mirror of https://github.com/tiyn/wiki
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
431 lines
13 KiB
431 lines
13 KiB
# Matrix
|
|
|
|
[Matrix](https://matrix.org/) is an open network for secure, decentralized
|
|
[communication](/wiki/communication.md).
|
|
|
|
## Setup
|
|
|
|
The matrix server is a complex setup of servers and services.
|
|
Please note that this configuration is a composition of
|
|
[Docker](/wiki/docker.md) images.
|
|
Therefore a shared `docker-compose.yml` file is used.
|
|
This setup guide follows a modified version of the
|
|
[guide by matusnovak](https://gist.github.com/matusnovak/37109e60abe79f4b59fc9fbda10896da).
|
|
Furthermore this guide will assume you already have a
|
|
[traefik v2.4](./traefik.md) instance setup as described in the
|
|
[traefik docker image article](./docker/traefik.md).
|
|
The Matrix server created by this article will be able to use federation, VoIP using the
|
|
[TURN/STUN protocoll from a self-hosted server](#coturn), screen share and video telephony using
|
|
jitsi, [a web client using a self-hosted Element server](#element-web-client) and an
|
|
[administration interface thats also self-hosted](#administration-interface).
|
|
|
|
### DNS Records
|
|
|
|
You will need to create some [DNS](./dns.md) entries in order for synapse to
|
|
function correctly.
|
|
Additionally you will need 2 subdomains (this guide will assume you use the
|
|
domain `example.com` with the subdomains `matrix` and `synapse`).
|
|
|
|
Create the following DNS records.
|
|
|
|
```txt
|
|
example.com. A <ip of your server>
|
|
matrix. A <ip of your server>
|
|
synapse. A <ip of your server>
|
|
_matrix._tcp.matrix. <TTL> class SRV 1 10 443 synapse.example.com
|
|
```
|
|
|
|
### Synapse
|
|
|
|
The docker-image used for the synapse matrix server can be found in the
|
|
[docker-image directory](./docker/matrixdotorg_-_synapse.md).
|
|
Create the `docker-compose.yml` file at a location of your choice (this guide
|
|
will assume and recommend the file lies in a directory called matrix) with the
|
|
following contents.
|
|
|
|
```yml
|
|
version: "3.4"
|
|
|
|
services:
|
|
synapse:
|
|
image: "matrixdotorg/synapse:latest"
|
|
restart: "unless-stopped"
|
|
environment:
|
|
SYNAPSE_CONFIG_DIR: "/data"
|
|
SYNAPSE_CONFIG_PATH: "/data/homeserver.yaml"
|
|
UID: "1000"
|
|
GID: "1000"
|
|
TZ: "Europe/London"
|
|
volumes:
|
|
- synapse:/data
|
|
networks:
|
|
- proxy
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.services.synapse.loadbalancer.server.port=8008"
|
|
- "traefik.http.routers.synapse.rule=Host(`synapse.example.com`)"
|
|
- "traefik.http.routers.synapse.entrypoints=websecure"
|
|
|
|
networks:
|
|
proxy:
|
|
external: true
|
|
|
|
volumes:
|
|
synapse:
|
|
driver: local
|
|
```
|
|
|
|
Now manually create the synapse volume you referenced in this file by running.
|
|
|
|
```txt
|
|
docker volume create matrix_synapse
|
|
```
|
|
|
|
After that you will need to create the basic configuration files for synapse by
|
|
running.
|
|
|
|
```bash
|
|
docker run -it --rm \
|
|
-v matrix_synapse:/data \
|
|
-e SYNAPSE_SERVER_NAME=matrix.example.com \
|
|
-e SYNAPSE_REPORT_STATS=no \
|
|
-e UID=1000 \
|
|
-e GID=1000 \
|
|
matrixdotorg/synapse:latest generate
|
|
```
|
|
|
|
If you want to enable/disable registration go to the `homeserver.yaml`
|
|
and add the following line either set to `true` or `false`.
|
|
|
|
```txt
|
|
enable_registration: true
|
|
```
|
|
|
|
Additionally create the following lines.
