# How I Installed matrix-synapse ## 1. Set your DNS records. ## 2. Spin up a beefy container. - RAM: 4 GiB - Swap: 8 GiB - Cores: 4 - Root disk space: 180 GiB ## 3. Install matrix-synapse stable. Follow this [guide](https://matrix-org.github.io/synapse/latest/setup/installation.html#debianubuntu). I found the trickiest bit to be installing the matrix-synapse repositories, which is not very tricky. ``` sudo apt install -y lsb-release wget apt-transport-https sudo wget -O /usr/share/keyrings/matrix-org-archive-keyring.gpg https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg echo "deb [signed-by=/usr/share/keyrings/matrix-org-archive-keyring.gpg] https://packages.matrix.org/debian/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/matrix-org.list sudo apt update sudo apt install matrix-synapse-py3 ``` ## 4. Install Postgresql. They said not to use SQLite in production, so I installed Postgresql inside the server container. I will migrate it to a separate container later. The trick is that the port is exposed within the proxmox environment, so it should be no different than changing the hostname from something like `localhost` to `matrix-db.pluto.sks.lan` etc. Follow this [guide](https://matrix-org.github.io/synapse/latest/postgres.html). ## 5. Final homeserver.yaml configuration. ``` root@matrix:~# cat /etc/matrix-synapse/homeserver.yaml ``` ``` # Configuration file for Synapse. # # This is set in /etc/matrix-synapse/conf.d/server_name.yaml for Debian installations. # server_name: "SERVERNAME" pid_file: "/var/run/matrix-synapse.pid" listeners: - port: 8008 resources: - compress: false names: - client - federation - media - metrics - static - health tls: false type: http x_forwarded: true database: name: psycopg2 args: user: XXXXXXXXXXXXXXX password: XXXXXXXXXXXXXXXXX dbname: XXXXXXXXXXXXXXXXX host: localhost cp_min: 5 cp_max: 10 log_config: "/etc/matrix-synapse/log.yaml" media_store_path: /var/lib/matrix-synapse/media signing_key_path: "/etc/matrix-synapse/homeserver.signing.key" trusted_key_servers: - server_name: "matrix.org" macaroon_secret_key: "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" public_baseurl: "https://solarpunk.au/" serve_server_wellknown: true enable_registration: true enable_registration_without_verification: true registrations_require_3pid: - email registration_shared_secret: "XXXXXXXXXXXXXXXXXXX" allow_public_rooms_over_federation: true web_client_location: "https://app.element.io/" allow_public_rooms_without_auth: true admin_contact: 'mailto:vidak@member.fsf.org' max_upload_size: 100M email: smtp_host: "mail.riseup.net" smtp_port: 465 smtp_user: "XXXXXXXXXXXXXXXXXXXXXXXXx" smtp_pass: "XXXXXXXXXXXXXX" require_transport_security: true enable_tls: true force_tls: true notif_from: "Your Friendly %(app)s homeserver " app_name: "solarpunk.au matrix server" enable_notifs: true notif_for_new_users: false validation_token_lifetime: 15m invite_client_location: https://app.element.io subjects: message_from_person_in_room: "[%(app)s] You have a message on %(app)s from %(person)s in the %(room)s room..." message_from_person: "[%(app)s] You have a message on %(app)s from %(person)s..." messages_from_person: "[%(app)s] You have messages on %(app)s from %(person)s..." messages_in_room: "[%(app)s] You have messages on %(app)s in the %(room)s room..." messages_in_room_and_others: "[%(app)s] You have messages on %(app)s in the %(room)s room and others..." messages_from_person_and_others: "[%(app)s] You have messages on %(app)s from %(person)s and others..." invite_from_person_to_room: "[%(app)s] %(person)s has invited you to join the %(room)s room on %(app)s..." invite_from_person: "[%(app)s] %(person)s has invited you to chat on %(app)s..." password_reset: "[%(server_name)s] Password reset" email_validation: "[%(server_name)s] Validate your email" ``` ## Final NGINX configuration ``` vidak@nginx:~$ cat /etc/nginx/sites-enabled/default ``` ``` # Default server configuration # server { root /var/www/html; # Add index.php to the list if you are using PHP index index.html index.htm index.nginx-debian.html; server_name solarpunk.au; listen [::]:443 ssl; # managed by Certbot listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/solarpunk.au/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/solarpunk.au/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot listen 8448 ssl default_server; listen [::]:8448 ssl default_server; location ~ ^(/_matrix|/_synapse/client) { # note: do not add a path (even a single /) after the port in `proxy_pass`, # otherwise nginx will canonicalise the URI and cause signature verification # errors. proxy_pass http://matrix.pluto.sks.lan:8008; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host:$server_port; # Nginx by default only allows file uploads up to 1M in size # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml client_max_body_size 100M; # Synapse responses may be chunked, which is an HTTP/1.1 feature. proxy_http_version 1.1; } location /.well-known/matrix/client { return 200 '{"m.homeserver": {"base_url": "https://solarpunk.au"}}'; default_type application/json; add_header Access-Control-Allow-Origin *; } location /.well-known/matrix/server { return 200 '{"m.server": "solarpunk.au:443"}'; default_type application/json; add_header Access-Control-Allow-Origin *; } } server { if ($host = solarpunk.au) { return 301 https://$host$request_uri; } # managed by Certbot listen 80 default_server; listen [::]:80 default_server; server_name solarpunk.au; return 404; # managed by Certbot } ```