blue
/
caddy-ddclient-postgres-synapse
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
caddy-ddclient-postgres-syn.../homeserver.yaml

167 lines
6.9 KiB
YAML
Raw Blame History

## Installing Matrix
## I used the Arch User Repository version of the synapse server.
## Two important calls for `synapse_homeserver`:
## 1. `killall synapse_homeserver`
## 2. `synapse_homeserver -c /etc/synapse/homeserver.yaml -D`
## The first call means to kill the Synapse server.
##The second call means to use the config (-c) at the specified directory, and run as daemon (-D).
## Any time you change configurations, kill and start in this fashion.
## After installing, go to `/etc/synapse/homeserver.yaml` and paste this file
```
########################### STANDARD NOTES ######################################
# Configuration file for Synapse.
#
# This is a YAML file: see [1] for a quick introduction. Note in particular
# that *indentation is important*: all the elements of a list or dictionary
# should have the same indentation.
#
# [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html
#
# For more information on how to configure Synapse, including a complete accounting of
# each option, go to docs/usage/configuration/config_documentation.md or
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html
########################### STANDARD NOTES ######################################
server_name: "example.com"
pid_file: /etc/homeserver.pid
listeners:
- port: 8008
tls: false
type: http
x_forwarded: true
bind_addresses: ['::1', '127.0.0.1']
resources:
- names: [client, federation]
compress: false
# - port: 8448
# type: http ### I ACTUALLY DIDNT NEED THIS ###
# tls: false
# resources:
# - names: [client, federation]
#database:
# name: sqlite3
# args:
# database: /etc/homeserver.db
database:
name: psycopg2
args:
user: synapse_user
password: [put in your password here]
database: synapse
host: localhost
port: 5432
cp_min: 5
cp_max: 10
log_config: "/etc/synapse/example.com.log.config"
media_store_path: /mnt/drive/synapse/media
registration_shared_secret: "[THIS WILL AUTO GENERATE]"
enable_registration: true
registration_requires_token: true
enable_registration_without_verification: false
url_previews_enabled: true
#url_preview_ip_range_blacklist:
# - '127.0.0.0/8'
# - '10.0.0.0/8'
limit_remote_rooms:
enabled: true
complexity: 0.5
complexity_error: "Error: CPU_MELTER_DETECTED"
admins_can_join: false
auto_join_rooms:
- "#any_room_name:[example.com]"
serve_server_wellknown: true
report_stats: false
macaroon_secret_key: "[THIS WILL AUTO GENERATE]"
form_secret: "[THIS WILL AUTO GENERATE]"
signing_key_path: "/etc/synapse/example.com.signing.key"
#trusted_key_servers:
# - server_name: "matrix.org"
retention:
enabled: true
default_policy:
min_lifetime: 1d
max_lifetime: 4w
allowed_lifetime_min: 1d
allowed_lifetime_max: 5w
purge_jobs:
- longest_max_lifetime: 30d
interval: 7d
- shortest_max_lifetime: 3d
interval: 1d
encryption_enabled_by_default_for_room_type: all
redaction_retention_period: 1m
user_ips_max_age: 1d
########################### PERSONAL NOTES ######################################
##### PostgreSQL Instructions: #####
# 1A) You need to make a PostgreSQL database with the Synapse install instructions.
# 1B) User = synapse, password = "what you want"
# 1C) Data Directory for PostgreSQL is IMPORTANT. Go into PostgreSQL config and remap the data location to a large drive, NOT YOUR OPERATING SYSTEM DRIVE.
# 1D) The standard port is 5432, but it can be changed. Keep on `localhost` as there is less attack area for PostgreSQL if it isn't exposed to the internet.
# 1E) Make sure to prevent updates on postgres in your package manager config file. Major updates will bork the server (e.g. v14 -> v15)
##### Running as Daemon, and Detecting Server in Browser: #####
# 1) You don't need to touch the systemd [Service] thing like from some blog advice.
# 2) Connection success with local numerical IP instead of using "localhost" for address.
##### Namecheap, or other Registrar Instruction: #####
#| _matrix-identity | _tcp | 0 | 10 | 443 | example.com |
# Make "A+DDNS Records" in the namecheap Advanced DNS section for `matrix` `identity` and the normal `example.com` base
##### DDCLIENT Instructions: #####
# 1) Type in the config for ddclient to pick up the `matrix` `identity` and normal example.com (symbols = *,@) [EXAMPLE BELOW]
# 2) Command `ddclient` in the CLI, it will run to pick up the `*, @, identity, matrix, www` information you put in the
## ddclient configuration file.
##### Misc Notes and Additions: #####
# 1) Fix retention policies to be monthly cleaning.
# 2) Added encryption for all newly made rooms
# 3) Token and Standard "enable_registration" types.
# 4) Type in the `serve_Server_wellknown`, Caddy will use this for federation.
# You don't need to make any files, it's just automatic.
# 5) Remove truste_key_server from the config because you don't need it.
# 6) You don't need to blacklist IPs for URL preview, but do it if you have issues.
# 7) You don't need port 8448 operating for Matrix to federate.
# 8) Limited the room complexity to prevent CPU from melting (100% usage). At measurement 0.5 for complexity,
# you can't join rooms with around 3,000 people or larger. I cannot find the boundaries or range of the room
# participants correlating with the arbitrary complexity number. You can override your complexity filter to allow
# admins to enter any room
# 9A) Add registration token because you can leave registration enabled for inviting frens, but normies can't answer.
# Just give your frens the token you generate from the `synapse_admin` package.
# 9B) (link: https://github.com/Awesome-Technologies/synapse-admin),
# I used the docker instructions since docker-compose is an easy deployment.
# 10) Add custom retention time for redaction_retention_period to 1 minute
# 11) Add custom retention time for user_ips_max_age to 1 day.
# 12) Add auto-join the general chat.
########################### PERSONAL NOTES ######################################
```
## The Caddyfile for Synapse to work with federation:
## [NOTE]: Even though you're not using port 8448 for federation,
## and just 8008, you must put a reverse proxy into the Caddyfile
## so when port 8448 requests come through, they can forward to the
## port 8008 address as shown below.
## [NOTE]: If you are setting something up for the first time,
## port forward 443 and 80 on your router firewall, or virtual server (naming schemes vary),
## no other ports need to be open for operation. Port 80 is for HTTP and port 443 is for HTTPS.
## A reverse proxy works by monitoring the connections through the 443 and 80 ports,
## then redirects the requests to their configured destination which you typed in the Caddyfile config.
###################### See Caddyfile in repo ######################
###################### See ddclient in repo #######################
Reference in New Issue View Git Blame Copy Permalink