deploy: 586b82e580

2025-06-04 20:46:22 +00:00
parent 6b8782201c
commit fe70b72edc
4 changed files with 10 additions and 10 deletions
--- a/develop/reverse_proxy.html
+++ b/develop/reverse_proxy.html
@@ -165,10 +165,10 @@
 <a href="https://httpd.apache.org/docs/current/mod/mod_proxy_http.html">Apache</a>,
 <a href="https://caddyserver.com/docs/quick-starts/reverse-proxy">Caddy</a>,
 <a href="https://www.haproxy.org/">HAProxy</a> or
-<a href="https://man.openbsd.org/relayd.8">relayd</a> in front of Synapse. One advantage
-of doing so is that it means that you can expose the default https port
-(443) to Matrix clients without needing to run Synapse with root
-privileges.</p>
+<a href="https://man.openbsd.org/relayd.8">relayd</a> in front of Synapse.
+This has the advantage of being able to expose the default HTTPS port (443) to Matrix
+clients without requiring Synapse to bind to a privileged port (port numbers less than
+1024), avoiding the need for <code>CAP_NET_BIND_SERVICE</code> or running as root.</p>
 <p>You should configure your reverse proxy to forward requests to <code>/_matrix</code> or
 <code>/_synapse/client</code> to Synapse, and have it set the <code>X-Forwarded-For</code> and
 <code>X-Forwarded-Proto</code> request headers.</p>