Matrix-Mirrors
/
ArcticFoxes-Synapse-Docker-Compose
mirror of https://github.com/ArcticFoxes-net/Synapse-Docker-Compose.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Matrix Synapse Docker-Compose
121 Commits 1 Branch 0 Tags 172 KiB
Go to file
Tommy e2eea3c59f
Fix security headers 		2023-08-15 17:15:04 -07:00
swag/nginx Fix security headers 2023-08-15 17:15:04 -07:00
.env Increase timeout 2023-04-12 07:59:05 -04:00
LICENSE Initial commit 2022-01-13 10:19:52 -05:00
README.md Update README.md 2023-07-31 03:53:15 -07:00
Synapse-Docker-Compose.code-workspace Set postgres runtime to runc 2023-06-04 03:36:06 -07:00
docker-compose.yml Make synapse use runc runtime 2023-06-04 06:08:04 -07:00

README.md

Synapse-Docker-Compose

Matrix Synapse Docker-Compose

No longer maintained as we switched to a bare metal setup on Ubuntu + ZFS. For a large server, the I/O is too high so we need to optimize performance as much as we can.

  1. Update docker-compose.yml
  2. Update the hostname in swag/nginx/proxy-confs/synapse.subdomain.conf, swag/nginx/proxy-confs/element.subdomain.conf, and swag/nginx/proxy-confs/matrix-to.subdomain.conf approprieately.
  3. Run docker-compose run --rm -e SYNAPSE_SERVER_NAME=yourdomain.tld -e SYNAPSE_REPORT_STATS=no synapse generate
  4. Update ./files/homeserver.yaml
    • Update web_client_location to app.yourdomain.tld (Remember to remove the comment #)
    • Update public_baseurl to matrix.yourdomain.tld (Remember to remove the comment #)
    • Uncomment serve_server_wellknown to enable it and configure https://yourdoman.tld/.well-known/matrix/server for federation
    • Change pepper in your password config. Uncomment the setting to enable it.
    • Change the default database from SQLite to PostgreSQL
    • Configure the mail credentials if you have a mail server
    • Configure admin_contact in the homeserver blocking section
    • Enable encryption_enabled_by_default_for_room_type by default
    • Edit whatever else you might want to
  5. Copy config.sample.json from https://github.com/vector-im/element-web to ./element/config.json and make the approriate adjustments
  6. Tighten the Content Security Policy in swag/nginx/proxy-confs/element.subdomain.conf to suit your needs
  7. Copy the config from https://github.com/matrix-org/pantalaimon to ./pantalaimon/pantalaimon.conf and edit it accordingly
  8. Run docker-compose up and make sure nothing errors out. You can use docker-compose up -d to start it in the background if you want.
  9. Uncomment the security options for postgres. Run docker-compose up -d again.
  10. Create a user for mjolnir
  11. Copy the config from https://github.com/matrix-org/mjolnir/blob/main/config/default.yaml to ./mjolnir/config/production.yaml and edit it accordingly. If you want Mjolnir to recieve reports instead of Synapse, make it listen on 0.0.0.0:8081. You will also need to uncomment the approprieate lines in ./swag/nginx/proxy-confs/synapse.subdomain.conf as well.

Notes

The CSP policies in swag/nginx/proxy-confs/element.subdomain.conf is slightly stricter on ArcticFoxes Element as it does not support third party servers:

add_header Content-Security-Policy "default-src 'none'; connect-src 'self' https://arcticfoxes.net https://matrix.arcticfoxes.net; font-src 'self'; img-src 'self' https://arcticfoxes.net https://matrix.arcticfoxes.net blob: data:; manifest-src 'self'; media-src 'self' https://matrix.arcticfoxes.net; script-src 'self' 'unsafe-eval' https://www.recaptcha.net https://www.gstatic.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://www.recaptcha.net blob:; frame-ancestors 'self'; block-all-mixed-content; base-uri 'none'";