|
|
|
|
```
|
|
federation_ip_range_blacklist:
|
|
- '127.0.0.0/8'
|
|
- '10.0.0.0/8'
|
|
- '172.16.0.0/12'
|
|
- '192.168.0.0/16'
|
|
- '100.64.0.0/10'
|
|
- '169.254.0.0/16'
|
|
- '::1/128'
|
|
- 'fe80::/64'
|
|
- 'fc00::/7'
|
|
retention:
|
|
enabled: true
|
|
```
|
|
|
|
If you start the docker container with `docker-compose up` and navigate to
|
|
`https://synapse.example.com` you should be redirected to
|
|
`https://synapse.example.com/_matrix/static` where a success message should be
|
|
given out.
|
|
If this is not the case please check your configuration.
|
|
|
|
Create an admin user in the docker containers shell with the command:
|
|
`register_new_matrix_user -c /data/homeserver.yaml https://synapse.example.com`
|
|
|
|
Finally shut down the container using `docker-compose down` to be able to keep
|
|
following the guide (this applies to any following step).
|
|
|
|
### Nginx
|
|
|
|
The docker-image used for the nginx instance can be found in the
|
|
[docker-image directory](./docker/nginx.md).
|
|
For federation to work properly an nginx container is needed aswell.
|
|
In the directory containing your `docker-compose.yml` create the file
|
|
`data/matrix/nginx/matrix.conf` and fill in the following lines.
|
|
|
|
```txt
|
|
server {
|
|
listen 80 default_server;
|
|
server_name matrix.example.com;
|
|
|
|
# Traefik -> nginx -> synapse
|
|
location /_matrix {
|
|
proxy_pass http://synapse:8008;
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
client_max_body_size 128m;
|
|
}
|
|
|
|
location /.well-known/matrix/ {
|
|
root /var/www/;
|
|
default_type application/json;
|
|
add_header Access-Control-Allow-Origin *;
|
|
}
|
|
}
|
|
```
|
|
|
|
Create the file `data/matrix/nginx/www/.well-known/matrix/client` and set the
|
|
contents as follows.
|
|
|
|
```json
|
|
{
|
|
"m.homeserver": {
|
|
"base_url": "https://matrix.example.com"
|
|
}
|
|
}
|
|
```
|
|
|
|
Create the file `data/matrix/nginx/www/.well-known/matrix/server` and set the
|
|
contents as follows.
|
|
|
|
```json
|
|
{
|
|
"m.server": "synapse.example.com:443"
|
|
}
|
|
```
|
|
|
|
After that add the following lines in the `service` section in your
|
|
`docker-compse.yml`.
|
|
|
|
```yml
|
|
nginx:
|
|
image: "nginx:latest"
|
|
restart: "unless-stopped"
|
|
volumes:
|
|
- "./data/matrix/nginx/matrix.conf:/etc/nginx/conf.d/matrix.conf"
|
|
- ./data/matrix/nginx/www:/var/www/
|
|
networks:
|
|
- proxy
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.services.matrix.loadbalancer.server.port=80"
|
|
- "traefik.http.routers.martix.rule=Host(`matrix.example.com`)"
|
|
- "traefik.http.routers.matrix.entrypoints=websecure"
|
|
|
|
```
|
|
|
|
Now start the container again and navigate to
|
|
`https://matrix.example.com/.well-known/matrix/client` which should give you
|
|
back something like: `"base_url": "https://matrix.example.com"`.
|
|
If you navigate to `https://matrix.example.com/.well-known/matrix/server` you
|
|
should see: `"m.server": "synapse.example.com:443"`.
|
|
If you navigate to `https://matrix.example.com/_matrix/static/` you should see
|
|
the same page as shown at `https://synapse.example.com/_matrix/static/`.
|
|
|
|
If that works you can try to visit `https://federationtester.matrix.org/` to
|
|
check if your federation is working properly.
|
|
Your servername is `matrix.example.com` (do not include `https://`).
|
|
You should see a green sign that indicates success.
|
|
|
|
If one of these does not work (but synapse works) your nginx configuration is
|
|
not correctly set up.
|
|
|
|
### Element Web Client
|
|
|
|
The docker-image used for the web client can be found in the
|
|
[docker-image directory](./docker/vectorim_-_riot-web.md).
