Matrix/Synapse: Difference between revisions

From Bibliotheca Anonoma
No edit summary
No edit summary
 
(One intermediate revision by the same user not shown)
Line 2: Line 2:


Create synapse user and /home/synapse, then follow pip virtualenv steps
Create synapse user and /home/synapse, then follow pip virtualenv steps
<pre>
# This assumes that Synapse has been installed under the user synapse
# e.g. https://www.upcloud.com/support/install-matrix-synapse/
[Unit]
Description=Synapse Matrix homeserver
[Service]
Type=simple
User=synapse
Group=synapse
WorkingDirectory=/home/synapse/.synapse
ExecStart=/home/synapse/.synapse/bin/synctl start
ExecStop=/home/synapse/.synapse/bin/synctl stop
PIDFile=/home/synapse/.synapse/homeserver.pid
#ExecStart=/usr/bin/python2.7 -m synapse.app.homeserver --config-path=/home/synapse/.synapse/homeserver.yaml --log-config=/etc/synapse/log_config.yaml
[Install]
WantedBy=multi-user.target
</pre>
== Automated LetsEncrypt ==


create /etc/pki/synapse with permissions to synapse user chmod 600
create /etc/pki/synapse with permissions to synapse user chmod 600
Line 20: Line 43:
   chmod 600 /etc/pki/synapse/matrix.bibanon.org.key
   chmod 600 /etc/pki/synapse/matrix.bibanon.org.key
   chmod 600 /etc/pki/synapse/matrix.bibanon.org.crt
   chmod 600 /etc/pki/synapse/matrix.bibanon.org.crt
systemctl restart synapse
  systemctl restart synapse
   echo "synapse matrix server.pem updated. synapse may need to be restarted."
   echo "synapse matrix server.pem updated. synapse may need to be restarted."
fi
fi
</pre>
</pre>
Also use reverse proxy for easier client access without the port: https://github.com/matrix-org/synapse#using-a-reverse-proxy-with-synapse


https://community.letsencrypt.org/t/how-to-use-certs-in-non-root-services/2690
https://community.letsencrypt.org/t/how-to-use-certs-in-non-root-services/2690


add it to /etc/sysconfig/certbot , enable certbot-renew service
add it to /etc/sysconfig/certbot , enable certbot-renew service

Latest revision as of 17:04, 7 September 2017

https://www.upcloud.com/support/install-matrix-synapse/

Create synapse user and /home/synapse, then follow pip virtualenv steps

# This assumes that Synapse has been installed under the user synapse
# e.g. https://www.upcloud.com/support/install-matrix-synapse/

[Unit]
Description=Synapse Matrix homeserver

[Service]
Type=simple
User=synapse
Group=synapse
WorkingDirectory=/home/synapse/.synapse
ExecStart=/home/synapse/.synapse/bin/synctl start
ExecStop=/home/synapse/.synapse/bin/synctl stop
PIDFile=/home/synapse/.synapse/homeserver.pid
#ExecStart=/usr/bin/python2.7 -m synapse.app.homeserver --config-path=/home/synapse/.synapse/homeserver.yaml --log-config=/etc/synapse/log_config.yaml

[Install]
WantedBy=multi-user.target

Automated LetsEncrypt[edit]

create /etc/pki/synapse with permissions to synapse user chmod 600

# cat /usr/local/bin/synapse-renewal-hook 
#!/bin/sh
echo "Letsencrypt renewal hook running..."
echo "RENEWED_DOMAINS=$RENEWED_DOMAINS"
echo "RENEWED_LINEAGE=$RENEWED_LINEAGE"

if grep --quiet "matrix.bibanon.org" <<< "$RENEWED_DOMAINS"; then
  # copy over the certificate for matrix to the pki directory with correct permissions
  cat $RENEWED_LINEAGE/privkey.pem > /etc/pki/synapse/matrix.bibanon.org.key
  cat $RENEWED_LINEAGE/fullchain.pem > /etc/pki/synapse/matrix.bibanon.org.crt
  chown synapse:synapse /etc/pki/synapse/matrix.bibanon.org.key
  chown synapse:synapse /etc/pki/synapse/matrix.bibanon.org.crt
  chmod 600 /etc/pki/synapse/matrix.bibanon.org.key
  chmod 600 /etc/pki/synapse/matrix.bibanon.org.crt
  systemctl restart synapse
  echo "synapse matrix server.pem updated. synapse may need to be restarted."
fi

Also use reverse proxy for easier client access without the port: https://github.com/matrix-org/synapse#using-a-reverse-proxy-with-synapse

https://community.letsencrypt.org/t/how-to-use-certs-in-non-root-services/2690

add it to /etc/sysconfig/certbot , enable certbot-renew service