diff --git a/conduwuit-example.toml b/conduwuit-example.toml index 446375b81..e179ce302 100644 --- a/conduwuit-example.toml +++ b/conduwuit-example.toml @@ -105,7 +105,7 @@ # # This defaults to 128.0 + (64.0 * CPU core count) # -#db_cache_capacity_mb = +#db_cache_capacity_mb = varies by system # Option to control adding arbitrary text to the end of the user's # displayname upon registration with a space before the text. This was the @@ -114,9 +114,9 @@ # # The default is the trans pride flag. # -# example: "🏳️⚧️" +# example: "🏳️‍⚧️" # -#new_user_displayname_suffix = "🏳️⚧️" +#new_user_displayname_suffix = "🏳️‍⚧️" # If enabled, conduwuit will send a simple GET request periodically to # `https://pupbrain.dev/check-for-updates/stable` for any new @@ -132,8 +132,7 @@ # with such as "auth_chain_cache_capacity". # # May be useful if you have significant memory to spare to increase -# performance. This was previously called -# `conduit_cache_capacity_modifier`. +# performance. # # If you have low memory, reducing this may be viable. # @@ -204,9 +203,7 @@ # longer running Matrix). Only decrease this if you are using an external # DNS cache. # -# default_dns_min_ttl: 259200 -# -#dns_min_ttl = +#dns_min_ttl = 10800 # Minimum time-to-live in seconds for NXDOMAIN entries in the DNS cache. # This value is critical for the server to federate efficiently. @@ -217,7 +214,7 @@ # #dns_min_ttl_nxdomain = 259200 -# Number of retries after a timeout. +# Number of DNS nameserver retries after a timeout or error. # #dns_attempts = 10 @@ -547,7 +544,7 @@ # Currently, conduwuit doesn't support inbound batched key requests, so # this list should only contain other Synapse servers # -# example: ["matrix.org", "constellatory.net", "tchncs.de"] +# example: ["matrix.org", "envs.net", "constellatory.net", "tchncs.de"] # #trusted_servers = ["matrix.org"] @@ -689,14 +686,14 @@ # room invites) are ignored here. # # Defaults to false as rooms can be banned for non-moderation-related -# reasons +# reasons and this performs a full user deactivation # #auto_deactivate_banned_room_attempts = false # RocksDB log level. This is not the same as conduwuit's log level. This # is the log level for the RocksDB engine/library which show up in your # database folder/path as `LOG` files. conduwuit will log RocksDB errors -# as normal through tracing. +# as normal through tracing or panics if severe for safety. # #rocksdb_log_level = "error" @@ -745,7 +742,7 @@ # operatons such as cleanup, sync, flush, compaction, etc. Set to 0 to use # all your logical threads. Defaults to your CPU logical thread count. # -#rocksdb_parallelism_threads = 0 +#rocksdb_parallelism_threads = varies by system # Maximum number of LOG files RocksDB will keep. This must *not* be set to # 0. It must be at least 1. Defaults to 3 as these are not very useful @@ -833,6 +830,14 @@ # #rocksdb_recovery_mode = 1 +# Enables or disables paranoid SST file checks. This can improve RocksDB +# database consistency at a potential performance impact due to further +# safety checks ran. +# +# See https://github.com/facebook/rocksdb/wiki/Online-Verification#columnfamilyoptionsparanoid_file_checks for more information. +# +#rocksdb_paranoid_file_checks = false + # Database repair mode (for RocksDB SST corruption) # # Use this option when the server reports corruption while running or @@ -1119,12 +1124,14 @@ # # To disable, set this to be an empty vector (`[]`). # +# Defaults to: +# ["127.0.0.0/8", "10.0.0.0/8", "172.16.0.0/12", # "192.168.0.0/16", "100.64.0.0/10", "192.0.0.0/24", "169.254.0.0/16", # "192.88.99.0/24", "198.18.0.0/15", "192.0.2.0/24", "198.51.100.0/24", # "203.0.113.0/24", "224.0.0.0/4", "::1/128", "fe80::/10", "fc00::/7", # "2001:db8::/32", "ff00::/8", "fec0::/10"] # -#ip_range_denylist = ["127.0.0.0/8", "10.0.0.0/8", "172.16.0.0/12", +#ip_range_denylist = # Optional IP address or network interface-name to bind as the source of # URL preview requests. If not set, it will not bind to a specific @@ -1181,9 +1188,9 @@ #url_preview_url_contains_allowlist = [] # Maximum amount of bytes allowed in a URL preview body size when -# spidering. Defaults to 384KB in bytes. +# spidering. Defaults to 256KB in bytes. # -#url_preview_max_spider_size = 384000 +#url_preview_max_spider_size = 256000 # Option to decide whether you would like to run the domain allowlist # checks (contains and explicit) on the root domain or not. Does not apply @@ -1302,7 +1309,7 @@ # Sentry.io crash/panic reporting, performance monitoring/metrics, etc. # This is NOT enabled by default. conduwuit's default Sentry reporting -# endpoint is o4506996327251968.ingest.us.sentry.io +# endpoint domain is o4506996327251968.ingest.us.sentry.io # #sentry = false diff --git a/src/core/config/check.rs b/src/core/config/check.rs index c75fb31ea..b8415281b 100644 --- a/src/core/config/check.rs +++ b/src/core/config/check.rs @@ -20,10 +20,7 @@ pub fn check(config: &Config) -> Result<()> { } if cfg!(all(feature = "hardened_malloc", feature = "jemalloc")) { - warn!( - "hardened_malloc and jemalloc are both enabled, this causes jemalloc to be used. If using --all-features, \ - this is harmless." - ); + info!("hardened_malloc and jemalloc compile-time features are both enabled, this causes jemalloc to be used."); } if cfg!(not(unix)) && config.unix_socket_path.is_some() { @@ -34,7 +31,15 @@ pub fn check(config: &Config) -> Result<()> { )); } - if cfg!(unix) && config.unix_socket_path.is_none() { + if config.unix_socket_path.is_none() && config.get_bind_hosts().is_empty() { + return Err!(Config("address", "No TCP addresses were specified to listen on")); + } + + if config.unix_socket_path.is_none() && config.get_bind_ports().is_empty() { + return Err!(Config("port", "No ports were specified to listen on")); + } + + if config.unix_socket_path.is_none() { config.get_bind_addrs().iter().for_each(|addr| { use std::path::Path; @@ -50,18 +55,14 @@ pub fn check(config: &Config) -> Result<()> { host and guest, this will NOT work. Please change this to \"0.0.0.0\". If this is expected, \ you can ignore.", ); - } - - if Path::new("/.dockerenv").exists() { + } else if Path::new("/.dockerenv").exists() { error!( "You are detected using Docker with a loopback/localhost listening address of {addr}. If you \ are using a reverse proxy on the host and require communication to conduwuit in the Docker \ container via NAT-based networking, this will NOT work. Please change this to \"0.0.0.0\". \ If this is expected, you can ignore.", ); - } - - if Path::new("/run/.containerenv").exists() { + } else if Path::new("/run/.containerenv").exists() { error!( "You are detected using Podman with a loopback/localhost listening address of {addr}. If you \ are using a reverse proxy on the host and require communication to conduwuit in the Podman \ @@ -89,6 +90,13 @@ pub fn check(config: &Config) -> Result<()> { )); } + if config.emergency_password == Some(String::from("F670$2CP@Hw8mG7RY1$%!#Ic7YA")) { + return Err!(Config( + "emergency_password", + "The public example emergency password is being used, this is insecure. Please change this." + )); + } + // check if the user specified a registration token as `""` if config.registration_token == Some(String::new()) { return Err!(Config( @@ -113,17 +121,20 @@ pub fn check(config: &Config) -> Result<()> { )); } - if config.max_request_size < 5_120_000 { + if config.max_request_size < 10_000_000 { return Err!(Config( "max_request_size", - "Max request size is less than 5MB. Please increase it." + "Max request size is less than 10MB. Please increase it as this is too low for operable federation." )); } // check if user specified valid IP CIDR ranges on startup for cidr in &config.ip_range_denylist { if let Err(e) = ipaddress::IPAddress::parse(cidr) { - return Err!(Config("ip_range_denylist", "Parsing specified IP CIDR range from string: {e}.")); + return Err!(Config( + "ip_range_denylist", + "Parsing specified IP CIDR range from string failed: {e}." + )); } } @@ -135,10 +146,10 @@ pub fn check(config: &Config) -> Result<()> { return Err!