Someguy123/Caddyfile

## Caddyfile
############################
# Excerpt of /etc/caddy/Caddyfile from Privex Inc's Synapse server ( matrix.privex.io / privex.io )
# Released under X11 / MIT License
# (C) 2021 Privex Inc. - Affordable + Privacy friendly server hosting at https://www.privex.io
############################
matrix.privex.io, se1.matrix.privex.io {
    root * /var/www/html
    # Enable the static file server.
    file_server
    # We hardcode the JSON into the .well-known routes for convenience and fast responses
    route /.well-known/matrix/server {
        respond * "{\"m.server\": \"matrix.privex.io:443\"}" 200
    }
    route /.well-known/matrix/client {
        respond * "{\"m.homeserver\": {\"base_url\": \"https://matrix.privex.io\"},\"m.identity_server\": {\"base_url\": \"https://vector.im\"}}" 200
    }

    ####
    # We use regex to match the various norma + admin routes which need to go to the media worker on port 8015
    ####
    @media {
        path_regexp /_synapse/admin/v1/(purge_media_cache|((room|user)/.*/media.*)|media/.*|/quarantine_media/.*)$
        path_regexp /_matrix/media(/?(.*)?)$
    }
    route @media {
        reverse_proxy 127.0.0.1:8015
    }
    ####
    # We use regex to match the various routes which need to go to the federation worker on port 8017
    ####
    @federation {
        path_regexp /_matrix/federation/(v1|v2)/(send|event|state|state_ids|backfill|get_missing_events|publicRooms|query|make_join|make_leave|send_join|send_leave|invite|query_auth|event_auth|exchange_third_party_invite|user/devices|get_groups_publicised|groups)(/?(.*)?)$
        path_regexp /_matrix/key/v2/query/?$
    }
    route @federation {
        reverse_proxy 127.0.0.1:8017
    }
    ####
    # Anything which doesn't match a previous route, will get routed to the main Matrix Synapse process
    ####
    route {
        reverse_proxy 127.0.0.1:8008 {
            header_up X-Real-IP {remote_host}
            header_up X-Forwarded-For {remote_host}
        }
    }
}

## etc.matrix-synapse.homeserver.yaml
############################
# Excerpt of homeserver.yaml from Privex Inc's Synapse server ( matrix.privex.io / privex.io )
# Released under X11 / MIT License
# (C) 2021 Privex Inc. - Affordable + Privacy friendly server hosting at https://www.privex.io
############################

## Workers ##

# Disables sending of outbound federation transactions on the main process.
# Uncomment if using a federation sender worker.
send_federation: false

# It is possible to run multiple federation sender workers, in which case the
# work is balanced across them.
#
# This configuration must be shared between all federation sender workers, and if
# changed all federation sender workers must be stopped at the same time and then
# started, to ensure that all instances are running with the same config (otherwise
# events may be dropped).
#
federation_sender_instances:
  - federation_sender1

# When using workers this should be a map from `worker_name` to the
# HTTP replication listener of the worker, if configured.
instance_map:
  federation_sender1:
    host: localhost
    port: 8011
  media_repo:
    host: localhost
    port: 8015
  federation_reader:
    host: localhost
    port: 8017


listeners:
      - port: 8008
        tls: false
        type: http
        x_forwarded: true
        bind_addresses: ['::1', '127.0.0.1']

        resources:
          - names: [client, federation]
            compress: false

      # The HTTP replication port
      - port: 9093
        bind_addresses: ['::1', '127.0.0.1']
        type: http
        resources:
        - names: [replication]

# Experimental: When using workers you can define which workers should
# handle event persistence and typing notifications. Any worker
# specified here must also be in the `instance_map`.
#
#stream_writers:
#  events: worker1
#  typing: worker1

# The worker that is used to run background tasks (e.g. cleaning up expired
# data). If not provided this defaults to the main process.
#
#run_background_tasks_on: worker1
media_instance_running_background_jobs: "media_repo"

# A shared secret used by the replication APIs to authenticate HTTP requests
# from workers.
#
# By default this is unused and traffic is not authenticated.
worker_replication_secret: ""


redis:
  enabled: true

## etc.matrix-synapse.workers.federation-reader.yaml
############################
# Federation Reader Worker from Privex Inc's Synapse server ( matrix.privex.io / privex.io )
# Released under X11 / MIT License
# (C) 2021 Privex Inc. - Affordable + Privacy friendly server hosting at https://www.privex.io
############################
worker_app: synapse.app.federation_reader
worker_name: federation_reader

worker_replication_host: 127.0.0.1
worker_replication_http_port: 9093

worker_listeners:
    - type: http
      port: 8017
      resources:
          - names: [federation]


