meta data for this page
Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
digital:server:matrixsynapse [2020/05/05 23:40] natrius [(Optional) Step 6 - PostgreSQL instead of sqlite] |
digital:server:matrixsynapse [2021/06/04 19:16] natrius Troubleshooting - added part about sending images |
||
---|---|---|---|
Line 1: | Line 1: | ||
# Matrix Synapse | # Matrix Synapse | ||
- | [[https:// | + | [[https:// |
Synapse is a reference homeserver implementation from the core development team at matrix.org, written in Python/ | Synapse is a reference homeserver implementation from the core development team at matrix.org, written in Python/ | ||
Line 9: | Line 9: | ||
This guide explains one way to setup a Synapse server. There are many other correct ways to setup a Matrix server and that is the reason why there are so many guides. Feel free to choose the guide that suits your setup the best. | This guide explains one way to setup a Synapse server. There are many other correct ways to setup a Matrix server and that is the reason why there are so many guides. Feel free to choose the guide that suits your setup the best. | ||
- | ## How to install Synapse on Ubuntu 18.04 LTS | + | ## How to install Synapse on Ubuntu |
### Prerequisites | ### Prerequisites | ||
Line 52: | Line 52: | ||
sudo apt install matrix-synapse-py3 | sudo apt install matrix-synapse-py3 | ||
- | During the installation, | + | During the installation, |
**Don' | **Don' | ||
Line 63: | Line 63: | ||
sudo systemctl enable matrix-synapse.service | sudo systemctl enable matrix-synapse.service | ||
- | Synapse is now up and running using the default configuration on port '8008' and '8448'. Check the open ports using netstat command. | + | Synapse is now up and running using the default configuration on port ' |
- | | + | ss -plntu |
- | + | ||
- | #### Set up well.known | + | |
- | + | ||
- | On your webserver a file at '' | + | |
- | + | ||
- | < | + | |
- | { | + | |
- | " | + | |
- | } | + | |
- | </ | + | |
- | + | ||
- | Where ''/'' | + | |
- | + | ||
- | #### Set up SRV | + | |
- | + | ||
- | By setting an SRV record in your DNS provider, it is possible to tell other matrix servers where to connect to the server, pointing them to the correct hostname and port, in this example the default port (8448) is still used: | + | |
- | + | ||
- | < | + | |
- | _matrix._tcp.example.com. 3600 IN SRV 10 5 443 synapse.example.com. | + | |
- | </ | + | |
- | + | ||
- | There is still an A record needed, pointing to the IP-addess of synapse on the subdomain (matrix.example.com). This way others can add your user with '' | + | |
### Step 3 - Configure Synapse | ### Step 3 - Configure Synapse | ||
Line 131: | Line 109: | ||
Check the homeserver service with the following command | Check the homeserver service with the following command | ||
- | | + | ss -plntu |
You will get the Synapse service is now on the local IP address. And we have completed the Synapse installation and configuration. | You will get the Synapse service is now on the local IP address. And we have completed the Synapse installation and configuration. | ||
Line 148: | Line 126: | ||
sudo add-apt-repository ppa: | sudo add-apt-repository ppa: | ||
- | sudo apt-get install certbot | + | sudo apt-get install certbot |
- | Generate the SSL certificate files for the matrix domain name '' | + | Generate the SSL certificate files for the matrix domain name '' |
sudo certbot --nginx | sudo certbot --nginx | ||
- | The Letsencrypt tool will generate SSL certificate files by running the ' | + | The Letsencrypt tool will generate SSL certificate files by running the ' |
< | < | ||
Line 161: | Line 139: | ||
Obtaining a new certificate | Obtaining a new certificate | ||
Performing the following challenges: | Performing the following challenges: | ||
- | http-01 challenge for example.com | + | http-01 challenge for homeserver.example |
Waiting for verification... | Waiting for verification... | ||
Cleaning up challenges | Cleaning up challenges | ||
Line 167: | Line 145: | ||
IMPORTANT NOTES: | IMPORTANT NOTES: | ||
- Congratulations! Your certificate and chain have been saved at: | - Congratulations! Your certificate and chain have been saved at: | ||
- | / | + | / |
Your key file has been saved at: | Your key file has been saved at: | ||
- | / | + | / |
Your cert will expire on 2019-03-03. To obtain a new or tweaked | Your cert will expire on 2019-03-03. To obtain a new or tweaked | ||
| | ||
Line 200: | Line 178: | ||
sudo systemctl enable nginx.service | sudo systemctl enable nginx.service | ||
