeout: u64Federation sender idle connection pool timeout (seconds).
default: 180
sender_retry_backoff_limit: u64Federation sender transaction retry backoff limit (seconds).
reloadable: yes default: 86400
appservice_timeout: u64Appservice URL request connection timeout. Defaults to 35 seconds as generally appservices are hosted within the same network.
default: 35
appservice_idle_timeout: u64Appservice URL idle connection pool timeout (seconds).
default: 300
pusher_idle_timeout: u64Notification gateway pusher idle connection pool timeout.
default: 15
client_receive_timeout: u64Maximum time to receive a request from a client (seconds).
default: 75
client_request_timeout: u64Maximum time to process a request received from a client (seconds).
default: 240
client_response_timeout: u64Maximum time to transmit a response to a client (seconds)
default: 120
client_shutdown_timeout: u64Grace period for clean shutdown of client requests (seconds).
reloadable: yes default: 10
ip_source: Option<IpSource>Source of the client IP address for rate limiting, logging, and security tooling.
When unset (the default), the ClientIp extractor falls back to
axum-client-ip’s InsecureClientIp for backward compatibility;
clients can spoof their address via request headers in that mode.
When set, tuwunel installs SecureClientIpSource with the selected
variant and ClientIp resolves exclusively from that source. The
rightmost value is used for multi-valued headers; only the proxy can
append to the right, so this is resistant to client spoofing.
Supported values:
- “connect_info” - TCP peer address only (direct connections)
- “rightmost_x_forwarded_for” - nginx, Caddy
- “rightmost_forwarded” - RFC 7239 proxies
- “x_real_ip” - nginx
X-Real-IP - “cf_connecting_ip” - Cloudflare / cloudflared
- “true_client_ip” - Akamai, Cloudflare Enterprise
- “fly_client_ip” - Fly.io
- “cloudfront_viewer_address” - AWS CloudFront
On Unix-socket deployments, leave this unset rather than setting “connect_info”; that source requires a TCP peer address.
WARNING: a header-based value without a trusted reverse proxy in front of tuwunel allows clients to forge their IP. Changing this value requires a server restart.
default: unset config-example: “connect_info”
sender_shutdown_timeout: u64Grace period for clean shutdown of federation requests (seconds).
reloadable: yes default: 5
allow_registration: boolEnables registration. If set to false, no users can register on this server.
If set to true without a token configured, users can register with no
form of 2nd-step only if you set the following option to true:
yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse
If you would like registration only via token reg, please configure
registration_token or registration_token_file.
reloadable: yes
yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse: boolEnabling this setting opens registration to anyone without restrictions. This makes your server vulnerable to abuse reloadable: yes
registration_token: Option<String>A static registration token that new users will have to provide when
creating an account. If unset and allow_registration is true,
you must set
yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse
to true to allow open registration without any conditions.
YOU NEED TO EDIT THIS OR USE registration_token_file.
reloadable: yes example: “o&^uCtes4HPf0Vu@F20jQeeWE7”
display: sensitive
registration_token_file: Option<PathBuf>Path to a file on the system that gets read for additional registration tokens. Multiple tokens can be added if you separate them with whitespace
tuwunel must be able to access the file, and it must not be empty
reloadable: yes example: “/etc/tuwunel/.reg_token”
allow_encryption: boolControls whether encrypted rooms and events are allowed. reloadable: yes
encryption_enabled_by_default_for_room_type: Option<String>Controls whether locally-created rooms should be end-to-end encrypted by default. This option is equivalent to the one found in Synapse.
Options:
- “all”: All created rooms are encrypted.
- “invite”: Any room created with
private_chatortrusted_private_chatpresets. - “none”: Explicit value for no effect.
- Other values default to no effect.
reloadable: yes default: “none”
allow_federation: boolControls whether federation is allowed or not. It is not recommended to disable this after installation due to potential federation breakage but this is technically not a permanent setting.
federate_created_rooms: boolSets the default m.federate property for newly created rooms when the
client does not request one. If allow_federation is set to false at
the same this value is set to false it then always overrides the client
requested m.federate value to false.
Rooms are fixed to the setting at the time of their creation and can never be changed; changing this value only affects new rooms. reloadable: yes
federation_loopback: boolAllows federation requests to be made to itself
This isn’t intended and is very likely a bug if federation requests are being sent to yourself. This currently mainly exists for development purposes. reloadable: yes
forget_forced_upon_leave: boolAlways calls /forget on behalf of the user if leaving a room. This is a part of MSC4267 “Automatically forgetting rooms on leave” reloadable: yes
require_auth_for_profile_requests: boolSet this to true to require authentication on the normally unauthenticated profile retrieval endpoints (GET) “/_matrix/client/v3/profile/{userId}”.
This can prevent profile scraping. reloadable: yes
preserve_room_profile_overrides: boolPreserve per-room profile overrides during a global profile update.
When true (default), a profile change (displayname or avatar_url)
arriving via the profile endpoints skips rooms whose current
m.room.member already differs from the user’s prior global
profile. This is the natural behavior users expect after setting a
per-room nickname or avatar with a client’s /myroomnick-style
command: a subsequent global change does not clobber the override.
Set to false to always rewrite every joined room’s member event
to match the new global profile. That matches the literal spec
reading.
MSC4466 lets clients pick this per request via the
org.matrix.msc4466.propagate_to query parameter
(all / unchanged / none); an explicit value overrides this
default in either direction.
reloadable: yes default: true
allow_public_room_directory_over_federation: boolSet this to true to allow your server’s public room directory to be
federated. Set this to false to protect against /publicRooms spiders,
but will forbid external users from viewing your server’s public room
directory. If federation is disabled entirely (allow_federation), this
is inherently false.
reloadable: yes
allow_public_room_directory_without_auth: boolSet this to true to allow your server’s public room directory to be queried without client authentication (access token) through the Client APIs. Set this to false to protect against /publicRooms spiders. reloadable: yes
allow_public_room_search_by_id: boolAllows room directory searches to match on partial room_id’s when the search term starts with ‘!’.
reloadable: yes default: true
allow_unlisted_room_search_by_id: boolSet this to false to limit results of rooms when searching by ID to those that would be found by an alias or other query; specifically those listed in the public rooms directory. By default this is set to true allowing any joinable room to match. This satisfies the Principle of Least Expectation when pasting a room_id into a search box with intent to join; many rooms simply opt-out of public listings. Therefor to prevent this feature from abuse, knowledge of several characters of the room_id is required before any results are returned.
reloadable: yes default: true
show_all_local_users_in_user_directory: boolShow all local users in user directory. With this set to false, only users in public rooms or those that share a room with the user making the search will be shown.
reloadable: yes default: false
turn_allow_guests: boolAllow guests/unauthenticated users to access TURN credentials.
This is the equivalent of Synapse’s turn_allow_guests config option.
This allows any unauthenticated user to call the endpoint
/_matrix/client/v3/voip/turnServer.
It is unlikely you need to enable this as all major clients support authentication for this endpoint and prevents misuse of your TURN server from potential bots. reloadable: yes
lockdown_public_room_directory: boolSet this to true to lock down your server’s public room directory and only allow admins to publish rooms to the room directory. Unpublishing is still allowed by all users with this enabled. reloadable: yes
allow_device_name_federation: boolSet this to true to allow federating device display names / allow
external users to see your device display name. If federation is
disabled entirely (allow_federation), this is inherently false. For
privacy reasons, this is best left disabled.
reloadable: yes
allow_inbound_profile_lookup_federation_requests: boolConfig option to allow or disallow incoming federation requests that
obtain the profiles of our local users from
/_matrix/federation/v1/query/profile
Increases privacy of your local user’s such as display names, but some remote users may get a false “this user does not exist” error when they try to invite you to a DM or room. Also can protect against profile spiders.
This is inherently false if allow_federation is disabled
reloadable: yes
allow_room_creation: boolAllow standard users to create rooms. Appservices and admins are always allowed to create rooms reloadable: yes
allow_unstable_room_versions: boolSet to false to disable users from joining or creating room versions that aren’t officially supported by tuwunel. Unstable room versions may have flawed specifications or our implementation may be non-conforming. Correct operation may not be guaranteed, but incorrect operation may be tolerable and unnoticed.
tuwunel officially supports room versions 6+. tuwunel has slightly experimental (though works fine in practice) support for versions 3 - 5.
reloadable: yes default: true
allow_experimental_room_versions: boolSet to true to enable experimental room versions.
