ChatMatrix: Difference between revisions

From FlowerHouseWiki
 
(15 intermediate revisions by the same user not shown)
Line 24: Line 24:
timedatectl set-timezone Europe/Berlin
timedatectl set-timezone Europe/Berlin
</syntaxhighlight>
</syntaxhighlight>
<p>Change locales to de_AT.UTF-8 for special characters</p>
<syntaxhighlight lang="console">
dpkg-reconfigure locales
</syntaxhighlight>
=== Installation ===
=== Installation ===
<p>Install required packages</p>
<p>Install required packages</p>
Line 99: Line 105:
=== Setting up reverse proxy ===
=== Setting up reverse proxy ===
<p>NGINX Proxy Manager configuration without exposing admin API</p>
<p>NGINX Proxy Manager configuration without exposing admin API</p>
<syntaxhighlight lang="json" line>
<syntaxhighlight lang="console" line>
{
Details:
  "id": 3,
   Scheme: http
   "created_on": "2022-07-28 21:08:35",
   Forward Hostname / IP: 192.168.88.19
   "modified_on": "2022-08-19 01:23:10",
   Port: 80
  "owner_user_id": 1,
Custom Locations:
  "domain_names": [
   location: ~ ^(/_matrix|/_synapse/client)
    "matrix.flowerhouse.at"
   Scheme: http
  ],
   Forward Hostname / IP: 192.168.88.19
  "forward_host": "192.168.88.19",
   Port: 8008
   "forward_port": 80,
Advanced:
   "access_list_id": 0,
   listen 8448 ssl http2 default_server;
   "certificate_id": 25,
  listen [::]:8448 ssl http2 default_server;
   "ssl_forced": true,
 
   "caching_enabled": true,
  server_name matrix.flowerhouse.at;
  "block_exploits": true,
</syntaxhighlight>
   "advanced_config": "listen 8448 ssl http2 default_server;\r\nlisten [::]:8448 ssl http2 default_server;\r\n\r\nserver_name matrix.flowerhouse.at;",
 
  "meta": {
<p>If you want to expose admin api change location</p>
    "letsencrypt_agree": false,
<syntaxhighlight lang="json">
    "dns_challenge": false
location: ~ ^(/_matrix|/_synapse)
  },
  "allow_websocket_upgrade": true,
  "http2_support": true,
  "forward_scheme": "http",
  "enabled": 1,
  "locations": [
    {
      "path": "~ ^(/_matrix|/_synapse/client)",
      "advanced_config": "proxy_set_header X-Forwarded-For $remote_addr;\nproxy_set_header X-Forwarded-Proto $scheme;\nproxy_set_header Host $host;\n\n# Nginx by default only allows file uploads up to 1M in size\nclient_max_body_size 50M;",
      "forward_scheme": "http",
      "forward_host": "192.168.88.19",
      "forward_port": 8008
    }
  ],
  "hsts_enabled": true,
  "hsts_subdomains": false
}
</syntaxhighlight>
</syntaxhighlight>


<p>Check if federation configuration is correct: https://federationtester.matrix.org/</p>
=== .well-known ===


<p>Check federation configuration: https://federationtester.matrix.org/</p>
<p>NGINX Proxy Manager configuration without exposing admin API</p>
<syntaxhighlight lang="console" line>
Details:
  Scheme: http
  Forward Hostname / IP: 192.168.88.19
  Port: 80
Custom Locations:
  location: ~ ^(/_matrix|/_synapse/client)
  Scheme: http
  Forward Hostname / IP: 192.168.88.19
  Port: 8008
Advanced:
  listen 8448 ssl http2 default_server;
  listen [::]:8448 ssl http2 default_server;
 
  server_name matrix.flowerhouse.at;
</syntaxhighlight>


=== Add User ===
=== Add User ===
Line 202: Line 210:


<p>Download binary from https://github.com/mautrix/whatsapp/releases</p>
<p>Download binary from https://github.com/mautrix/whatsapp/releases</p>
<syntaxhighlight lang="console">
wget https://github.com/mautrix/whatsapp/releases/download/v0.5.0/mautrix-whatsapp-amd64
</syntaxhighlight>


<p>Rename binary</p>
<p>Rename binary</p>
Line 297: Line 302:


