synapse-1.121.1 – open network for secure, decentralized communication (cvsweb github mirror)

Description

Matrix specifies a set of RESTful HTTP JSON APIs as an open standard for
federated Instant Messaging and VoIP (creating and managing distributed chat
rooms without points of control or failure, cryptographically secure state
synchronisation across an open network, etc).

In Matrix, every user runs one or more Matrix clients, which connect
through to a Matrix homeserver. The homeserver stores all their personal
chat history and user account information.

Synapse is a reference "homeserver" implementation of Matrix.

WWW: https://matrix.org/

Readme

+-------------------------------------------------------------------------------
| Running ${PKGSTEM} on OpenBSD
+-------------------------------------------------------------------------------

Generate a config
=================

As root (or _synapse), go into ${LOCALSTATEDIR}/synapse, then use
doas -u _synapse ${MODPY_BIN} -m synapse.app.homeserver \
	-c ${LOCALSTATEDIR}/synapse/homeserver.yaml --generate-config \
	--server-name matrix.example.com --report-stats=no \
	--keys-directory ${LOCALSTATEDIR}/synapse

Register a user
===============
doas -u _synapse \
	${PREFIX}/bin/register_new_matrix_user \
	-c ${LOCALSTATEDIR}/synapse/homeserver.yaml \
	http://localhost:8008

Updating the database after an upgrade
======================================
On startup, synapse will fail to start if the database schema is too old.
So, after an upgrade of synapse, you should update the database.
It can be done with a command like this one:
doas -u _synapse ${PREFIX}/bin/update_synapse_database \
	--database-config /var/synapse/homeserver.yaml \
	--run-background-updates

Configuration with TLS
======================

By default, synapse will run without TLS on localhost:8008
This means that you will not be able to connect to your server remotely.
The best way to achieve remote connectivity is through a reverse proxy.

Here is a relayd.conf(5) example:

  http protocol synapse {
    match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
    match request header append "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT"

    tls keypair "matrix.example.com"

    match request header set "Connection" value "close"
  }

  relay "synapse" {
    listen on matrix.example.com port 443 tls
    protocol "synapse"
    forward to 127.0.0.1 port 8008
  }

  relay "synapse-server" {
    listen on matrix.example.com port 8448 tls
    protocol "synapse"
    forward to 127.0.0.1 port 8008
  }

Here is an Nginx vhost reverse proxy example:

    server {
        listen 443 ssl;
        listen [::]:443 ssl;
        ssl_certificate /etc/ssl/matrix.example.com.pem;
        ssl_certificate_key /etc/ssl/private/matrix.example.com.key;
        server_name matrix.example.com;

        location /_matrix {
            proxy_pass http://localhost:8008;
            proxy_set_header X-Forwarded-For $remote_addr;
        }
    }

    server {
        listen 8448 ssl default_server;
        listen [::]:8448 ssl default_server;
        ssl_certificate /etc/ssl/matrix.example.com.pem;
        ssl_certificate_key /etc/ssl/private/matrix.example.com.key;
        server_name matrix.example.com;

        location / {
            proxy_pass http://localhost:8008;
            proxy_set_header X-Forwarded-For $remote_addr;
        }
    }

Maintainer

Renaud Allard

Categories

lang/python lang/rust net

Build dependencies

Run dependencies

Test dependencies

Reverse dependencies

Files

Ports Readmes 7.52, created on 2024-12-18, powered by Dancer 1.3521