Blog

Advertise

Directory
DarkHunt Logo

Blog

Advertise

Directory



How to Setup your Matrix Synapse Messaging Homeserver (Updated Nov 2023/English)


How to Setup your Matrix Synapse Messaging Homeserver (Updated Nov 2023/English) Updated with Jitsi Video Conference Integration! Copyright Feel free to link to this page if you like this blog post, but do not copy/paste the text somewhere ...


Onion Details


Page Clicks: 1

First Seen: 03/11/2024

Last Indexed: 10/22/2024

Domain Index Total: 337


Onion Content


Kontakt How to Setup your Matrix Synapse Messaging Homeserver (Updated Nov 2023/English) Updated with Jitsi Video Conference Integration! Copyright Feel free to link to this page if you like this blog post, but do not copy/paste the text somewhere else without asking. If you want to post the text in full or partial on your site or blog you must add in bold inside a h1 tag: Text originally posted at http://wmv7y4tehgsvghaabiqvrm76uag7c6vdxufzoorjso3escefkiwo4tid.onion/how-to-setup-your-matrix-synapse-messaging-homeserver-mar-2021-english/ This is the server side part, find client intro here: This is the server side part. If you need a tutorial for the client side using Element Matrix Messenger (former Riot Messenger) I wrote an very detailed english version for my https://EURAFRI.com Business Networking Project! In German you can find infos here: http://wmv7y4tehgsvghaabiqvrm76uag7c6vdxufzoorjso3escefkiwo4tid.onion/riot-im-messenger-kurzanleitung-fuer-benutze-updated/ . Updated Infos will follow on this blog soon. If you installed a server using one of the older tutorials double check the configs, especially Apache, Turnserver and Matrix. There was changes made which should be added to your server too. Changelog: FreeBSD PostgresQL Update 2019-10-30: Be careful with updating, see updating section below. FreeBSD pkg wants PostgreSQL 11.5 now for py36-psycopg2 and turnserver. You can end up with deinstalled PostgreSQL 9.5 Server and create a problem. Read section below carefully! Security Fix 2020-04-03: The Twisted fix was already mentioned in the 1.12.0 release note, but due to a sqlite module load error, even one does not use it, updates was delayed till 1.12.1 comes out. Please upgrade Twisted to >=20.3.0 while env is activated using: pip install 'Twisted>=20.3.0' Cross Signing Update 2020-05-06 https://matrix.org/blog/2020/05/06/cross-signing-and-end-to-end-encryption-by-default-is-here/ Jitsi Integration Update 2021-03-01 Added description of server side Jisi Domain settings for Element Clients and others respecting /.well-known/matrix/client Postgres 11 to 13 Update 2022-07-27 added PG Update 11 to 13 changed all python depends from 3.7 to 3.9 Postgres 13 to 15 Update 2023-11-21 added PG Update 13 to 15 Just to be clear This is how I have done it. Whatever you do, you do it for yourself. I am in no way responsible for anything. Everything you do is on your own risk! Public Matrix Room There is a public room #kmj:matrix.ctseuro.com where I answer questions from time to time in English or German. Please join if you have questions. I do not accept 1:1 requests for any support question. Join with typing /join #kmj:matrix.ctseuro.com in the box where you write a message and press . A guide to setup a Matrix Synapse Homeserver End-to-end encrypted messenger and collaboration server using Python 3.9. We will add Turnserver for voice based communication, add the settings for integration of a self hosted Jitsi Voice/Video Conference instance ( https://jitsi.org ), add a firewall and more. If we are done you run your own homeserver which is able to communicate with all other Matrix servers on the Internet via federation. Prefered Client on Linux, Mac, Windows, Android and IOS is Element Matrix Messenger https://element.io . At the time of writing this age we use FreeBSD 12.2. Newer