From b2384678d010d8123d82bc0cb59d4dd9b975f123 Mon Sep 17 00:00:00 2001 From: Lucky <66523959+l-ucky@users.noreply.github.com> Date: Sun, 12 Feb 2023 15:55:43 -0400 Subject: [PATCH] Notes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Postgres and Synapse media storage note: Don't store on your OS drive, choose another hard drive other than your OS because the database and media folders will grow. After months of use with a small deployment (10–20 people) you can expect around 5-8Gb of storage needed. You can vacuum the database and delete user files to free up space. --- homeserver.yaml | 166 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 166 insertions(+) create mode 100644 homeserver.yaml diff --git a/homeserver.yaml b/homeserver.yaml new file mode 100644 index 0000000..85c3f6a --- /dev/null +++ b/homeserver.yaml @@ -0,0 +1,166 @@ +## Installing Matrix + +## I used the Arch User Repository version of the synapse server. + +## Two important calls for `synapse_homeserver`: +## 1. `killall synapse_homeserver` +## 2. `synapse_homeserver -c /etc/synapse/homeserver.yaml -D` + +## The first call means to kill the Synapse server. + +##The second call means to use the config (-c) at the specified directory, and run as daemon (-D). + +## Any time you change configurations, kill and start in this fashion. + +## After installing, go to `/etc/synapse/homeserver.yaml` and paste this file + +``` +########################### STANDARD NOTES ###################################### +# Configuration file for Synapse. +# +# This is a YAML file: see [1] for a quick introduction. Note in particular +# that *indentation is important*: all the elements of a list or dictionary +# should have the same indentation. +# +# [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html +# +# For more information on how to configure Synapse, including a complete accounting of +# each option, go to docs/usage/configuration/config_documentation.md or +# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html +########################### STANDARD NOTES ###################################### + +server_name: "example.com" +pid_file: /etc/homeserver.pid +listeners: + - port: 8008 + tls: false + type: http + x_forwarded: true + bind_addresses: ['::1', '127.0.0.1'] + resources: + - names: [client, federation] + compress: false +# - port: 8448 +# type: http ### I ACTUALLY DIDNT NEED THIS ### +# tls: false +# resources: +# - names: [client, federation] +#database: +# name: sqlite3 +# args: +# database: /etc/homeserver.db +database: + name: psycopg2 + args: + user: synapse_user + password: [put in your password here] + database: synapse + host: localhost + port: 5432 + cp_min: 5 + cp_max: 10 +log_config: "/etc/synapse/example.com.log.config" +media_store_path: /mnt/drive/synapse/media +registration_shared_secret: "[THIS WILL AUTO GENERATE]" +enable_registration: true +registration_requires_token: true +enable_registration_without_verification: false +url_previews_enabled: true +#url_preview_ip_range_blacklist: +# - '127.0.0.0/8' +# - '10.0.0.0/8' +limit_remote_rooms: + enabled: true + complexity: 0.5 + complexity_error: "Error: CPU_MELTER_DETECTED" + admins_can_join: false +auto_join_rooms: + - "#any_room_name:[example.com]" +serve_server_wellknown: true +report_stats: false +macaroon_secret_key: "[THIS WILL AUTO GENERATE]" +form_secret: "[THIS WILL AUTO GENERATE]" +signing_key_path: "/etc/synapse/example.com.signing.key" +#trusted_key_servers: +# - server_name: "matrix.org" +retention: + enabled: true + default_policy: + min_lifetime: 1d + max_lifetime: 4w + allowed_lifetime_min: 1d + allowed_lifetime_max: 5w + purge_jobs: + - longest_max_lifetime: 30d + interval: 7d + - shortest_max_lifetime: 3d + interval: 1d +encryption_enabled_by_default_for_room_type: all +redaction_retention_period: 1m +user_ips_max_age: 1d + + +########################### PERSONAL NOTES ###################################### +##### PostgreSQL Instructions: ##### +# 1A) You need to make a PostgreSQL database with the Synapse install instructions. +# 1B) User = synapse, password = "what you want" +# 1C) Data Directory for PostgreSQL is IMPORTANT. Go into PostgreSQL config and remap the data location to a large drive, NOT YOUR OPERATING SYSTEM DRIVE. +# 1D) The standard port is 5432, but it can be changed. Keep on `localhost` as there is less attack area for PostgreSQL if it isn't exposed to the internet. +# 1E) Make sure to prevent updates on postgres in your package manager config file. Major updates will bork the server (e.g. v14 -> v15) + +##### Running as Daemon, and Detecting Server in Browser: ##### +# 1) You don't need to touch the systemd [Service] thing like from some blog advice. +# 2) Connection success with local numerical IP instead of using "localhost" for address. + + +##### Namecheap, or other Registrar Instruction: ##### +#| _matrix-identity | _tcp | 0 | 10 | 443 | example.com | +# Make "A+DDNS Records" in the namecheap Advanced DNS section for `matrix` `identity` and the normal `example.com` base + + +##### DDCLIENT Instructions: ##### +# 1) Type in the config for ddclient to pick up the `matrix` `identity` and normal example.com (symbols = *,@) [EXAMPLE BELOW] +# 2) Command `ddclient` in the CLI, it will run to pick up the `*, @, identity, matrix, www` information you put in the +## ddclient configuration file. + +##### Misc Notes and Additions: ##### +# 1) Fix retention policies to be monthly cleaning. +# 2) Added encryption for all newly made rooms +# 3) Token and Standard "enable_registration" types. +# 4) Type in the `serve_Server_wellknown`, Caddy will use this for federation. +# You don't need to make any files, it's just automatic. +# 5) Remove truste_key_server from the config because you don't need it. +# 6) You don't need to blacklist IPs for URL preview, but do it if you have issues. +# 7) You don't need port 8448 operating for Matrix to federate. +# 8) Limited the room complexity to prevent CPU from melting (100% usage). At measurement 0.5 for complexity, +# you can't join rooms with around 3,000 people or larger. I cannot find the boundaries or range of the room +# participants correlating with the arbitrary complexity number. You can override your complexity filter to allow +# admins to enter any room +# 9A) Add registration token because you can leave registration enabled for inviting frens, but normies can't answer. +# Just give your frens the token you generate from the `synapse_admin` package. +# 9B) (link: https://github.com/Awesome-Technologies/synapse-admin), +# I used the docker instructions since docker-compose is an easy deployment. +# 10) Add custom retention time for redaction_retention_period to 1 minute +# 11) Add custom retention time for user_ips_max_age to 1 day. +# 12) Add auto-join the general chat. +########################### PERSONAL NOTES ###################################### + +``` + +## The Caddyfile for Synapse to work with federation: +## [NOTE]: Even though you're not using port 8448 for federation, +## and just 8008, you must put a reverse proxy into the Caddyfile +## so when port 8448 requests come through, they can forward to the +## port 8008 address as shown below. + +## [NOTE]: If you are setting something up for the first time, +## port forward 443 and 80 on your router firewall, or virtual server (naming schemes vary), +## no other ports need to be open for operation. Port 80 is for HTTP and port 443 is for HTTPS. + +## A reverse proxy works by monitoring the connections through the 443 and 80 ports, +## then redirects the requests to their configured destination which you typed in the Caddyfile config. + +###################### See Caddyfile in repo ###################### + +###################### See ddclient in repo ####################### +