meta data for this page
Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
digital:server:matrixsynapse [2019/05/30 12:57] natrius |
digital:server:matrixsynapse [2020/10/07 09:07] natrius Moved .well-known after installation of nginx |
||
---|---|---|---|
Line 39: | Line 39: | ||
sudo apt install -y lsb-release wget apt-transport-https | sudo apt install -y lsb-release wget apt-transport-https | ||
sudo wget -O / | sudo wget -O / | ||
- | echo "deb [signed-by=/ | + | echo "deb [signed-by=/ |
- | | + | |
</ | </ | ||
Line 53: | Line 52: | ||
sudo apt install matrix-synapse-py3 | sudo apt install matrix-synapse-py3 | ||
- | During the installation, | + | During the installation, |
**Don' | **Don' | ||
Line 64: | Line 63: | ||
sudo systemctl enable matrix-synapse.service | sudo systemctl enable matrix-synapse.service | ||
- | Synapse is now up and running using the default configuration on port ' | + | Synapse is now up and running using the default configuration on port ' |
- | | + | ss -plntu |
- | + | ||
- | #### Set up well.known | + | |
- | + | ||
- | On your webserver a file at '' | + | |
- | + | ||
- | < | + | |
- | { | + | |
- | " | + | |
- | } | + | |
- | </ | + | |
- | + | ||
- | Where ''/'' | + | |
- | + | ||
- | #### Set up SRV | + | |
- | + | ||
- | By setting an SRV record in your DNS provider, it is possible to tell other matrix servers where to connect to the server, pointing them to the correct hostname and port, in this example the default port (8448) is still used: | + | |
- | + | ||
- | < | + | |
- | _matrix._tcp.example.com. 3600 IN SRV 10 5 443 synapse.example.com. | + | |
- | </ | + | |
- | + | ||
- | There is still an A record needed, pointing to the IP-addess of synapse on the subdomain (matrix.example.com). This way others can add your user with '' | + | |
### Step 3 - Configure Synapse | ### Step 3 - Configure Synapse | ||
Line 104: | Line 81: | ||
'' | '' | ||
- | '' | + | '' |
- | #### Check listener and federation port | + | #### Check ports |
- | Now check the HTTP and HTTPS listener port ' | + | **The best is to leave it default as it comes delivered** (watch here https:// |
< | < | ||
Line 128: | Line 105: | ||
Now restart the Synapse services. | Now restart the Synapse services. | ||
- | sudo systemctl | + | sudo systemctl |
Check the homeserver service with the following command | Check the homeserver service with the following command | ||
- | | + | ss -plntu |
You will get the Synapse service is now on the local IP address. And we have completed the Synapse installation and configuration. | You will get the Synapse service is now on the local IP address. And we have completed the Synapse installation and configuration. | ||
Line 151: | Line 128: | ||
sudo apt-get install certbot python-certbot-nginx | sudo apt-get install certbot python-certbot-nginx | ||
- | Generate the SSL certificate files for the matrix domain name '' | + | Generate the SSL certificate files for the matrix domain name '' |
sudo certbot --nginx | sudo certbot --nginx | ||
- | The Letsencrypt tool will generate SSL certificate files by running the ' | + | The Letsencrypt tool will generate SSL certificate files by running the ' |
< | < | ||
Line 162: | Line 139: | ||
Obtaining a new certificate | Obtaining a new certificate | ||
Performing the following challenges: | Performing the following challenges: | ||
- | http-01 challenge for example.com | + | http-01 challenge for homeserver.example |
Waiting for verification... | Waiting for verification... | ||
Cleaning up challenges | Cleaning up challenges | ||
Line 168: | Line 145: | ||
IMPORTANT NOTES: | IMPORTANT NOTES: | ||
- Congratulations! Your certificate and chain have been saved at: | - Congratulations! Your certificate and chain have been saved at: | ||
- | / | + | / |
Your key file has been saved at: | Your key file has been saved at: | ||
- | / | + | / |
Your cert will expire on 2019-03-03. To obtain a new or tweaked | Your cert will expire on 2019-03-03. To obtain a new or tweaked | ||
| | ||
Line 201: | Line 178: | ||
sudo systemctl enable nginx.service | sudo systemctl enable nginx.service | ||
- | Next, we will create a new virtual host configuration for the domain name '' | + | Next, we will create a new virtual host configuration for the domain name '' |
< | < | ||
- | Paste the following configuration there, changing the domain '' | + | Paste the following configuration there, changing the domain '' |
< | < | ||
server { | server { | ||
| | ||
- | | + | |
| | ||
} | } | ||
Line 217: | Line 194: | ||
listen 443 ssl; | listen 443 ssl; | ||
listen [::]:443 ssl; | listen [::]:443 ssl; | ||
- | server_name | + | server_name |
- | ssl_certificate / | + | ssl_certificate / |
- | ssl_certificate_key / | + | ssl_certificate_key / |
# If you don't wanna serve a site, comment this out | # If you don't wanna serve a site, comment this out | ||
Line 231: | Line 208: | ||
} | } | ||
location / | location / | ||
- | return 200 ' | + | return 200 ' |
add_header Content-Type application/ | add_header Content-Type application/ | ||
