# 环境
# 网络环境确保
- https (建议,http 未测试)
- 用户可访问
synapse 、 nextcloud
synapse 可访问 nextcloud
# 自签名证书问题 (指定 ca 文件)
| |
| -v /data/matrix/ca.pem:/etc/ssl/certs/ca.pem -e SSL_CERT_FILE=/etc/ssl/certs/ca.pem |
| |
| |
| export SSL_CERT_FILE=/data/matrix/ca.pem |
# nextcloud
# 在 nextcloud 创建 OAuth2 Client
官方文档
callback: https://<Synapse Server>/_synapse/client/oidc/callback
# synapse 配置文件 (homeserver.yaml)
| |
| oidc_providers: |
| - idp_id: nextcloud |
| idp_name: Nextcloud |
| |
| discover: false |
| issuer: "" |
| client_id: <OAuth Client ID> |
| client_secret: <OAuth Client Secret> |
| authorization_endpoint: "https://<Nextcloud Server>/apps/oauth2/authorize" |
| token_endpoint: "https://<Nextcloud Server>/apps/oauth2/api/v1/token" |
| userinfo_endpoint: "https://<Nextcloud Server>/ocs/v2.php/cloud/user?format=json" |
| scopes: [] |
| user_mapping_provider: |
| config: |
| subject_claim: "ocs.data.id" |
| localpart_template: "{{ ocs.data.id }}" |
| display_name_template: "{{ ocs.data.display-name }}" |
# github
# 在 github 创建 OAuth2 Client
阮一峰的网络日志
callback: https://<Synapse Server>/_synapse/client/oidc/callback
# synapse 配置文件 (homeserver.yaml)
| |
| oidc_providers: |
| - idp_id: github |
| idp_name: GitHub |
| idp_brand: "github" |
| discover: false |
| issuer: "https://github.com/" |
| client_id: <OAuth Client ID> |
| client_secret: <OAuth Client Secret> |
| authorization_endpoint: "https://github.com/login/oauth/authorize" |
| token_endpoint: "https://github.com/login/oauth/access_token" |
| userinfo_endpoint: "https://api.github.com/user" |
| scopes: ["read:user"] |
| user_mapping_provider: |
| config: |
| subject_claim: "id" |
| localpart_template: "{{ user.login }}" |
| display_name_template: "{{ user.name }}" |
# 其他
| |
| password_config: |
| enabled: false |
| |
| sso_redirect_options: |
| immediate: false |
| on_welcome_page: true |
OCS 数据结构
| { |
| 'ocs': |
| { |
| 'meta': |
| { |
| 'status': 'ok', |
| 'statuscode': 200, |
| 'message': 'OK' |
| }, |
| 'data': |
| { |
| 'storageLocation': '', |
| 'id': 'youyou', |
| 'lastLogin': 1676870000000, |
| 'backend': 'Database', |
| 'subadmin': ['Guest'], |
| 'quota': |
| { |
| 'free': 0, |
| 'used': 0, |
| 'total': 0, |
| 'relative': 0, |
| 'quota': -3 |
| }, |
| 'avatarScope': 'v2-federated', |
| 'email': '', |
| 'emailScope': 'v2-federated', |
| 'additional_mail': [], |
| 'additional_mailScope': [], |
| 'displaynameScope': 'v2-federated', |
| 'phone': '', |
| 'phoneScope': 'v2-local', |
| 'address': '', |
| 'addressScope': 'v2-local', |
| 'website': '', |
| 'websiteScope': 'v2-published', |
| 'twitter': '', |
| 'twitterScope': 'v2-local', |
| 'organisation': '', |
| 'organisationScope': 'v2-local', |
| 'role': '', |
| 'roleScope': 'v2-local', |
| 'headline': '', |
| 'headlineScope': 'v2-local', |
| 'biography': '', |
| 'biographyScope': 'v2-local', |
| 'profile_enabled': '1', |
| 'profile_enabledScope': 'v2-local', |
| 'groups': [], |
| 'language': 'zh_CN', |
| 'locale': 'zh_Hans_CN', |
| 'notify_email': None, |
| 'backendCapabilities': |
| { |
| 'setDisplayName': True, |
| 'setPassword': True |
| }, |
| 'display-name': '' |
| } |
| } |
| } |
# 参考
联合部署 Mastodon 与 Synapse | 糖菓・部落
