hans/Fediversity
1
0
Fork 0
forked from Fediversity/Fediversity
Code Pull requests Activity

Added checklist to guide the installation process.

Browse source
This commit is contained in:
Hans van Zijst 2025-01-07 11:34:27 +01:00
parent b707da9acb
commit 56c3fc13b4
No known key found for this signature in database
GPG key ID: ECF8564FB15A8216
2 changed files with 107 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

41
matrix/README.md
View file

@ -5,10 +5,13 @@ include_toc: true
# A complete Matrix installation # A complete Matrix installation
This is going to be a Matrix installation with all bells and whistles. Not This documentation describes how to build a complete Matrix environment with
just the server, but every other bit that you need or want. all bells and whistles. Not just the Synapse server, but (almost) every bit
you want.
The main focus will be on the server itself, Synapse, but there's a lot more
than just that.
We're building it with workers, so it will scale.
## Overview ## Overview
@ -24,8 +27,8 @@ conferencing
* [Consent * [Consent
tracking](https://element-hq.github.io/synapse/latest/consent_tracking.html) tracking](https://element-hq.github.io/synapse/latest/consent_tracking.html)
* Authentication via * Authentication via
[OpenID](https://element-hq.github.io/synapse/latest/openid.html) [OpenID](https://element-hq.github.io/synapse/latest/openid.html) (later)
* Several [bridges](https://matrix.org/ecosystem/bridges/) * Several [bridges](https://matrix.org/ecosystem/bridges/) (later)
# Overview # Overview
@ -35,15 +38,30 @@ platform, with all bells and whistles. Several components are involved and
finishing the installation of one can be necessary for the installation of the finishing the installation of one can be necessary for the installation of the
next. next.
These are the components we're going to use Before you start, make sure you take a look at the [checklist](checklist.md).
These are the components we're going to use:
## Synapse ## Synapse
This is the core component: the Matrix server itself. This is the core component: the Matrix server itself, you should probably
install this first.
Installation and configuration is documented under [synapse](synapse). Because not every usecase is the same, we'll describe two different
architectures:
You should probably install this first. ** [Monolithic](synapse)
This is the default way of installing Synapse, this is suitable for scenarios
with not too many users, and, importantly, users do not join many very crowded
rooms.
** [Worker-based](synapse/workers)
For servers that get a bigger load, for example those that host users that use
many big rooms, we'll describe how to process that higher load by distributing
it over workers.
## PostgreSQL ## PostgreSQL
@ -52,6 +70,10 @@ This is the database Synapse uses. This should be the first thing you install
after Synapse, and once you're done, reconfigure the default Synapse install after Synapse, and once you're done, reconfigure the default Synapse install
to use PostgreSQL. to use PostgreSQL.
If you have already added stuff to the SQLite database that Synapse installs
by default that you don't want to lose: [here's how to migrate from SQLite to
PostgreSQL](https://element-hq.github.io/synapse/latest/postgres.html#porting-from-sqlite).
## nginx ## nginx
@ -94,3 +116,4 @@ yet.
With Draupnir you can do moderation. It requires a few changes to both Synapse With Draupnir you can do moderation. It requires a few changes to both Synapse
and nginx, here's how to [install and configure Draupnir](draupnir). and nginx, here's how to [install and configure Draupnir](draupnir).

75
matrix/checklist.md Normal file
View file

@ -0,0 +1,75 @@
# Checklist
Before you dive in and start installing, you should do a little planning
ahead. Ask yourself what you expect from your server.
Is it a small server, just for yourself and some friends and family, or for
your hundreds of colleagues at work? Is it for private use, or do you need
decent moderation tools? Do you need audio and videoconferencing or not?
# Requirements
It's difficult to specify hardware requirements upfront, because they don't
really depend on the number of users you have, but on their behaviour. A
server with users who don't engage in busy rooms like
[#matrix:matrix.org](https://matrix.to/#/#matrix:matrix.org) doesn't need more
than 2 CPU cores, 8GB of RAM and 50GB of diskspace.
A server with users who do join very busy rooms, can easily eat 4 cores and
16GB of RAM. Or more. Or even much more.
During its life, the server may need more resources, if users change
their behaviour. Or less. There's no one-size-fits-all approach.
If you have no idea, you should probably start with 2 cores, 8GB RAM and some
50GB diskspace, and follow the [monolithic setup](synapse).
If you expect a higher load (you might get there sooner than you think), you
should probably follow the [worker-based setup](synapse/workers), because
changing the architecture from monolithic to worker-based once the server is
already in use, is a tricky task.
# DNS and certificates
You'll need to configure several things in DNS, and you're going to need a
couple of TLS-certificates. Best to configure those DNS entries first, so that
you can quickly generate the certificates once you're there.
It's usually a good idea to keep the TTL of all these records very low while
installing and configuring, so that you can quickly change records without
having to wait for the TTL to expire. Setting a TTL of 300 (5 minutes) should
be fine. Once everything is in place and working, you should probably increase
it to a more production ready value, like 3600 (1 hour) or more.
What do you need? Well, first of all you need a domain. In this documentation
we'll use `example.com`, you'll need to substitute that with your own domain.
Under the top of that domain, you'll need to host 2 files under
`/.well-known`, so you'll need a webserver there, using a valid
TLS-certificate. This doesn't have to be the same machine as the one you're
installing Synapse on. In fact, it usually isn't.
Assuming you're hosting Matrix on the machine `matrix.example.com`, you need
at least an `A` record in DNS, and -if you have IPv6 support, which you
should- an `AAAA` record too. **YOU CAN NOT USE A CNAME FOR THIS RECORD!**
You'll need a valid TLS-certificate for `matrix.example.com` too.
You'll probably want the webclient too, so that users aren't forced to use an
app on their phone or install the desktop client on their PC. You should never
run the web client on the same name as the server, that opens you up for all
kinds of Cross-Site-Scripting attack. We'll assume you use
`element.example.com` for the web client. You need a DNS entry for that. This
can be a CNAME, but make sure you have a TLS-certificate with the correct name
on it.
If you install a [TURN-server](coturn), either for legacy calls or for [Element
Call](element-call) (or both), you need a DNS entry for that too, and -again- a
TLS-certificate. We'll use `turn.example.com` for this.
If you install Element Call (and why shouldn't you?), you need a DNS entry plus
certificate for that, let's assume you use `call.example.com` for that. This
can be a CNAME again. Element Call uses [LiveKit](element-call#livekit) for the
actual processing of audio and video, and that needs its own DNS entry and certificate
too. We'll use `livekit.example.com`.