322 lines
6.3 KiB
Plaintext
322 lines
6.3 KiB
Plaintext
## Matrix en Ubuntu Server 22.04
|
|
|
|
Matrix es un excelente software de chat descentralizado.
|
|
|
|
Si bien se puede tener un dominio como nombre de tu servidor, es más practico usar un subdominio, asegurate de tenerlo ya apuntando a tu servidor.
|
|
|
|
```
|
|
matrix.dominio.net
|
|
```
|
|
|
|
Instalar dependencias
|
|
```
|
|
sudo apt install gnupg2 apt-transport-https
|
|
```
|
|
|
|
Agregar la firma de los paquetes
|
|
```
|
|
sudo wget -qO /usr/share/keyrings/matrix-org-archive-keyring.gpg https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg
|
|
```
|
|
|
|
Agregar el repositorio
|
|
```
|
|
echo "deb [signed-by=/usr/share/keyrings/matrix-org-archive-keyring.gpg] https://packages.matrix.org/debian/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/matrix-org.list
|
|
```
|
|
|
|
Actualizamos el repositorio
|
|
```
|
|
sudo apt update
|
|
```
|
|
|
|
Instalar el servidor
|
|
```
|
|
sudo apt install matrix-synapse-py3
|
|
```
|
|
|
|
Agrega el nombre de tu servidor (matrix.dominio.net) sin ningún protocolo cuando se te solicite.
|
|
|
|
Instalar Postgres
|
|
```
|
|
sudo apt install postgresql
|
|
```
|
|
|
|
Configura
|
|
```
|
|
sudo vim /etc/postgresql/14/main/pg_hba.conf
|
|
|
|
local all postgres trust
|
|
local all all scram-sha-256
|
|
```
|
|
|
|
Reinicia
|
|
```
|
|
systemctl restart postgresql
|
|
```
|
|
|
|
Entra al shell de postgres
|
|
```
|
|
psql -U postgres
|
|
```
|
|
|
|
Y creas el role y la base de datos:
|
|
```
|
|
create role matrix with login encrypted password 'LETMEIN';
|
|
|
|
create database matrix with owner matrix locale 'C' template template0;
|
|
```
|
|
|
|
Regresa al shell del server.
|
|
|
|
Vamos a editar la configuración para que use postgres.
|
|
```
|
|
vim /etc/matrix-synapse/homeserver.yaml
|
|
```
|
|
|
|
Reemplaza en:
|
|
```
|
|
database:
|
|
name: psycopg2
|
|
args:
|
|
user: matrix
|
|
password: LETMEIN
|
|
database: matrix
|
|
host: localhost
|
|
```
|
|
|
|
Al final agregas:
|
|
```
|
|
registration_shared_secret: "SUPER-SECRET"
|
|
```
|
|
|
|
Guardas.
|
|
|
|
Instalamos el driver para postgres:
|
|
```
|
|
sudo apt install python-is-python3 python3-pip
|
|
|
|
sudo pip install --upgrade pip wheel
|
|
|
|
sudo pip install psycopg2-binary
|
|
```
|
|
|
|
Reinicias.
|
|
```
|
|
systemctl restart matrix-synapse
|
|
```
|
|
|
|
Verifica que todo este bien.
|
|
```
|
|
systemctl status matrix-synapse
|
|
```
|
|
|
|
Registra un usuario:
|
|
```
|
|
register_new_matrix_user -c /etc/matrix-synapse/homeserver.yaml http://localhost:8008
|
|
```
|
|
|
|
Instalamos certbot.
|
|
```
|
|
apt install certbot
|
|
```
|
|
|
|
Nos registramos.
|
|
```
|
|
certbot register --agree-tos -m CORREO
|
|
```
|
|
|
|
Solicitamos el certificado.
|
|
```
|
|
certbot certonly --standalone --preferred-challenges http-01 -d matrix.dominio.net
|
|
```
|
|
|
|
Toma nota de las rutas de los certificados.
|
|
|
|
Generamos el archivo.
|
|
```
|
|
openssl dhparam -dsaparam -out /etc/letsencrypt/ssl-dhparams.pem 4096
|
|
```
|
|
|
|
Creamos el archivo.
|
|
```
|
|
vim /etc/letsencrypt/options-ssl-nginx.conf
|
|
```
|
|
|
|
con este contenido.
|
|
``
|
|
ssl_session_cache shared:le_nginx_SSL:10m;
|
|
ssl_session_timeout 1440m;
|
|
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA38";
|
|
|
|
add_header Strict-Transport-Security "max-age=63072000; preload";
|
|
add_header X-Frame-Options "SAMEORIGIN";
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
add_header Permissions-Policy interest-cohort=();
|
|
```
|
|
|
|
Creamos el archivo.
