Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Matrix/Riot

    Announcements
    12
    43
    1652
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • girish
      girish Staff last edited by girish

      Hi all,
      Matrix Synapse and Riot are available for testing as unstable apps.

      Code: https://git.cloudron.io/cloudron/matrix-synapse-app
      App store link: https://cloudron.io/store/org.matrix.synapse.html

      Code: https://git.cloudron.io/cloudron/riot-web-app
      App store link: https://cloudron.io/store/im.riot.cloudronapp.html

      Matrix is integrated with Cloudron user management. A non-LDAP version can possibly be supported in a future release.

      IMPORTANT: You require Cloudron 5.1.4 for the apps to work. We are still rolling this out slowly but you will get it in the coming week. Cloudron version is on the footer of Cloudron dashboard on the bottom right.

      Understand

      If you are new to matrix, then this 2 min section is for you. Matrix is a decentralized messaging system. It's easy to explain things in terms of email addresses. Just like email, each user has a unique world wide id like @username:example.com. The "backend" that implements matrix protocol is called Synapse (in mail world, there is haraka, postfix, exim to name a few). The location where you install Synapse is called the home server. For example, matrix.example.com. As you can see, the location of your homeserver can be different from your ID. Just like how mail servers exchange emails with each other via SMTP, home servers exchange messages with each other using Matrix protocol.

      The "frontend" that we have packaged is Riot. There are numerous desktop and mobile apps to access your homeserver. You only need to install Riot if you want a web based frontend (like roundcube, rainloop). Otherwise, just use any mobile and desktop clients (check matrix.org).

      Installing

      Step 1

      Start with Synapse. If you install it at anything.example.com, the default setup is set to configure to generate IDs like @username:example.com. I think this is what most people want i.e memorable IDs under example.com. If you want a recommendation, install this app at matrix.example.com, only because Riot is pre-configured to use matrix subdomain as the homeserver location.

      If you want some different setup, see https://cloudron.io/documentation/apps/synapse/#step-1-select-matrix-ids

      Step 2

      Now, you must setup a so called delegation record. This is like MX record for email where foo@example.com can be translated by a DNS lookup to the mail server mailserver.example.com. In matrix, this is done by setting up a.well-known record which is served up the HTTP server (this is not a DNS record like in email!).

      To setup this record, please see https://cloudron.io/documentation/apps/synapse/#step-2-delegation

      If example.com is a site hosted on Cloudron (what I mean here is that there is an app on Cloudron serving example.com and not just the domain example.com is added), you can SSH into the server and add the record like this:

      mkdir -p /home/yellowtent/boxdata/well-known/example.com/matrix
      echo '{ "m.server": "matrix.example.com:443" }' > /home/yellowtent/boxdata/well-known/example.com/matrix/server
      

      Then, re-configure the app by going to the Location view and just click save without making any changes.

      You can then test if it works like this:

      $ curl https://example.com/.well-known/matrix/server
      { "m.server": "matrix-homeserver.example.com:443" }
      

      Step 3

      Install Riot. If you installed synapse at matrix.example.com, the client should be already able to connect. Just login with Cloudron username and password.

      Voice/Video Calls

      It's pre-configured to use Cloudron's built-in TURN server. 1-1 calls should work out of the box. For group calls, it uses an external jitsi server. We are working on a Jitsi package for Cloudron which you can set once it's ready.

      That's it!

      W 1 Reply Last reply Reply Quote 6
      • doodlemania2
        doodlemania2 App Dev last edited by

        Requires 5.1.4 of CR, yes? Haven't gotten my 5.1.4 so can't see them in the store as yet.

        1 Reply Last reply Reply Quote 1
        • yusf
          yusf last edited by

          This is a great day to be a cloudronite 😊

          1 Reply Last reply Reply Quote 6
          • scooke
            scooke last edited by

            @girish said in Matrix/Riot:

            Thank you. Merci. Meegwetch. Ψ±Ψ§Ω‚Ω…Ϋ•Ψͺ. Бпасибо. Gracias. Dank u. Arigato. Xie xie. Kap khun. Go raibh maith agat. Milesker!!!! This is really a terrific thing, and one whose tweaks are doable by a user like myself. Thanks!

