matrix-synapse

OS : Debian10

Objectif : Installer un serveur MATRIX-synapse.

1) Installation

  • Ajout des dépots MATRIX

apt install -y lsb-release wget apt-transport-https

wget -O /usr/share/keyrings/matrix-org-archive-keyring.gpg https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg

echo "deb [signed-by=/usr/share/keyrings/matrix-org-archive-keyring.gpg] https://packages.matrix.org/debian/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/matrix-org.list

  • Installation de matrix-synapse (Python3)

apt update && apt upgrade

apt install matrix-synapse-py3

systemctl enable matrix-synapse.service

systemctl start matrix-synapse.service

  • Installation de PostgreSQL

apt install postgresql python3-psycopg2 autopostgresqlbackup

su postgres

postgres=# CREATE USER "username" WITH PASSWORD 'password';

postgres=# CREATE DATABASE synapse ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER "username";

2) Configuration synapse avec base de donnée PostgreSQL

vi /etc/matrix-synapse/homeserver.yaml

database:
    name: psycopg2
    args:
        user: <user>
        password: <pass>
        database: <db>
        host: <host>
        cp_min: 5
        cp_max: 10

systemctl restart matrix-synapse.service

3) Controler les ports d'écoute

ss -plntu

Accedez à votre instance Matrix-Synapse avec votre navigateur : http://192.168.xxx.yyy:8008
Vous devriez arriver sur une page indiquant : "It works! Synapse is running"
Matrix-Synapse est un serveur. Il vous faut un client pour l'utiliser.

4) Créer un utilisateur MATRIX

register_new_matrix_user -c /etc/matrix-synapse/homeserver.yaml http://localhost:8008

5) Controler les log

tail -f /var/log/matrix-synapse/homeserver.log

6) Aller plus loin

  • Installer un reverse proxy NGINX devant l'instance matrix-synapse
  • Installer RIOT-WEB comme client web

7) Configuration pour Nginx

###matrix.underworld.fr###
    server {
        server_name matrix.underworld.fr;
        listen 80;

        location /.well-known {
            alias /var/www/cert/matrix.underworld.fr/.well-known;
        }

        location /.well-known/matrix {
            alias /var/www/matrix;
        }

        location / {
            rewrite / https://matrix.underworld.fr;
            access_log  /var/log/nginx/matrix.underworld.fr.log;
        }

    }
    server {
        server_name matrix.underworld.fr;
        listen 443 http2;
        ssl on;

        ssl_certificate /etc/letsencrypt/live/matrix.underworld.fr/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/matrix.underworld.fr/privkey.pem;
        ssl_dhparam /etc/nginx/dh.pem;
        ssl_ecdh_curve secp384r1;
        ssl_stapling on;
        ssl_stapling_verify on;
        ssl_protocols TLSv1.2;
        ssl_ciphers EECDH+AESGCM:EECDH+CHACHA20:EECDH+AES;
        ssl_prefer_server_ciphers on;

        location /.well-known {
            alias /var/www/cert/matrix.underworld.fr/.well-known;
        }

        location /.well-known/matrix {
            alias /var/www/matrix;
        }

        location / {
            proxy_pass http://192.168.xxx.yyy:8008;
            proxy_set_header X-Forwarded-For $remote_addr;
            access_log /var/log/nginx/matrix.underworld.fr.log;
        }

        location /_matrix {
            proxy_pass http://192.168.xxx.yyy:8008;
            proxy_set_header X-Forwarded-For $remote_addr;
            access_log /var/log/nginx/matrix.underworld.fr.log;
        }
    }

8) Déclaration DNS pour le protocole matrix

  • Enregistrement DNS requis permettant de signaler le port "server" aux autres instances [MATRIX]

    _matrix._tcp.underworld.fr. 3600 IN SRV 10 5 443 matrix.underworld.fr.
  • Alternative : Créer un fichier https://matrix.underworld.fr/.well-known/matrix/server contenant:

    {
        "m.server": "matrix.underworld.fr:443"
    }

9) Configuration de Matrix-Synapse

vi /etc/matrix-synapse/homeserver.yaml

  • Parametrage specifique à l'instance

    public_baseurl: https://matrix.underworld.fr
    registration_shared_secret: monautresecretsecret
    enable_registration: true
    
    listeners:
      - port: 8008
        tls: false
        type: http
        x_forwarded: true
        bind_addresses: ['192.168.xxx.yyy']
    
        resources:
          - names: [client, federation]
            compress: false
    
    admin_contact: 'mailto:admin@underworld.fr'
  • Parametrage pour serveur TURN

    #PERSO
    turn_uris: [ "turn:turn.underworld.fr:5349?transport=udp", "turn:turn.underworld.fr:5349?transport=tcp" ]
    turn_shared_secret: monsecretsecretsecret
    turn_user_lifetime: 86400000
    turn_allow_guests: True
  • Parametrage pour serveur SMTP en localhost

    #PERSO
    email:
       enable_notifs: false
       smtp_host: "localhost"
       smtp_port: 25
       require_transport_security: false
       notif_from: "Your Friendly %(app)s Home Server <admin@underworld.fr>"
       app_name: Underworld Matrix
       notif_for_new_users: true
       riot_base_url: "https://riot.underworld.fr"
       validation_token_lifetime: 1h
       notif_template_html: notif_mail.html
       notif_template_text: notif_mail.txt
       expiry_template_html: notice_expiry.html
       expiry_template_text: notice_expiry.txt

10) NOTES

  • Générer un clef aléatoire : cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1
  • Tester que votre serveur Matrix-Synapse est joignable par les autres : https://federationtester.matrix.org/

Next Post