For the past one month, I’ve been digging around the internet about the decentralized fediverse community. Platforms like Mastodon, Matrix Synapse, Pixelfed etc are the open-source implementations of twitter, IMs like telegram Signal and instagram, and more importantly these platforms are all decentralized, which means your posts/pics/blog/account belongs to yourself, and won’t be deleted by those BIG companies for no reason, especially those stupid companies in China like weibo, bilibili, douyin etc. Ad-free, no user privacy tracking/leaking are also advantages of the fediverse platforms.
Up to now, I’ve tried my hand on Soapbox FE, Matrix Synapse and got them successfully running on my VPS. This post mainly focuses on the installation of Matrix Synapse which was written in Python. There is a Go version of Matrix – Dendrite. It’s more efficient and maybe the VPS hardware requirements aren’t that high. But it’s still in the beta version, not recommended for the production environment.
Minimal VPS Specs: 1-core vCPU, 1G of RAM, here is the utilization of Synapse running on my VPS(just 1 user), 2G RAM is recommended for users less than 20. The OS is Ubuntu 20.04.
I’ve made a test video call between my 2 phones, the CPU ( Intel(R) Xeon(R) CPU E5-2690 v4 @ 2.60GHz ) usage is around 25%, so a 2-core CPU is recommended.
I want to use the base domain as part of the user name, like @user:example.org, instead of @user:matrix.example.org which is the actual server address. In this case, you can host other websites (like Mastodon) with the base domain example.org.
Let’s get rolling!
Install matrix synapse package
sudo apt update sudo apt upgrade -y sudo apt install lsb-release wget apt-transport-https -y // add the gpg keys sudo wget -qO /usr/share/keyrings/matrix-org-archive-keyring.gpg https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg sudo echo "deb [signed-by=/usr/share/keyrings/matrix-org-archive-keyring.gpg] https://packages.matrix.org/debian/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/matrix-org.list // install matrix-synapse package sudo apt update sudo apt upgrade sudo apt install matrix-synapse-py3
One window will pop up, enter the base domain name example.org, NOT matrix.example.org, it’s very important. Hit <OK> and <NO>.
sudo systemctl enable matrix-synapse sudo systemctl start matrix-synapse sudo systemctl status matrix-synapse
Go through the log file if synapse is not running:
sudo tail -f /var/log/matrix-synapse/homeserver.log
Make sure again by typing:
sudo netstat -lnpt | grep :8008
Change the configurations:
Generate the Matrix Synapse registration secret:
cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1
Edit the synapse config file:
sudo nano /etc/matrix-synapse/homeserver.yaml
Press Ctrl+w
to find registration_shared_secret:
uncomment it and change the value with the random string generated above.
Find the following lines and change the value correspondingly:
enable_registration: false allow_public_rooms_without_auth: false allow_public_rooms_over_federation: false
Press Ctrl+o
to save the file and Ctrl+x
to exit. Then restart the synapse service:
sudo systemctl restart matrix-synapse
Again, if anything goes wrong, check out the log file.
sudo more /var/log/matrix-synapse/homeserver.log
Install Nginx and certbot:
sudo apt install nginx certbot python3-certbot-nginx -y
Generate the SSL certificates:
sudo systemctl stop nginx
sudo certbot certonly -d example.org -d matrix.example.org
Create Nginx config file of the base domain:
cd /etc/nginx/sites-available sudo nano example.org
Change example.org to your domain name:
server {
root /var/www/example.org; # You can host another website here or do a reverse proxy.
