🚀 Update 🚀

I have a new guide for Synapse v1.0.0 (with Traefik), which takes you through the soon to be required part of settings up TLS cert for federation.


There are many good reasons to switch to Matrix from whatever proprietary monolith chat system you are using today. As others have written about that I'm not gonna delve on those now.

I'm a big Docker fan so when I decided to setup my own Synapse homeserver I was glad to find an image ready to use. I'll take you through setting up Synapse together with Postgres and a Let's Encrypt certificate. With this setup adding additional services like bots or bridges is easy.

Before we start here are some general points about Matrix.

  • Matrix is the protocol.
  • There are a couple of servers available but Synapse is AFAIK the only (more or less) production ready. It will eventually be replaced by Dendrite (written in Go).
  • Clients are plenty so you should be able to find one to your liking. I prefer Riot both for desktop and mobile.
  • There are also a lot of bridges (called Application Services) to other networks like IRC, Slack and Gitter to name a few.

Prerequisites

This guide assumes some general knowledge of Linux and that you have a server available with these services installed:

I use Ubuntu 16.04, most of this should work just fine for other distros but you know, YMMV.

If you're gonna start up a new server - like a VPS - I recommend this guide for some basic security.

Also, I used Digital Ocean to follow my own guide and make sure everything worked. I think they are great and if you haven't tried it already feel free to use this referral link to get $100 for your Matrix server or my Hetzner link to get €20 there 😊

Edit: For those unfamiliar with nginx Martial Lienert suggested Caddy. I haven't tried it myself but for serving a single host like Synapse it looks pretty neat.

Setup

We'll be using docker-compose to be able to easily change options for the containers or adding new services. The default database is sqlite but even with a small homeserver like mine I noticed a big difference in responsiveness with postgres. And if you plan on joining big rooms like #matrix:matrix.org it's a must since Matrix will federate data to all servers with at least one user in a room. So in a room with 10000+ users there will be a lot of writes to the database.

Clicking on the #matrix link above will display a page where you can pick a client and join directly. Although I recommend not creating an account on matrix.org if you plan on running your own homeserver, since migration isn't available at the moment.

It might be a good idea to read through the Synapse README if you haven't already. Note that the parts about which ports to use is kinda confusing. This guide will have everything setup the recommended way but if you're curious about the details you should read this issue.

Base directory

To keep the different services grouped together and for a more manageable docker-compose.yaml we'll create a base directory.

sudo mkdir /opt/matrix

Generating Synapse files

Next we will generate the required files for Synapse. This will add a self-signed certificate used for federation, a homeserver.yaml config file and a log config.

You need to decide on what hostname to use. It's possible to host Synapse on a subdomain (f.e matrix.example.com) and still have clients connect to example.com, but it requires some extra setup. I'd recommend having a dedicated domain.

# This will create /opt/matrix/synapse
docker run -v /opt/matrix/synapse:/data --rm \
    -e SERVER_NAME=example.com -e REPORT_STATS=yes silviof/docker-matrix generate

☝️ Remember to replace example.com in the command.

Edit: I've changed the REPORT_STATS above from no after discussion since I think it's important to support Matrix in any way possible. Originally I just copied the command from the image README and gave it no further thought. If you are interested in what's being shared, have a look here. (Thanks Rob!)

Creating a docker network

To have the containers talk to each other and also the ability to add other services to the same network without including them in the docker-compose.yaml (bots for example), we'll create a docker network.

docker network create matrix-network
# To see what containers are connected (none atm..)
docker network inspect matrix-network

Setting up docker-compose

Now we create a docker-compose.yaml with our two services. Some options here are rather important to the setup so I've commented them in the file. Here is a gist with the contents as well.

cd /opt/matrix
sudo nano docker-compose.yaml
version: "2"
services:
  postgres:
    image: postgres:9.6.4
    restart: always
    
    # I like to be able to use psql on the host to connect to the database 
    # for maintenance. If you already have a postgres running you should remove 
    # the 'ports' section and uncomment 'expose'
    # expose:
    # - 5432
    
    # Adding 127.0.0.1 ensures the port isn't exposed ON the host
    ports:
      - "127.0.0.1:5432:5432"
    volumes:
     - /opt/matrix/pgdata:/var/lib/postgresql/data