(Config( "registration_token", "!! You have `allow_registration` enabled without a token configured in your config which means you are \ - allowing ANYONE to register on your conduwuit instance without any 2nd-step (e.g. registration token).\n -If this is not the intended behaviour, please set a registration token.\n -For security and safety reasons, conduwuit will shut down. If you are extra sure this is the desired behaviour you \ - want, please set the following config option to true: + allowing ANYONE to register on your conduwuit instance without any 2nd-step (e.g. registration token). \ + If this is not the intended behaviour, please set a registration token. For security and safety reasons, \ + conduwuit will shut down. If you are extra sure this is the desired behaviour you want, please set the \ + following config option to true: `yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse`" )); } @@ -151,15 +162,16 @@ For security and safety reasons, conduwuit will shut down. If you are extra sure warn!( "Open registration is enabled via setting \ `yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse` and `allow_registration` to \ - true without a registration token configured. You are expected to be aware of the risks now.\n - If this is not the desired behaviour, please set a registration token." + true without a registration token configured. You are expected to be aware of the risks now. If this is \ + not the desired behaviour, please set a registration token." ); } if config.allow_outgoing_presence && !config.allow_local_presence { return Err!(Config( "allow_local_presence", - "Outgoing presence requires allowing local presence. Please enable 'allow_local_presence'." + "Outgoing presence requires allowing local presence. Please enable 'allow_local_presence' or disable \ + outgoing presence." )); } diff --git a/src/core/config/mod.rs b/src/core/config/mod.rs index 0e25b197b..413aa7f4c 100644 --- a/src/core/config/mod.rs +++ b/src/core/config/mod.rs @@ -141,6 +141,8 @@ pub struct Config { /// core count. /// /// This defaults to 128.0 + (64.0 * CPU core count) + /// + /// default: varies by system #[serde(default = "default_db_cache_capacity_mb")] pub db_cache_capacity_mb: f64, @@ -151,9 +153,9 @@ pub struct Config { /// /// The default is the trans pride flag. /// - /// example: "🏳️⚧️" + /// example: "🏳️‍⚧️" /// - /// default: "🏳️⚧️" + /// default: "🏳️‍⚧️" #[serde(default = "default_new_user_displayname_suffix")] pub new_user_displayname_suffix: String, @@ -164,15 +166,14 @@ pub struct Config { /// /// This is disabled by default as this is rarely used except for security /// updates or major updates. - #[serde(default)] + #[serde(default, alias = "allow_announcements_check")] pub allow_check_for_updates: bool, /// Set this to any float value to multiply conduwuit's in-memory LRU caches /// with such as "auth_chain_cache_capacity". /// /// May be useful if you have significant memory to spare to increase - /// performance. This was previously called - /// `conduit_cache_capacity_modifier`. + /// performance. /// /// If you have low memory, reducing this may be viable. /// @@ -247,7 +248,7 @@ pub struct Config { /// longer running Matrix). Only decrease this if you are using an external /// DNS cache. /// - /// default_dns_min_ttl: 259200 + /// default: 10800 #[serde(default = "default_dns_min_ttl")] pub dns_min_ttl: u64, @@ -262,7 +263,7 @@ pub struct Config { #[serde(default = "default_dns_min_ttl_nxdomain")] pub dns_min_ttl_nxdomain: u64, - /// Number of retries after a timeout. + /// Number of DNS nameserver retries after a timeout or error. /// /// default: 10 #[serde(default = "default_dns_attempts")] @@ -633,7 +634,7 @@ pub struct Config { /// Currently, conduwuit doesn't support inbound batched key requests, so /// this list should only contain other Synapse servers /// - /// example: ["matrix.org", "constellatory.net", "tchncs.de"] + /// example: ["matrix.org", "envs.net", "constellatory.net", "tchncs.de"] /// /// default: ["matrix.org"] #[serde(default = "default_trusted_servers")] @@ -794,14 +795,14 @@ pub struct Config { /// room invites) are ignored here. /// /// Defaults to false as rooms can be banned for non-moderation-related - /// reasons + /// reasons and this performs a full user deactivation #[serde(default)] pub auto_deactivate_banned_room_attempts: bool, /// RocksDB log level. This is not the same as conduwuit's log level. This /// is the log level for the RocksDB engine/library which show up in your /// database folder/path as `LOG` files. conduwuit will log RocksDB errors - /// as normal through tracing. + /// as normal through tracing or panics if severe for safety. /// /// default: "error" #[serde(default = "default_rocksdb_log_level")] @@ -855,7 +856,7 @@ pub struct Config { /// operatons such as cleanup, sync, flush, compaction, etc. Set to 0 to use /// all your logical threads. Defaults to your CPU logical thread count. /// - /// default: 0 + /// default: varies by system #[serde(default = "default_rocksdb_parallelism_threads")] pub rocksdb_parallelism_threads: usize, @@ -955,6 +956,14 @@ pub struct Config { #[serde(default = "default_rocksdb_recovery_mode")] pub rocksdb_recovery_mode: u8, + /// Enables or disables paranoid SST file checks. This can improve RocksDB + /// database consistency at a potential performance impact due to further + /// safety checks ran. + /// + /// See https://github.com/facebook/rocksdb/wiki/Online-Verification#columnfamilyoptionsparanoid_file_checks for more information. + #[serde(default)] + pub rocksdb_paranoid_file_checks: bool, + /// Database repair mode (for RocksDB SST corruption) /// /// Use this option when the server reports corruption while running or @@ -1255,7 +1264,8 @@ pub struct Config { /// /// To disable, set this to be an empty vector (`[]`). /// - /// default: ["127.0.0.0/8", "10.0.0.0/8", "172.16.0.0/12", + /// Defaults to: + /// ["127.0.0.0/8", "10.0.0.0/8", "172.16.0.0/12", /// "192.168.0.0/16", "100.64.0.0/10", "192.0.0.0/24", "169.254.0.0/16", /// "192.88.99.0/24", "198.18.0.0/15", "192.0.2.0/24", "198.51.100.0/24", /// "203.0.113.0/24", "224.0.0.0/4", "::1/128", "fe80::/10", "fc00::/7", @@ -1328,9 +1338,9 @@ pub struct Config { pub url_preview_url_contains_allowlist: Vec, /// Maximum amount of bytes allowed in a URL preview body size when - /// spidering. Defaults to 384KB in bytes. + /// spidering. Defaults to 256KB in bytes. /// - /// default: 384000 + /// default: 256000 #[serde(default = "default_url_preview_max_spider_size")] pub url_preview_max_spider_size: usize, @@ -1465,7 +1475,7 @@ pub struct Config { /// Sentry.io crash/panic reporting, performance monitoring/metrics, etc. /// This is NOT enabled by default. conduwuit's default Sentry reporting - /// endpoint is o4506996327251968.ingest.us.sentry.io + /// endpoint domain is o4506996327251968.ingest.us.sentry.io #[serde(default)] pub sentry: bool, @@ -1532,12 +1542,14 @@ pub struct Config { /// specifically the queue-depth or the number of simultaneous requests in /// flight. Defaults to 32 or four times the number of CPU cores, whichever /// is greater. + /// /// default: 32 #[serde(default = "default_db_pool_workers")] pub db_pool_workers: usize, /// Size of the queue feeding the database's frontend-pool. Defaults to 256 /// or eight times the number of CPU cores, whichever is greater. + /// /// default: 256 #[serde(default = "default_db_pool_queue_size")] pub db_pool_queue_size: usize, @@ -2282,7 +2294,7 @@ fn default_ip_range_denylist() -> Vec { } fn default_url_preview_max_spider_size() -> usize { - 384_000 // 384KB + 256_000 // 256KB } fn default_new_user_displayname_suffix() -> String { "🏳️‍⚧️".to_owned() } diff --git a/src/database/opts.rs b/src/database/opts.rs index f1b4d3a9d..d0ae618c6 100644 --- a/src/database/opts.rs +++ b/src/database/opts.rs @@ -95,6 +95,8 @@ pub(crate) fn db_options(config: &Config, env: &mut Env, row_cache: &Cache, col_ 4_u8..=u8::MAX => unimplemented!(), }); + opts.set_paranoid_checks(config.rocksdb_paranoid_file_checks); + opts.set_env(env); Ok(opts) }