docker安装 Synapse（Matrix 服务器）和 Element Web（Matrix 客户端）

Author： Dean
发布时间：August 14, 2024
399 views
No comments
13449 words
Categories：

全平台的自托管的支持端到端加密的聊天软件
去中心化，故可以和其他所有人的matrix服务器进行加密聊天，类似于邮件系统

最终效果:

web:

web

ios:

ios

创建配置文件

docker run -it --rm \
    -v /home/matrix/data:/data \
    -e SYNAPSE_SERVER_NAME=matrix.xxx.com:443 \
    -e SYNAPSE_REPORT_STATS=no \
    matrixdotorg/synapse:latest generate

会在/home/matrix/data文件夹生成homeserver.yaml

homeserver.yaml需要手动修改一下，修改后是这样:

# Configuration file for Synapse.
#
# This is a YAML file: see [1] for a quick introduction. Note in particular
# that *indentation is important*: all the elements of a list or dictionary
# should have the same indentation.
#
# [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html
#
# For more information on how to configure Synapse, including a complete accounting of
# each option, go to docs/usage/configuration/config_documentation.md or
# https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html
server_name: "matrix.xxx.com:443"
pid_file: /data/homeserver.pid
listeners:
  - port: 8008
    tls: false
    type: http
    x_forwarded: true
    resources:
      - names: [client, federation]
        compress: false
database:
  name: sqlite3
  args:
    database: /data/homeserver.db
log_config: "/data/matrix.xxx.com:443.log.config"
media_store_path: /data/media_store
registration_shared_secret: ";V^o;[email protected]:rzjsand2S@K3#t1TZaskjdqy^cSHM-N"
report_stats: false
macaroon_secret_key: "j41qkRhzK=3ljN5+qaskjnd2MD5z.cZ4FoV_S_v8YT_ESxXKD"
form_secret: "HESK209sZrIJU&6GsEz8TFWDM&CKjofdSf&m7=5&HkIf#s@H@j"
signing_key_path: "/data/matrix.xxx.com:443.signing.key"
trusted_key_servers:
  - server_name: "matrix.org"

enable_registration: true
enable_registration_without_verification: false

suppress_key_server_warning: true

registrations_require_3pid: #允许的3pid注册方式
  - email
# vim:ft=yaml


email:
  smtp_host: mail.xxx.com
  smtp_port: 465
  smtp_user: "[email protected]"
  smtp_pass: "SKJDOIAFJS23kJE@LJLaskldjasalfalskfjlasjf"
  force_tls: true
  require_transport_security: true
  enable_tls: true
  notif_from: "Matrix 通知 <[email protected]>"
  app_name: matrix
  enable_notifs: true
  notif_for_new_users: false
  client_base_url: "http://matrix.xxx.com:443/riot"
  validation_token_lifetime: 15m
  invite_client_location: https://matrix.xxx.com:443

  subjects:
    message_from_person_in_room: "[%(app)s] 你在 %(app)s 上收到了来自 %(room)s 房间 %(person)s 的消息..."
    message_from_person: "[%(app)s] 你在 %(app)s 上收到了来自 %(person)s 的消息..."
    messages_from_person: "[%(app)s] 你在 %(app)s 上收到了来自 %(person)s 的多条消息..."
    messages_in_room: "[%(app)s] 你在 %(app)s 上收到了 %(room)s 房间的多条消息..."
    messages_in_room_and_others: "[%(app)s] 你在 %(app)s 上收到了 %(room)s 房间和其他地方的多条消息..."
    messages_from_person_and_others: "[%(app)s] 你在 %(app)s 上收到了来自 %(person)s 和其他人的多条消息..."
    invite_from_person_to_room: "[%(app)s] %(person)s 邀请你加入 %(room)s 房间，来 %(app)s 上一起聊天吧..."
    invite_from_person: "[%(app)s] %(person)s 邀请你在 %(app)s 上聊天..."
    password_reset: "[%(server_name)s] 密码重置"
    email_validation: "[%(server_name)s] 验证你的邮箱"

docker-compose.yml:

version: "3.3"

services:
  synapse:
    image: "matrixdotorg/synapse:latest"
    container_name: "matrix_synapse"
    restart: unless-stopped
    ports:
      - "172.17.0.1:47808:8008"
    volumes:
      - "./data:/data"
    environment:
      VIRTUAL_HOST: "matrix.xxx.com"
      VIRTUAL_PORT: 8008
      LETSENCRYPT_HOST: "matrix.xxx.com"
      SYNAPSE_SERVER_NAME: "matrix.xxx.com"
      SYNAPSE_REPORT_STATS: "yes"
      TZ: "Asia/Shanghai"

  element-web:
    image: "vectorim/element-web"
    container_name: "element-web"
    restart: unless-stopped
    ports:
      - "172.17.0.1:47809:80"
    # volumes:
    #   - "./element-web/config.json:/app/config.json" #如果把element默认的服务器改为自己的话，可在容器启动后使用`docker cp element-web:/app/config.json ./`将文件复制出来，放到映射的对应位置
    environment:
      TZ: "Asia/Shanghai"

element-web自定义后的config.json:

修改matrix.xxx.com相关的行即可

{
    "default_server_config": {
        "m.homeserver": {
            "base_url": "https://matrix.xxx.com:443",
            "server_name": "matrix.xxx.com"
        },
        "m.identity_server": {
            "base_url": "https://vector.im"
        }
    },
    "disable_custom_urls": false,
    "disable_guests": false,
    "disable_login_language_selector": false,
    "disable_3pid_login": false,
    "brand": "Element",
    "integrations_ui_url": "https://scalar.vector.im/",
    "integrations_rest_url": "https://scalar.vector.im/api",
    "integrations_widgets_urls": [
        "https://scalar.vector.im/_matrix/integrations/v1",
        "https://scalar.vector.im/api",
        "https://scalar-staging.vector.im/_matrix/integrations/v1",
        "https://scalar-staging.vector.im/api",
        "https://scalar-staging.riot.im/scalar/api"
    ],
    "default_country_code": "CN",
    "show_labs_settings": false,
    "features": {},
    "default_federate": true,
    "default_theme": "light",
    "room_directory": {
        "servers": ["matrix.xxx.com"]
    },
    "enable_presence_by_hs_url": {
        "https://matrix.xxx.com:443": false
    },
    "setting_defaults": {
        "breadcrumbs": true
    },
    "jitsi": {
        "preferred_domain": "meet.element.io"
    },
    "element_call": {
        "url": "https://call.element.io",
        "participant_limit": 8,
        "brand": "Element Call"
    },
    "map_style_url": "https://api.maptiler.com/maps/streets/style.json?key=fU3vlMsMn4Jb6dnEIFsx"
}

创建账户

docker exec -it matrix_synapse register_new_matrix_user http://172.17.0.1:47808 -c /data/homeserver.yaml  -a -u admin -p a12013o23jb45jkjasdjkasdn994a7162oaijso3213n4m2k3j0asaaj25cea32

nginx配置文件(这个是适配这篇文章: docker运行nginx并用非标端口申请ssl证书的配置文件: (普通的nginx配置文件在更下面)

# websocket支持
map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}
server {
    listen 80;
    listen [::]:80;
    http2 on;
    server_name matrix.xxx.com;

    access_log /var/log/nginx/matrix.xxx.com_access.log geoip_enriched;
    error_log /var/log/nginx/matrix.xxx.com_error.log;

    return 301 https://$host:443$request_uri;
}
server {
    listen 443 ssl;
    listen [::]:443 ssl;
    http2 on;
    server_name matrix.xxx.com;

    auth_request @geoip;

    # 从auth_request返回的头信息中提取变量
    auth_request_set $geoip_country $upstream_http_x_geoip_country;
    auth_request_set $geoip_stateprov $upstream_http_x_geoip_stateprov;
    auth_request_set $geoip_city $upstream_http_x_geoip_city;
    auth_request_set $geoip_latitude $upstream_http_x_geoip_latitude;
    auth_request_set $geoip_longitude $upstream_http_x_geoip_longitude;
    auth_request_set $geoip_continent $upstream_http_x_geoip_continent;
    auth_request_set $geoip_timezone $upstream_http_x_geoip_timezone;
    auth_request_set $geoip_asn $upstream_http_x_geoip_asn;
    auth_request_set $geoip_asnorganization $upstream_http_x_geoip_asnorganization;

