How to install a Matrix Server on an Ubuntu server
Introduction
Matrix is an open standard for decentralized, real-time communication.
When you install your own Matrix homeserver you can communicate with users having having accounts on different providers via chat or voice other IP.
Basically, with Matrix, you can host your own slack or discord server.
Through the use of bridges, you can even communicate with users on IRC, Slack, Discord, Telegram etc…
The main Matrix Homeserver reference implementation is Synapse: this is a python 3 implementation that you can install on your own server or run using docker.
There is another implementation, named Dendrite: it is also maintained by the Matrix foundation and is written in go.
The Dendrite description states: Dendrite is a second-generation Matrix homeserver written in Go. It intends to provide an efficient, reliable and scalable alternative to Synapse.
In this document, I will show how to install Dendrite on an ubuntu server. I will be using Digital Ocean but the instructions should work with any hosting provider.
Requirements
The requirements to install Dendrite are:
- a Go compiler. Minimum version is Go 1.15.
- a domain name
- a valid TLS certificate. We will use Let’s Encrypt as a trusted authority for that domain
- a PostgreSQL database
- a reverse proxy. We will use Nginx.
Ubuntu Setup
create Ubuntu server
My ubuntu server will be hosted on Digital Ocean (referral link that gives you $100 in credit over 60 days), but any Ubuntu hosting provider should work.
If you use Digital Ocean, my recommendations are:
- use the latest Ubuntu server (was
20.04 (LTS) x64
at the time I wrote that document) - you can use the cheapest droplet ($5 a month) to start with: Basic Shared CPU, regular Intel with SSD.
- choose a region that is the closest to you
- use a “SSH key” for authentication. It is safer, and more convenient, than a password authentication. I named my SSH key
id_droplet_rsa
Once the droplet is created, you will get the IP address and then you can log as root:
DNS setup
Once you have your IP, update your DNS server to add 3 A records pointing to your IP address:
yourdomain.com
www.yourdomain.com
matrix.yourdomain.com
It takes time for the DNS updates to propagate, so better to do that early in the process.
security first
The first step is to make sure that your distribution is up to date.
Update existing packages:
To see the list of upgradable packages
To upgrade all those packages:
You can then reboot your server with the command
Once the server is restarted, you can log back in again as root. That should be the last time you connect as root.
create dendrite user
For obvious security reasons, you don’t want to use the root account to setup your server.
To create a dendrite
user, while you are logged in as root, just type:
The command will prompt with a couple of questions. Make sure to write down the password you choose for that user.
You still want to be able to run command as root, so you need to give the sudo permission to that user:
Finally, you want also to be able to directly connect to the box with that user through SSL. As the root user is already setup for that, you can copy over its SSH authorized key file:
You should be able to login to your server directly with the dendrite
user account:
install zsh and oh-my-zsh
This is NOT a required step, but this will give you IMHO more comfort if you do it:
The command above make zsh your default shell.
One last time, log out and log back in as the dendrite
user
Dendrite installation
Polylith or Monolith?
There are multiple ways to install a Dentrite homeserver, and the installation document describes those options.
A Dentrite homeserver is a collection of services that provide the required functionalities.
You can choose to install all those services as standalone components (Polylith mode). In this mode, you also need to install Apache Kafka as the event streaming system to allow those components to communicate with each other.
Alternatively, you can run all those components in a single process (Monolith mode). This mode uses Naffka to emulate an in-memory Kafka.
Persistence can be achieved using either SQLite (file storage) or a Postgres database.
As recommended in the installation document, we will install Dendrite in monolith mode with a PostgreSQL database.
Postgres installation
Standard way to install Postgres:
Create a user in postgres named dendrite
Take note of the password you used here as we will need it during the configuration phase.
Each Dendrite service needs a database access.
You have 2 options:
- create a different database for each service
- share the same database between all services.
I opted for the simplest solution and created a shared database:
If you need to connect to the PostgreSQL cli, you can just switch to the postgres user and start the psql cli:
Dendrite build
As mentioned in the introduction, Dendrite is written in Go.
We need first to install Go (see installation instructions here). You also need to have gcc installed on your server:
You then need to add the go binaries in your path: add that line at the top of your ~/.zshrc
file:
Log out and log back in for the change of path to take place.
You can check that go is properly installed with:
Now is time to build Dendrite:
This make take a little bit of time, but at the end, you’ll find all the binaries you need in the bin
directory.
Dendrite configuration
You need a private key that will be used to sign some Matrix messages:
Dendrite relies on a single configuration file names dendrite.yaml
— you can use the dendrite-config.yaml
as a starting point:
The installation document will describe the configuration change to be done on that file:
- update
server_name
- update the various database configuration to use your local PostgreSQL instance. The sample config file is configured to use SQLite. We replace the file path with the PostgreSQL connection string (with your dendrite user password)
- enable naffka (parameter
use_naffka
already set to true in the sample config file)
Once done, the diff with the original sample config file should look like:
At that stage, you can already start your dendrite monolith:
Things are already looking good here, but there is still some configuration to be done to make that server available on the internet.
Reverse proxy setup: Nginx
In order for your server to be available on the Internet, over SSL, you need to setup a reverse proxy in front of your Dentrite server.
First things first, install nginx:
To configure nginx, it is simpler to create a new configuration file in your /etc/nginx/sites-available
directory: <yourdomain>.com
file
and, using that file as a starting point, the content of this file should be:
You could remove the default configuration: /etc/nginx/sites-enabled/default
and link your new configuration
You can check that the configuration is valid:
Firewall setup
You need to configure your firewall to open the required ports:
SSL setup: Let’s encrypt
In order to properly secure your setup, you need to add a SSL certificate.
We will be using Let’s encrypt as the certificate authority:
The setup is really easy: you list on the command line the domain for which you want a certificate. The --nginx
option will tell the tool to patch the nginx configuration file foe you:
The process is automatic and at the end you should request to redirect the http traffic to https:
The setup also creates a service to renew the certificate for you automatically:
Let’s pause for a minute and thank Let’s encrypt for such a smooth process.
Dendrite installation test
At this stage, your server is fully configured.
You can test the setup with this API call:
If you have the same response as above, your installation is probably correct!
The real test is to connect to your server with a real Matrix client!
Before doing that, you need to create a user to be able to login.
The dendrite
binaries give you an easy way to create a user:
Write down the user name and password you just created an go to:
You will be presented the login screen:
You need to change the Homserver URL to be your domain matrix.yourdomain.com
by clicking on the edit
button on the right side of matrix.org
After clicking on continue
, enter the user name and password of the user you just created with the cli… and here we are! you are logged in to your own Matrix server:
Create a dendrite service
Right now, the service is started manually is started from the cli from the dendrite user home directory… that’s obviously not a good practice.
The proper way is to create a service to properly start your dendrite server.
The installation directories for dendrite will be
- binaries in
/opt/dendrite
- configuration files in
/etc/dendrite
- logs in
/var/log/dendrite
copy files in destination directories:
The monolith expects to find the dendrite configuration file in its working directory, so let make that happen with a symbolic link:
Give the proper permissions to the installation directories:
You need to update the new config file /etc/dendrite/dendrite.yaml
to take into account this new setup.
There is only one line to change:
Finally, you need to create the service file: /etc/systemd/system/dendrite.service
:
and then you enable the service:
You can check that it is running with:
and check the logs in real time with:
Enjoy!
References
- the official dendrite distribution site: here
- the specific dendrite installation document
- a document describing the installation of synapse (official version in python 3)
- another document describing how to install dendrite. I borrowed the service setup from that document