2024-03-21 23:22:53 +01:00
# Generic deployment documentation
2020-08-12 21:17:53 +02:00
2022-02-04 17:57:59 +01:00
> ## Getting help
>
2022-12-18 06:52:18 +01:00
> If you run into any problems while setting up Conduit, write an email to `conduit@koesters.xyz`, ask us
2022-02-04 17:57:59 +01:00
> in `#conduit:fachschaften.org` or [open an issue on GitLab](https://gitlab.com/famedly/conduit/-/issues/new).
2020-08-12 21:17:53 +02:00
2021-01-01 13:47:53 +01:00
## Installing Conduit
2020-08-12 21:17:53 +02:00
2023-05-21 15:16:23 +02:00
Although you might be able to compile Conduit for Windows, we do recommend running it on a Linux server. We therefore
2021-11-21 18:34:08 +01:00
only offer Linux binaries.
2021-07-11 13:43:48 +02:00
2024-04-25 09:50:45 +02:00
You may simply download the binary that fits your machine. Run `uname -m` to see what you need. For `arm` , you should use `aarch` . Now copy the appropriate url:
2021-07-11 13:43:48 +02:00
2024-04-25 09:50:45 +02:00
**Stable/Main versions:**
2024-01-29 23:50:30 +01:00
2024-04-25 09:50:45 +02:00
| Target | Type | Download |
|-|-|-|
| `x86_64-unknown-linux-musl` | Statically linked Debian package | [link ](https://gitlab.com/api/v4/projects/famedly%2Fconduit/jobs/artifacts/master/raw/x86_64-unknown-linux-musl.deb?job=artifacts ) |
2024-06-09 12:19:23 +02:00
| `aarch64-unknown-linux-musl` | Statically linked Debian package | [link ](https://gitlab.com/api/v4/projects/famedly%2Fconduit/jobs/artifacts/master/raw/aarch64-unknown-linux-musl.deb?job=artifacts ) |
2024-04-25 09:50:45 +02:00
| `x86_64-unknown-linux-musl` | Statically linked binary | [link ](https://gitlab.com/api/v4/projects/famedly%2Fconduit/jobs/artifacts/master/raw/x86_64-unknown-linux-musl?job=artifacts ) |
| `aarch64-unknown-linux-musl` | Statically linked binary | [link ](https://gitlab.com/api/v4/projects/famedly%2Fconduit/jobs/artifacts/master/raw/aarch64-unknown-linux-musl?job=artifacts ) |
| `x86_64-unknown-linux-gnu` | OCI image | [link ](https://gitlab.com/api/v4/projects/famedly%2Fconduit/jobs/artifacts/master/raw/oci-image-amd64.tar.gz?job=artifacts ) |
| `aarch64-unknown-linux-musl` | OCI image | [link ](https://gitlab.com/api/v4/projects/famedly%2Fconduit/jobs/artifacts/master/raw/oci-image-arm64v8.tar.gz?job=artifacts ) |
2022-10-29 14:32:22 +02:00
These builds were created on and linked against the glibc version shipped with Debian bullseye.
2023-05-21 09:04:58 +02:00
If you use a system with an older glibc version (e.g. RHEL8), you might need to compile Conduit yourself.
2022-10-29 14:32:22 +02:00
2024-04-25 09:50:45 +02:00
**Latest/Next versions:**
2024-01-29 23:50:30 +01:00
| Target | Type | Download |
|-|-|-|
2024-03-05 08:12:17 +01:00
| `x86_64-unknown-linux-musl` | Statically linked Debian package | [link ](https://gitlab.com/api/v4/projects/famedly%2Fconduit/jobs/artifacts/next/raw/x86_64-unknown-linux-musl.deb?job=artifacts ) |
2024-06-09 12:19:23 +02:00
| `aarch64-unknown-linux-musl` | Statically linked Debian package | [link ](https://gitlab.com/api/v4/projects/famedly%2Fconduit/jobs/artifacts/next/raw/aarch64-unknown-linux-musl.deb?job=artifacts ) |
2024-03-05 08:12:17 +01:00
| `x86_64-unknown-linux-musl` | Statically linked binary | [link ](https://gitlab.com/api/v4/projects/famedly%2Fconduit/jobs/artifacts/next/raw/x86_64-unknown-linux-musl?job=artifacts ) |
| `aarch64-unknown-linux-musl` | Statically linked binary | [link ](https://gitlab.com/api/v4/projects/famedly%2Fconduit/jobs/artifacts/next/raw/aarch64-unknown-linux-musl?job=artifacts ) |
| `x86_64-unknown-linux-gnu` | OCI image | [link ](https://gitlab.com/api/v4/projects/famedly%2Fconduit/jobs/artifacts/next/raw/oci-image-amd64.tar.gz?job=artifacts ) |
| `aarch64-unknown-linux-musl` | OCI image | [link ](https://gitlab.com/api/v4/projects/famedly%2Fconduit/jobs/artifacts/next/raw/oci-image-arm64v8.tar.gz?job=artifacts ) |
2020-10-20 14:18:20 +02:00
2020-08-12 21:17:53 +02:00
```bash
2021-01-11 20:28:47 +01:00
$ sudo wget -O /usr/local/bin/matrix-conduit < url >
$ sudo chmod +x /usr/local/bin/matrix-conduit
2020-08-12 21:17:53 +02:00
```
2023-05-21 09:04:58 +02:00
Alternatively, you may compile the binary yourself. First, install any dependencies:
2022-01-29 07:26:56 +01:00
```bash
2023-05-21 09:04:58 +02:00
# Debian
2022-01-29 07:26:56 +01:00
$ sudo apt install libclang-dev build-essential
2021-08-13 17:20:40 +02:00
2023-05-21 09:04:58 +02:00
# RHEL
$ sudo dnf install clang
```
Then, `cd` into the source tree of conduit-next and run:
2021-05-27 23:13:50 +02:00
```bash
$ cargo build --release
```
2021-11-21 18:34:08 +01:00
2021-04-06 15:17:39 +02:00
## Adding a Conduit user
2021-04-06 14:26:47 +02:00
2021-11-21 18:34:08 +01:00
While Conduit can run as any user it is usually better to use dedicated users for different services. This also allows
you to make sure that the file permissions are correctly set up.
2021-04-06 14:26:47 +02:00
2023-05-21 09:04:58 +02:00
In Debian or RHEL, you can use this command to create a Conduit user:
2021-04-06 14:26:47 +02:00
2021-08-17 14:44:53 +02:00
```bash
2023-08-01 13:03:31 +02:00
sudo adduser --system conduit --group --disabled-login --no-create-home
2021-04-06 15:17:39 +02:00
```
2020-08-12 21:17:53 +02:00
2022-06-13 20:45:12 +02:00
## Forwarding ports in the firewall or the router
2022-06-13 20:08:18 +02:00
Conduit uses the ports 443 and 8448 both of which need to be open in the firewall.
2022-06-13 20:45:12 +02:00
If Conduit runs behind a router or in a container and has a different public IP address than the host system these public ports need to be forwarded directly or indirectly to the port mentioned in the config.
2022-06-13 20:08:18 +02:00
2023-05-21 15:16:23 +02:00
## Optional: Avoid port 8448
2023-05-21 09:04:58 +02:00
If Conduit runs behind Cloudflare reverse proxy, which doesn't support port 8448 on free plans, [delegation ](https://matrix-org.github.io/synapse/latest/delegate.html ) can be set up to have federation traffic routed to port 443:
```apache
# .well-known delegation on Apache
< Files " / . well-known / matrix / server " >
ErrorDocument 200 '{"m.server": "your.server.name:443"}'
Header always set Content-Type application/json
Header always set Access-Control-Allow-Origin *
< / Files >
```
[SRV DNS record ](https://spec.matrix.org/latest/server-server-api/#resolving-server-names ) delegation is also [possible ](https://www.cloudflare.com/en-gb/learning/dns/dns-records/dns-srv-record/ ).
2021-01-01 13:47:53 +01:00
## Setting up a systemd service
2020-08-12 21:17:53 +02:00
2021-11-21 18:34:08 +01:00
Now we'll set up a systemd service for Conduit, so it's easy to start/stop Conduit and set it to autostart when your
server reboots. Simply paste the default systemd service you can find below into
2021-01-01 13:47:53 +01:00
`/etc/systemd/system/conduit.service` .
2020-08-12 21:17:53 +02:00
```systemd
[Unit]
2021-01-01 13:47:53 +01:00
Description=Conduit Matrix Server
2020-08-12 21:17:53 +02:00
After=network.target
[Service]
2021-01-01 13:47:53 +01:00
Environment="CONDUIT_CONFIG=/etc/matrix-conduit/conduit.toml"
2021-04-06 14:26:47 +02:00
User=conduit
2023-07-23 08:21:36 +02:00
Group=conduit
2020-08-12 21:17:53 +02:00
Restart=always
2021-01-01 13:47:53 +01:00
ExecStart=/usr/local/bin/matrix-conduit
2020-08-12 21:17:53 +02:00
[Install]
WantedBy=multi-user.target
```
Finally, run
2021-04-15 23:08:13 +02:00
2020-08-12 21:17:53 +02:00
```bash
$ sudo systemctl daemon-reload
```
2021-01-01 13:47:53 +01:00
## Creating the Conduit configuration file
2024-03-11 06:34:25 +01:00
Now we need to create the Conduit's config file in
`/etc/matrix-conduit/conduit.toml` . Paste in the contents of
2024-03-13 18:01:41 +01:00
[`conduit-example.toml` ](../configuration.md ) **and take a moment to read it.
2024-03-11 06:34:25 +01:00
You need to change at least the server name.**
2022-06-16 15:23:45 +02:00
You can also choose to use a different database backend, but right now only `rocksdb` and `sqlite` are recommended.
2021-04-15 23:08:13 +02:00
2021-04-06 14:26:47 +02:00
## Setting the correct file permissions
2021-11-21 18:34:08 +01:00
As we are using a Conduit specific user we need to allow it to read the config. To do that you can run this command on
2023-05-21 09:04:58 +02:00
Debian or RHEL:
2021-04-06 14:26:47 +02:00
2021-08-17 14:44:53 +02:00
```bash
2022-02-21 22:28:13 +01:00
sudo chown -R root:root /etc/matrix-conduit
sudo chmod 755 /etc/matrix-conduit
2021-04-06 15:17:39 +02:00
```
2021-04-06 14:26:47 +02:00
2021-04-06 15:17:39 +02:00
If you use the default database path you also need to run this:
2021-08-17 14:44:53 +02:00
```bash
2022-02-13 13:15:40 +01:00
sudo mkdir -p /var/lib/matrix-conduit/
2023-07-23 08:21:36 +02:00
sudo chown -R conduit:conduit /var/lib/matrix-conduit/
2022-02-21 22:35:08 +01:00
sudo chmod 700 /var/lib/matrix-conduit/
2021-04-06 15:17:39 +02:00
```
2021-04-06 14:26:47 +02:00
2021-01-01 13:47:53 +01:00
## Setting up the Reverse Proxy
2020-08-12 21:17:53 +02:00
2022-04-18 01:08:17 +02:00
This depends on whether you use Apache, Caddy, Nginx or another web server.
2021-01-01 13:47:53 +01:00
### Apache
Create `/etc/apache2/sites-enabled/050-conduit.conf` and copy-and-paste this:
2021-04-15 23:08:13 +02:00
2021-08-17 14:44:53 +02:00
```apache
2023-05-21 09:04:58 +02:00
# Requires mod_proxy and mod_proxy_http
#
# On Apache instance compiled from source,
# paste into httpd-ssl.conf or httpd.conf
2021-01-01 13:47:53 +01:00
Listen 8448
< VirtualHost *:443 * :8448 >
ServerName your.server.name # EDIT THIS
2020-08-12 21:17:53 +02:00
AllowEncodedSlashes NoDecode
2023-06-29 04:42:32 +02:00
ProxyPass /_matrix/ http://127.0.0.1:6167/_matrix/ timeout=300 nocanon
2021-04-23 20:27:35 +02:00
ProxyPassReverse /_matrix/ http://127.0.0.1:6167/_matrix/
2020-08-12 21:17:53 +02:00
< / VirtualHost >
```
2021-01-01 13:47:53 +01:00
**You need to make some edits again.** When you are done, run
2021-04-15 23:08:13 +02:00
2020-08-12 21:17:53 +02:00
```bash
2023-05-21 09:04:58 +02:00
# Debian
2020-08-12 21:17:53 +02:00
$ sudo systemctl reload apache2
2023-05-21 09:04:58 +02:00
# Installed from source
$ sudo apachectl -k graceful
2020-08-12 21:17:53 +02:00
```
2022-04-18 01:08:17 +02:00
### Caddy
2022-10-29 14:32:22 +02:00
2022-04-18 01:08:17 +02:00
Create `/etc/caddy/conf.d/conduit_caddyfile` and enter this (substitute for your server name).
2022-10-29 14:32:22 +02:00
2022-04-18 01:08:17 +02:00
```caddy
your.server.name, your.server.name:8448 {
reverse_proxy /_matrix/* 127.0.0.1:6167
}
```
2022-10-29 14:32:22 +02:00
2022-04-18 01:08:17 +02:00
That's it! Just start or enable the service and you're set.
2022-10-29 14:32:22 +02:00
2022-04-18 01:08:17 +02:00
```bash
$ sudo systemctl enable caddy
```
2021-01-01 13:47:53 +01:00
### Nginx
2021-11-21 18:34:08 +01:00
If you use Nginx and not Apache, add the following server section inside the http section of `/etc/nginx/nginx.conf`
2021-04-15 23:08:13 +02:00
2021-08-17 14:44:53 +02:00
```nginx
2021-01-01 13:47:53 +01:00
server {
2021-04-23 20:27:35 +02:00
listen 443 ssl http2;
listen [::]:443 ssl http2;
listen 8448 ssl http2;
listen [::]:8448 ssl http2;
2021-01-01 13:47:53 +01:00
server_name your.server.name; # EDIT THIS
2021-04-23 20:27:35 +02:00
merge_slashes off;
2021-01-01 13:47:53 +01:00
2022-10-27 06:23:07 +02:00
# Nginx defaults to only allow 1MB uploads
2023-06-29 04:42:32 +02:00
# Increase this to allow posting large files such as videos
2022-10-27 06:20:56 +02:00
client_max_body_size 20M;
2021-01-01 13:47:53 +01:00
location /_matrix/ {
2023-10-24 13:56:49 +02:00
proxy_pass http://127.0.0.1:6167;
2021-04-23 20:27:35 +02:00
proxy_set_header Host $http_host;
proxy_buffering off;
2023-06-29 04:42:32 +02:00
proxy_read_timeout 5m;
2021-01-01 13:47:53 +01:00
}
2021-04-23 20:27:35 +02:00
ssl_certificate /etc/letsencrypt/live/your.server.name/fullchain.pem; # EDIT THIS
ssl_certificate_key /etc/letsencrypt/live/your.server.name/privkey.pem; # EDIT THIS
ssl_trusted_certificate /etc/letsencrypt/live/your.server.name/chain.pem; # EDIT THIS
include /etc/letsencrypt/options-ssl-nginx.conf;
2021-01-01 13:47:53 +01:00
}
```
2021-11-21 18:34:08 +01:00
2021-01-01 13:47:53 +01:00
**You need to make some edits again.** When you are done, run
2021-04-15 23:08:13 +02:00
2021-01-01 13:47:53 +01:00
```bash
$ sudo systemctl reload nginx
```
2020-08-12 21:17:53 +02:00
## SSL Certificate
2022-04-18 01:08:17 +02:00
If you chose Caddy as your web proxy SSL certificates are handled automatically and you can skip this step.
2023-05-21 09:04:58 +02:00
The easiest way to get an SSL certificate, if you don't have one already, is to [install ](https://certbot.eff.org/instructions ) `certbot` and run this:
2021-04-15 23:08:13 +02:00
2020-08-12 21:17:53 +02:00
```bash
2023-05-21 09:04:58 +02:00
# To use ECC for the private key,
# paste into /etc/letsencrypt/cli.ini:
# key-type = ecdsa
# elliptic-curve = secp384r1
2021-01-01 13:47:53 +01:00
$ sudo certbot -d your.server.name
2020-08-12 21:17:53 +02:00
```
2023-05-21 09:04:58 +02:00
[Automated renewal ](https://eff-certbot.readthedocs.io/en/stable/using.html#automated-renewals ) is usually preconfigured.
If using Cloudflare, configure instead the edge and origin certificates in dashboard. In case you’ re already running a website on the same Apache server, you can just copy-and-paste the SSL configuration from your main virtual host on port 443 into the above-mentioned vhost.
2020-08-12 21:17:53 +02:00
## You're done!
2020-10-20 14:18:20 +02:00
Now you can start Conduit with:
2021-04-15 23:08:13 +02:00
2020-08-12 21:17:53 +02:00
```bash
$ sudo systemctl start conduit
```
2020-10-20 14:18:20 +02:00
Set it to start automatically when your system boots with:
2021-04-15 23:08:13 +02:00
2020-08-12 21:17:53 +02:00
```bash
$ sudo systemctl enable conduit
```
2021-05-22 13:39:31 +02:00
2021-09-01 13:09:24 +02:00
## How do I know it works?
2024-03-17 18:13:34 +01:00
You can open [a Matrix client ](https://matrix.org/ecosystem/clients ), enter your homeserver and try to register. If you are using a registration token, use [Element web ](https://app.element.io/ ), [Nheko ](https://matrix.org/ecosystem/clients/nheko/ ) or [SchildiChat web ](https://app.schildi.chat/ ), as they support this feature.
2021-09-01 13:09:24 +02:00
You can also use these commands as a quick health check.
```bash
$ curl https://your.server.name/_matrix/client/versions
2023-05-21 09:04:58 +02:00
# If using port 8448
2021-09-01 13:09:24 +02:00
$ curl https://your.server.name:8448/_matrix/client/versions
```
2022-06-13 20:45:12 +02:00
- To check if your server can talk with other homeservers, you can use the [Matrix Federation Tester ](https://federationtester.matrix.org/ ).
2022-06-13 20:23:08 +02:00
If you can register but cannot join federated rooms check your config again and also check if the port 8448 is open and forwarded correctly.
2022-02-04 19:11:29 +01:00
# What's next?
## Audio/Video calls
2024-03-13 18:01:41 +01:00
For Audio/Video call functionality see the [TURN Guide ](../turn.md ).
2022-02-04 21:11:50 +01:00
## Appservices
2024-03-13 18:01:41 +01:00
If you want to set up an appservice, take a look at the [Appservice Guide ](../appservices.md ).