Step-by-Step Guide to Installing Synapse Matrix Server on Ubuntu 22.04
10:57, 26.12.2023
Matrix is an open-source, decentralized, and easy-to-use software for private communication. It can be used for calling or messaging. Matrix provides encryption for secure communication channels on the web.
Synapse is the default Python-based Matrix server. The installation of the server is accessible to even non-tech-savvy users.
In this article, we'll guide you through the steps for installing Synapse Matrix Server.
Step 1: Installation of the Synapse Matrix Server
There are a couple of things you need to take care of before we get started.
Make sure you have the following:
- A server running on Ubuntu 22.04
- A domain name associated with your server's IP address
- A root access to the server and root password
With that out of the way, you need to update the system packages next, using:
apt update -y
Install the necessary dependencies with the following command:
apt install curl wget gnupg2 apt-transport-https -y
And choose and insert the name of your server:
$ sudo nano /etc/hosts
IP address domain.name
Now you can proceed with the installation of the Synapse Matrix Server.
Add the GPG key and repository of the Matrix Synapse:
sudo wget -O /usr/share/keyrings/matrix-org-archive-keyring.gpg https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/matrix-org-archive-keyring.gpg] https://packages.matrix.org/debian/ $(lsb_release -cs) main" |sudo tee /etc/apt/sources.list.d/matrix-org.list
Update OS and install Matrix, using:
sudo apt update sudo apt install matrix-synapse-py3
Run the Matrix Synapse:
sudo systemctl start matrix-synapse sudo systemctl enable matrix-synapse
You can check whether the Matrix Synapse is running by issuing:
$ systemctl status matrix-synapse (there should be "active (running)" line in the "Active" section)
Step 2: Configuration of Synapse Matrix
To configure the Synapse Matrix Server, you need to generate a Matrix password first:
cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1
After you generate a password for Matrix, edit the Matrix configuration file:
sudo nano /etc/matrix-synapse/homeserver.yaml
In the configuration file, you need to change bind addresses to a local IP address, turn off Matrix registration, and insert the generated password like this:
listeners:
- port: 8008
tls: false
type: http
x_forwarded: true
bind_addresses: ['127.0.0.1']
resources:
- names: [client, federation]
compress: false
enable_registration: false
registration_shared_secret: "V6jKdIsl6GUdvpksSlQDCX5P94kJfFGk"
Save the file and restart Matrix Synapse.
Step 3: Creation of a New Matrix User
The creation of a Matrix user can help connect to a Matrix server through a Matrix client. To create a new user, run the following command:
register_new_matrix_user -c /etc/matrix-synapse/homeserver.yaml http://localhost:8008
Then, follow the example below:
New user localpart [root]: admin
Password:
Confirm password:
Make admin [no]: yes
Sending registration request... Success!
Now, a new user has been created.
Step 4: Setting up an SSL Certificate for the Matrix Server
If you don't set up an SSL Certificate for your Matrix Server, you will be accessing it through HTTP, which means that you'll be threatening the security of your data. To avoid this, you can issue a self-signed certificate or a Let's Encrypt certificate.
Utilizing a Self-Signed Certificate
Find the folder that stores the certificates, and run the following command in there:
openssl req \
-newkey rsa:2048 -nodes -keyout matrix.key \
-x509 -days 365 -out Matrix.crt
To complete, fill out the form that will going to appear after.
Then, transfer the certificate file to an accessible directory:
sudo mv matrix.crt Matrix.key /etc/pki/certificates/
Obtaining a Let's Encrypt Certificate
Let's Encrypt allows you to get SSL certificates for free, and is one of the simplest ways to obtain an SSL certificate. Here's how to do that.
You need to install the Certbot client first. You can do that running:
sudo apt install certbot -y
Generate the certificate with the following command (insert your email address and domain name):
certbot certonly --rsa-key-size 2048 --standalone --agree-tos --no-eff-email --emailyour email address-d your domain name
Now, you have your SSL certificate.
Step 5: Configuring Nginx for the Matrix Server
With Matrix Synapse, Nginx is commonly used as a reverse proxy.
You need to install Nginx first. You can do that with the following command:
sudo apt install nginx
To start using Nginx as a reverse proxy, you need to create a separate configuration file for your server:
sudo nano /etc/nginx/sites-available/matrix.conf
In the file, insert the underlined sections:
server {
listen 80;
server_name matrix.example.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name matrix.example.com;
ssl_certificate /etc/pki/certificates/matrix.crt;
ssl_certificate_key /etc/pki/certificates/matrix.key;
location /_matrix {
proxy_pass localhost:8008
proxy_set_header X-Forwarded-For $remote_addr;
# Nginx, by default, only allows file uploads up to 1M in size
#Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
client_max_body_size 10M;
}
}
# This is used for Matrix Federation
# which is using default TCP port '8448'
server {
listen 8448 ssl;
server_name matrix.example.com;
ssl_certificate /etc/pki/certificates/matrix.crt;
ssl_certificate_key /etc/pki/certificates/matrix.key;
location / {
proxy_pass http:localhost:8008
proxy_set_header X-Forwarded-For $remote_addr;
}
}
Save the file.
Now, to check if the file contains any errors, use this command to run the test:
$ sudo nginx -t
To activate a virtual host, you can create a symbolic link for the configuration file in the /etc/nginx/sites-enabled directory:
sudo ln -s /etc/nginx/sites-available/matrix.conf /etc/nginx/sites-enabled/
To apply changes, restart Nginx (sudo systemctl restart nginx).
Step 6: Firewall Settings
If you're using a firewall, you need to additionally allow the Matrix service to go through it:
sudo ufw allow 8448 sudo ufw allow https sudo ufw allow http
You can check the status with the following command:
$ sudo ufw status
Step 7: Accessing Matrix Synapse
Accessing Matrix Synapse Server is easy. All you need to do is input the following in the web browser's search bar:
https://your domain:8448.
Conclusion
Matrix Synapse is a server-based integration of the Matrix protocol for secure communication. It is a software server that provides the services of communication and synchronization of data across the Matrix network.
The key features of Matrix Synapse Server include:
- Secure communication. The Matrix Synapse Server is meant to provide secure connection and communication across the web. Since the data shared through Matrix is spread out through multiple servers (since Matrix is decentralized), it provides more secure and protected communication.
- Decentralized nature. Matrix Synapse provides a decentralized architecture, meaning users can have their own Matrix Synapse server. This gives users control over their data and communications as they follow the decentralized systems philosophy.
- Enhanced security. Matrix Synapse uses various security measures that protect the server from data breaches, service attacks, etc. It's also known for integrating secure communication protocols, including TLS and end-to-end encryption.
- Easy-to-integrate. Matrix is easy to integrate with various systems and services.
Last but not least, Matrix Synapse is easy to install and configure. We hope this tutorial has proven you this!