synapse-config/README.md

# 4rs matrix homeserver

This is my personal matrix homeserver. You can clone this repository and run the homeserver with docker-compose.

## Overview
In this repository I use `4rs.nl` (my domain) as an example. You should replace this with your own domain.
After reading this README you should have a `/.well-known/matrix/server` and `/.well-known/matrix/client` file on your domain (4rs.nl) and your matrix subdomain (matrix.4rs.nl). The client will use `matrix.4rs.nl` as the homeserver and the displayed homeserver will be `4rs.nl`.

## Requirements
- docker
- docker-compose
- nginx

## Domain requirements
- Have a `/.well-known/matrix/server` file on your domain that points to your homeserver. This is required for federation to work.
The content of the file should be:
```
{
    "m.server": "matrix.4rs.nl:443"
}
```
- Have a `/.well-known/matrix/client` file on your domain that points to your homeserver. This is required for the client to work.
The content of the file should be:
```
{
    "m.homeserver": {
        "base_url": "https://matrix.4rs.nl"
    }
}
```

For me, I created the files in my static blog and then deployed it in GitHub pages. See the [justfile that I use to deploy the files to the domain](https://git.4rs.nl/awiteb/blog/src/branch/master/Justfile#L15-L17). You can use any other method to deploy the files and make them accessible on your domain, as long as they are accessible at `/.well-known/matrix/server` and `/.well-known/matrix/client`.


## Nginx configuration of the matrix subdomain
You should have a nginx configuration for the matrix subdomain at `/etc/nginx/sites-available/matrix.4rs.nl` and symlinked to `/etc/nginx/sites-enabled/matrix.4rs.nl`, Also include it in the `nginx.conf` file with `include /etc/nginx/sites-enabled/*;` (the include is already in the `nginx.conf` file when you install nginx).

You also need to have a certificate for the domain. You can get a free certificate from [Let's Encrypt](https://letsencrypt.org/). You can use [Certbot](https://certbot.eff.org/) to get a certificate. (Generate a certificate for `4rs.nl` and `*.4rs.nl`)

The configuration should look like this (replace `4rs.nl` with your domain)
```
server {
    server_name    matrix.4rs.nl;
    listen         80;
    listen         [::]:80;
    location / {
      return         301 https://$server_name$request_uri;
    }
}

server {
    server_name matrix.4rs.nl;
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    access_log  /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log warn;

    ssl_session_timeout 1d;
    ssl_session_cache shared:MozSSL:10m;
    ssl_session_tickets off;

    ssl_trusted_certificate   /etc/letsencrypt/live/4rs.nl/chain.pem;
    ssl_certificate           /etc/letsencrypt/live/4rs.nl/fullchain.pem;
    ssl_certificate_key       /etc/letsencrypt/live/4rs.nl/privkey.pem;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
    ssl_prefer_server_ciphers off;
    ssl_stapling on;
    ssl_stapling_verify on;

    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_buffers 16 8k;
    gzip_http_version 1.1;
    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;

    ignore_invalid_headers off;

    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    client_body_timeout 5s;
    client_header_timeout 5s;

    location /.well-known/matrix/server {
        return 200 '{"m.server": "matrix.4rs.nl:443"}';
        default_type application/json;
        add_header Access-Control-Allow-Origin *;
    }
        location /.well-known/matrix/client {
        return 200 '{"m.homeserver": {"base_url": "https://matrix.4rs.nl}}';
        default_type application/json;
        add_header Access-Control-Allow-Origin *;
    }
        location / {
        proxy_pass http://localhost:8008;
        proxy_set_header X-Forwarded-For $remote_addr;
        client_max_body_size 200M;
    }
}
```
After you have created the configuration file, reload nginx with `sudo systemctl reload nginx`. You should now be able to access the homeserver at `matrix.4rs.nl`.

Now you end up the Nginx configuration for the matrix subdomain. The next step is to clone this repository and run the homeserver.

## Clone the repository
After you have set up the domain and the nginx configuration, you can clone this repository with `git clone https://4rs.nl/awiteb/synapse-config.git`. You should now have a directory called `synapse-config`.

## Configuration
After you have cloned the repository, replace all `4rs.nl` with your domain also the files in the `./data` directory.

There is tow things only you need to change it, the first one is the secrets in `./data/homeserver.yaml` and the second one is the signing key in `./data/4rs.nl.signing.key`.

### Homeserver.yaml
After replacing all `4rs.nl` with your domain, you need to generate a secret for each secret in the `homeserver.yaml` file. You can generate a secret with `openssl rand -base64 32`. Replace the secret with the generated secret.

### Signing key

> **Note**
> You need `signedjson` dependency to generate a signing key. You can install it with `pip3 install signedjson`.

Change the content of the `4rs.nl.signing.key` file with a generated key. You can generate a key with `generate_signing_key` script in root of the repository. Run `python3 generate_signing_key` and replace the content of the `4rs.nl.signing.key` file with the generated key.


## Run the homeserver and create the admin user
After all above steps, you can run the homeserver with `docker-compose up -d`. You should now have a running homeserver on `matrix.4rs.nl`.

Now you need to create an admin user with `docker exec -it synapse register_new_matrix_user http://localhost:8008 -c /data/homeserver.yaml` and follow the instructions. You should now have an admin user on the homeserver and you can login with it on the client using the homeserver `matrix.4rs.nl`. Enjoy your homeserver!

## Backup

> **Note**
> You need [`just`](https://just.systems/) to backup the homeserver. You can install it with `cargo install just`.

You can backup the homeserver with `just backup <backup-name>`. And it's will stored as encrypted AES256 7z file.

## Any questions?
If you have any questions, you can contact with me at `@awiteb:4rs.nl` and I will try to help you. Have fun with your homeserver!
first commit 2024-04-13 16:33:38 +02:00			`# 4rs matrix homeserver`

			`This is my personal matrix homeserver. You can clone this repository and run the homeserver with docker-compose.`

			`## Overview`
			In this repository I use `4rs.nl` (my domain) as an example. You should replace this with your own domain.
			After reading this README you should have a `/.well-known/matrix/server` and `/.well-known/matrix/client` file on your domain (4rs.nl) and your matrix subdomain (matrix.4rs.nl). The client will use `matrix.4rs.nl` as the homeserver and the displayed homeserver will be `4rs.nl`.

			`## Requirements`
			`- docker`
			`- docker-compose`
			`- nginx`

			`## Domain requirements`
			- Have a `/.well-known/matrix/server` file on your domain that points to your homeserver. This is required for federation to work.
			`The content of the file should be:`
			```
			`{`
			`"m.server": "matrix.4rs.nl:443"`
			`}`
			```
			- Have a `/.well-known/matrix/client` file on your domain that points to your homeserver. This is required for the client to work.
			`The content of the file should be:`
			```
			`{`
			`"m.homeserver": {`
			`"base_url": "https://matrix.4rs.nl"`
			`}`
			`}`
			```

			For me, I created the files in my static blog and then deployed it in GitHub pages. See the [justfile that I use to deploy the files to the domain](https://git.4rs.nl/awiteb/blog/src/branch/master/Justfile#L15-L17). You can use any other method to deploy the files and make them accessible on your domain, as long as they are accessible at `/.well-known/matrix/server` and `/.well-known/matrix/client`.


			`## Nginx configuration of the matrix subdomain`
			You should have a nginx configuration for the matrix subdomain at `/etc/nginx/sites-available/matrix.4rs.nl` and symlinked to `/etc/nginx/sites-enabled/matrix.4rs.nl`, Also include it in the `nginx.conf` file with `include /etc/nginx/sites-enabled/*;` (the include is already in the `nginx.conf` file when you install nginx).

			You also need to have a certificate for the domain. You can get a free certificate from [Let's Encrypt](https://letsencrypt.org/). You can use [Certbot](https://certbot.eff.org/) to get a certificate. (Generate a certificate for `4rs.nl` and `*.4rs.nl`)

