Matrix/Synapse: Difference between revisions

From Bibliotheca Anonoma
(Created page with "https://www.upcloud.com/support/install-matrix-synapse/ <pre> # cat /usr/local/bin/synapse-renewal-hook #!/bin/sh echo "Letsencrypt renewal hook running..." echo "RENEWED_DO...")
 
No edit summary
 
(4 intermediate revisions by the same user not shown)
Line 1: Line 1:
https://www.upcloud.com/support/install-matrix-synapse/
https://www.upcloud.com/support/install-matrix-synapse/
Create synapse user and /home/synapse, then follow pip virtualenv steps
<pre>
# This assumes that Synapse has been installed under the user synapse
# e.g. https://www.upcloud.com/support/install-matrix-synapse/
[Unit]
Description=Synapse Matrix homeserver
[Service]
Type=simple
User=synapse
Group=synapse
WorkingDirectory=/home/synapse/.synapse
ExecStart=/home/synapse/.synapse/bin/synctl start
ExecStop=/home/synapse/.synapse/bin/synctl stop
PIDFile=/home/synapse/.synapse/homeserver.pid
#ExecStart=/usr/bin/python2.7 -m synapse.app.homeserver --config-path=/home/synapse/.synapse/homeserver.yaml --log-config=/etc/synapse/log_config.yaml
[Install]
WantedBy=multi-user.target
</pre>
== Automated LetsEncrypt ==
create /etc/pki/synapse with permissions to synapse user chmod 600


<pre>
<pre>
Line 11: Line 38:
   # copy over the certificate for matrix to the pki directory with correct permissions
   # copy over the certificate for matrix to the pki directory with correct permissions
   cat $RENEWED_LINEAGE/privkey.pem > /etc/pki/synapse/matrix.bibanon.org.key
   cat $RENEWED_LINEAGE/privkey.pem > /etc/pki/synapse/matrix.bibanon.org.key
   cat $RENEWED_LINEAGE/cert.pem > /etc/pki/synapse/matrix.bibanon.org.crt
   cat $RENEWED_LINEAGE/fullchain.pem > /etc/pki/synapse/matrix.bibanon.org.crt
   chown synapse:synapse /etc/pki/synapse/matrix.bibanon.org.key
   chown synapse:synapse /etc/pki/synapse/matrix.bibanon.org.key
   chown synapse:synapse /etc/pki/synapse/matrix.bibanon.org.crt
   chown synapse:synapse /etc/pki/synapse/matrix.bibanon.org.crt
   chmod 600 /etc/pki/synapse/matrix.bibanon.org.key
   chmod 600 /etc/pki/synapse/matrix.bibanon.org.key
   chmod 600 /etc/pki/synapse/matrix.bibanon.org.crt
   chmod 600 /etc/pki/synapse/matrix.bibanon.org.crt
systemctl restart synapse
  systemctl restart synapse
   echo "synapse matrix server.pem updated. synapse may need to be restarted."
   echo "synapse matrix server.pem updated. synapse may need to be restarted."
fi
fi
</pre>
</pre>
Also use reverse proxy for easier client access without the port: https://github.com/matrix-org/synapse#using-a-reverse-proxy-with-synapse
https://community.letsencrypt.org/t/how-to-use-certs-in-non-root-services/2690


add it to /etc/sysconfig/certbot , enable certbot-renew service
add it to /etc/sysconfig/certbot , enable certbot-renew service

Latest revision as of 17:04, 7 September 2017

https://www.upcloud.com/support/install-matrix-synapse/

Create synapse user and /home/synapse, then follow pip virtualenv steps

# This assumes that Synapse has been installed under the user synapse
# e.g. https://www.upcloud.com/support/install-matrix-synapse/

[Unit]
Description=Synapse Matrix homeserver

[Service]
Type=simple
User=synapse
Group=synapse
WorkingDirectory=/home/synapse/.synapse
ExecStart=/home/synapse/.synapse/bin/synctl start
ExecStop=/home/synapse/.synapse/bin/synctl stop
PIDFile=/home/synapse/.synapse/homeserver.pid
#ExecStart=/usr/bin/python2.7 -m synapse.app.homeserver --config-path=/home/synapse/.synapse/homeserver.yaml --log-config=/etc/synapse/log_config.yaml

[Install]
WantedBy=multi-user.target

Automated LetsEncrypt[edit]

create /etc/pki/synapse with permissions to synapse user chmod 600

# cat /usr/local/bin/synapse-renewal-hook 
#!/bin/sh
echo "Letsencrypt renewal hook running..."
echo "RENEWED_DOMAINS=$RENEWED_DOMAINS"
echo "RENEWED_LINEAGE=$RENEWED_LINEAGE"

if grep --quiet "matrix.bibanon.org" <<< "$RENEWED_DOMAINS"; then
  # copy over the certificate for matrix to the pki directory with correct permissions
  cat $RENEWED_LINEAGE/privkey.pem > /etc/pki/synapse/matrix.bibanon.org.key
  cat $RENEWED_LINEAGE/fullchain.pem > /etc/pki/synapse/matrix.bibanon.org.crt
  chown synapse:synapse /etc/pki/synapse/matrix.bibanon.org.key
  chown synapse:synapse /etc/pki/synapse/matrix.bibanon.org.crt
  chmod 600 /etc/pki/synapse/matrix.bibanon.org.key
  chmod 600 /etc/pki/synapse/matrix.bibanon.org.crt
  systemctl restart synapse
  echo "synapse matrix server.pem updated. synapse may need to be restarted."
fi

Also use reverse proxy for easier client access without the port: https://github.com/matrix-org/synapse#using-a-reverse-proxy-with-synapse

https://community.letsencrypt.org/t/how-to-use-certs-in-non-root-services/2690

add it to /etc/sysconfig/certbot , enable certbot-renew service