FreeBSD Versions are very similar to setup. prepare everything download from https://download.freebsd.org/ftp/releases/amd64/amd64/ISO-IMAGES/12.2/ use FreeBSD-12.2-RELEASE-amd64-disc1.iso For bare bone setup write the ISO to some USB stick, for virtual setup using Proxmox or VMWare, place the ISO on your host and create a virtual machine booting with the ISO file. The required resources are: RAM 4-8 GB for up to 100 users 2-4 Cores 200GB Harddisk network card static IP address with DNS entry pointing to it Assume we create the homeserver matrix.ourdomain.com on IP 1.2.3.4 . Each Matrix Synapse server is called homeserver. We have pointed an DNS A record matrix.ourdomain.com to IP 1.2.3.4. Check with nslookup matrix.ourdomain.com, or ping matrix.ourdomain.com that the name resolves. NOTE: you must change ourdomain.com to your domain name and 1.2.3.4 to your IP! Setup FreeBSD Boot the ISO file and do a minimum setup of FreeBSD as described on FreeBSD.org. Enable sshd to be able to login. This sets the hostname, creates your user account, formats the harddisk and creates the partitions. Do not install ports or other stuff, except sshd. Finally reboot and login with the user you created. Detailed FreeBSD setup instructions is out of the scope of this document. Setup additional software use su to become root and enter y if asked to fetch and install pkg system. pkg install ca_root_nss gcc mc bash curl wget pkg install libffi libxslt jpeg pkg install py39-virtualenv pkg install py39-psycopg2 pkg clean -a Create Environment mkdir -p /home/synapse/env virtualenv-3.9 -p python3.9 /home/synapse/env Always use sh for working with virtualenv. sh . /home/synapse/env/bin/activate (env) # The env # must be shown and do not forget to add the . at the beginning of the line. If it is not shown you have made some error! Go back and recheck if this happens! Setup basic Synapse inside virtualenv While still showing (env) # do: pip install --upgrade pip - pip install --upgrade setuptools This should show: . /home/synapse/env/bin/activate (env) # pip install --upgrade pip Requirement already up-to-date: pip in /usr/home/synapse/env/lib/python3.9/site-packages (19.1.1) (env) # pip install --upgrade setuptools Requirement already up-to-date: setuptools in /usr/home/synapse/env/lib/python3.9/site-packages (41.0.1) If this is fine, continue with: pip install matrix-synapse[all] This will take some time, download different things and should finally end without error. Setup PostgreSQL Database leave virtualenv with typing: deactivate you should only see # without env now pkg install postgresql11-server sysrc postgresql_enable=yes service postgresql initdb service postgresql start now we have a running PostgreSQL database engine. Setup the Firewall, DNS, NTP and Mail. Before we continue we should setup our firewall to avoid attacks while runnign our setup. Create /etc/rc.firewall.KMJ with the following content: #!/bin/sh - # # Setup system for ipfw(4) firewall service. # # Suck in the configuration variables. if [ -z "${source_rc_confs_defined}" ]; then if [ -r /etc/defaults/rc.conf ]; then . /etc/defaults/rc.conf source_rc_confs elif [ -r /etc/rc.conf ]; then . /etc/rc.conf fi ############ setup_loopback() { ############ # Only in rare cases do you want to change these rules # ${fwcmd} add 100 pass all from any to any via lo0 ${fwcmd} add 200 deny all from any to 127.0.0.0/8 ${fwcmd} add 300 deny ip from 127.0.0.0/8 to any ${fwcmd} add 400 deny all from any to ::1 ${fwcmd} add 500 deny all from ::1 to any } . /etc/rc.subr . /etc/network.subr ############ # Set quiet mode if requested # case ${firewall_quiet} in [Yy][Ee][Ss]) fwcmd="/sbin/ipfw -q" ;; *) fwcmd="/sbin/ipfw" ;; esac ############ # Flush out the list before we begin. # ${fwcmd} -f flush setup_loopback ############ # # We do not allow IPv6 Traffic ${fwcmd} add