Matrix全家桶部署与使用指南

zhangxh 发布于 2024-11-23 134 次阅读

AI 摘要

在数字化交流日益盛行的今天,Matrix平台以其去中心化的特点正逐渐崭露头角。本指南将引领你通过Docker轻松部署Matrix全家桶,搭建自己的聊天服务。从初始化数据文件夹到配置Sliding Sync与TURN服务器,每一个步骤都将使你走向自主、安全的沟通环境。无论你是技术小白还是资深开发者,这里的每一个细节都将点燃你对Matrix的探索欲望,助你快速构建个性化的通讯解决方案。

Docker 部署

初始化数据文件夹

docker run -it --rm \
    -v /opt/matrix/synapse/data:/data \
    -e SYNAPSE_SERVER_NAME=matrix.zhangxh.org \
    -e SYNAPSE_REPORT_STATS=yes \
    matrixdotorg/synapse:latest generate

homeserver.yaml的末尾添加

extra_well_known_client_content:
  "org.matrix.msc3575.proxy":
    "url": "https://syncv3.zhangxh.org"
email:
  smtp_host: mail.zhangxh.org
  smtp_port: 587
  smtp_user: "service@zhangxh.org"
  smtp_pass: "STMP_PASSWORD"
  require_transport_security: true
  notif_from: "My Awesome Matrix Service <matrix@zhangxh.org>"

/opt/matrix中创建docker-compose.yml

services:
  synapse:
    image: "matrixdotorg/synapse:latest"
    container_name: "matrix_synapse"
    restart: unless-stopped
    ports:
      - 8008:8008
    volumes:
      - "./synapse/data:/data" # it will look at the current directory where you save the file and look for the data folder inside
    environment:
      VIRTUAL_HOST: "matrix.zhangxh.org"
      VIRTUAL_PORT: 8008
      LETSENCRYPT_HOST: "matrix.zhangxh.org"
      SYNAPSE_SERVER_NAME: "matrix.zhangxh.org"
      SYNAPSE_REPORT_STATS: "yes"
  element-web:
    container_name: element-web
    ports:
      - '8009:80'
    volumes:
        - './element-web/config.json:/app/config.json'
    image: vectorim/element-web
    restart: unless-stopped
    depends_on:
      - synapse
  sliding-sync:
    container_name: sliding-sync
    restart: always
    environment:
      - SYNCV3_SERVER=https://matrix.zhangxh.org
      - SYNCV3_SECRET=JWkAhninaCwzf4Kw
      - SYNCV3_DB=user=syncv3 dbname=syncv3 sslmode=disable host=postgres password='JWkAhninaCwzf4Kw'
      - SYNCV3_BINDADDR=0.0.0.0:8008
    image: ghcr.io/matrix-org/sliding-sync:latest
    ports:
      - '801:8008'
    depends_on:
      - synapse
      - postgres

  postgres:
    image: postgres:latest
    container_name: postgres
    restart: always
    environment:
      POSTGRES_USER: syncv3
      POSTGRES_PASSWORD: JWkAhninaCwzf4Kw
      POSTGRES_DB: syncv3
    volumes:
      - ./postgres/data:/var/lib/postgresql/data

创建Element Web的配置文件/opt/matrix/element-web/config.json,并设置默认服务器

{
    "default_server_config": {
        "m.homeserver": {
            "base_url": "https://matrix.zhangxh.org"
        },
        "m.identity_server": {
            "base_url": "https://vector.im"
        }
    }
}

最后启动容器

docker compose up -d

此次部署包括了Matrix的服务器Synapse,网页客户端elements,以及Element X需要的Sliding Sync及其数据库。在用matrix.zhangxh.org反代Synapse端口时,需要添加如下设置。另外,syncv3.zhangxh.org是用来反代Sliding Sync的端口801的。

listen 8448 ssl default_server;
listen [::]:8448 ssl default_server;

location ~ ^(\/_matrix|\/_synapse\/client) {
        proxy_pass http://127.0.0.1:8008;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $host;
    }

location /.well-known/matrix/client {
        add_header Access-Control-Allow-Origin *;
        default_type application/json;
        return 200 '{
            "m.homeserver": {
                "base_url": "https://matrix.zhangxh.org"
            },
            "org.matrix.msc3575.proxy": {
                "url": "https://syncv3.zhangxh.org"
            }
        }';
    }

