Differences

This shows you the differences between two versions of the page.

--- howto:matrix-protocol [2026/03/19 07:51] – vidak
+++ howto:matrix-protocol [2026/03/19 07:59] (current) – vidak
@@ Line 33: / Line 33: @@
 I will migrate it to a separate container later. The trick is that the port is exposed within the proxmox environment, so it should be no different than changing the hostname from something like `localhost` to `matrix-db.pluto.sks.lan` etc.
+Follow this [guide](https://matrix-org.github.io/synapse/latest/postgres.html).
+## 5. Final homeserver.yaml configuration.
+```
+root@matrix:~# cat /etc/matrix-synapse/homeserver.yaml
+```
+```
+# Configuration file for Synapse.
+#
+# This is set in /etc/matrix-synapse/conf.d/server_name.yaml for Debian installations.
+# server_name: "SERVERNAME"
+pid_file: "/var/run/matrix-synapse.pid"
+listeners:
+  - port: 8008
+    resources:
+    - compress: false
+      names:
+      - client
+      - federation
+      - media
+      - metrics
+      - static
+      - health
+    tls: false
+    type: http
+    x_forwarded: true
+database:
+  name: psycopg2
+  args:
+    user: XXXXXXXXXXXXXXX
+    password: XXXXXXXXXXXXXXXXX
+    dbname: XXXXXXXXXXXXXXXXX
+    host: localhost
+    cp_min: 5
+    cp_max: 10
+log_config: "/etc/matrix-synapse/log.yaml"
+media_store_path: /var/lib/matrix-synapse/media
+signing_key_path: "/etc/matrix-synapse/homeserver.signing.key"
+trusted_key_servers:
+  - server_name: "matrix.org"
+macaroon_secret_key: "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+public_baseurl: "https://solarpunk.au/"
+serve_server_wellknown: true
+enable_registration: true
+enable_registration_without_verification: true
+registrations_require_3pid:
+  - email
+registration_shared_secret: "XXXXXXXXXXXXXXXXXXX"
+allow_public_rooms_over_federation: true
+web_client_location: "https://app.element.io/"
+allow_public_rooms_without_auth: true
+admin_contact: 'mailto:vidak@member.fsf.org'
+max_upload_size: 100M
+email:
+  smtp_host: "mail.riseup.net"
+  smtp_port: 465
+  smtp_user: "XXXXXXXXXXXXXXXXXXXXXXXXx"
+  smtp_pass: "XXXXXXXXXXXXXX"
+  require_transport_security: true
+  enable_tls: true
+  force_tls: true
+  notif_from: "Your Friendly %(app)s homeserver <moraleconomyinitiative@riseup.net>"
+  app_name: "solarpunk.au matrix server"
+  enable_notifs: true
+  notif_for_new_users: false
+  validation_token_lifetime: 15m
+  invite_client_location: https://app.element.io
+  subjects:
+    message_from_person_in_room: "[%(app)s] You have a message on %(app)s from %(person)s in the %(room)s room..."
+    message_from_person: "[%(app)s] You have a message on %(app)s from %(person)s..."
+    messages_from_person: "[%(app)s] You have messages on %(app)s from %(person)s..."
+    messages_in_room: "[%(app)s] You have messages on %(app)s in the %(room)s room..."
+    messages_in_room_and_others: "[%(app)s] You have messages on %(app)s in the %(room)s room and others..."
+    messages_from_person_and_others: "[%(app)s] You have messages on %(app)s from %(person)s and others..."
+    invite_from_person_to_room: "[%(app)s] %(person)s has invited you to join the %(room)s room on %(app)s..."
+    invite_from_person: "[%(app)s] %(person)s has invited you to chat on %(app)s..."
+    password_reset: "[%(server_name)s] Password reset"
+    email_validation: "[%(server_name)s] Validate your email"
+```
+## Final NGINX configuration
+```
+vidak@nginx:~$ cat /etc/nginx/sites-enabled/default
+```
+```
+# Default server configuration
+#
+server {
+        root /var/www/html;
+        # Add index.php to the list if you are using PHP
+        index index.html index.htm index.nginx-debian.html;
+        server_name solarpunk.au;
+    listen [::]:443 ssl; # managed by Certbot
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/solarpunk.au/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/solarpunk.au/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+    listen 8448 ssl default_server;
+    listen [::]:8448 ssl default_server;
+    location ~ ^(/_matrix|/_synapse/client) {
+        # note: do not add a path (even a single /) after the port in `proxy_pass`,
+        # otherwise nginx will canonicalise the URI and cause signature verification
+        # errors.
+        proxy_pass http://matrix.pluto.sks.lan:8008;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Host $host:$server_port;
+        # Nginx by default only allows file uploads up to 1M in size
+        # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
+        client_max_body_size 100M;
+    # Synapse responses may be chunked, which is an HTTP/1.1 feature.
+    proxy_http_version 1.1;
+    }
+location /.well-known/matrix/client {
+    return 200 '{"m.homeserver": {"base_url": "https://solarpunk.au"}}';
+    default_type application/json;
+    add_header Access-Control-Allow-Origin *;
+}
+location /.well-known/matrix/server {
+        return 200 '{"m.server": "solarpunk.au:443"}';
+        default_type application/json;
+        add_header Access-Control-Allow-Origin *;
+    }
+}
+server {
+    if ($host = solarpunk.au) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+        listen 80 default_server;
+        listen [::]:80 default_server;
+        server_name solarpunk.au;
+    return 404; # managed by Certbot
-Follow this [guide](https://matrix-org.github.io/synapse/latest/postgres.html).
+}
+```

SKSLAN Wiki

User Tools

Differences