[GUIDE] Matrix-Synapse w/ postgres DB (chat server) + Element (web client) + Coturn (voice)


Recommended Posts

A couple weeks ago I stumbled on this guide and decided to give it a go. Unfortunately much of it is outdated, and it took a lot of searching, troubleshooting, and help from @PSYCHOPATHiO to fill in the gaps. After hitting what feels like every possible snag I finally got it all working and wanted to share what I've learned. This guide doesn't include video chat, but it will give you a matrix server with an improved postgresql database, element web app, and voice chat.

 

This guide will be assuming you already have swag setup (or know your way around an equivalent like nginx proxy manager).

 

-------------------------------------------------------

DNS Setup:

-------------------------------------------------------

• Create a CNAME record pointed to your unraid server.

• I'll be using the "chat" subdomain in this guide but you can use what you'd like.

 

firefox_ZfpS8nG8GG.thumb.png.89208835b633fb8d7dc35053e77b3ab4.png

 

(If you're on Cloudflare and want federation "Proxy status" has to be toggled to "DNS only". It works internally with a proxy but I couldn't communicate with other matrix servers).

 

• Create an SRV record for the service _matrix targeted at your subdomain like so:

image.thumb.png.d35403ccb2ec7c910471a485c6bdc84d.png

 

• Create a CNAME record for element pointed to your unraid server:

 

firefox_DgoJ2Mgu61.thumb.png.c6f1ce810d3f5aee7ca06bb9fcaed08e.png

 

-------------------------------------------------------

Swag (proxy) Setup

-------------------------------------------------------

Navigate to /appdata/swag/nginx/proxy-confs and create the following configs:

 

element-web.subdomain.conf

 server {
       listen 443 ssl;
       server_name element.*;
       include /config/nginx/ssl.conf;
       client_max_body_size 0;

       location / {
               include /config/nginx/proxy.conf;
               resolver 127.0.0.11 valid=30s;
               set $upstream_app element-web;
               set $upstream_port 80;
               set $upstream_proto http;
               proxy_pass $upstream_proto://$upstream_app:$upstream_port;
       }
}

 

matrix.subdomain.conf

server {

    listen 443 ssl;
    listen [::]:443 ssl;

    server_name chat.*;
    include /config/nginx/ssl.conf;
    client_max_body_size 32M;

    location / {

        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app UNRAIDSERVERIP;
        set $upstream_port 8008;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
    }
	
   location ^~ /_matrix {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app UNRAIDSERVERIP;
        set $upstream_port 8008;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
    }
 
    location ^~ /.well-known/matrix/server  {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app UNRAIDSERVERIP;
        set $upstream_port 8008;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
    }
    
    location ^~ /.well-known/matrix/client  {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app UNRAIDSERVERIP;
        set $upstream_port 8008;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
    }
}

• Change UNRAIDSERVERIP to your unraid IP in all 4 spots above.

 

-------------------------------------------------------

Postgres Database Setup:

-------------------------------------------------------

Matrix defaults to an SQLite database, but performance is better with postgres. Before installing matrix we'll prepare a database.

 

• Search CA for "postgres" and install postgresql14 from jj9987.

 

• Set a superuser password and leave the rest on default.

firefox_nx3KGHwxJS.thumb.png.890d1d072595ae0391bb15d532a85313.png

 

• After installing open the console and enter the following commands to set a password for the default postgres user:
 

su

passwd postgres

 

Now exit out of su (type: "exit") and login (type: "login") as the user postgres with the password you just created.

 

Now we're going to create a superuser in the maintenance database named "matrix" in psql by running the following commands:
 

psql

CREATE USER matrix SUPERUSER PASSWORD 'passwordstring';


(replace passwordstring with your own password but leave the quotes)

 

 

Now that we have a database superuser setup lets install pgadmin4 to make administration easier. Search CA for pgadmin4 and grab the one from FoxxMD. Enter an email/password into the template - email doesn't need to be functional it's just serving as a username.

 

firefox_g8tJSNuQlY.thumb.png.ab70b2f4c83f2162a077d9cfc6334e8e.png

 

(It can take a minute to load after install so be patient with it.)

 

• Login to pgadmin with the the email/password you just set.

 

• Select Add New Server and give it a name (I used my unraid server name)

 

• Go to the Connections tab and specify your unraid server IP in the host field.

• Enter the database user matrix and passwordstring that you created above in psql.

 

firefox_I6LVSnx5MB.png.6b563d499092e99ce522274d53214ed6.png

 

• Click Save and you should see your server pop up on the list to the left. Right click it and select Create > Database

 

• Give the database a name (I named it matrix) and go to the Definition tab. Set everything just like this:

 

firefox_uZyqly5ksB.png.fae63adb277e1ccd7d5b92777b34eeae.png

 

• Click Save and you should see the database show up on the left.

