167 lines
6.9 KiB
YAML
167 lines
6.9 KiB
YAML
## Installing Matrix
|
|
|
|
## I used the Arch User Repository version of the synapse server.
|
|
|
|
## Two important calls for `synapse_homeserver`:
|
|
## 1. `killall synapse_homeserver`
|
|
## 2. `synapse_homeserver -c /etc/synapse/homeserver.yaml -D`
|
|
|
|
## The first call means to kill the Synapse server.
|
|
|
|
## The second call means to use the config (-c) at the specified directory, and run as daemon (-D).
|
|
|
|
## Any time you change configurations, kill and start in this fashion.
|
|
|
|
## After installing, go to `/etc/synapse/homeserver.yaml` and paste this file.
|
|
|
|
|
|
########################### STANDARD NOTES ######################################
|
|
# Configuration file for Synapse.
|
|
#
|
|
# This is a YAML file: see [1] for a quick introduction. Note in particular
|
|
# that *indentation is important*: all the elements of a list or dictionary
|
|
# should have the same indentation.
|
|
#
|
|
# [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html
|
|
#
|
|
# For more information on how to configure Synapse, including a complete accounting of
|
|
# each option, go to docs/usage/configuration/config_documentation.md or
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html
|
|
########################### STANDARD NOTES ######################################
|
|
|
|
server_name: "example.com"
|
|
pid_file: /etc/homeserver.pid
|
|
listeners:
|
|
- port: 8008
|
|
tls: false
|
|
type: http
|
|
x_forwarded: true
|
|
bind_addresses: ['::1', '127.0.0.1']
|
|
resources:
|
|
- names: [client, federation]
|
|
compress: false
|
|
# - port: 8448
|
|
# type: http ### I ACTUALLY DIDNT NEED THIS ###
|
|
# tls: false
|
|
# resources:
|
|
# - names: [client, federation]
|
|
#database:
|
|
# name: sqlite3
|
|
# args:
|
|
# database: /etc/homeserver.db
|
|
database:
|
|
name: psycopg2
|
|
args:
|
|
user: synapse_user
|
|
password: [put in your password here]
|
|
database: synapse
|
|
host: localhost
|
|
port: 5432
|
|
cp_min: 5
|
|
cp_max: 10
|
|
log_config: "/etc/synapse/example.com.log.config"
|
|
media_store_path: /mnt/drive/synapse/media
|
|
registration_shared_secret: "[THIS WILL AUTO GENERATE]"
|
|
enable_registration: true
|
|
registration_requires_token: true
|
|
enable_registration_without_verification: false
|
|
url_previews_enabled: true
|
|
#url_preview_ip_range_blacklist:
|
|
# - '127.0.0.0/8'
|
|
# - '10.0.0.0/8'
|
|
limit_remote_rooms:
|
|
enabled: true
|
|
complexity: 0.5
|
|
complexity_error: "Error: CPU_MELTER_DETECTED"
|
|
admins_can_join: false
|
|
auto_join_rooms:
|
|
- "#any_room_name:[example.com]"
|
|
serve_server_wellknown: true
|
|
report_stats: false
|
|
macaroon_secret_key: "[THIS WILL AUTO GENERATE]"
|
|
form_secret: "[THIS WILL AUTO GENERATE]"
|
|
signing_key_path: "/etc/synapse/example.com.signing.key"
|
|
#trusted_key_servers:
|
|
# - server_name: "matrix.org"
|
|
retention:
|
|
enabled: true
|
|
default_policy:
|
|
min_lifetime: 1d
|
|
max_lifetime: 4w
|
|
allowed_lifetime_min: 1d
|
|
allowed_lifetime_max: 5w
|
|
purge_jobs:
|
|
- longest_max_lifetime: 30d
|
|
interval: 7d
|
|
- shortest_max_lifetime: 3d
|
|
interval: 1d
|
|
encryption_enabled_by_default_for_room_type: all
|
|
redaction_retention_period: 1m
|
|
user_ips_max_age: 1d
|
|
|
|
|
|
########################### PERSONAL NOTES ######################################
|
|
##### PostgreSQL Instructions: #####
|
|
# 1A) You need to make a PostgreSQL database with the Synapse install instructions.
|
|
# 1B) User = synapse, password = "what you want"
|
|
# 1C) Data Directory for PostgreSQL is IMPORTANT. Go into PostgreSQL config and remap the data location to a large drive, NOT YOUR OPERATING SYSTEM DRIVE.