=== Signal ===
=== Signal ===
==== Install Signald ====
<p>Add repository</p>
<syntaxhighlight lang="console" line>
wget -O /usr/share/keyrings/signald-org-archive-keyring.asc https://updates.signald.org/apt-signing-key.asc
echo "deb [signed-by=/usr/share/keyrings/signald-org-archive-keyring.asc] https://updates.signald.org unstable main" | tee /etc/apt/sources.list.d/signald.list
apt update
</syntaxhighlight>
<p>Install signald</p>
<syntaxhighlight lang="console">
apt install signald
</syntaxhighlight>
<p>Check if it works correctly</p>
<syntaxhighlight lang="console" line>
systemctl start signald
systemctl status signald
</syntaxhighlight>
<p>Enable autostart</p>
<syntaxhighlight lang="console">
systemctl enable signald
</syntaxhighlight>
==== Install Bridge ====
==== Install Bridge ====
<p>Install prerequisites</p>
<p>Create user for mautrix-signal</p>
<syntaxhighlight lang="console" line>
apt install python pip libolm-dev
pip install virtualenv
</syntaxhighlight>
 
<p>Create user for bridge and join signald group</p>
<syntaxhighlight lang="console">
<syntaxhighlight lang="console">
adduser --system mautrix-signal --home /opt/mautrix-signal
adduser --system mautrix-signal --home /opt/mautrix-signal
Line 334: Line 309:
</syntaxhighlight>
</syntaxhighlight>


<p>Go to directory</p>
<p>Enter user folder</p>
<syntaxhighlight lang="console">
<syntaxhighlight lang="console">
cd /opt/mautrix-signal
cd /opt/mautrix-signal
</syntaxhighlight>
</syntaxhighlight>


<p>Create virtual environment</p>
<p>Download binary from https://github.com/mautrix/signal/releases</p>
<syntaxhighlight lang="console">
virtualenv -p /usr/bin/python3 .
</syntaxhighlight>


<p>Activate virtual environment</p>
<p>Rename binary</p>
<syntaxhighlight lang="console">
source ./bin/activate
</syntaxhighlight>
 
<p>Install signal bridge</p>
<syntaxhighlight lang="console">
<syntaxhighlight lang="console">
pip install --upgrade mautrix-signal[all]
mv mautrix-signal-amd64 mautrix-signal
</syntaxhighlight>
</syntaxhighlight>


Line 381: Line 348:
</syntaxhighlight>
</syntaxhighlight>


<p>Generate access file</p>
<p>Modify permissions</p>
<syntaxhighlight lang="console">
chmod 755 mautrix-signal
</syntaxhighlight>
 
<p>Generate the appservice registration file</p>
<syntaxhighlight lang="console">
<syntaxhighlight lang="console">
python -m mautrix_signal -g
./mautrix-signal -g
</syntaxhighlight>
</syntaxhighlight>


<p>Set permissions</p>
<p>Modify permissions</p>
<syntaxhighlight lang="console">
<syntaxhighlight lang="console">
chown -R mautrix-signal:root ../mautrix-signal/
chmod 555 registration.yaml
</syntaxhighlight>
</syntaxhighlight>


Line 396: Line 368:
</syntaxhighlight>
</syntaxhighlight>


<p>To register WhatsApp add following lines</p>
<p>To register mautrix-signal add following lines</p>
<syntaxhighlight lang="console" line>
<syntaxhighlight lang="console" line>
app_service_config_files:
app_service_config_files:
Line 409: Line 381:
<p>Check if bridge works</p>
<p>Check if bridge works</p>
<syntaxhighlight lang="console">
<syntaxhighlight lang="console">
python -m mautrix_signal
./mautrix-signal
</syntaxhighlight>
</syntaxhighlight>


Line 565: Line 537:
<p>Install heisenbridge</p>
<p>Install heisenbridge</p>
<syntaxhighlight lang="console">
<syntaxhighlight lang="console">
pip install heisenbridge
pip install --upgrade heisenbridge[all]
</syntaxhighlight>
</syntaxhighlight>


Line 628: Line 600:
<p>Set mediaurl</p>
<p>Set mediaurl</p>
<syntaxhighlight lang="console">
<syntaxhighlight lang="console">
MEDIAURL chat.flowerhouse.at
MEDIAURL https://matrix.flowerhouse.at
</syntaxhighlight>
 
