meta data for this page
Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
digital:server:matrixsynapse [2019/05/30 11:14] natrius Step 4 - Deleted FIXME |
digital:server:matrixsynapse [2020/07/20 21:36] natrius Changed example.com to homeserver.example according to RFC 2606 https://tools.ietf.org/html/rfc2606#section-2 |
||
---|---|---|---|
Line 39: | Line 39: | ||
sudo apt install -y lsb-release wget apt-transport-https | sudo apt install -y lsb-release wget apt-transport-https | ||
sudo wget -O / | sudo wget -O / | ||
- | echo "deb [signed-by=/ | + | echo "deb [signed-by=/ |
- | | + | |
</ | </ | ||
Line 53: | Line 52: | ||
sudo apt install matrix-synapse-py3 | sudo apt install matrix-synapse-py3 | ||
- | During the installation, | + | During the installation, |
**Don' | **Don' | ||
Line 64: | Line 63: | ||
sudo systemctl enable matrix-synapse.service | sudo systemctl enable matrix-synapse.service | ||
- | Synapse is now up and running using the default configuration on port ' | + | Synapse is now up and running using the default configuration on port ' |
- | | + | ss -plntu |
- | #### Set up well.known | + | #### Set up .well-known |
- | FIXME | + | On your webserver a file at '' |
- | + | ||
- | #### Set up SRV | + | |
- | + | ||
- | By setting an SRV record in your DNS provider, it is possible to tell other matrix | + | |
< | < | ||
- | _matrix._tcp.example.com. 3600 IN SRV 10 5 443 synapse.example.com. | + | { |
+ | "m.server": | ||
+ | } | ||
</ | </ | ||
- | There is still an A record needed, pointing to the IP-addess | + | Where ''/'' |
### Step 3 - Configure Synapse | ### Step 3 - Configure Synapse | ||
Line 96: | Line 93: | ||
'' | '' | ||
- | '' | + | '' |
- | #### Check listener and federation port | + | #### Check ports |
- | Now check the HTTP and HTTPS listener port ' | + | **The best is to leave it default as it comes delivered** (watch here https:// |
< | < | ||
Line 120: | Line 117: | ||
Now restart the Synapse services. | Now restart the Synapse services. | ||
- | sudo systemctl | + | sudo systemctl |
Check the homeserver service with the following command | Check the homeserver service with the following command | ||
- | | + | ss -plntu |
You will get the Synapse service is now on the local IP address. And we have completed the Synapse installation and configuration. | You will get the Synapse service is now on the local IP address. And we have completed the Synapse installation and configuration. | ||
Line 143: | Line 140: | ||
sudo apt-get install certbot python-certbot-nginx | sudo apt-get install certbot python-certbot-nginx | ||
- | Generate the SSL certificate files for the matrix domain name '' | + | Generate the SSL certificate files for the matrix domain name '' |
sudo certbot --nginx | sudo certbot --nginx | ||
- | The Letsencrypt tool will generate SSL certificate files by running the ' | + | The Letsencrypt tool will generate SSL certificate files by running the ' |
< | < | ||
Line 154: | Line 151: | ||
Obtaining a new certificate | Obtaining a new certificate | ||
Performing the following challenges: | Performing the following challenges: | ||
- | http-01 challenge for example.com | + | http-01 challenge for homeserver.example |
Waiting for verification... | Waiting for verification... | ||
Cleaning up challenges | Cleaning up challenges | ||
Line 160: | Line 157: | ||
IMPORTANT NOTES: | IMPORTANT NOTES: | ||
- Congratulations! Your certificate and chain have been saved at: | - Congratulations! Your certificate and chain have been saved at: | ||
- | / | + | / |
Your key file has been saved at: | Your key file has been saved at: | ||
- | / | + | / |
Your cert will expire on 2019-03-03. To obtain a new or tweaked | Your cert will expire on 2019-03-03. To obtain a new or tweaked | ||
| | ||
Line 193: | Line 190: | ||
sudo systemctl enable nginx.service | sudo systemctl enable nginx.service | ||
- | Next, we will create a new virtual host configuration for the domain name '' | + | Next, we will create a new virtual host configuration for the domain name '' |
< | < | ||
- | Paste the following configuration there, changing the domain '' | + | Paste the following configuration there, changing the domain '' |
< | < | ||
server { | server { | ||
| | ||
- | | + | |
| | ||
} | } | ||
Line 209: | Line 206: | ||
listen 443 ssl; | listen 443 ssl; | ||
listen [::]:443 ssl; | listen [::]:443 ssl; | ||
- | server_name | + | server_name |
- | ssl_certificate / | + | ssl_certificate / |
- | ssl_certificate_key / | + | ssl_certificate_key / |
# If you don't wanna serve a site, comment this out | # If you don't wanna serve a site, comment this out | ||
Line 223: | Line 220: | ||
} | } | ||
location / | location / | ||
- | return 200 ' | + | return 200 ' |
add_header Content-Type application/ | add_header Content-Type application/ | ||