 

Now that we have a database ready to go its time to actually install matrix.

 

-------------------------------------------------------

Matrix Setup:

-------------------------------------------------------

• Go to CA and Install matrix from A75G.

• Set "Network Type" to your custom proxy network.

• Set "Server Name" to chat.yourdomain.com

 

Leave the rest on default and install.

 

Navigate to \appdata\matrix and edit the homeserver.yaml file to this:

 

server_name: "chat.yourdomain.com"
pid_file: /data/homeserver.pid
web_client_location: https://element.yourdomain.com
public_baseurl: https://chat.yourdomain.com
listeners:
  - port: 8008
    tls: false
    type: http
    x_forwarded: true
    bind_addresses: ['0.0.0.0']
    resources:
      - names: [client,federation]
        compress: false
database:
  name: psycopg2
  args:
    user: matrix
    password: "PASSWORDSTRING"
    database: matrix
    host: UNRAIDSERVERIP
    port: 5432
    cp_min: 5
    cp_max: 10
log_config: "/data/chat.yourdomain.com.log.config"
media_store_path: "/data/media_store"
suppress_key_server_warning: true
report_stats: false
macaroon_secret_key: "KEY1"
form_secret: "KEY2"
signing_key_path: "/data/chat.yourdomain.com.signing.key"
serve_server_wellknown: true
trusted_key_servers:
  - server_name: "matrix.org"

 ## TURN ##
# The public URIs of the TURN server to give to clients
turn_uris: ["turn:chat.yourdomain.com:3478?transport=udp",  "turn:chat.yourdomain.com:3478?transport=tcp"] 

# The shared secret used to compute passwords for the TURN server
turn_shared_secret: "KEY3" 

# New User Registration
registration_shared_secret: "KEY4"

# vim:ft=yaml

 

• Replace yourdomain.com with your own in all spots

• Change PASSWORDSTRING to your psql matrix user password

• Change UNRAIDSERVERIP to your host IP.

 

If you used something other than "matrix" for the database name/user then adjust accordingly.

 

Open a terminal window and paste the following command:

cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1

This will give you a random string. Copy it and replace the macaroon_secret_key with it.

Repeat this process for the form_secret, turn_shared_secret, and registration_shared_secret. Restart the matrix docker to apply changes.

 

Now its time to create your first matrix user. Open the console again and paste the command:

register_new_matrix_user http://localhost:8008 -c /data/homeserver.yaml

Follow the prompts to create your matrix admin user.

 

You should now have a functional matrix server. Feel free to log in and try it out. Visit https://federationtester.matrix.org/ to test federation.

 

Also I recommend installing synapse-admin from A75G in CA for easier administration. (Install with all defaults and login with the admin user you just created above).

 

-------------------------------------------------------

Element Setup:

-------------------------------------------------------

First we need to manually create the config path and pull in the default config.

 

• Open the unraid terminal and run the command:

mkdir -p /mnt/user/appdata/element-web/config

• Then download the default config by running:

wget -O /mnt/user/appdata/element-web/config/config.json https://raw.githubusercontent.com/vector-im/element-web/develop/element.io/app/config.json

• In CA search for element-web by vectorim
• Set the "Network Type" to your custom proxy.
• Install

• Navigate to /appdata/element-web/config and edit config.json

• Change "default_server_name" to chat.yourdomain.com

• And add chat.yourdomain.com under "roomDirectory" like so:

267437655_notepad_9y4JP5hDig.png.fb7a4cda8dccd591e7a9d3f76ebe2b94.png

• Save and restart element.

 

Visit element.yourdomain.com and test that it works. (chat.yourdomain.com should also redirect to it).

 

-------------------------------------------------------

Coturn Setup:

-------------------------------------------------------

• Search for coturn by xthursdayx on CA.

• Change Network Type to "Custom: br0" and give it its own static IP on your LAN

• Delete all ports from template except 3478 TCP & UDP.
firefox_qL6jGLQUWT.thumb.png.81f86e6e39ab9403de4449f69c56301e.png

• Install

 

Next go to your firewall settings and forward the following ports:

 

WAN UDP 3478 -> coturn static ip

WAN UDP range 49152:49172 -> coturn static ip

 

And lastly we have to edit our coturn settings. Navigate to /appdata/coturn and edit turnserver.conf so it looks like this:

listening-port=3478
listening-ip=0.0.0.0
external-ip=COTURNIP
min-port=49152
max-port=49172

lt-cred-mech
use-auth-secret
static-auth-secret=TURN_SHARED_SECRET

total-quota=100
stale-nonce=600

realm=chat.yourdomain.com
server-name=chat.yourdomain.com

• Change COTURNIP to the static IP you gave the coturn docker

• Change TURN_SHARED_SECRET to the key you generated for that field in your homeserver.yaml file above.