== Install Element WebClient ==
<p>Install webserver</p>
<syntaxhighlight lang="console">
apt install apache2
</syntaxhighlight>
 
<p>Go to directory</p>
<syntaxhighlight lang="console">
cd /var/www
</syntaxhighlight>
 
<p>Download binary from: https://github.com/vector-im/element-web/releases/</p>
 
<p>Untar and rename</p>
<syntaxhighlight lang="console" line>
tar -xvf element-v1.11.1.tar.gz
mv element-v1.11.1 element
rm element-v1.11.1.tar.gz
</syntaxhighlight>
 
<p>Configure host</p>
<syntaxhighlight lang="console">
nano /etc/apache2/sites-available/element.conf
</syntaxhighlight>
 
<p>Add to file</p>
<syntaxhighlight lang="console" line>
<VirtualHost *:80>
    DocumentRoot /var/www/element
    <Directory /var/www/element>
        AllowOverride All
        Order Allow,Deny
        Allow from All
    </Directory>
 
    ErrorLog /var/log/apache2/element_error.log
</VirtualHost>
</syntaxhighlight>
 
<p>Activate new site</p>
<syntaxhighlight lang="console">
ln -s /etc/apache2/sites-available/element.conf /etc/apache2/sites-enabled/element.conf
</syntaxhighlight>
 
<p>To access via the IP-Address of the server</p>
<syntaxhighlight lang="console">
rm /etc/apache2/sites-enabled/000-default.conf
</syntaxhighlight>
 
<p>Configure apache to show pretty URL pathes</p>
<syntaxhighlight lang="console">
a2enmod rewrite
</syntaxhighlight>
 
<p>Restart webserver</p>
<syntaxhighlight lang="console">
service apache2 restart
</syntaxhighlight>
 
<p>Create config file</p>
<syntaxhighlight lang="console">
cd element
cp config.sample.json config.json
</syntaxhighlight>
 
<p>Edit config file</p>
<syntaxhighlight lang="console">
nano config.json
</syntaxhighlight>
</syntaxhighlight>

Latest revision as of 15:22, 16 March 2024

Matrix-logo.png

Network


IP: 192.168.88.19
MAC: BE:B1:89:38:28:44
Domain: chat.flowerhouse.at

System


OS: Debian Bullseye
RAM: 4096MB
Cores: 2
Privileged: No

The ChatMatrix-LXC is reachable under 192.168.88.19 which is located in the ServerVLAN.

The subdomain is chat.flowerhouse.at which is handled by the ReverseProxy.

Basic Setup

Be up to date

apt update && apt upgrade

Change timezone

timedatectl set-timezone Europe/Berlin

Change locales to de_AT.UTF-8 for special characters

dpkg-reconfigure locales

Installation

Install required packages

apt install -y lsb-release wget apt-transport-https

Add repository

wget -O /usr/share/keyrings/matrix-org-archive-keyring.gpg https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/matrix-org-archive-keyring.gpg] https://packages.matrix.org/debian/ $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/matrix-org.list
apt update

Install matrix-synapse

apt install matrix-synapse-py3

Check status

systemctl status matrix-synapse

Postgres database

Install required packages

apt install libpq5 postgresql

Open Postgres console

su - postgres

Create user for matrix-synapse

createuser --pwprompt synapse_user

Create database for matrix-synapse

createdb --encoding=UTF8 --locale=C --template=template0 --owner=synapse_user synapse

Exit Postgres console

exit

Edit matrix-synapse configuration file

nano /etc/matrix-synapse/homeserver.yaml

Edit the database entry

database:
  name: psycopg2
  args:
    user: synapse_user
    password: <pass>
    database: synapse
    host: localhost
    cp_min: 5
    cp_max: 10

Check if it works

systemctl restart matrix-synapse
systemctl status matrix-synapse

Setting up reverse proxy

NGINX Proxy Manager configuration without exposing admin API

Details:
  Scheme: http
  Forward Hostname / IP: 192.168.88.19
  Port: 80
Custom Locations:
  location: ~ ^(/_matrix|/_synapse/client)
  Scheme: http
  Forward Hostname / IP: 192.168.88.19
  Port: 8008
Advanced:
  listen 8448 ssl http2 default_server;
  listen [::]:8448 ssl http2 default_server;

  server_name matrix.flowerhouse.at;

