Haack's Wiki

User Tools

Site Tools

Trace:
computing:synapse

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
computing:synapse [2022/11/21 18:40] oemb1905computing:synapse [2024/01/30 03:17] (current) oemb1905
Line 3: Line 3:
   * **Jonathan Haack**   * **Jonathan Haack**
   * **Haack's Networking**   * **Haack's Networking**
-  * **webmaster@haacksnetworking.org**+  * **webmaster@haacksnetworking.org** 
  
 ------------------------------------------- -------------------------------------------
Line 84: Line 84:
   sudo --user elementweb tar -xvf element-v1.10.12.tar.gz   sudo --user elementweb tar -xvf element-v1.10.12.tar.gz
   rm element-v1.10.12.tar.gz   rm element-v1.10.12.tar.gz
-  cd /var/www/elemenet.gnulinux.club/+  cd /var/www/element.gnulinux.club/
   ln -s element-v1.10.12/ element   ln -s element-v1.10.12/ element
-  cd /var/www/elemenet.gnulinux.club/element +  cd /var/www/element.gnulinux.club/element 
-  cp config-sample.json config.jason+  cp config-sample.json config.json
   nano config.json   nano config.json
   <"base_url": "https://matrix.gnulinux.club",>   <"base_url": "https://matrix.gnulinux.club",>
Line 136: Line 136:
   register_new_matrix_user -c /etc/matrix-synapse/homeserver.yaml http://localhost:8008   register_new_matrix_user -c /etc/matrix-synapse/homeserver.yaml http://localhost:8008
      
