Difference between revisions of "Matrix"
(3 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | The IRC of the future! | + | The IRC of the future! Here is how to install it for a domain, assuming Debian or Ubuntu. |
− | == | + | == DNS == |
− | Create a 'matrix' subdomain A record for the domain, e.g. | + | Create a 'matrix' subdomain A record for the domain, e.g. matrix.'''example.com'''. There are SRV records you can set up for clients to figure out federation, but it's easier to use well-known URLs instead (see below). |
− | + | == Install Synapse == | |
− | |||
− | |||
− | + | Synapse is the Matrix server, which is a Python 3 daemon using the Twisted libraries. Add the upstream apt repositories: | |
− | + | ||
− | + | apt install -y apt-transport-https | |
+ | wget -O /etc/apt/trusted.gpg.d/matrix-org-archive-keyring.gpg \ | ||
<nowiki>https://</nowiki>packages.matrix.org/debian/matrix-org-archive-keyring.gpg | <nowiki>https://</nowiki>packages.matrix.org/debian/matrix-org-archive-keyring.gpg | ||
− | echo "deb | + | echo "deb <nowiki>https://</nowiki>packages.matrix.org/debian/ $(lsb_release -cs) main" \ |
− | + | > /etc/apt/sources.list.d/matrix-org.list | |
− | + | apt update | |
− | + | apt install matrix-synapse-py3 | |
+ | |||
+ | == Web configuration == | ||
+ | |||
+ | There are two steps to this. | ||
+ | |||
+ | === Well-known URLs === | ||
+ | |||
+ | This step is not required if DNS SRV records are used instead. Add two .well-known URLs to the root domain's web, which need to return JSON content. In the <tt>.well-known/matrix</tt> directory, create a file called "server" with: | ||
+ | {"m.server": "matrix.'''example.com''':443"} | ||
+ | |||
+ | and a file called "client" with: | ||
+ | {"m.homeserver": {"base_url": "<nowiki>https://</nowiki>matrix.'''example.com'''"}} | ||
+ | |||
+ | Then amend the web config to add these headers: | ||
+ | <VirtualHost *:443> | ||
+ | ServerName '''example.com''' | ||
+ | SSLEngine on | ||
+ | ''# ...'' | ||
+ | <Directory "/path/to/www/.wellknown/matrix"> | ||
+ | Header set Content-Type "application/json" | ||
+ | Header set Access-Control-Allow-Origin "*" | ||
+ | </Directory> | ||
+ | </VirtualHost> | ||
+ | |||
+ | === Reverse Proxy === | ||
+ | |||
+ | Second, Point Apache or nginx at it as a reverse proxy to localhost:8008 and configure for SSL on port 443. | ||
+ | <VirtualHost *:443> | ||
+ | ServerName matrix.'''example.com''' | ||
+ | SSLEngine on | ||
+ | ''# ...'' | ||
+ | AllowEncodedSlashes NoDecode | ||
+ | ProxyPass /_matrix <nowiki>http://</nowiki>localhost:8008/_matrix nocanon | ||
+ | ProxyPassReverse /_matrix <nowiki>http://</nowiki>localhost:8008/_matrix | ||
+ | ProxyPass /_synapse/client <nowiki>http://</nowiki>localhost:8008/_synapse/client nocanon | ||
+ | ProxyPassReverse /_synapse/client <nowiki>http://</nowiki>localhost:8008/_synapse/client | ||
+ | </VirtualHost> | ||
+ | |||
+ | == Database == | ||
+ | |||
+ | Synapse can use SQLite, but it's best to use [[PostgreSQL]] in production. Create a user and empty database on PostgreSQL. For some (possibly dumb) reason, Synapse requires old C style collation, which means we have to use template0: | ||
+ | |||
+ | createuser -SDRP ''<dbuser>'' | ||
+ | createdb -T template0 --lc-ctype=C --lc-collate=C -E UTF-8 -O ''<dbuser> <dbname>'' | ||
− | + | == Configuration == | |
− | + | Edit <tt>/etc/matrix-synapse/homeserver.yaml</tt> to configure URL, database and SMTP server details: | |
− | + | ''# Protect the configuration directory: chmod 700 /etc/matrix-synapse'' | |
+ | public_baseurl: <nowiki>https://</nowiki>matrix.'''example.com'''/ | ||
+ | database: | ||
+ | name: psycopg2 | ||
+ | args: | ||
+ | user: ''<dbuser>'' | ||
+ | password: ''<password>'' | ||
+ | database: ''<dbname>'' | ||
+ | host: ''<dbhost>'' | ||
+ | cp_min: 5 | ||
+ | cp_max: 10 | ||
+ | ''# Generate secret strings with something like: pwgen -s 34 1'' | ||
+ | registration_shared_secret: ''<a long random string>'' | ||
+ | macaroon_secret_key: ''<a different long random string>'' | ||
+ | suppress_key_server_warning: true | ||
+ | email: | ||
+ | smtp_host: mail.'''example.com''' | ||
+ | smtp_port: 25 | ||
+ | smtp_user: ''<user>'' | ||
+ | smtp_pass: ''<password>'' | ||
+ | require_transport_security: true | ||
+ | notif_from: "Matrix Server at '''example.com''' <noreply-matrix@'''example.com'''>" | ||
− | + | == Registering new users == | |
