available at matrix.altpeter.me, hosted at Hetzner (IP 116.203.84.17)
The setup is based on this tutorial (archived).
sudo apt install -y lsb-release wget apt-transport-https
sudo wget -O /usr/share/keyrings/matrix-org-archive-keyring.gpg https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/matrix-org-archive-keyring.gpg] https://packages.matrix.org/debian/ $(lsb_release -cs) main" |
sudo tee /etc/apt/sources.list.d/matrix-org.list
sudo sh -c 'apt update && apt upgrade'
sudo apt install matrix-synapse-py3 # Name of the server: `matrix.altpeter.me`, Report anonymous statistics: Yes
sudo systemctl start matrix-synapse.service
sudo systemctl enable matrix-synapse.service
# Skip "Set up well.known", this will be done directly in Nginx.
# Create the following DNS record: `_matrix._tcp.altpeter.me. 3600 IN SRV 10 5 443 matrix.altpeter.me.`
# Copy the value generated by:
cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1
# Then, in:
sudo nano /etc/matrix-synapse/homeserver.yaml
# Set `enable_registration: false` and `registration_shared_secret` to the generated value from before.
sudo systemctl restart matrix-synapse.service
sudo add-apt-repository ppa:certbot/certbot
sudo apt install nginx letsencrypt certbot python-certbot-nginx
sudo certbot --nginx # Make sure to include both `altpeter.me` and `matrix.altpeter.me`. Cronjob is automatically installed in `/etc/cron.d/certbot`
sudo systemctl start nginx.service
sudo systemctl enable nginx.service
sudo nano /etc/nginx/sites-available/matrix # Copy the Nginx config from below
sudo ln -s /etc/nginx/sites-available/matrix /etc/nginx/sites-enabled/
sudo rm /etc/nginx/sites-enabled/default
sudo nginx -t
sudo systemctl restart nginx.service
sudo apt install postgresql
sudo -i -u postgres
psql
> CREATE USER "matrix" WITH PASSWORD 'pw';
> CREATE DATABASE synapse ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER "matrix";
> \q
exit
sudo apt install python3-psycopg2
sudo nano /etc/matrix-synapse/homeserver.yaml
# Set the `database` section as follows:
# database:
# name: psycopg2
# args:
# user: matrix
# password: pw
# database: synapse
# host: 127.0.0.1
# cp_min: 5
# cp_max: 10
sudo systemctl restart matrix-synapse.service
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https
sudo ufw allow 8448
sudo ufw enable
sudo ufw status
register_new_matrix_user -c /etc/matrix-synapse/homeserver.yaml http://localhost:8008server {
listen 80;
server_name altpeter.me;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name matrix.altpeter.me;
ssl_certificate /etc/letsencrypt/live/matrix.altpeter.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/matrix.altpeter.me/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/matrix.altpeter.me/fullchain.pem;
location /_matrix {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://localhost:8008;
}
location /.well-known/matrix/server {
return 200 '{"m.server": "matrix.altpeter.me:443"}';
add_header Content-Type application/json;
}
location /.well-known/matrix/client {
return 200 '{"m.homeserver": {"base_url": "https://matrix.altpeter.me"},"m.identity_server": {"base_url": "https://vector.im"}}';
add_header Content-Type application/json;
add_header "Access-Control-Allow-Origin" *;
}
}
server {
listen 8448 ssl default_server;
listen [::]:8448 ssl default_server;
server_name altpeter.me;
ssl_certificate /etc/letsencrypt/live/matrix.altpeter.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/matrix.altpeter.me/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/matrix.altpeter.me/fullchain.pem;
location / {
proxy_pass http://localhost:8008;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name altpeter.me;
ssl_certificate /etc/letsencrypt/live/altpeter.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/altpeter.me/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/altpeter.me/fullchain.pem;
return 301 https://benjamin-altpeter.de;
}Check if there are update notes for the new version.
Updates are done using APT: apt update && apt upgrade
To check the server version: curl -kv http://localhost:8008/_matrix/client/versions 2>&1 | grep "Server:"