Unlike unstable room versions these versions are either under development, protype spec-changes, or somehow present a serious risk to the server’s operation or database corruption. This is for developer use only. reloadable: yes
enable_policy_servers: boolMSC4284: ask the room’s policy server to sign outgoing events. When a
room has a valid m.room.policy state event, the homeserver requests a
signature from that policy server’s federation /sign endpoint before
federating each event. Refusal aborts the local request; network or
timeout failures fail open with a warn log so a transient policy-server
outage does not silently take the room offline.
reloadable: yes default: false
policy_server_request_timeout: u64MSC4284: timeout (seconds) for requests to a room’s policy server.
Applies to both outbound /sign calls and inbound signature-fetches.
reloadable: yes default: 5
default_room_version: RoomVersionIdDefault room version tuwunel will create rooms with.
The default is prescribed by the spec, but may be selected by developer recommendation. To prevent stale documentation we no longer list it here. It is only advised to override this if you know what you are doing, and by doing so, updates with new versions are precluded. reloadable: yes
well_known: WellKnownConfig§allow_jaeger: bool§jaeger_filter: Stringdefault: “info”
tracing_flame: boolIf the ‘perf_measurements’ compile-time feature is enabled, enables collecting folded stack trace profile of tracing spans using tracing_flame. The resulting profile can be visualized with inferno1, speedscope2, or a number of other tools.
tracing_flame_filter: Stringdefault: “info”
tracing_flame_output_path: Stringdefault: “./tracing.folded”
proxy: ProxyConfigExamples:
-
No proxy (default):
proxy = "none" -
For global proxy, create the section at the bottom of this file:
[global.proxy] global = { url = "socks5h://localhost:9050" } -
To proxy some domains:
[global.proxy] [[global.proxy.by_domain]] url = "socks5h://localhost:9050" include = ["*.onion", "matrix.myspecial.onion"] exclude = ["*.myspecial.onion"]
Include vs. Exclude:
-
If include is an empty list, it is assumed to be
["*"]. -
If a domain matches both the exclude and include list, the proxy will only be used if it was included because of a more specific rule than it was excluded. In the above example, the proxy would be used for
ordinary.onion,matrix.myspecial.onion, but nothello.myspecial.onion.
default: “none”
trusted_servers: Vec<OwnedServerName>Servers listed here will be used to gather public keys of other servers (notary trusted key servers).
Currently, tuwunel doesn’t support inbound batched key requests, so this list should only contain other Synapse servers.
reloadable: yes example: [“matrix.org”, “tchncs.de”]
default: [“matrix.org”]
query_trusted_key_servers_first: boolWhether to query the servers listed in trusted_servers first or query the origin server first. For best security, querying the origin server first is advised to minimize the exposure to a compromised trusted server. For maximum federation/join performance this can be set to true, however other options exist to query trusted servers first under specific high-load circumstances and should be evaluated before setting this to true. reloadable: yes
query_trusted_key_servers_first_on_join: boolWhether to query the servers listed in trusted_servers first specifically on room joins. This option limits the exposure to a compromised trusted server to room joins only. The join operation requires gathering keys from many origin servers which can cause significant delays. Therefor this defaults to true to mitigate unexpected delays out-of-the-box. The security-paranoid or those willing to tolerate delays are advised to set this to false. Note that setting query_trusted_key_servers_first to true causes this option to be ignored. reloadable: yes
only_query_trusted_key_servers: boolOnly query trusted servers for keys and never the origin server. This is intended for clusters or custom deployments using their trusted_servers as forwarding-agents to cache and deduplicate requests. Notary servers do not act as forwarding-agents by default, therefor do not enable this unless you know exactly what you are doing. reloadable: yes
trusted_server_batch_size: usizeMaximum number of keys to request in each trusted server batch query.
reloadable: yes default: 192
trusted_server_batch_concurrency: usizeMaximum number of request batches in flight simultaneously when querying a trusted server.
reloadable: yes default: 2
log: StringMax log level for tuwunel. Allows debug, info, warn, or error.
See also: https://docs.rs/tracing-subscriber/latest/tracing_subscriber/filter/struct.EnvFilter.html#directives
Caveat: For release builds, the tracing crate is configured to only implement levels higher than error to avoid unnecessary overhead in the compiled binary from trace macros. For debug builds, this restriction is not applied.
default: “info”
log_colors: boolOutput logs with ANSI colours.
log_compact: boolSets the log format to compact mode.
log_span_events: StringConfigures the span events which will be outputted with the log.
default: “none”
log_filter_regex: boolConfigures whether TUWUNEL_LOG EnvFilter matches values using regular expressions. See the tracing_subscriber documentation on Directives.
default: true
log_thread_ids: boolToggles the display of ThreadId in tracing log output.
default: false
log_to_stderr: boolRedirects logging to standard error (stderr). The default is false for stdout. For those using our systemd features the redirection to stderr occurs as necessary and setting this option should not be required. We offer this option for all other users who desire such redirection.
default: false
log_enable: boolSetting to false disables the logging/tracing system at a lower level.
In contrast to configuring an empty log string where the system is
still operating but muted, when this option is false the system was not
initialized and is not operating. Changing this option has no effect
after startup. This option is intended for developers and expert use
only: configuring an empty log string is preferred over using this.
default: true
log_global_default: boolSetting to false disables the logging/tracing system at a lower level
similar to log_enable. In this case the system is configured normally,
but not registered as the global handler in the final steps. This option
is for developers and expert use only.
default: true
openid_token_ttl: u64OpenID token expiration/TTL in seconds.
These are the OpenID tokens that are primarily used for Matrix account integrations (e.g. Vector Integrations in Element), not OIDC/OpenID Connect/etc.
reloadable: yes default: 3600
login_via_existing_session: boolAllow an existing session to mint a login token for another client. This requires interactive authentication, but has security ramifications as a malicious client could use the mechanism to spawn more than one session. Enabled by default.
reloadable: yes default: true
login_via_token: boolWhether to enable the login token route to accept login tokens at all. Login tokens may be generated by the server for authorization flows such as SSO; disabling tokens may break such features.
This option is distinct from login_via_existing_session and does not
carry the same security implications; the intent is to leave this
enabled while disabling the former to prevent clients from commanding
login token creation but without preventing the server from doing so.
reloadable: yes default: true
login_with_password: boolWhether to enable login using traditional user/password authorization flow.
Set this option to false if you intend to allow logging in only using other mechanisms, such as SSO.
reloadable: yes default: true
login_token_ttl: u64Login token expiration/TTL in milliseconds.
These are short-lived tokens for the m.login.token endpoint. This is used to allow existing sessions to create new sessions. see login_via_existing_session.
reloadable: yes default: 120000
access_token_ttl: u64Access token TTL in seconds.
For clients that support refresh-tokens, the access-token provided on login will be invalidated after this amount of time and the client will be soft-logged-out until refreshing it.
reloadable: yes default: 604800
refresh_token_ttl: u64Refresh token TTL in seconds.
Refresh tokens are rejected once this lifetime elapses. Whether the
deadline slides forward on each use or stays fixed at issuance is
controlled by refresh_token_idle_only. The default of 0 disables
refresh-token expiry entirely; a typical enabled value is 259200
(three days).
reloadable: yes default: 0
refresh_token_idle_only: boolWhether refresh_token_ttl acts as an idle timeout or an absolute
session lifetime.
When true (default), each successful refresh resets the deadline to
now + refresh_token_ttl. A session in continuous use never expires.
When false, the deadline is fixed at first issuance and rotation
carries it forward, forcing re-auth after refresh_token_ttl
regardless of activity.
reloadable: yes default: true
refresh_token_hard_logout: boolWhether refresh-token expiry triggers a hard logout instead of a soft one.
When false (default), an expired refresh token is rejected with
M_UNKNOWN_TOKEN carrying soft_logout: true. The client can preserve
E2EE keys and local state, then re-authenticate to resume the same
device.
When true, the device is removed entirely on expiry: the access
token is invalidated, the device record is deleted, and the client is
signalled with soft_logout: false. The next session is a brand-new
device, so the client cannot recover E2EE history from local state
alone; this is the CWE-613 stance and trades usability for that
guarantee.
reloadable: yes default: false
turn_username: StringStatic TURN username to provide the client if not using a shared secret (“turn_secret”), It is recommended to use a shared secret over static credentials. reloadable: yes
turn_password: StringStatic TURN password to provide the client if not using a shared secret (“turn_secret”). It is recommended to use a shared secret over static credentials.
display: sensitive reloadable: yes
turn_uris: Vec<String>Vector list of TURN URIs/servers to use.