The Debian package disables online user registration by default; use the <tt>register_new_matrix_user</tt> command from the cli, or enable it in the configuration. Set the <tt>registration_shared_secret</tt> to something long, and use: | The Debian package disables online user registration by default; use the <tt>register_new_matrix_user</tt> command from the cli, or enable it in the configuration. Set the <tt>registration_shared_secret</tt> to something long, and use: | ||
− | register_new_matrix_user -u <username> -c /etc/matrix-synapse/homeserver.yaml <nowiki>https://</nowiki>matrix.'''example.com''' | + | register_new_matrix_user -u ''<username>'' -c /etc/matrix-synapse/homeserver.yaml <nowiki>https://</nowiki>matrix.'''example.com''' |
== References == | == References == | ||
* Matrix.org documentation, [https://matrix.org/docs/guides/installing-synapse "Installing Synapse"] | * Matrix.org documentation, [https://matrix.org/docs/guides/installing-synapse "Installing Synapse"] |
Latest revision as of 21:41, 24 February 2022
The IRC of the future! Here is how to install it for a domain, assuming Debian or Ubuntu.
DNS
Create a 'matrix' subdomain A record for the domain, e.g. matrix.example.com. There are SRV records you can set up for clients to figure out federation, but it's easier to use well-known URLs instead (see below).
Install Synapse
Synapse is the Matrix server, which is a Python 3 daemon using the Twisted libraries. Add the upstream apt repositories:
apt install -y apt-transport-https wget -O /etc/apt/trusted.gpg.d/matrix-org-archive-keyring.gpg \ https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg echo "deb https://packages.matrix.org/debian/ $(lsb_release -cs) main" \ > /etc/apt/sources.list.d/matrix-org.list apt update apt install matrix-synapse-py3
Web configuration
There are two steps to this.
Well-known URLs
This step is not required if DNS SRV records are used instead. Add two .well-known URLs to the root domain's web, which need to return JSON content. In the .well-known/matrix directory, create a file called "server" with:
{"m.server": "matrix.example.com:443"}
and a file called "client" with:
{"m.homeserver": {"base_url": "https://matrix.example.com"}}
Then amend the web config to add these headers:
<VirtualHost *:443> ServerName example.com SSLEngine on # ... <Directory "/path/to/www/.wellknown/matrix"> Header set Content-Type "application/json" Header set Access-Control-Allow-Origin "*" </Directory> </VirtualHost>
Reverse Proxy
Second, Point Apache or nginx at it as a reverse proxy to localhost:8008 and configure for SSL on port 443.
<VirtualHost *:443> ServerName matrix.example.com SSLEngine on # ... AllowEncodedSlashes NoDecode ProxyPass /_matrix http://localhost:8008/_matrix nocanon ProxyPassReverse /_matrix http://localhost:8008/_matrix ProxyPass /_synapse/client http://localhost:8008/_synapse/client nocanon ProxyPassReverse /_synapse/client http://localhost:8008/_synapse/client </VirtualHost>
Database
Synapse can use SQLite, but it's best to use PostgreSQL in production. Create a user and empty database on PostgreSQL. For some (possibly dumb) reason, Synapse requires old C style collation, which means we have to use template0:
createuser -SDRP <dbuser> createdb -T template0 --lc-ctype=C --lc-collate=C -E UTF-8 -O <dbuser> <dbname>
Configuration
Edit /etc/matrix-synapse/homeserver.yaml to configure URL, database and SMTP server details:
# Protect the configuration directory: chmod 700 /etc/matrix-synapse public_baseurl: https://matrix.example.com/ database: name: psycopg2 args: user: <dbuser> password: <password> database: <dbname> host: <dbhost> cp_min: 5 cp_max: 10 # Generate secret strings with something like: pwgen -s 34 1 registration_shared_secret: <a long random string> macaroon_secret_key: <a different long random string> suppress_key_server_warning: true email: smtp_host: mail.example.com smtp_port: 25 smtp_user: <user> smtp_pass: <password> require_transport_security: true notif_from: "Matrix Server at example.com <noreply-matrix@example.com>"
Registering new users
The Debian package disables online user registration by default; use the register_new_matrix_user command from the cli, or enable it in the configuration. Set the registration_shared_secret to something long, and use:
register_new_matrix_user -u <username> -c /etc/matrix-synapse/homeserver.yaml https://matrix.example.com
References
- Matrix.org documentation, "Installing Synapse"