## etc.matrix-synapse.workers.federation-sender.yaml
############################
# Federation Sender Worker from Privex Inc's Synapse server ( matrix.privex.io / privex.io )
# Released under X11 / MIT License
# (C) 2021 Privex Inc. - Affordable + Privacy friendly server hosting at https://www.privex.io
############################
worker_app: synapse.app.federation_sender
worker_name: federation_sender1

worker_replication_host: 127.0.0.1
worker_replication_http_port: 9093

worker_listeners:
    - type: http
      port: 8011
      resources:
          - names: [federation]

## etc.matrix-synapse.workers.media-repo.yaml
############################
# Media Repository Worker from Privex Inc's Synapse server ( matrix.privex.io / privex.io )
# Released under X11 / MIT License
# (C) 2021 Privex Inc. - Affordable + Privacy friendly server hosting at https://www.privex.io
############################
worker_app: synapse.app.media_repository
worker_name: media_repo

worker_replication_host: 127.0.0.1
worker_replication_http_port: 9093

worker_listeners:
    - type: http
      port: 8015
      resources:
          - names: [media]


## example_setup.sh
# 1. Create the worker YAML files in /etc/matrix-synapse/workers
mkdir -p /etc/matrix-synapse/workers
# vim /etc/matrix-synapse/workers/media-repo.yaml

# 2. Adjust your homeserver.yaml as desired,
# vim /etc/matrix-synapse/homeserver.yaml

# 3. Adjust your webserver, e.g. Caddy - as desired
# vim /etc/caddy/Caddyfile

# 4. Install the matrix-synapse-worker@ systemd service file
cd /etc/systemd/system
wget https://raw.githubusercontent.com/matrix-org/synapse/develop/docs/systemd-with-workers/system/matrix-synapse-worker%40.service
systemctl daemon-reload

# 5. Enable the workers using their config file name, without the .yaml at the end:
systemctl enable matrix-synapse-worker@federation-sender
systemctl enable matrix-synapse-worker@federation-reader
systemctl enable matrix-synapse-worker@media-repo

# 6. Restart matrix-synapse
systemctl restart matrix-synapse

# 7. (Re-)Start each worker
systemctl start matrix-synapse-worker@federation-sender
systemctl start matrix-synapse-worker@federation-reader
systemctl start matrix-synapse-worker@media-repo

# 8. Restart your web server
systemctl restart caddy

# 9. GOOD TO GO. Test it out.
	############################
	# Excerpt of /etc/caddy/Caddyfile from Privex Inc's Synapse server ( matrix.privex.io / privex.io )
	# Released under X11 / MIT License
	# (C) 2021 Privex Inc. - Affordable + Privacy friendly server hosting at https://www.privex.io
	############################
	matrix.privex.io, se1.matrix.privex.io {
	root * /var/www/html
	# Enable the static file server.
	file_server
	# We hardcode the JSON into the .well-known routes for convenience and fast responses
	route /.well-known/matrix/server {
	respond * "{\"m.server\": \"matrix.privex.io:443\"}" 200
	}
	route /.well-known/matrix/client {
	respond * "{\"m.homeserver\": {\"base_url\": \"https://matrix.privex.io\"},\"m.identity_server\": {\"base_url\": \"https://vector.im\"}}" 200
	}

	####
	# We use regex to match the various norma + admin routes which need to go to the media worker on port 8015
	####
	@media {
	path_regexp /_synapse/admin/v1/(purge_media_cache\|((room\|user)/./media.)\|media/.\|/quarantine_media/.)$
	path_regexp /_matrix/media(/?(.*)?)$
	}
	route @media {
	reverse_proxy 127.0.0.1:8015
	}
	####
	# We use regex to match the various routes which need to go to the federation worker on port 8017
	####
	@federation {
	path_regexp /_matrix/federation/(v1\|v2)/(send\|event\|state\|state_ids\|backfill\|get_missing_events\|publicRooms\|query\|make_join\|make_leave\|send_join\|send_leave\|invite\|query_auth\|event_auth\|exchange_third_party_invite\|user/devices\|get_groups_publicised\|groups)(/?(.*)?)$
	path_regexp /_matrix/key/v2/query/?$
	}
	route @federation {
	reverse_proxy 127.0.0.1:8017
	}
	####
	# Anything which doesn't match a previous route, will get routed to the main Matrix Synapse process
	####
	route {
	reverse_proxy 127.0.0.1:8008 {
	header_up X-Real-IP {remote_host}
	header_up X-Forwarded-For {remote_host}
	}
	}
	}
	############################
	# Excerpt of homeserver.yaml from Privex Inc's Synapse server ( matrix.privex.io / privex.io )
	# Released under X11 / MIT License
	# (C) 2021 Privex Inc. - Affordable + Privacy friendly server hosting at https://www.privex.io
	############################

