如何使用 Nginx 安装 Matrix Synapse 并在 Debian 10 加密 SSL

Synapse 是用 Python 编写的 Matrix 的家庭服务器实现。 Matrix 是通过 IP 进行实时通信的开放标准。 IT 允许人员、服务和设备轻松地相互通信。 Matrix Synapse 是 Slack、Discord、Rocket.chat、Skype 等应用程序的绝佳替代品。 我们可以通过 Web 浏览器或 Riot、机器人和网桥等其他客户端访问 Matrix 服务器。

在这篇文章中,我们将向我们展示 Debian 10 上使用 Nginx 部署 Matrix Synapse。

先决条件

  • 云平台上的全新 Debian 10 服务器
  • 在开始此过程之前指向我们的服务器的有效域名
  • 在我们的服务器上配置的 root 密码

第 1 步 – 创建 云服务器

首先,登录到我们的 云服务器。 创建一个新服务器,选择 Debian 10 作为至少 2GB RAM 的操作系统。 通过 SSH 连接到我们的云服务器并使用页面顶部突出显示的凭据登录。

登录到 Debian 10 服务器后,运行以下命令以使用最新的可用软件包更新基本系统。

apt-get update -y

第 2 步 – 安装 Matrix Synapse

默认情况下,Matrix Synapse 软件包在 Debian 10 默认存储库中不可用,因此我们需要将 Matrix Synapse 存储库添加到我们的系统。

首先,使用以下命令安装所需的依赖项:

apt-get install gnupg2 wget apt-transport-https -y

安装所有软件包后,使用以下命令将 Matrix Synapse 存储库添加到 APT:

wget -qO /usr/share/keyrings/matrix-org-archive-keyring.gpg https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/matrix-org-archive-keyring.gpg] https://packages.matrix.org/debian/ $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/matrix-org.list

接下来,更新存储库并使用以下命令安装 Matrix Synapse:

apt-get update -y
apt-get install matrix-synapse-py3 -y

我们将被要求提供我们的域名,如下所示:

提供我们的域名并按 Enter。 我们将被要求选择匿名数据报告,如下所示:

选择所需的选项并按 Enter 开始安装。

安装完成后,启动 Matrix Synapse 服务并使其在系统重新启动时启动:

systemctl start matrix-synapse
systemctl enable matrix-synapse

我们还可以使用以下命令检查 Matrix Synapse 的状态:

systemctl status matrix-synapse

输出:

● matrix-synapse.service - Synapse Matrix homeserver
   Loaded: loaded (/lib/systemd/system/matrix-synapse.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2021-04-09 07:48:42 UTC; 28s ago
  Process: 1754 ExecStartPre=/opt/venvs/matrix-synapse/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-synapse/homeserver.yaml -
 Main PID: 1761 (python)
    Tasks: 2 (limit: 4701)
   Memory: 78.5M
   CGroup: /system.slice/matrix-synapse.service
           └─1761 /opt/venvs/matrix-synapse/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-synapse/homeserver.yaml --config-pat

Apr 09 07:48:40 debian10 matrix-synapse[1754]: Generating signing key file /etc/matrix-synapse/homeserver.signing.key
Apr 09 07:48:41 debian10 matrix-synapse[1761]: This server is configured to use 'matrix.org' as its trusted key server via the
Apr 09 07:48:41 debian10 matrix-synapse[1761]: 'trusted_key_servers' config option. 'matrix.org' is a good choice for a key
Apr 09 07:48:41 debian10 matrix-synapse[1761]: server since it is long-lived, stable and trusted. However, some admins may
Apr 09 07:48:41 debian10 matrix-synapse[1761]: wish to use another server for this purpose.
Apr 09 07:48:41 debian10 matrix-synapse[1761]: To suppress this warning and continue using 'matrix.org', admins should set
Apr 09 07:48:41 debian10 matrix-synapse[1761]: 'suppress_key_server_warning' to 'true' in homeserver.yaml.
Apr 09 07:48:41 debian10 matrix-synapse[1761]: --------------------------------------------------------------------------------
Apr 09 07:48:41 debian10 matrix-synapse[1761]: Config is missing macaroon_secret_key
Apr 09 07:48:42 debian10 systemd[1]: Started Synapse Matrix homeserver.