• Change realm and server-name to your subdomain.

 

That's it. We're finally done. Make sure to restart coturn to apply your settings and then give it a try.

 

(https://icetest.info/ is a great TURN troubleshooting tool if you have issues).

 

----------------------------------------------------------------------------------------------------------------------------------------------------

 

Hopefully if you've correctly followed all these steps you now have a fully functional matrix server with a few bells and whistles.

 

This is what worked for me but I'm sure there's more elegant ways to do parts of this. I really struggled to get to this point and I AM NO EXPERT. I'm sure there's room for improvement so let me know if anything should be changed. I will do my best to keep it updated and implement suggested changes/improvements.

 

Shoutout to @yinzer for the original guide and @HojojojoWololo for his supplemental post!

And a huge thank you to @PSYCHOPATHiO for all of his help! I never would have gotten all this working without him. He runs a support channel at #support:sykorp.com that was invaluable to me - If you have trouble feel free to drop in and we'll try to help.

 

Edited by Gazeley
revised DNS step, added registration_shared_secret
  • Like 2
Link to comment

For any further server customization you need to look at the official default homeserver.yaml config file where you can choose what you want to change from the default setting included in the generated homeserver.yaml file.

 

https://matrix-org.github.io/synapse/v1.37/usage/configuration/homeserver_sample_config.html

 

for users interested in integrating LDAP here is the format:

 

password_providers:
 - module: "ldap_auth_provider.LdapAuthProvider"
   config:
     enabled: true
     mode: "search"     
     uri: "ldap://domain:389"
     start_tls: false
     base: "OU=home,DC=example,dc=com"
     attributes:
        uid: "saMAccountName"
        mail: "mail"
        name: "givenName"
     bind_dn: "cn=ldap,cn=Users,dc=example,dc=com"
     bind_password: "password"
     #filter: "(objectClass=posixAccount)"

 

Edited by PSYCHOPATHiO
Link to comment
  • 1 month later...
On 9/1/2022 at 8:50 PM, Gazeley said:

A couple weeks ago I stumbled on this guide and decided to give it a go. Unfortunately much of it is outdated, and it took a lot of searching, troubleshooting, and help from @PSYCHOPATHiO to fill in the gaps. After hitting what feels like every possible snag I finally got it all working and wanted to share what I've learned. This guide doesn't include video chat, but it will give you a matrix server with an improved postgresql database, element web app, and voice chat.

 

This guide will be assuming you already have swag setup (or know your way around an equivalent like nginx proxy manager).

 

-------------------------------------------------------

DNS Setup:

-------------------------------------------------------

• Create a CNAME record pointed to your unraid server.

• I'll be using the "chat" subdomain in this guide but you can use what you'd like.

 

firefox_ZfpS8nG8GG.thumb.png.89208835b633fb8d7dc35053e77b3ab4.png

 

(If you're on Cloudflare and want federation "Proxy status" has to be toggled to "DNS only". It works internally with a proxy but I couldn't communicate with other matrix servers).

 

• Create an SRV record for the service _matrix targeted at your subdomain like so:

image.thumb.png.d35403ccb2ec7c910471a485c6bdc84d.png

 

• Create a CNAME record for element pointed to your unraid server:

 

firefox_DgoJ2Mgu61.thumb.png.c6f1ce810d3f5aee7ca06bb9fcaed08e.png

 

-------------------------------------------------------

Swag (proxy) Setup

-------------------------------------------------------

Navigate to /appdata/swag/nginx/proxy-confs and create the following configs:

 

element-web.subdomain.conf

 server {
       listen 443 ssl;
       server_name element.*;
       include /config/nginx/ssl.conf;
       client_max_body_size 0;

       location / {
               include /config/nginx/proxy.conf;
               resolver 127.0.0.11 valid=30s;
               set $upstream_app element-web;
               set $upstream_port 80;
               set $upstream_proto http;
               proxy_pass $upstream_proto://$upstream_app:$upstream_port;
       }
}

 

matrix.subdomain.conf

server {

    listen 443 ssl;
    listen [::]:443 ssl;

    server_name chat.*;
    include /config/nginx/ssl.conf;
    client_max_body_size 32M;

    location / {

        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app UNRAIDSERVERIP;
        set $upstream_port 8008;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
    }
	
   location ^~ /_matrix {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app UNRAIDSERVERIP;
        set $upstream_port 8008;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
    }
 
    location ^~ /.well-known/matrix/server  {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app UNRAIDSERVERIP;
        set $upstream_port 8008;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
    }
    
    location ^~ /.well-known/matrix/client  {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app UNRAIDSERVERIP;
        set $upstream_port 8008;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
    }
}

• Change UNRAIDSERVERIP to your unraid IP in all 4 spots above.

