The net/synapse port

synapse-1.30.0 – open network for secure, decentralized communication (cvsweb github)

Description

Matrix specifies a set of RESTful HTTP JSON APIs as an open standard for
federated Instant Messaging and VoIP (creating and managing distributed chat
rooms without points of control or failure, cryptographically secure state
synchronisation across an open network, etc).

In Matrix, every user runs one or more Matrix clients, which connect
through to a Matrix homeserver. The homeserver stores all their personal
chat history and user account information.

Synapse is a reference "homeserver" implementation of Matrix.
WWW: https://matrix.org/

Readme

$OpenBSD: README,v 1.2 2020/04/21 19:14:12 kn Exp $

+-------------------------------------------------------------------------------
| Running ${PKGSTEM} on OpenBSD
+-------------------------------------------------------------------------------

Generate a config
=================

As root (or _synapse), go into ${LOCALSTATEDIR}/synapse, then use
doas -u _synapse ${MODPY_BIN} -m synapse.app.homeserver \
	-c ${LOCALSTATEDIR}/synapse/homeserver.yaml --generate-config \
	--server-name matrix.example.com --report-stats=no \
	--generate-keys --keys-directory ${LOCALSTATEDIR}/synapse

Register a user
===============
doas -u _synapse \
	${PREFIX}/share/synapse/register_new_matrix_user \
	-c ${LOCALSTATEDIR}/synapse/homeserver.yaml \
	http://localhost:8008

Configuration with TLS
======================

By default, synapse will run without TLS on localhost:8008
This means that you will not be able to connect to your server remotely.
The best way to achieve remote connectivity is through a reverse proxy.

Here is a relayd.conf(5) example:

  http protocol synapse {
    match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
    match request header append "X-Forwaded-By" value "$SERVER_ADDR:$SERVER_PORT"

    tls keypair "matrix.example.com"

    match request header set "Connection" value "close"
  }

  relay "synapse" {
    listen on matrix.example.com port 443 tls
    protocol "synapse"
    forward to 127.0.0.1 port 8008 
  }

  relay "synapse-server" {
    listen on matrix.example.com port 8448 tls
    protocol "synapse"
    forward to 127.0.0.1 port 8008
  }

Here is an Nginx vhost reverse proxy example:

    server {
        listen 443 ssl;
        listen [::]:443 ssl;
        ssl_certificate /etc/ssl/matrix.example.com.pem;
        ssl_certificate_key /etc/ssl/private/matrix.example.com.key;
        server_name matrix.example.com;

        location /_matrix {
            proxy_pass http://localhost:8008;
            proxy_set_header X-Forwarded-For $remote_addr;
        }
    }

    server {
        listen 8448 ssl default_server;
        listen [::]:8448 ssl default_server;
        ssl_certificate /etc/ssl/matrix.example.com.pem;
        ssl_certificate_key /etc/ssl/private/matrix.example.com.key;
        server_name matrix.example.com;

        location / {
            proxy_pass http://localhost:8008;
            proxy_set_header X-Forwarded-For $remote_addr;
        }
    }

Maintainer

Renaud Allard

Categories

lang/python net

Build dependencies

Run dependencies

Test dependencies

Files

Search
File Descr
Path Name
Category Maintainer