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name example.org;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
location /.well-known/matrix/client {
# pay attention here, help client like element to find the actual address.
return 200 '{"m.homeserver": {"base_url": "matrix.example.org"}}';
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
location /.well-known/matrix/server {
return 200 '{"m.server": "matrix.example.org:443"}';
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = example.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name example.org;
return 404; # managed by Certbot
}
Create the matrix.example.org config file:
sudo nano matrix.example.org
Change the content to:
server { listen 443 ssl http2; listen [::]:443 ssl http2;
# make your synapse instance federated. listen 8448 ssl http2; listen [::]:8448 ssl http2; server_name matrix.example.org; ssl_certificate /etc/letsencrypt/live/matrix.example.org/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/matrix.example.org/privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; ssl_session_timeout 10m; ssl_session_cache shared:SSL:10m; ssl_session_tickets on; ssl_stapling on; ssl_stapling_verify on; location ~ ^(/_matrix|/_synapse/client) { # note: do not add a path (even a single /) after the port inproxy_pass
, # otherwise nginx will canonicalise the URI and cause signature verification # errors. proxy_pass http://127.0.0.1:8008; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host; # Nginx by default only allows file uploads up to 1M in size # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
# support file size up to 200MB. client_max_body_size 200M; }
# make your synapse instance federated. location / { proxy_pass http://localhost:8008; proxy_set_header X-Forwarded-For $remote_addr; } } server { if ($host = matrix.example.org) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; listen [::]:80; server_name matrix.example.org; return 404; # managed by Certbot }
Link the config files to sites-enabled folder and restart nginx
ln -s /etc/nginx/sites-available/example.org /etc/nginx/sites-enabled/ ln -s /etc/nginx/sites-available/matrix.example.org etc/nginx/sites-enabled/ nginx -t systemctl restart nginx
Setting up Postgres
Issue the following commands:
sudo apt install postgresql postgresql-contrib
sudo -i -u postgres
psql
# Create an user and password, you shoud change the Password
CREATE USER "synapseuser" WITH PASSWORD 'Password';
CREATE DATABASE synapse ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER "synapseuser";
exit
exit # exit the current user
sudo apt install python3-psycopg2
Edit synapse config file:
sudo nano /etc/matrix-synapse/homeserver.yaml
Since I’ll use PostgreSQL instead of sqlite3, comment out the following lines:
#database: # name: sqlite3 # args: # database: /path/to/homeserver.db
Uncomment the following lines:
database: name: psycopg2 txn_limit: 10000 args: user: synapseuser
# enter the username and password created above. password: password database: synapse host: localhost port: 5432 cp_min: 5 cp_max: 10
Looks like this:
Change public_baseurl to the real domain matrix.example.org (IMPORTANT!):
Find and change maximum file size to 200M
max_upload_size: 200M
Since the file size has been changed in the nginx config file of matrix.example.org, there is 1 more place to change:
sudo nano /etc/nginx/nginx.conf
Add the following line in http section:
client_max_body_size 200M;
Save & exit. Restart synapse & nginx:
sudo systemctl restart matrix-synapse sudo nginx -t sudo systemctl restart nginx
Enable ports:
ufw allow OpenSSH ufw allow 'Nginx Full' ufw allow 8448
Visit https://matrix.example.org:8448, you’ll get this page:
Visit https://federationtester.matrix.org/ , enter the base domain example.org to test if everything is OK.
Create the admin account
register_new_matrix_user -c /etc/matrix-synapse/homeserver.yaml http://localhost:8008
Type name & password, and then type yes when asked if make it admin.
Visit https://app.element.io/#/login to login. Click Edit at the upper-right corner of the page, and then fill in the actual synapse address:
Hit Continue and then enter the username and password you just created. You might see something like this as well🤣🤣🤣
Of course, you can find many other clients for you PC, Mac, iphone etc at https://matrix.org/clients/.
Upgrade
Upgrading synapse to the latest version is just like upgrading other softwares on ubuntu, Executing apt full-upgrade
would do the job. But before doing that, make sure to backup your homeserver.yaml
and then press n when asked wheather or not to replace the config file.
It’s not very complicated, but you can use ansible to deploy matrix which is much easier, especially when you want to bridge other IM tools like telegram or discord etc.