This guide will help you install and get started with Matrix and its reference home server Synapse, on a cloud server running either CentOS 7, Debian 8, or Ubuntu 16.
What is Matrix?
Matrix is an open standard for decentralised communication, which securely distributes persistent chatrooms over an open federation of servers preventing any single points of control or failure.
Matrix provides simple HTTP APIs and open source reference implementations to create a common fabric to interconnect existing communication islands. Some of the use cases include creating and managing fully distributed conversations, enabling WebRTC VoIP and video calls using Matrix signaling, and synchronising history across all clients in real-time.
1. Deploy a cloud server
If you have not already registered with UpCloud, you should begin here to get signed up. Take a moment to create an account after which you can easily deploy your own cloud servers.
Once you have signed up, log into your UpCloud Control Panel and deploy a server.
Synapse requires a POSIX-compliant system, such as the aforementioned Linux distributions, Python 2.7 installed, and at least 1GB of free RAM to be able to join large public rooms such as the #matrix:matrix.org.
Deploy a new cloud instance for hosting the Matrix home server using one of the tested Linux operating systems to an availability zone of your choosing. You can find in-depth instructions on all of the configuration options at the guide for How to Deploy a Server.
2. Installing prerequisites
When you have a server up and running, use the commands below appropriate to your system to install the required packages and libraries.
For Ubuntu and Debian systems, install the prerequisites with the following command.
sudo apt-get install build-essential python2.7-dev libffi-dev \ python-pip python-setuptools sqlite3 \ libssl-dev python-virtualenv libjpeg-dev libxslt1-dev
On CentOS, you can fulfil the requirements with the installs below. You will also need to enable access to the required ports and services at the firewall.
sudo yum install libtiff-devel libjpeg-devel libzip-devel freetype-devel \ lcms2-devel libwebp-devel tcl-devel tk-devel \ python-virtualenv libffi-devel openssl-devel sudo yum groupinstall "Development Tools" sudo firewall-cmd --permanent --add-service https sudo firewall-cmd --permanent --add-port=8448/tcp sudo firewall-cmd --reload
With the prerequisites sorted, you can continue installing Synapse.
3. Installing Synapse home server
Synapse is the Matrix reference implementation of a “home server” written by the Matrix core development team. It is intended as a showcase of the Matrix concept to demonstrate the spec in the context of a codebase. It lets you easily run your own home server and generally helps to bootstrap the Matrix ecosystem.
The home servers are used as an access point for clients to connect to the Matrix network. They store the users’ personal chat history and account information in a similar fashion as an IMAP/SMTP server would. Like email, you can run your own Matrix home server to keep personal control and ownership of your communications and history or use one of the hosted Matrix services. Matrix has no single point of control or mandatory service provider.
To prepare the system, set up a new virtual environment under ~/.synapse using the commands below or choose a different directory by replacing the ~/.synapse in the commands with the folder you wish to store the server files.
virtualenv -p python2.7 ~/.synapse source ~/.synapse/bin/activate
CentOS 7 might also require you to install or upgrade the following packages.
pip install --upgrade pip virtualenv six packaging appdirs
Then use pip to install and upgrade the setup tools as well as the Synapse server itself.
pip install --upgrade setuptools pip install https://github.com/matrix-org/synapse/tarball/master
This installs the Synapse home server along with its libraries.
If you run into problems installing the Synapse home server, Matrix has outlined some helpful troubleshooting tips at the Synapse GitHub page.
4. Configuring synapse
Before Synapse can be started, you will need to generate a configuration file that defines the server settings.
Run the following commands in your Synapse virtual environment. Replace the <my.domain.name> with your server name, but note that the name cannot be changed later without reinstalling the home server. Also, choose whether you wish to allow Synapse to report statistics by entering either --report-stats=yes or no.
source ~/.synapse/bin/activate cd ~/.synapse python -m synapse.app.homeserver \ --server-name <my.domain.name> \ --config-path homeserver.yaml \ --generate-config \ --report-stats=<yes|no>
A config file has been generated in 'homeserver.yaml' for server name '<my.domain.name>' with corresponding SSL keys and self-signed certificates. Please review this file and customise it to your needs. If this server name is incorrect, you will need to regenerate the SSL certificates
Once Synapse has finished generating the required settings, you should see a confirmation like in the example output above.
5. Replacing the self-signed certificates (Optional)
Synapse includes self-signed SSL certificates by default which can be used to securely test the system, but for a more production orientated setup, you might wish to obtain keys from a trusted Certificate Authority such as Let’s Encrypt.
Install the Let’s Encrypt or Certbot client, depending on your Linux distribution, following the instructions below.