} | } | ||
location / | location / | ||
- | return 200 ' | + | return 200 ' |
add_header Content-Type application/ | add_header Content-Type application/ | ||
add_header " | add_header " | ||
Line 257: | Line 254: | ||
Nginx installation and configuration as a reverse proxy for the Synapse homeserver has been completed. | Nginx installation and configuration as a reverse proxy for the Synapse homeserver has been completed. | ||
- | ### (Optional) Step 6 - Postgre | + | ### (Optional) Step 6 - PostgreSQL |
While the step is marked as optional, it is **strongly encouraged** for any server that isn't purely for testing. | While the step is marked as optional, it is **strongly encouraged** for any server that isn't purely for testing. | ||
- | #### Initial | + | #### Initial |
< | < | ||
Line 269: | Line 266: | ||
< | < | ||
- | Where username can be " | + | Where username can be '' |
To end the postgre line just type in '' | To end the postgre line just type in '' | ||
- | #### Set up Postgre | + | #### Set up PostgreSQL |
< | < | ||
Line 294: | Line 291: | ||
* '' | * '' | ||
- | * '' | + | * '' |
* '' | * '' | ||
Line 300: | Line 297: | ||
< | < | ||
- | sudo systemctl | + | sudo systemctl |
</ | </ | ||
### Migrating from SQlite to PostgreSQL | ### Migrating from SQlite to PostgreSQL | ||
- | There is no need for this if you have nothing done yet with synapse, otherwise, please refer to https:// | + | Assuming you already followed step 6, there is no need for a migration. If you already used your Synapse and want to migrate, please refer to https:// |
### Step 7 - Setup UFW Firewall | ### Step 7 - Setup UFW Firewall | ||
Line 325: | Line 322: | ||
At this stage, the Synapse homeserver installation and configuration is complete. And in this step, we need to add a new matrix user from the command line on the server. To create a new matrix user, run the command below. | At this stage, the Synapse homeserver installation and configuration is complete. And in this step, we need to add a new matrix user from the command line on the server. To create a new matrix user, run the command below. | ||
- | register_new_matrix_user -c homeserver.yaml http:// | + | register_new_matrix_user -c / |
Now you need to input the user name, password, and decide whether the user will have the admin privileges or not. And we have created a new matrix user with admin privilege. | Now you need to input the user name, password, and decide whether the user will have the admin privileges or not. And we have created a new matrix user with admin privilege. | ||
- | ### Step 9 - Federation | + | ### Step 9 - Testing |
- | You can test if federation is working using https:// | + | If you have used Riot with the desktop application before you may not want to log out, so it is better to go to [[https:// |
- | + | ||
- | * https:// | + | |
- | + | ||
- | ### Step 10 - Testing | + | |
- | + | ||
- | If you have used Riot with the desktop application before you may not want to log out, so it is better to go to [[https:// | + | |
The Synapse homeserver is up and running under the Nginx reverse proxy HTTPS connection, and the user is now logged in to the Synapse homeserver using the Riot application. | The Synapse homeserver is up and running under the Nginx reverse proxy HTTPS connection, and the user is now logged in to the Synapse homeserver using the Riot application. | ||
Line 343: | Line 334: | ||
If you need two instances of riot instead, you can start it with argument, refer to [[digital: | If you need two instances of riot instead, you can start it with argument, refer to [[digital: | ||
- | For another way to test it, go to '' | + | For another way to test it, go to '' |
<code xml> | <code xml> | ||
Line 354: | Line 345: | ||
3 " | 3 " | ||
</ | </ | ||
+ | |||
+ | ### Step 10 - Federation | ||
+ | |||
+ | You can test if federation is working using https:// | ||
+ | |||
+ | * https:// | ||
## Explanations | ## Explanations | ||
Line 416: | Line 413: | ||
### Whats my version | ### Whats my version | ||
- | * https://example.com/ | + | * https://homeserver.example/ |
### Location of logs | ### Location of logs | ||
+ | |||
+ | Check matrix with '' | ||
+ | |||
+ | A good way to check the logs is '' | ||
+ | |||
+ | #### Matrix | ||
< | < | ||
- | / | ||
/ | / | ||
+ | </ | ||
+ | |||
+ | #### Nginx | ||
+ | |||
+ | < | ||
+ | / | ||
+ | / | ||
</ | </ | ||
Line 457: | Line 466: | ||
For feedback about this guide or tips on how to improve it visit https:// | For feedback about this guide or tips on how to improve it visit https:// | ||
- | ### ToDo | ||
- | |||
- | * More explanations (explain more, because open source documentation is famously sparse) | ||
- | * what nginx | ||
- | * reverse proxy | ||
- | * what is postgre and why is it preferred over sqlite |