东八区盾山

0%

docker-compose matrix synapse

发表于 更新于 分类于

docker-compose部署matrix

配置文件中的域名、密码、Key、SECRET等配置按需替换

  • Nginx代理
  • 支持 sliding sync proxy
  • ssl证书(测试用)可通过certbot –nginx matrix.test.com获取

homeserver.yaml

synapse基本配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
server_name: "matrix.test.com"
pid_file: /data/homeserver.pid
listeners:
  - port: 8008
    tls: false
    type: http
    x_forwarded: true
    bind_addresses: ['0.0.0.0']
    resources:
      - names: [client, federation]
        compress: false
database:
  name: psycopg2
  args:
    user: postgres
    password: xxxx
    database: synapse
    host: synapse_db
log_config: "/data/matrix.test.com.log.config"
media_store_path: /data/media_store
enable_registration: False
registration_shared_secret: "xxxxx"
report_stats: true
macaroon_secret_key: "xxxxx"
form_secret: "xxxxxxxx"
signing_key_path: "/data/matrix.test.com.signing.key"
trusted_key_servers:
  - server_name: "matrix.org"

public_baseurl: "https://matrix.test.com/"

docker-compose.yml

postgres用户名’postgres’,否则可能需要处理各种细节问题,未深入研究

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
version: '3'
services:
  synapse:
    image: docker.io/matrixdotorg/synapse:latest
    container_name: matrix-synapse
    restart: unless-stopped
    environment:
      - SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
    volumes:
      - ./data:/data
    depends_on:
      - synapse_db
    ports:
      - 127.0.0.1:8008:8008

  synapse_db:
    image: docker.io/postgres:15-alpine
    restart: unless-stopped
    container_name: synapse_db
    # Change that password, of course!
    environment:
      - POSTGRES_USER=postgres
      - POSTGRES_PASSWORD=xxxx
      - POSTGRES_DB=synapse
      - POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C
    volumes:
      - ./synapse_db:/var/lib/postgresql/data

  ssync-proxy:
    image: ghcr.io/matrix-org/sliding-sync:latest
    restart: unless-stopped
    container_name: ssync-proxy
    ports:
      - 127.0.0.1:8088:8088
    environment:
      - "SYNCV3_SECRET=XXXX"
      - "SYNCV3_SERVER=https://matrix.test.com"
      - "SYNCV3_DB=user=postgres dbname=synvc3 sslmode=disable host=ssync_db password=xxxx"
      - "SYNCV3_BINDADDR=0.0.0.0:8088"
    depends_on:
      - ssync_db

  ssync_db:
    image: docker.io/postgres:15-alpine
    restart: unless-stopped
    container_name: ssync_db
    environment:
      - POSTGRES_USER=postgres
      - POSTGRES_PASSWORD=too3io3AcooFohF7
      - POSTGRES_DB=synvc3
      - POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C
    volumes:
      - ./ssync_db:/var/lib/postgresql/data

nginx-matrix.conf

Ningx代理

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
server {
    listen 80 http2;
    server_name matrix.test.com;

    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    listen 8448 ssl http2;
    server_name matrix.test.com;

    ssl_certificate /etc/letsencrypt/live/matrix.test.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/matrix.test.com/privkey.pem;

    location ~ ^(/client/|/_matrix/client/unstable/org.matrix.msc3575/sync) {
        proxy_pass http://127.0.0.1:8088;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $host;
    }

     location ~ ^(/_matrix|/_synapse/client) {
        proxy_pass http://127.0.0.1:8008;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $host;
        client_max_body_size 500M;
        proxy_http_version 1.1;
    }


    location /.well-known/matrix/server {
        #access_log off;
        default_type application/json;
        add_header Access-Control-Allow-Origin *;
        add_header Content-Type application/json;
        return 200 '{"m.server": "matrix.test.com:443"}';
    }

    location /.well-known/matrix/client {
        index client;
        add_header access-control-allow-origin *;
        default_type application/octet-stream;
        alias /var/www/html/client;

        #return json str not work,why?
    }
}

client

sliding-sync需要的一些环境变量,对应nginx配置中的/.well-known/matrix/client

1
2
3
4
5
6
7
8
9
10
11
{
    "m.homeserver": {
        "base_url": "https://matrix.test.com"
    },
    "m.identity_server": {
        "base_url": "https://vector.im"
    },
    "org.matrix.msc3575.proxy": {
        "url": "https://matrix.test.com"
    }
}

测试

测试网站 https://federationtester.matrix.org/

SRV记录

如果用了子域名建议在域名注册商处添加一条srv记录

_matrix._tcp.test.com srv 10 0 8448 matrix.test.com

其它

需要的一些目录,可通过docker logs -f xxx,按需来

目录属主991

1
2
3
mkdir {local_content,logs,uploads,remote_content}

chown 991:991 *

用户管理

没有开启Web注册等,所以需要手工添加用户

1
2
3
docker exec -it matrix-synapse /bin/bash

register_new_matrix_user -c /data/homeserver.yaml

更改用户密码

1
2
3
4
5
6
docker exec -it matrix-synapse /bin/bash
hash_password -c /data/homeserver.yaml

docker exec -it synapse_db /bin/bash
psql -U postgres -W your_db_pass -d synapse
update users set password_hash='generate_new_pass' where name='@user_name:your_domain';