In the last year communication platforms exploded, Matrix Synapse is open source chat/video platform well worth trying. In this guide we will go through installation of Matrix Synapse on Ubuntu 20.04.
Before we begin
I will install this on VPS that has fixed public IP address, and this will be standalone installation for that VPS.
This guide assumes fresh installation with no other services on the machine. Also it assumes you already have ssh and firewall in place (we will only add ports to already enabled firewall).
Also, this guide assumes you have no databases or data on your machine. We will setup Postgres DB in this guide!
Also, I’m using my wildcard certificate, so there will be no Let’s Encrypt certificate.
Have that in mind and have a look at official Matrix Synapse documentation if you need any of the above.
To my DNS records I will add matrix.informaticar.net for the purpose of this guide.
Prerequisites
First, as always, bring your Ubuntu installation up to date.
sudo apt update
sudo apt upgrade
I will run all the commands as a local user. In screenshots I run as a root (sudo su) but I wouldn’t recommend that for a production environment. Once you are sure everything is working, execute the setup with local user, it should work with the listed commands.
Install dependencies for matrix-synapse
sudo apt install lsb-release wget apt-transport-https
We will also use matrix-synapse packages, in order to add them to Ubuntu we need to add GPG keys.
sudo wget -qO /usr/share/keyrings/matrix-org-archive-keyring.gpg https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg
sudo echo "deb [signed-by=/usr/share/keyrings/matrix-org-archive-keyring.gpg] https://packages.matrix.org/debian/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/matrix-org.list
Since we added new repo, we will need to run update again and then install matrix synapse
sudo apt update
sudo apt upgrade
sudo apt install matrix-synapse-py3
matrix-synapse-py3 package will triger synapse installation.
For a server name I will enter matrix.informaticar.net – you will enter your synapse server name in here. Official documentation recommends that you enter just your domain here – in my case that would be informaticar.net.
This one is up to you. I selected yes, to help developers.This is one of the metric with which they can keep funding for this great project.
We will now enable synapse on system boot and start it
sudo systemctl enable matrix-synapse
sudo systemctl start matrix-synapse
sudo systemctl status matrix-synapse
Good idea would be also to check if port 8008 is now listening
ss -plnt
In case your matrix service will not start (like mine didn’t want to), you will need to do following.
_________________________________________
Do these steps only if your Matrix Synapse service is not running!!
We need to go through logs of Matrix Synapse
sudo nano /var/log/matrix-synapse/homeserver.log
I found this line
twisted.internet.error.CannotListenError: Couldn't listen on ::1:8008: [Errno 99] Cannot assign requested address.
I also went on to see on which port is system listening
ss -plnt
Ok, so there is no port 8008 listening on my system.
I will need to edit homeserver.yaml file.
sudo nano /etc/matrix-synapse/homeserver.yaml
In listeners part of the homeserver.yaml file, under -port: 8008 in binding part I entered
bind_addresses: ['localhost']
instead of 127.0.0.1 that was defined there.
After that I rebooted server, and the service was working.
Ok, we are done, matrix synapse service is working, we can proceed with the setup.
____________________________________________
Ok, we will now need to generate random string which will serve as a Matrix Synapse registration secret.
cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1
You will get something like this
2lyjkU7Ybp24rWR1TBJkut65RFcXZZA
We will need this key in a bit, so make sure you write down yours or save it somewhere.
Head on to your homeserver.yaml file
sudo nano /etc/matrix-synapse/homeserver.yaml
Uncomment line registration_shared_secret and add your key between double quotes.
registration_shared_secret: "2lyjkU7Ybp24rWR1TBJkut65RFcXZZA"
Save and close file and reboot matrix synapse
sudo systemctl restart matrix-synapse
SSL Certificate
This part is pretty simple in my case, I have already wildcard certificate for my domain. Again, I’m not doing this with Let’s Encrypt certificates.
Make sure that the Matrix Synapse has rights to the part where you keep your certificate!
My certificates are located in the following directory for this guide.
public part: /etc/matrix-synapse/matrixinformaticar.crt
private part: /etc/matrix-synapse/matrixinformaticar.key
Make sure that your certificates are secure, and select secure path for your certs (which would be wise).
