Difference between revisions of "Matrix-server"

From SME Server
Jump to navigationJump to search
(Created page with "{{Languages}} <!-- here we define the contrib name variable --> <!-- we get the page title, remove suffix for translated version; if needed you can define there with the value...")
 
 
(7 intermediate revisions by 2 users not shown)
Line 16: Line 16:
 
|tags=File,this,with,a,list,of,tags
 
|tags=File,this,with,a,list,of,tags
 
}}
 
}}
 
+
<blockquote style="float: right;">[[File:Matrix logo.svg|250px]]</blockquote><br>
 
===Maintainer===
 
===Maintainer===
 
[[User:reetp|John Crisp]]  
 
[[User:reetp|John Crisp]]  
Line 55: Line 55:
 
  config set matrix service access public status enabled TCPPort 8448
 
  config set matrix service access public status enabled TCPPort 8448
  
 +
Set up a domain.
 +
 +
db domains set matrix.mydomain.net domain\
 +
    Content Primary\
 +
    Description Matrix\
 +
    Nameservers localhost\
 +
    TemplatePath ProxyPassVirtualMatrix\
 +
    letsencryptSSLcert enabled
  
 
===Apache===
 
===Apache===
 +
 +
Note to self - this looks good inormation
 +
 +
https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/examples/apache/matrix-synapse.conf
  
 
  mkdir -p /etc/e-smith/templates/etc/httpd/conf/httpd.conf/ProxyPassVirtualMatrix
 
  mkdir -p /etc/e-smith/templates/etc/httpd/conf/httpd.conf/ProxyPassVirtualMatrix
Line 69: Line 81:
 
  $OUT .=<<_EVERYWHERE;
 
  $OUT .=<<_EVERYWHERE;
 
  <VirtualHost 0.0.0.0:80>
 
  <VirtualHost 0.0.0.0:80>
     ServerName matrix.sovereigninsignia.com
+
     ServerName matrix.mydomain.net
 
     DocumentRoot /home/e-smith/files/ibays/Primary/html
 
     DocumentRoot /home/e-smith/files/ibays/Primary/html
 
     RewriteEngine on
 
     RewriteEngine on
Line 79: Line 91:
 
   
 
   
 
  $OUT .=<<_THERE;
 
  $OUT .=<<_THERE;
 +
Listen 8448
 
  <VirtualHost 0.0.0.0:8448>
 
  <VirtualHost 0.0.0.0:8448>
 
     SSLEngine on
 
     SSLEngine on
     ServerName matrix.sovereigninsignia.com
+
     ServerName matrix.mydomain.net
 
     RequestHeader set "X-Forwarded-Proto" "https"
 
     RequestHeader set "X-Forwarded-Proto" "https"
 
     AllowEncodedSlashes NoDecode
 
     AllowEncodedSlashes NoDecode
Line 94: Line 107:
 
  <VirtualHost 0.0.0.0:443>
 
  <VirtualHost 0.0.0.0:443>
 
     SSLEngine on
 
     SSLEngine on
     ServerName matrix.sovereigninsignia.com
+
     ServerName matrix.mydomain.net
 
     ProxyPass /.well-known/acme-challenge/ !
 
     ProxyPass /.well-known/acme-challenge/ !
 
     DocumentRoot /home/e-smith/files/ibays/Primary/html
 
     DocumentRoot /home/e-smith/files/ibays/Primary/html
Line 115: Line 128:
 
  }
 
  }
  
 +
Check you have access to .acme-challenge/well-known and get your letsencrypt certificate.
  
 +
nano /home/e-smith/files/docker/configs/docker-compose.yml
  
/home/e-smith/files/docker/configs/docker-compose.yml
+
Paste this:
  
 
  version: '2.3'
 
  version: '2.3'
 
  services:
 
  services:
  element:
+
# Hmmm - desktop app should not be run on the same server as matrix
    image: vectorim/element-web:latest
+
# https://hub.docker.com/r/vectorim/element-web/
    restart: unless-stopped
+
# element:
    volumes:
+
image: vectorim/element-web:latest
      - ./element-config.json:/app/config.json
+
restart: unless-stopped
 +
volumes:
 +
#    - ./element-config.json:/app/config.json
 
   synapse:
 
   synapse:
 
     container_name: synapse
 
     container_name: synapse
Line 133: Line 150:
 