最后创建管理员用户

docker exec -it matrix_synapse register_new_matrix_user http://localhost:8008 -c /data/homeserver.yaml -a

然后按照提示输入用户名和密码即可。

登录了之后首先在快速设置>所有设置>隐私安全>加密>安全备份中设置加密的安全备份,生成安全密钥,防止以后消息解密失败。

若要开启联邦功能,放行端口8448

sudo ufw allow 8448

设置coturn TURN服务器

coturn TURN服务器主要是用来视频通话的。在Debian上设置coturn TURN服务器的步骤如下

安装coturn

sudo apt install coturn

修改/etc/turnserver.conf的配置

use-auth-secret
static-auth-secret=YOUR_SHARED_SECRET
realm=turn.myserver.org
syslog
no-tcp-relay
denied-peer-ip=10.0.0.0-10.255.255.255
denied-peer-ip=192.168.0.0-192.168.255.255
denied-peer-ip=172.16.0.0-172.31.255.255
no-multicast-peers
denied-peer-ip=0.0.0.0-0.255.255.255
denied-peer-ip=100.64.0.0-100.127.255.255
denied-peer-ip=127.0.0.0-127.255.255.255
denied-peer-ip=169.254.0.0-169.254.255.255
denied-peer-ip=-192.0.0.0-192.0.0.255
denied-peer-ip=192.0.2.0-192.0.2.255
denied-peer-ip=192.88.99.0-192.88.99.255
denied-peer-ip=198.18.0.0-198.19.255.255
denied-peer-ip=198.51.100.0-198.51.100.255
denied-peer-ip=203.0.113.0-203.0.113.255
denied-peer-ip=240.0.0.0-255.255.255.255
allowed-peer-ip=10.0.0.1
total-quota=1200

上述YOUR_SHARED_SECRET可用pwgen生成

pwgen -s 64 1

放行防火墙端口

sudo ufw allow 3478
sudo ufw allow 5439

重启coturn

sudo systemctl restart coturn

在Synapse的homeserver.yaml中添加

turn_uris:
  - "turns:turn.zhangxh.org:3478?transport=udp"
  - "turns:turn.zhangxh.org:3478?transport=tcp"
turn_shared_secret: "YOUR_SHARED_SECRET"
turn_user_lifetime: 86400000  # 24 hours in milliseconds
turn_allow_guests: true       # Allow guest users to use TURN credentials

重启Synapse

sudo docker restart matrix_synapse

Admin API的使用指南

下面只给出一些常用的例子,更具体的说明请详见Admin API-Synapse.

生成令牌

curl -X POST -H "Authorization: Bearer YOUR_ACCESS_TOKEN" -H "Content-Type: application/json" -d '{"uses_allowed": 1}' "http://localhost:8008/_synapse/admin/v1/registration_tokens/new"

查看令牌

curl -X GET -H "Authorization: Bearer YOUR_ACCESS_TOKEN" "http://localhost:8008/_synapse/admin/v1/registration_tokens"

更新令牌

curl -X PUT -H "Authorization: Bearer YOUR_ACCESS_TOKEN" -H "Content-Type: application/json" -d '{"uses_allowed": 5, "expiry_time": 4781243146000}' "http://localhost:8008/_synapse/admin/v1/registration_tokens/<Token>"

删除令牌

curl -X DELETE -H "Authorization: Bearer YOUR_ACCESS_TOKEN" "http://localhost:8008/_synapse/admin/v1/registration_tokens/<Token>"

上述命令中的YOUR_ACCESS_TOKEN可以在快速设置>所有设置>帮助及关于>访问令牌中找到。

此作者没有提供个人介绍
最后更新于 2024-11-26
啥也没有呀