Skip to content

BLACK4585/matrix-docker

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

72 Commits
matrix
matrix
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
logo.png
logo.png
 
 

Repository files navigation

ScreenShot

Setup Matrix with docker-compose

This repository helps you run your messaging application.

Note

As I recently cleaned up this guide, there might be some issues from the old version left. If you find any issues or unclear instructions please open an issue!

You can set up all you need for the matrix in less than an hour. It will install the following applications for you.

  • Synapse (Matrix Server)
  • Element-web (Matrix web client)
  • PostgreSQL (Database)
  • Coturn (Turn server)
  • Caddy (Reverse Proxy with automatic HTTPS and Webserver)
  • Matrix JWT Server (Authentication Server for Element Call)
  • Livekit server (Communication Server for Element Call)
  • Synapse Admin (Web admin dashboard for Synapse)

Note

In this tutorial we will set up the new Element Call system as well as the old Turn system. This is useful for users who might still use the old Element Classic App but also to make the new Livekit System more reliable.

Note

There are many different ways to install Matrix and its dependencies. In this tutorial we will use Caddy as a reverse proxy and webserver. I assume you have nothing but Docker and ComposeV2 currently installed, so we install all neccessary tools throughout the tutorial. If you already got e. g. Caddy running, you can just adapt your Caddyfile. If you want to use Traefik with NGINX you can find some config examples in the original Repository.

Important

I forked the original Repository since I wanted to use my own exisiting webserver and infrastructure. But also there are some issues in the tutorial and config files which are fixed here. Keep that in mind if you mix and match some config files, e.g. for NGINX and adapt everything accordingly.

Requirements

  • Docker
  • Docker Compose Plugin

Installation

1. Add these three subdomains to your DNS:

matrix.<example.com>
livekit.matrix.<example.com>
turn.<example.com>

You could also leave away the turn subdomain and run coTURN over the matrix subdomain. I added the entry for visual clarification, as I use my coTURN in other services, too. Adding matrix... as a turn server domain in eg Nextcloud seems a bit off to me. As you can see in the Caddyfile nothing happens behind the turn subdomain, it's just there to get the SSL certificate and a DNS entry. If you leave the entry away and run coTURN using eg the matrix subdomain, remember to use it's certificate later on in the guide.

Note

In this tutorial we will give the whole Matrix infrastructure its own subdomain (matrix.example.com). If you want to use your root domain, remove matrix. from every URL you see in this tutorial accordingly.

2. Open the following ports respectively for your setup on your server:

5349           TCP      # Turnserver TLS Port
49000-50000    UDP      # Turnserver UDP Range
3478           TCP/UDP  # Turnserver default Port
80             TCP      # Caddy HTTP ACME challenges
443            TCP/UDP  # Caddy default HTTPS for (Matrix) traffic
7881           TCP      # Matrix LiveKit TCP Fallback
50100-50200    UDP      # Matrix LiveKit UDP Media Range

3. Clone the repository and go to the ./matrix directory.

Note

In this tutorial, this is the place where all config files and folders live. If you want to use a different folder structure, copy and adopt the config files accordingly.

4. Adjust the config files to your setup

  • Rename .env.example to .env and change <example.com> to your domain and <COMPLEX_PASSWORD> to a strong password.
  • Change every <example.com> in the docker-compose.yml and ./caddy/Caddyfile to your domain.
  • Run tr -dc 'a-zA-Z0-9' </dev/urandom | head -c 64 in your terminal and insert the output in <SUPER_SECRET_KEY> in the docker-compose.yml and ./livekit/config.yaml
  • Run tr -dc 'a-zA-Z0-9' </dev/urandom | head -c 64 in your terminal and insert the output in <SUPER_SECRET_SECRET> in the docker-compose.yml and ./livekit/config.yaml

5. Run docker compose up and after 1 minute stop it to do the next action.

6. Edit ./matrix/coturn/_data/turnserver.conf to apply the below configuration:

  • Replace <LONG_SECRET_KEY> with a secure random password.
  • Replace <example.com> with your domain.
  • Change <YOUR_SERVER_IP> to your server's public IP address.

7. Replace <example.com> with your domain in the following command and run it

docker run -it --rm -v ./synapse:/data -e SYNAPSE_SERVER_NAME=<example.com> -e SYNAPSE_REPORT_STATS=no matrixdotorg/synapse:latest generate

8. Edit ./matrix/synapse/homeserver.yaml and insert the snippets below:

  • Replace <COMPLEX_PASSWORD> with the POSTGRES_PASSWORD you set in your .env.