Replace “example.turn.uri” with your TURN domain, such as the coturn “realm” config option. If using TURN over TLS, replace the URI prefix “turn:” with “turns:”.
reloadable: yes example: [“turn:example.turn.uri?transport=udp”, “turn:example.turn.uri?transport=tcp”]
default: []
turn_secret: Option<String>TURN secret to use for generating the HMAC-SHA1 hash apart of username and password generation.
This is more secure, but if needed you can use traditional static username/password credentials.
display: sensitive
turn_secret_file: Option<PathBuf>TURN secret to use that’s read from the file path specified.
This takes priority over “turn_secret” first, and falls back to “turn_secret” if invalid or failed to open.
example: “/etc/tuwunel/.turn_secret”
turn_ttl: u64TURN TTL, in seconds.
reloadable: yes default: 86400
auto_join_rooms: Vec<OwnedRoomOrAliasId>List/vector of room IDs or room aliases that tuwunel will make newly registered users join. The rooms specified must be rooms that you have joined at least once on the server, and must be public.
reloadable: yes example: [“#tuwunel:grin.hu”, “!l2xV0sd51lraysuRcsWVECge4NULaH3g-ou95vgDgiM”]
default: []
auto_deactivate_banned_room_attempts: boolConfig option to automatically deactivate the account of any user who attempts to join a:
- banned room
- forbidden room alias
- room alias or ID with a forbidden server name
This may be useful if all your banned lists consist of toxic rooms or servers that no good faith user would ever attempt to join, and to automatically remediate the problem without any admin user intervention.
This will also make the user leave all rooms. Federation (e.g. remote room invites) are ignored here.
Defaults to false as rooms can be banned for non-moderation-related reasons and this performs a full user deactivation. reloadable: yes
rocksdb_log_level: StringRocksDB log level. This is not the same as tuwunel’s log level. This
is the log level for the RocksDB engine/library which show up in your
database folder/path as LOG files. tuwunel will log RocksDB errors
as normal through tracing or panics if severe for safety.
default: “error”
rocksdb_log_stderr: bool§rocksdb_max_log_file_size: usizeMax RocksDB LOG file size before rotating. Accepts an integer byte
count or a string with SI/IEC suffix such as “4 MiB”.
default: 4194304
rocksdb_log_time_to_roll: usizeTime in seconds before RocksDB will forcibly rotate logs.
default: 0
rocksdb_optimize_for_spinning_disks: boolUse RocksDB tunings tailored to spinning disks (HDDs). On NVMe or SSD storage, leave this disabled.
When enabled, RocksDB skips compaction readahead and parallel file-open
threads at startup. This option does not affect Direct IO; for that, see
rocksdb_direct_io.
rocksdb_direct_io: boolEnables direct-io to increase database performance via unbuffered I/O.
For more details about direct I/O and RockDB, see: https://github.com/facebook/rocksdb/wiki/Direct-IO
Set this option to false if the database resides on a filesystem which does not support direct-io like FUSE, or any form of complex filesystem setup such as possibly ZFS.
rocksdb_parallelism_threads: usizeAmount of threads that RocksDB will use for parallelism on database operations such as cleanup, sync, flush, compaction, etc. Set to 0 to use all your logical threads. Defaults to your CPU logical thread count.
default: varies by system
rocksdb_max_log_files: usizeMaximum number of LOG files RocksDB will keep. This must not be set to 0. It must be at least 1. Defaults to 3 as these are not very useful unless troubleshooting/debugging a RocksDB bug.
default: 3
rocksdb_compression_algo: StringType of RocksDB database compression to use.
Available options are “zstd”, “bz2”, “lz4”, or “none”.
It is best to use ZSTD as an overall good balance between speed/performance, storage, IO amplification, and CPU usage. For more performance but less compression (more storage used) and less CPU usage, use LZ4.
For more details, see: https://github.com/facebook/rocksdb/wiki/Compression
“none” will disable compression.
default: “zstd”
rocksdb_compression_level: i32Level of compression the specified compression algorithm for RocksDB to use.
Default is 32767, which is internally read by RocksDB as the default
magic number and translated to the library’s default compression level
as they all differ. See their kDefaultCompressionLevel.
Note when using the default value we may override it with a setting tailored specifically tuwunel.
default: 32767
rocksdb_bottommost_compression_level: i32Level of compression the specified compression algorithm for the
bottommost level/data for RocksDB to use. Default is 32767, which is
internally read by RocksDB as the default magic number and translated to
the library’s default compression level as they all differ. See their
kDefaultCompressionLevel.
Since this is the bottommost level (generally old and least used data), it may be desirable to have a very high compression level here as it’s less likely for this data to be used. Research your chosen compression algorithm.
Note when using the default value we may override it with a setting tailored specifically tuwunel.
default: 32767
rocksdb_bottommost_compression: boolWhether to enable RocksDB’s “bottommost_compression”.
At the expense of more CPU usage, this will further compress the database to reduce more storage. It is recommended to use ZSTD compression with this for best compression results. This may be useful if you’re trying to reduce storage usage from the database.
See https://github.com/facebook/rocksdb/wiki/Compression for more details.
rocksdb_recovery_mode: u8Database recovery mode (for RocksDB WAL corruption).
Use this option when the server reports corruption and refuses to start. Set mode 2 (PointInTime) to cleanly recover from this corruption. The server will continue from the last good state, several seconds or minutes prior to the crash. Clients may have to run “clear-cache & reload” to account for the rollback. Upon success, you may reset the mode back to default and restart again. Please note in some cases the corruption error may not be cleared for at least 30 minutes of operation in PointInTime mode.
As a very last ditch effort, if PointInTime does not fix or resolve anything, you can try mode 3 (SkipAnyCorruptedRecord) but this will leave the server in a potentially inconsistent state.
The default mode 1 (TolerateCorruptedTailRecords) will automatically drop the last entry in the database if corrupted during shutdown, but nothing more. It is extraordinarily unlikely this will desynchronize clients. To disable any form of silent rollback set mode 0 (AbsoluteConsistency).
The options are: 0 = AbsoluteConsistency 1 = TolerateCorruptedTailRecords (default) 2 = PointInTime (use me if trying to recover) 3 = SkipAnyCorruptedRecord (you now voided your tuwunel warranty)
For more information on these modes, see: https://github.com/facebook/rocksdb/wiki/WAL-Recovery-Modes
For more details on recovering a corrupt database, see: https://tuwunel.chat/troubleshooting.html#database-corruption
default: 1
rocksdb_paranoid_file_checks: boolEnables or disables paranoid SST file checks. This can improve RocksDB database consistency at a potential performance impact due to further safety checks ran.
For more information, see: https://github.com/facebook/rocksdb/wiki/Online-Verification#columnfamilyoptionsparanoid_file_checks
rocksdb_checksums: boolEnables or disables checksum verification in rocksdb at runtime. Checksums are usually hardware accelerated with low overhead; they are enabled in rocksdb by default. Older or slower platforms may see gains from disabling.
default: true
rocksdb_atomic_flush: boolEnables the “atomic flush” mode in rocksdb. This option is not intended for users. It may be removed or ignored in future versions. Atomic flush may be enabled by the paranoid to possibly improve database integrity at the cost of performance.
rocksdb_repair: boolDatabase repair mode (for RocksDB SST corruption).
Use this option when the server reports corruption while running or panics. If the server refuses to start use the recovery mode options first. Corruption errors containing the acronym ‘SST’ which occur after startup will likely require this option.
-
Backing up your database directory is recommended prior to running the repair.
-
Disabling repair mode and restarting the server is recommended after running the repair.
See https://tuwunel.chat/troubleshooting.html#database-corruption for more details on recovering a corrupt database.
rocksdb_read_only: bool§rocksdb_secondary: bool§rocksdb_compaction_prio_idle: boolEnables idle CPU priority for compaction thread. This is not enabled by default to prevent compaction from falling too far behind on busy systems.
rocksdb_compaction_ioprio_idle: boolEnables idle IO priority for compaction thread. This prevents any unexpected lag in the server’s operation and is usually a good idea. Enabled by default.
rocksdb_compaction: boolEnables RocksDB compaction. You should never ever have to set this option to false. If you for some reason find yourself needing to use this option as part of troubleshooting or a bug, please reach out to us in the tuwunel Matrix room with information and details.