            A life lived in fear is a life half-lived

            1 Reply Last reply Reply Quote 1
            • S
              stantropics last edited by stantropics

              I am having the issue that federation does not work if the root domain (example.com) is not used at all.
              Then I am getting:

              curl https://example.com/.well-known/matrix/server
              curl: (60) SSL certificate problem: self signed certificate
              More details here: https://curl.haxx.se/docs/sslcerts.html
              
              curl failed to verify the legitimacy of the server and therefore could not
              establish a secure connection to it. To learn more about this situation and
              how to fix it, please visit the web page mentioned above.
              

              Once I set-up example.com as a redirect to matrix.example.com (where matrix synapse is installed) it works.

              curl https://example.com/.well-known/matrix/server
              { "m.server": "matrix.example.com:443" }
              
              1 Reply Last reply Reply Quote 0
              • girish
                girish Staff last edited by girish

                @stantropics Thanks, now I understand.

                Basically, the well-known file is served up Cloudron's reverse proxy/nginx. nginx is only configured to serve all the installed apps domains and redirects. If a domain is not used by an app and not a redirect, nginx will not process the request.

                So, this is why it started working after a redirect. It could have been a redirect to any app and not just matrix (i.e you could have redirected to a random app). You could also have installed a random app at example.com and it would have worked.

                S 1 Reply Last reply Reply Quote 1
                • S
                  stantropics @girish last edited by

                  @girish Okay, thanks for explaining this. Now I know how to handle it and will make sure I have the domain (example.com) assigned to an app.

                  1 Reply Last reply Reply Quote 0
                  • M
                    msbt App Dev last edited by msbt

                    For those using my version and want to migrate to the official cloudron version, this is how you get there (it is a bit hacky, but worked out better in the end than exporting/importing the db and files) - BE CAREFUL WITH THE CLOUDRON CMDS, I DON'T WANT YOU TO MESS UP YOUR SETUPS:

                    • backup!

                    • grab the latest version from here

                    • get the app-id from resources tab/cli/terminal and ssh into your cloudron to update the appstore-id via:

                      • mysql -uroot -ppassword
                      • use box
                      • UPDATE apps SET appStoreId='org.matrix.synapse' WHERE id='your-current-synapse-matrix-app-id';
                    • go to Updates, check for a new version and update (do that 3 times and you should be on 0.7.0 which is the latest one)

                    • if you had external users like I did, you might need to adjust the following config items in the new homeserver.yaml

                    enable_registration: true
                    allow_guest_access: true
                    password_config:
                      enabled: true
                      localdb_enabled: true
                    
                    • move your media_store files from /app/data/synapse/media_store to /app/data/data/media_store or adjust the path in homeserver.yaml
                    • restart and test if everything is working, also check https://federationtester.matrix.org/

                    Depending on your setup, you might also want to check the new config if the server_name is the same as before - else it won't start I think (I was using a subdomain and the main domain is not on cloudron, so I had to rename it to matrix.mydomain.com and also added echo '{ "m.server": "matrix.mydomain.com:443" }' > server to well-known as described above.

                    I also had to re-verify the devices to read the encrypted history, but that worked out fine and it seems to be all there. To finish up, you can rm -rf the old dirs and files, best to compare with a fresh installation to be on the safe side.

                    yusf 1 Reply Last reply Reply Quote 2
                    • yusf
                      yusf @msbt last edited by

                      @msbt First, thank you for this migration guide, it's exactly what I need.

                      I also had to re-verify the devices to read the encrypted history

                      What do you think this is due to?

                      M 1 Reply Last reply Reply Quote 0
                      • M
                        msbt App Dev @yusf last edited by

                        @yusf that is a good question, I moved the app to a different subdomain to test around, but that's probably not it. I'm guessing it is because of new keys and everything, haven't tried to re-use any of the existing ones.

                        Oh yea, atm there is no default channel, you might want to remove the comment on those lines as well to get new users in there automatically πŸ˜‰

                        yusf 1 Reply Last reply Reply Quote 0
                        • N
                          NCKNE last edited by NCKNE

                          @stantropics already askes this question in the closed matrix thread:

                          First of all, thanks to everyone who has been working on the matrix app. I'm very happy to be able to run it on cloudron! πŸ™‚ πŸ‘

                          Making a user an administrator.
                          Referring to the documentation (https://github.com/matrix-org/synapse/wiki) one command needs to be executed to make a user an admin - it manipulates the data in the postgresdb:
                          UPDATE users SET admin = 1 WHERE name = '@foo:bar.com'
                          What is the recommended way to perform this on Cloudron?

                          Thanks a lot in advance.
                          Stay healthy everyone!

                          Is there any recommended way to set a user as an admin in the app store released version of matrix?

                          Thanks!

                          girish 1 Reply Last reply Reply Quote 1
                          • girish
                            girish Staff @NCKNE last edited by

                            @NCKNE The sql command is probably the way to go for the app store version as well. I will put it in the docs. That said, I am yet to figure what an admin can do that a normal user cannot. Do special controls appear in the riot ui for admins?

                            1 Reply Last reply Reply Quote 0
                            • girish
                              girish Staff last edited by

                              OK, I found https://github.com/vector-im/riot-web/issues/4125 which is an open issue for implementing admin functions in Riot. I also found https://github.com/Awesome-Technologies/synapse-admin which can probably be run locally.

                              A 1 Reply Last reply Reply Quote 3
                              • W
                                will @girish last edited by will

                                @girish Getting an error on verifying:

                                $ curl https://example.com/.well-known/matrix/server
                                curl: (6) Could not resolve host: example.com (I used my own domain)

                                I chowned the matrix folder and server file to be owned by yellowtent. I had to use sudo to get the mkdir command to work.
                                I set permissions of 0600 on the server file.
                                There is no app at example.com.
                                Matrix is installed at matrix.example.com.
                                Do I need to manually add a DNS entry for example.com?

                                1 Reply Last reply Reply Quote 0
                                • girish
                                  girish Staff last edited by

                                  @will You need to have an app installed at example.com. You can even set it to redirect to some other existing app i.e go to existing app -> Location -> Add redirection.

                                  W 1 Reply Last reply Reply Quote 1
                                  • T
                                    timbo last edited by

                                    Hey! Works very very well. Runs smooth and does its job. But no LDAP would be a great feature for future πŸ™‚

                                    o7

                                    1 Reply Last reply Reply Quote 1
                                    • M
                                      msbt App Dev last edited by msbt

                                      @will you can just enable registration in homeserver.yaml and you're good to go πŸ˜‰

                                      1 Reply Last reply Reply Quote 1
                                      • T
                                        timbo last edited by

                                        well you can enable it yes, but users who registered were not able to login (?). I guess this is because it only accepts login from LDAP?

                                        o7

                                        1 Reply Last reply Reply Quote 0
                                        • M
                                          msbt App Dev last edited by

                                          worked fine before when I tested it, did you also set

                                          password_config:
                                            enabled: true
                                            localdb_enabled: true
                                          

                                          and maybe restarted matrix?

                                          1 Reply Last reply Reply Quote 1
                                          • W
                                            will @girish last edited by

                                            @girish added a redirect for matrix, and it works! Is this only needed if an app lives at rimmer.cloud or do I need it regardless?

                                            1 Reply Last reply Reply Quote 0
                                            • girish
                                              girish Staff last edited by

                                              @will Only requirement is that it should be used by some app on Cloudron. You don't need to redirect it to matrix specifically. example.com can either be any app or it can redirect to any app. (At a technical level, all this means is that the Cloudron's reverse proxy is prepared & ready to answer requests for that domain).

                                              W 1 Reply Last reply Reply Quote 0
                                              • W
                                                will @girish last edited by

                                                @girish Will this requirement be patched in a future release?

                                                1 Reply Last reply Reply Quote 0
                                                • girish
                                                  girish Staff last edited by

                                                  @will there is no way around this requirement. the matrix protocol requires the apex domain to serve up those documents. is your concern that the domain example.com can be used to host a site somewhere else? If so, all you have to do is to move the .well-known setup to that server/new location.

                                                  W 1 Reply Last reply Reply Quote 0
                                                  • W
                                                    will @girish last edited by

                                                    @girish My concern is having anything at example.com
                                                    It would be cleaner to just have cloudron handle that for me. Small gripe, not a big deal at all.

                                                    girish 1 Reply Last reply Reply Quote 1
                                                    • girish
                                                      girish Staff @will last edited by

                                                      @will said in Matrix/Riot:

                                                      It would be cleaner to just have cloudron handle that for me. Small gripe, not a big deal at all.

                                                      Ah, Cloudron side limitation can definitely be fixed πŸ™‚ I agree that having to ssh and put files manually in a cryptic location is kinda crude. This will be fixed soonish but we just wanted to get the apps out for testing sooner rather than later.

                                                      W 1 Reply Last reply Reply Quote 3
                                                      • W
                                                        will @girish last edited by

                                                        @girish Dont get me wrong, Im thankful! Its great. I'm just giving a little feedback on possible improvements. Sounds like you are on it already

                                                        1 Reply Last reply Reply Quote 1
                                                        • yusf
                                                          yusf @msbt last edited by yusf

                                                          @msbt said in Matrix/Riot:

                                                          I'm guessing it is because of new keys and everything, haven't tried to re-use any of the existing ones.

                                                          Might very well be, yes. I'm going to try and migrate the keys too. The migration is hard to dry run though 😩

                                                          1 Reply Last reply Reply Quote 0
                                                          • M
                                                            msbt App Dev last edited by

                                                            if you want to make sure this works, you could try with a test-instance, after that a clone and then the real thing πŸ˜‰ good luck either way!

                                                            1 Reply Last reply Reply Quote 0
                                                            • yusf
                                                              yusf last edited by

                                                              I'm transitioning my external reverse-proxy-and-well-known solution to the Cloudron solution. Is there any way I can configure Riot to have https://domain.tld as base_url while still having the Synapse server at https://matrix.domain.tld? This way I would be able keep Riot user sessions across migration.

                                                              1 Reply Last reply Reply Quote 0
                                                              • girish
                                                                girish Staff last edited by

                                                                @yusf That should not be a problem. Riot can be installed on the main domain as well. Just make sure the .well-known is setup on the server.

                                                                yusf 1 Reply Last reply Reply Quote 0
                                                                • yusf
                                                                  yusf @girish last edited by

                                                                  @girish Sorry, I meant doing so while keeping Riot at a subdomain too. I guess not? πŸ™‚

                                                                  1 Reply Last reply Reply Quote 0
                                                                  • girish
                                                                    girish Staff last edited by

                                                                    @yusf Yeah, I think not

                                                                    yusf 1 Reply Last reply Reply Quote 0
                                                                    • J
                                                                      jegillikin last edited by

                                                                      FWIW, I just installed all of this and tested it. Works great, instructions are clear. The yaml edits referenced by @msbt were quite helpful on the external-registration side.

                                                                      Look forward to the eventual Jitsi package.

                                                                      1 Reply Last reply Reply Quote 2
                                                                      • yusf
                                                                        yusf @girish last edited by

                                                                        @girish What if I edited the Cloudron reverse proxy settings directly?

                                                                        girish 1 Reply Last reply Reply Quote 0
                                                                        • girish
                                                                          girish Staff @yusf last edited by

                                                                          @yusf reverse proxy configs will get overwritten during updates. I think https://cloudron.io/documentation/apps/#well-known-uris should help setup well knowns the way you want them, no?

                                                                          yusf 1 Reply Last reply Reply Quote 0
                                                                          • yusf
                                                                            yusf @girish last edited by yusf

                                                                            @girish Well-known is in place for Synapse already, but it seems that well-known configurations aren't enough to enable entering domain.tld as homeserver in Riot sign-in when the server is at matrix.domain.tld.

                                                                            What seems to be needed is the ability to forward the whole /_matrix path at domain.tld to Synapse.

