User Tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
howto:matrix-protocol [2026/03/19 07:41] – created vidakhowto:matrix-protocol [2026/03/19 07:59] (current) vidak
Line 1: Line 1:
 <!DOCTYPE markdown> <!DOCTYPE markdown>
  
-1. Set your DNS records. +# How I Installed matrix-synapse 
-2. + 
 +## 1. Set your DNS records. 
 + 
 +## 2. Spin up a beefy container. 
 + 
 + - RAM: 4 GiB 
 + - Swap: 8 GiB 
 + - Cores: 4 
 + - Root disk space: 180 GiB 
 + 
 +## 3. Install matrix-synapse stable. 
 + 
 +Follow this [guide](https://matrix-org.github.io/synapse/latest/setup/installation.html#debianubuntu). 
 + 
 +I found the trickiest bit to be installing the matrix-synapse repositories, which is not very tricky. 
 + 
 +``` 
 +sudo apt install -y lsb-release wget apt-transport-https 
 +sudo wget -O /usr/share/keyrings/matrix-org-archive-keyring.gpg https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg 
 +echo "deb [signed-by=/usr/share/keyrings/matrix-org-archive-keyring.gpg] https://packages.matrix.org/debian/ $(lsb_release -cs) main" | 
 +    sudo tee /etc/apt/sources.list.d/matrix-org.list 
 +sudo apt update 
 +sudo apt install matrix-synapse-py3 
 +``` 
 + 
 +## 4. Install Postgresql. 
 + 
 +They said not to use SQLite in production, so I installed Postgresql inside the server container. 
 + 
 +I will migrate it to a separate container later. The trick is that the port is exposed within the proxmox environment, so it should be no different than changing the hostname from something like `localhost` to `matrix-db.pluto.sks.lan` etc. 
 + 
 +Follow this [guide](https://matrix-org.github.io/synapse/latest/postgres.html). 
 + 
 +## 5. Final homeserver.yaml configuration. 
 + 
 +``` 
 +root@matrix:~# cat /etc/matrix-synapse/homeserver.yaml  
 +``` 
 + 
 +``` 
 +# Configuration file for Synapse. 
 +
 +# This is set in /etc/matrix-synapse/conf.d/server_name.yaml for Debian installations. 
 +# server_name: "SERVERNAME" 
 + 
 +pid_file: "/var/run/matrix-synapse.pid" 
 +listeners: 
 +  - port: 8008 
 +    resources: 
 +    - compress: false 
 +      names: 
 +      - client 
 +      - federation 
 +      - media 
 +      - metrics 
 +      - static 
 +      - health 
 +    tls: false 
 +    type: http 
 +    x_forwarded: true 
 +database: 
 +  name: psycopg2 
 +  args: 
 +    user: XXXXXXXXXXXXXXX 
 +    password: XXXXXXXXXXXXXXXXX 
 +    dbname: XXXXXXXXXXXXXXXXX 
 +    host: localhost 
 +    cp_min: 5 
 +    cp_max: 10 
 +log_config: "/etc/matrix-synapse/log.yaml" 
 +media_store_path: /var/lib/matrix-synapse/media 
 +signing_key_path: "/etc/matrix-synapse/homeserver.signing.key" 
 +trusted_key_servers: 
 +  - server_name: "matrix.org" 
 +macaroon_secret_key: "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" 
 +public_baseurl: "https://solarpunk.au/" 
 +serve_server_wellknown: true 
 +enable_registration: true 
 +enable_registration_without_verification: true 
 +registrations_require_3pid: 
 +  - email 
 +registration_shared_secret: "XXXXXXXXXXXXXXXXXXX" 
 +allow_public_rooms_over_federation: true 
 +web_client_location: "https://app.element.io/" 
 +allow_public_rooms_without_auth: true 
 +admin_contact: 'mailto:vidak@member.fsf.org' 
 +max_upload_size: 100M 
 + 
 +email: 
 +  smtp_host: "mail.riseup.net" 
 +  smtp_port: 465 
 +  smtp_user: "XXXXXXXXXXXXXXXXXXXXXXXXx" 
 +  smtp_pass: "XXXXXXXXXXXXXX" 
 +  require_transport_security: true 
 +  enable_tls: true 
 +  force_tls: true 
 +  notif_from: "Your Friendly %(app)s homeserver <moraleconomyinitiative@riseup.net>" 
 +  app_name: "solarpunk.au matrix server" 
 +  enable_notifs: true 
 +  notif_for_new_users: false 