    # 将提取到的变量添加到头信息中
    add_header X-Geoip-Country $geoip_country always;
    add_header X-Geoip-StateProv $geoip_stateprov always;
    add_header X-Geoip-City $geoip_city always;
    add_header X-Geoip-Latitude $geoip_latitude always;
    add_header X-Geoip-Longitude $geoip_longitude always;
    add_header X-Geoip-Continent $geoip_continent always;
    add_header X-Geoip-Timezone $geoip_timezone always;
    add_header X-Geoip-Asn $geoip_asn always;
    add_header X-Geoip-AsnOrganization $geoip_asnorganization always;

    ssl_certificate /home/nginx/certs/matrix.xxx.com/fullchain.pem;
    ssl_certificate_key /home/nginx/certs/matrix.xxx.com/privkey.pem;

    # 启动HSTS
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;

    # 强制使用安全协议
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256';
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;

    access_log /var/log/nginx/matrix.xxx.com_access.log geoip_enriched;
    error_log /var/log/nginx/matrix.xxx.com_error.log;

    location /.well-known/matrix/server {
        default_type application/json;
        return 200 '{"m.server": "matrix.xxx.com:443"}';
    }

    location ~* ^(\/_matrix|\/_synapse\/client) {
        proxy_pass http://172.17.0.1:47808;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $host;

        # Nginx by default only allows file uploads up to 1M in size
        # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
        client_max_body_size 50M;
    }

    location / {
        proxy_pass http://172.17.0.1:47809;

        # 隐藏X-Powered-By
        proxy_hide_header X-Powered-By;

        # 显示真实ip
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        #cloudflare真实ip，如果使用了cf的cdn需要取消注释下面两行
        #set_real_ip_from 0.0.0.0/0;
        #real_ip_header CF-Connecting-IP;

        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout         900;

        # websocket支持
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;

        proxy_set_header Connection $http_connection;
        proxy_http_version 1.1;

        # 密码验证 （可选）
        # auth_basic "Registry Realm"; #（可选）
        # auth_basic_user_file /home/docker-registry/registry.passwords;# （可选）

    }
    location = @geoip {
      internal;

      proxy_pass http://172.17.0.1:8081/;
      # proxy_pass_request_body off;
      proxy_set_header X-Geoip-Address $remote_addr;
    }
}

普通的nginx配置文件:

# websocket支持
map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}
server {
    listen 80;
    listen [::]:80;
    http2 on;
    server_name matrix.xxx.com;

    access_log /var/log/nginx/matrix.xxx.com_access.log default;
    error_log /var/log/nginx/matrix.xxx.com_error.log;

    return 301 https://$host:443$request_uri;
}
server {
    listen 443 ssl;
    listen [::]:443 ssl;
    http2 on;
    server_name matrix.xxx.com;

    ssl_certificate /home/nginx/certs/matrix.xxx.com/fullchain.pem;
    ssl_certificate_key /home/nginx/certs/matrix.xxx.com/privkey.pem;

    # 启动HSTS
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;

    # 强制使用安全协议
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256';
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;

    access_log /var/log/nginx/matrix.xxx.com_access.log default;
    error_log /var/log/nginx/matrix.xxx.com_error.log;

    location /.well-known/matrix/server {
        default_type application/json;
        return 200 '{"m.server": "matrix.xxx.com:443"}';
    }

    location ~* ^(\/_matrix|\/_synapse\/client) {
        proxy_pass http://172.17.0.1:47808;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $host;

        # Nginx by default only allows file uploads up to 1M in size
        # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
        client_max_body_size 50M;
    }

    location / {
        proxy_pass http://172.17.0.1:47809;

        # 隐藏X-Powered-By
        proxy_hide_header X-Powered-By;

        # 显示真实ip
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        #cloudflare真实ip，如果使用了cf的cdn需要取消注释下面两行
        #set_real_ip_from 0.0.0.0/0;
        #real_ip_header CF-Connecting-IP;

