14 KiB
Matrix (An open network for secure, decentralized communication) server setup using Ansible and Docker
Purpose
This Ansible playbook is meant to easily let you run your own Matrix homeserver.
That is, it lets you join the Matrix network with your own @<username>:<your-domain>
identifier, all hosted on your own server.
Using this playbook, you can get the following services configured on your server:
-
(optional, default) a Synapse homeserver - storing your data and managing your presence in the Matrix network
-
(optional) Amazon S3 storage for Synapse's content repository (
media_store
) files using Goofys -
(optional, default) PostgreSQL database for Synapse. Using an external PostgreSQL server is also possible.
-
(optional, default) a coturn STUN/TURN server for WebRTC audio/video calls
-
(optional, default) free Let's Encrypt SSL certificate, which secures the connection to the Synapse server and the Riot web UI
-
(optional, default) a Riot web UI, which is configured to connect to your own Synapse server by default
-
(optional, default) an ma1sd Matrix Identity server
-
(optional, default) an Exim mail server, through which all Matrix services send outgoing email (can be configured to relay through another SMTP server)
-
(optional, default) an nginx web server, listening on ports 80 and 443 - standing in front of all the other services. Using your own webserver is possible
-
(optional, advanced) the matrix-synapse-rest-auth REST authentication password provider module
-
(optional, advanced) the matrix-synapse-shared-secret-auth password provider module
-
(optional, advanced) the matrix-synapse-ldap3 LDAP Auth password provider module
-
(optional, advanced) the synapse-simple-antispam spam checker module
-
(optional, advanced) the Matrix Corporal reconciliator and gateway for a managed Matrix server
-
(optional) the mautrix-telegram bridge for bridging your Matrix server to Telegram
-
(optional) the mautrix-whatsapp bridge for bridging your Matrix server to Whatsapp
-
(optional) the mautrix-facebook bridge for bridging your Matrix server to Facebook
-
(optional) the mautrix-hangouts bridge for bridging your Matrix server to Google Hangouts
-
(optional) the matrix-appservice-irc bridge for bridging your Matrix server to IRC
-
(optional) the matrix-appservice-discord bridge for bridging your Matrix server to Discord
-
(optional) the matrix-appservice-slack bridge for bridging your Matrix server to Slack
-
(optional) the matrix-appservice-webhooks bridge for slack compatible webhooks (ConcourseCI, Slack etc. pp.)
-
(optional) the mx-puppet-instagram bridge for Instagram-DMs (Instagram) - see docs/configuring-playbook-bridge-mx-puppet-instagram.md for setup documentation
-
(optional) the mx-puppet-twitter bridge for Twitter-DMs (Twitter - see docs/configuring-playbook-bridge-mx-puppet-twitter.md for setup documentation
-
(optional) the mx-puppet-discord bridge for Discord) - see docs/configuring-playbook-bridge-mx-puppet-discord.md for setup documentation
-
(optional) the mx-puppet-steam bridge for Steam) - see docs/configuring-playbook-bridge-mx-puppet-steam.md for setup documentation
-
(optional) the matrix-sms-bridge for bridging your Matrix server to SMS
-
(optional) Email2Matrix for relaying email messages to Matrix rooms
-
(optional) Dimension, an open source integrations manager for matrix clients
-
(optional) Jitsi, an open source video-conferencing platform
Basically, this playbook aims to get you up-and-running with all the basic necessities around Matrix, without you having to do anything else.
Note: the list above is exhaustive. It includes optional or even some advanced components that you will most likely not need. Sticking with the defaults (which install a subset of the above components) is the best choice, especially for a new installation. You can always re-run the playbook later to add or remove components.
What's different about this Ansible playbook?
This is similar to the EMnify/matrix-synapse-auto-deploy Ansible deployment, but:
-
this one is a complete Ansible playbook (instead of just a role), so it's easier to run - especially for folks not familiar with Ansible
-
this one installs and hooks together a lot more Matrix-related services for you (see above)
-
this one can be re-ran many times without causing trouble
-
works on various distros: CentOS (7.0+), Debian-based distributions (Debian 9/Stretch+, Ubuntu 16.04+), Archlinux
-
this one installs everything in a single directory (
/matrix
by default) and doesn't "contaminate" your server with files all over the place -
this one doesn't necessarily take over ports 80 and 443. By default, it sets up nginx for you there, but you can also use your own webserver
-
this one runs everything in Docker containers, so it's likely more predictable and less fragile (see Docker images used by this playbook)
-
this one retrieves and automatically renews free Let's Encrypt SSL certificates for you
-
this one optionally can store the
media_store
content repository files on Amazon S3 (but defaults to storing files on the server's filesystem) -
this one optionally allows you to use an external PostgreSQL server for Synapse's database (but defaults to running one in a container)
Installation
To configure and install Matrix on your own server, follow the README in the docs/ directory.
Changes
This playbook evolves over time, sometimes with backward-incompatible changes.
When updating the playbook, refer to the changelog to catch up with what's new.
Docker images used by this playbook
This playbook sets up your server using the following Docker images:
-
matrixdotorg/synapse - the official Synapse Matrix homeserver (optional)
-
instrumentisto/coturn - the Coturn STUN/TURN server (optional)
-
vectorim/riot-web - the Riot.im web client (optional)
-
ma1uta/ma1sd - the ma1sd Matrix Identity server (optional)
-
ewoutp/goofys - the Goofys Amazon S3 file-system-mounting program (optional)
-
devture/exim-relay - the Exim email server (optional)
-
devture/email2matrix - the Email2Matrix email server, which can relay email messages to Matrix rooms (optional)
-
devture/matrix-corporal - Matrix Corporal: reconciliator and gateway for a managed Matrix server (optional)
-
certbot/certbot - the certbot tool for obtaining SSL certificates from Let's Encrypt (optional)
-
tulir/mautrix-telegram - the mautrix-telegram bridge to Telegram (optional)
-
tulir/mautrix-whatsapp - the mautrix-whatsapp bridge to Whatsapp (optional)
-
tulir/mautrix-facebook - the mautrix-facebook bridge to Facebook (optional)
-
tulir/mautrix-hangouts - the mautrix-hangouts bridge to Google Hangouts (optional)
-
matrixdotorg/matrix-appservice-irc - the matrix-appservice-irc bridge to IRC (optional)
-
halfshot/matrix-appservice-discord - the matrix-appservice-discord bridge to Discord (optional)
-
cadair/matrix-appservice-slack - the matrix-appservice-slack bridge to Slack (optional)
-
turt2live/matrix-appservice-webhooks - the Appservice Webhooks bridge (optional)
-
folivonet/matrix-sms-bridge - the matrix-sms-brdige (optional)
-
sorunome/mx-puppet-skype - the mx-puppet-skype bridge to Skype (optional)
-
sorunome/mx-puppet-slack - the mx-puppet-slack bridge to Slack (optional)
-
sorunome/mx-puppet-instagram - the mx-puppet-instagram bridge to Instagram (optional)
-
sorunome/mx-puppet-twitter - the mx-puppet-twitter bridge to Twitter (optional)
-
sorunome/mx-puppet-discord - the mx-puppet-discord bridge to Discord (optional)
-
icewind1991/mx-puppet-steam - the mx-puppet-steam bridge to Steam (optional)
-
turt2live/matrix-dimension - the Dimension integrations manager (optional)
-
jitsi/jicofo - the Jitsi Focus component (optional)
-
jitsi/prosody - the Jitsi Prosody XMPP server component (optional)
Deficiencies
This Ansible playbook can be improved in the following ways:
- setting up automatic backups to one or more storage providers
Support
-
Matrix room: #matrix-docker-ansible-deploy:devture.com
-
IRC channel:
#matrix-docker-ansible-deploy
on the Freenode IRC network (irc.freenode.net) -
Github issues: spantaleev/matrix-docker-ansible-deploy/issues