If you want to expose admin api change location

location: ~ ^(/_matrix|/_synapse)

Check if federation configuration is correct: https://federationtester.matrix.org/

.well-known

NGINX Proxy Manager configuration without exposing admin API

Details:
  Scheme: http
  Forward Hostname / IP: 192.168.88.19
  Port: 80
Custom Locations:
  location: ~ ^(/_matrix|/_synapse/client)
  Scheme: http
  Forward Hostname / IP: 192.168.88.19
  Port: 8008
Advanced:
  listen 8448 ssl http2 default_server;
  listen [::]:8448 ssl http2 default_server;

  server_name matrix.flowerhouse.at;

Add User

register_new_matrix_user -c /etc/matrix-synapse/homeserver.yaml http://localhost:8008

Optional

Configure puppeting

Install required packages

apt install pip git pwgen

Activate synapse virtual enviroment

cd /opt/venvs/matrix-synapse
source ./bin/activate

Install packages

pip install git+https://github.com/devture/matrix-synapse-shared-secret-auth
deactivate

Generate shared secret

pwgen -s 128 1

Edit configuration and add configuration

nano /etc/matrix-synapse/homeserver.yaml

General information about puppeting

Administration

Administration-Tools:

Or make API-Request with curl

Install Bridges

ffmpeg is needed to support media files

apt install ffmpeg

WhatsApp

Installation

Create user for mautrix-whatsapp

adduser --system mautrix-whatsapp --home /opt/mautrix-whatsapp

Enter user folder

cd /opt/mautrix-whatsapp

Download binary from https://github.com/mautrix/whatsapp/releases

Rename binary

mv mautrix-whatsapp-amd64 mautrix-whatsapp

Create database

Open Postgres console

su - postgres

Create user for mautrix-whatsapp

createuser --pwprompt whatsapp_user

Create database for mautrix-whatsapp

createdb --encoding=UTF8 --locale=C --template=template0 --owner=whatsapp_user whatsapp

Exit Postgres console

exit

Configuration

Create and paste config file: mautrix-whatsapp-config.yaml

nano config.yaml

Modify permissions

chmod 755 mautrix-whatsapp

Generate the appservice registration file

./mautrix-whatsapp -g

Modify permissions

chmod 555 registration.yaml

Edit matrix-synapse configuration file

nano /etc/matrix-synapse/homeserver.yaml

To register WhatsApp add following lines

app_service_config_files:
- /opt/mautrix-whatsapp/registration.yaml

Restart matrix-synapse

systemctl restart matrix-synapse

Check if bridge works

./mautrix-whatsapp

systemd service

Create systemd service file and copy from service

nano /etc/systemd/system/mautrix-whatsapp.service

Apply changes

systemctl daemon-reload

Start and check status

systemctl start mautrix-whatsapp
systemctl status mautrix-whatsapp

Enable autostart

systemctl enable mautrix-whatsapp

Signal

Install Bridge

Create user for mautrix-signal

adduser --system mautrix-signal --home /opt/mautrix-signal
usermod -aG signald mautrix-signal

Enter user folder

cd /opt/mautrix-signal

Download binary from https://github.com/mautrix/signal/releases

Rename binary

mv mautrix-signal-amd64 mautrix-signal

Create database

Open Postgres console

su - postgres

Create user for mautrix-whatsapp

createuser --pwprompt signal_user

Create database for mautrix-whatsapp

createdb --encoding=UTF8 --locale=C --template=template0 --owner=signal_user signal

Exit Postgres console

exit

Configuration

Copy configuration file and edit...

cp example-config.yaml config.yaml

Modify permissions

chmod 755 mautrix-signal

Generate the appservice registration file

./mautrix-signal -g

Modify permissions

chmod 555 registration.yaml

Edit matrix-synapse configuration file

nano /etc/matrix-synapse/homeserver.yaml

To register mautrix-signal add following lines

app_service_config_files:
- /opt/mautrix-signal/registration.yaml

Restart matrix-synapse

systemctl restart matrix-synapse

Check if bridge works

./mautrix-signal

systemd service

Create systemd service file and copy from service

nano /etc/systemd/system/mautrix-signal.service

Apply changes

systemctl daemon-reload

Start and check status

systemctl start mautrix-signal
systemctl status mautrix-signal

Enable autostart

systemctl enable mautrix-signal

Telegram

Installation

Create user for bridge

adduser --system mautrix-telegram --home /opt/mautrix-telegram

Go to directory

cd /opt/mautrix-telegram

Create virtual environment

virtualenv -p /usr/bin/python3 .