 

-------------------------------------------------------

Postgres Database Setup:

-------------------------------------------------------

Matrix defaults to an SQLite database, but performance is better with postgres. Before installing matrix we'll prepare a database.

 

• Search CA for "postgres" and install postgresql14 from jj9987.

 

• Set a superuser password and leave the rest on default.

firefox_nx3KGHwxJS.thumb.png.890d1d072595ae0391bb15d532a85313.png

 

• After installing open the console and enter the following commands to set a password for the default postgres user:
 

su

passwd postgres

 

Now exit out of su (type: "exit") and login (type: "login") as the user postgres with the password you just created.

 

Now we're going to create a superuser in the maintenance database named "matrix" in psql by running the following commands:
 

psql

CREATE USER matrix SUPERUSER PASSWORD 'passwordstring';


(replace passwordstring with your own password but leave the quotes)

 

 

Now that we have a database superuser setup lets install pgadmin4 to make administration easier. Search CA for pgadmin4 and grab the one from FoxxMD. Enter an email/password into the template - email doesn't need to be functional it's just serving as a username.

 

firefox_g8tJSNuQlY.thumb.png.ab70b2f4c83f2162a077d9cfc6334e8e.png

 

(It can take a minute to load after install so be patient with it.)

 

• Login to pgadmin with the the email/password you just set.

 

• Select Add New Server and give it a name (I used my unraid server name)

 

• Go to the Connections tab and specify your unraid server IP in the host field.

• Enter the database user matrix and passwordstring that you created above in psql.

 

firefox_I6LVSnx5MB.png.6b563d499092e99ce522274d53214ed6.png

 

• Click Save and you should see your server pop up on the list to the left. Right click it and select Create > Database

 

• Give the database a name (I named it matrix) and go to the Definition tab. Set everything just like this:

 

firefox_uZyqly5ksB.png.fae63adb277e1ccd7d5b92777b34eeae.png

 

• Click Save and you should see the database show up on the left.

 

Now that we have a database ready to go its time to actually install matrix.

 

-------------------------------------------------------

Matrix Setup:

-------------------------------------------------------

• Go to CA and Install matrix from A75G.

• Set "Network Type" to your custom proxy network.

• Set "Server Name" to chat.yourdomain.com

 

Leave the rest on default and install.

 

Navigate to \appdata\matrix and edit the homeserver.yaml file to this:

 

server_name: "chat.yourdomain.com"
pid_file: /data/homeserver.pid
web_client_location: https://element.yourdomain.com
public_baseurl: https://chat.yourdomain.com
listeners:
  - port: 8008
    tls: false
    type: http
    x_forwarded: true
    bind_addresses: ['0.0.0.0']
    resources:
      - names: [client,federation]
        compress: false
database:
  name: psycopg2
  args:
    user: matrix
    password: "PASSWORDSTRING"
    database: matrix
    host: UNRAIDSERVERIP
    port: 5432
    cp_min: 5
    cp_max: 10
log_config: "/data/chat.yourdomain.com.log.config"
media_store_path: "/data/media_store"
suppress_key_server_warning: true
report_stats: false
macaroon_secret_key: "KEY1"
form_secret: "KEY2"
signing_key_path: "/data/chat.yourdomain.com.signing.key"
serve_server_wellknown: true
trusted_key_servers:
  - server_name: "matrix.org"

 ## TURN ##
# The public URIs of the TURN server to give to clients
turn_uris: ["turn:chat.yourdomain.com:3478?transport=udp",  "turn:chat.yourdomain.com:3478?transport=tcp"] 

# The shared secret used to compute passwords for the TURN server
turn_shared_secret: "KEY3" 

# vim:ft=yaml

 

• Replace yourdomain.com with your own in all spots

• Change PASSWORDSTRING to your psql matrix user password

• Change UNRAIDSERVERIP to your host IP.

 

If you used something other than "matrix" for the database name/user then adjust accordingly.

 

Open a terminal window and paste the following command:

cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1

This will give you a random string. Copy it and replace the macaroon_secret_key with it. Repeat this process for the form_secret and turn_shared_secret. Restart the matrix docker to apply changes.

 

Now its time to create your first matrix user. Open the console again and paste the command:

register_new_matrix_user http://localhost:8008 -c /data/homeserver.yaml

Follow the prompts to create your matrix admin user.

 

You should now have a functional matrix server. Feel free to log in and try it out. Visit https://federationtester.matrix.org/ to test federation.

 

Also I recommend installing synapse-admin from A75G in CA for easier administration. (Install with all defaults and login with the admin user you just created above).

 

-------------------------------------------------------

Element Setup:

-------------------------------------------------------

First we need to manually create the config path and pull in the default config.

 

• Open the unraid terminal and run the command:

mkdir -p /mnt/user/appdata/element-web/config

• Then download the default config by running:

wget -O /mnt/user/appdata/element-web/config/config.json https://raw.githubusercontent.com/vector-im/element-web/develop/element.io/app/config.json

• In CA search for element-web by vectorim
• Set the "Network Type" to your custom proxy.
• Install

• Navigate to /appdata/element-web/config and edit config.json

• Change "default_server_name" to chat.yourdomain.com

• And add chat.yourdomain.com under "roomDirectory" like so:

267437655_notepad_9y4JP5hDig.png.fb7a4cda8dccd591e7a9d3f76ebe2b94.png

• Save and restart element.

 

Visit element.yourdomain.com and test that it works. (chat.yourdomain.com should also redirect to it).

 

-------------------------------------------------------

Coturn Setup:

-------------------------------------------------------

• Search for coturn by xthursdayx on CA.

• Change Network Type to "Custom: br0" and give it its own static IP on your LAN

• Delete all ports from template except 3478 TCP & UDP.
firefox_qL6jGLQUWT.thumb.png.81f86e6e39ab9403de4449f69c56301e.png

• Install

 

Next go to your firewall settings and forward the following ports:

 

WAN UDP 3478 -> coturn static ip

WAN UDP range 49152:49172 -> coturn static ip

 

And lastly we have to edit our coturn settings. Navigate to /appdata/coturn and edit turnserver.conf so it looks like this:

listening-port=3478
listening-ip=0.0.0.0
external-ip=COTURNIP
min-port=49152
max-port=49172

lt-cred-mech
use-auth-secret
static-auth-secret=TURN_SHARED_SECRET

total-quota=100
stale-nonce=600

realm=chat.yourdomain.com
server-name=chat.yourdomain.com

• Change COTURNIP to the static IP you gave the coturn docker

• Change TURN_SHARED_SECRET to the key you generated for that field in your homeserver.yaml file above.

• Change realm and server-name to your subdomain.

 

That's it. We're finally done. Make sure to restart coturn to apply your settings and then give it a try.

 

(https://icetest.info/ is a great TURN troubleshooting tool if you have issues).

 

----------------------------------------------------------------------------------------------------------------------------------------------------

 

Hopefully if you've correctly followed all these steps you now have a fully functional matrix server with a few bells and whistles.

 

This is what worked for me but I'm sure there's more elegant ways to do parts of this. I really struggled to get to this point and I AM NO EXPERT. I'm sure there's room for improvement so let me know if anything should be changed. I will do my best to keep it updated and implement suggested changes/improvements.

 

Shoutout to @yinzer for the original guide and @HojojojoWololo for his supplemental post!

And a huge thank you to @PSYCHOPATHiO for all of his help! I never would have gotten all this working without him. He runs a support channel at #support:sykorp.com that was invaluable to me - If you have trouble feel free to drop in and we'll try to help.

 

Can I use NPM or dose it have to be swag and can I add the same congregation file to NPM? Thank you

Link to comment
On 9/1/2022 at 8:50 PM, Gazeley said:

A couple weeks ago I stumbled on this guide and decided to give it a go. Unfortunately much of it is outdated, and it took a lot of searching, troubleshooting, and help from @PSYCHOPATHiO to fill in the gaps. After hitting what feels like every possible snag I finally got it all working and wanted to share what I've learned. This guide doesn't include video chat, but it will give you a matrix server with an improved postgresql database, element web app, and voice chat.

 

This guide will be assuming you already have swag setup (or know your way around an equivalent like nginx proxy manager).

 

-------------------------------------------------------

DNS Setup:

-------------------------------------------------------

• Create a CNAME record pointed to your unraid server.

• I'll be using the "chat" subdomain in this guide but you can use what you'd like.

 

firefox_ZfpS8nG8GG.thumb.png.89208835b633fb8d7dc35053e77b3ab4.png

 

(If you're on Cloudflare and want federation "Proxy status" has to be toggled to "DNS only". It works internally with a proxy but I couldn't communicate with other matrix servers).