Default system path (in Ubuntu) for public part of the cert is /etc/ssl/certs and private part of the cert /etc/ssl/private
Letting Matrix Synapse communicate
When I was using CentOS I did this part without Nginx proxy, it worked faster for me that way. But, since I had some problems on Ubuntu without reverse proxy (for some reason my install was slow), I’m going to configure reverse proxy on Nginx.
sudo apt install nginx
We are going to create new file for our Synapse installation
sudo nano /etc/nginx/sites-available/matrix
This is what you need to copy to that file
server {
listen 80;
server_name matrix.informaticar.net;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name matrix.informaticar.net;
ssl_certificate /etc/matrix-synapse/matrixinformaticar.crt;
ssl_certificate_key /etc/matrix-synapse/matrixinformaticar.key;
location /_matrix {
proxy_pass http://localhost:8008;
proxy_set_header X-Forwarded-For $remote_addr;
# Nginx by default only allows file uploads up to 1M in size
# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
client_max_body_size 10M;
}
}
# This is used for Matrix Federation
# which is using default TCP port '8448'
server {
listen 8448 ssl;
server_name matrix.informaticar.net;
ssl_certificate /etc/matrix-synapse/matrixinformaticar.crt;
ssl_certificate_key /etc/matrix-synapse/matrixinformaticar.key;
location / {
proxy_pass http://localhost:8008;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
Next, we will enable virtual host and test it
sudo ln -s /etc/nginx/sites-available/matrix /etc/nginx/sites-enabled/
sudo nginx -t
Ok, all is good, we will now restart nginx service and enable it on boot.
sudo systemctl restart nginx
sudo systemctl enable nginx
Setting up Postgres
Instead of SQLite which is installed by default and meant only for testing purposes, I will be installing PostgreSQL and shifting to it before we start anything serious with Matrix Synapse.
To install it, type in following
sudo apt install postgresql postgresql-contrib
In next few steps I will be creating user synapseuser with password Pass, and database synapse.Feel free to name all of these as you like.
sudo -i -u postgres
psql
CREATE USER "synapseuser" WITH PASSWORD 'Pass';
CREATE DATABASE synapse ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER "synapseuser";
When you are done type \q to exit, and again exit to exit postgres user.
Next stop will be Synapse homeserver.yaml configuration.
But first, a quick installation
sudo apt install python3-psycopg2
Now, we will edit our homeserver.yaml file and replace sqlite with Postgres.
sudo nano /etc/matrix-synapse/homeserver.yaml
First, comment out part for sqlite3
#database:
# name: sqlite3
# args:
# database: /var/lib/matrix-synapse/homeserver.db
Next, uncomment following in the homeserver.yaml file, and use your synapse database name, user and password in it. One we earlier created in PostgreSQL
database:
name: psycopg2
args:
user: synapseuser
password: Pass
database: synapse
host: localhost
cp_min: 5
cp_max: 10
This is how it should look like
Save and exit.
Reboot the Matrix Synapse service
sudo systemctl restart matrix-synapse.service
Ok, that should be it, we will once again check our database settings after we create user, let’s go further now.
Firewall rules
You will probably need a few ports through your firewall.
sudo ufw allow 8448
sudo ufw allow https
Maybe you will also need (I haven’t opened http in my setup)
sudo ufw allow http
You can check your open ports by typing in
sudo ufw status
Be careful with firewall, make sure you enable it for every internet facing service, but also, be sure you let all the ports you need through it before you enable it (ssh for example).
Now, if we did everything correctly, we should now be able to connect to our Matrix Synapse server.
https://matrix.informaticar.net:8448
It is working! But we have more work to do.
We will now test our configuration by going to
https://federationtester.matrix.org
and entering only our domain name – matrix.informaticar.net
My server passed all tests, and everything got checked quickly.
Create admin account
Next step will be to create our first user account, it will be our administrative account.
register_new_matrix_user -c /etc/matrix-synapse/homeserver.yaml http://localhost:8008
You will be also asked to enter password for your user (make sure it is a strong one) and if you should make it an admin. I clicked yes for the first account.
