STERNENLABOR

Wiki und Dokuspace

Benutzer-Werkzeuge

Webseiten-Werkzeuge

Sie befinden sich hier: Das Sternenlabor » PlayGround » Matrix » Matrix - 2. Testinstallation
Zuletzt angesehen: Matrix - 2. Testinstallation
playground:matrix:matrix_2ndinstallation

Inhaltsverzeichnis

Matrix - 2. Testinstallation

Basis Server Security

  • IPv4: 88.99.87.88
  • IPv6: 2a01:4f8:c17:b5ca::1
  • create admin user, change ssh port, deny root to logon only allow admi
  • make admin sudo and exec rights: usermod -a -G sudo admin && chsh -s /bin/bash admin
  • Logon with admin:
  sudo apt update && sudo apt upgrade -y
  sudo apt install -y git htop mc vnstat vnstati
  sudo apt install ufw
  sudo ufw allow 10022
  sudo ufw enable
  sudo ufw status verbose
 
* [Install nginx and adjust Firewall](https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-debian-10)
  sudo apt update
  sudo apt install nginx
  sudo ufw app list
  sudo ufw allow 'Nginx HTTP'
  sudo ufw allow 'Nginx HTTPS'
  • check Nginx+ firewall
  sudo ufw status
  systemctl status nginx
  ip addr show eth0 | grep inet | awk '{ print $2; }' | sed 's/\/.*$//'
  • Test: Logon via Browser to IP

Ngnix

  • Configure Nginx
  cd /etc/nginx/sites-available
  sudo nano matrix.sternenlabor.de
  sudo nano chat.sternenlabor.de
  cd /etc/nginx/sites-enabled
  sudo ln -s ../sites-available/matrix.sternenlabor.de matrix.sternenlabor.de
  sudo ln -s ../sites-available/chat.sternenlabor.de chat.sternenlabor.de
  service nginx reload

Matrix

  • Install and configure Matrix
    sudo apt install -y lsb-release wget apt-transport-https
    sudo wget -O /usr/share/keyrings/matrix-org-archive-keyring.gpg https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg
    echo "deb [signed-by=/usr/share/keyrings/matrix-org-archive-keyring.gpg] https://packages.matrix.org/debian/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/matrix-org.list
    sudo apt update
    sudo apt install -y matrix-synapse-py3      # Server name matrix.sternenlabor.de
    sudo apt install -y python3-certbot-nginx
    sudo certbot --nginx -d matrix.sternenlabor.de -m kontakt@sternenlabor.de
    cd /etc/matrix-synapse/
    sudo nano homeserver.yaml
      enable_registration: true  
      domain: matrix.sternenlabor.de    
    sudo systemctl restart matrix-synapse

Element

  • Install & Configure Element
   
  cd /var/www
  sudo mkdir chat.sternenlabor.de
  cd /var/www/chat.sternenlabor.de
  sudo wget https://github.com/vector-im/element-web/releases/download/v1.7.22/element-v1.7.22.tar.gz
  sudo tar -zxvf element-v1.7.22.tar.gz
  sudo ln -s element-v1.7.22 element
  sudo certbot --nginx -d chat.sternenlabor.de -m kontakt@sternenlabor.de
  cd /var/www/chat.sternenlabor.de/element
  sudo cp config.sample.json config.json
  sudo nano config.json
      "default_server_config": {
        "m.homeserver": {
            "base_url": "https://matrix.sternenlabor.de",                                                                                         "server_name": "sternenlabor.de"                                                                                                                                                        },
  service nginx reload

Postgres

  • Postgres installation and configuration
 
  sudo apt install -y postgresql libpq5
  sudo -u postgres bash   # --> **PW: ******
  psql
    CREATE DATABASE synapse ENCODING 'UTF8'  LC_COLLATE='C' LC_CTYPE='C' template=template0  OWNER synapse_user;
  • Test
    • List databases: `\l` - ok
    • Connect to database `\c synapse` -ok
    • List tables `\dt` - ok, no tables yet
  • find `hba_file.conf`
    • `sudo -u postgres bash`
    • `psql -t -P format=unaligned -c 'show hba_file';`
    • –> `/etc/postgresql/11/main/pg_hba.conf`
  • `nano /etc/postgresql/11/main/pg_hba.conf`
    • add: `host synapse synapse_user ::1/128 md5`
  • sudo nano /etc/matrix-synapse/homeserver.yaml

database: 

      name: psycopg2
      args:
        user: synapse_user
        password: ************
        database: synapse
        host: localhost
        cp_min: 5
        cp_max: 10
* sudo systemctl restart matrix-synapse    


  + sudo ufw allow 8448
+ sudo nano /var/www/chat.sternenlabor.de/element/config.json
   "disable_custom_urls": true,    
   "brand": "Sternenlabor Matrix",   
   "defaultCountryCode": "DE",  
   "roomDirectory": {
      "servers": [
          "matrix.sternenlabor.de",
          "matrix.eigenbaukombinat.de",
          "matrix.fablabchemnitz.de",
          "matrix.org"
      ]
   "jitsi": {
      "preferredDomain": "videochat.sternenlabor.de"    
+ sudo service nginx reload
+ sudo nano /etc/matrix-synapse/homeserver.yaml
  enable_group_creation = true

+ Metrics 

+ configure Synapse
+ `sudo nano /etc/matrix-synapse/homeserver.yaml` --> add listener and enable metrics
  enable_metrics: true  
  listeners:
    - type: metrics
      port: 9000
      bind_addresses:
        - '0.0.0.0'
+ `systemctl restart matrix-synapse`
+ sudo ufw allow 9000     # -> metrics port
+ Test: http://88.99.87.88:9000/_synapse/metrics

+ ToDo next: 
  + Metrics Aktivieren
  + Federation
  + Branding 
  + Finuetuning Matrix, Element, Postgress
  + Security: Captcha, Fail2Ban
  + Prometheus auf dedizierter Server oder später auf CloudServer
  + Idee für später: LoadBalancer einrichten und DB auf Volume verschieben,
playground/matrix/matrix_2ndinstallation.txt · Zuletzt geändert: 2022/03/21 23:31 von ecki
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki