143 lines
6.7 KiB
Markdown
143 lines
6.7 KiB
Markdown
# 4rs matrix homeserver
|
|
|
|
This is my personal matrix homeserver. You can clone this repository and run the homeserver with docker-compose.
|
|
|
|
## Overview
|
|
In this repository I use `4rs.nl` (my domain) as an example. You should replace this with your own domain.
|
|
After reading this README you should have a `/.well-known/matrix/server` and `/.well-known/matrix/client` file on your domain (4rs.nl) and your matrix subdomain (matrix.4rs.nl). The client will use `matrix.4rs.nl` as the homeserver and the displayed homeserver will be `4rs.nl`.
|
|
|
|
## Requirements
|
|
- docker
|
|
- docker-compose
|
|
- nginx
|
|
|
|
## Domain requirements
|
|
- Have a `/.well-known/matrix/server` file on your domain that points to your homeserver. This is required for federation to work.
|
|
The content of the file should be:
|
|
```
|
|
{
|
|
"m.server": "matrix.4rs.nl:443"
|
|
}
|
|
```
|
|
- Have a `/.well-known/matrix/client` file on your domain that points to your homeserver. This is required for the client to work.
|
|
The content of the file should be:
|
|
```
|
|
{
|
|
"m.homeserver": {
|
|
"base_url": "https://matrix.4rs.nl"
|
|
}
|
|
}
|
|
```
|
|
|
|
For me, I created the files in my static blog and then deployed it in GitHub pages. See the [justfile that I use to deploy the files to the domain](https://git.4rs.nl/awiteb/blog/src/branch/master/Justfile#L15-L17). You can use any other method to deploy the files and make them accessible on your domain, as long as they are accessible at `/.well-known/matrix/server` and `/.well-known/matrix/client`.
|
|
|
|
|
|
## Nginx configuration of the matrix subdomain
|
|
You should have a nginx configuration for the matrix subdomain at `/etc/nginx/sites-available/matrix.4rs.nl` and symlinked to `/etc/nginx/sites-enabled/matrix.4rs.nl`, Also include it in the `nginx.conf` file with `include /etc/nginx/sites-enabled/*;` (the include is already in the `nginx.conf` file when you install nginx).
|
|
|
|
You also need to have a certificate for the domain. You can get a free certificate from [Let's Encrypt](https://letsencrypt.org/). You can use [Certbot](https://certbot.eff.org/) to get a certificate. (Generate a certificate for `4rs.nl` and `*.4rs.nl`)
|
|
|
|
The configuration should look like this (replace `4rs.nl` with your domain)
|
|
```
|
|
server {
|
|
server_name matrix.4rs.nl;
|
|
listen 80;
|
|
listen [::]:80;
|
|
location / {
|
|
return 301 https://$server_name$request_uri;
|
|
}
|
|
}
|
|
|
|
server {
|
|
server_name matrix.4rs.nl;
|
|
listen 443 ssl http2;
|
|
listen [::]:443 ssl http2;
|
|
access_log /var/log/nginx/access.log;
|
|
error_log /var/log/nginx/error.log warn;
|
|
|
|
ssl_session_timeout 1d;
|
|
ssl_session_cache shared:MozSSL:10m;
|
|
ssl_session_tickets off;
|
|
|
|
ssl_trusted_certificate /etc/letsencrypt/live/4rs.nl/chain.pem;
|
|
ssl_certificate /etc/letsencrypt/live/4rs.nl/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/4rs.nl/privkey.pem;
|
|
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
|
|
ssl_prefer_server_ciphers off;
|
|
ssl_stapling on;
|
|
ssl_stapling_verify on;
|
|
|
|
gzip_vary on;
|
|
gzip_proxied any;
|
|
gzip_comp_level 6;
|
|
gzip_buffers 16 8k;
|
|
gzip_http_version 1.1;
|
|
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;
|
|
|
|
ignore_invalid_headers off;
|
|
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_set_header Host $http_host;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
client_body_timeout 5s;
|
|
client_header_timeout 5s;
|
|
|
|
location /.well-known/matrix/server {
|
|
return 200 '{"m.server": "matrix.4rs.nl:443"}';
|
|
default_type application/json;
|
|
add_header Access-Control-Allow-Origin *;
|
|
}
|
|
location /.well-known/matrix/client {
|
|
return 200 '{"m.homeserver": {"base_url": "https://matrix.4rs.nl}}';
|
|
default_type application/json;
|
|
add_header Access-Control-Allow-Origin *;
|
|
}
|
|
location / {
|
|
proxy_pass http://localhost:8008;
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
client_max_body_size 200M;
|
|
}
|
|
}
|
|
```
|
|
After you have created the configuration file, reload nginx with `sudo systemctl reload nginx`. You should now be able to access the homeserver at `matrix.4rs.nl`.
|
|
|
|
Now you end up the Nginx configuration for the matrix subdomain. The next step is to clone this repository and run the homeserver.
|
|
|
|
## Clone the repository
|
|
After you have set up the domain and the nginx configuration, you can clone this repository with `git clone https://4rs.nl/awiteb/synapse-config.git`. You should now have a directory called `synapse-config`.
|
|
|
|
## Configuration
|
|
After you have cloned the repository, replace all `4rs.nl` with your domain also the files in the `./data` directory.
|
|
|
|
There is tow things only you need to change it, the first one is the secrets in `./data/homeserver.yaml` and the second one is the signing key in `./data/4rs.nl.signing.key`.
|
|
|
|
### Homeserver.yaml
|
|
After replacing all `4rs.nl` with your domain, you need to generate a secret for each secret in the `homeserver.yaml` file. You can generate a secret with `openssl rand -base64 32`. Replace the secret with the generated secret.
|
|
|
|
### Signing key
|
|
|
|
> **Note**
|
|
> You need `signedjson` dependency to generate a signing key. You can install it with `pip3 install signedjson`.
|
|
|
|
Change the content of the `4rs.nl.signing.key` file with a generated key. You can generate a key with `generate_signing_key` script in root of the repository. Run `python3 generate_signing_key` and replace the content of the `4rs.nl.signing.key` file with the generated key.
|
|
|
|
|
|
## Run the homeserver and create the admin user
|
|
After all above steps, you can run the homeserver with `docker-compose up -d`. You should now have a running homeserver on `matrix.4rs.nl`.
|
|
|
|
Now you need to create an admin user with `docker exec -it synapse register_new_matrix_user http://localhost:8008 -c /data/homeserver.yaml` and follow the instructions. You should now have an admin user on the homeserver and you can login with it on the client using the homeserver `matrix.4rs.nl`. Enjoy your homeserver!
|
|
|
|
## Backup
|
|
|
|
> **Note**
|
|
> You need [`just`](https://just.systems/) to backup the homeserver. You can install it with `cargo install just`.
|
|
|
|
You can backup the homeserver with `just backup <backup-name>`. And it's will stored as encrypted AES256 7z file.
|
|
|
|
## Any questions?
|
|
If you have any questions, you can contact with me at `@awiteb:4rs.nl` and I will try to help you. Have fun with your homeserver!
|