148 lines
3.2 KiB
Markdown
148 lines
3.2 KiB
Markdown
---
|
|
title: 'Matrix Chat Server'
|
|
date: 2021-11-13T15:06:57Z
|
|
draft: false
|
|
---
|
|
|
|
# Matrix Chat Server
|
|
## Synpase
|
|
|
|
To install matrix.org reference server synapse on Alpine-Linux the following steps are neccessary. In my case alpine-linux is running within an LXC container on my server.
|
|
|
|
### Install prerequisite packages
|
|
```
|
|
apk add \
|
|
python2 \
|
|
py2-pip \
|
|
py-setuptools \
|
|
py-virtualenv \
|
|
sqlite \
|
|
py2-pysqlite \
|
|
py2-psycopg \
|
|
postgresql-dev \
|
|
py2-cffi \
|
|
libffi-dev \
|
|
alpine-sdk \
|
|
sqlite-dev \
|
|
python2-dev \
|
|
linux-headers \
|
|
zlib-dev \
|
|
jpeg-dev
|
|
```
|
|
### install synapse
|
|
|
|
According to https://github.com/matrix-org/synapse#synapse-installation the recomendet installation procedure is within an python virtualenv environment.
|
|
```
|
|
virtualenv -p python2.7 /opt/synapse
|
|
. /opt/synapse/bin/activate
|
|
cd /opt/synapse
|
|
pip install --upgrade pip
|
|
pip install --upgrade setuptools
|
|
pip install https://github.com/matrix-org/synapse/tarball/master
|
|
```
|
|
### create default configuration homeserver.yaml
|
|
```
|
|
python \
|
|
-m synapse.app.homeserver \
|
|
--server-name matrix.br0tkasten.de \
|
|
--config-path homeserver.yaml \
|
|
--generate-config \
|
|
--report-stats=yes
|
|
```
|
|
### start synapse
|
|
```
|
|
synctl start
|
|
open-rc start script
|
|
```
|
|
|
|
### create system user
|
|
```
|
|
adduser -S matrix
|
|
chown -Rf matrix /opt/synapse
|
|
```
|
|
### virtualenv wraper script
|
|
```
|
|
mkdir -p /opt/sbin
|
|
cat > /opt/sbin/synapse.sh << EOF
|
|
#!/bin/sh
|
|
|
|
. /opt/synapse/bin/activate
|
|
|
|
cd /opt/synapse
|
|
synctl start
|
|
EOF
|
|
chmod 0755 /opt/sbin/synapse.sh
|
|
```
|
|
### open-rc init script
|
|
```
|
|
cat > /etc/init.d/synapse << EOF
|
|
#!/sbin/openrc-run
|
|
|
|
name=$RC_SVCNAME
|
|
command="/opt/sbin/synapse.sh"
|
|
command_user="matrix"
|
|
pidfile="/opt/synapse/homeserver.pid"
|
|
|
|
depend() {
|
|
need net
|
|
}
|
|
|
|
start() {
|
|
ebegin "Starting $name"
|
|
start-stop-daemon --start \
|
|
--user $command_user \
|
|
--exec $command \
|
|
--pidfile $pidfile
|
|
eend $?
|
|
}
|
|
|
|
stop() {
|
|
ebegin "Stopping $name"
|
|
start-stop-daemon --stop --user $command_user
|
|
eend $?
|
|
}
|
|
EOF
|
|
chmod 0755 /etc/init.d/synapse
|
|
```
|
|
### enable init script
|
|
```
|
|
rc-update add synapse
|
|
```
|
|
## Administration
|
|
### create user accounts
|
|
```
|
|
register_new_matrix_user -c homeserver.yaml http://matrix.br0tkasten.de:8008
|
|
```
|
|
## Additional
|
|
### Expose local LXC containers ports
|
|
#### Server-to-Server
|
|
|
|
For Server-to-Server connections on Port 8448 it is recommended to expose the port directly using portforwarding. On my server I used iptables for this portforwarding
|
|
```
|
|
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 8448 -j DNAT --to-destination matrix.lxc.local:8448
|
|
```
|
|
#### Client connections
|
|
|
|
In my setup an apache vhost is acting as https reverse proxy.
|
|
```
|
|
<VirtualHost 185.170.112.162:443>
|
|
ServerName matrix.br0tkasten.de:443
|
|
RewriteEngine on
|
|
SSLEngine On
|
|
SSLProtocol all
|
|
SSLProxyEngine On
|
|
|
|
SSLCertificateFile /etc/letsencrypt/live/matrix.br0tkasten.de/fullchain.pem
|
|
SSLCertificateKeyFile /etc/letsencrypt/live/matrix.br0tkasten.de/privkey.pem
|
|
|
|
CustomLog /var/log/httpd/matrix/access.log combined
|
|
ErrorLog /var/log/httpd/matrix/error.log
|
|
|
|
ProxyPreserveHost On
|
|
ProxyRequests Off
|
|
|
|
ProxyPass / http://matrix.lxc.br0tkasten.de:8008/
|
|
ProxyPassReverse / http://matrix.lxc.br0tkasten.de:8008/
|
|
</VirtualHost>
|
|
```
|