Disabling compaction will lead to a significantly bloated and explosively large database, gradually poor performance, unnecessarily excessive disk read/writes, and slower shutdowns and startups.
rocksdb_stats_level: u8Level of statistics collection. Some admin commands to display database statistics may require this option to be set. Database performance may be impacted by higher settings.
Option is a number ranging from 0 to 6: 0 = No statistics. 1 = No statistics in release mode (default). 2 to 3 = Statistics with no performance impact. 3 to 5 = Statistics with possible performance impact. 6 = All statistics.
default: 1
rocksdb_never_drop_columns: boolIgnores the list of dropped columns set by developers.
This should be set to true when knowingly moving between versions in ways which are not recommended or otherwise forbidden, or for diagnostic and development purposes; requiring preservation across such movements.
The developer’s list of dropped columns is meant to safely reduce space by erasing data no longer in use. If this is set to true that storage will not be reclaimed as intended.
default: false
rocksdb_allow_fallocate: boolConfigures RocksDB to not preallocate WAL logs.
Normally, RocksDB allocates certain types of files by calling
fallocate, writing the file contents, then truncating the logs to the
proper size. This causes pathological disk space usage on btrfs due to
how it interacts with its Copy-on-Write implementation. On ZFS,
fallocate(2) for preallocation is unsupported and returns EOPNOTSUPP;
only FALLOC_FL_PUNCH_HOLE and FALLOC_FL_ZERO_RANGE are implemented.
Set this to false if you run the server on btrfs or ZFS, and do not touch it otherwise.
default: true
emergency_password: Option<String>This is a password that can be configured that will let you login to the
server bot account (currently @conduit) for emergency troubleshooting
purposes such as recovering/recreating your admin room, or inviting
yourself back.
See https://tuwunel.chat/troubleshooting.html#lost-access-to-admin-room for other ways to get back into your admin room.
Once this password is unset, all sessions will be logged out for security purposes.
example: “F670$2CP@Hw8mG7RY1$%!#Ic7YA”
display: sensitive
notification_push_path: Stringreloadable: yes default: “/_matrix/push/v1/notify”
push_everything: boolFor compatibility and special purpose use only. Setting this option to true will not filter messages sent to pushers based on rules or actions. Everything will be sent to the pusher. This option is offered for several reasons, but should not be necessary:
- Bypass to workaround bugs or outdated server-side ruleset support.
- Allow clients to evaluate pushrules themselves (due to the above).
- Hosting or companies which have custom pushers and internal needs.
Note that setting this option to true will not affect the record of notifications found in the notifications pane. reloadable: yes
calculate_heroes: boolSetting to false disables the heroes calculation made by sliding and legacy client sync. The heroes calculation is mandated by the Matrix specification and your client may not operate properly unless this option is set to true.
This option is intended for custom software deployments seeking purely to minimize unused resources; the overall savings are otherwise negligible. reloadable: yes
allow_local_presence: boolAllow local (your server only) presence updates/requests.
Note that presence on tuwunel is very fast unlike Synapse’s. If using outgoing presence, this MUST be enabled. reloadable: yes
allow_incoming_presence: boolAllow incoming federated presence updates/requests.
This option receives presence updates from other servers, but does not
send any unless allow_outgoing_presence is true. Note that presence on
tuwunel is very fast unlike Synapse’s.
reloadable: yes
allow_outgoing_presence: boolAllow outgoing presence updates/requests.
This option sends presence updates to other servers, but does not
receive any unless allow_incoming_presence is true. Note that presence
on tuwunel is very fast unlike Synapse’s. If using outgoing presence,
you MUST enable allow_local_presence as well.
reloadable: yes
presence_idle_timeout_s: u64How many seconds without presence updates before you become idle. Defaults to 5 minutes.
default: 300
presence_offline_timeout_s: u64How many seconds without presence updates before you become offline. Defaults to 30 minutes.
default: 1800
presence_timeout_remote_users: boolEnable the presence idle timer for remote users.
Disabling is offered as an optimization for servers participating in many large rooms or when resources are limited. Disabling it may cause incorrect presence states (i.e. stuck online) to be seen for some remote users.
suppress_push_when_active: boolSuppresses push notifications for users marked as active. (Experimental)
When enabled, users with Online presence and recent activity
(based on presence state and sync activity) won’t receive push
notifications, reducing duplicate alerts while they’re active
on another client.
Disabled by default to preserve legacy behavior. reloadable: yes
allow_incoming_read_receipts: boolAllow receiving incoming read receipts from remote servers. reloadable: yes
allow_outgoing_read_receipts: boolAllow sending read receipts to remote servers. reloadable: yes
allow_outgoing_typing: boolAllow outgoing typing updates to federation. reloadable: yes
allow_incoming_typing: boolAllow incoming typing updates from federation. reloadable: yes
typing_federation_timeout_s: u64Maximum time federation user can indicate typing.
reloadable: yes default: 30
typing_client_timeout_min_s: u64Minimum time local client can indicate typing. This does not override a client’s request to stop typing. It only enforces a minimum value in case of no stop request.
reloadable: yes default: 15
typing_client_timeout_max_s: u64Maximum time local client can indicate typing.
reloadable: yes default: 45
zstd_compression: boolSet this to true for tuwunel to compress HTTP response bodies using
zstd. This option does nothing if tuwunel was not built with
zstd_compression feature. Please be aware that enabling HTTP
compression may weaken TLS. Most users should not need to enable this.
See https://breachattack.com/ and https://wikipedia.org/wiki/BREACH
before deciding to enable this.
gzip_compression: boolSet this to true for tuwunel to compress HTTP response bodies using
gzip. This option does nothing if tuwunel was not built with
gzip_compression feature. Please be aware that enabling HTTP
compression may weaken TLS. Most users should not need to enable this.
See https://breachattack.com/ and https://wikipedia.org/wiki/BREACH before
deciding to enable this.
If you are in a large amount of rooms, you may find that enabling this is necessary to reduce the significantly large response bodies.
brotli_compression: boolSet this to true for tuwunel to compress HTTP response bodies using
brotli. This option does nothing if tuwunel was not built with
brotli_compression feature. Please be aware that enabling HTTP
compression may weaken TLS. Most users should not need to enable this.
See https://breachattack.com/ and https://wikipedia.org/wiki/BREACH
before deciding to enable this.
allow_guest_registration: boolSet to true to allow user type “guest” registrations. Some clients like Element attempt to register guest users automatically. reloadable: yes
log_guest_registrations: boolSet to true to log guest registrations in the admin room. Note that these may be noisy or unnecessary if you’re a public homeserver. reloadable: yes
allow_guests_auto_join_rooms: boolSet to true to allow guest registrations/users to auto join any rooms
specified in auto_join_rooms.
reloadable: yes
allow_legacy_media: boolEnable the legacy unauthenticated Matrix media repository endpoints. These endpoints consist of:
- /_matrix/media/*/config
- /_matrix/media/*/upload
- /_matrix/media/*/preview_url
- /_matrix/media//download/
- /_matrix/media//thumbnail/
The authenticated equivalent endpoints are always enabled.
Defaults to false.
request_legacy_media: boolFallback to requesting legacy unauthenticated media from remote servers. Unauthenticated media was removed in ~2024Q3; enabling this adds considerable federation requests which are unlikely to succeed. reloadable: yes
freeze_legacy_media: boolreloadable: yes
media_startup_check: boolCheck consistency of the media directory at startup:
- When
media_compat_file_linkis enabled, this check will upgrade media when switching back and forth between Conduit and tuwunel. Both options must be enabled to handle this. - When media is deleted from the directory, this check will also delete its database entry.
If none of these checks apply to your use cases, and your media directory is significantly large setting this to false may reduce startup time.
media_compat_file_link: boolEnable backward-compatibility with Conduit’s media directory by creating symlinks of media.
This option is only necessary if you plan on using Conduit again. Otherwise setting this to false reduces filesystem clutter and overhead for managing these symlinks in the directory. This is now disabled by default. You may still return to upstream Conduit but you have to run tuwunel at least once with this set to true and allow the media_startup_check to take place before shutting down to return to Conduit.
prune_missing_media: boolPrune missing media from the database as part of the media startup checks.
This means if you delete files from the media directory the corresponding entries will be removed from the database. This is disabled by default because if the media directory is accidentally moved or inaccessible, the metadata entries in the database will be lost with sadness.
media_storage_providers: BTreeSet<String>List of storage providers to use for media. Providers can be configured
below in respective sections designated by
global.storage_provider.<NAME>.<brand> where NAME can be listed
here.
For advanced features and future extensions involving multiple providers the list may contain multiple entries. You MUST take note of other configuration options when listing multiple providers or resource duplication costs and poor performance can result.
The list defaults to ["media"] which is an implicit storage provider
representing the media directory on the local filesystem. It can be
altered by configuring global.storage_provider.media.local explicitly
or disabled by omitting it from this list entirely. Users with existing
deployments are advised to continue listing “media” as a fallback along
with their new provider.
reloadable: yes default: [“media”]
store_media_on_providers: BTreeSet<String>List of configured storage providers where new media will be sent. When
this list is not explicitly configured all entries in
media_storage_providers are used as default.
This list is important for users passively migrating to a new media storage provider by only writing to one while querying the other as a fallback.
For example:
media_storage_providers = ["media", "media_on_s3"]
store_media_on_providers = ["media_on_s3"]
Entries in this list must also be listed in media_storage_providers.
reloadable: yes default: []
prevent_media_downloads_from: RegexSetVector list of regex patterns of server names that tuwunel will refuse to download remote media from.
reloadable: yes example: [“badserver.tld$”, “badphrase”, “19dollarfortnitecards”]
default: []
forbidden_remote_server_names: RegexSetList of forbidden server names via regex patterns that we will block incoming AND outgoing federation with, and block client room joins / remote user invites.
This check is applied on the room ID, room alias, sender server name, sender user’s server name, inbound federation X-Matrix origin, and outbound federation handler.
Basically “global” ACLs.
reloadable: yes example: [“badserver.tld$”, “badphrase”, “19dollarfortnitecards”]
default: []
allowed_remote_server_names_experimental: RegexSet(EXPERIMENTAL) The behavior of this option will change; the _experimental suffix will be removed for that change in an upcoming release.
List of allowed server names via regex patterns. This is an allow-list
rather than a deny-list with all the same details as its counterpart in
forbidden_remote_server_names.
This feature becomes active when this list has one or more entries; everything not matching is denied. By default it is empty and inactive.
Entries in forbidden_remote_server_names are still applied after
this is applied. This allows you to match e.g. “*.example.com” here
while still singling out “bad.example.com” for exclusion.
reloadable: yes example: [“badserver.tld$”, “badphrase”, “19dollarfortnitecards”]
default: []
forbidden_remote_room_directory_server_names: RegexSetList of forbidden server names via regex patterns that we will block all outgoing federated room directory requests for. Useful for preventing our users from wandering into bad servers or spaces.
reloadable: yes example: [“badserver.tld$”, “badphrase”, “19dollarfortnitecards”]
default: []
ip_range_denylist: Vec<String>Vector list of IPv4 and IPv6 CIDR ranges / subnets in quotes that you do not want tuwunel to send outbound requests to. Defaults to RFC1918, unroutable, loopback, multicast, and testnet addresses for security.
Please be aware that this is not a guarantee. You should be using a firewall with zones as doing this on the application layer may have bypasses.
Currently this does not account for proxies in use like Synapse does.
To disable, set this to be an empty vector ([]).
Defaults to: [“127.0.0.0/8”, “10.0.0.0/8”, “172.16.0.0/12”, “192.168.0.0/16”, “100.64.0.0/10”, “192.0.0.0/24”, “169.254.0.0/16”, “192.88.99.0/24”, “198.18.0.0/15”, “192.0.2.0/24”, “198.51.100.0/24”, “203.0.113.0/24”, “224.0.0.0/4”, “::1/128”, “fe80::/10”, “fc00::/7”, “2001:db8::/32”, “ff00::/8”, “fec0::/10”]
url_preview_bound_interface: Option<Either<IpAddr, String>>Optional IP address or network interface-name to bind as the source of URL preview requests. If not set, it will not bind to a specific address or interface.
Interface names only supported on Linux, Android, and Fuchsia platforms;
all other platforms can specify the IP address. To list the interfaces
on your system, use the command ip link show.
example: "eth0" or "1.2.3.4"
default:
url_preview_domain_contains_allowlist: Vec<String>Vector list of domains allowed to send requests to for URL previews.
This is a contains match, not an explicit match. Putting “google.com” will match “https://google.com” and “http://mymaliciousdomainexamplegoogle.com” Setting this to “*” will allow all URL previews. Please note that this opens up significant attack surface to your server, you are expected to be aware of the risks by doing so.
reloadable: yes default: []
url_preview_domain_explicit_allowlist: Vec<String>Vector list of explicit domains allowed to send requests to for URL previews.
This is an explicit match, not a contains match. Putting “google.com” will match “https://google.com”, “http://google.com”, but not “https://mymaliciousdomainexamplegoogle.com”. Setting this to “*” will allow all URL previews. Please note that this opens up significant attack surface to your server, you are expected to be aware of the risks by doing so.
reloadable: yes default: []
url_preview_domain_explicit_denylist: Vec<String>Vector list of explicit domains not allowed to send requests to for URL previews.
This is an explicit match, not a contains match. Putting “google.com” will match “https://google.com”, “http://google.com”, but not “https://mymaliciousdomainexamplegoogle.com”. The denylist is checked first before allowlist. Setting this to “*” will not do anything.
reloadable: yes default: []
url_preview_url_contains_allowlist: Vec<String>Vector list of URLs allowed to send requests to for URL previews.
Note that this is a contains match, not an explicit match. Putting “google.com” will match “https://google.com/”, “https://google.com/url?q=https://mymaliciousdomainexample.com”, and “https://mymaliciousdomainexample.com/hi/google.com” Setting this to “*” will allow all URL previews. Please note that this opens up significant attack surface to your server, you are expected to be aware of the risks by doing so.
reloadable: yes default: []
url_preview_max_spider_size: usizeMaximum body size allowed when spidering a URL for previews. Accepts an integer byte count or a string with SI/IEC suffix such as “256 KB”.
reloadable: yes default: 256000
url_preview_check_root_domain: boolOption to decide whether you would like to run the domain allowlist checks (contains and explicit) on the root domain or not. Does not apply to URL contains allowlist. Defaults to false.
Example usecase: If this is enabled and you have “wikipedia.org” allowed in the explicit and/or contains domain allowlist, it will allow all subdomains under “wikipedia.org” such as “en.m.wikipedia.org” as the root domain is checked and matched. Useful if the domain contains allowlist is still too broad for you but you still want to allow all the subdomains under a root domain. reloadable: yes
forbidden_alias_names: RegexSetList of forbidden room aliases and room IDs as strings of regex patterns.
Regex can be used or explicit contains matches can be done by just specifying the words (see example).
This is checked upon room alias creation, custom room ID creation if used, and startup as warnings if any room aliases in your database have a forbidden room alias/ID.
reloadable: yes example: [“19dollarfortnitecards”, “b[4a]droom”, “badphrase”]
default: []
forbidden_usernames: RegexSetList of forbidden username patterns/strings.
Regex can be used or explicit contains matches can be done by just specifying the words (see example).
This is checked upon username availability check, registration, and startup as warnings if any local users in your database have a forbidden username.
reloadable: yes example: [“administrator”, “b[a4]dusernam[3e]”, “badphrase”]
default: []
deprioritize_joins_through_servers: RegexSetList of server names to deprioritize joining through.
If a client requests a join through one of these servers, they will be tried last.
Useful for preventing failed joins due to timeouts from a certain homeserver.
reloadable: yes default: [“matrix.org”]
max_make_join_attempts_per_join_attempt: usizeMaximum make_join requests to attempt within each join attempt. Each attempt tries a different server, as each server is only tried once; though retries can occur when the join request as a whole is retried.
reloadable: yes default: 48
max_join_attempts_per_join_request: usizeMaximum join attempts to conduct per client join request. Each join attempt consists of one or more make_join requests limited above, and a single send_join request. This value allows for additional servers to act as the join-server prior to reporting the last error back to the client, which can be frustrating for users. Therefor the default value is greater than one, but less than excessively exceeding the client’s request timeout, though that may not be avoidable in some cases.
reloadable: yes default: 3
startup_netburst: boolRetry failed and incomplete messages to remote servers immediately upon startup. This is called bursting. If this is disabled, said messages may not be delivered until more messages are queued for that server. Do not change this option unless server resources are extremely limited or the scale of the server’s deployment is huge. Do not disable this unless you know what you are doing.
startup_netburst_keep: i64Messages are dropped and not reattempted. The startup_netburst option
must be enabled for this value to have any effect. Do not change this
value unless you know what you are doing. Set this value to -1 to
reattempt every message without trimming the queues; this may consume
significant disk. Set this value to 0 to drop all messages without any
attempt at redelivery.
default: 50
block_non_admin_invites: boolBlock non-admin local users from sending room invites (local and remote), and block non-admin users from receiving remote room invites.
