- Pick Debian 11
- 2 GB RAM, 2 vCPUs, 60 GB SSD
- assign fixed IP
-
Install nginx
apt install nginx
-
Add config for domain
server { root /var/www/html; server_name matrix.adacon.no; }
-
server { root /var/www/html; server_name matrix.adacon.no; # managed by Certbot listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/matrix.adacon.no/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/matrix.adacon.no/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { if ($host = matrix.adacon.no) { return 301 https://$host$request_uri; } # managed by Certbot server_name matrix.adacon.no; listen 80; listen [::]:80; return 404; # managed by Certbot }
-
Install PostgreSQL
apt install postgresql
-
Create DB
sudo -u postgres createuser matrix createdb --encoding=UTF8 --locale=C --template=template0 --owner=matrix matrix psql -c "ALTER USER matrix PASSWORD 'matrix';"
-
Install Matrix
sudo wget -O /usr/share/keyrings/matrix-org-archive-keyring.gpg https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg echo "deb [signed-by=/usr/share/keyrings/matrix-org-archive-keyring.gpg] https://packages.matrix.org/debian/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/matrix-org.list sudo apt update sudo apt install matrix-synapse-py3
-
Configure Synapse to use PostgreSQL
sudo vim /etc/matrix-synapse/homeserver.yaml
database: name: psycopg2 args: user: matrix password: matrix database: matrix host: localhost cp_min: 5 cp_max: 10
-
Set
registration_shared_secret
in/etc/matrix-synapse/homeserver.yaml
-
Set
macaroon_secret_key
in/etc/matrix-synapse/homeserver.yaml
-
Restart synapse
sudo systemctl restart matrix-synapse
-
Register new admin user
cd /etc/matrix-synapse/ register_new_matrix_user -c homeserver.yaml
-
Enable nginx reverse proxy
# For the federation port listen 8448 ssl http2; listen [::]:8448 ssl http2; location ~ ^(/_matrix|/_synapse/client|/health) { # note: do not add a path (even a single /) after the port in `proxy_pass`, # otherwise nginx will canonicalise the URI and cause signature verification # errors. proxy_pass http://localhost:8008; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host; # Nginx by default only allows file uploads up to 1M in size # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml client_max_body_size 50M; # Synapse responses may be chunked, which is an HTTP/1.1 feature. proxy_http_version 1.1; }
-
Restart nginx
sudo systemctl restart nginx
- Serve
.well-known/matrix/server
{ "m.server": "matrix.adacon.no" }
- Serve
.well-known/matrix/client
{ "m.homeserver": { "base_url": "https://matrix.adacon.no" } }