	## Workers ##

	# Disables sending of outbound federation transactions on the main process.
	# Uncomment if using a federation sender worker.
	send_federation: false

	# It is possible to run multiple federation sender workers, in which case the
	# work is balanced across them.
	#
	# This configuration must be shared between all federation sender workers, and if
	# changed all federation sender workers must be stopped at the same time and then
	# started, to ensure that all instances are running with the same config (otherwise
	# events may be dropped).
	#
	federation_sender_instances:
	- federation_sender1

	# When using workers this should be a map from `worker_name` to the
	# HTTP replication listener of the worker, if configured.
	instance_map:
	federation_sender1:
	host: localhost
	port: 8011
	media_repo:
	host: localhost
	port: 8015
	federation_reader:
	host: localhost
	port: 8017


	listeners:
	- port: 8008
	tls: false
	type: http
	x_forwarded: true
	bind_addresses: ['::1', '127.0.0.1']

	resources:
	- names: [client, federation]
	compress: false

	# The HTTP replication port
	- port: 9093
	bind_addresses: ['::1', '127.0.0.1']
	type: http
	resources:
	- names: [replication]

	# Experimental: When using workers you can define which workers should
	# handle event persistence and typing notifications. Any worker
	# specified here must also be in the `instance_map`.
	#
	#stream_writers:
	# events: worker1
	# typing: worker1

	# The worker that is used to run background tasks (e.g. cleaning up expired
	# data). If not provided this defaults to the main process.
	#
	#run_background_tasks_on: worker1
	media_instance_running_background_jobs: "media_repo"

	# A shared secret used by the replication APIs to authenticate HTTP requests
	# from workers.
	#
	# By default this is unused and traffic is not authenticated.
	worker_replication_secret: ""


	redis:
	enabled: true
	############################
	# Federation Reader Worker from Privex Inc's Synapse server ( matrix.privex.io / privex.io )
	# Released under X11 / MIT License
	# (C) 2021 Privex Inc. - Affordable + Privacy friendly server hosting at https://www.privex.io
	############################
	worker_app: synapse.app.federation_reader
	worker_name: federation_reader

	worker_replication_host: 127.0.0.1
	worker_replication_http_port: 9093

	worker_listeners:
	- type: http
	port: 8017
	resources:
	- names: [federation]
	############################
	# Federation Sender Worker from Privex Inc's Synapse server ( matrix.privex.io / privex.io )
	# Released under X11 / MIT License
	# (C) 2021 Privex Inc. - Affordable + Privacy friendly server hosting at https://www.privex.io
	############################
	worker_app: synapse.app.federation_sender
	worker_name: federation_sender1

	worker_replication_host: 127.0.0.1
	worker_replication_http_port: 9093

	worker_listeners:
	- type: http
	port: 8011
	resources:
	- names: [federation]
	############################
	# Media Repository Worker from Privex Inc's Synapse server ( matrix.privex.io / privex.io )
	# Released under X11 / MIT License
	# (C) 2021 Privex Inc. - Affordable + Privacy friendly server hosting at https://www.privex.io
	############################
	worker_app: synapse.app.media_repository
	worker_name: media_repo

	worker_replication_host: 127.0.0.1
	worker_replication_http_port: 9093

	worker_listeners:
	- type: http
	port: 8015
	resources:
	- names: [media]
	# 1. Create the worker YAML files in /etc/matrix-synapse/workers
	mkdir -p /etc/matrix-synapse/workers
	# vim /etc/matrix-synapse/workers/media-repo.yaml

	# 2. Adjust your homeserver.yaml as desired,
	# vim /etc/matrix-synapse/homeserver.yaml

	# 3. Adjust your webserver, e.g. Caddy - as desired
	# vim /etc/caddy/Caddyfile

	# 4. Install the matrix-synapse-worker@ systemd service file
	cd /etc/systemd/system
	wget https://raw.githubusercontent.com/matrix-org/synapse/develop/docs/systemd-with-workers/system/matrix-synapse-worker%40.service
	systemctl daemon-reload

	# 5. Enable the workers using their config file name, without the .yaml at the end:
	systemctl enable matrix-synapse-worker@federation-sender
	systemctl enable matrix-synapse-worker@federation-reader
	systemctl enable matrix-synapse-worker@media-repo

	# 6. Restart matrix-synapse
	systemctl restart matrix-synapse

	# 7. (Re-)Start each worker
	systemctl start matrix-synapse-worker@federation-sender
	systemctl start matrix-synapse-worker@federation-reader
	systemctl start matrix-synapse-worker@media-repo

	# 8. Restart your web server
	systemctl restart caddy

	# 9. GOOD TO GO. Test it out.