-Record the password you chose in a safe location, and then uncomment the user registration on ''/etc/matrix-synapse/homeserver.yaml'' again and once again restart the service ''systemctl restart matrix-synapse''. This is required because you cannot manually create users while the ''enable_registration: true'' parameter is active. Likely, you will now want to also create a non-admin user for yourself, and the webgui is very convenient for this so just visit element.gnulinux.club and then register. Once you log in, make sure that you can access federated instances, spaces, and rooms. So long as everything is working, let's carry on with setting up jitsi:+Record the password you chose in a safe location, and then uncomment the user registration on ''/etc/matrix-synapse/homeserver.yaml'' again and once again restart the service ''systemctl restart matrix-synapse''. This is required because you cannot manually create users while the ''enable_registration: true'' parameter is active. Likely, you will now want to also create a non-admin user for yourself, and the webgui is very convenient for this so just visit element.gnulinux.club and then register. Once you log in, make sure that you can access federated instances, spaces, and rooms. The last thing we need to do is add the ability for the server to send emails so users can recover accounts when needed via email. To do that, first make sure you have a working [[https://wiki.haacksnetworking.org/doku.php?id=computing:exim4|https://wiki.haacksnetworking.org/doku.php?id=computing:exim4]]email server. Please note that an incoming (IMAP) server is not needed, only outgoing (smtp/MTA). Once that is setup, add the following lines to your ''/etc/matrix-synapse/homeserver.yaml'' configuration: 
 + 
 +  sudo nano /etc/matrix-synapse/homeserver.yaml 
 +  <public_baseurl: "https://matrix.gnulinux.club"> 
 +  <email:> 
 +    <smtp_host: haacksnetworking.org> 
 +    <smpt_port: 25> 
 +    <notif_from: "admin@gnulinux.club"> 
 +    <require_transport_security: true> 
 + 
 +Again, note that there is no need to set up an incoming email server nor tolerate spam on the server you are sending to. In my case, my smtp server / MTA is a relay/MTA (only) with domains that are allowed to send through it explicitly white listed. Now that email is up, let'tweak the upload settings so that people can upload images that are larger than a megabyte and have reasonable purge directives: 
 + 
 +  sudo nano /etc/matrix-synapse/homeserver.yaml 
 +  <max_upload_size: 1000M> 
 +  <dynamic_thumbnails: true> 
 +  <media_retention:> 
 +      <local_media_lifetime: 90d> 
 +      <remote_media_lifetime: 14d> 
 +       
 +Also, make sure to add the following line of code within each nginx http server block: 
 +   
 +  <client_max_body_size 1000M;> 
 + 
 +Alright, so now it's time to carry on with setting up jitsi. Again, as with element and matrix, always check the [[https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart/|official documentation]] for the latest releases/gpg keys, etc.: 
 + 
 +  curl https://download.jitsi.org/jitsi-key.gpg.key | sudo sh -c 'gpg --dearmor > /usr/share/keyrings/jitsi-keyring.gpg' 
 +  echo 'deb [signed-by=/usr/share/keyrings/jitsi-keyring.gpg] https://download.jitsi.org stable/' | sudo tee /etc/apt/sources.list.d/jitsi-stable.list > /dev/null 
 +  sudo apt update 
 +  sudo apt install jitsi-meet 
 +  <enter domain jitsi.gnulinux.club> 
 +  <generate self-signed> 
 +   
 +Once the install finishes, let's create let's encrypt using the official script from Jitsi, which will automatically configure a turn server and create a server block in nginx for us: 
 + 
 +  /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh 
 +   
 +We now need to configure Element to use jitsi, which we do as follows: 
 + 
 +  nano /var/www/element.gnulinux.club/element/config.json 
 +  <"preferredDomain": "jitsi.gnulinux.club"> 
 +  systemctl restart matrix-synapse 
 +   
 +You can verify that jitsi is working by ''ps -aux | jitsi'' and then visit jitsi.gnulinux.club (adjusted for your domain) to verify you can create and join a new meeting. Additionally, you can navigate to ''etc/turnserver.conf'' to see the entries jitsi created and likewise verify the server block it created at ''/etc/nginx/sites-enabled/jitsi.gnulinux.club''. To upgrade, find the latest release, and download it: 
 + 
 +  https://github.com/element-hq/element-web/releases 
 +  wget https://github.com/element-hq/element-web/releases/download/v1.11.55/element-v1.11.55.tar.gz 
 +  tar -xvf element-v1.11.55.tar.gz 
 +  cd /var/www/gnulinux.club/element 
 +  cp -ar config.json ../ 
 +  ln -s element-v1.10.12/ element 
 +   
 +Make sure to have .well-knowns established for client and support as well: 
 +   
 +  sudo touch /var/www/gnulinux.club/.well-known/matrix/client 
 +   
 +With the following: 
 +   
 +  { 
 +    "m.homeserver":
 +        "base_url": "https://matrix.gnulinux.club" 
 +    } 
 +  } 
 +   
 +Also identify support: 
 +   
 +  sudo touch /var/www/gnulinux.club/.well-known/matrix/support 
 + 
 +With the following: 
 + 
 +  {"contacts": [{"matrix_id": "@oemb1905:gnulinux.club", "email_address": "webmaster@haacksnetworking.org","club.gnulinux.phone_number": "+13105651874", "role": "m.role.admin"}],"support_page": "https://gnulinux.club/code-conduct.pdf"}
  
 +Finally, make sure that browsers don't download these by adding a location to your TLD block:
  
 +  location /.well-known/matrix {
 +    allow all;
 +    add_header access-control-allow-origin *;
 +    add_header content-type application/json;
 +  }
  
-Between these two debugging tools, you should be in good shape to get everything up and running! Okay, that took a lot to document but it's worth it. Also, if you are serving others in a public facing community, make sure you have [[https://repo.haacksnetworking.org/oemb1905/haackingclub/-/blob/master/scripts/sane-vm-backup.sh|appropriate backup scripts]] for this VM. Utilize rsync or similar to ensure you have those backups offsite as well as on site, and also provision a hot-spare in case your self-hosted or co-located hardware fails.+More updates below when they come.
  
- --- //[[jonathan@haacksnetworking.org|oemb1905]] 2022/11/20 01:58//+ --- //[[jonathan@haacksnetworking.org|oemb1905]] 2024/01/30 03:09//
computing/synapse.1669056022.txt.gz · Last modified: 2022/11/21 18:40 by oemb1905

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki