6.7 KiB
4rs matrix homeserver
This is my personal matrix homeserver. You can clone this repository and run the homeserver with docker-compose.
Overview
In this repository I use 4rs.nl
(my domain) as an example. You should replace this with your own domain.
After reading this README you should have a /.well-known/matrix/server
and /.well-known/matrix/client
file on your domain (4rs.nl) and your matrix subdomain (matrix.4rs.nl). The client will use matrix.4rs.nl
as the homeserver and the displayed homeserver will be 4rs.nl
.
Requirements
- docker
- docker-compose
- nginx
Domain requirements
- Have a
/.well-known/matrix/server
file on your domain that points to your homeserver. This is required for federation to work. The content of the file should be:
{
"m.server": "matrix.4rs.nl:443"
}
- Have a
/.well-known/matrix/client
file on your domain that points to your homeserver. This is required for the client to work. The content of the file should be:
{
"m.homeserver": {
"base_url": "https://matrix.4rs.nl"
}
}
For me, I created the files in my static blog and then deployed it in GitHub pages. See the justfile that I use to deploy the files to the domain. You can use any other method to deploy the files and make them accessible on your domain, as long as they are accessible at /.well-known/matrix/server
and /.well-known/matrix/client
.
Nginx configuration of the matrix subdomain
You should have a nginx configuration for the matrix subdomain at /etc/nginx/sites-available/matrix.4rs.nl
and symlinked to /etc/nginx/sites-enabled/matrix.4rs.nl
, Also include it in the nginx.conf
file with include /etc/nginx/sites-enabled/*;
(the include is already in the nginx.conf
file when you install nginx).
You also need to have a certificate for the domain. You can get a free certificate from Let's Encrypt. You can use Certbot to get a certificate. (Generate a certificate for 4rs.nl
and *.4rs.nl
)
The configuration should look like this (replace 4rs.nl
with your domain)
server {
server_name matrix.4rs.nl;
listen 80;
listen [::]:80;
location / {
return 301 https://$server_name$request_uri;
}
}
server {
server_name matrix.4rs.nl;
listen 443 ssl http2;
listen [::]:443 ssl http2;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log warn;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_trusted_certificate /etc/letsencrypt/live/4rs.nl/chain.pem;
ssl_certificate /etc/letsencrypt/live/4rs.nl/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/4rs.nl/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_prefer_server_ciphers off;
ssl_stapling on;
ssl_stapling_verify on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;
ignore_invalid_headers off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_body_timeout 5s;
client_header_timeout 5s;
location /.well-known/matrix/server {
return 200 '{"m.server": "matrix.4rs.nl:443"}';
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
location /.well-known/matrix/client {
return 200 '{"m.homeserver": {"base_url": "https://matrix.4rs.nl}}';
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
location / {
proxy_pass http://localhost:8008;
proxy_set_header X-Forwarded-For $remote_addr;
client_max_body_size 200M;
}
}
After you have created the configuration file, reload nginx with sudo systemctl reload nginx
. You should now be able to access the homeserver at matrix.4rs.nl
.
Now you end up the Nginx configuration for the matrix subdomain. The next step is to clone this repository and run the homeserver.
Clone the repository
After you have set up the domain and the nginx configuration, you can clone this repository with git clone https://4rs.nl/awiteb/synapse-config.git
. You should now have a directory called synapse-config
.
Configuration
After you have cloned the repository, replace all 4rs.nl
with your domain also the files in the ./data
directory.
There is tow things only you need to change it, the first one is the secrets in ./data/homeserver.yaml
and the second one is the signing key in ./data/4rs.nl.signing.key
.
Homeserver.yaml
After replacing all 4rs.nl
with your domain, you need to generate a secret for each secret in the homeserver.yaml
file. You can generate a secret with openssl rand -base64 32
. Replace the secret with the generated secret.
Signing key
Note
You need
signedjson
dependency to generate a signing key. You can install it withpip3 install signedjson
.
Change the content of the 4rs.nl.signing.key
file with a generated key. You can generate a key with generate_signing_key
script in root of the repository. Run python3 generate_signing_key
and replace the content of the 4rs.nl.signing.key
file with the generated key.
Run the homeserver and create the admin user
After all above steps, you can run the homeserver with docker-compose up -d
. You should now have a running homeserver on matrix.4rs.nl
.
Now you need to create an admin user with docker exec -it synapse register_new_matrix_user http://localhost:8008 -c /data/homeserver.yaml
and follow the instructions. You should now have an admin user on the homeserver and you can login with it on the client using the homeserver matrix.4rs.nl
. Enjoy your homeserver!
Backup
Note
You need
just
to backup the homeserver. You can install it withcargo install just
.
You can backup the homeserver with just backup <backup-name>
. And it's will stored as encrypted AES256 7z file.
Any questions?
If you have any questions, you can contact with me at @awiteb:4rs.nl
and I will try to help you. Have fun with your homeserver!