 

• Create an SRV record for the service _matrix targeted at your subdomain like so:

image.thumb.png.d35403ccb2ec7c910471a485c6bdc84d.png

 

• Create a CNAME record for element pointed to your unraid server:

 

firefox_DgoJ2Mgu61.thumb.png.c6f1ce810d3f5aee7ca06bb9fcaed08e.png

 

-------------------------------------------------------

Swag (proxy) Setup

-------------------------------------------------------

Navigate to /appdata/swag/nginx/proxy-confs and create the following configs:

 

element-web.subdomain.conf

 server {
       listen 443 ssl;
       server_name element.*;
       include /config/nginx/ssl.conf;
       client_max_body_size 0;

       location / {
               include /config/nginx/proxy.conf;
               resolver 127.0.0.11 valid=30s;
               set $upstream_app element-web;
               set $upstream_port 80;
               set $upstream_proto http;
               proxy_pass $upstream_proto://$upstream_app:$upstream_port;
       }
}

 

matrix.subdomain.conf

server {

    listen 443 ssl;
    listen [::]:443 ssl;

    server_name chat.*;
    include /config/nginx/ssl.conf;
    client_max_body_size 32M;

    location / {

        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app UNRAIDSERVERIP;
        set $upstream_port 8008;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
    }
	
   location ^~ /_matrix {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app UNRAIDSERVERIP;
        set $upstream_port 8008;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
    }
 
    location ^~ /.well-known/matrix/server  {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app UNRAIDSERVERIP;
        set $upstream_port 8008;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
    }
    
    location ^~ /.well-known/matrix/client  {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app UNRAIDSERVERIP;
        set $upstream_port 8008;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
    }
}

• Change UNRAIDSERVERIP to your unraid IP in all 4 spots above.

 

-------------------------------------------------------

Postgres Database Setup:

-------------------------------------------------------

Matrix defaults to an SQLite database, but performance is better with postgres. Before installing matrix we'll prepare a database.

 

• Search CA for "postgres" and install postgresql14 from jj9987.

 

• Set a superuser password and leave the rest on default.

firefox_nx3KGHwxJS.thumb.png.890d1d072595ae0391bb15d532a85313.png

 

• After installing open the console and enter the following commands to set a password for the default postgres user:
 

su

passwd postgres

 

Now exit out of su (type: "exit") and login (type: "login") as the user postgres with the password you just created.

 

Now we're going to create a superuser in the maintenance database named "matrix" in psql by running the following commands:
 

psql

CREATE USER matrix SUPERUSER PASSWORD 'passwordstring';


(replace passwordstring with your own password but leave the quotes)

 

 

Now that we have a database superuser setup lets install pgadmin4 to make administration easier. Search CA for pgadmin4 and grab the one from FoxxMD. Enter an email/password into the template - email doesn't need to be functional it's just serving as a username.

 

firefox_g8tJSNuQlY.thumb.png.ab70b2f4c83f2162a077d9cfc6334e8e.png

 

(It can take a minute to load after install so be patient with it.)

 

• Login to pgadmin with the the email/password you just set.

 

• Select Add New Server and give it a name (I used my unraid server name)

 

• Go to the Connections tab and specify your unraid server IP in the host field.

• Enter the database user matrix and passwordstring that you created above in psql.

 

firefox_I6LVSnx5MB.png.6b563d499092e99ce522274d53214ed6.png

 

• Click Save and you should see your server pop up on the list to the left. Right click it and select Create > Database

 

• Give the database a name (I named it matrix) and go to the Definition tab. Set everything just like this:

 

firefox_uZyqly5ksB.png.fae63adb277e1ccd7d5b92777b34eeae.png

 

• Click Save and you should see the database show up on the left.

 

Now that we have a database ready to go its time to actually install matrix.

 

-------------------------------------------------------

Matrix Setup:

-------------------------------------------------------

• Go to CA and Install matrix from A75G.

• Set "Network Type" to your custom proxy network.

• Set "Server Name" to chat.yourdomain.com

 

Leave the rest on default and install.

 

Navigate to \appdata\matrix and edit the homeserver.yaml file to this:

 

server_name: "chat.yourdomain.com"
pid_file: /data/homeserver.pid
web_client_location: https://element.yourdomain.com
public_baseurl: https://chat.yourdomain.com
listeners:
  - port: 8008
    tls: false
    type: http
    x_forwarded: true
    bind_addresses: ['0.0.0.0']
    resources:
      - names: [client,federation]
        compress: false
database:
  name: psycopg2
  args:
    user: matrix
    password: "PASSWORDSTRING"
    database: matrix
    host: UNRAIDSERVERIP
    port: 5432
    cp_min: 5
    cp_max: 10
log_config: "/data/chat.yourdomain.com.log.config"
media_store_path: "/data/media_store"
suppress_key_server_warning: true
report_stats: false
macaroon_secret_key: "KEY1"
form_secret: "KEY2"
signing_key_path: "/data/chat.yourdomain.com.signing.key"
serve_server_wellknown: true
trusted_key_servers:
  - server_name: "matrix.org"

 ## TURN ##
# The public URIs of the TURN server to give to clients
turn_uris: ["turn:chat.yourdomain.com:3478?transport=udp",  "turn:chat.yourdomain.com:3478?transport=tcp"] 

# The shared secret used to compute passwords for the TURN server
turn_shared_secret: "KEY3" 

# vim:ft=yaml

 

• Replace yourdomain.com with your own in all spots

• Change PASSWORDSTRING to your psql matrix user password

• Change UNRAIDSERVERIP to your host IP.