       - ./data:/data
 
       - ./data:/data
 
     environment:
 
     environment:
         SYNAPSE_SERVER_NAME: "matrix.sovereigninsignia.com"
+
         SYNAPSE_SERVER_NAME: "matrix.mydomain.net"
 
         SYNAPSE_REPORT_STATS: "yes"
 
         SYNAPSE_REPORT_STATS: "yes"
 
     ports:
 
     ports:
Line 178: Line 195:
  
 
  nano /home/e-smith/files/docker/configs/data/homeserver.yaml
 
  nano /home/e-smith/files/docker/configs/data/homeserver.yaml
 
  
 
=== Configuration ===
 
=== Configuration ===

Latest revision as of 15:20, 16 February 2023




matrix-server
NeedImage.svg
matrix-server logo
Maintainermaintainer
Urlhttps://wiki.koozali.org
Category

Category you want

Tags Filethiswithalistoftags


Matrix logo.svg


Maintainer

John Crisp

Status

Warning.png Work in Progress:
This page is a Work in Progress. The contents off this page may be in flux, please have a look at this page history the to see list of changes.


23/02/2023 This is a work in progress and not yet complete

Version

smeserver-matrix-server
The latest version of smeserver-matrix-server is available in the SME repository, click on the version number(s) for more information.


matrix-server
The latest version of matrix-server is available in the SME repository, click on the version number(s) for more information.


Description

An open network for secure, decentralized communication Matrix is an open source project that publishes the Matrix open standard for secure, decentralised, real-time communication, and its Apache licensed reference implementations. Maintained by the non-profit Matrix.org Foundation, we aim to create an open platform which is as independent, vibrant and evolving as the Web itself... but for communication. As of June 2019, Matrix is out of beta, and the protocol is fully suitable for production usage.

Installation

yum --enablerepo=smecontribs install smeserver-matrix-server

This installation depends on docker

https://wiki.koozali.org/Docker

These are how I did it manually.

mkdir -p /home/e-smith/files/docker/configs/data

Needs a fix. Need to check what docker assigns as user:group id

chmod 0777 /home/e-smith/files/docker/configs/data

This will open the port for federation:

config set matrix service access public status enabled TCPPort 8448

Set up a domain.

db domains set matrix.mydomain.net domain\
   Content Primary\
   Description Matrix\
   Nameservers localhost\
   TemplatePath ProxyPassVirtualMatrix\
   letsencryptSSLcert enabled

Apache

Note to self - this looks good inormation

https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/examples/apache/matrix-synapse.conf

mkdir -p /etc/e-smith/templates/etc/httpd/conf/httpd.conf/ProxyPassVirtualMatrix
touch template-begin
touch template-end
nano ProxyPassContent

Paste

{
if ($port eq "$httpPort") {
$OUT .=<<_EVERYWHERE;
<VirtualHost 0.0.0.0:80>
   ServerName matrix.mydomain.net
   DocumentRoot /home/e-smith/files/ibays/Primary/html
   RewriteEngine on
   RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.*
   RewriteRule ^/.well-known/acme-challenge(/.*|\$) https://%{HTTP_HOST}/.well-known/acme-challenge\$1 [L,R]
   RewriteRule ^/(.*|\$) https://%{HTTP_HOST}/\$1 [L,R]
</VirtualHost>
_EVERYWHERE

$OUT .=<<_THERE;

Listen 8448

<VirtualHost 0.0.0.0:8448>
   SSLEngine on
   ServerName matrix.mydomain.net
   RequestHeader set "X-Forwarded-Proto" "https"
   AllowEncodedSlashes NoDecode
   ProxyPass /_matrix http://127.0.0.1:8008/_matrix nocanon
   ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix
</VirtualHost>
_THERE
}

if ($port eq "$httpsPort"){ 
$OUT .=<<_HERE;
<VirtualHost 0.0.0.0:443>
   SSLEngine on
   ServerName matrix.mydomain.net
   ProxyPass /.well-known/acme-challenge/ !
   DocumentRoot /home/e-smith/files/ibays/Primary/html
   RequestHeader set "X-Forwarded-Proto" "https"
   AllowEncodedSlashes NoDecode
   ProxyPreserveHost on
   ProxyPass /_matrix http://127.0.0.1:8008/_matrix nocanon
   ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix
   ProxyPass /_synapse/client http://127.0.0.1:8008/_synapse/client nocanon
   ProxyPassReverse /_synapse/client http://127.0.0.1:8008/_synapse/client
   <Location />
       Require all granted
   </Location>
   <Location /.well-known/acme-challenge/>
       Require all granted
   </Location>
</VirtualHost>
_HERE
}
}