Admins are always allowed to send and receive all room invites. reloadable: yes
admin_escape_commands: boolAllow admins to enter commands in rooms other than “#admins” (admin room) by prefixing your message with “!admin” or “\!admin” followed up a normal tuwunel admin command. The reply will be publicly visible to the room, originating from the sender.
reloadable: yes example: \!admin debug ping puppygock.gay
admin_console_automatic: boolAutomatically activate the tuwunel admin room console / CLI on
startup. This option can also be enabled with --console tuwunel
argument.
admin_execute: Vec<String>List of admin commands to execute on startup.
This option can also be configured with the --execute tuwunel
argument and can take standard shell commands and environment variables
For example: ./tuwunel --execute "server admin-notice tuwunel has started up at $(date)"
example: admin_execute = [“debug ping puppygock.gay”, “debug echo hi”]`
default: []
admin_execute_errors_ignore: boolIgnore errors in startup commands.
If false, tuwunel will error and fail to start if an admin execute
command (--execute / admin_execute) fails.
reloadable: yes
admin_signal_execute: Vec<String>List of admin commands to execute on SIGUSR2.
Similar to admin_execute, but these commands are executed when the server receives SIGUSR2 on supporting platforms.
reloadable: yes default: []
admin_log_capture: StringControls the max log level for admin command log captures (logs generated from running admin commands). Defaults to “info” on release builds, else “debug” on debug builds.
reloadable: yes default: “info”
admin_room_tag: StringThe default room tag to apply on the admin room.
On some clients like Element, the room tag “m.server_notice” is a special pinned room at the very bottom of your room list. The tuwunel admin room can be pinned here so you always have an easy-to-access shortcut dedicated to your admin room.
reloadable: yes default: “m.server_notice”
grant_admin_to_first_user: boolWhether to grant the first user to register admin privileges by joining them to the admin room. Note that technically the next user to register when the admin room is empty (or only contains the server-user) is granted, and only when the admin room is enabled.
reloadable: yes default: true
create_admin_room: boolWhether the admin room is created on first startup. Users should not set this to false. Developers can set this to false during integration tests to reduce activity and output.
default: true
federate_admin_room: boolWhether to enable federation on the admin room. This cannot be changed after the admin room is created.
default: true
sentry: boolSentry.io crash/panic reporting, performance monitoring/metrics, etc.
This is NOT enabled by default. tuwunel’s default Sentry reporting
endpoint domain is o4509498990067712.ingest.us.sentry.io.
sentry_endpoint: Option<Url>Sentry reporting URL, if a custom one is desired.
display: sensitive default: “”
sentry_send_server_name: boolReport your tuwunel server_name in Sentry.io crash reports and metrics.
sentry_traces_sample_rate: f32Performance monitoring/tracing sample rate for Sentry.io.
Note that too high values may impact performance, and can be disabled by setting it to 0.0 (0%) This value is read as a percentage to Sentry, represented as a decimal. Defaults to 15% of traces (0.15)
default: 0.15
sentry_attach_stacktrace: boolWhether to attach a stacktrace to Sentry reports.
sentry_send_panic: boolSend panics to Sentry. This is true by default, but Sentry has to be
enabled. The global sentry config option must be enabled to send any
data.
sentry_send_error: boolSend errors to sentry. This is true by default, but sentry has to be enabled. This option is only effective in release-mode; forced to false in debug-mode.
sentry_filter: StringControls the tracing log level for Sentry to send things like breadcrumbs and transactions
default: “info”
tokio_console: boolEnable the tokio-console. This option is only relevant to developers.
For more information, see: https://tuwunel.chat/development.html#debugging-with-tokio-console
test: BTreeSet<String>Arbitrary argument vector for integration testing. Functionality in the server is altered or informed for the requirements of integration tests.
- “smoke” performs a shutdown after startup admin commands rather than hanging on client handling.
display: hidden
maintenance: boolIndicates the server has started in maintenance mode. Historically
maintenance mode has been enabled by the command line argument
--maintenance which then sets various configuration items such as
listening=false among others. That is still the case. This option was
only added as a single source of truth that --maintenance mode is
active.
This option must never be set manually.
display: hidden
admin_room_notices: boolControls whether admin room notices like account registrations, password changes, account deactivations, room directory publications, etc will be sent to the admin room. Update notices and normal admin command responses will still be sent. reloadable: yes
save_unredacted_events: boolSave original events before applying redaction to them.
They can be retrieved with admin debug get-retained-pdu or MSC2815.
reloadable: yes default: true
redaction_retention_seconds: u64Redaction retention period in seconds.
By default the unredacted events are stored for 60 days.
reloadable: yes default: 5184000
allow_room_admins_to_request_unredacted_events: boolAllows users with redact power level to request unredacted events with
MSC2815.
Server admins can request unredacted events regardless of the value of this option.
reloadable: yes default: true
disable_local_redactions: boolPrevents local users from sending redactions.
This check does not apply to server admins. reloadable: yes
db_pool_affinity: boolEnable database pool affinity support. On supporting systems, block device queue topologies are detected and the request pool is optimized for the hardware; db_pool_workers is determined automatically.
default: true
db_pool_workers: usizeSets the number of worker threads in the frontend-pool of the database. This number should reflect the I/O capabilities of the system, such as the queue-depth or the number of simultaneous requests in flight. Defaults to 32 times the number of CPU cores.
Note: This value is only used if db_pool_affinity is disabled or not detected on the system, otherwise it is determined automatically.
default: 32
db_pool_workers_limit: usizeWhen db_pool_affinity is enabled and detected, the size of any worker group will not exceed the determined value. This is necessary when thread-pooling approach does not scale to the full capabilities of high-end hardware; using detected values without limitation could degrade performance.
The value is multiplied by the number of cores which share a device queue, since group workers can be scheduled on any of those cores.
default: 64
db_pool_max_workers: usizeLimits the total number of workers across all worker groups. When the sum of all groups exceeds this value the worker counts are reduced until this constraint is satisfied.
By default this value is only effective on larger systems (e.g. 16+ cores) where it will tamper the overall thread-count. The thread-pool model will never achieve hardware capacity but this value can be raised on huge systems if the scheduling overhead is determined to not bottleneck and the worker groups are divided too small.
default: 2048
db_pool_queue_mult: usizeDetermines the size of the queues feeding the database’s frontend-pool. The size of the queue is determined by multiplying this value with the number of pool workers. When this queue is full, tokio tasks conducting requests will yield until space is available; this is good for flow-control by avoiding buffer-bloat, but can inhibit throughput if too low.
default: 4
stream_width_default: usizeSets the initial value for the concurrency of streams. This value simply allows overriding the default in the code. The default is 32, which is the same as the default in the code. Note this value is itself overridden by the computed stream_width_scale, unless that is disabled; this value can serve as a fixed-width instead.
default: 32
stream_width_scale: f32Scales the stream width starting from a base value detected for the specific system. The base value is the database pool worker count determined from the hardware queue size (e.g. 32 for SSD or 64 or 128+ for NVMe). This float allows scaling the width up or down by multiplying it (e.g. 1.5, 2.0, etc). The maximum result can be the size of the pool queue (see: db_pool_queue_mult) as any larger value will stall the tokio task. The value can also be scaled down (e.g. 0.5) to improve responsiveness for many users at the cost of throughput for each.
Setting this value to 0.0 causes the stream width to be fixed at the value of stream_width_default. The default scale is 1.0 to match the capabilities detected for the system.
default: 1.0
stream_amplification: usizeSets the initial amplification factor. This controls batch sizes of requests made by each pool worker, multiplying the throughput of each stream. This value is somewhat abstract from specific hardware characteristics and can be significantly larger than any thread count or queue size. This is because each database query may require several index lookups, thus many database queries in a batch may make progress independently while also sharing index and data blocks which may or may not be cached. It is worthwhile to submit huge batches to reduce complexity. The maximum value is 32768, though sufficient hardware is still advised for that.
default: 1024
sender_workers: usizeNumber of sender task workers; determines sender parallelism. Default is ‘0’ which means the value is determined internally, likely matching the number of tokio worker-threads or number of cores, etc. Override by setting a non-zero value.
default: 0
listening: boolEnables listener sockets; can be set to false to disable listening. This option is intended for developer/diagnostic purposes only.
config_reload_signal: boolEnables configuration reload when the server receives SIGUSR1 on supporting platforms.
reloadable: yes default: true
allow_invalid_tls_certificates: boolToggles ignore checking/validating TLS certificates
This applies to everything, including URL previews, federation requests, etc. This is a hidden argument that should NOT be used in production as it is highly insecure and I will personally yell at you if I catch you using this.
access_control_allow_origin: BTreeSet<String>Sets the Access-Control-Allow-Origin header included by this server in
all responses. A list of multiple values can be specified. The default
is an empty list. The actual header defaults to * upon an empty list.