} | } | ||
location / | location / | ||
- | return 200 ' | + | return 200 ' |
add_header Content-Type application/ | add_header Content-Type application/ | ||
add_header " | add_header " | ||
Line 265: | Line 242: | ||
Nginx installation and configuration as a reverse proxy for the Synapse homeserver has been completed. | Nginx installation and configuration as a reverse proxy for the Synapse homeserver has been completed. | ||
- | ### (Optional) Step 6 - Postgre | + | #### Set up .well-known |
+ | |||
+ | On your webserver a file at '' | ||
+ | |||
+ | < | ||
+ | { | ||
+ | " | ||
+ | } | ||
+ | </ | ||
+ | |||
+ | Where ''/'' | ||
+ | |||
+ | ### (Optional) Step 6 - PostgreSQL | ||
While the step is marked as optional, it is **strongly encouraged** for any server that isn't purely for testing. | While the step is marked as optional, it is **strongly encouraged** for any server that isn't purely for testing. | ||
- | #### Initial | + | #### Initial |
< | < | ||
Line 277: | Line 266: | ||
< | < | ||
- | Where username can be " | + | Where username can be '' |
To end the postgre line just type in '' | To end the postgre line just type in '' | ||
- | #### Set up Postgre | + | #### Set up PostgreSQL |
< | < | ||
Line 302: | Line 291: | ||
* '' | * '' | ||
- | * '' | + | * '' |
* '' | * '' | ||
Line 308: | Line 297: | ||
< | < | ||
- | sudo systemctl | + | sudo systemctl |
</ | </ | ||
### Migrating from SQlite to PostgreSQL | ### Migrating from SQlite to PostgreSQL | ||
- | There is no need for this if you have nothing done yet with synapse, otherwise, please refer to https:// | + | Assuming you already followed step 6, there is no need for a migration. If you already used your Synapse and want to migrate, please refer to https:// |
### Step 7 - Setup UFW Firewall | ### Step 7 - Setup UFW Firewall | ||
Line 333: | Line 322: | ||
At this stage, the Synapse homeserver installation and configuration is complete. And in this step, we need to add a new matrix user from the command line on the server. To create a new matrix user, run the command below. | At this stage, the Synapse homeserver installation and configuration is complete. And in this step, we need to add a new matrix user from the command line on the server. To create a new matrix user, run the command below. | ||
- | register_new_matrix_user -c homeserver.yaml http:// | + | register_new_matrix_user -c / |
Now you need to input the user name, password, and decide whether the user will have the admin privileges or not. And we have created a new matrix user with admin privilege. | Now you need to input the user name, password, and decide whether the user will have the admin privileges or not. And we have created a new matrix user with admin privilege. | ||
- | ### Step 9 - Federation | + | ### Step 9 - Testing |
- | You can test if federation is working using https:// | + | If you have used Riot with the desktop application before you may not want to log out, so it is better to go to [[https:// |
- | + | ||
- | * https:// | + | |
- | + | ||
- | ### Step 10 - Testing | + | |
- | + | ||
- | If you have used Riot with the desktop application before you may not want to log out, so it is better to go to [[https:// | + | |
The Synapse homeserver is up and running under the Nginx reverse proxy HTTPS connection, and the user is now logged in to the Synapse homeserver using the Riot application. | The Synapse homeserver is up and running under the Nginx reverse proxy HTTPS connection, and the user is now logged in to the Synapse homeserver using the Riot application. | ||
Line 351: | Line 334: | ||
If you need two instances of riot instead, you can start it with argument, refer to [[digital: | If you need two instances of riot instead, you can start it with argument, refer to [[digital: | ||
- | For another way to test it, go to '' | + | For another way to test it, go to '' |
<code xml> | <code xml> | ||
Line 362: | Line 345: | ||
3 " | 3 " | ||
</ | </ | ||
+ | |||
+ | ### Step 10 - Federation | ||
+ | |||
+ | You can test if federation is working using https:// | ||
+ | |||
+ | * https:// | ||
## Explanations | ## Explanations | ||
Line 424: | Line 413: | ||
### Whats my version | ### Whats my version | ||
- | * https://example.com/ | + | * https://homeserver.example/ |
### Location of logs | ### Location of logs | ||
+ | |||
+ | Check matrix with '' | ||
+ | |||
+ | A good way to check the logs is '' | ||
+ | |||
+ | #### Matrix | ||
< | < | ||
- | / | ||
/ | / | ||
+ | </ | ||
+ | |||
+ | #### Nginx | ||
+ | |||
+ | < | ||
+ | / | ||
+ | / | ||
</ | </ | ||
Line 465: | Line 466: | ||
For feedback about this guide or tips on how to improve it visit https:// | For feedback about this guide or tips on how to improve it visit https:// | ||
- | ### ToDo | ||
- | |||
- | * More explanations (explain more, because open source documentation is famously sparse) | ||
- | * what nginx | ||
- | * reverse proxy | ||
- | * what is postgre and why is it preferred over sqlite |