Matrix Synapse [NaWiki]

Originalartikel

Backup

<html> <div class=„level1“ readability=„29“> <p><a href=„https://matrix.org/“ class=„urlextern“ title=„https://matrix.org/“ rel=„nofollow“>Matrix</a> is an open standard for interoperable, decentralised, real-time communication over IP. It can be used to power Instant Messaging, VoIP and Internet of Things communication - or anywhere you need a standard HTTP <abbr title=„Application Programming Interface“>API</abbr> for publishing and subscribing to data whilst tracking the conversation history.</p> <p>Synapse is a reference homeserver implementation from the core development team at matrix.org, written in Python/Twisted.</p> <p>In this guide, we will show you step-by-step how to install and configure Synapse on Ubuntu 18.04. We will configure Synapse and the Nginx web server as a reverse proxy for it and implement the HTTPS connection between clients and the front-end Nginx web server. We will also show how to set up a PostgreSQL database for better performance.</p> <p>This guide explains one way to setup a Synapse server. There are many other correct ways to setup a Matrix server and that is the reason why there are so many guides. Feel free to choose the guide that suits your setup the best.</p> </div> <h2 class=„sectionedit2“ id=„how_to_install_synapse_on_ubuntu_1804_lts“>How to install Synapse on Ubuntu 18.04 LTS</h2> <h3 class=„sectionedit3“ id=„prerequisites“>Prerequisites</h3> <div class=„level3“> <ul readability=„2“><li class=„level1“ readability=„1“> <p>Ubuntu 18.04 secured with <a href=„https://www.natrius.eu/dokuwiki/doku.php?id=digital:server:hardening#first_minutes“ class=„wikilink1“ title=„digital:server:hardening“>basic security</a></p> </li> <li class=„level1“> <p>Root privileges</p> </li> <li class=„level1“ readability=„2“> <p>A domain name for your server</p> </li> </ul></div> <h3 class=„sectionedit4“ id=„what_we_will_do“>What we will do</h3> <div class=„level3“> <ul readability=„7“><li class=„level1“ readability=„2“> <p>Update and Upgrade System</p> </li> <li class=„level1“> <p>Install Synapse</p> </li> <li class=„level1“> <p>Configure Synapse</p> </li> <li class=„level1“ readability=„2“> <p>Generate SSL certificates using Let's Encrypt</p> </li> <li class=„level1“ readability=„2“> <p>Install and configure Nginx as a reverse proxy</p> </li> <li class=„level1“ readability=„6“> <p>Install and configure Postgres instead of SQLite (optional but highly recommended, SQLite should not be used in production)</p> </li> <li class=„level1“> <p>Setup UFW Firewall</p> </li> <li class=„level1“ readability=„2“> <p>Create a new Matrix user on your server</p> </li> <li class=„level1“> <p>Check federation</p> </li> <li class=„level1“ readability=„2“> <p>Test the installation</p> </li> </ul></div> <div class=„level3“ readability=„17“> <p><strong>Read the whole tutorial before starting to install the server.</strong></p> <p>Login to your Ubuntu server and add the repository key to make sure any installations and updates have been signed by the developers and to stop any unauthorized packages from being installed on your server.</p> <pre class=„code“>sudo apt install -y lsb-release wget apt-transport-https sudo wget -O /usr/share/keyrings/matrix-org-archive-keyring.gpg https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg echo „deb [signed-by=/usr/share/keyrings/matrix-org-archive-keyring.gpg] https://packages.matrix.org/debian/ $(lsb_release -cs) main“ | sudo tee /etc/apt/sources.list.d/matrix-org.list</pre> <p>Update the repository and upgrade all packages using the apt command below.</p> <pre class=„code“>sudo sh -c 'apt update &amp;&amp; apt upgrade'</pre></div> <h3 class=„sectionedit6“ id=„step_2_-_install_synapse“>Step 2 - Install Synapse</h3> <div class=„level3“ readability=„33“> <p>Install matrix-synapse using the apt command as below. (You can add the option 