 +  validation_token_lifetime: 15m 
 +  invite_client_location: https://app.element.io 
 + 
 +  subjects: 
 +    message_from_person_in_room: "[%(app)s] You have a message on %(app)s from %(person)s in the %(room)s room..." 
 +    message_from_person: "[%(app)s] You have a message on %(app)s from %(person)s..." 
 +    messages_from_person: "[%(app)s] You have messages on %(app)s from %(person)s..." 
 +    messages_in_room: "[%(app)s] You have messages on %(app)s in the %(room)s room..." 
 +    messages_in_room_and_others: "[%(app)s] You have messages on %(app)s in the %(room)s room and others..." 
 +    messages_from_person_and_others: "[%(app)s] You have messages on %(app)s from %(person)s and others..." 
 +    invite_from_person_to_room: "[%(app)s] %(person)s has invited you to join the %(room)s room on %(app)s..." 
 +    invite_from_person: "[%(app)s] %(person)s has invited you to chat on %(app)s..." 
 +    password_reset: "[%(server_name)s] Password reset" 
 +    email_validation: "[%(server_name)s] Validate your email" 
 +``` 
 + 
 +## Final NGINX configuration 
 + 
 +``` 
 +vidak@nginx:~$ cat /etc/nginx/sites-enabled/default  
 +``` 
 + 
 +``` 
 +# Default server configuration 
 +
 +server { 
 + 
 +        root /var/www/html; 
 + 
 +        # Add index.php to the list if you are using PHP 
 +        index index.html index.htm index.nginx-debian.html; 
 + 
 +        server_name solarpunk.au; 
 + 
 +    listen [::]:443 ssl; # managed by Certbot 
 +    listen 443 ssl; # managed by Certbot 
 +    ssl_certificate /etc/letsencrypt/live/solarpunk.au/fullchain.pem; # managed by Certbot 
 +    ssl_certificate_key /etc/letsencrypt/live/solarpunk.au/privkey.pem; # managed by Certbot 
 +    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot 
 +    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot 
 + 
 +    listen 8448 ssl default_server; 
 +    listen [::]:8448 ssl default_server; 
 + 
 +    location ~ ^(/_matrix|/_synapse/client) { 
 +        # note: do not add a path (even a single /) after the port in `proxy_pass`, 
 +        # otherwise nginx will canonicalise the URI and cause signature verification 
 +        # errors. 
 +        proxy_pass http://matrix.pluto.sks.lan:8008; 
 +        proxy_set_header X-Forwarded-For $remote_addr; 
 +        proxy_set_header X-Forwarded-Proto $scheme; 
 +        proxy_set_header Host $host:$server_port; 
 + 
 +        # Nginx by default only allows file uploads up to 1M in size 
 +        # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml 
 +        client_max_body_size 100M; 
 +     
 +    # Synapse responses may be chunked, which is an HTTP/1.1 feature. 
 +    proxy_http_version 1.1; 
 +    } 
 + 
 +location /.well-known/matrix/client { 
 +    return 200 '{"m.homeserver": {"base_url": "https://solarpunk.au"}}'; 
 +    default_type application/json; 
 +    add_header Access-Control-Allow-Origin *; 
 +
 + 
 +location /.well-known/matrix/server { 
 +        return 200 '{"m.server": "solarpunk.au:443"}'; 
 +        default_type application/json; 
 +        add_header Access-Control-Allow-Origin *; 
 +    } 
 + 
 + 
 +
 + 
 +server { 
 +    if ($host = solarpunk.au) { 
 +        return 301 https://$host$request_uri; 
 +    } # managed by Certbot 
 + 
 + 
 +        listen 80 default_server; 
 +        listen [::]:80 default_server; 
 + 
 +        server_name solarpunk.au; 
 +    return 404; # managed by Certbot 
 + 
 + 
 +
 +``` 

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also, you acknowledge that you have read and understand our Privacy Policy. If you do not agree, please leave the website.

More information