1 files changed, 212 insertions, 0 deletions
diff --git a/blog/2022-11-07-matrix-synapse.org b/blog/2022-11-07-matrix-synapse.org
new file mode 100644
index 0000000..0c0d43f
--- /dev/null
+++ b/blog/2022-11-07-matrix-synapse.org
@@ -0,0 +1,212 @@
++++
+date = 2022-11-07
+title = "Self-Hosting Matrix Synapse on Alpine Linux"
+description = "A short guide on how I was able to get Synapse working on Alpine Linux."
++++
+
+## Synpase
+
+If you're reading this, you likely know that 
+[Synapse](https://github.com/matrix-org/synapse/) is a popular 
+[Matrix](https://matrix.org/) home server software that allows users to run 
+their own Matrix home server.
+
+This post is a short guide describing how I was able to get Synapse working in a 
+minimally-usable state on Alpine Linux.
+
+## Installation Process
+
+### Dependencies
+
+First, since there is no Alpine-specific package for Synapse, we need to ensure 
+that Alpine has the required dependencies for the Python-based installation 
+method.
+
+```sh
+doas apk -U update
+doas apk add python3 py3-virtualenv
+```
+
+Next, we need to set up a Python virtual environment for Synapse:
+
+```sh
+mkdir -p ~/synapse && cd ~/synapse
+virtualenv -p python3 ~/synapse/env
+source ~/synapse/env/bin/activate
+pip install --upgrade pip
+pip install --upgrade setuptools
+pip install matrix-synapse
+```
+
+### Running Synapse
+
+Once installed, running Synapse is easy. Simply execute the following command, 
+replacing `example.com` with the domain name that will be used with this 
+home server. This will generate the configuration files needed to run the 
+server.
+
+```sh
+python -m synapse.app.homeserver \
+    --server-name example.com \
+    --config-path homeserver.yaml \
+    --generate-config \
+    --report-stats=no
+```
+
+Once the configuration is generated, we can start up the Synapse server:
+
+```sh
+synctl start
+```
+
+### Configuring Synapse
+
+To make any change to Synapse, we need to edit the `YAML` configuration file:
+
+```sh
+nano ~/synapse/homeserver.yaml
+```
+
+For now, we just need to ensure the `server_name` is accurate. However, there 
+are a lot of other configuration options found in the [Configuring 
+Synapse](https://matrix-org.github.io/synapse/develop/usage/configuration/config_documentation.html) 
+documentation that can be enabled/disabled at any point.
+
+```yaml
+server_name: "example.com"
+```
+
+Make sure to restart Synapse when you make changes to the configuration:
+
+```sh
+synctl restart
+```
+
+### Nginx Reverse-Proxy
+
+To ensure that Synapse is reachable from the public, we need to connect our 
+domain to the Synapse server.
+In my case, I use a Nginx reverse-proxy for this purpose.
+
+To use Nginx, we need to create a reverse-proxy configuration file:
+
+```sh
+doas nano /etc/nginx/http.d/example.com.conf
+```
+
+If you already have TLS certificates for this domain (`example.com`), you can 
+simply use the SSL configuration and point toward your TLS certificates.
+
+```conf
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    # For the federation port
+    listen 8448 ssl http2;
+    listen [::]:8448 ssl http2;
+
+    server_name example.com;
+
+    location ~ ^(/_matrix|/_synapse/client) {
+        # note: do not add a path (even a single /) after the port in `proxy_pass`,
+        # otherwise nginx will canonicalise the URI and cause signature verification
+        # errors.
+        proxy_pass http://localhost:8008;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Host $host;
+
+        # Nginx by default only allows file uploads up to 1M in size
+        # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
+        client_max_body_size 50M;
+    }
+
+    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
+    access_log /var/log/nginx/matrix.access.log;
+}
+
+server {
+	if ($host = example.com) {
+		return 301 https://$host$request_uri;
+	}
+
+  server_name example.com;
+  listen 80;
+	return 404;
+}
+```
+
+If you need to generate TLS certificates (I recommend 
+[Certbot](https://certbot.eff.org/)), you'll need a more minimal Nginx conf file 
+before you can use the TLS-enabled example above. Instead, use this 
+configuration file during the Certbot certificate generation process:
+
+```conf
+server {
+  server_name example.com;
+  location / {
+      try_files $uri $uri/ =404;
+  }
+  listen 80;
+}
+```
+
+Once you're done editing the Nginx conf file, restart Nginx:
+
+```sh
+doas rc-service nginx restart
+```
+
+If you still need to generate TLS certificates, run `certbot` now and obtain the 
+certificates. Certbot will ask if you want to use a webroot or spin up a 
+temporary web server. I **highly** recommend using the temporary web server due 
+to the many issues with using a webroot.
+
+You will need to stop Nginx in order to user the temporary web server option 
+with Certbot:
+
+```sh
+# Stop Nginx so certbot can spin up a temp webserver for cert generation
+doas rc-service nginx stop
+doas certbot certonly -v
+doas rc-service nginx start
+```
+
+### Open Firewall & Router Ports
+
+If you use a firewall on the server, open the `8448` port for discovery and 
+federation, as well as the normal web server ports if you're using a reverse 
+proxy. If you want additional services, such as voice calls, you will need 
+to read the Synapse documentation to see which ports need to be opened for those 
+features.
+
+Here's an example of the Universal Firewall (UFW) software:
+
+```sh
+# Matrix port
+doas ufw allow 8448
+# Standard web server ports
+doas ufw allow "Nginx Full"
+```
+
+Remember to forward any Synapse ports, such as `8448`, `80`, and `443`, in your 
+Router from the internet to your server's IP address.
+
+### Adding Matrix Users
+
+Finally, if you didn't enable public registration in the `homeserver.yaml` file, 
+you can manually create users via the command-line:
+
+```sh
+cd ~/synapse
+register_new_matrix_user -c homeserver.yaml
+```
+
+Remember that the format for federated Matrix usernames is 
+`@username:example.com` when logging in to client applications.
+
+Once Synapse is running, and you have a username, you are ready to log in to a 
+Matrix client and start sending messages, joining rooms, and utilizing your very 
+own Matrix server.