Scribd Logo
Upload

Welcome to Scribd!

  • 137 views

    Matrix Synapse-4-6

    Uploaded by

    Andrey Quesada
    The document provides instructions for installing and configuring Matrix Synapse, an open network for secure communication, on a server. It describes enabling HTTPS using Let's Encrypt SSL certificates, installing and configuring Nginx as a reverse proxy, and generating and renewing SSL certificates automatically with certbot. The goal is to set up Matrix Synapse with HTTPS secured by Nginx on port 443 to example.com, using Let's Encrypt for free SSL certificates.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Matrix Synapse-4-6

    Uploaded by

    Andrey Quesada
    137 views3 pages
    The document provides instructions for installing and configuring Matrix Synapse, an open network for secure communication, on a server. It describes enabling HTTPS using Let's Encrypt SSL certificates, installing and configuring Nginx as a reverse proxy, and generating and renewing SSL certificates automatically with certbot. The goal is to set up Matrix Synapse with HTTPS secured by Nginx on port 443 to example.com, using Let's Encrypt for free SSL certificates.

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document provides instructions for installing and configuring Matrix Synapse, an open network for secure communication, on a server. It describes enabling HTTPS using Let's Encrypt SSL certificates, installing and configuring Nginx as a reverse proxy, and generating and renewing SSL certificates automatically with certbot. The goal is to set up Matrix Synapse with HTTPS secured by Nginx on port 443 to example.com, using Let's Encrypt for free SSL certificates.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    137 views3 pages

    Matrix Synapse-4-6

    Uploaded by

    Andrey Quesada
    The document provides instructions for installing and configuring Matrix Synapse, an open network for secure communication, on a server. It describes enabling HTTPS using Let's Encrypt SSL certificates, installing and configuring Nginx as a reverse proxy, and generating and renewing SSL certificates automatically with certbot. The goal is to set up Matrix Synapse with HTTPS secured by Nginx on port 443 to example.com, using Let's Encrypt for free SSL certificates.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 3

    3/11/2020 Matrix Synapse [NaWiki]

    sudoedit /etc/matrix-synapse/homeserver.yaml

    enable_registration: False

    registration_shared_secret: [shared_secred_key]

    Check ports

    The best is to leave it default as it comes delivered (watch here https://github.com/matrix-


    org/synapse/blob/master/docs/sample_config.yaml ), so check if it matches the follwing:

    sudoedit /etc/matrix-synapse/homeserver.yaml

    - port: 8008
    tls: false
    bind_addresses: ['::1', '127.0.0.1']
    type: http
    x_forwarded: true

    Be aware that indentation is important in *.yaml files!

    Save and exit.

    Note: registration_shared_secret : If set allows registration by anyone who also has the
    shared secret, even if registration is disabled.

    Now restart the Synapse services.

    sudo systemctl restart matrix-synapse.service

    Check the homeserver service with the following command

    sudo ss -plntu

    You will get the Synapse service is now on the local IP address. And we have completed the Synapse
    installation and configuration.

    Step 4 - Generate SSL Letsencrypt Certificates


    In this tutorial, we will enable HTTPS for the Nginx reverse proxy, and we will generate the SSL
    certificate files from Letsencrypt. So, start with installing the letsencrypt tool. (it is possible to add -y
    again)
    https://www.natrius.eu/dokuwiki/doku.php?id=digital:server:matrixsynapse 4/13
    3/11/2020 Matrix Synapse [NaWiki]

    sudo apt install letsencrypt

    If nginx is installed first, lets stop nginx so certbot can listen to port 80

    sudo systemctl stop nginx.service

    Install the most recent certbot

    sudo add-apt-repository ppa:certbot/certbot


    sudo apt-get install certbot python-certbot-nginx

    Generate the SSL certificate files for the matrix domain name example.com using the certbot command
    as shown below.

    sudo certbot --nginx

    The Letsencrypt tool will generate SSL certificate files by running the 'standalone' temporary web server
    for verification. When it's complete, you will get the information that its done and where the certificates
    are stored. Usally the SSL certificate files for the Synapse domain name example.com are generated
    inside the /etc/letsencrypt/live/ directory.

    Saving debug log to /var/log/letsencrypt/letsencrypt.log


    Plugins selected: Authenticator standalone, Installer None
    Obtaining a new certificate
    Performing the following challenges:
    http-01 challenge for example.com
    Waiting for verification...
    Cleaning up challenges

    IMPORTANT NOTES:
    - Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/example.com/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/example.com/privkey.pem
    Your cert will expire on 2019-03-03. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot
    again. To non-interactively renew *all* of your certificates, run
    "certbot renew"
    - Your account credentials have been saved in your Certbot
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Certbot so
    making regular backups of this folder is ideal.
    - If you like Certbot, please consider supporting our work by:

    https://www.natrius.eu/dokuwiki/doku.php?id=digital:server:matrixsynapse 5/13
    3/11/2020 Matrix Synapse [NaWiki]

    Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate


    Donating to EFF: https://eff.org/donate-le

    There should already be a cronjob generater for automatic renewal of the certs, as they last only 90 days.
    To check if the cron is up

    sudo certbot renew --dry-run

    Step 5 - Install and configure Nginx as a reverse proxy


    Now install the Nginx web server and configure it as a reverse proxy for the homeserver that is running on
    the port '8008'. Start with installing the Nginx web server using the apt command below. (it is possible to
    add -y again)

    sudo apt install nginx

    After the installation is complete, start the service and enable it to launch everytime at system boot

    sudo systemctl start nginx.service


    sudo systemctl enable nginx.service

    Next, we will create a new virtual host configuration for the domain name example.com . Go to the
    '/etc/nginx' configuration directory and create a new virtual host file 'matrix'.

    sudoedit /etc/nginx/sites-available/matrix

    Paste the following configuration there, changing the domain example.com to your own:

    server {
    listen 80;
    server_name example.com;
    return 301 https://$server_name$request_uri;
    }

    server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name example.com;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

    # If you don't wanna serve a site, comment this out

    https://www.natrius.eu/dokuwiki/doku.php?id=digital:server:matrixsynapse 6/13

    You might also like