-y

to assume &#8220;yes&#8221; as answer to all prompts and run non-interactively) The name is 

matrix-synapse-py3

because there is already another package name 

synapse

.There is also a 

matrix-synapse

package available but this uses Python 2 and it will stop being updated soon as Python 2 reaches end of life.</p> <pre class=„code“>sudo apt install matrix-synapse-py3</pre> <p>During the installation, it will ask you about the matrix server name - type in your domain 

example.com

. (We will not use 

matrix.example.com

, because we also don't use 

mail.example.com

for our E-Mails. This will work with well.known, SRV-records and nginx.</p> <p><strong>Don't leave the hostname blank during setup.</strong></p> <p>If you want to provide the team with information about your setup with an anonymous data report, choose 'Yes', otherwise leave it at 'No'.</p> <p>When the Synapse installation is complete, start the service and enable it to launch everytime at system boot.</p> <pre class=„code“>sudo systemctl start matrix-synapse.service sudo systemctl enable matrix-synapse.service</pre> <p>Synapse is now up and running using the default configuration on port '8008' and '8448'. Check the open ports using netstat command.</p> <pre class=„code“>sudo ss -plntu</pre></div> <h4 id=„set_up_wellknown“>Set up well.known</h4> <div class=„level4“ readability=„9“> <p>On your webserver a file at 

/.well-known/matrix/server

has to be set up with the following content</p> <pre class=„code“>{ 

  "m.server": "synapse.example.com:443"

}</pre> <p>Where 

/

is the root of your webserver. So if you navigate to 

<a href="https://example.com/.well-known/matrix.server" class="urlextern" title="https://example.com/.well-known/matrix.server" rel="nofollow">https://example.com/.well-known/matrix.server</a>

it may try to download the 

server

file or show it directly.</p> </div> <h4 id=„set_up_srv“>Set up SRV</h4> <div class=„level4“ readability=„19“> <p>By setting an SRV record in your <abbr title=„Domain Name System“>DNS</abbr> provider, it is possible to tell other matrix servers where to connect to the server, pointing them to the correct hostname and port, in this example the default port (8448) is still used:</p> <pre class=„code“>_matrix._tcp.example.com. 3600 IN SRV 10 5 443 synapse.example.com.</pre> <p>There is still an A record needed, pointing to the IP-addess of synapse on the subdomain (matrix.example.com). This way others can add your user with 

@user:example.com

instead of 

@user:matrix.example.com

.</p> </div> <h3 class=„sectionedit7“ id=„step_3_-_configure_synapse“>Step 3 - Configure Synapse</h3> <div class=„level3“ readability=„23“> <p>After the Synapse installation, we will configure it to run under the local IP address, disable Synapse registration, and enable the registration-shared-secret.</p> <p>Before editing the home server configuration, we need to generate the shared secret key with the following command.</p> <pre class=„code“>cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1</pre> <p>And you will get a generated key. We will disable the registration for now and then copy the key into the homeserver configuration file. To disable the Synapse registration, uncomment the 

registration_shared_secret

(Delete the 

#

and don't leave a whitespace)</p> <pre class=„code“>sudoedit /etc/matrix-synapse/homeserver.yaml</pre> <p> 

enable_registration: False

</p> <p> 

registration_shared_secret: [shared_secred_key]

</p> </div> <h4 id=„check_ports“>Check ports</h4> <div class=„level4“ readability=„20“> <p><strong>The best is to leave it default as it comes delivered</strong> (watch here <a href=„https://github.com/matrix-org/synapse/blob/master/docs/sample_config.yaml“ class=„urlextern“ title=„https://github.com/matrix-org/synapse/blob/master/docs/sample_config.yaml“ rel=„nofollow“>https://github.com/matrix-org/synapse/blob/master/docs/sample_config.yaml</a> ), so check if it matches the follwing:</p> <pre class=„code“>sudoedit /etc/matrix-synapse/homeserver.yaml</pre> <pre class=„code“>- port: 8008 

  tls: false
  bind_addresses: ['::1', '127.0.0.1']
  type: http

x_forwarded: true</pre> <p>Be aware that indentation is important in *.yaml files!</p> <p>Save and exit.</p> <p><strong>Note:</strong> 

