Matrix-server

From SME Server
Revision as of 15:03, 16 February 2023 by ReetP (talk | contribs) (→‎Installation)
Jump to navigationJump to search




matrix-server
NeedImage.svg
matrix-server logo
Maintainermaintainer
Urlhttps://wiki.koozali.org
Category

Category you want

Tags Filethiswithalistoftags


Matrix logo.svg


Maintainer

John Crisp

Status

Warning.png Work in Progress:
This page is a Work in Progress. The contents off this page may be in flux, please have a look at this page history the to see list of changes.


23/02/2023 This is a work in progress and not yet complete

Version

smeserver-matrix-server
The latest version of smeserver-matrix-server is available in the SME repository, click on the version number(s) for more information.


matrix-server
The latest version of matrix-server is available in the SME repository, click on the version number(s) for more information.


Description

An open network for secure, decentralized communication Matrix is an open source project that publishes the Matrix open standard for secure, decentralised, real-time communication, and its Apache licensed reference implementations. Maintained by the non-profit Matrix.org Foundation, we aim to create an open platform which is as independent, vibrant and evolving as the Web itself... but for communication. As of June 2019, Matrix is out of beta, and the protocol is fully suitable for production usage.

Installation

yum --enablerepo=smecontribs install smeserver-matrix-server

This installation depends on docker

https://wiki.koozali.org/Docker

These are how I did it manually.

mkdir -p /home/e-smith/files/docker/configs/data

Needs a fix. Need to check what docker assigns as user:group id

chmod 0777 /home/e-smith/files/docker/configs/data

This will open the port for federation:

config set matrix service access public status enabled TCPPort 8448

Set up a domain.

db domains set matrix.mydomain.net domain\
   Content Primary\
   Description Matrix\
   Nameservers localhost\
   TemplatePath ProxyPassVirtualMatrix\
   letsencryptSSLcert enabled

Apache

Note to self - this looks good inormation

https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/examples/apache/matrix-synapse.conf

mkdir -p /etc/e-smith/templates/etc/httpd/conf/httpd.conf/ProxyPassVirtualMatrix
touch template-begin
touch template-end
nano ProxyPassContent

Paste

{
if ($port eq "$httpPort") {
$OUT .=<<_EVERYWHERE;
<VirtualHost 0.0.0.0:80>
   ServerName matrix.mydomain.net
   DocumentRoot /home/e-smith/files/ibays/Primary/html
   RewriteEngine on
   RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.*
   RewriteRule ^/.well-known/acme-challenge(/.*|\$) https://%{HTTP_HOST}/.well-known/acme-challenge\$1 [L,R]
   RewriteRule ^/(.*|\$) https://%{HTTP_HOST}/\$1 [L,R]
</VirtualHost>
_EVERYWHERE

$OUT .=<<_THERE;

Listen 8448

<VirtualHost 0.0.0.0:8448>
   SSLEngine on
   ServerName matrix.mydomain.net
   RequestHeader set "X-Forwarded-Proto" "https"
   AllowEncodedSlashes NoDecode
   ProxyPass /_matrix http://127.0.0.1:8008/_matrix nocanon
   ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix
</VirtualHost>
_THERE
}

if ($port eq "$httpsPort"){ 
$OUT .=<<_HERE;
<VirtualHost 0.0.0.0:443>
   SSLEngine on
   ServerName matrix.mydomain.net
   ProxyPass /.well-known/acme-challenge/ !
   DocumentRoot /home/e-smith/files/ibays/Primary/html
   RequestHeader set "X-Forwarded-Proto" "https"
   AllowEncodedSlashes NoDecode
   ProxyPreserveHost on
   ProxyPass /_matrix http://127.0.0.1:8008/_matrix nocanon
   ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix
   ProxyPass /_synapse/client http://127.0.0.1:8008/_synapse/client nocanon
   ProxyPassReverse /_synapse/client http://127.0.0.1:8008/_synapse/client
   <Location />
       Require all granted
   </Location>
   <Location /.well-known/acme-challenge/>
       Require all granted
   </Location>
</VirtualHost>
_HERE
}
}

Check you have access to .acme-challenge/well-known and get your letsencrypt certificate.

nano /home/e-smith/files/docker/configs/docker-compose.yml

Paste this:

version: '2.3'
services:
 element:
   image: vectorim/element-web:latest
   restart: unless-stopped
   volumes:
     - ./element-config.json:/app/config.json
 synapse:
   container_name: synapse
   image: matrixdotorg/synapse:latest
   restart: unless-stopped
   volumes:
     - ./data:/data
   environment:
       SYNAPSE_SERVER_NAME: "matrix.mydomain.net"
       SYNAPSE_REPORT_STATS: "yes"
   ports:
     - 8008:8008
    # This may vary - need to think abut this
    user: 991:991

# Experimental
# This
#    network_mode: "host"
# Or
#    networks: ["server"]
#networks:
#    server:
#        external: true
# However it may fixing the internal docker network and adding to 'LocalNetworks'
# to allow local DNS lookups etc
nano /home/e-smith/files/docker/configs/element-config.json

Paste this content: https://develop.element.io/config.json

Remove "default_server_name": "matrix.org" from element-config.json

Paste this at the top of the file using your server name:

   "default_server_config": {
       "m.homeserver": {
           "base_url": "https://matrix.example.com",
           "server_name": "matrix.example.com"
       },
       "m.identity_server": {
           "base_url": "https://vector.im"
       }
   },


Generate synapse config:

docker-compose run --rm synapse generate

Do we need to edit the server name here? Check.

nano /home/e-smith/files/docker/configs/data/homeserver.yaml

Configuration

you can list the available configuration with the following command :

config show matrix

Some of the properties are not shown, but are defaulted in a template or a script. Here a more comprehensive list with default and expected values :

property default values
DbName matrix string for postgresql docker db
DbPassword GENERATED string for mysql db
DbUser none string for mysql db
access private private, public
TCPPort 8448 variable
status enabled enabled,disabled


Add Users

docker exec -it synapse bash
register_new_matrix_user -c /data/homeserver.yaml http://localhost:8008

For an admin user

register_new_matrix_user -a -c /data/homeserver.yaml http://localhost:8008

https://manpages.debian.org/testing/matrix-synapse/register_new_matrix_user.1.en.html

Update user password with postgresql

docker exec -it synapse /usr/local/bin/hash_password -c /data/homeserver.yaml
UPDATE users SET password_hash = '<password-hash>' WHERE name = '@someone:server.com'

where <password-hash> is the hash returned by the docker command above


Alternative compose file

https://cyberhost.uk/element-matrix-setup/

docker network create --driver=bridge --subnet=10.10.10.0/24 --gateway=10.10.10.1 matrix_net

version: '2.3' services:

 postgres:
   image: postgres:14
   restart: unless-stopped
   networks:
     default:
       ipv4_address: 10.10.10.2
   volumes:
    - ./postgresdata:/var/lib/postgresql/data
   # These will be used in homeserver.yaml later on
   environment:
    - POSTGRES_DB=synapse
    - POSTGRES_USER=synapse
    - POSTGRES_PASSWORD=STRONGPASSWORD
    
 element:
   image: vectorim/element-web:latest
   restart: unless-stopped
   volumes:
     - ./element-config.json:/app/config.json
   networks:
     default:
       ipv4_address: 10.10.10.3
        
 synapse:
   image: matrixdotorg/synapse:latest
   restart: unless-stopped
   networks:
     default:
       ipv4_address: 10.10.10.4
   volumes:
    - ./synapse:/data

networks:
 default:
   external:
     name: matrix_net


Generate synapse config:

docker-compose run --rm synapse generate

Comment homeserver.yaml

#database:
#  name: sqlite3
#  args:
#    database: /data/homeserver.db

Add postgresql

database:
 name: psycopg2
 args:
   user: synapse
   password: STRONGPASSWORD
   database: synapse
   host: postgres
   cp_min: 5
   cp_max: 10


docker-compose up -d

Uninstall

yum remove smeserver-matrix-server  matrix-server

Bugs

Please raise bugs under the SME-Contribs section in bugzilla

and select the smeserver-matrix-server component or use this link


Below is an overview of the current issues for this contrib:

No open bugs found.

Changelog

Only released version in smecontrib are listed here.