meta data for this page
Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
digital:server:matrixsynapse [2020/06/17 18:39] natrius [Step 2 - Install Synapse] - deleted src |
digital:server:matrixsynapse [2022/01/14 00:15] (current) natrius riot -> element; minor rewrite of Step 9 |
||
---|---|---|---|
Line 1: | Line 1: | ||
# Matrix Synapse | # Matrix Synapse | ||
- | [[https:// | + | [[https:// |
Synapse is a reference homeserver implementation from the core development team at matrix.org, written in Python/ | Synapse is a reference homeserver implementation from the core development team at matrix.org, written in Python/ | ||
Line 9: | Line 9: | ||
This guide explains one way to setup a Synapse server. There are many other correct ways to setup a Matrix server and that is the reason why there are so many guides. Feel free to choose the guide that suits your setup the best. | This guide explains one way to setup a Synapse server. There are many other correct ways to setup a Matrix server and that is the reason why there are so many guides. Feel free to choose the guide that suits your setup the best. | ||
- | ## How to install Synapse on Ubuntu 18.04 LTS | + | ## How to install Synapse on Ubuntu |
### Prerequisites | ### Prerequisites | ||
Line 52: | Line 52: | ||
sudo apt install matrix-synapse-py3 | sudo apt install matrix-synapse-py3 | ||
- | During the installation, | + | During the installation, |
**Don' | **Don' | ||
Line 63: | Line 63: | ||
sudo systemctl enable matrix-synapse.service | sudo systemctl enable matrix-synapse.service | ||
- | Synapse is now up and running using the default configuration on port '8008' and '8448'. Check the open ports using netstat command. | + | Synapse is now up and running using the default configuration on port ' |
ss -plntu | ss -plntu | ||
- | |||
- | #### Set up well.known | ||
- | |||
- | On your webserver a file at '' | ||
- | |||
- | < | ||
- | { | ||
- | " | ||
- | } | ||
- | </ | ||
- | |||
- | Where ''/'' | ||
### Step 3 - Configure Synapse | ### Step 3 - Configure Synapse | ||
Line 138: | Line 126: | ||
sudo add-apt-repository ppa: | sudo add-apt-repository ppa: | ||
- | sudo apt-get install certbot | + | sudo apt-get install certbot |
- | Generate the SSL certificate files for the matrix domain name '' | + | Generate the SSL certificate files for the matrix domain name '' |
sudo certbot --nginx | sudo certbot --nginx | ||
- | The Letsencrypt tool will generate SSL certificate files by running the ' | + | The Letsencrypt tool will generate SSL certificate files by running the ' |
< | < | ||
Line 151: | Line 139: | ||
Obtaining a new certificate | Obtaining a new certificate | ||
Performing the following challenges: | Performing the following challenges: | ||
- | http-01 challenge for example.com | + | http-01 challenge for homeserver.example |
Waiting for verification... | Waiting for verification... | ||
Cleaning up challenges | Cleaning up challenges | ||
Line 157: | Line 145: | ||
IMPORTANT NOTES: | IMPORTANT NOTES: | ||
- Congratulations! Your certificate and chain have been saved at: | - Congratulations! Your certificate and chain have been saved at: | ||
- | / | + | / |
Your key file has been saved at: | Your key file has been saved at: | ||
- | / | + | / |
Your cert will expire on 2019-03-03. To obtain a new or tweaked | Your cert will expire on 2019-03-03. To obtain a new or tweaked | ||
| | ||
Line 190: | Line 178: | ||
sudo systemctl enable nginx.service | sudo systemctl enable nginx.service | ||
- | Next, we will create a new virtual host configuration for the domain name '' | + | Next, we will create a new virtual host configuration for the domain name '' |
< | < | ||
- | Paste the following configuration there, changing the domain '' | + | Paste the following configuration there, changing the domain '' |
< | < | ||
server { | server { | ||
| | ||
- | | + | |
| | ||
} | } | ||
Line 206: | Line 194: | ||
listen 443 ssl; | listen 443 ssl; | ||
listen [::]:443 ssl; | listen [::]:443 ssl; | ||
- | server_name | + | server_name |
- | ssl_certificate / | + | ssl_certificate / |
- | ssl_certificate_key / | + | ssl_certificate_key / |
# If you don't wanna serve a site, comment this out | # If you don't wanna serve a site, comment this out | ||
Line 220: | Line 208: | ||
} | } | ||
location / | location / | ||
- | return 200 ' | + | return 200 ' |
add_header Content-Type application/ | add_header Content-Type application/ | ||
} | } | ||
location / | location / | ||
- | return 200 ' | + | return 200 ' |
add_header Content-Type application/ | add_header Content-Type application/ | ||
add_header " | add_header " | ||
Line 230: | Line 218: | ||
} | } | ||
</ | </ | ||
- | |||
- | FIXME '' | ||
- | |||
- | FIXME Same for '' | ||
Save and exit. | Save and exit. | ||
Line 253: | Line 237: | ||
Nginx installation and configuration as a reverse proxy for the Synapse homeserver has been completed. | Nginx installation and configuration as a reverse proxy for the Synapse homeserver has been completed. | ||
+ | |||
+ | #### Set up .well-known | ||
+ | |||
+ | On your webserver a file at '' | ||
+ | |||
+ | < | ||
+ | { | ||
+ | " | ||
+ | } | ||
+ | </ | ||
+ | |||
+ | Where ''/'' | ||
### (Optional) Step 6 - PostgreSQL instead of sqlite | ### (Optional) Step 6 - PostgreSQL instead of sqlite | ||
Line 306: | Line 302: | ||
### Step 7 - Setup UFW Firewall | ### Step 7 - Setup UFW Firewall | ||
- | Open the needed ports for our services. We will only allow SSH, HTTP, HTTPS and 8448 (for federation) | + | Open the needed ports for our services. We will only allow SSH, HTTP, and HTTPS connection on the UFW firewall configuration. To add them to the UFW firewall configuration, |
sudo ufw allow ssh | sudo ufw allow ssh | ||
sudo ufw allow http | sudo ufw allow http | ||
sudo ufw allow https | sudo ufw allow https | ||
- | sudo ufw allow 8448 | ||
Now enable the UFW firewall service and then check the status. | Now enable the UFW firewall service and then check the status. | ||
Line 328: | Line 323: | ||
### Step 9 - Testing | ### Step 9 - Testing | ||
- | If you have used Riot with the desktop application before you may not want to log out, so it is better to go to [[https://riot.im/app/]] and press " | + | If you have used Element |
- | The Synapse homeserver is up and running under the Nginx reverse proxy HTTPS connection, and the user is now logged in to the Synapse homeserver using the Riot application. | + | The Synapse homeserver is up and running under the Nginx reverse proxy HTTPS connection, and the user is now logged in to the Synapse homeserver using the Element |
- | If you need two instances of riot instead, you can start it with argument, refer to [[digital: | + | If you need two instances of Element |
- | For another way to test it, go to '' | + | For another way to test it, go to '' |
<code xml> | <code xml> | ||
Line 356: | Line 351: | ||
### Presence | ### Presence | ||
- | Unfortunately presence is right now broken and generates a high load. It is possible to deactivate it, but the user avatars will be grey afterwards on the homeserver. To deactivate, open '' | + | Unfortunately presence is right now broken and generates a high load. Until this issue https:// |
< | < | ||
+ | |||
+ | and add | ||
'' | '' | ||
Line 364: | Line 361: | ||
### Do i need a TURN-Server (ex. COTURN) | ### Do i need a TURN-Server (ex. COTURN) | ||
- | It's only necessary when both parties are behind NAT. Otherwise 1-on-1 communication should work fine. Group-Calls via Riot will be handled with jitsi.riot.im and are not handled by the homeserver. | + | It's only necessary when both parties are behind NAT. Otherwise 1-on-1 communication should work fine. Group-Calls via Element |
### Port 8008 and 8448 | ### Port 8008 and 8448 | ||
Line 410: | Line 407: | ||
If your need help, get as much information as possible ([[# | If your need help, get as much information as possible ([[# | ||
+ | |||
+ | ### Problems with sending pictures | ||
+ | |||
+ | Open the '' | ||
+ | |||
+ | |||
+ | < | ||
+ | http{ | ||
+ | ... | ||
+ | | ||
+ | ... | ||
+ | } | ||
+ | </ | ||
+ | |||
### Whats my version | ### Whats my version | ||
- | * https://example.com/ | + | * https://homeserver.example/ |
### Location of logs | ### Location of logs | ||
Line 465: | Line 476: | ||
For feedback about this guide or tips on how to improve it visit https:// | For feedback about this guide or tips on how to improve it visit https:// | ||
- |