Opened 6 years ago

Closed 5 years ago

#2309 closed task (fixed)

Provide a Matrix homeserver

Reported by: strk Owned by: robe
Priority: normal Milestone:
Component: SysAdmin Keywords:
Cc:

Description

This ticket is to request a matrix homeserver for OSGeo. It could be https://matrix.osgeo.org and allow access via LDAP authentication. It could host existing matrix channels (would be mirroring them). See https://wiki.osgeo.org/wiki/Matrix

Change History (29)

comment:2 by robe, 5 years ago

Once we resetup osgeo3 maybe we can think about putting matrix there.

comment:3 by robe, 5 years ago

notes from #2432

Container created

strk -- let me know if you need more

goes thru hop.osgeo3.osgeo.org

added to https://wiki.osgeo.org/wiki/SAC_Service_Status#

Version 0, edited 5 years ago by robe (next)

comment:4 by robe, 5 years ago

I still need to create an nginx entry for it but not sure what port it goes thru so will wait off on that.

comment:5 by strk, 5 years ago

Instructions about how to set it up: https://matrix.org/docs/guides/installing-synapse Regina: I'd need powers on that host

comment:6 by strk, 5 years ago

It looks like I do have powers already, will see if I find the time to move this on

comment:7 by strk, 5 years ago

I think it would be a good idea to start using ansible for deployment. There's an available "ansible playbook" to deploy a matrix server, which we could fork in a private Gitea repository to tweak to our needs: https://github.com/spantaleev/matrix-docker-ansible-deploy

comment:8 by strk, 5 years ago

Synapse is now installed, we'll want to proxy port 8008 of that host enabling HTTPS. How secure would the connection from the LXC host to the proxy ? Should the proxy be on osgeo3 ? Does it make sense to have synapse itself use https (I think it does not)

comment:9 by strk, 5 years ago

LDAP is also configured

comment:10 by strk, 5 years ago

So, what we need as the next step, is having osgeo.org TCP port 8448 provide HTTPS proxy to the matrix LXC host. Either that, or have osgeo.org:80/443 expose a .well-known/ file to redirect to another hostname which holds the proxy. If there's no difference in traffic I'd take the first solution...

comment:11 by strk, 5 years ago

.well-known can be hanlded by osgeo7-nginx with something like this:

location = /.well-known/matrix/server {
            add_header Content-Type application/json;
            return 200 '{\n  "m.server": "ACTUAL_SERVER"\n}';
}

location = /.well-known/matrix/client {
    add_header Access-Control-Allow-Origin *;
    add_header Content-Type application/json;
    return 200 '{\n  "m.homeserver": {\n    "base_url": "ACTUAL_SERVER"\n  }\n}';
}

But we'll still need the ACTUAL_SERVER to have a name, so how about matrix.osgeo.org to point to osgeo3 IP ?

comment:12 by robe, 5 years ago

you mean osgeo3 right?

comment:13 by robe, 5 years ago

strk - I have matrix.osgeo.org registered on osgeo3-nginx and with ssl cert. Have it proxied to matrix.lxd: 8008 but I see nothing

comment:14 by strk, 5 years ago

Fixed, the server was configured to only listen on loopback interface... Next we need the federation setup. Testing tool: https://federationtester.matrix.org/ Instructions for federation: https://github.com/matrix-org/synapse/blob/master/docs/federate.md

comment:15 by strk, 5 years ago

Performance thing to tweak: we need to expose HTTP2 support, to reduce number of requests from clients to the server. Right now, with HTTP1, my client (weechat-matrix) is making 1 request per second (Regina's is being lighter, what client is that @robe ?)

comment:16 by strk, 5 years ago

HTTP2 support enabled. Next I guess we want PostgreSQL database (currently using sqlite3 instead)

comment:17 by strk, 5 years ago

Regina, can you do the PostgreSQL setup ?

comment:18 by robe, 5 years ago

Sure version 12? or any issues with using 12? I'll install on the matrix container to keep self-contained.

comment:19 by strk, 5 years ago

Version 12 should be fine, thanks

comment:20 by strk, 5 years ago

I did setup federation, meanwhile (via well-known)

comment:21 by strk, 5 years ago

We need to remember to document this before closing the ticket. I've tested you can now use any Matrix client and authenticate with username @USER:osgeo.org and your LDAP password as a password. Feels good !

comment:22 by robe, 5 years ago

strk I have documented what I did to update Matrix here - can you please add whatever you installed to that doc?

https://git.osgeo.org/gitea/sac/osgeo3/wiki/matrix-container

Maybe sometime we can explore together using ansible. Right now my mind is not ready to learn new things or at least not by myself.

comment:23 by strk, 5 years ago

I created a wiki page about the setup: https://wiki.osgeo.org/wiki/SAC:MatrixSynapse

And... the homeserver configuration I pushed on https://git.osgeo.org/gitea/sac/matrix-synapse-config

comment:24 by strk, 5 years ago

Regina: reading https://git.osgeo.org/gitea/sac/osgeo3/wiki/matrix-container (now edited by me) I realized that https://git.osgeo.org/gitea/sac/osgeo3 includes /etc/nginx from osgeo3-nginx, should it then also include /etc/matrix-synapse from osgeo3-matrix, instead of having its own (as I created) https://git.osgeo.org/gitea/sac/matrix-synapse-config ?

I'm a bit concerned about the exponential complexity all of this is building... (ansible may be a possible answer)

comment:25 by strk, 5 years ago

I've installed PostgreSQL-11 on the matrix container, from official debian package repository. Did not do the database migration though, not yet. I've updated the https://git.osgeo.org/gitea/sac/osgeo3/wiki/matrix-container page accordingly.

comment:26 by strk, 5 years ago

DB in place now, cluster is within the matrix container. Only issue left is the IRC bridge issue, which may be just an issue for me and robe (the only current users)

comment:27 by strk, 5 years ago

The IRC Bridge issue could have been caused by this bug in the Bridge software: https://github.com/matrix-org/matrix-appservice-irc/pull/1024 (so unrelated to our setup)

What's left on OUR side would be:

comment:28 by robe, 5 years ago

I have it set to snapshot daily. I set the ram max to 8GB/ but left it at the 8 cpus. We can reduce if needed

comment:29 by robe, 5 years ago

Resolution: fixed
Status: assignedclosed

I'm going to close this out since we have it running and I'm actively using it - any additional tickets probably should be done for all containers (e.g. monitoring)

Note: See TracTickets for help on using tickets.