deny ip6 from any to any # Allow TCP through if setup succeeded ${fwcmd} add pass tcp from any to any established # Allow IP fragments to pass through ${fwcmd} add pass all from any to any frag # Allow setup of incoming connections ${fwcmd} add pass tcp from ${MGMTIP} to me 22 setup # SSH ${fwcmd} add pass tcp from any to me 8448 setup # MATRIX ${fwcmd} add pass tcp from any to me 3478 setup # TURN ${fwcmd} add pass udp from any to me 3478 keep-state # TURN ${fwcmd} add pass tcp from any to me 5349 setup # TURN TLS ${fwcmd} add pass udp from any to me 5349 keep-state # TURN TLS ${fwcmd} add pass udp from any to any 49152-65535 keep-state # Turn high ports ${fwcmd} add pass tcp from any to me 80 setup # letsencrypt only ${fwcmd} add pass tcp from any to me 443 setup # https rev proxy fuer matrix # Allow setup of outgoing TCP connections only ${fwcmd} add pass tcp from me to any setup # Disallow setup of all other TCP connections ${fwcmd} add deny tcp from any to any setup # Allow DNS queries out in the world ${fwcmd} add pass udp from me to any 53 keep-state # Allow NTP queries out in the world ${fwcmd} add pass udp from me to any 123 keep-state # Deny the Rest ${fwcmd} add deny all from any to any Assuming you have an IPv4 connectivity only we block all IPv6 traffic. Furthermore it is not recommended to open SSH to the public. I assume you are a good administrator and restrict ssh access to the static IP of your notebook or desktop system. Otherwise you should setup OpenVPN to access your server. Do not use any as MGMTIP. If you open critial services to the public you will regret it later. They will brute force you and one day somebody will break into your system. Be smart and work like a professional! Now add or change the settings in /etc/rc.conf. We already add settings we need later. You network configuration is not shown here and should not be touched. Do not change hostname= ifconfig_ defaultrouter= parameters. keymap="de.kbd" # do not change your keymap. we use german clear_tmp_enable="YES" syslogd_flags="-ss" dumpdev="NO" MGMTIP="5.6.8.9" # change to static IP of your notebook or desktop system firewall_enable="YES" # Set to YES to enable firewall functionality firewall_script="/etc/rc.firewall.KMJ" # Which script to run to set up the firewall firewall_type="KMJ" # Firewall type (see /etc/rc.firewall) firewall_quiet="NO" # Set to YES to suppress rule display firewall_logging="YES" # Set to YES to enable events logging firewall_logif="NO" # Set to YES to create logging-pseudo interface ####################### local_unbound_enable="YES" sshd_enable="YES" ntpd_enable="YES" apache24_enable="YES" postgresql_enable="YES" synapse_enable="YES" turnserver_enable="YES" ############################### now change /etc/resolv.conf so it reads: search ourdomain.com nameserver 127.0.0.1 options edns0 The final setting requires that our server is able to send out e-mails. cd /etc/mail make install edit /etc/mail/aliases and uncomment the root: entry. change it to root: you@yourmaildomain.com Then run: newaliases Using this settings we run a local cache DNS and resolve locally. Furthermore we run a time syncing via NTP daemon. To make sure everything is done OK, we should reboot now. shutdown -r now Check our Setup login after reboot do a ps -xaj and check that local-ubound, syslogd, ntpd and postgresql deamons are running do a mail -s “test” root , enter some text+ and press CTRL+d to send. You should receive your root mail. Check /var/log/maillog if not, Setup Turnserver To handle voice calls behind NAT you should setup Turnserver as kind of proxy. Setup is pretty easy. pkg install turnserver create /usr/local/etc/turnserver.conf like below, but cha


IMPORTANT

By using this website, you agree to our Terms and Conditions. The content is for educational purposes only. Please use it at your own risk.