You can now login to your account by going to the Element webiste
https://app.element.io/#/login
Under homeserver you will have to select Edit and then enter full link to your Matrix Synapse server. Enter username and password you just created to login.
Other way would be to download Element app to your pc or mobile phone and repeat this login process.
My service is ok and working, I was able to login.
While we are at this step, maybe go to the homeserver.yaml file
sudo nano /etc/matrix-synapse/homeserver.yaml
and disable new user registration (if you need it, you can enable registration, I have fixed number of users, so I disable it).
enable_registration: false
This is optional step and it depends on whether you want to allow registrations to your Matrix Synapse server or not.
Also, if you plan to use your Matrix Synapse server privately, you should consider disabling following two settings in homeserver.yaml
allow_public_rooms_without_auth: false
allow_public_rooms_over_federation: false
I did a reboot of the server after this step.
Checking if database is working properly
I’m always extremely careful when databases are in question, and I like to check things before they go into the production so I can act in time and prevent problems.
First, Synapse will put your media files in /var/lib/matrix-synapse/media folder
If you go to that folder immediately after a creation, it will be empty. So, I created room named dbtestroom and uploaded there pdf of 5.21MB in size
Ok, so I went to the terminal, and after a few commands and refreshes, local_content subfolder appeared in the media folder, and in it few other random named subfolders with the file of 5.4MB and random name. That should be it.
Ok, let’s now check if our database is getting filled with data
sudo -i -u postgres
psql
Following command will list all the databases
\l
We will select our synapse database by typing in
\c synapse
We can list all the tables in database synapse by typing in
\dt
I would be now interested to see if user I created is in table users inside Postgres.
TABLE users;
It is, so that is good, Synapse is using our Postgres DB.
Ok, let’s now list DB size by typing in following
\l+
Synapse is 14MB in size at the moment
I will copy 1MB of text I found on the internet. It takes time because you have to copy in pieces…
Ok, let’s check our synapse DB size.
It grew 1MB, so that is good
You can also check Synapse logs (I listed some of them earlier) to see if everything is ok, also you can check Postgres logs and see if everyhing is fine. At last, check Nginx logs for clues about potential issues.
You should definitely make sure everything is fine before rolling this out into production.
Update Matrix Synapse
At some point you will need to update your Matrix, this is how I done it so far
First I update Ubuntu install
sudo apt update
sudo apt upgrade
Reboot after update/upgrade.
Update command will probably show that 1 package can be upgraded.
After you run apt list –upgradable you will see that we can update our matrix synapse.
My Matrix install is located in /etc/matrix-synapse folder. Make sure you backup your homeserver.yaml file before you begin. My yaml file is located here – /etc/matrix-synapse/homeserver.yaml
After you have backup of your homeserver.yaml you can proceed- this is very important if you screw up and overwrite your homeserver.yaml – you will then again need your listener settings, database settings, registration shared secret…
sudo apt --only-upgrade install matrix-synapse-py3
You will be asked for homeserver.yaml overwrite – select N – no
After this is done, reboot your server and that should be it. You are done.
Misc Settings
If you wish to upload larger files or pictures to your Matrix Synapse install, you should set following
First, head on to homeserver.yaml file
sudo nano /etc/matrix-synapse/homeserver.yaml
Find and enable line max_upload_size: I set mine to 750M size. Define size you would like, it doesn’t have to be 750M size.
max_upload_size: 750M
Save and exit file, and reboot Matrix Synapse service
sudo systemctl restart matrix-synapse.service
Next, we need to set upload value also in Nginx (if you are using Nginx proxy)
First we will go to our matrix virtual site
sudo nano /etc/nginx/sites-available/matrix
Set client_max_body_size
client_max_body_size 750M;
Save and exit file
Next, we will need to edit nginx.conf
sudo nano /etc/nginx/nginx.conf
I set client_max_body_size in http section uder Basic Settings
client_max_body_size 750M;
In Nginx it should be (according to the internet) enough to set client_max_body_size in just one of those two places, but that didn’t work for me.
Restart Nginx after you saved your settings
sudo systemctl restart nginx
You should now be able to upload large pictures, movies or files to your Matrix Synapse chat.