Provide a Matrix homeserver

[strk]

This ticket is to request a matrix homeserver for OSGeo. It could be ​https://matrix.osgeo.org and allow access via LDAP authentication. It could host existing matrix channels (would be mirroring them). See ​https://wiki.osgeo.org/wiki/Matrix

[strk]

Matrix reference homeserver (synapse) went 1.0 yesterday: ​https://matrix.org/blog/2019/06/11/introducing-matrix-1-0-and-the-matrix-org-foundation

[robe]

Once we resetup osgeo3 maybe we can think about putting matrix there.

[robe]

notes from #2432

Container created

strk -- let me know if you need more

goes thru hop.osgeo3.osgeo.org

added to ​https://wiki.osgeo.org/wiki/SAC_Service_Status#osgeo3

[robe]

I still need to create an nginx entry for it but not sure what port it goes thru so will wait off on that.

[strk]

Instructions about how to set it up: ​https://matrix.org/docs/guides/installing-synapse Regina: I'd need powers on that host

[strk]

It looks like I do have powers already, will see if I find the time to move this on

[strk]

I think it would be a good idea to start using ansible for deployment. There's an available "ansible playbook" to deploy a matrix server, which we could fork in a private Gitea repository to tweak to our needs: ​https://github.com/spantaleev/matrix-docker-ansible-deploy

[strk]

Synapse is now installed, we'll want to proxy port 8008 of that host enabling HTTPS. How secure would the connection from the LXC host to the proxy ? Should the proxy be on osgeo3 ? Does it make sense to have synapse itself use https (I think it does not)

[strk]

LDAP is also configured

[strk]

So, what we need as the next step, is having osgeo.org TCP port 8448 provide HTTPS proxy to the matrix LXC host. Either that, or have osgeo.org:80/443 expose a .well-known/ file to redirect to another hostname which holds the proxy. If there's no difference in traffic I'd take the first solution...

[strk]

.well-known can be hanlded by osgeo7-nginx with something like this:

location = /.well-known/matrix/server {
            add_header Content-Type application/json;
            return 200 '{\n  "m.server": "ACTUAL_SERVER"\n}';
}

location = /.well-known/matrix/client {
    add_header Access-Control-Allow-Origin *;
    add_header Content-Type application/json;
    return 200 '{\n  "m.homeserver": {\n    "base_url": "ACTUAL_SERVER"\n  }\n}';
}

But we'll still need the ACTUAL_SERVER to have a name, so how about matrix.osgeo.org to point to osgeo3 IP ?

[robe]

you mean osgeo3 right?

[robe]

strk - I have matrix.osgeo.org registered on osgeo3-nginx and with ssl cert. Have it proxied to matrix.lxd: 8008 but I see nothing

[strk]

Fixed, the server was configured to only listen on loopback interface... Next we need the federation setup. Testing tool: ​https://federationtester.matrix.org/ Instructions for federation: ​https://github.com/matrix-org/synapse/blob/master/docs/federate.md

[strk]

Performance thing to tweak: we need to expose HTTP2 support, to reduce number of requests from clients to the server. Right now, with HTTP1, my client (weechat-matrix) is making 1 request per second (Regina's is being lighter, what client is that @robe ?)

[strk]

HTTP2 support enabled. Next I guess we want PostgreSQL database (currently using sqlite3 instead)

[strk]

Regina, can you do the PostgreSQL setup ?

[robe]

Sure version 12? or any issues with using 12? I'll install on the matrix container to keep self-contained.

[strk]

Version 12 should be fine, thanks

[strk]

I did setup federation, meanwhile (via well-known)

[strk]

We need to remember to document this before closing the ticket. I've tested you can now use any Matrix client and authenticate with username @USER:osgeo.org and your LDAP password as a password. Feels good !

[robe]

strk I have documented what I did to update Matrix here - can you please add whatever you installed to that doc?

​https://git.osgeo.org/gitea/sac/osgeo3/wiki/matrix-container

Maybe sometime we can explore together using ansible. Right now my mind is not ready to learn new things or at least not by myself.

[strk]

I created a wiki page about the setup: ​https://wiki.osgeo.org/wiki/SAC:MatrixSynapse

And... the homeserver configuration I pushed on ​https://git.osgeo.org/gitea/sac/matrix-synapse-config

[strk]

Regina: reading ​https://git.osgeo.org/gitea/sac/osgeo3/wiki/matrix-container (now edited by me) I realized that ​https://git.osgeo.org/gitea/sac/osgeo3 includes /etc/nginx from osgeo3-nginx, should it then also include /etc/matrix-synapse from osgeo3-matrix, instead of having its own (as I created) ​https://git.osgeo.org/gitea/sac/matrix-synapse-config ?

I'm a bit concerned about the exponential complexity all of this is building... (ansible may be a possible answer)

[strk]

I've installed PostgreSQL-11 on the matrix container, from official debian package repository. Did not do the database migration though, not yet. I've updated the ​https://git.osgeo.org/gitea/sac/osgeo3/wiki/matrix-container page accordingly.

[strk]

DB in place now, cluster is within the matrix container. Only issue left is the IRC bridge issue, which may be just an issue for me and robe (the only current users)

[strk]

The IRC Bridge issue could have been caused by this bug in the Bridge software: ​https://github.com/matrix-org/matrix-appservice-irc/pull/1024 (so unrelated to our setup)

What's left on OUR side would be:

• Backups ? (not sure we really need backups, who cares about backlog ?)
• Monitoring (how much bandwidth does the system consume ? how much CPU/RAM?) Beware of memory leaks: ​https://github.com/matrix-org/synapse/issues/7176

[robe]

I have it set to snapshot daily. I set the ram max to 8GB/ but left it at the 8 cpus. We can reduce if needed

[robe]

I'm going to close this out since we have it running and I'm actively using it - any additional tickets probably should be done for all containers (e.g. monitoring)