modop:synapse
Table of Contents
Installing synapse on Debian
System requirements
Traffic Matrix
Matrix:
ANY to tcp/80 ANY to tcp/443 ANY to tcp/8448
XMPP:
IRC:
Federation settings
DNS record to add in lkw.tf
_matrix._tcp IN SRV 0 0 8448 matrix.lkw.tf.
https://lkw.tf/.well-known/matrix/server shall reply as follow
{"m.server": "matrix.lkw.tf:8448"}
Installing Synapse
# Add Matrix repo apt-get update apt-get install -y gpg add-apt-repository https://matrix.org/packages/debian/ wget -qO - https://matrix.org/packages/debian/repo-key.asc | apt-key add - apt-get update apt-get install matrix-synapse git # Update the Registration shared secret SYNAPSE_SECRET=`cat /dev/urandom | tr -dc 'A-Za-z0-9' | fold -w 32 | head -n1` sed -i "s/randomly_generated_string/$SYNAPSE_SECRET/g" /etc/matrix-synapse/homeserver.yaml systemctl enable matrix-synapse systemctl start matrix-synapse
Nginx
Paste the following in /etc/nginx/sites-available/example.com.
server { listen 80; listen [::]:80; root /var/www/html; index index.html index.htm; server_name example.com www.example.com; location /_matrix { proxy_pass http://localhost:8008; } location ~ /.well-known { allow all; } }
Apache2
<VirtualHost *:80> ServerName matrix.lkw.tf DocumentRoot /var/www/html # Matrix reverse proxy <Location /_matrix> ProxyPass "http://localhost:8008" ProxyPassReverse "http://localhost:8008" </Location> # The part for Dehydrated Include /etc/apache2/tls/dehydrated.conf </VirtualHost> <VirtualHost *:443> ServerName matrix.lkw.tf DocumentRoot /var/www/html SSLEngine On Include /etc/apache2/tls/matrix.lkw.tf.conf # Matrix reverse proxy <Location /> ProxyPass "http://localhost:8443" ProxyPassReverse "http://localhost:8443" </Location> </VirtualHost>
TLS
Install dehydrated
apt-get install -y curl git openssl git clone https://github.com/dehydrated-io/dehydrated mkdir -p /etc/dehydrated cp /usr/local/src/dehydrated/docs/examples/domains.txt /usr/local/src/dehydrated/docs/examples/hook.sh /usr/local/src/dehydrated/docs/examples/config /etc/dehydrated mkdir -p /var/www/html/.well-known/acme-challenge /usr/local/src/dehydrated/dehydrated -f /etc/dehydrated/config --register --accept-terms echo "08 03 * * * root /usr/local/src/dehydrated/dehydrated -f /etc/dehydrated/config -c" > /etc/cron.d/dehydrated
- /etc/dehydrated/config
CA="letsencrypt" CHALLENGETYPE="http-01" BASEDIR=/etc/dehydrated DOMAINS_TXT="${BASEDIR}/domains.txt" CERTDIR="${BASEDIR}/certs" ALPNCERTDIR="${BASEDIR}/alpn-certs" ACCOUNTDIR="${BASEDIR}/accounts" WELLKNOWN="/var/www/dehydrated" KEYSIZE="4096" RENEW_DAYS="30" PRIVATE_KEY_RENEW="yes" KEY_ALGO=rsa HOOK=/etc/dehydrated/hook.sh LOCKFILE="${BASEDIR}/lock" CHAINCACHE="${BASEDIR}/chains" AUTO_CLEANUP="yes"
- /etc/dehydrated/hook.sh
#!/usr/bin/env bash exit_hook() { # This hook is called at the end of the cron command and can be used to # do some final (cleanup or other) tasks. # Reload apache certs $(which apache2ctl) configtest &> /dev/null && $(which systemctl) reload apache2 || echo "Failed to reload apache." # Reload Synapse certs cp /etc/dehydrated/certs/chat.example.com/fullchain.pem /etc/matrix-synapse/fullchain.pem cp /etc/dehydrated/certs/chat.example.com/privkey.pem /etc/matrix-synapse/privkey.pem $(which systemctl) restart matrix-synapse } HANDLER="$1"; shift if [[ "${HANDLER}" =~ ^exit_hook$ ]]; then "$HANDLER" "$@" fi
Bridges
XMPP
IRC
APRS/IS
Matrix API doc: https://www.npmjs.com/package/mx-puppet-bridge
D-Star
DMR
References
modop/synapse.txt · Last modified: 2020/11/18 11:48 by root