registration_shared_secret

: <strong>If set allows registration by anyone who also has the shared secret, even if registration is disabled.</strong></p> <p>Now restart the Synapse services.</p> <pre class=„code“>sudo systemctl restart matrix-synapse.service</pre> <p>Check the homeserver service with the following command</p> <pre class=„code“>sudo ss -plntu</pre> <p>You will get the Synapse service is now on the local IP address. And we have completed the Synapse installation and configuration.</p> </div> <h3 class=„sectionedit8“ id=„step_4_-_generate_ssl_letsencrypt_certificates“>Step 4 - Generate SSL Letsencrypt Certificates</h3> <div class=„level3“ readability=„44“> <p>In this tutorial, we will enable HTTPS for the Nginx reverse proxy, and we will generate the SSL certificate files from Letsencrypt. So, start with installing the letsencrypt tool. (it is possible to add -y again)</p> <pre class=„code“>sudo apt install letsencrypt</pre> <p>If nginx is installed first, lets stop nginx so certbot can listen to port 80</p> <pre class=„code“>sudo systemctl stop nginx.service</pre> <p>Install the most recent certbot</p> <pre class=„code“>sudo add-apt-repository ppa:certbot/certbot sudo apt-get install certbot python-certbot-nginx</pre> <p>Generate the SSL certificate files for the matrix domain name 

example.com

using the certbot command as shown below.</p> <pre class=„code“>sudo certbot –nginx</pre> <p>The Letsencrypt tool will generate SSL certificate files by running the 'standalone' temporary web server for verification. When it's complete, you will get the information that its done and where the certificates are stored. Usally the SSL certificate files for the Synapse domain name 

example.com

are generated inside the 

/etc/letsencrypt/live/

directory.</p> <pre class=„code“>Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for example.com Waiting for verification… Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: 

 /etc/letsencrypt/live/example.com/fullchain.pem
 Your key file has been saved at:
 /etc/letsencrypt/live/example.com/privkey.pem
 Your cert will expire on 2019-03-03. To obtain a new or tweaked
 version of this certificate in the future, simply run certbot
 again. To non-interactively renew *all* of your certificates, run
 "certbot renew"

- Your account credentials have been saved in your Certbot 

 configuration directory at /etc/letsencrypt. You should make a
 secure backup of this folder now. This configuration directory will
 also contain certificates and private keys obtained by Certbot so
 making regular backups of this folder is ideal.

- If you like Certbot, please consider supporting our work by: 

 Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 Donating to EFF:                    https://eff.org/donate-le</pre>

<p>There should already be a cronjob generater for automatic renewal of the certs, as they last only 90 days. To check if the cron is up</p> <pre class=„code“>sudo certbot renew –dry-run</pre></div> <h3 class=„sectionedit9“ id=„step_5_-_install_and_configure_nginx_as_a_reverse_proxy“>Step 5 - Install and configure Nginx as a reverse proxy</h3> <div class=„level3“ readability=„44“> <p>Now install the Nginx web server and configure it as a reverse proxy for the homeserver that is running on the port '8008'. Start with installing the Nginx web server using the apt command below. (it is possible to add -y again)</p> <pre class=„code“>sudo apt install nginx</pre> <p>After the installation is complete, start the service and enable it to launch everytime at system boot</p> <pre class=„code“>sudo systemctl start nginx.service sudo systemctl enable nginx.service</pre> <p>Next, we will create a new virtual host configuration for the domain name 

example.com

. Go to the '/etc/nginx' configuration directory and create a new virtual host file 'matrix'.</p> <pre class=„code“>sudoedit /etc/nginx/sites-available/matrix</pre> <p>Paste the following configuration there, changing the domain 

example.com

to your own:</p> <pre class=„code“>server { 

     listen 80;
     server_name example.com;
     return 301 https://$server_name$request_uri;

} server { 

  listen 443 ssl;
  listen [::]:443 ssl;
  server_name example.com;
  ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
  # If you don't wanna serve a site, comment this out
  root /var/www/html;
  index index.html index.htm;
  location /_matrix {
    proxy_pass http://127.0.0.1:8008;
    proxy_set_header X-Forwarded-For $remote_addr;
  }
  location /.well-known/matrix/server {
    return 200 '{"m.server": "example.com:443"}';
    add_header Content-Type application/json;
  }
  location /.well-known/matrix/client {
    return 200 '{"m.homeserver": {"base_url": "https://example.com"},"m.identity_server": {"base_url": "https://vector.im"}}';
    add_header Content-Type application/json;
    add_header "Access-Control-Allow-Origin" *;
  }

}</pre> <p><img src=„https://www.natrius.eu/dokuwiki/lib/images/smileys/fixme.gif“ class=„icon“ alt=„FIXME“/> 

location ~ ^/.well-known/matrix/client$ {

might need to escape the . Check it!</p> <p><img src=„https://www.natrius.eu/dokuwiki/lib/images/smileys/fixme.gif“ class=„icon“ alt=„FIXME“/> Same for 

location ~ ^/.well-known/matrix/server$ {

?</p> <p>Save and exit.</p> <p>Activate the virtual host file and test the configuration.</p> <pre class=„code“>sudo ln -s /etc/nginx/sites-available/matrix /etc/nginx/sites-enabled/</pre> <pre class=„code“>sudo nginx -t</pre> <p>If everything is fine, you should see the following output:</p> <pre class=„code“>nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful</pre> <p>Make sure there is no error, then restart the Nginx services.</p> <pre class=„code“>sudo systemctl restart nginx.service</pre> <p>Nginx installation and configuration as a reverse proxy for the Synapse homeserver has been completed.</p> </div> <h3 class=„sectionedit10“ id=„optional_step_6_-_postgresql_instead_of_sqlite“>(Optional) Step 6 - PostgreSQL instead of sqlite</h3> <div class=„level3“ readability=„8“> <p>While the step is marked as optional, it is <strong>strongly encouraged</strong> for any server that isn't purely for testing.</p> </div> <h4 id=„initial_postgresql_setup“>Initial PostgreSQL setup</h4> <div class=„level4“ readability=„12“> <pre class=„code“>sudo apt install postgresql</pre> <pre class=„code“>sudo -i -u postgres</pre> <pre class=„code“>psql</pre> <pre class=„code“>postgres=# CREATE USER „username“ WITH PASSWORD 'password';</pre> <pre class=„code“>postgres=# CREATE DATABASE synapse ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER „username“;</pre> <p>Where username can be 

synapse_user

, and password is a new strong password you set for postgresql.</p> <p>To end the postgre line just type in 

\q

and close the postegre-usershell with 

exit

</p> </div> <h4 id=„set_up_postgresql_for_synapse“>Set up PostgreSQL for Synapse</h4> <div class=„level4“ readability=„12“> <pre class=„code“>sudo apt install python3-psycopg2</pre> <p>Afterwards edit in the homeserver.yaml the database section</p> <pre class=„code“>sudoedit /etc/matrix-synapse/homeserver.yaml</pre> <pre class=„code“>database: 

  name: psycopg2
  args:
      user: &lt;user&gt;
      password: &lt;pass&gt;
      database: &lt;db&gt;
      host: &lt;host&gt;
      cp_min: 5
      cp_max: 10</pre>

<ul><li class=„level1“> <div class=„li“> 

user

is in this case 

synapse_user

</div> </li> <li class=„level1“ readability=„1“> <div class=„li“ readability=„7“> 

Database

should be the above created db, example 

&#8220;databse: synpase&#8221;

</div> </li> <li class=„level1“ readability=„1“> <div class=„li“ readability=„7“> 

Host

is the postgre hostname, usally 

/var/run/postgresql/

or 

127.0.0.1

</div> </li> </ul><p>Now restart the Synapse services.</p> <pre class=„code“>sudo systemctl restart matrix-synapse.service</pre></div> <h3 class=„sectionedit11“ id=„migrating_from_sqlite_to_postgresql“>Migrating from SQlite to PostgreSQL</h3> <div class=„level3“ readability=„5“> <p>There is no need for this if you have nothing done yet with synapse, otherwise, please refer to <a href=„https://github.com/matrix-org/synapse/blob/master/docs/postgres.rst“ class=„urlextern“ title=„https://github.com/matrix-org/synapse/blob/master/docs/postgres.rst“ rel=„nofollow“>https://github.com/matrix-org/synapse/blob/master/docs/postgres.rst</a></p> </div> <h3 class=„sectionedit12“ id=„step_7_-_setup_ufw_firewall“>Step 7 - Setup UFW Firewall</h3> <div class=„level3“ readability=„15“> <p>Open the needed ports for our services. We will only allow SSH, HTTP, HTTPS and 8448 (for federation) connection on the UFW firewall configuration. To add them to the UFW firewall configuration, run the following commands.</p> <pre class=„code“>sudo ufw allow ssh sudo ufw allow http sudo ufw allow https sudo ufw allow 8448</pre> <p>Now enable the UFW firewall service and then check the status.</p> <pre class=„code“>sudo ufw enable sudo ufw status</pre></div> <h3 class=„sectionedit13“ id=„step_8_-_create_a_new_matrix_user“>Step 8 - Create a New Matrix User</h3> <div class=„level3“ readability=„18“> <p>At this stage, the Synapse homeserver installation and configuration is complete. And in this step, we need to add a new matrix user from the command line on the server. To create a new matrix user, run the command below.</p> <pre class=„code“>register_new_matrix_user -c /etc/matrix-synapse/homeserver.yaml http://localhost:8008</pre> <p>Now you need to input the user name, password, and decide whether the user will have the admin privileges or not. And we have created a new matrix user with admin privilege.</p> </div> <h3 class=„sectionedit14“ id=„step_9_-_testing“>Step 9 - Testing</h3> <div class=„level3“ readability=„25“> <p>If you have used Riot with the desktop application before you may not want to log out, so it is better to go to <a href=„https://riot.im/app/“ class=„urlextern“ title=„https://riot.im/app/“ rel=„nofollow“>https://riot.im/app/</a> and press &#8220;Launch now&#8221;. If you have used the web client before, download the Riot desktop application, install it and open the Riot software. With both you will get the Matrix login page now. Type the matrix username and password, then choose the 'Custom server' option and type the domain name from your server 

example.com

in. Click the 

Sign In

button and you will get to the Riot Dashboard.</p> <p>The Synapse homeserver is up and running under the Nginx reverse proxy HTTPS connection, and the user is now logged in to the Synapse homeserver using the Riot application.</p> <p>If you need two instances of riot instead, you can start it with argument, refer to <a href=„https://www.natrius.eu/dokuwiki/doku.php?id=digital:software:riotim“ class=„wikilink1“ title=„digital:software:riotim“>Riot.im</a>.</p> <p>For another way to test it, go to 

<a href="https://example.com/_matrix/client/versions" class="urlextern" title="https://example.com/_matrix/client/versions" rel="nofollow">https://example.com/_matrix/client/versions</a>

and the output should look like the following:</p> <pre class=„code xml“>unstable_features m.lazy_load_members true versions 0 „r0.0.1“ 1 „r0.1.0“ 2 „r0.2.0“ 3 „r0.3.0“</pre></div> <h3 class=„sectionedit15“ id=„step_10_-_federation“>Step 10 - Federation</h3> <div class=„level3“ readability=„6“> <p>You can test if federation is working using <a href=„https://federationtester.matrix.org“ class=„urlextern“ title=„https://federationtester.matrix.org“ rel=„nofollow“>https://federationtester.matrix.org</a>. If any of the checks show an error then federation won't work. Other federation-testers include:</p> <ul readability=„0“><li class=„level1“ readability=„0“> <p><a href=„https://fed.mau.dev/“ class=„urlextern“ title=„https://fed.mau.dev/“ rel=„nofollow“>https://fed.mau.dev/</a></p> </li> </ul></div> <h2 class=„sectionedit16“ id=„explanations“>Explanations</h2> <h3 class=„sectionedit17“ id=„presence“>Presence</h3> <div class=„level3“ readability=„12“> <p>Unfortunately presence is right now broken and generates a high load. It is possible to deactivate it, but the user avatars will be grey afterwards on the homeserver. To deactivate, open 

homeserver.yaml

and add</p> <pre class=„code“>sudoedit /etc/matrix-synapse/homeserver.yaml</pre> <p> 

use_presence: False

</p> </div> <h3 class=„sectionedit18“ id=„do_i_need_a_turn-server_ex_coturn“>Do i need a TURN-Server (ex. COTURN)</h3> <div class=„level3“ readability=„8“> <p>It's only necessary when both parties are behind NAT. Otherwise 1-on-1 communication should work fine. Group-Calls via Riot will be handled with jitsi.riot.im and are not handled by the homeserver.</p> </div> <h3 class=„sectionedit19“ id=„port_8008_and_8448“>Port 8008 and 8448</h3> <div class=„level3“ readability=„7“> <p>TCP port 8008 is the port for clients, TCP port 8448 is the federation port for HTTPS.</p> </div> <h3 class=„sectionedit20“ id=„signature_errors“>Signature errors</h3> <div class=„level3“ readability=„10“> <p>Don't be worried about signature errors when joining rooms, timeouts from random domain names, and failed requests to random domain names.</p> </div> <h3 class=„sectionedit21“ id=„certificate_errors“>Certificate errors</h3> <h4 id=„certificates_and_letsencrypt“>Certificates and LetsEncrypt</h4> <div class=„level4“ readability=„14“> <p><strong>CLIENT</strong> and <strong>FEDERATION</strong> ports are <strong>DIFFERENT</strong>, they do not use the same port.</p> <ul readability=„12“><li class=„level1“ readability=„16“> <p><strong>TCP 8448 (Default, can change):</strong> Federation, HTTPS, original generated self-signed certificate, directly exposing port TCP 8448 of synapse (NO reverse proxy, NO replace certificate)</p> </li> <li class=„level1“ readability=„10“> <p><strong>TCP 443:</strong> Clients, HTTPS, regular certificate (e.g. Let's Encrypt), reversed proxy to port TCP 8008 of synapse</p> </li> </ul><p>The self-signed certificate of synapse <strong>SHOULD NOT</strong> be replaced and port 8448 should only be used for federation (server traffic) and directly exposed publicly. For clients connections, a reverse proxy should be reachable publicly with a regular certificate (e.g. Let's Encrypt) on port 443 that goes to the port 8008 of synapse.</p> </div> <h4 id=„why_are_certificate_errors_actually_perfectly_safe“>Why are certificate errors actually perfectly safe?</h4> <div class=„level4“ readability=„16“> <p>Because matrix (at this point) uses <a href=„https://perspectivessecurity.wordpress.com/“ class=„urlextern“ title=„https://perspectivessecurity.wordpress.com/“ rel=„nofollow“>perspectives</a> to validate certificates so there is no need to validate a certificate by an certificate authority. Tl;dr: Other matrix server look at the cert, and if they see the same cert your server does, you're not being MITM'ed (Man-in-the-middle), a bit like peer validation. It is possible to configure which peers are trusted in 

homeserver.yaml

, by default it's just 

matrix.org

.</p> </div> <h2 class=„sectionedit22“ id=„optional_settings“>Optional settings</h2> <h3 class=„sectionedit23“ id=„disable_presence“>Disable presence</h3> <div class=„level3“ readability=„9“> <p>Add 

use_presence: False

in the 

homeserver.yaml

to deactivate presence. (Improves the performance dramstically at this moment, because presence is not working quite well).</p> </div> <h3 class=„sectionedit24“ id=„autojoin_a_room_on_registration“>Autojoin a room on registration</h3> <div class=„level3“ readability=„8“> <p>There is a setting for that.</p> <pre class=„code“>sudoedit /etc/matrix-synapse/homeserver.yaml</pre> <pre class=„code“># Users who register on this homeserver automatically join # to these rooms auto_join_rooms: </pre></div> <h2 class=„sectionedit25“ id=„troubleshooting“>Troubleshooting</h2> <div class=„level2“ readability=„8“> <p>If your need help, get as much information as possible (<a href=„https://www.natrius.eu/dokuwiki/doku.php?id=digital:server:matrixsynapse#whats_my_version“ title=„digital:server:matrixsynapse &#8629;“ class=„wikilink1“>Installed version</a>, &#8230;) and join <a href=„https://matrix.to/#/#synapse:matrix.org“ class=„urlextern“ title=„https://matrix.to/#/#synapse:matrix.org“ rel=„nofollow“>https://matrix.to/#/#synapse:matrix.org</a>. If it worked before, try to remember what was changed.</p> </div> <h3 class=„sectionedit26“ id=„whats_my_version“>Whats my version</h3> <div class=„level3“> <ul readability=„0“><li class=„level1“ readability=„0“> <p><a href=„https://example.com/_matrix/federation/v1/version“ class=„urlextern“ title=„https://example.com/_matrix/federation/v1/version“ rel=„nofollow“>https://example.com/_matrix/federation/v1/version</a></p> </li> </ul></div> <h3 class=„sectionedit27“ id=„location_of_logs“>Location of logs</h3> <div class=„level3“ readability=„10“> <p>Check matrix with 

journalctl -xe

and 

systemctl status matrix-synapse

</p> <p>A good way to check the logs is 

tail -20 [PATH]

. 

tail

will show the last lines of a file, with 

-20

it is possible to see the last 20 lines.</p> </div> <h4 id=„matrix“>Matrix</h4> <div class=„level4“ readability=„6“> <pre class=„code“>/var/log/matrix-synapse/homeserver.log</pre></div> <h4 id=„nginx“>Nginx</h4> <div class=„level4“ readability=„6“> <pre class=„code“>/var/log/nginx/error.log /var/log/nginx/application.log</pre></div> <h3 class=„sectionedit28“ id=„wipe_synapse“>Wipe Synapse</h3> <div class=„level3“ readability=„14“> <p>In case there is a new installation needed for whatever reason.</p> <p>Stop the Synapse server</p> <pre class=„code“>sudo systemctl stop matrix-synapse</pre> <p>Purge Synapse itself and everything related to it.</p> <pre class=„code“>sudo apt purge matrix-synapse</pre> <pre class=„code“>sudo rm -r /var/log/matrix-synapse/ &amp;&amp; sudo rm -r /var/lib/matrix-synapse/ &amp;&amp; sudo rm -r /etc/matrix-synapse/</pre> <p>Also, delete the Synapse PostgreSQL user.</p> </div> <h3 class=„sectionedit29“ id=„move_synapse_to_another_server“>Move Synapse to another server</h3> <div class=„level3“ readability=„6“> <p>In order to move to another server the following is needed:</p> <ul><li class=„level1“> <div class=„li“>database (at 

/var/lib/matrix-synapse/

)</div> </li> <li class=„level1 node“ readability=„0“> <div class=„li“ readability=„6“>config files (*.yaml) (at 

/etc/matrix-synapse/

</div> <ul><li class=„level2“> <p>log.config</p> </li> </ul></li> <li class=„level1“> <p>server keys</p> </li> <li class=„level1“> <div class=„li“>media store (at 

/var/lib/matrix-synapse/

)</div> </li> </ul></div> <h3 class=„sectionedit30“ id=„wipe_history_of_a_room“>Wipe History of a room</h3> <div class=„level3“ readability=„10“> <p>It is not possible because it is a federated system. It is possible to redact messages but other servers need to be trusted to actually redact the messages. Think of Matrix like email in sense that once someone has a copy of a message its not possible to force them to do anything with it.</p> </div> <div class=„level2“ readability=„4“> <p>For feedback about this guide or tips on how to improve it visit <a href=„https://matrix.to/#/#synapseguide:matrix.org“ class=„urlextern“ title=„https://matrix.to/#/#synapseguide:matrix.org“ rel=„nofollow“>https://matrix.to/#/#synapseguide:matrix.org</a></p> </div> </html>