- | Next, we will create a new virtual host configuration for the domain name '' | + | Next, we will create a new virtual host configuration for the domain name '' |
< | < | ||
- | Paste the following configuration there, changing the domain '' | + | Paste the following configuration there, changing the domain '' |
< | < | ||
server { | server { | ||
| | ||
- | | + | |
| | ||
} | } | ||
Line 216: | Line 194: | ||
listen 443 ssl; | listen 443 ssl; | ||
listen [::]:443 ssl; | listen [::]:443 ssl; | ||
- | server_name | + | server_name |
- | ssl_certificate / | + | ssl_certificate / |
- | ssl_certificate_key / | + | ssl_certificate_key / |
# If you don't wanna serve a site, comment this out | # If you don't wanna serve a site, comment this out | ||
Line 230: | Line 208: | ||
} | } | ||
location / | location / | ||
- | return 200 ' | + | return 200 ' |
add_header Content-Type application/ | add_header Content-Type application/ | ||
} | } | ||
location / | location / | ||
- | return 200 ' | + | return 200 ' |
add_header Content-Type application/ | add_header Content-Type application/ | ||
add_header " | add_header " | ||
Line 263: | Line 241: | ||
Nginx installation and configuration as a reverse proxy for the Synapse homeserver has been completed. | Nginx installation and configuration as a reverse proxy for the Synapse homeserver has been completed. | ||
+ | |||
+ | #### Set up .well-known | ||
+ | |||
+ | On your webserver a file at '' | ||
+ | |||
+ | < | ||
+ | { | ||
+ | " | ||
+ | } | ||
+ | </ | ||
+ | |||
+ | Where ''/'' | ||
### (Optional) Step 6 - PostgreSQL instead of sqlite | ### (Optional) Step 6 - PostgreSQL instead of sqlite | ||
Line 301: | Line 291: | ||
* '' | * '' | ||
- | * '' | + | * '' |
* '' | * '' | ||
Line 316: | Line 306: | ||
### Step 7 - Setup UFW Firewall | ### Step 7 - Setup UFW Firewall | ||
- | Open the needed ports for our services. We will only allow SSH, HTTP, HTTPS and 8448 (for federation) | + | Open the needed ports for our services. We will only allow SSH, HTTP, and HTTPS connection on the UFW firewall configuration. To add them to the UFW firewall configuration, |
sudo ufw allow ssh | sudo ufw allow ssh | ||
sudo ufw allow http | sudo ufw allow http | ||
sudo ufw allow https | sudo ufw allow https | ||
- | sudo ufw allow 8448 | ||
Now enable the UFW firewall service and then check the status. | Now enable the UFW firewall service and then check the status. | ||
Line 338: | Line 327: | ||
### Step 9 - Testing | ### Step 9 - Testing | ||
- | If you have used Riot with the desktop application before you may not want to log out, so it is better to go to [[https:// | + | If you have used Riot with the desktop application before you may not want to log out, so it is better to go to [[https:// |
The Synapse homeserver is up and running under the Nginx reverse proxy HTTPS connection, and the user is now logged in to the Synapse homeserver using the Riot application. | The Synapse homeserver is up and running under the Nginx reverse proxy HTTPS connection, and the user is now logged in to the Synapse homeserver using the Riot application. | ||
Line 344: | Line 333: | ||
If you need two instances of riot instead, you can start it with argument, refer to [[digital: | If you need two instances of riot instead, you can start it with argument, refer to [[digital: | ||
- | For another way to test it, go to '' | + | For another way to test it, go to '' |
<code xml> | <code xml> | ||
Line 366: | Line 355: | ||
### Presence | ### Presence | ||
- | Unfortunately presence is right now broken and generates a high load. It is possible to deactivate it, but the user avatars will be grey afterwards on the homeserver. To deactivate, open '' | + | Unfortunately presence is right now broken and generates a high load. Until this issue https:// |
< | < | ||
+ | |||
+ | and add | ||
'' | '' | ||
Line 420: | Line 411: | ||
If your need help, get as much information as possible ([[# | If your need help, get as much information as possible ([[# | ||
+ | |||
+ | ### Problems with sending pictures | ||
+ | |||
+ | Open the '' | ||
+ | |||
+ | |||
+ | < | ||
+ | http{ | ||
+ | ... | ||
+ | | ||
+ | ... | ||
+ | } | ||
+ | </ | ||
+ | |||
### Whats my version | ### Whats my version | ||
- | * https://example.com/ | + | * https://homeserver.example/ |
### Location of logs | ### Location of logs | ||
Line 475: | Line 480: | ||
For feedback about this guide or tips on how to improve it visit https:// | For feedback about this guide or tips on how to improve it visit https:// | ||
- |