Check you have access to .acme-challenge/well-known and get your letsencrypt certificate.

nano /home/e-smith/files/docker/configs/docker-compose.yml

Paste this:

version: '2.3'
services:
# Hmmm - desktop app should not be run on the same server as matrix
# https://hub.docker.com/r/vectorim/element-web/
# element:
#   image: vectorim/element-web:latest
#   restart: unless-stopped
#   volumes:
#     - ./element-config.json:/app/config.json
 synapse:
   container_name: synapse
   image: matrixdotorg/synapse:latest
   restart: unless-stopped
   volumes:
     - ./data:/data
   environment:
       SYNAPSE_SERVER_NAME: "matrix.mydomain.net"
       SYNAPSE_REPORT_STATS: "yes"
   ports:
     - 8008:8008
    # This may vary - need to think abut this
    user: 991:991

# Experimental
# This
#    network_mode: "host"
# Or
#    networks: ["server"]
#networks:
#    server:
#        external: true
# However it may fixing the internal docker network and adding to 'LocalNetworks'
# to allow local DNS lookups etc
nano /home/e-smith/files/docker/configs/element-config.json

Paste this content: https://develop.element.io/config.json

Remove "default_server_name": "matrix.org" from element-config.json

Paste this at the top of the file using your server name:

   "default_server_config": {
       "m.homeserver": {
           "base_url": "https://matrix.example.com",
           "server_name": "matrix.example.com"
       },
       "m.identity_server": {
           "base_url": "https://vector.im"
       }
   },


Generate synapse config:

docker-compose run --rm synapse generate

Do we need to edit the server name here? Check.

nano /home/e-smith/files/docker/configs/data/homeserver.yaml

Configuration

you can list the available configuration with the following command :

config show matrix

Some of the properties are not shown, but are defaulted in a template or a script. Here a more comprehensive list with default and expected values :

property default values
DbName matrix string for postgresql docker db
DbPassword GENERATED string for mysql db
DbUser none string for mysql db
access private private, public
TCPPort 8448 variable
status enabled enabled,disabled


Add Users

docker exec -it synapse bash
register_new_matrix_user -c /data/homeserver.yaml http://localhost:8008

For an admin user

register_new_matrix_user -a -c /data/homeserver.yaml http://localhost:8008

https://manpages.debian.org/testing/matrix-synapse/register_new_matrix_user.1.en.html

Update user password with postgresql

docker exec -it synapse /usr/local/bin/hash_password -c /data/homeserver.yaml
UPDATE users SET password_hash = '<password-hash>' WHERE name = '@someone:server.com'

where <password-hash> is the hash returned by the docker command above


Alternative compose file

https://cyberhost.uk/element-matrix-setup/

docker network create --driver=bridge --subnet=10.10.10.0/24 --gateway=10.10.10.1 matrix_net

version: '2.3' services:

 postgres:
   image: postgres:14
   restart: unless-stopped
   networks:
     default:
       ipv4_address: 10.10.10.2
   volumes:
    - ./postgresdata:/var/lib/postgresql/data
   # These will be used in homeserver.yaml later on
   environment:
    - POSTGRES_DB=synapse
    - POSTGRES_USER=synapse
    - POSTGRES_PASSWORD=STRONGPASSWORD
    
 element:
   image: vectorim/element-web:latest
   restart: unless-stopped
   volumes:
     - ./element-config.json:/app/config.json
   networks:
     default:
       ipv4_address: 10.10.10.3
        
 synapse:
   image: matrixdotorg/synapse:latest
   restart: unless-stopped
   networks:
     default:
       ipv4_address: 10.10.10.4
   volumes:
    - ./synapse:/data

networks:
 default:
   external:
     name: matrix_net


Generate synapse config:

docker-compose run --rm synapse generate

Comment homeserver.yaml

#database:
#  name: sqlite3
#  args:
#    database: /data/homeserver.db

Add postgresql

database:
 name: psycopg2
 args:
   user: synapse
   password: STRONGPASSWORD
   database: synapse
   host: postgres
   cp_min: 5
   cp_max: 10


docker-compose up -d

Uninstall

yum remove smeserver-matrix-server  matrix-server

Bugs

Please raise bugs under the SME-Contribs section in bugzilla

and select the smeserver-matrix-server component or use this link


Below is an overview of the current issues for this contrib:

No open bugs found.

Changelog

Only released version in smecontrib are listed here.