There is no reason to configure this without specific intent. Incorrect values may degrade or disrupt clients.
default: []
hydra_backports: boolBackport state-reset security fixes to all room versions.
This option applies the State Resolution 2.1 mitigation developed during project Hydra for room version 12 to all prior State Resolution 2.0 room versions (all room versions supported by this server). These mitigations increase resilience to state-resets without any new definition of correctness; therefor it is safe to set this to true for existing rooms.
Furthermore, state-reset attacks are not consistent as they result in rooms without any single consensus, therefor it is unnecessary to set this to false to match other servers which set this to false or simply lack support; even if replicating the post-reset state suffered by other servers is somehow desired.
This option exists for developer and debug use, and as a failsafe in lieu of hardcoding it. reloadable: yes
delete_rooms_after_leave: boolDelete rooms when the last user from this server leaves. This feature is experimental and for the purpose of least-surprise is not enabled by default but can be enabled for deployments interested in conserving space. It may eventually default to true in a future release.
Note that not all pathways which can remove the last local user currently invoke this operation, so in some cases you may find the room still exists.
reloadable: yes default: false
one_time_key_limit: usizeLimits the number of One Time Keys per device (not per-algorithm). The reference implementation maintains 50 OTK’s at any given time, therefor our default is at least five times that. There is no known reason for an administrator to adjust this value; it is provided here rather than hardcoding it.
reloadable: yes default: 256
single_sso: bool(EXPERIMENTAL) Setting this option to true replaces the list of identity
providers displayed on a client’s login page with a single button “Sign
in with single sign-on” linking to the URL
/_matrix/client/v3/login/sso/redirect. All configured providers are
attempted for authorization. All authorizations associate with the same
Matrix user. NOTE: All authorizations must succeed, as there is no
reliable way to skip a provider.
This option is disabled by default, allowing the client to list configured providers and permitting privacy-conscious users to authorize only their choice.
Note that fluffychat always displays a single button anyway. You do not
need to enable this to use fluffychat; instead we offer a
default-provider option, see default in the provider config section.
reloadable: yes
sso_custom_providers_page: boolSetting this option to true replaces the list of identity providers on
the client’s login screen with a single button “Sign in with single
sign-on” linking to the URL /_matrix/client/v3/login/sso/redirect. The
deployment is expected to intercept this URL with their reverse-proxy to
provide a custom webpage listing providers; each entry linking or
redirecting back to one of the configured identity providers at
/_matrix/client/v3/login/sso/redirect/<client_id>`.
This option defaults to false, allowing the client to generate the list of providers or hide all SSO-related options when none configured. reloadable: yes
oidc_aware_preferred: boolFrom MSC3824:
If the client finds oauth_aware_preferred to be true then, assuming it supports that auth type, it should present this as the only login/registration method available to the user. reloadable: yes
appservice_dir: Option<PathBuf>Directory containing appservice yaml registration files.
default: “”
database_migrations: boolSkip database migration on startup. This option is intended for developer debugging and testing only. Never set this option to false unless you have been instructed to do so. Setting this option to false may cause permanent damage and permanent loss of data.
Any new database migrations will not be applied on startup, and the database schema version will not be adjusted. These migrations and schema changes may be expected by the current codebase but may not be available when this option is set to false.
Setting this option to false will have no effect if no new migrations are to be applied. New migrations are applied once during any execution where this option is set to true (which is the default).
force_migration: boolForce the database to set its version to the current version known to the executable.
- When the discovered version is less than the current version any migrations are applied normally.
- When the discovered version is equal to the current version, unversioned migrations are applied normally.
- When the discovered database version is greater than the current version, one-time migrations are applied normally and the discoverable version is regressed back to the current version.
This option extremely dangerous and intended for developer debugging and testing only. Never set this option unless you have been instructed to do so. Setting this option may cause permanent damage and permanent loss of data.
device_key_update_encrypted_rooms_only: boolSet this to true for excluding unencrypted rooms from the common-rooms calculation deciding the receivers of device list updates.
Setting this to true can help performance on very large homeservers, but it may not be spec compliant and risky for client expectations. reloadable: yes
blurhashing: BlurhashConfig§storage_provider: BTreeMap<String, StorageProvider>§ldap: LdapConfig§jwt: JwtConfig§appservice: BTreeMap<String, AppService>§identity_provider: BTreeMap<String, IdentityProvider>§catchall: BTreeMap<String, IgnoredAny>Implementations§
Source§impl Config
impl Config
pub fn get_bind_addrs(&self) -> Vec<SocketAddr>
Source§impl Config
impl Config
pub fn is_forbidden_remote_server_name(&self, server_name: &ServerName) -> bool
Source§impl Config
impl Config
pub fn supported_room_version(&self, version: &RoomVersionId) -> bool
pub fn supported_room_versions( &self, ) -> impl Iterator<Item = (RoomVersionId, RoomVersionStability)> + '_
Trait Implementations§
Source§impl<'de> Deserialize<'de> for Config
impl<'de> Deserialize<'de> for Config
Source§fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
Auto Trait Implementations§
impl Freeze for Config
impl RefUnwindSafe for Config
impl Send for Config
impl Sync for Config
impl Unpin for Config
impl UnsafeUnpin for Config
impl UnwindSafe for Config
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
Source§impl<T> ExpectInto for T
impl<T> ExpectInto for T
fn expect_into<Dst: TryFrom<Self>>(self) -> Dstwhere
Self: Sized,
Source§impl<T> Expected for T
impl<T> Expected for T
fn expected_add(self, rhs: Self) -> Selfwhere
Self: CheckedAdd + Sized,
fn expected_sub(self, rhs: Self) -> Selfwhere
Self: CheckedSub + Sized,
fn expected_mul(self, rhs: Self) -> Selfwhere
Self: CheckedMul + Sized,
fn expected_div(self, rhs: Self) -> Selfwhere
Self: CheckedDiv + Sized,
fn expected_rem(self, rhs: Self) -> Selfwhere
Self: CheckedRem + Sized,
§impl<T> Identity for Twhere
T: ?Sized,
impl<T> Identity for Twhere
T: ?Sized,
§impl<T> Instrument for T
impl<T> Instrument for T
§fn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
§fn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
Source§impl<T> IntoEither for T
impl<T> IntoEither for T
Source§fn into_either(self, into_left: bool) -> Either<Self, Self>
fn into_either(self, into_left: bool) -> Either<Self, Self>
self into a Left variant of Either<Self, Self>
if into_left is true.
Converts self into a Right variant of Either<Self, Self>
otherwise. Read moreSource§fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
self into a Left variant of Either<Self, Self>
if into_left(&self) returns true.
Converts self into a Right variant of Either<Self, Self>
otherwise. Read more§impl<T> Paint for Twhere
T: ?Sized,
impl<T> Paint for Twhere
T: ?Sized,
§fn fg(&self, value: Color) -> Painted<&T>
fn fg(&self, value: Color) -> Painted<&T>
Returns a styled value derived from self with the foreground set to
value.
This method should be used rarely. Instead, prefer to use color-specific
builder methods like red() and
green(), which have the same functionality but are
pithier.
§Example
Set foreground color to white using fg():
use yansi::{Paint, Color};
painted.fg(Color::White);Set foreground color to white using white().
use yansi::Paint;
painted.white();§fn bright_black(&self) -> Painted<&T>
fn bright_black(&self) -> Painted<&T>
§fn bright_red(&self) -> Painted<&T>
fn bright_red(&self) -> Painted<&T>
§fn bright_green(&self) -> Painted<&T>
fn bright_green(&self) -> Painted<&T>
§fn bright_yellow(&self) -> Painted<&T>
fn bright_yellow(&self) -> Painted<&T>
§fn bright_blue(&self) -> Painted<&T>
fn bright_blue(&self) -> Painted<&T>
§fn bright_magenta(&self) -> Painted<&T>
fn bright_magenta(&self) -> Painted<&T>
§fn bright_cyan(&self) -> Painted<&T>
fn bright_cyan(&self) -> Painted<&T>
§fn bright_white(&self) -> Painted<&T>
fn bright_white(&self) -> Painted<&T>
§fn bg(&self, value: Color) -> Painted<&T>
fn bg(&self, value: Color) -> Painted<&T>
Returns a styled value derived from self with the background set to
value.
