From 8532975ea982611dddcaa24eaf111719fadf287c Mon Sep 17 00:00:00 2001 From: Marcel <110860055+Morethanevil@users.noreply.github.com> Date: Thu, 1 Jun 2023 09:57:47 +0200 Subject: [PATCH] Created Synapse (Matrix) in Docker with federation support for Zoraxy (markdown) --- ...cker-with-federation-support-for-Zoraxy.md | 171 ++++++++++++++++++ 1 file changed, 171 insertions(+) create mode 100644 Synapse-(Matrix)-in-Docker-with-federation-support-for-Zoraxy.md diff --git a/Synapse-(Matrix)-in-Docker-with-federation-support-for-Zoraxy.md b/Synapse-(Matrix)-in-Docker-with-federation-support-for-Zoraxy.md new file mode 100644 index 0000000..b7255e0 --- /dev/null +++ b/Synapse-(Matrix)-in-Docker-with-federation-support-for-Zoraxy.md @@ -0,0 +1,171 @@ +Matrix is a good chatserver, so I like to show you how it works with Zoraxy as reverse proxy. + +I assume Matrix is already running in docker with docker compose and you want to switch over to Zoraxy installed on your hostsystem. We will use a little workaround and use NGINX on the hostsystem. + +Stop the container with `docker compose down` + +Your docker-compose.yml looks something like this: + +``` +`version: '3' +`services:` + `synapse:` + `image: matrixdotorg/synapse:latest` + `restart: unless-stopped` + `ports:` + `- "8008:8008"` + `environment:` + `- TZ=Europe/Berlin` + `volumes:` + `- ./files:/data` + `healthcheck:` + `test: ["CMD", "curl", "-fSs", "http://localhost:8008/health"]` + `interval: 15s` + `timeout: 5s` + `retries: 3` + `start_period: 5s` + + `db:` + `image: postgres:15-alpine` + `container_name: matrix-db` + `restart: unless-stopped` + `volumes:` + `- ./schemas:/var/lib/postgresql/data` + `environment:` + `- POSTGRES_DB=synapse` + `- POSTGRES_USER=synapse` + `- POSTGRES_PASSWORD=changeme` + `- POSTGRES_INITDB_ARGS= --encoding='UTF8' --lc-collate='C' --lc-ctype='C' + +``` + +We will now create a new docker network and set a static IP to the synapse container. This is needed, since we can not use docker hostnames, because Zoraxy is outside the container. + +If you just use the current IP from the container Synapse will be offline, if you do `docker compose down` and `docker compose up -d` again. + +First let us create the network with: + +`docker network create --subnet=172.40.0.0/16 staticnet` + +If it is successfull it will give you a long output like "2cabe0428cb514e3e3d8e49d358df0930f519b8a80a39886dd8c8cae4fd6cfa1", if it fails with "Error response from daemon: Pool overlaps with other one on this address space", then increase the number 40 to 41, 42 etc.. in the subnet parameter. Now we have a new network named "staticnet". + +Next step is to integrate this network in the docker-compose. + +`nano docker-compose.yml` + +Paste the following lines into your file and comment out the ports of synapse (they are not needed anymore): + +``` +###This needs to be integrated in the synapse container### + networks: + staticnet: + ipv4_address: 172.40.0.2 + +###Those lines at the END of your file### +networks: + staticnet: + external: true +``` + + +Your file should now look similar to this: +``` +version: '3' +services: + synapse: + image: matrixdotorg/synapse:latest + restart: unless-stopped +# ports: +# - "8008:8008" + networks: + staticnet: + ipv4_address: 172.40.0.2 + environment: + - TZ=Europe/Berlin + volumes: + - ./files:/data + healthcheck: + test: ["CMD", "curl", "-fSs", "http://localhost:8008/health"] + interval: 15s + timeout: 5s + retries: 3 + start_period: 5s + + db: + image: postgres:15-alpine + restart: unless-stopped + volumes: + - ./schemas:/var/lib/postgresql/data + environment: + - POSTGRES_DB=synapse + - POSTGRES_USER=synapse + - POSTGRES_PASSWORD=changeme + - POSTGRES_INITDB_ARGS= --encoding='UTF8' --lc-collate='C' --lc-ctype='C' + +networks: + staticnet: + external: true +``` + +Save with CTRL + O and close with CTRL + X + + +We have now successfully set a static IP to Synapse. This works for other conatiners too. You only need to increase the last number 172.40.0.2 to 172.40.0.3, 172.40.0.4 and so on... + +Next step is to install nginx on the host system and stop it afterwards so it won´t interfere with other services. + +`sudo apt install nginx && sudo systemctl stop nginx` + +Let´s create a vHost for Synapse now: + +`sudo nano /etc/nginx/sites-available/matrix` + +Paste these lines inside the new file and ONLY modify MATRIX.YOUR.DOMAIN to your actual domain. It is needed 3 times. Keep the portnumber at the last one (:443)! + +``` +server { + listen 8200; + listen [::]:8200; + server_name MATRIX.YOUR.DOMAIN; + + location ~ ^(/_matrix|/_synapse/client) { + # note: do not add a path (even a single /) after the port in `proxy_pass`, + # otherwise nginx will canonicalise the URI and cause signature verification + # errors. + proxy_pass http://172.40.0.2:8008; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + } + + location /.well-known/matrix/client { + return 200 '{\"m.homeserver\": {\"base_url\": \"https://MATRIX.YOUR.DOMAIN\"}}'; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + client_max_body_size 50M; + } + + location /.well-known/matrix/server { + return 200 '{\"m.server\": \"MATRIX.YOUR.DOMAIN:443\"}'; + } + + # Synapse responses may be chunked, which is an HTTP/1.1 feature. + proxy_http_version 1.1; + } +``` + +Save with CTRL + O and close with CTRL + X + + +Now activate the vHost and start Nginx again: + +`sudo ln -s /etc/nginx/sites-available/matrix /etc/nginx/sites-enabled/matrix && sudo systemctl start nginx` + + +Now Nginx listens for Synapse on port 8200. It proxies the traffic inside the container (that´s why we needed the static IP) to port 8008 INSIDE the container. You don´t need portmappings with the static IP, this is why we commented it out. + +In Zoraxy you can set your Matrix (sub)domain to localhost:8200 + +You do not need to open the port 8200 in your firewall! +I wanted originally to integrate nginx to the docker-compose.yml but it did not work as I expected, so it is better to have nginx on the hostsystem.