On Ubuntu 16.04, all you need to do is install the Let’s Encrypt client available through the package manager.
sudo apt-get install letsencrypt
Debian 8 requires you to include the Jessie backports repository in your sources to be able to install the Certbot client.
echo "deb http://ftp.debian.org/debian jessie-backports main" > \ /etc/apt/sources.list.d/jessie-backports.list sudo apt-get update sudo apt-get install certbot -t jessie-backports
With CentOS 7 the Certbot client is available through the extra packages repository.
sudo yum install epel-release sudo yum update sudo yum install certbot
With the client installed, you can obtain certificates using the certonly command together with the --standalone plugin. Include at least one domain name by replacing the <my.domain.name> with yours.
On Ubuntu, use the Let’s Encrypt client as shown in the example below.
sudo letsencrypt certonly --standalone -d <my.domain.name>
CentOS and Debian systems use the same command with the Cerbot client.
sudo certbot certonly --standalone -d <my.domain.name>
The command starts an interactive configuration script that asks a couple of questions to help with managing certificates.
- On the first installation on any specific host, you’ll need to enter a contact email.
- Then go through the Let’s Encrypt Terms of Service and select Agree if you accept the terms and wish to use the service.
- Choose whether you wish to share your email address with the Electronic Frontier Foundation (EFF) for updates on their work.
If the client was successful at obtaining a certificate you can find a confirmation and certificate expiration date at the end of the client output.
In case you are having problems with the client, make sure you are trying to register a domain or subdomain that currently resolves to your server as DNS configurations might take a moment to propagate. Also, check that you are running the command with admin privileges.
When the certificates have been issued successfully, add them in the Synapse home server settings by editing the homeserver.yaml file in the server folder.
tls_certificate_path: "/etc/letsencrypt/live/<my.domain.name>/cert.pem" tls_private_key_path: "/etc/letsencrypt/live/<my.domain.name>/privkey.pem"
The certificates issued by Let’s Encrypt are saved under the directory indicated above. Again, replace the <my.domain.name> with the domain name the certificates were issued for. Then save the settings and exit the editor.
You can find out more about the Let’s Encrypt client including how to automate the certificate renewal in our article for How to Install Let’s Encrypt on Nginx.
6. Registering a new user
Now that Synapse is installed, you should add a new user as an admin to be able to configure chat rooms and web client settings. First, make sure you are in the home server virtual environment, then start the server and register a new user to the localhost.
source ~/.synapse/bin/activate synctl start register_new_matrix_user -c homeserver.yaml https://localhost:8448
This starts an interactive user configuration, enter the desired username and password, then select yes to enable administration priveledges.
New user localpart [root]: <username> Password: <password> Confirm password: <password> Make admin [no]: <yes|no> Sending registration request... Success.
That is it, you should now be able to log into your Synapse home server with the user credentials you just added.
7. Logging into Matrix
Users have the ability to connect to a Matric home server using one or more Matrix clients.
The home server includes a simple Matrix client by default which you can use for testing. Alternatively, you can use the Riot web client, which has a polished and easy to use user interface, if you installed CA trusted certificates.
Whichever client you choose to use, enter your server details for home and identity servers.
Home server URL: https://<my.domain.name>:8448 Identity server URL: https://<my.domain.name>:8448
Then sign in with the username and password you just created on your own home server. Other client applications can be found at the Matrix documentation page.
8. Creating a room
Next, you might wish to create a new room. In Matrix, everything happens in rooms which are distributed and do not exist on any single server. Rooms can be identified and located using aliases such as #matrix:matrix.org or #test:localhost:8448.
Click either the Create room button in the Synapse default client or the plus icon at the bottom left corner of the Riot web client. Give your room a name, and with the Synapse client, you can also make the room public. Then hit enter to save the name and join the new room.
The rooms can be used just as any communication channel, but Matrix is intended to be much more capable than a simple text chat. The basic implementation of the Synapse home server and web client are just examples of how the Matrix network can be utilised. There are already a number of other options for home servers with many different use cases. You can find more publicly available application servers at the Matrix projects documentation.
Congratulations, you have now successfully deployed and configured your first Matrix home server using Synapse.
If you would like to try out different clients, Weechat Matrix plugin allows logging in even on the command line, while Riot is also available on Android and iOS. Alternatively, those with the technical know-how can always write their own client using one of the Matrix SDKs.
Matrix presents a tonne of potential for secure communication for anything from group chat rooms, VoIP and video calls, to exchange of persistent data between devices and services in the Internet of Things. Feel free to experiment with the existing servers and clients or begin developing your own!