|
|
This section will add a self hosted Matrix web client in form of `Element`
|
|
(which was previously called `riot`).
|
|
|
|
First you will need to create another DNS record.
|
|
|
|
```txt
|
|
chat. A <ip of your server>
|
|
```
|
|
|
|
In the directory containing your `docker-compose.yml` file create the file
|
|
`data/matrix/element/config.json` with the contents as follows.
|
|
|
|
```json
|
|
{
|
|
"default_server_config": {
|
|
"m.homeserver": {
|
|
"base_url": "https://matrix.example.com",
|
|
"server_name": "matrix.example.com"
|
|
},
|
|
"m.identity_server": {
|
|
"base_url": "https://vector.im"
|
|
}
|
|
},
|
|
"disable_custom_urls": false,
|
|
"disable_guests": false,
|
|
"disable_login_language_selector": false,
|
|
"disable_3pid_login": false,
|
|
"brand": "Element",
|
|
"integrations_ui_url": "https://scalar.vector.im/",
|
|
"integrations_rest_url": "https://scalar.vector.im/api",
|
|
"integrations_widgets_urls": [
|
|
"https://scalar.vector.im/_matrix/integrations/v1",
|
|
"https://scalar.vector.im/api",
|
|
"https://scalar-staging.vector.im/_matrix/integrations/v1",
|
|
"https://scalar-staging.vector.im/api",
|
|
"https://scalar-staging.riot.im/scalar/api"
|
|
],
|
|
"bug_report_endpoint_url": "https://riot.im/bugreports/submit",
|
|
"defaultCountryCode": "GB",
|
|
"showLabsSettings": false,
|
|
"features": {
|
|
"feature_new_spinner": "labs",
|
|
"feature_pinning": "labs",
|
|
"feature_custom_status": "labs",
|
|
"feature_custom_tags": "labs",
|
|
"feature_state_counters": "labs"
|
|
},
|
|
"default_federate": true,
|
|
"default_theme": "light",
|
|
"roomDirectory": {
|
|
"servers": [
|
|
"matrix.org"
|
|
]
|
|
},
|
|
"welcomeUserId": "@riot-bot:matrix.org",
|
|
"piwik": {
|
|
"url": "https://piwik.riot.im/",
|
|
"whitelistedHSUrls": [
|
|
"https://matrix.org"
|
|
],
|
|
"whitelistedISUrls": [
|
|
"https://vector.im",
|
|
"https://matrix.org"
|
|
],
|
|
"siteId": 1
|
|
},
|
|
"enable_presence_by_hs_url": {
|
|
"https://matrix.org": false,
|
|
"https://matrix-client.matrix.org": false
|
|
},
|
|
"settingDefaults": {
|
|
"breadcrumbs": true
|
|
},
|
|
"jitsi": {
|
|
"preferredDomain": "jitsi.riot.im"
|
|
}
|
|
}
|
|
```
|
|
|
|
After that add the following lines to your `docker-compose.yml` in the `service`
|
|
section.
|
|
|
|
```yml
|
|
element:
|
|
image: vectorim/riot-web:latest
|
|
restart: unless-stopped
|
|
volumes:
|
|
- "./data/matrix/element/config.json:/app/config.json:ro"
|
|
networks:
|
|
- proxy
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.element-secure.entrypoints=websecure"
|
|
- "traefik.http.routers.element-secure.rule=Host(`chat.example.com`)"
|
|
- "traefik.http.routers.element-secure.service=element"
|
|
- "traefik.http.services.element.loadbalancer.server.port=80"
|
|
```
|
|
|
|
Add the following line to the `homeserver.yaml` of the synapse server to
|
|
indicate your element domain.
|
|
|
|
```txt
|
|
web_client_location: https://chat.example.com
|
|
```
|
|
|
|
Start the container.
|
|
You should now be able to navigate to `https://chat.example.com` where you are
|
|
prompted with a log in window.
|
|
If you already created an account you should be able to log in.
|
|
If any of that is not working there is something wrong with your configuration.
|
|
|
|
### Administration Interface
|
|
|
|
The docker-image used for the administration interface can be found in the
|
|
[docker-image directory](./docker/awesometechnologies_-_synapse-admin.md).