此时,Matrix Synapse 已启动并侦听端口 8008。我们可以使用以下命令检查它:

ss -antpl | grep 8008

输出:

LISTEN    0         50               127.0.0.1:8008             0.0.0.0:*        users:(("python",pid=1761,fd=13))                                              
LISTEN    0         50                   [::1]:8008                [::]:*        users:(("python",pid=1761,fd=12))

第 3 步 – 配置矩阵突触

接下来,我们需要配置 Matrix Synapse 才能正常工作。

首先,使用以下命令生成共享密钥:

cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1

输出:

cLmgfxKcNav5qHDuM31HNUlvAsVtSTDN

接下来,编辑 Matrix Synapse 配置文件:

nano /etc/matrix-synapse/homeserver.yaml

更改以下行:

listeners:

  - port: 8008
    tls: false
    type: http
    x_forwarded: true
    bind_addresses: ['::1', '127.0.0.1']
 domain: matrix.turbogeek.club
registration_shared_secret: cLmgfxKcNav5qHDuM31HNUlvAsVtSTDN

保存并关闭文件,然后重新启动 Matrix Synapse 以应用更改:

systemctl restart matrix-synapse

第 4 步 – 下载 Let’s Encrypt SSL

接下来,我们需要安装 Certbot 客户端以下载免费的 Let’s Encrypt SSL。

首先,使用以下命令安装 Nginx Web 服务器:

apt-get install nginx -y

接下来,使用以下命令安装 Certbot 客户端:

apt-get install python3-certbot-nginx

安装后,使用以下命令为我们的域下载 Let’s Encrypt SSL:

certbot certonly --nginx -d matrix.example.com

我们将被要求提供我们的电子邮件并接受如下所示的服务条款:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): hitjethva@gmail.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. We must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would we be willing to share wer email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send we email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for matrix.example.com
Using default address 80 for authentication.
Waiting for verification...
Cleaning up challenges
Could not automatically find a matching server block for matrix.example.com. Set the `server_name` directive to use the Nginx installer.

IMPORTANT NOTES:
 - Unable to install the certificate
 - Congratulations! Wer certificate and chain have been saved at:
   /etc/letsencrypt/live/matrix.example.com/fullchain.pem
   Wer key file has been saved at:
   /etc/letsencrypt/live/matrix.example.com/privkey.pem
   Wer cert will expire on 2021-07-08. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   wer certificates, run "certbot renew"
 - Wer account credentials have been saved in wer Certbot
   configuration directory at /etc/letsencrypt. We should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.

此时,所有 Let’s Encrypt SSL 都下载到 /etc/letsencrypt/live/matrix.example.com 目录中。

第 5 步 – 为 Matrix Synapse 配置 Nginx

接下来,我们需要为 Matrix Synapse 创建一个 Nginx 虚拟主机配置文件。

nano /etc/nginx/conf.d/matrix.conf

添加以下行:

server {
    listen 80;
    server_name matrix.example.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name matrix.example.com;

    ssl_certificate /etc/letsencrypt/live/matrix.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/matrix.example.com/privkey.pem;

    location / {
        proxy_pass http://localhost:8008;
        proxy_set_header X-Forwarded-For $remote_addr;
        # Nginx by default only allows file uploads up to 1M in size
        # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
        client_max_body_size 10M;
    }
}

# This is used for Matrix Federation
# which is using default TCP port '8448'
server {
    listen 8448 ssl;
    server_name matrix.example.com;

    ssl_certificate /etc/letsencrypt/live/matrix.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/matrix.example.com/privkey.pem;

    location / {
        proxy_pass http://localhost:8008;
        proxy_set_header X-Forwarded-For $remote_addr;
    }
}

保存并关闭文件,然后编辑 Nginx 主配置文件:

nano /etc/nginx/nginx.conf

在 HTTP { 下添加以下行:

server_names_hash_bucket_size 64;

保存文件,然后使用以下命令验证 Nginx 是否有任何错误:

nginx -t

输出:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

接下来,重新启动 Nginx 以应用更改:

systemctl restart nginx

第 6 步 – 将用户添加到 Matrix Synapse 服务器

接下来,我们需要将用户添加到 Matrix Synapse 服务器。 我们可以使用以下命令添加它:

register_new_matrix_user -c /etc/matrix-synapse/homeserver.yaml http://localhost:8008

我们将被要求设置用户名和密码,如下所示:

New user localpart [root]: admin
Password: 
Confirm password: 
Make admin [no]: yes
Sending registration request...
Success!

第 7 步 – 访问矩阵突触

我们现在可以打开 Web 浏览器并使用 URL https://matrix.example.com 访问 Matrix Synapse。 我们应该看到以下页面:

我们还可以使用 Matrix Synapse Federation Tester URL https://federationtester.matrix.org/ 测试 Matrix Synapse

提供我们的 Matrix Synapse 域名并单击 Go 按钮。 如果一切正常,我们应该会看到以下页面:

在上面的指南中,我们学习了 Debian 10 上使用 Nginx 和 Let’s Encrypt SSL 安装 Matrix Synapse 服务器。我们现在可以在专用服务器的生产环境中轻松实现自己的通信服务器。

© 版权声明
THE END
喜欢就支持一下吧
点赞14 分享
评论 抢沙发

请登录后发表评论