Haack's Wiki

User Tools

Site Tools

Trace:
computing:synapse

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
computing:synapse [2022/11/24 03:54] oemb1905computing:synapse [2024/01/30 03:17] (current) oemb1905
Line 3: Line 3:
   * **Jonathan Haack**   * **Jonathan Haack**
   * **Haack's Networking**   * **Haack's Networking**
-  * **webmaster@haacksnetworking.org**+  * **webmaster@haacksnetworking.org** 
  
 ------------------------------------------- -------------------------------------------
Line 84: Line 84:
   sudo --user elementweb tar -xvf element-v1.10.12.tar.gz   sudo --user elementweb tar -xvf element-v1.10.12.tar.gz
   rm element-v1.10.12.tar.gz   rm element-v1.10.12.tar.gz
-  cd /var/www/elemenet.gnulinux.club/+  cd /var/www/element.gnulinux.club/
   ln -s element-v1.10.12/ element   ln -s element-v1.10.12/ element
-  cd /var/www/elemenet.gnulinux.club/element +  cd /var/www/element.gnulinux.club/element 
-  cp config-sample.json config.jason+  cp config-sample.json config.json
   nano config.json   nano config.json
   <"base_url": "https://matrix.gnulinux.club",>   <"base_url": "https://matrix.gnulinux.club",>
Line 146: Line 146:
     <require_transport_security: true>     <require_transport_security: true>
  
-Again, note that there is no need to set up an incoming email server nor tolerate spam on the server you are sending to. In my case, my smtp server / MTA is a relay with domains that are allowed to send through it explicitly white listed. Alright, so now it's time to carry on with setting up jitsi. Again, as with element and matrix, always check the [[https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart/|official documentation]] for the latest releases/gpg keys, etc.:+Again, note that there is no need to set up an incoming email server nor tolerate spam on the server you are sending to. In my case, my smtp server / MTA is a relay/MTA (only) with domains that are allowed to send through it explicitly white listed. Now that email is up, let's tweak the upload settings so that people can upload images that are larger than a megabyte and have reasonable purge directives: 
 + 
 +  sudo nano /etc/matrix-synapse/homeserver.yaml 
 +  <max_upload_size: 1000M> 
 +  <dynamic_thumbnails: true> 
 +  <media_retention:> 
 +      <local_media_lifetime: 90d> 
 +      <remote_media_lifetime: 14d> 
 +       
 +Also, make sure to add the following line of code within each nginx http server block: 
 +   
 +  <client_max_body_size 1000M;> 
 + 
 +Alright, so now it's time to carry on with setting up jitsi. Again, as with element and matrix, always check the [[https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart/|official documentation]] for the latest releases/gpg keys, etc.:
  
   curl https://download.jitsi.org/jitsi-key.gpg.key | sudo sh -c 'gpg --dearmor > /usr/share/keyrings/jitsi-keyring.gpg'   curl https://download.jitsi.org/jitsi-key.gpg.key | sudo sh -c 'gpg --dearmor > /usr/share/keyrings/jitsi-keyring.gpg'
Line 165: Line 178:
   systemctl restart matrix-synapse   systemctl restart matrix-synapse
      
-You can verify that jitsi is working by ''ps -aux | jitsi'' and then visit jitsi.gnulinux.club (adjusted for your domain) to verify you can create and join a new meeting. Additionally, you can navigate to ''etc/turnserver.conf'' to see the entries jitsi created and likewise verify the server block it created at ''/etc/nginx/sites-enabled/jitsi.gnulinux.club''You are now done! Howevermake sure to run regular snapshots on a cron job, and consider some simple shell scripts to monitor nginx, postgres, and fail2ban and if they fail, to restart them and email you. I also have a separate script that dumps the entire database daily with a time stamp. Here are the scripts currently in use:+You can verify that jitsi is working by ''ps -aux | jitsi'' and then visit jitsi.gnulinux.club (adjusted for your domain) to verify you can create and join a new meeting. Additionally, you can navigate to ''etc/turnserver.conf'' to see the entries jitsi created and likewise verify the server block it created at ''/etc/nginx/sites-enabled/jitsi.gnulinux.club''To upgradefind the latest release, and download it:
  
-  - Keep Fail2Ban Running:[[https://repo.haacksnetworking.org/oemb1905/haackingclub/-/blob/master/scripts/fail2ban-restart.sh|fail2ban-restart.sh]] +  https://github.com/element-hq/element-web/releases 
-  - Keep Postgres Running: [[https://repo.haacksnetworking.org/oemb1905/haackingclub/-/blob/master/scripts/postgres-restart.sh|postgres-restart.sh]] +  wget https://github.com/element-hq/element-web/releases/download/v1.11.55/element-v1.11.55.tar.gz 
-  - Keep Nginx Running: [[https://repo.haacksnetworking.org/oemb1905/haackingclub/-/blob/master/scripts/nginx-restart.sh|nginx-restart.sh]] +  tar -xvf element-v1.11.55.tar.gz 
-  - Nightly DB Dumps: [[https://repo.haacksnetworking.org/oemb1905/haackingclub/-/blob/master/scripts/postgres-dump.sh|postgres-dump.sh]]+  cd /var/www/gnulinux.club/element 
 +  cp -ar config.json ../ 
 +  ln -s element-v1.10.12/ element
      
-Also, there's no point in setting this up unless you have regular backups! In my case, since this is a VM, I just use the same script as I use for all my other instancesThat script powers down the VM, and copies a sparse file, then tarballs itAfter restarting the VMmy backup workstation pulls down the tarballs (also sparse) on a set schedulekeeping approximately 90 days of restore pointsThe backup script I use is found here andof coursethis runs on the host OS (not the Synapse VM instance):+Make sure to have .well-knowns established for client and support as well: 
 +   
 +  sudo touch /var/www/gnulinux.club/.well-known/matrix/client 
 +   
 +With the following: 
 +   
 +  { 
 +    "m.homeserver":
 +        "base_url": "https://matrix.gnulinux.club" 
 +    } 
 +  } 
 +   
 +Also identify support: 
 +   
 +  sudo touch /var/www/gnulinux.club/.well-known/matrix/support 
 + 
 +With the following: 
 + 
 +  {"contacts": [{"matrix_id": "@oemb1905:gnulinux.club""email_address": "webmaster@haacksnetworking.org","club.gnulinux.phone_number": "+13105651874""role": "m.role.admin"}],"support_page""https://gnulinux.club/code-conduct.pdf"}
  
-  - VM Backup Script[[https://repo.haacksnetworking.org/oemb1905/haackingclub/-/blob/master/scripts/sane-vm-backup.sh|sane-vm-backup.sh]]+Finally, make sure that browsers don't download these by adding a location to your TLD block:
  
-Lastly, I also have a hot-spare in case my co-located hardware fails. Swing on by:+  location /.well-known/matrix { 
 +    allow all; 
 +    add_header access-control-allow-origin *; 
 +    add_header content-type application/json; 
 +  }
  
-  - [[https://element.gnulinux.club|GNU/Linux Club]]+More updates below when they come.
  
- --- //[[jonathan@haacksnetworking.org|oemb1905]] 2022/11/23 20:49//+ --- //[[jonathan@haacksnetworking.org|oemb1905]] 2024/01/30 03:09//
computing/synapse.1669262087.txt.gz · Last modified: 2022/11/24 03:54 by oemb1905

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki