Matrix/Riot
-
Hi all,
Matrix Synapse and Riot are available for testing as unstable apps.Code: https://git.cloudron.io/cloudron/matrix-synapse-app
App store link: https://cloudron.io/store/org.matrix.synapse.htmlCode: https://git.cloudron.io/cloudron/riot-web-app
App store link: https://cloudron.io/store/im.riot.cloudronapp.htmlMatrix is integrated with Cloudron user management. A non-LDAP version can possibly be supported in a future release.
IMPORTANT: You require Cloudron 5.1.4 for the apps to work. We are still rolling this out slowly but you will get it in the coming week. Cloudron version is on the footer of Cloudron dashboard on the bottom right.
Understand
If you are new to matrix, then this 2 min section is for you. Matrix is a decentralized messaging system. It's easy to explain things in terms of email addresses. Just like email, each user has a unique world wide id like
@username:example.com. The "backend" that implements matrix protocol is called Synapse (in mail world, there is haraka, postfix, exim to name a few). The location where you install Synapse is called the home server. For example,matrix.example.com. As you can see, the location of your homeserver can be different from your ID. Just like how mail servers exchange emails with each other via SMTP, home servers exchange messages with each other using Matrix protocol.The "frontend" that we have packaged is Riot. There are numerous desktop and mobile apps to access your homeserver. You only need to install Riot if you want a web based frontend (like roundcube, rainloop). Otherwise, just use any mobile and desktop clients (check matrix.org).
Installing
Step 1
Start with Synapse. If you install it at
anything.example.com, the default setup is set to configure to generate IDs like@username:example.com. I think this is what most people want i.e memorable IDs underexample.com. If you want a recommendation, install this app atmatrix.example.com, only because Riot is pre-configured to usematrixsubdomain as the homeserver location.If you want some different setup, see https://cloudron.io/documentation/apps/synapse/#step-1-select-matrix-ids
Step 2
Now, you must setup a so called delegation record. This is like MX record for email where
foo@example.comcan be translated by a DNS lookup to the mail servermailserver.example.com. In matrix, this is done by setting up a.well-knownrecord which is served up the HTTP server (this is not a DNS record like in email!).To setup this record, please see https://cloudron.io/documentation/apps/synapse/#step-2-delegation
If
example.comis a site hosted on Cloudron (what I mean here is that there is an app on Cloudron servingexample.comand not just the domainexample.comis added), you can SSH into the server and add the record like this:mkdir -p /home/yellowtent/boxdata/well-known/example.com/matrix echo '{ "m.server": "matrix.example.com:443" }' > /home/yellowtent/boxdata/well-known/example.com/matrix/serverThen, re-configure the app by going to the Location view and just click save without making any changes.
You can then test if it works like this:
$ curl https://example.com/.well-known/matrix/server { "m.server": "matrix-homeserver.example.com:443" }Step 3
Install Riot. If you installed synapse at
matrix.example.com, the client should be already able to connect. Just login with Cloudron username and password.Voice/Video Calls
It's pre-configured to use Cloudron's built-in TURN server. 1-1 calls should work out of the box. For group calls, it uses an external jitsi server. We are working on a Jitsi package for Cloudron which you can set once it's ready.
That's it!
-
Requires 5.1.4 of CR, yes? Haven't gotten my 5.1.4 so can't see them in the store as yet.
-
This is a great day to be a cloudronite
-
@girish said in Matrix/Riot:
Thank you. Merci. Meegwetch. راقمەت. Спасибо. Gracias. Dank u. Arigato. Xie xie. Kap khun. Go raibh maith agat. Milesker!!!! This is really a terrific thing, and one whose tweaks are doable by a user like myself. Thanks!
-
I am having the issue that federation does not work if the root domain (example.com) is not used at all.
Then I am getting:curl https://example.com/.well-known/matrix/server curl: (60) SSL certificate problem: self signed certificate More details here: https://curl.haxx.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above.Once I set-up example.com as a redirect to matrix.example.com (where matrix synapse is installed) it works.
curl https://example.com/.well-known/matrix/server { "m.server": "matrix.example.com:443" } -
@stantropics Thanks, now I understand.
Basically, the well-known file is served up Cloudron's reverse proxy/nginx. nginx is only configured to serve all the installed apps domains and redirects. If a domain is not used by an app and not a redirect, nginx will not process the request.
So, this is why it started working after a redirect. It could have been a redirect to any app and not just matrix (i.e you could have redirected to a random app). You could also have installed a random app at
example.comand it would have worked. -
@girish Okay, thanks for explaining this. Now I know how to handle it and will make sure I have the domain (example.com) assigned to an app.
-
For those using my version and want to migrate to the official cloudron version, this is how you get there (it is a bit hacky, but worked out better in the end than exporting/importing the db and files) - BE CAREFUL WITH THE CLOUDRON CMDS, I DON'T WANT YOU TO MESS UP YOUR SETUPS:
-
backup!
-
grab the latest version from here
-
get the app-id from resources tab/cli/terminal and ssh into your cloudron to update the appstore-id via:
mysql -uroot -ppassworduse boxUPDATE apps SET appStoreId='org.matrix.synapse' WHERE id='your-current-synapse-matrix-app-id';
-
go to Updates, check for a new version and update (do that 3 times and you should be on 0.7.0 which is the latest one)
-
if you had external users like I did, you might need to adjust the following config items in the new homeserver.yaml
enable_registration: true allow_guest_access: true password_config: enabled: true localdb_enabled: true- move your media_store files from
/app/data/synapse/media_storeto/app/data/data/media_storeor adjust the path in homeserver.yaml - restart and test if everything is working, also check https://federationtester.matrix.org/
Depending on your setup, you might also want to check the new config if the server_name is the same as before - else it won't start I think (I was using a subdomain and the main domain is not on cloudron, so I had to rename it to matrix.mydomain.com and also added echo
'{ "m.server": "matrix.mydomain.com:443" }' > serverto well-known as described above.I also had to re-verify the devices to read the encrypted history, but that worked out fine and it seems to be all there. To finish up, you can rm -rf the old dirs and files, best to compare with a fresh installation to be on the safe side.
-
-
@msbt First, thank you for this migration guide, it's exactly what I need.
I also had to re-verify the devices to read the encrypted history
What do you think this is due to?
-
@yusf that is a good question, I moved the app to a different subdomain to test around, but that's probably not it. I'm guessing it is because of new keys and everything, haven't tried to re-use any of the existing ones.
Oh yea, atm there is no default channel, you might want to remove the comment on those lines as well to get new users in there automatically
-
@stantropics already askes this question in the closed matrix thread:
First of all, thanks to everyone who has been working on the matrix app. I'm very happy to be able to run it on cloudron!
Making a user an administrator.
Referring to the documentation (https://github.com/matrix-org/synapse/wiki) one command needs to be executed to make a user an admin - it manipulates the data in the postgresdb:
UPDATE users SET admin = 1 WHERE name = '@foo:bar.com'
What is the recommended way to perform this on Cloudron?Thanks a lot in advance.
Stay healthy everyone!Is there any recommended way to set a user as an admin in the app store released version of matrix?
Thanks!
-
@NCKNE The sql command is probably the way to go for the app store version as well. I will put it in the docs. That said, I am yet to figure what an admin can do that a normal user cannot. Do special controls appear in the riot ui for admins?
-
OK, I found https://github.com/vector-im/riot-web/issues/4125 which is an open issue for implementing admin functions in Riot. I also found https://github.com/Awesome-Technologies/synapse-admin which can probably be run locally.
-
@girish Getting an error on verifying:
$ curl https://example.com/.well-known/matrix/server
curl: (6) Could not resolve host: example.com (I used my own domain)I chowned the matrix folder and server file to be owned by yellowtent. I had to use sudo to get the mkdir command to work.
I set permissions of 0600 on the server file.
There is no app at example.com.
Matrix is installed at matrix.example.com.
Do I need to manually add a DNS entry for example.com? -
@will You need to have an app installed at
example.com. You can even set it to redirect to some other existing app i.e go to existing app -> Location -> Add redirection. -
Hey! Works very very well. Runs smooth and does its job. But no LDAP would be a great feature for future
-
@will you can just enable registration in homeserver.yaml and you're good to go
-
well you can enable it yes, but users who registered were not able to login (?). I guess this is because it only accepts login from LDAP?
-
worked fine before when I tested it, did you also set
password_config: enabled: true localdb_enabled: trueand maybe restarted matrix?
-
@girish added a redirect for matrix, and it works! Is this only needed if an app lives at rimmer.cloud or do I need it regardless?