                                                                            In nginx terms I belive that would look something like this:

                                                                            server {
                                                                              listen         443;
                                                                              server_name    domain.tld;
                                                                            
                                                                             location /_matrix {
                                                                                proxy_pass https://matrix.domain.tld;
                                                                             }
                                                                            }
                                                                            1 Reply Last reply Reply Quote 0
                                                                            • A
                                                                              ApplegateR @girish last edited by

                                                                              @girish I really hope this is possible add this in Wishlist for Matrix User and room manageable so spamming prevent and keep my chat server clean

                                                                              Richard Applegate
                                                                              Anthem Coffee and Tea
                                                                              The Joint Chiropractic
                                                                              IT/Administrator Server/Network

                                                                              girish 1 Reply Last reply Reply Quote 0
                                                                              • girish
                                                                                girish Staff @ApplegateR last edited by

                                                                                @ApplegateR said in Matrix/Riot:

                                                                                @girish I really hope this is possible add this in Wishlist for Matrix User and room manageable so spamming prevent and keep my chat server clean

                                                                                What are you referring to ? Did you maybe reply in the wrong thread?

                                                                                A 1 Reply Last reply Reply Quote 0
                                                                                • A
                                                                                  ApplegateR @girish last edited by

                                                                                  @girish have a admin access from web. So that way I can manage user or room.

                                                                                  Richard Applegate
                                                                                  Anthem Coffee and Tea
                                                                                  The Joint Chiropractic
                                                                                  IT/Administrator Server/Network

                                                                                  M humptydumpty 2 Replies Last reply Reply Quote 0
                                                                                  • M
                                                                                    msbt App Dev @ApplegateR last edited by

                                                                                    @ApplegateR you can just grab the synapse admin package from here and put it inside a Surfer/LAMP app, it's just static files. You can login with your admin user and manage users and channels.

                                                                                    1 Reply Last reply Reply Quote 3
                                                                                    • humptydumpty
                                                                                      humptydumpty @ApplegateR last edited by humptydumpty

                                                                                      @ApplegateR I just tried what @msbt mentioned and it works great. One error I ran into was that after uploading the files to a root surfer app and trying to log in, it spit out a "session expired" error. It turned out the account I was using wasn't an admin. To make a user an admin, refer to the doc here.

                                                                                      Basically, in Cloudron --> app settings page --> web terminal, and enter this code.

                                                                                      PGPASSWORD=${CLOUDRON_POSTGRESQL_PASSWORD} psql -h ${CLOUDRON_POSTGRESQL_HOST} -p ${CLOUDRON_POSTGRESQL_PORT} -U ${CLOUDRON_POSTGRESQL_USERNAME} -d ${CLOUDRON_POSTGRESQL_DATABASE} -c "UPDATE users SET admin=1 WHERE name='@user:example.com'"
                                                                                      
                                                                                      

                                                                                      The only part you need to edit is the one at the end to match your desired Matrix user:

                                                                                      @user:example.com
                                                                                      

                                                                                      Then, you can log in and manage the Matrix server.

                                                                                      A 1 Reply Last reply Reply Quote 3
                                                                                      • A
                                                                                        ApplegateR @humptydumpty last edited by

                                                                                        @humptydumpty and @msbt thank you guy for Huge help and why this wasn't on docs if anyone really interesting to have one for matrix management

                                                                                        Richard Applegate
                                                                                        Anthem Coffee and Tea
                                                                                        The Joint Chiropractic
                                                                                        IT/Administrator Server/Network

                                                                                        A 1 Reply Last reply Reply Quote 1
                                                                                        • A
                                                                                          ApplegateR @ApplegateR last edited by

                                                                                          @ApplegateR confirm it is work and thank you and I will just use surfer it better than nothing! much appericate of creator done this

                                                                                          Richard Applegate
                                                                                          Anthem Coffee and Tea
                                                                                          The Joint Chiropractic
                                                                                          IT/Administrator Server/Network

                                                                                          1 Reply Last reply Reply Quote 3
                                                                                          • First post
                                                                                            Last post
                                                                                          Powered by NodeBB