Instalación
apt install -y lsb-release wget apt-transport-https nginx postgresql
wget -O /usr/share/keyrings/matrix-org-archive-keyring.gpg https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/matrix-org-archive-keyring.gpg] https://packages.matrix.org/debian/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/matrix-org.list
apt update
apt install matrix-synapse-py3En la ventana azul que sale, poner el nombre del dominio raíz: ejemplo.net en lugar de `matrix.ejemplo.net'.
Nginx
Pegar esto en /etc/nginx/sites-available/matrix y cambiar los nombres de los dominios, esta vez sí incluyendo subdominios:
# enforce HTTPS
server {
# Client port
listen 80;
listen [::]:80;
server_name matrix.ejemplo.net;
return 301 https://$host$request_uri;
}
server {
server_name matrix.ejemplo.net;
# Client port
listen 443 ssl http2;
listen [::]:443 ssl http2;
# Federation port
listen 8448 ssl http2 default_server;
listen [::]:8448 ssl http2 default_server;
access_log /var/log/nginx/synapse.access.log;
error_log /var/log/nginx/synapse.error.log;
# TLS configuration
ssl_certificate /etc/letsencrypt/live/matrix.ejemplo.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/matrix.ejemplo.net/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/matrix.ejemplo.net/chain.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001] 8.8.8.8 8.8.4.4 [2001:4860:4860::8888] [2001:486
0:4860::8844] valid=60s;
resolver_timeout 2s;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GC
M-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
tcp_nopush on;
gzip on;
location ~ ^(/_matrix|/_synapse/client) {
proxy_pass http://localhost:8008;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
# Increase client_max_body_size to match the max_upload_size defined in homeserver.yaml
client_max_body_size 50M;
}
location /.well-known/matrix/client {
return 200 '{"m.homeserver": {"base_url": "https://matrix.ejemplo.net"}}';
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
location /.well-known/matrix/server {
return 200 '{"m.server": "matrix.ejemplo.net:443"}';
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
}Comprobar que el archivo de configuración está bien:
nginx -tActivar:
ln -s /etc/nginx/sites-available/matrix /etc/nginx/sites-enabled
systemctl reload nginx
systemctl reload matrix-synapsePostgreSQL
su -c "createuser --pwprompt synapse" postgres
# [ ... ] Poner la contraseña
su -c "createdb --encoding=UTF8 --locale=C --template=template0 --owner=synapse synapsedb"Editar en /etc/matrix-synapse/homeserver.yaml:
- Quitar estas líneas:
database: name: sqlite3 args: database: DATADIR/homeserver.db - Poner estas líneas en el mismo lugar:
database: name: psycopg2 args: user: synapse password: lacontraseñaquehaspuesto database: synapsedb host: localhost cp_min: 5 cp_max: 10
Configuración
echo "registration_shared_secret: '$(cat /dev/urandom | tr -cd '[:alnum:]' | fold -w 25
6 | head -n 1)'"| tee -a /etc/matrix-synapse/homeserver.yaml
echo url_preview_enabled: true >> /etc/matrix-synapse/homeserver.yaml
systemctl restart matrix-synapse
register_new_matrix_user -c /etc/matrix-synapse/homeserver.yamlAgregar esto en /etc/matrix-synapse/homeserver.yaml:
url_preview_ip_range_blacklist:
- '127.0.0.0/8'
- '10.0.0.0/8'
- '172.16.0.0/12'
- '192.168.0.0/16'
- '100.64.0.0/10'
- '192.0.0.0/24'
- '169.254.0.0/16'
- '192.88.99.0/24'
- '198.18.0.0/15'
- '192.0.2.0/24'
- '198.51.100.0/24'
- '203.0.113.0/24'
- '224.0.0.0/4'
- '::1/128'
- 'fe80::/10'
- 'fc00::/7'
- '2001:db8::/32'
- 'ff00::/8'
- 'fec0::/10'Llamadas y videollamadas
Seguir los pasos de [[Coturn]] antes.
Después, editar /etc/matrix-synapse/homeserver.yaml y agregar estas líneas si no existen (y si existen, modificarlas) cambiando los enlaces:
turn_uris: [ "turn:turn.ejemplo.net?transport=udp", "turn:turn.ejemplo.net?transport=tcp" ]
turn_user_lifetime: 86400000
turn_allow_guests: Trueecho "turn_shared_secret: \"$(grep 'static-auth-secret=' /etc/turnserver.conf | awk -F '=' '{print $2}')\"" | tee -a /etc/matrix-synapse/homeserver.yamlFederación
Agregar esto en /etc/matrix-synapse/homeserver.yaml:
allow_public_rooms_over_federation: true
allow_public_rooms_without_auth: trueSliding sync
su -c "createdb --encoding=UTF8 --locale=C --template=template0 --owner=synapse syncv3" postgresEn /etc/nginx/sites-available/matrix:
- Añadir:
location ~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync) { proxy_pass http://localhost:8009; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host; } - Editar:
location /.well-known/matrix/client { # return 200 '{"m.homeserver": {"base_url": "https://matrix.elpolla.net"}}'; return 200 '{"m.homeserver": {"base_url": "https://matrix.elpolla.net"},"org.matrix.msc3575.proxy": {"url": "https://matrix.elpolla.net"}}'; [...] }
Descargar el binario y comprobar que funciona:
wget https://github.com/matrix-org/sliding-sync/releases/download/v0.99.19/syncv3_linux_amd64
chmod +x syncv3_linux_amd64
echo -n "$(openssl rand -hex 32)" > .secret # NO BORRAR
SYNCV3_SECRET=$(cat .secret) SYNCV3_SERVER="https://matrix.elpolla.net" SYNCV3_DB="user=synapse dbname=syncv3 sslmode=disable password='TUCONTRASEÑA'" SYNCV3_BINDADDR=0.0.0.0:8009 ./syncv3_linux_amd64 Para montarlo automáticamente, se hará el daemon en systemd:
mv syncv3_linux_amd64 /etc/matrix-synapse/
vim /etc/systemd/system/syncv3.serviceEn /etc/systemd/system/syncv3.service, poner lo siguiente cambiando las cosas de manera correspondiente:
[Unit]
Description=Sliding Sync proxy for Matrix
After=matrix-synapse.service
Requires=matrix-synapse.service
[Service]
Environment="SYNCV3_SECRET=<el contenido del archivo .secret>"
Environment="SYNCV3_SERVER=https://matrix.ejemplo.net"
Environment="SYNCV3_DB=user=synapse dbname=syncv3 sslmode=disable password='TUCONTRASEÑA'"
Environment="SYNCV3_BINDADDR=0.0.0.0:8009"
ExecStart=/etc/matrix-synapse/syncv3_linux_amd64
Restart=always
WorkingDirectory=/etc/matrix-synapse
SyslogIdentifier=syncv3
[Install]
WantedBy=multi-user.targetsystemctl daemon-reload
systemctl enable syncv3.service
systemctl start syncv3.service