Matrix/Synapse: Difference between revisions
From Bibliotheca Anonoma
Antonizoon (talk | contribs) No edit summary |
Antonizoon (talk | contribs) No edit summary |
||
(3 intermediate revisions by the same user not shown) | |||
Line 2: | Line 2: | ||
Create synapse user and /home/synapse, then follow pip virtualenv steps | Create synapse user and /home/synapse, then follow pip virtualenv steps | ||
<pre> | |||
# This assumes that Synapse has been installed under the user synapse | |||
# e.g. https://www.upcloud.com/support/install-matrix-synapse/ | |||
[Unit] | |||
Description=Synapse Matrix homeserver | |||
[Service] | |||
Type=simple | |||
User=synapse | |||
Group=synapse | |||
WorkingDirectory=/home/synapse/.synapse | |||
ExecStart=/home/synapse/.synapse/bin/synctl start | |||
ExecStop=/home/synapse/.synapse/bin/synctl stop | |||
PIDFile=/home/synapse/.synapse/homeserver.pid | |||
#ExecStart=/usr/bin/python2.7 -m synapse.app.homeserver --config-path=/home/synapse/.synapse/homeserver.yaml --log-config=/etc/synapse/log_config.yaml | |||
[Install] | |||
WantedBy=multi-user.target | |||
</pre> | |||
== Automated LetsEncrypt == | |||
create /etc/pki/synapse with permissions to synapse user chmod 600 | create /etc/pki/synapse with permissions to synapse user chmod 600 | ||
Line 15: | Line 38: | ||
# copy over the certificate for matrix to the pki directory with correct permissions | # copy over the certificate for matrix to the pki directory with correct permissions | ||
cat $RENEWED_LINEAGE/privkey.pem > /etc/pki/synapse/matrix.bibanon.org.key | cat $RENEWED_LINEAGE/privkey.pem > /etc/pki/synapse/matrix.bibanon.org.key | ||
cat $RENEWED_LINEAGE/ | cat $RENEWED_LINEAGE/fullchain.pem > /etc/pki/synapse/matrix.bibanon.org.crt | ||
chown synapse:synapse /etc/pki/synapse/matrix.bibanon.org.key | chown synapse:synapse /etc/pki/synapse/matrix.bibanon.org.key | ||
chown synapse:synapse /etc/pki/synapse/matrix.bibanon.org.crt | chown synapse:synapse /etc/pki/synapse/matrix.bibanon.org.crt | ||
chmod 600 /etc/pki/synapse/matrix.bibanon.org.key | chmod 600 /etc/pki/synapse/matrix.bibanon.org.key | ||
chmod 600 /etc/pki/synapse/matrix.bibanon.org.crt | chmod 600 /etc/pki/synapse/matrix.bibanon.org.crt | ||
systemctl restart synapse | |||
echo "synapse matrix server.pem updated. synapse may need to be restarted." | echo "synapse matrix server.pem updated. synapse may need to be restarted." | ||
fi | fi | ||
</pre> | </pre> | ||
Also use reverse proxy for easier client access without the port: https://github.com/matrix-org/synapse#using-a-reverse-proxy-with-synapse | |||
https://community.letsencrypt.org/t/how-to-use-certs-in-non-root-services/2690 | |||
add it to /etc/sysconfig/certbot , enable certbot-renew service | add it to /etc/sysconfig/certbot , enable certbot-renew service |
Latest revision as of 17:04, 7 September 2017
https://www.upcloud.com/support/install-matrix-synapse/
Create synapse user and /home/synapse, then follow pip virtualenv steps
# This assumes that Synapse has been installed under the user synapse # e.g. https://www.upcloud.com/support/install-matrix-synapse/ [Unit] Description=Synapse Matrix homeserver [Service] Type=simple User=synapse Group=synapse WorkingDirectory=/home/synapse/.synapse ExecStart=/home/synapse/.synapse/bin/synctl start ExecStop=/home/synapse/.synapse/bin/synctl stop PIDFile=/home/synapse/.synapse/homeserver.pid #ExecStart=/usr/bin/python2.7 -m synapse.app.homeserver --config-path=/home/synapse/.synapse/homeserver.yaml --log-config=/etc/synapse/log_config.yaml [Install] WantedBy=multi-user.target
Automated LetsEncrypt[edit]
create /etc/pki/synapse with permissions to synapse user chmod 600
# cat /usr/local/bin/synapse-renewal-hook #!/bin/sh echo "Letsencrypt renewal hook running..." echo "RENEWED_DOMAINS=$RENEWED_DOMAINS" echo "RENEWED_LINEAGE=$RENEWED_LINEAGE" if grep --quiet "matrix.bibanon.org" <<< "$RENEWED_DOMAINS"; then # copy over the certificate for matrix to the pki directory with correct permissions cat $RENEWED_LINEAGE/privkey.pem > /etc/pki/synapse/matrix.bibanon.org.key cat $RENEWED_LINEAGE/fullchain.pem > /etc/pki/synapse/matrix.bibanon.org.crt chown synapse:synapse /etc/pki/synapse/matrix.bibanon.org.key chown synapse:synapse /etc/pki/synapse/matrix.bibanon.org.crt chmod 600 /etc/pki/synapse/matrix.bibanon.org.key chmod 600 /etc/pki/synapse/matrix.bibanon.org.crt systemctl restart synapse echo "synapse matrix server.pem updated. synapse may need to be restarted." fi
Also use reverse proxy for easier client access without the port: https://github.com/matrix-org/synapse#using-a-reverse-proxy-with-synapse
https://community.letsencrypt.org/t/how-to-use-certs-in-non-root-services/2690
add it to /etc/sysconfig/certbot , enable certbot-renew service