synapse-config/README.md
2024-05-03 13:26:46 +03:00

6.4 KiB

4rs matrix homeserver

This is my personal matrix homeserver. You can clone this repository and run the homeserver with docker-compose.

Overview

In this repository I use 4rs.nl (my domain) as an example. You should replace this with your own domain. After reading this README you should have a /.well-known/matrix/server and /.well-known/matrix/client file on your domain (4rs.nl). The client will use matrix.4rs.nl as the homeserver and the displayed server name will be 4rs.nl.

Requirements

  • docker
  • docker-compose
  • nginx

Domain requirements

  • Have a /.well-known/matrix/server file on your domain (server name) that points to your homeserver. This is required for federation to work. The content of the file should be:
{
    "m.server": "matrix.4rs.nl:443"
}
  • Have a /.well-known/matrix/client file on your domain (server name) that points to your homeserver. This is required for the client to work. The content of the file should be:
{
    "m.homeserver": {
        "base_url": "https://matrix.4rs.nl"
    }
}

For me, I created the files in my static blog and then deployed it in GitHub pages. See the files here in my blog repository. You can use any other method to deploy the files and make them accessible on your domain, as long as they are accessible at /.well-known/matrix/server and /.well-known/matrix/client.

Nginx configuration of the matrix subdomain

You should have a nginx configuration for the matrix subdomain at /etc/nginx/sites-available/matrix.4rs.nl and symlinked to /etc/nginx/sites-enabled/matrix.4rs.nl, Also include it in the nginx.conf file with include /etc/nginx/sites-enabled/*; (the include is already in the nginx.conf file when you install nginx).

You also need to have a certificate for the domain. You can get a free certificate from Let's Encrypt. You can use Certbot to get a certificate. (Generate a certificate for 4rs.nl and *.4rs.nl)

The configuration should look like this (replace 4rs.nl with your domain)

server {
    server_name    matrix.4rs.nl;
    listen         80;
    listen         [::]:80;
    location / {
      return         301 https://$server_name$request_uri;
    }
}

server {
    server_name matrix.4rs.nl;
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    access_log  /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log warn;

    ssl_session_timeout 1d;
    ssl_session_cache shared:MozSSL:10m;
    ssl_session_tickets off;

    ssl_trusted_certificate   /etc/letsencrypt/live/4rs.nl/chain.pem;
    ssl_certificate           /etc/letsencrypt/live/4rs.nl/fullchain.pem;
    ssl_certificate_key       /etc/letsencrypt/live/4rs.nl/privkey.pem;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
    ssl_prefer_server_ciphers off;
    ssl_stapling on;
    ssl_stapling_verify on;

    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_buffers 16 8k;
    gzip_http_version 1.1;
    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;

    ignore_invalid_headers off;

    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    client_body_timeout 5s;
    client_header_timeout 5s;

    location / {
        proxy_pass http://localhost:8008;
        proxy_set_header X-Forwarded-For $remote_addr;
        client_max_body_size 200M;
    }
}

After you have created the configuration file, reload nginx with sudo systemctl reload nginx. You should now be able to access the homeserver at matrix.4rs.nl.

Now you end up the Nginx configuration for the matrix subdomain. The next step is to clone this repository and run the homeserver.

Clone the repository

After you have set up the domain and the nginx configuration, you can clone this repository with git clone https://4rs.nl/awiteb/synapse-config.git. You should now have a directory called synapse-config.

Configuration

After you have cloned the repository, replace all 4rs.nl with your domain also the files in the ./data directory.

There is tow things only you need to change it, the first one is the secrets in ./data/homeserver.yaml and the second one is the signing key in ./data/4rs.nl.signing.key.

homeserver.yaml

After replacing all 4rs.nl with your domain, you need to generate a secret for each secret in the homeserver.yaml file. You can generate a secret with openssl rand -base64 32. Replace the secret with the generated secret.

Signing key

Note

You need signedjson dependency to generate a signing key. You can install it with pip3 install signedjson.

Change the content of the 4rs.nl.signing.key file with a generated key. You can generate a key with generate_signing_key script in root of the repository. Run python3 generate_signing_key and replace the content of the 4rs.nl.signing.key file with the generated key.

Run the homeserver and create the admin user

After all above steps, you can run the homeserver with docker-compose up -d. You should now have a running homeserver on matrix.4rs.nl.

Now you need to create an admin user with docker exec -it synapse register_new_matrix_user http://localhost:8008 -c /data/homeserver.yaml and follow the instructions. You should now have an admin user on the homeserver and you can login with it on the client using the homeserver matrix.4rs.nl. Enjoy your homeserver!

Note

You need just to backup and restore your homeserver. You can install it with cargo install just.

Backup

You can backup the homeserver with just backup <backup-name>. And it's will stored as encrypted AES256 7z file.

Restore

To restore the homeserver, you can use just restore <backup-name>. Make sure to run it in the root of the repository.

Any questions?

If you have any questions, you can contact with me at @awiteb:4rs.nl and I will try to help you. Have fun with your homeserver!