    # These will be used in homeserver.yaml later on
    environment:
     - POSTGRES_PASSWORD=YOUR_PASSWORD_HERE
     - POSTGRES_USER=synapse

  synapse:
    image: silviof/docker-matrix
    # Exposing 8008 (no TLS) on localhost means we can reverse proxy with nginx
    # 8448 is for federation and should be exposed on host
    # 3478 is for TURN (voip calls)
    ports:
     - "127.0.0.1:8008:8008"
     - "8448:8448"
     - "3478:3478"
    volumes:
     - /opt/matrix/synapse:/data

# Our docker network!
networks:
  default:
    external:
      name: matrix-network

Editing homeserver.yaml

There are a couple of places we need to make modifications. We want to disable the built-in webclient and make sure port 8008 is accessible from the host.

sudo nano /opt/matrix/synapse/homeserver.yaml
# I've remove default comments and added mine
listeners:
  -
    port: 8448

    bind_addresses:
      - '0.0.0.0'

    type: http
    tls: true

    resources:
      -
        names:
          - client
          #- webclient  # I've disabled this
        compress: true

      - names: [federation]  # Federation APIs
        compress: false

  # Unsecure HTTP listener,
  - port: 8008
    tls: false
    
    # Since it's running in a container we need to listen to 0.0.0.0
    # The port is only exposed on the host and put behind reverse proxy
    bind_addresses:
      - '0.0.0.0'

    type: http
    x_forwarded: true
    resources:
      # I've removed webclient here as well
      - names: [client]
        compress: true
      - names: [federation]
        compress: false

We change from default sqlite database to postgres with our credentials from docker-compose.yaml.

# Database configuration
database:
  name: psycopg2
  args:
    user: synapse
    password: YOUR_PASSWORD_HERE
    database: synapse

    # This hostname is accessible through the docker network and is set 
    # by docker-compose. If you change the name of the service it will be different
    host: postgres

We'll enable registration to be able to test. You can change this later on.

# Enable registration for new users.
enable_registration: True

☝️ Don't replace the entire homeserver.yaml with this, just make sure the corresponding sections are correct.

Editing log config (optional)

I prefer to have the logs in a separate directory so let's change that. There should be a file in your /opt/matrix/synapse called yourhostname.log.config. Edit it and change to

handlers:
  file:
    filename: /data/log/homeserver.log
# Create the directory
sudo mkdir /opt/matrix/synapse/log

Obtaining Let's Encrypt cert

You need to have certbot installed!

sudo service nginx stop
sudo letsencrypt certonly --standalone -d yourhostname.com
sudo service nginx start

Nginx configuration

Here's the gist.

sudo nano /etc/nginx/sites-available/example.com # or whatever
server {
       listen         80;
       server_name    example.com www.example.com;
       return         301 https://$server_name$request_uri;
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name example.com;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

    # If you don't wanna serve a site, comment this out
    root /var/www/example.com;
    index index.html index.htm;

    location /_matrix {
      proxy_pass http://0.0.0.0:8008;
      proxy_set_header X-Forwarded-For $remote_addr;
    }
 }
sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/example.com

Start all the things!

Now we should be ready to go so let's try.

cd /opt/matrix
docker-compose up -d
docker-compose ps
# Something like this 
matrix_postgres_1   docker-entrypoint.sh postgres   Up      127.0.0.1:5432->5432/tcp
matrix_synapse_1    /start.sh start                 Up      0.0.0.0:3478->3478/tcp, 127.0.0.1:8008->8008/tcp, 0.0.0.0:8448->8448/tcp

If everything looks good

sudo service nginx reload

Register account and login

Here comes the fun part! Let's create an account :)

Any client would do but for this let's use Riot. Click here, fill in your info and change the "Custom server" to the hostname of your newly created one. Adding an email is optional but if you ever need to reset your password you can't without it.

Screen-Shot-2017-09-15-at-12.02.19

If everything is ok you should be greeted by the friendly @riot-bot!

Screen-Shot-2017-09-15-at-12.05.34

Happy happy joy joy

So, hopefully you've made it this far and now have your own Matrix homeserver. There are a lot of neat things to do with Matrix and I'll be posting more about that, bots and other integrations for example. But for now enjoy your awesome federated open source chat and invite some friends!

If you found any errors in this guide or just feel like sharing your appreciation, drop me an email or tweet :)