Difference between revisions of "Matrix/Synapse"

 
Line 2: Line 2:
  
 
Create synapse user and /home/synapse, then follow pip virtualenv steps
 
Create synapse user and /home/synapse, then follow pip virtualenv steps
 +
 +
<pre>
 +
# This assumes that Synapse has been installed under the user synapse
 +
# e.g. https://www.upcloud.com/support/install-matrix-synapse/
 +
 +
[Unit]
 +
Description=Synapse Matrix homeserver
 +
 +
[Service]
 +
Type=simple
 +
User=synapse
 +
Group=synapse
 +
WorkingDirectory=/home/synapse/.synapse
 +
ExecStart=/home/synapse/.synapse/bin/synctl start
 +
ExecStop=/home/synapse/.synapse/bin/synctl stop
 +
PIDFile=/home/synapse/.synapse/homeserver.pid
 +
#ExecStart=/usr/bin/python2.7 -m synapse.app.homeserver --config-path=/home/synapse/.synapse/homeserver.yaml --log-config=/etc/synapse/log_config.yaml
 +
 +
[Install]
 +
WantedBy=multi-user.target
 +
</pre>
 +
 +
== Automated LetsEncrypt ==
  
 
create /etc/pki/synapse with permissions to synapse user chmod 600
 
create /etc/pki/synapse with permissions to synapse user chmod 600
Line 20: Line 43:
 
   chmod 600 /etc/pki/synapse/matrix.bibanon.org.key
 
   chmod 600 /etc/pki/synapse/matrix.bibanon.org.key
 
   chmod 600 /etc/pki/synapse/matrix.bibanon.org.crt
 
   chmod 600 /etc/pki/synapse/matrix.bibanon.org.crt
systemctl restart synapse
+
  systemctl restart synapse
 
   echo "synapse matrix server.pem updated. synapse may need to be restarted."
 
   echo "synapse matrix server.pem updated. synapse may need to be restarted."
 
fi
 
fi
Line 30: Line 53:
  
 
add it to /etc/sysconfig/certbot , enable certbot-renew service
 
add it to /etc/sysconfig/certbot , enable certbot-renew service
 
<pre>
 
# This assumes that Synapse has been installed under the user synapse
 
# e.g. https://www.upcloud.com/support/install-matrix-synapse/
 
 
[Unit]
 
Description=Synapse Matrix homeserver
 
 
[Service]
 
Type=simple
 
User=synapse
 
Group=synapse
 
WorkingDirectory=/home/synapse/.synapse
 
ExecStart=/home/synapse/.synapse/bin/synctl start
 
ExecStop=/home/synapse/.synapse/bin/synctl stop
 
PIDFile=/home/synapse/.synapse/homeserver.pid
 
#ExecStart=/usr/bin/python2.7 -m synapse.app.homeserver --config-path=/home/synapse/.synapse/homeserver.yaml --log-config=/etc/synapse/log_config.yaml
 
 
[Install]
 
WantedBy=multi-user.target
 
</pre>
 

Latest revision as of 17:04, 7 September 2017

https://www.upcloud.com/support/install-matrix-synapse/

Create synapse user and /home/synapse, then follow pip virtualenv steps

# This assumes that Synapse has been installed under the user synapse
# e.g. https://www.upcloud.com/support/install-matrix-synapse/

[Unit]
Description=Synapse Matrix homeserver

[Service]
Type=simple
User=synapse
Group=synapse
WorkingDirectory=/home/synapse/.synapse
ExecStart=/home/synapse/.synapse/bin/synctl start
ExecStop=/home/synapse/.synapse/bin/synctl stop
PIDFile=/home/synapse/.synapse/homeserver.pid
#ExecStart=/usr/bin/python2.7 -m synapse.app.homeserver --config-path=/home/synapse/.synapse/homeserver.yaml --log-config=/etc/synapse/log_config.yaml

[Install]
WantedBy=multi-user.target

Automated LetsEncrypt

create /etc/pki/synapse with permissions to synapse user chmod 600

# cat /usr/local/bin/synapse-renewal-hook 
#!/bin/sh
echo "Letsencrypt renewal hook running..."
echo "RENEWED_DOMAINS=$RENEWED_DOMAINS"
echo "RENEWED_LINEAGE=$RENEWED_LINEAGE"

if grep --quiet "matrix.bibanon.org" <<< "$RENEWED_DOMAINS"; then
  # copy over the certificate for matrix to the pki directory with correct permissions
  cat $RENEWED_LINEAGE/privkey.pem > /etc/pki/synapse/matrix.bibanon.org.key
  cat $RENEWED_LINEAGE/fullchain.pem > /etc/pki/synapse/matrix.bibanon.org.crt
  chown synapse:synapse /etc/pki/synapse/matrix.bibanon.org.key
  chown synapse:synapse /etc/pki/synapse/matrix.bibanon.org.crt
  chmod 600 /etc/pki/synapse/matrix.bibanon.org.key
  chmod 600 /etc/pki/synapse/matrix.bibanon.org.crt
  systemctl restart synapse
  echo "synapse matrix server.pem updated. synapse may need to be restarted."
fi

Also use reverse proxy for easier client access without the port: https://github.com/matrix-org/synapse#using-a-reverse-proxy-with-synapse

https://community.letsencrypt.org/t/how-to-use-certs-in-non-root-services/2690

add it to /etc/sysconfig/certbot , enable certbot-renew service