====== Matrix - Synapse ====== [[https://matrix.org/|Matrix]] is a project to create a decentralized chat / messaging world. Probably much more than that, but i think it's the definitive and only future-proof messaging solution. It looks amazing and it already has so many features that can replace other proprietary solutions. Unfortunately, it is still quite difficult not only to setup, but also to use. One of the big selling point, in my opinion, are the bridges to the other messaging solutions, but the lack of a really viable whatsapp bridge is a bummer. The reason is due to whatsapp limitation, but i am not ready to give up my main whatsapp account on my phone to move it to a VM running on my server. The Telegram integration works pretty well, even if the initial setup proved to be a bit shaky, it's solid after that phase. I didnt explore any other bridge at the moment. Overall i am not yet sure if the effort is worthwile, but since i believe in the need for an open internet, i will give Matrix more time. ===== Tools and Architecture ===== Matrix is the high-level protocol. To join, or host, a Matrix network you need a Matrix server implementation. There are quite a few but i choose [[https://github.com/element-hq/synapse|Synapse]] because it's solid and well-proven. In addition to the server itself, you need the bridges if you want to connect your matrix instance to other messaging platforms. I only use Telegram and Whatsapp (well, discord maybe, but it's more of a forum for me than an actual messaging tool), and of these only Telegram has a viable bridge. More info about the bridges can be found [[https://docs.mau.fi/bridges/index.html|here]]. To use Matrix properly you **do need** one dedicated subdomain. It is teorically possible to host on sub-paths, but i do not recomend it as it adds another layer of uncertainity and complexity that you don't want. I will assume you have **https://chat.mydomain.com** for your Matrix service. Also note that https is **mandatory**. ===== Installation ===== It is possible to install Synapse and the Telegram bridge on bare-metal leveraging Python Virtual Envs, but unless you want to use a SQLite (which won't scale easily) database, you will also need a PostgresSQL installation. Overall, i prefer to go the container route which proved to be easy enough. Setting up and running properly your Matrix instance is already tricky that adding a bare-metal installation hurdle didnt seems needed. As usual create one dedicated user, and create a data folder where all the data will be stored: useradd -d /data/daemons/synapse -m synapse mkdir /data/synapse mkdir /data/synapse/data mkdir /data/synapse/database mkdir /data/synapse/bridges mkdir /data/synapse/bridges/telegram chown synapse:synapse -R /data/synapse The **data** folder will contain Synapse configuration and uploaded files. The **database** folder will contain the PostgreSQL database. The **bridges** folders will contain each one bridge various files. Now, take the following **docker-compose.yml** file and adapt to your needs: version: '3.7' services: synapse: image: docker.io/matrixdotorg/synapse:latest restart: unless-stopped environment: - SYNAPSE_CONFIG_PATH=/data/homeserver.yaml volumes: - /data/synapse/data:/data depends_on: - db ports: - 8008:8008/tcp networks: - synapse-net mautrix-telegram: container_name: mautrix-telegram image: dock.mau.dev/mautrix/telegram:latest restart: unless-stopped depends_on: - db volumes: - /data/synapse/bridges/telegram:/data networks: - synapse-net db: image: docker.io/postgres:12-alpine # Change that password, of course! environment: - POSTGRES_USER=synapse - POSTGRES_PASSWORD=<<< my db password >>> - POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C volumes: - /data/synapse/database:/var/lib/postgresql/data networks: - synapse-net networks: synapse-net: {} Now, as usual, pull the images: podman compose pull Generate initial configuration file: podman compose run --rm -e SYNAPSE_SERVER_NAME=chat.mydomain.com -e SYNAPSE_REPORT_STATS=yes synapse generate Edit your **/data/synapse/data/homeserver.yaml** so that you use PostgresSQL, and double check the paths and server name: server_name: "chat.mydomain.com" pid_file: /data/homeserver.pid # NOTE: enable the following two lines ONLY to create users, then REMOVE them! #enable_registration: true #enable_registration_without_verification: true listeners: - port: 8008 tls: false type: http x_forwarded: true resources: - names: [client, federation] compress: false database: name: psycopg2 args: user: synapse password: <<< my db password >>> dbname: synapse host: db cp_min: 5 cp_max: 10 log_config: "/data/chat.mydomain.com.log.config" media_store_path: /data/media_store registration_shared_secret: "<<< random secret >>>" report_stats: true macaroon_secret_key: "<<< random key >>>" form_secret: "<<< random secret >>>" signing_key_path: "/data/chat.mydomain.com.signing.key" trusted_key_servers: - server_name: "matrix.org" At this point, you are ready to run the Matrix. ==== Set up Telegram Bridge ==== The main **docker-compose.yml** above already contains the bridge image, so just run it once to have it create all the files under ***/data/synapse/bridges/telegram**, and then edit the main file: ... Edit the file **/data/synapse/bridges/telegram/config.yaml** and will in all the required details. Go to [[https://my.telegram.org/apps|https://my.telegram.org/apps|]] and generate both an **api_id** and **api_hash**. Optionally you can go to the **BotFather** in Telegram and create a specific bot for you ([[ https://t.me/BotFather|here]]) Some hints on **config.yaml**: * homeserver - address: the URL of your instance (https://chat.mydomain.com) * homeserver - domain: the URL of your instance, cleaned (chat.mydomain.com, yes, this is **not** a typo) * appservice - address: the **container name** of the bridge (so, http://mautrix-telegram:29317) * appservice - database: i had to switch to SQLite, as i couldn't create a PostgresSQL new database (so, database: sqlite:/data/mautrix-telegram.db) * permissions: change to match your admin user and instance name (ex: chat.mydomain.com: full \n '@admin:chat.mydomain.com': admin) * telegram - api_id the API_ID generated on telegram * telegram - api_hash: API_HASH generated on telegram * telegram - bot_token: the bot token created on telegram (optional) Copy the **/data/synapse/bridges/telegram/registration.yaml** to **/data/synapse/data/mautrix-telegram-registration.yaml**. If the file is missing, restart the containers to have it generated. If you change anything inside the //config.yaml//, delete the registration.yaml and restart the containers. It is **very** important to note that the //registration.yaml// file **must** be correct and copied to the synapse data folder. This is mandatory to let the TelegramBot authenticate in Synapse, and if the bridge does not work, you need to double check that the contents of this file looks correct and match you actual configuration. ===== Reverse Proxy ===== You need to run your Matrix behind a reverse proxy so that you can easily add SSL and protect your server. See [[selfhost:nginx|The Reverse Proxy concept]] for more details. This is a simple and effective **chat.conf** for NGINX: server { server_name chat.mydomain.com; listen 8443 ssl; listen 443 ssl; access_log /var/log/nginx/chat.mydomain.com_access_log main; error_log /var/log/nginx/chat.mydomain.com_error_log info; location ~ ^(/_matrix|/_synapse/client) { # note: do not add a path (even a single /) after the port in `proxy_pass`, # otherwise nginx will canonicalise the URI and cause signature verification # errors. proxy_pass http://127.0.0.1:8008; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host; # Nginx by default only allows file uploads up to 1M in size # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml client_max_body_size 500M; # Synapse responses may be chunked, which is an HTTP/1.1 feature. proxy_http_version 1.1; } include com.mydomain/certbot.conf; } ===== Autostart & Running ===== If you are following my [[gentoo:locald|Custom User Services]] approach, it's pretty easy: cd /etc/local.d ln -s _servicer.sh 63-synapse--podman.start ln -s _servicer.sh 63-synapse--podman.stop ===== User Creation ===== One of the not so intuitive things about Matrix is user creation. I didnt waste too much time on this because i only needed two users (and in general, only a limited numnber of family members), so i went the manual way. After starting the containers, as user //synapse//, run: podman compose run --rm --entrypoint /bin/bash synapse /usr/local/bin/register_new_matrix_user https://chat.mydomain.com -c /data/homeserver.yaml