 

If you used something other than "matrix" for the database name/user then adjust accordingly.

 

Open a terminal window and paste the following command:

cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1

This will give you a random string. Copy it and replace the macaroon_secret_key with it. Repeat this process for the form_secret and turn_shared_secret. Restart the matrix docker to apply changes.

 

Now its time to create your first matrix user. Open the console again and paste the command:

register_new_matrix_user http://localhost:8008 -c /data/homeserver.yaml

Follow the prompts to create your matrix admin user.

 

You should now have a functional matrix server. Feel free to log in and try it out. Visit https://federationtester.matrix.org/ to test federation.

 

Also I recommend installing synapse-admin from A75G in CA for easier administration. (Install with all defaults and login with the admin user you just created above).

 

-------------------------------------------------------

Element Setup:

-------------------------------------------------------

First we need to manually create the config path and pull in the default config.

 

• Open the unraid terminal and run the command:

mkdir -p /mnt/user/appdata/element-web/config

• Then download the default config by running:

wget -O /mnt/user/appdata/element-web/config/config.json https://raw.githubusercontent.com/vector-im/element-web/develop/element.io/app/config.json

• In CA search for element-web by vectorim
• Set the "Network Type" to your custom proxy.
• Install

• Navigate to /appdata/element-web/config and edit config.json

• Change "default_server_name" to chat.yourdomain.com

• And add chat.yourdomain.com under "roomDirectory" like so:

267437655_notepad_9y4JP5hDig.png.fb7a4cda8dccd591e7a9d3f76ebe2b94.png

• Save and restart element.

 

Visit element.yourdomain.com and test that it works. (chat.yourdomain.com should also redirect to it).

 

-------------------------------------------------------

Coturn Setup:

-------------------------------------------------------

• Search for coturn by xthursdayx on CA.

• Change Network Type to "Custom: br0" and give it its own static IP on your LAN

• Delete all ports from template except 3478 TCP & UDP.
firefox_qL6jGLQUWT.thumb.png.81f86e6e39ab9403de4449f69c56301e.png

• Install

 

Next go to your firewall settings and forward the following ports:

 

WAN UDP 3478 -> coturn static ip

WAN UDP range 49152:49172 -> coturn static ip

 

And lastly we have to edit our coturn settings. Navigate to /appdata/coturn and edit turnserver.conf so it looks like this:

listening-port=3478
listening-ip=0.0.0.0
external-ip=COTURNIP
min-port=49152
max-port=49172

lt-cred-mech
use-auth-secret
static-auth-secret=TURN_SHARED_SECRET

total-quota=100
stale-nonce=600

realm=chat.yourdomain.com
server-name=chat.yourdomain.com

• Change COTURNIP to the static IP you gave the coturn docker

• Change TURN_SHARED_SECRET to the key you generated for that field in your homeserver.yaml file above.

• Change realm and server-name to your subdomain.

 

That's it. We're finally done. Make sure to restart coturn to apply your settings and then give it a try.

 

(https://icetest.info/ is a great TURN troubleshooting tool if you have issues).

 

----------------------------------------------------------------------------------------------------------------------------------------------------

 

Hopefully if you've correctly followed all these steps you now have a fully functional matrix server with a few bells and whistles.

 

This is what worked for me but I'm sure there's more elegant ways to do parts of this. I really struggled to get to this point and I AM NO EXPERT. I'm sure there's room for improvement so let me know if anything should be changed. I will do my best to keep it updated and implement suggested changes/improvements.

 

Shoutout to @yinzer for the original guide and @HojojojoWololo for his supplemental post!

And a huge thank you to @PSYCHOPATHiO for all of his help! I never would have gotten all this working without him. He runs a support channel at #support:sykorp.com that was invaluable to me - If you have trouble feel free to drop in and we'll try to help.

 

What about caddy2 or Apache.

Followed every step would not work I have NPM not swag. 

