synapse-config/README.md

142 lines
6.7 KiB
Markdown
Raw Normal View History

2024-04-13 16:33:38 +02:00
# 4rs matrix homeserver
This is my personal matrix homeserver. You can clone this repository and run the homeserver with docker-compose.
## Overview
In this repository I use `4rs.nl` (my domain) as an example. You should replace this with your own domain.
After reading this README you should have a `/.well-known/matrix/server` and `/.well-known/matrix/client` file on your domain (4rs.nl) and your matrix subdomain (matrix.4rs.nl). The client will use `matrix.4rs.nl` as the homeserver and the displayed homeserver will be `4rs.nl`.
## Requirements
- docker
- docker-compose
- nginx
## Domain requirements
- Have a `/.well-known/matrix/server` file on your domain that points to your homeserver. This is required for federation to work.
The content of the file should be:
```
{
"m.server": "matrix.4rs.nl:443"
}
```
- Have a `/.well-known/matrix/client` file on your domain that points to your homeserver. This is required for the client to work.
The content of the file should be:
```
{
"m.homeserver": {
"base_url": "https://matrix.4rs.nl"
}
}
```
For me, I created the files in my static blog and then deployed it in GitHub pages. See the [justfile that I use to deploy the files to the domain](https://git.4rs.nl/awiteb/blog/src/branch/master/Justfile#L15-L17). You can use any other method to deploy the files and make them accessible on your domain, as long as they are accessible at `/.well-known/matrix/server` and `/.well-known/matrix/client`.
## Nginx configuration of the matrix subdomain
You should have a nginx configuration for the matrix subdomain at `/etc/nginx/sites-available/matrix.4rs.nl` and symlinked to `/etc/nginx/sites-enabled/matrix.4rs.nl`, Also include it in the `nginx.conf` file with `include /etc/nginx/sites-enabled/*;` (the include is already in the `nginx.conf` file when you install nginx).
You also need to have a certificate for the domain. You can get a free certificate from [Let's Encrypt](https://letsencrypt.org/). You can use [Certbot](https://certbot.eff.org/) to get a certificate. (Generate a certificate for `4rs.nl` and `*.4rs.nl`)
The configuration should look like this (replace `4rs.nl` with your domain)
```
server {
server_name matrix.4rs.nl;
listen 80;
listen [::]:80;
location / {
return 301 https://$server_name$request_uri;
}
}
server {
server_name matrix.4rs.nl;
listen 443 ssl http2;
listen [::]:443 ssl http2;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log warn;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_trusted_certificate /etc/letsencrypt/live/4rs.nl/chain.pem;
ssl_certificate /etc/letsencrypt/live/4rs.nl/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/4rs.nl/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_prefer_server_ciphers off;
ssl_stapling on;
ssl_stapling_verify on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;
ignore_invalid_headers off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_body_timeout 5s;
client_header_timeout 5s;
location /.well-known/matrix/server {
return 200 '{"m.server": "matrix.4rs.nl:443"}';
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
location /.well-known/matrix/client {
return 200 '{"m.homeserver": {"base_url": "https://matrix.4rs.nl}}';
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
location / {
proxy_pass http://localhost:8008;
proxy_set_header X-Forwarded-For $remote_addr;
client_max_body_size 200M;
}
}
```
After you have created the configuration file, reload nginx with `sudo systemctl reload nginx`. You should now be able to access the homeserver at `matrix.4rs.nl`.
Now you end up the Nginx configuration for the matrix subdomain. The next step is to clone this repository and run the homeserver.
## Clone the repository
After you have set up the domain and the nginx configuration, you can clone this repository with `git clone https://4rs.nl/awiteb/synapse-config.git`. You should now have a directory called `synapse-config`.
## Configuration
After you have cloned the repository, replace all `4rs.nl` with your domain also the files in the `./data` directory.
There is tow things only you need to change it, the first one is the secrets in `./data/homeserver.yaml` and the second one is the signing key in `./data/4rs.nl.signing.key`.
### Homeserver.yaml
After replacing all `4rs.nl` with your domain, you need to generate a secret for each secret in the `homeserver.yaml` file. You can generate a secret with `openssl rand -base64 32`. Replace the secret with the generated secret.
### Signing key
> **Note:** You need `signedjson` dependency to generate a signing key. You can install it with `pip3 install signedjson`.
Change the content of the `4rs.nl.signing.key` file with a generated key. You can generate a key with `generate_signing_key` script in root of the repository. Run `python3 generate_signing_key` and replace the content of the `4rs.nl.signing.key` file with the generated key.
## Run the homeserver and create the admin user
After all above steps, you can run the homeserver with `docker-compose up -d`. You should now have a running homeserver on `matrix.4rs.nl`.
Now you need to create an admin user with `docker exec -it synapse register_new_matrix_user http://localhost:8008 -c /data/homeserver.yaml` and follow the instructions. You should now have an admin user on the homeserver and you can login with it on the client using the homeserver `matrix.4rs.nl`. Enjoy your homeserver!
## Backup
> **Note:** You need [`just`](https://just.systems/) to backup the homeserver. You can install it with `cargo install just`.
You can backup the homeserver with `just backup <backup-name>`. And it's will stored as encrypted AES256 7z file.
## Any questions?
If you have any questions, you can contact with me at `@awiteb:4rs.nl` and I will try to help you. Have fun with your homeserver!