Don't worry about the database security, this is not going to be exposed to the internet.

database:
  name: psycopg2
  txn_limit: 10000
  args:
    user: synapse
    password: <COMPLEX_PASSWORD>
    database: synapse
    host: synapse_db
    port: 5432
    cp_min: 5
    cp_max: 10


  • Change every <example.com> to your domain address.
  • Change <LONG_SECRET_KEY> to the secret key that you chose before in ./matrix/coturn/_data/turnserver.conf
turn_uris:
  - "turn:turn.<example.com>?transport=udp"
  - "turn:turn.<example.com>?transport=tcp"
  - "turns:turn.<example.com>?transport=udp"
  - "turns:turn.<example.com>?transport=tcp"
turn_shared_secret: "<LONG_SECRET_KEY>"
turn_user_lifetime: 86400000
turn_allow_guests: false

Note

If you host your Turn server somewhere else or want to use an existing one replace the whole domains with your respective domain pointing to your Turn server.



  • For the new Element Call system you also need to append the following config:
experimental_features:
  # MSC3266: Room summary API. Used for knocking over federation
  msc3266_enabled: true
  # MSC4222 needed for syncv2 state_after. This allow clients to
  # correctly track the state of the room.
  msc4222_enabled: true
  msc4140_enabled: true

# The maximum allowed duration by which sent events can be delayed, as
# per MSC4140.
max_event_delay_duration: 24h

rc_message:
  # This needs to match at least e2ee key sharing frequency plus a bit of headroom
  # Note key sharing events are bursty
  per_second: 0.5
  burst_count: 30

rc_delayed_event_mgmt:
  # This needs to match at least the heart-beat frequency plus a bit of headroom
  # Currently the heart-beat is every 5 seconds which translates into a rate of 0.2s
  per_second: 1
  burst_count: 20

9. Edit ./matrix/element/config.json and change the following values:

  • Replace <example.com> with your domain
  • Replace <ISO_COUNTRY_CODE> with your ISO 3166 alpha2 Country Code

Note

You can further customize the config and thus the functionality of your Element web client to your needs. You can find information about the config here and about the (beta) feature flags here

Note

feature_video_rooms, feature_group_calls, feature_element_call_video_rooms are currently required for the new Element Call system.

Warning

This is my current config. There will be changes in the future from Element, especially regarding the feature flags. So I recommend reading through the config documentation and also the current lab features to see if something changed.

10. Prepare TLS Certificates for coTURN

Get the certificates from Caddy:

  1. Copy ./caddy/data/caddy/caddy_data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/turn.<example.com>/turn.<example.com>.crt to ./coturn-certs.
  2. Copy ./caddy/data/caddy/caddy_data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/turn.<example.com>/turn.<example.com>.key to ./coturn-certs.

Prepare the certificates for coTURN:

  1. Run openssl x509 -in ./coturn-certs/turn.<example.com>.crt -out ./coturn-certs/turn-cert.pem in a terminal to convert the .crt to a .pem file coTURN can read.
  2. Rename ./coturn-certs/turn.<example.com>.key to ./coturn-certs/turn-privkey.pem
  3. Change the permissions of both .pem files to 777 with chmod 777 ./coturn-certs/turn-<cert/privkey>.pem

11. Run the containers with docker compose up and if everything goes well, stop them and run docker compose up -d to run the containers in the background.

Testing

  1. The matrix URL (https://matrix.<example.com>) must show the Element login page
  2. Caddy must respond to these two URLs
  3. You can test the federation on the link below
  4. You can log in to your Element client at https://matrix.<example.com>

Add new user

Run the below command to create a user.

docker exec -it matrix-synapse-1 register_new_matrix_user -c /data/homeserver.yaml http://localhost:8008

Enable registration

By default, registration is disabled, and users must be added using the command line. If you want to allow everybody to register in your matrix, you can add the below line to the end of ./matrix/synapse/_data/homeserver.yaml file.

enable_registration: true

Run docker compose restart to apply the new setting.

If you need to have email verification enabled or a captcha on registration, you can read the link below:

https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#registration

For more information, you can watch the tutorials

https://www.youtube.com/watch?v=JCsw1bbBjAM

https://matrix.org/docs/guides/understanding-synapse-hosting

https://gist.github.com/matusnovak/37109e60abe79f4b59fc9fbda10896da?permalink_comment_id=3626248#optional-turn-server-video-calls

TODO

  • Certificates to Coturn script
  • Figure out the right permissions for the coTURN certificates

Credits

About

Deploy matrix with all dependencies using docker-compose

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors