Installation Instructions
-Choosing your server name
-It is important to choose the name for your server before you install Synapse, -because it cannot be changed later.
-The server name determines the "domain" part of user-ids for users on your
-server: these will all be of the format @user:my.domain.name. It also
-determines how other matrix servers will reach yours for federation.
For a test configuration, set this to the hostname of your server. For a more
-production-ready setup, you will probably want to specify your domain
-(example.com) rather than a matrix-specific hostname here (in the same way
-that your email address is probably user@example.com rather than
-user@email.example.com) - but doing so may require more advanced setup: see
-Setting up Federation.
Installing Synapse
-Prebuilt packages
-Prebuilt packages are available for a number of platforms. These are recommended -for most users.
-Docker images and Ansible playbooks
-There is an official synapse image available at -https://hub.docker.com/r/matrixdotorg/synapse which can be used with -the docker-compose file available at -contrib/docker. -Further information on this including configuration options is available in the README -on hub.docker.com.
-Alternatively, Andreas Peters (previously Silvio Fricke) has contributed a -Dockerfile to automate a synapse server in a single Docker image, at -https://hub.docker.com/r/avhost/docker-matrix/tags/
-Slavi Pantaleev has created an Ansible playbook, -which installs the offical Docker image of Matrix Synapse -along with many other Matrix-related services (Postgres database, Element, coturn, -ma1sd, SSL support, etc.). -For more details, see -https://github.com/spantaleev/matrix-docker-ansible-deploy
-Debian/Ubuntu
-Matrix.org packages
-Matrix.org provides Debian/Ubuntu packages of Synapse, for the amd64 -architecture via https://packages.matrix.org/debian/.
-To install the latest release:
-sudo apt install -y lsb-release wget apt-transport-https
-sudo wget -O /usr/share/keyrings/matrix-org-archive-keyring.gpg https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg
-echo "deb [signed-by=/usr/share/keyrings/matrix-org-archive-keyring.gpg] https://packages.matrix.org/debian/ $(lsb_release -cs) main" |
- sudo tee /etc/apt/sources.list.d/matrix-org.list
-sudo apt update
-sudo apt install matrix-synapse-py3
-Packages are also published for release candidates. To enable the prerelease
-channel, add prerelease to the sources.list line. For example:
sudo wget -O /usr/share/keyrings/matrix-org-archive-keyring.gpg https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg
-echo "deb [signed-by=/usr/share/keyrings/matrix-org-archive-keyring.gpg] https://packages.matrix.org/debian/ $(lsb_release -cs) main prerelease" |
- sudo tee /etc/apt/sources.list.d/matrix-org.list
-sudo apt update
-sudo apt install matrix-synapse-py3
-The fingerprint of the repository signing key (as shown by gpg /usr/share/keyrings/matrix-org-archive-keyring.gpg) is
-AAF9AE843A7584B5A3E4CD2BCF45A512DE2DA058.
Downstream Debian packages
-We do not recommend using the packages from the default Debian buster
-repository at this time, as they are old and suffer from known security
-vulnerabilities. You can install the latest version of Synapse from
-our repository or from buster-backports. Please
-see the Debian documentation
-for information on how to use backports.
If you are using Debian sid or testing, Synapse is available in the default
-repositories and it should be possible to install it simply with:
sudo apt install matrix-synapse
-Downstream Ubuntu packages
-We do not recommend using the packages in the default Ubuntu repository -at this time, as they are old and suffer from known security vulnerabilities. -The latest version of Synapse can be installed from our repository.
-Fedora
-Synapse is in the Fedora repositories as matrix-synapse:
sudo dnf install matrix-synapse
-Oleg Girko provides Fedora RPMs at -https://obs.infoserver.lv/project/monitor/matrix-synapse
-OpenSUSE
-Synapse is in the OpenSUSE repositories as matrix-synapse:
sudo zypper install matrix-synapse
-SUSE Linux Enterprise Server
-Unofficial package are built for SLES 15 in the openSUSE:Backports:SLE-15 repository at -https://download.opensuse.org/repositories/openSUSE:/Backports:/SLE-15/standard/
-ArchLinux
-The quickest way to get up and running with ArchLinux is probably with the community package -https://www.archlinux.org/packages/community/any/matrix-synapse/, which should pull in most of -the necessary dependencies.
-pip may be outdated (6.0.7-1 and needs to be upgraded to 6.0.8-1 ):
-sudo pip install --upgrade pip
-If you encounter an error with lib bcrypt causing an Wrong ELF Class: -ELFCLASS32 (x64 Systems), you may need to reinstall py-bcrypt to correctly -compile it under the right architecture. (This should not be needed if -installing under virtualenv):
-sudo pip uninstall py-bcrypt
-sudo pip install py-bcrypt
-Void Linux
-Synapse can be found in the void repositories as 'synapse':
-xbps-install -Su
-xbps-install -S synapse
-FreeBSD
-Synapse can be installed via FreeBSD Ports or Packages contributed by Brendan Molloy from:
--
-
- Ports:
cd /usr/ports/net-im/py-matrix-synapse && make install clean
- - Packages:
pkg install py37-matrix-synapse
-
OpenBSD
-As of OpenBSD 6.7 Synapse is available as a pre-compiled binary. The filesystem
-underlying the homeserver directory (defaults to /var/synapse) has to be
-mounted with wxallowed (cf. mount(8)), so creating a separate filesystem
-and mounting it to /var/synapse should be taken into consideration.
Installing Synapse:
-doas pkg_add synapse
-NixOS
-Robin Lambertz has packaged Synapse for NixOS at: -https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/misc/matrix-synapse.nix
-Installing as a Python module from PyPI
-It's also possible to install Synapse as a Python module from PyPI.
-When following this route please make sure that the Platform-specific prerequisites are already installed.
-System requirements:
--
-
- POSIX-compliant system (tested on Linux & OS X) -
- Python 3.6 or later, up to Python 3.9. -
- At least 1GB of free RAM if you want to join large public rooms like #matrix:matrix.org -
To install the Synapse homeserver run:
-mkdir -p ~/synapse
-virtualenv -p python3 ~/synapse/env
-source ~/synapse/env/bin/activate
-pip install --upgrade pip
-pip install --upgrade setuptools
-pip install matrix-synapse
-This will download Synapse from PyPI
-and install it, along with the python libraries it uses, into a virtual environment
-under ~/synapse/env. Feel free to pick a different directory if you
-prefer.
This Synapse installation can then be later upgraded by using pip again with the -update flag:
-source ~/synapse/env/bin/activate
-pip install -U matrix-synapse
-Before you can start Synapse, you will need to generate a configuration -file. To do this, run (in your virtualenv, as before):
-cd ~/synapse
-python -m synapse.app.homeserver \
- --server-name my.domain.name \
- --config-path homeserver.yaml \
- --generate-config \
- --report-stats=[yes|no]
-... substituting an appropriate value for --server-name.
This command will generate you a config file that you can then customise, but it will
-also generate a set of keys for you. These keys will allow your homeserver to
-identify itself to other homeserver, so don't lose or delete them. It would be
-wise to back them up somewhere safe. (If, for whatever reason, you do need to
-change your homeserver's keys, you may find that other homeserver have the
-old key cached. If you update the signing key, you should change the name of the
-key in the <server name>.signing.key file (the second word) to something
-different. See the spec for more information on key management).
To actually run your new homeserver, pick a working directory for Synapse to
-run (e.g. ~/synapse), and:
cd ~/synapse
-source env/bin/activate
-synctl start
-Platform-specific prerequisites
-Synapse is written in Python but some of the libraries it uses are written in -C. So before we can install Synapse itself we need a working C compiler and the -header files for Python C extensions.
-Debian/Ubuntu/Raspbian
-Installing prerequisites on Ubuntu or Debian:
-sudo apt install build-essential python3-dev libffi-dev \
- python3-pip python3-setuptools sqlite3 \
- libssl-dev virtualenv libjpeg-dev libxslt1-dev
-ArchLinux
-Installing prerequisites on ArchLinux:
-sudo pacman -S base-devel python python-pip \
- python-setuptools python-virtualenv sqlite3
-CentOS/Fedora
-Installing prerequisites on CentOS or Fedora Linux:
-sudo dnf install libtiff-devel libjpeg-devel libzip-devel freetype-devel \
- libwebp-devel libxml2-devel libxslt-devel libpq-devel \
- python3-virtualenv libffi-devel openssl-devel python3-devel
-sudo dnf groupinstall "Development Tools"
-macOS
-Installing prerequisites on macOS:
-You may need to install the latest Xcode developer tools:
-xcode-select --install
-On ARM-based Macs you may need to explicitly install libjpeg which is a pillow dependency. You can use Homebrew (https://brew.sh):
- brew install jpeg
-On macOS Catalina (10.15) you may need to explicitly install OpenSSL
-via brew and inform pip about it so that psycopg2 builds:
brew install openssl@1.1
-export LDFLAGS="-L/usr/local/opt/openssl/lib"
-export CPPFLAGS="-I/usr/local/opt/openssl/include"
-OpenSUSE
-Installing prerequisites on openSUSE:
-sudo zypper in -t pattern devel_basis
-sudo zypper in python-pip python-setuptools sqlite3 python-virtualenv \
- python-devel libffi-devel libopenssl-devel libjpeg62-devel
-OpenBSD
-A port of Synapse is available under net/synapse. The filesystem
-underlying the homeserver directory (defaults to /var/synapse) has to be
-mounted with wxallowed (cf. mount(8)), so creating a separate filesystem
-and mounting it to /var/synapse should be taken into consideration.
To be able to build Synapse's dependency on python the WRKOBJDIR
-(cf. bsd.port.mk(5)) for building python, too, needs to be on a filesystem
-mounted with wxallowed (cf. mount(8)).
Creating a WRKOBJDIR for building python under /usr/local (which on a
-default OpenBSD installation is mounted with wxallowed):
doas mkdir /usr/local/pobj_wxallowed
-Assuming PORTS_PRIVSEP=Yes (cf. bsd.port.mk(5)) and SUDO=doas are
-configured in /etc/mk.conf:
doas chown _pbuild:_pbuild /usr/local/pobj_wxallowed
-Setting the WRKOBJDIR for building python:
echo WRKOBJDIR_lang/python/3.7=/usr/local/pobj_wxallowed \\nWRKOBJDIR_lang/python/2.7=/usr/local/pobj_wxallowed >> /etc/mk.conf
-Building Synapse:
-cd /usr/ports/net/synapse
-make install
-Windows
-If you wish to run or develop Synapse on Windows, the Windows Subsystem For -Linux provides a Linux environment on Windows 10 which is capable of using the -Debian, Fedora, or source installation methods. More information about WSL can -be found at https://docs.microsoft.com/en-us/windows/wsl/install-win10 for -Windows 10 and https://docs.microsoft.com/en-us/windows/wsl/install-on-server -for Windows Server.
-Setting up Synapse
-Once you have installed synapse as above, you will need to configure it.
-Using PostgreSQL
-By default Synapse uses an SQLite database and in doing so trades -performance for convenience. Almost all installations should opt to use PostgreSQL -instead. Advantages include:
--
-
- significant performance improvements due to the superior threading and -caching model, smarter query optimiser -
- allowing the DB to be run on separate hardware -
For information on how to install and use PostgreSQL in Synapse, please see -Using Postgres
-SQLite is only acceptable for testing purposes. SQLite should not be used in -a production server. Synapse will perform poorly when using -SQLite, especially when participating in large rooms.
-TLS certificates
-The default configuration exposes a single HTTP port on the local
-interface: http://localhost:8008. It is suitable for local testing,
-but for any practical use, you will need Synapse's APIs to be served
-over HTTPS.
The recommended way to do so is to set up a reverse proxy on port
-8448. You can find documentation on doing so in
-the reverse proxy documentation.
Alternatively, you can configure Synapse to expose an HTTPS port. To do
-so, you will need to edit homeserver.yaml, as follows:
-
-
- First, under the
listenerssection, uncomment the configuration for the -TLS-enabled listener. (Remove the hash sign (#) at the start of -each line). The relevant lines are like this:
-
- port: 8448
- type: http
- tls: true
- resources:
- - names: [client, federation]
--
-
-
-
You will also need to uncomment the
-tls_certificate_pathand -tls_private_key_pathlines under theTLSsection. You will need to manage -provisioning of these certificates yourself.If you are using your own certificate, be sure to use a
-.pemfile that -includes the full certificate chain including any intermediate certificates -(for instance, if using certbot, usefullchain.pemas your certificate, not -cert.pem).
-
For a more detailed guide to configuring your server for federation, see -Federation.
-Client Well-Known URI
-Setting up the client Well-Known URI is optional but if you set it up, it will
-allow users to enter their full username (e.g. @user:<server_name>) into clients
-which support well-known lookup to automatically configure the homeserver and
-identity server URLs. This is useful so that users don't have to memorize or think
-about the actual homeserver URL you are using.
The URL https://<server_name>/.well-known/matrix/client should return JSON in
-the following format.
{
- "m.homeserver": {
- "base_url": "https://<matrix.example.com>"
- }
-}
-It can optionally contain identity server information as well.
-{
- "m.homeserver": {
- "base_url": "https://<matrix.example.com>"
- },
- "m.identity_server": {
- "base_url": "https://<identity.example.com>"
- }
-}
-To work in browser based clients, the file must be served with the appropriate
-Cross-Origin Resource Sharing (CORS) headers. A recommended value would be
-Access-Control-Allow-Origin: * which would allow all browser based clients to
-view it.
In nginx this would be something like:
-location /.well-known/matrix/client {
- return 200 '{"m.homeserver": {"base_url": "https://<matrix.example.com>"}}';
- default_type application/json;
- add_header Access-Control-Allow-Origin *;
-}
-You should also ensure the public_baseurl option in homeserver.yaml is set
-correctly. public_baseurl should be set to the URL that clients will use to
-connect to your server. This is the same URL you put for the m.homeserver
-base_url above.
public_baseurl: "https://<matrix.example.com>"
-It is desirable for Synapse to have the capability to send email. This allows -Synapse to send password reset emails, send verifications when an email address -is added to a user's account, and send email notifications to users when they -receive new messages.
-To configure an SMTP server for Synapse, modify the configuration section
-headed email, and be sure to have at least the smtp_host, smtp_port
-and notif_from fields filled out. You may also need to set smtp_user,
-smtp_pass, and require_transport_security.
If email is not configured, password reset, registration and notifications via -email will be disabled.
-Registering a user
-The easiest way to create a new user is to do so from a client like Element.
-Alternatively, you can do so from the command line. This can be done as follows:
--
-
- If synapse was installed via pip, activate the virtualenv as follows (if Synapse was
-installed via a prebuilt package,
register_new_matrix_usershould already be -on the search path): -
-cd ~/synapse -source env/bin/activate -synctl start # if not already running -
- - Run the following command:
-
-register_new_matrix_user -c homeserver.yaml http://localhost:8008 -
-
This will prompt you to add details for the new user, and will then connect to -the running Synapse to create the new user. For example:
-New user localpart: erikj
-Password:
-Confirm password:
-Make admin [no]:
-Success!
-This process uses a setting registration_shared_secret in
-homeserver.yaml, which is shared between Synapse itself and the
-register_new_matrix_user script. It doesn't matter what it is (a random
-value is generated by --generate-config), but it should be kept secret, as
-anyone with knowledge of it can register users, including admin accounts,
-on your server even if enable_registration is false.
Setting up a TURN server
-For reliable VoIP calls to be routed via this homeserver, you MUST configure -a TURN server. See TURN setup for details.
-URL previews
-Synapse includes support for previewing URLs, which is disabled by default. To
-turn it on you must enable the url_preview_enabled: True config parameter
-and explicitly specify the IP ranges that Synapse is not allowed to spider for
-previewing in the url_preview_ip_range_blacklist configuration parameter.
-This is critical from a security perspective to stop arbitrary Matrix users
-spidering 'internal' URLs on your network. At the very least we recommend that
-your loopback and RFC1918 IP addresses are blacklisted.
This also requires the optional lxml python dependency to be installed. This
-in turn requires the libxml2 library to be available - on Debian/Ubuntu this
-means apt-get install libxml2-dev, or equivalent for your OS.
Troubleshooting Installation
-pip seems to leak lots of memory during installation. For instance, a Linux
-host with 512MB of RAM may run out of memory whilst installing Twisted. If this
-happens, you will have to individually install the dependencies which are
-failing, e.g.:
pip install twisted
-If you have any other problems, feel free to ask in -#synapse:matrix.org.
- -