Activate virtual environment

source ./bin/activate

Install signal bridge

pip install --upgrade mautrix-telegram[all]

Create database

Open Postgres console

su - postgres

Create user for mautrix-whatsapp

createuser --pwprompt telegram_user

Create database for mautrix-whatsapp

createdb --encoding=UTF8 --locale=C --template=template0 --owner=telegram_user telegram

Exit Postgres console

exit

Configuration

Copy configuration file and edit...

cp example-config.yaml config.yaml

Generate access file

python -m mautrix_telegram -g

Set permissions

chown -R mautrix-telegram:root ../mautrix-telegram/

Edit matrix-synapse configuration file

nano /etc/matrix-synapse/homeserver.yaml

To register WhatsApp add following lines

app_service_config_files:
- /opt/mautrix-telegram/registration.yaml

Restart matrix-synapse

systemctl restart matrix-synapse

Check if bridge works

python -m mautrix_telegram

systemd service

Create systemd service file and copy from service

nano /etc/systemd/system/mautrix-telegram.service

Apply changes

systemctl daemon-reload

Start and check status

systemctl start mautrix-telegram
systemctl status mautrix-telegram

Enable autostart

systemctl enable mautrix-telegram

IRC

Installation

Create user for bridge

adduser --system mautrix-irc --home /opt/mautrix-irc

Go to directory

cd /opt/mautrix-irc

Create virtual environment

virtualenv -p /usr/bin/python3 .

Activate virtual environment

source ./bin/activate

Install heisenbridge

pip install --upgrade heisenbridge[all]

Generate access file

python -m heisenbridge -c /opt/mautrix-irc/registration.yaml --generate

Set permissions

chown -R mautrix-irc:root ../mautrix-irc/

Edit matrix-synapse configuration file

nano /etc/matrix-synapse/homeserver.yaml

To register WhatsApp add following lines

app_service_config_files:
- /opt/mautrix-irc/registration.yaml

Restart matrix-synapse

systemctl restart matrix-synapse

Check if bridge works

python -m heisenbridge -c /opt/mautrix-irc/registration.yaml

If no .well-known file is configured, startup may take a few minutes

systemd service

Create systemd service file and copy from mautrix-irc.service

nano /etc/systemd/system/mautrix-irc.service

Apply changes

systemctl daemon-reload

Start and check status

systemctl start mautrix-irc
systemctl status mautrix-irc

Enable autostart

systemctl enable mautrix-irc

Configuration

This bridge is not configured with an config file but via the bot chat.

The first person chatting with the bot will automatically be set as the admin.

Set mediaurl

MEDIAURL https://matrix.flowerhouse.at

Install Element WebClient

Install webserver

apt install apache2

Go to directory

cd /var/www

Download binary from: https://github.com/vector-im/element-web/releases/

Untar and rename

tar -xvf element-v1.11.1.tar.gz
mv element-v1.11.1 element
rm element-v1.11.1.tar.gz

Configure host

nano /etc/apache2/sites-available/element.conf

Add to file

<VirtualHost *:80>
    DocumentRoot /var/www/element
    <Directory /var/www/element>
        AllowOverride All
        Order Allow,Deny
        Allow from All
    </Directory>

    ErrorLog /var/log/apache2/element_error.log
</VirtualHost>

Activate new site

ln -s /etc/apache2/sites-available/element.conf /etc/apache2/sites-enabled/element.conf

To access via the IP-Address of the server

rm /etc/apache2/sites-enabled/000-default.conf

Configure apache to show pretty URL pathes

a2enmod rewrite

Restart webserver

service apache2 restart

Create config file

cd element
cp config.sample.json config.json

Edit config file

nano config.json