|
|
```
|
|
vim /etc/letsencrypt/certbot.conf
|
|
```
|
|
|
|
con este contenido.
|
|
```
|
|
ssl_certificate /etc/letsencrypt/live/matrix.dominio.net/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/matrix.dominio.net/privkey.pem;
|
|
include /etc/letsencrypt/options-ssl-nginx.conf;
|
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
|
```
|
|
|
|
Instalamos el servidor web
|
|
```
|
|
apt install nginx
|
|
```
|
|
|
|
Borramos el archivo.
|
|
```
|
|
rm /etc/nginx/sites-enabled/default
|
|
```
|
|
|
|
Editamos el archivo.
|
|
```
|
|
vim /etc/nginx/nginx.conf
|
|
```
|
|
|
|
con el contenido.
|
|
```
|
|
user www-data;
|
|
worker_processes auto;
|
|
worker_rlimit_nofile 25600;
|
|
pid /run/nginx.pid;
|
|
|
|
error_log /var/log/nginx/error.log warn;
|
|
|
|
events {
|
|
worker_connections 5120;
|
|
}
|
|
|
|
http {
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
|
|
server_tokens off;
|
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
|
'$status $body_bytes_sent "$http_referer" '
|
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
|
|
|
access_log /var/log/nginx/access.log main;
|
|
|
|
sendfile on;
|
|
tcp_nopush on;
|
|
tcp_nodelay on;
|
|
keepalive_timeout 65;
|
|
|
|
include /etc/nginx/sites-enabled/*.conf;
|
|
|
|
disable_symlinks off;
|
|
|
|
client_max_body_size 50m;
|
|
|
|
}
|
|
```
|
|
|
|
Creamos el archivo
|
|
```
|
|
vim /etc/nginx/sites-available/matrix.dominio.net.conf
|
|
```
|
|
|
|
con el contenido.
|
|
```
|
|
server {
|
|
listen 443 ssl http2;
|
|
listen [::]:443 ssl http2;
|
|
|
|
# For the federation port
|
|
listen 8448 ssl http2 default_server;
|
|
listen [::]:8448 ssl http2 default_server;
|
|
|
|
server_name matrix.dominio.net;
|
|
charset utf-8;
|
|
|
|
include /etc/letsencrypt/certbot.conf;
|
|
server_tokens off;
|
|
|
|
access_log /var/log/nginx/matrix.access.log;
|
|
error_log /var/log/nginx/matrix.error.log;
|
|
|
|
location / {
|
|
proxy_pass http://localhost:8008;
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
}
|
|
|
|
location ~* ^(\/_matrix|\/_synapse\/client) {
|
|
proxy_pass http://localhost:8008;
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header Host $host;
|
|
|
|
client_max_body_size 10M;
|
|
}
|
|
}
|
|
```
|
|
|
|
Creamos el vínculo simbólico.
|
|
```
|
|
ln -s /etc/nginx/sites-available/matrix.dominio.net.conf /etc/nginx/sites-enabled/
|
|
```
|
|
|
|
Probamos la configuración.
|
|
```
|
|
nginx -t
|
|
```
|
|
|
|
Si todo esta bien, reinicias el servidor web.
|
|
```
|
|
systemctl restart nginx
|
|
```
|
|
|
|
Ya deberías poder acceder desde cualquier cliente Matrix.
|
|
|
|
Siempre activa el firewall y deja abiertos solo los puertos necesarios. Cambia el puerto predeterminado SSH. Agrega un nuevo usuario con derechos de administrador y deshabilita el acceso a root.
|
|
|
|
```
|
|
ufw allow ssh
|
|
ufw allow https
|
|
ufw allow 8448/tcp
|
|
|
|
ufw enable
|
|
```
|
|
|
|
|
|
¡Disfruta!
|
|
|
|
|
|
### Extras
|
|
|
|
Cambiar la contraseña de un usuario:
|
|
|
|
```
|
|
hash_password -c /etc/matrix-synapse/homeserver.yaml
|
|
|
|
Password:
|
|
Confirm password:
|
|
HASH
|
|
```
|
|
|
|
En la base de datos.
|
|
|
|
```
|
|
\c matrix
|
|
|
|
update users set password_hash='HASH' where name='@USER:matrix.cuates.net';
|
|
```
|
|
|
|
|
|
=> gemini://elmau.net/chuletas.gmi Regresar el índice
|
|
=> gemini://elmau.net Regresar el inicio
|
|
|