        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout         900;

        # websocket支持
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;

        proxy_set_header Connection $http_connection;
        proxy_http_version 1.1;

        # 密码验证 （可选）
        # auth_basic "Registry Realm"; #（可选）
        # auth_basic_user_file /home/docker-registry/registry.passwords;# （可选）

    }
}

最后https://matrix.xxx.com:443 登录

各种平台也都有客户端

查看所有客户端: https://matrix.org/ecosystem/clients/

iOS/iPadOS客户端个人推荐: Synod.im

测试与其他服务器连通性的工具: https://federationtester.matrix.org

官方文档

Last modification：December 28, 2024

V50%看看实力

docker安装 Synapse（Matrix 服务器）和 Element Web（Matrix 客户端）

Dean • 2024 年 08 月 14 日

docker安装 Synapse（Matrix 服务器）和 Element Web（Matrix 客户端）全平台的自托管的支持端到端加密的聊天软件 去中心化，故可以和其他所有人的matrix服务器进行加密聊天，类似于邮件系统最终效果:web:<img src="https://pic.dreamdusk.com/i/66bc6382e89b3.png" alt="1.png" title="1.png" style=""><img src="https://pic.dreamdusk.com/i/66bc5f7e6cf31.png" alt="web" title="web" style="">ios:<img src="https://pic.dreamdusk.com/i/66bc5f69bf8ba.png" alt="ios" style="zoom:25%;" style=""><hr>创建配置文件<pre><code>docker run -it --rm \
 -v /home/matrix/data:/data \
 -e SYNAPSE_SERVER_NAME=matrix.xxx.com:443 \
 -e SYNAPSE_REPORT_STATS=no \
 matrixdotorg/synapse:latest generate</code></pre>会在<code>/home/matrix/data</code>文件夹生成<code>homeserver.yaml</code><code>homeserver.yaml</code>需要手动修改一下，修改后是这样:<pre><code class="lang-bash"># Configuration file for Synapse.
#
# This is a YAML file: see [1] for a quick introduction. Note in particular
# that *indentation is important*: all the elements of a list or dictionary
# should have the same indentation.
#
# [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html
#
# For more information on how to configure Synapse, including a complete accounting of
# each option, go to docs/usage/configuration/config_documentation.md or
# https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html
server_name: &quot;matrix.xxx.com:443&quot;
pid_file: /data/homeserver.pid
listeners:
 - port: 8008
 tls: false
 type: http
 x_forwarded: true
 resources:
 - names: [client, federation]
 compress: false
database:
 name: sqlite3
 args:
 database: /data/homeserver.db
log_config: &quot;/data/matrix.xxx.com:443.log.config&quot;
media_store_path: /data/media_store
registration_shared_secret: &quot;;V^o;Hw@m4qnz.B:rzjsand2S@K3#t1TZaskjdqy^cSHM-N&quot;
report_stats: false
macaroon_secret_key: &quot;j41qkRhzK=3ljN5+qaskjnd2MD5z.cZ4FoV_S_v8YT_ESxXKD&quot;
form_secret: &quot;HESK209sZrIJU&amp;6GsEz8TFWDM&amp;CKjofdSf&amp;m7=5&amp;HkIf#s@H@j&quot;
signing_key_path: &quot;/data/matrix.xxx.com:443.signing.key&quot;
trusted_key_servers:
 - server_name: &quot;matrix.org&quot;

enable_registration: true
enable_registration_without_verification: false

suppress_key_server_warning: true

registrations_require_3pid: #允许的3pid注册方式
  - email
# vim:ft=yaml

email:
  smtp_host: mail.xxx.com
  smtp_port: 465
  smtp_user: &quot;no-reply-matrix@xxx.com&quot;
  smtp_pass: &quot;SKJDOIAFJS23kJE@LJLaskldjasalfalskfjlasjf&quot;
  force_tls: true
  require_transport_security: true
  enable_tls: true
  notif_from: &quot;Matrix 通知 &lt;no-reply-matrix@xxx.com&gt;&quot;
  app_name: matrix
  enable_notifs: true
  notif_for_new_users: false
  client_base_url: &quot;http://matrix.xxx.com:443/riot&quot;
  validation_token_lifetime: 15m
  invite_client_location: https://matrix.xxx.com:443