			The configuration should look like this (replace `4rs.nl` with your domain)
			```
			`server {`
			`server_name matrix.4rs.nl;`
			`listen 80;`
			`listen [::]:80;`
			`location / {`
			`return 301 https://$server_name$request_uri;`
			`}`
			`}`

			`server {`
			`server_name matrix.4rs.nl;`
			`listen 443 ssl http2;`
			`listen [::]:443 ssl http2;`
			`access_log /var/log/nginx/access.log;`
			`error_log /var/log/nginx/error.log warn;`

			`ssl_session_timeout 1d;`
			`ssl_session_cache shared:MozSSL:10m;`
			`ssl_session_tickets off;`

			`ssl_trusted_certificate /etc/letsencrypt/live/4rs.nl/chain.pem;`
			`ssl_certificate /etc/letsencrypt/live/4rs.nl/fullchain.pem;`
			`ssl_certificate_key /etc/letsencrypt/live/4rs.nl/privkey.pem;`

			`ssl_protocols TLSv1.2 TLSv1.3;`
			`ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";`
			`ssl_prefer_server_ciphers off;`
			`ssl_stapling on;`
			`ssl_stapling_verify on;`

			`gzip_vary on;`
			`gzip_proxied any;`
			`gzip_comp_level 6;`
			`gzip_buffers 16 8k;`
			`gzip_http_version 1.1;`
			`gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;`

			`ignore_invalid_headers off;`

			`proxy_http_version 1.1;`
			`proxy_set_header Upgrade $http_upgrade;`
			`proxy_set_header Connection "upgrade";`
			`proxy_set_header Host $http_host;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`

			`client_body_timeout 5s;`
			`client_header_timeout 5s;`

			`location /.well-known/matrix/server {`
			`return 200 '{"m.server": "matrix.4rs.nl:443"}';`
			`default_type application/json;`
			`add_header Access-Control-Allow-Origin *;`
			`}`
			`location /.well-known/matrix/client {`
			`return 200 '{"m.homeserver": {"base_url": "https://matrix.4rs.nl}}';`
			`default_type application/json;`
			`add_header Access-Control-Allow-Origin *;`
			`}`
			`location / {`
			`proxy_pass http://localhost:8008;`
			`proxy_set_header X-Forwarded-For $remote_addr;`
			`client_max_body_size 200M;`
			`}`
			`}`
			```
			After you have created the configuration file, reload nginx with `sudo systemctl reload nginx`. You should now be able to access the homeserver at `matrix.4rs.nl`.

			`Now you end up the Nginx configuration for the matrix subdomain. The next step is to clone this repository and run the homeserver.`

			`## Clone the repository`
			After you have set up the domain and the nginx configuration, you can clone this repository with `git clone https://4rs.nl/awiteb/synapse-config.git`. You should now have a directory called `synapse-config`.

			`## Configuration`
			After you have cloned the repository, replace all `4rs.nl` with your domain also the files in the `./data` directory.

			There is tow things only you need to change it, the first one is the secrets in `./data/homeserver.yaml` and the second one is the signing key in `./data/4rs.nl.signing.key`.

			`### Homeserver.yaml`
			After replacing all `4rs.nl` with your domain, you need to generate a secret for each secret in the `homeserver.yaml` file. You can generate a secret with `openssl rand -base64 32`. Replace the secret with the generated secret.

			`### Signing key`

Update README.md 2024-04-24 00:29:23 +02:00			`> Note`
			> You need `signedjson` dependency to generate a signing key. You can install it with `pip3 install signedjson`.
first commit 2024-04-13 16:33:38 +02:00
			Change the content of the `4rs.nl.signing.key` file with a generated key. You can generate a key with `generate_signing_key` script in root of the repository. Run `python3 generate_signing_key` and replace the content of the `4rs.nl.signing.key` file with the generated key.


			`## Run the homeserver and create the admin user`
			After all above steps, you can run the homeserver with `docker-compose up -d`. You should now have a running homeserver on `matrix.4rs.nl`.

			Now you need to create an admin user with `docker exec -it synapse register_new_matrix_user http://localhost:8008 -c /data/homeserver.yaml` and follow the instructions. You should now have an admin user on the homeserver and you can login with it on the client using the homeserver `matrix.4rs.nl`. Enjoy your homeserver!

			`## Backup`

Update README.md 2024-04-24 00:29:23 +02:00			`> Note`
			> You need [`just`](https://just.systems/) to backup the homeserver. You can install it with `cargo install just`.
first commit 2024-04-13 16:33:38 +02:00
			You can backup the homeserver with `just backup <backup-name>`. And it's will stored as encrypted AES256 7z file.

			`## Any questions?`
			If you have any questions, you can contact with me at `@awiteb:4rs.nl` and I will try to help you. Have fun with your homeserver!