This method should be used rarely. Instead, prefer to use color-specific
builder methods like on_red() and
on_green(), which have the same functionality but
are pithier.
§Example
Set background color to red using fg():
use yansi::{Paint, Color};
painted.bg(Color::Red);Set background color to red using on_red().
use yansi::Paint;
painted.on_red();§fn on_primary(&self) -> Painted<&T>
fn on_primary(&self) -> Painted<&T>
§fn on_magenta(&self) -> Painted<&T>
fn on_magenta(&self) -> Painted<&T>
§fn on_bright_black(&self) -> Painted<&T>
fn on_bright_black(&self) -> Painted<&T>
§fn on_bright_red(&self) -> Painted<&T>
fn on_bright_red(&self) -> Painted<&T>
§fn on_bright_green(&self) -> Painted<&T>
fn on_bright_green(&self) -> Painted<&T>
§fn on_bright_yellow(&self) -> Painted<&T>
fn on_bright_yellow(&self) -> Painted<&T>
§fn on_bright_blue(&self) -> Painted<&T>
fn on_bright_blue(&self) -> Painted<&T>
§fn on_bright_magenta(&self) -> Painted<&T>
fn on_bright_magenta(&self) -> Painted<&T>
§fn on_bright_cyan(&self) -> Painted<&T>
fn on_bright_cyan(&self) -> Painted<&T>
§fn on_bright_white(&self) -> Painted<&T>
fn on_bright_white(&self) -> Painted<&T>
§fn attr(&self, value: Attribute) -> Painted<&T>
fn attr(&self, value: Attribute) -> Painted<&T>
Enables the styling [Attribute] value.
This method should be used rarely. Instead, prefer to use
attribute-specific builder methods like bold() and
underline(), which have the same functionality
but are pithier.
§Example
Make text bold using attr():
use yansi::{Paint, Attribute};
painted.attr(Attribute::Bold);Make text bold using using bold().
use yansi::Paint;
painted.bold();§fn rapid_blink(&self) -> Painted<&T>
fn rapid_blink(&self) -> Painted<&T>
§fn quirk(&self, value: Quirk) -> Painted<&T>
fn quirk(&self, value: Quirk) -> Painted<&T>
Enables the yansi [Quirk] value.
This method should be used rarely. Instead, prefer to use quirk-specific
builder methods like mask() and
wrap(), which have the same functionality but are
pithier.
§Example
Enable wrapping using .quirk():
use yansi::{Paint, Quirk};
painted.quirk(Quirk::Wrap);Enable wrapping using wrap().
use yansi::Paint;
painted.wrap();§fn clear(&self) -> Painted<&T>
👎Deprecated since 1.0.1: renamed to resetting() due to conflicts with Vec::clear().
The clear() method will be removed in a future release.
fn clear(&self) -> Painted<&T>
renamed to resetting() due to conflicts with Vec::clear().
The clear() method will be removed in a future release.
§fn whenever(&self, value: Condition) -> Painted<&T>
fn whenever(&self, value: Condition) -> Painted<&T>
Conditionally enable styling based on whether the [Condition] value
applies. Replaces any previous condition.
See the crate level docs for more details.
§Example
Enable styling painted only when both stdout and stderr are TTYs:
use yansi::{Paint, Condition};
painted.red().on_yellow().whenever(Condition::STDOUTERR_ARE_TTY);§impl<T> PolicyExt for Twhere
T: ?Sized,
impl<T> PolicyExt for Twhere
T: ?Sized,
§impl<T> ServiceExt for T
impl<T> ServiceExt for T
§fn add_extension<T>(self, value: T) -> AddExtension<Self, T>where
Self: Sized,
fn add_extension<T>(self, value: T) -> AddExtension<Self, T>where
Self: Sized,
§fn compression(self) -> Compression<Self>where
Self: Sized,
fn compression(self) -> Compression<Self>where
Self: Sized,
§fn decompression(self) -> Decompression<Self>where
Self: Sized,
fn decompression(self) -> Decompression<Self>where
Self: Sized,
§fn trace_for_http(self) -> Trace<Self, SharedClassifier<ServerErrorsAsFailures>>where
Self: Sized,
fn trace_for_http(self) -> Trace<Self, SharedClassifier<ServerErrorsAsFailures>>where
Self: Sized,
§fn trace_for_grpc(self) -> Trace<Self, SharedClassifier<GrpcErrorsAsFailures>>where
Self: Sized,
fn trace_for_grpc(self) -> Trace<Self, SharedClassifier<GrpcErrorsAsFailures>>where
Self: Sized,
§fn follow_redirects(self) -> FollowRedirect<Self>where
Self: Sized,
fn follow_redirects(self) -> FollowRedirect<Self>where
Self: Sized,
§fn sensitive_headers(
self,
headers: impl IntoIterator<Item = HeaderName>,
) -> SetSensitiveRequestHeaders<SetSensitiveResponseHeaders<Self>>where
Self: Sized,
fn sensitive_headers(
self,
headers: impl IntoIterator<Item = HeaderName>,
) -> SetSensitiveRequestHeaders<SetSensitiveResponseHeaders<Self>>where
Self: Sized,
§fn sensitive_request_headers(
self,
headers: impl IntoIterator<Item = HeaderName>,
) -> SetSensitiveRequestHeaders<Self>where
Self: Sized,
fn sensitive_request_headers(
self,
headers: impl IntoIterator<Item = HeaderName>,
) -> SetSensitiveRequestHeaders<Self>where
Self: Sized,
§fn sensitive_response_headers(
self,
headers: impl IntoIterator<Item = HeaderName>,
) -> SetSensitiveResponseHeaders<Self>where
Self: Sized,
fn sensitive_response_headers(
self,
headers: impl IntoIterator<Item = HeaderName>,
) -> SetSensitiveResponseHeaders<Self>where
Self: Sized,
§fn override_request_header<M>(
self,
header_name: HeaderName,
make: M,
) -> SetRequestHeader<Self, M>where
Self: Sized,
fn override_request_header<M>(
self,
header_name: HeaderName,
make: M,
) -> SetRequestHeader<Self, M>where
Self: Sized,
§fn append_request_header<M>(
self,
header_name: HeaderName,
make: M,
) -> SetRequestHeader<Self, M>where
Self: Sized,
fn append_request_header<M>(
self,
header_name: HeaderName,
make: M,
) -> SetRequestHeader<Self, M>where
Self: Sized,
§fn insert_request_header_if_not_present<M>(
self,
header_name: HeaderName,
make: M,
) -> SetRequestHeader<Self, M>where
Self: Sized,
fn insert_request_header_if_not_present<M>(
self,
header_name: HeaderName,
make: M,
) -> SetRequestHeader<Self, M>where
Self: Sized,
§fn override_response_header<M>(
self,
header_name: HeaderName,
make: M,
) -> SetResponseHeader<Self, M>where
Self: Sized,
fn override_response_header<M>(
self,
header_name: HeaderName,
make: M,
) -> SetResponseHeader<Self, M>where
Self: Sized,
§fn append_response_header<M>(
self,
header_name: HeaderName,
make: M,
) -> SetResponseHeader<Self, M>where
Self: Sized,
fn append_response_header<M>(
self,
header_name: HeaderName,
make: M,
) -> SetResponseHeader<Self, M>where
Self: Sized,
§fn insert_response_header_if_not_present<M>(
self,
header_name: HeaderName,
make: M,
) -> SetResponseHeader<Self, M>where
Self: Sized,
fn insert_response_header_if_not_present<M>(
self,
header_name: HeaderName,
make: M,
) -> SetResponseHeader<Self, M>where
Self: Sized,
§fn catch_panic(self) -> CatchPanic<Self, DefaultResponseForPanic>where
Self: Sized,
fn catch_panic(self) -> CatchPanic<Self, DefaultResponseForPanic>where
Self: Sized,
500 Internal Server responses. Read more§impl<T> ToStringFallible for Twhere
T: Display,
impl<T> ToStringFallible for Twhere
T: Display,
§fn try_to_string(&self) -> Result<String, TryReserveError>
fn try_to_string(&self) -> Result<String, TryReserveError>
ToString::to_string, but without panic on OOM.