Link to comment
10 minutes ago, Tweak91 said:

Not sure I read you could use caddy but didn't try 

I found this https://github.com/matrix-org/synapse/blob/develop/docs/reverse_proxy.md

 

CADDY v2

matrix.example.com {
  reverse_proxy /_matrix/* localhost:8008
  reverse_proxy /_synapse/client/* localhost:8008
}

example.com:8448 {
  reverse_proxy localhost:8008
}

Delegation example:

example.com {
	header /.well-known/matrix/* Content-Type application/json
	header /.well-known/matrix/* Access-Control-Allow-Origin *
	respond /.well-known/matrix/server `{"m.server": "matrix.example.com:443"}`
	respond /.well-known/matrix/client `{"m.homeserver":{"base_url":"https://matrix.example.com"},"m.identity_server":{"base_url":"https://identity.example.com"}}`
}

matrix.example.com {
    reverse_proxy /_matrix/* localhost:8008
    reverse_proxy /_synapse/client/* localhost:8008
}

 

Edited by PSYCHOPATHiO
Link to comment
44 minutes ago, PSYCHOPATHiO said:

I found this https://github.com/matrix-org/synapse/blob/develop/docs/reverse_proxy.md

 

CADDY v2

matrix.example.com {
  reverse_proxy /_matrix/* localhost:8008
  reverse_proxy /_synapse/client/* localhost:8008
}

example.com:8448 {
  reverse_proxy localhost:8008
}

Delegation example:

example.com {
	header /.well-known/matrix/* Content-Type application/json
	header /.well-known/matrix/* Access-Control-Allow-Origin *
	respond /.well-known/matrix/server `{"m.server": "matrix.example.com:443"}`
	respond /.well-known/matrix/client `{"m.homeserver":{"base_url":"https://matrix.example.com"},"m.identity_server":{"base_url":"https://identity.example.com"}}`
}

matrix.example.com {
    reverse_proxy /_matrix/* localhost:8008
    reverse_proxy /_synapse/client/* localhost:8008
}

 

Everything I have is around NPM. I can’t justify changing direction now. I’ll play with it more this evening. 
 

thank you 

Link to comment
2 hours ago, PSYCHOPATHiO said:

I found this https://github.com/matrix-org/synapse/blob/develop/docs/reverse_proxy.md

 

CADDY v2

matrix.example.com {
  reverse_proxy /_matrix/* localhost:8008
  reverse_proxy /_synapse/client/* localhost:8008
}

example.com:8448 {
  reverse_proxy localhost:8008
}

Delegation example:

example.com {
	header /.well-known/matrix/* Content-Type application/json
	header /.well-known/matrix/* Access-Control-Allow-Origin *
	respond /.well-known/matrix/server `{"m.server": "matrix.example.com:443"}`
	respond /.well-known/matrix/client `{"m.homeserver":{"base_url":"https://matrix.example.com"},"m.identity_server":{"base_url":"https://identity.example.com"}}`
}

matrix.example.com {
    reverse_proxy /_matrix/* localhost:8008
    reverse_proxy /_synapse/client/* localhost:8008
}

 

I tired caddy2 once and couldn't make it work right 

Link to comment

Hi there,

 

thanks for the work and the great guide. I tried to follow it but if I open the console for the matrix synapse docker and try to create the first user I get the following error:

 

Traceback (most recent call last):
  File "/usr/local/lib/python3.10/dist-packages/urllib3/connection.py", line 174, in _new_conn
    conn = connection.create_connection(
  File "/usr/local/lib/python3.10/dist-packages/urllib3/util/connection.py", line 95, in create_connection
    raise err
  File "/usr/local/lib/python3.10/dist-packages/urllib3/util/connection.py", line 85, in create_connection
    sock.connect(sa)
ConnectionRefusedError: [Errno 111] Connection refused

 

The relevant part of my config looks like this:

 

server_name: "meine.domain.de"
pid_file: /data/homeserver.pid
web_client_location: https://element.domain.de
public_baseurl: https://meine.domaim.de
listeners:
  - port: 8008
    tls: false
    type: http
    x_forwarded: true
    bind_addresses: ['0.0.0.0']
    resources:
      - names: [client,federation]
        compress: false
database:
  name: psycopg2
  args:
    user: matrix
    password: "DBPW!"
    database: synapse
    host: UNRAID_IP
    port: 5432
    cp_min: 5
    cp_max: 10

 

Any help woul really be appreaciated. 

Link to comment
17 hours ago, Gazeley said:

@m1rc0

 

image.png.c6fe7545a2dae35b050fe29411b2345f.png

 

Did you censor that for this post or did you forget to plug in your IP here?

Just censored it. :) I got it working when starting with a fresh container. This time I used the matrix-synapse docker. Sadly the connection to the PostgreSQL DB does not work, yet.

Link to comment
  • 4 weeks later...
  • 1 month later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.