|
|
This section will add a self hosted Matrix administration interface.
|
|
This is especially useful if you have `enable_registration` set to `false`
|
|
because you can dynamically create and administrate users and rooms.
|
|
|
|
First you will need to create another DNS record.
|
|
|
|
```txt
|
|
matrixadmin. A <ip of your server>
|
|
```
|
|
|
|
Add the following lines in the `service` section to your `docker-compose.yml`.
|
|
|
|
```yml
|
|
synapse-admin:
|
|
image: awesometechnologies/synapse-admin:latest
|
|
restart: unless-stopped
|
|
networks:
|
|
- proxy
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.synapse-admin-secure.entrypoints=websecure"
|
|
- "traefik.http.routers.synapse-admin-secure.rule=Host(`matrixadmin.example.com`)"
|
|
- "traefik.http.routers.synapse-admin-secure.service=synapse-admin"
|
|
- "traefik.http.services.synapse-admin.loadbalancer.server.port=80"
|
|
```
|
|
|
|
Start the container.
|
|
After that you should be able to navigate to `https://matrixadmin.example.com`
|
|
and log into the interface with your administration account.
|
|
Your `Homeserver URL` in that case is `https://synapse.example.com`.
|
|
|
|
### Coturn
|
|
|
|
The docker-image used for the TURN/STUN Server can be found in the
|
|
[docker-image directory](./docker/coturn_-_coturn.md).
|
|
This section will add a self hosted TURN/STUN VoIP server.
|
|
|
|
In the directory containing your `docker-compose.yml` create the file
|
|
`data/matrix/coturn/turnserver.conf` and fill in the following lines.
|
|
|
|
```txt
|
|
use-auth-secret
|
|
static-auth-secret=SomeSecretPasswordForMatrix
|
|
realm=matrix.example.com
|
|
listening-port=3478
|
|
tls-listening-port=5349
|
|
min-port=49160
|
|
max-port=49200
|
|
verbose
|
|
allow-loopback-peers
|
|
cli-password=SomePasswordForCLI
|
|
external-ip=192.168.0.2/123.123.123.123
|
|
```
|
|
|
|
Make sure to change the values for `static-auth-secret`, `realm`, `cli-password` and `external-ip`.
|
|
For the passwords [OpenSSL](/wiki/linux/openssl.md#password-generator) can be used to create a
|
|
sufficiently random password.
|
|
The value of `external-ip` consists of the local IP (left side) and the public IP (right side).
|
|
To get the local IP the command `ip route get 1` can be used.
|
|
For the public IP the command `curl api.ipify.org` can be used.
|
|
|
|
Then navigate to the `homeserver.yaml` inside the [Synapse volume](#synapse).
|
|
Add the following lines.
|
|
|
|
```txt
|
|
turn_uris:
|
|
- "turn:matrix.example.com:3478?transport=udp"
|
|
- "turn:matrix.example.com:3478?transport=tcp"
|
|
- "turns:matrix.example.com:3478?transport=udp"
|
|
- "turns:matrix.example.com:3478?transport=tcp"
|
|
|
|
turn_shared_secret: "SomeSecretPasswordForMatrix"
|
|
turn_user_lifetime: 86400000
|
|
turn_allow_guests: True
|
|
```
|
|
|
|
Change `matrix.example.com` to match the value of `realm` in `data/matrix/coturn/turnserver.conf`.
|
|
Do the same for `turn_shared_secret` with the value of `static-auth-secret` in
|
|
`data/matrix/coturn/turnserver.conf`.
|
|
|
|
Finally add the following lines in the `service` section to your `docker-compose.yml`.
|
|
|
|
```yml
|
|
coturn:
|
|
image: "instrumentisto/coturn:latest"
|
|
restart: "unless-stopped"
|
|
volumes:
|
|
- "./data/matrix/coturn/turnserver.conf:/etc/coturn/turnserver.conf"
|
|
ports:
|
|
- "49160-49200:49160-49200/udp"
|
|
- "3478:3478"
|
|
- "5349:5349"
|
|
```
|
|
|
|
Afterwards if not done already restart the Matrix server and all its services.
|