Add federation and database pool configuration support

README.md

@@ -52,6 +52,10 @@ The image uses template variables in `homeserver.yaml` that are substituted at s
 | `SERVER_REGION` | No | Region label for the `/beacon/info` endpoint |
 | `SYNAPSE_ENABLE_METRICS` | No | Set to `1` to expose Prometheus metrics on port 19090 |
 | `SYNAPSE_WORKERS` | No | Set to `true` to enable multi-worker mode |
+| `PUBLIC_BASEURL` | No | Public URL for federation (default: `https://SERVER_NAME`) |
+| `SERVE_WELLKNOWN` | No | Set to `true` to serve `.well-known/matrix/server` for Cloudflare |
+| `DB_CP_MIN` | No | Minimum database connections (default: `20`) |
+| `DB_CP_MAX` | No | Maximum database connections (default: `80`) |
 
 ### Entrypoint options
 
@@ -74,6 +78,27 @@ docker run ghcr.io/ecadinfra/beacon-synapse --skip-templating
 | 19090 | Prometheus metrics (main process, when enabled) |
 | 19091-19094 | Prometheus metrics (workers 1-4, when enabled) |
 
+### Federation behind Cloudflare
+
+If your server is behind Cloudflare (or any proxy that doesn't support port 8448), enable `.well-known` delegation:
+
+```yaml
+environment:
+  PUBLIC_BASEURL: "https://beacon-1.example.com"
+  SERVE_WELLKNOWN: "true"
+```
+
+This configures Synapse to:
+1. Serve `/.well-known/matrix/server` with delegation to port 443
+2. Set `public_baseurl` for proper federation discovery
+
+Other Matrix servers will then connect on port 443 instead of 8448. Ensure your reverse proxy routes:
+- `/.well-known/matrix/server` → Synapse (port 8008)
+- `/_matrix/federation/*` → Synapse (port 8008)
+- `/_matrix/client/*` → Synapse (port 8008)
+
+**Important**: Configure Cloudflare to not challenge `/_matrix/federation/*` paths (these are server-to-server requests, not browsers).
+
 ## Authentication protocol
 
 This image replaces Matrix password authentication with Ed25519 signature verification via `crypto_auth_provider.py`.

homeserver.yaml

@@ -1,6 +1,12 @@
 server_name: "${SERVER_NAME}"
 pid_file: /data/homeserver.pid
 
+# Public base URL for federation and .well-known delegation
+# This tells other servers to connect on port 443 instead of 8448
+# Set via PUBLIC_BASEURL env var (defaults to https://SERVER_NAME if not set)
+# When SERVE_WELLKNOWN=true, entrypoint adds serve_server_wellknown: true
+public_baseurl: "${PUBLIC_BASEURL}"
+
 ## Federation ##
 # federation_domain_whitelist:
 #   - matrix.papers.tech
@@ -52,8 +58,8 @@ database:
     password: ${DB_PASS}
     database: ${DB_NAME}
     host: ${DB_HOST}
-    cp_min: 20
-    cp_max: 80
+    cp_min: ${DB_CP_MIN}
+    cp_max: ${DB_CP_MAX}
 
 log_config: "/config/synapse.log.config"
 

synctl_entrypoint.sh

@@ -38,8 +38,15 @@ else
   echo "Metrics disabled (set SYNAPSE_ENABLE_METRICS=1 to enable)"
 fi
 
+# Set defaults for optional configuration variables
+# PUBLIC_BASEURL: Federation and .well-known delegation (defaults to https://SERVER_NAME)
+export PUBLIC_BASEURL="${PUBLIC_BASEURL:-https://$SERVER_NAME}"
+# DB_CP_MIN/MAX: Database connection pool size (defaults match previous hardcoded values)
+export DB_CP_MIN="${DB_CP_MIN:-20}"
+export DB_CP_MAX="${DB_CP_MAX:-80}"
+
 # Perform variable substitution unless --skip-templating is set
-ENVSUBST_VARS='${SERVER_NAME} ${DB_HOST} ${DB_USER} ${DB_PASS} ${DB_NAME} ${REGISTRATION_SHARED_SECRET} ${METRICS_BIND_ADDRESS}'
+ENVSUBST_VARS='${SERVER_NAME} ${DB_HOST} ${DB_USER} ${DB_PASS} ${DB_NAME} ${REGISTRATION_SHARED_SECRET} ${METRICS_BIND_ADDRESS} ${PUBLIC_BASEURL} ${DB_CP_MIN} ${DB_CP_MAX}'
 
 if [ "$SKIP_TEMPLATING" = "false" ]; then
   echo "Performing template variable substitution..."
@@ -57,6 +64,19 @@ if [ "$SKIP_TEMPLATING" = "false" ]; then
       envsubst '${METRICS_BIND_ADDRESS}' < "$tmpl" > "/config/workers/$(basename "$tmpl")"
     done
   fi
+
+  # Implement SERVE_WELLKNOWN functionality for Cloudflare-proxied servers
+  # When SERVE_WELLKNOWN=true, configure Synapse to serve .well-known/matrix/server
+  # This enables federation on port 443 instead of 8448 (required for Cloudflare)
+  if [ "${SERVE_WELLKNOWN:-false}" = "true" ]; then
+    echo "Enabling .well-known/matrix/server endpoint (SERVE_WELLKNOWN=true)"
+    # Add serve_server_wellknown setting if not already present
+    if ! grep -q "^serve_server_wellknown:" "$CONFIG_FILE"; then
+      echo "" >> "$CONFIG_FILE"
+      echo "# Auto-configured by entrypoint based on SERVE_WELLKNOWN env var" >> "$CONFIG_FILE"
+      echo "serve_server_wellknown: true" >> "$CONFIG_FILE"
+    fi
+  fi
 else
   echo "Skipping template variable substitution (--skip-templating)"
   # When skipping, ensure config files exist (copy templates as-is)