|
|
# 1D) The standard port is 5432, but it can be changed. Keep on `localhost` as there is less attack area for PostgreSQL if it isn't exposed to the internet.
|
|
# 1E) Make sure to prevent updates on postgres in your package manager config file. Major updates will bork the server (e.g. v14 -> v15)
|
|
|
|
##### Running as Daemon, and Detecting Server in Browser: #####
|
|
# 1) You don't need to touch the systemd [Service] thing like from some blog advice.
|
|
# 2) Connection success with local numerical IP instead of using "localhost" for address.
|
|
|
|
|
|
##### Namecheap, or other Registrar Instruction: #####
|
|
#| _matrix-identity | _tcp | 0 | 10 | 443 | example.com |
|
|
# Make "A+DDNS Records" in the namecheap Advanced DNS section for `matrix` `identity` and the normal `example.com` base
|
|
|
|
|
|
##### DDCLIENT Instructions: #####
|
|
# 1) Type in the config for ddclient to pick up the `matrix` `identity` and normal example.com (symbols = *,@) [EXAMPLE BELOW]
|
|
# 2) Command `ddclient` in the CLI, it will run to pick up the `*, @, identity, matrix, www` information you put in the
|
|
## ddclient configuration file.
|
|
|
|
##### Misc Notes and Additions: #####
|
|
# 1) Fix retention policies to be monthly cleaning.
|
|
# 2) Added encryption for all newly made rooms
|
|
# 3) Token and Standard "enable_registration" types.
|
|
# 4) Type in the `serve_Server_wellknown`, Caddy will use this for federation.
|
|
# You don't need to make any files, it's just automatic.
|
|
# 5) Remove truste_key_server from the config because you don't need it.
|
|
# 6) You don't need to blacklist IPs for URL preview, but do it if you have issues.
|
|
# 7) You don't need port 8448 operating for Matrix to federate.
|
|
# 8) Limited the room complexity to prevent CPU from melting (100% usage). At measurement 0.5 for complexity,
|
|
# you can't join rooms with around 3,000 people or larger. I cannot find the boundaries or range of the room
|
|
# participants correlating with the arbitrary complexity number. You can override your complexity filter to allow
|
|
# admins to enter any room
|
|
# 9A) Add registration token because you can leave registration enabled for inviting frens, but normies can't answer.
|
|
# Just give your frens the token you generate from the `synapse_admin` package.
|
|
# 9B) (link: https://github.com/Awesome-Technologies/synapse-admin),
|
|
# I used the docker instructions since docker-compose is an easy deployment.
|
|
# 10) Add custom retention time for redaction_retention_period to 1 minute
|
|
# 11) Add custom retention time for user_ips_max_age to 1 day.
|
|
# 12) Add auto-join the general chat.
|
|
########################### PERSONAL NOTES ######################################
|
|
|
|
```
|
|
|
|
## The Caddyfile for Synapse to work with federation:
|
|
## [NOTE]: Even though you're not using port 8448 for federation,
|
|
## and just 8008, you must put a reverse proxy into the Caddyfile
|
|
## so when port 8448 requests come through, they can forward to the
|
|
## port 8008 address as shown below.
|
|
|
|
## [NOTE]: If you are setting something up for the first time,
|
|
## port forward 443 and 80 on your router firewall, or virtual server (naming schemes vary),
|
|
## no other ports need to be open for operation. Port 80 is for HTTP and port 443 is for HTTPS.
|
|
|
|
## A reverse proxy works by monitoring the connections through the 443 and 80 ports,
|
|
## then redirects the requests to their configured destination which you typed in the Caddyfile config.
|
|
|
|
###################### See Caddyfile in repo ######################
|
|
|
|
###################### See ddclient in repo #######################
|
|
|