subjects:
 message_from_person_in_room: &quot;[%(app)s] 你在 %(app)s 上收到了来自 %(room)s 房间 %(person)s 的消息...&quot;
 message_from_person: &quot;[%(app)s] 你在 %(app)s 上收到了来自 %(person)s 的消息...&quot;
 messages_from_person: &quot;[%(app)s] 你在 %(app)s 上收到了来自 %(person)s 的多条消息...&quot;
 messages_in_room: &quot;[%(app)s] 你在 %(app)s 上收到了 %(room)s 房间的多条消息...&quot;
 messages_in_room_and_others: &quot;[%(app)s] 你在 %(app)s 上收到了 %(room)s 房间和其他地方的多条消息...&quot;
 messages_from_person_and_others: &quot;[%(app)s] 你在 %(app)s 上收到了来自 %(person)s 和其他人的多条消息...&quot;
 invite_from_person_to_room: &quot;[%(app)s] %(person)s 邀请你加入 %(room)s 房间，来 %(app)s 上一起聊天吧...&quot;
 invite_from_person: &quot;[%(app)s] %(person)s 邀请你在 %(app)s 上聊天...&quot;
 password_reset: &quot;[%(server_name)s] 密码重置&quot;
 email_validation: &quot;[%(server_name)s] 验证你的邮箱&quot;</code></pre><hr>docker-compose.yml:<pre><code>version: &quot;3.3&quot;

services:
  synapse:
    image: &quot;matrixdotorg/synapse:latest&quot;
    container_name: &quot;matrix_synapse&quot;
    restart: unless-stopped
    ports:
      - &quot;172.17.0.1:47808:8008&quot;
    volumes:
      - &quot;./data:/data&quot;
    environment:
      VIRTUAL_HOST: &quot;matrix.xxx.com&quot;
      VIRTUAL_PORT: 8008
      LETSENCRYPT_HOST: &quot;matrix.xxx.com&quot;
      SYNAPSE_SERVER_NAME: &quot;matrix.xxx.com&quot;
      SYNAPSE_REPORT_STATS: &quot;yes&quot;
      TZ: &quot;Asia/Shanghai&quot;

element-web:
 image: &quot;vectorim/element-web&quot;
 container_name: &quot;element-web&quot;
 restart: unless-stopped
 ports:
 - &quot;172.17.0.1:47809:80&quot;
 # volumes:
 # - &quot;./element-web/config.json:/app/config.json&quot; #如果把element默认的服务器改为自己的话，可在容器启动后使用`docker cp element-web:/app/config.json ./`将文件复制出来，放到映射的对应位置
 environment:
 TZ: &quot;Asia/Shanghai&quot;</code></pre><code>element-web</code>自定义后的<code>config.json</code>:修改<code>matrix.xxx.com</code>相关的行即可<pre><code class="lang-bash">{
 &quot;default_server_config&quot;: {
 &quot;m.homeserver&quot;: {
 &quot;base_url&quot;: &quot;https://matrix.xxx.com:443&quot;,
 &quot;server_name&quot;: &quot;matrix.xxx.com&quot;
 },
 &quot;m.identity_server&quot;: {
 &quot;base_url&quot;: &quot;https://vector.im&quot;
 }
 },
 &quot;disable_custom_urls&quot;: false,
 &quot;disable_guests&quot;: false,
 &quot;disable_login_language_selector&quot;: false,
 &quot;disable_3pid_login&quot;: false,
 &quot;brand&quot;: &quot;Element&quot;,
 &quot;integrations_ui_url&quot;: &quot;https://scalar.vector.im/&quot;,
 &quot;integrations_rest_url&quot;: &quot;https://scalar.vector.im/api&quot;,
 &quot;integrations_widgets_urls&quot;: [
 &quot;https://scalar.vector.im/_matrix/integrations/v1&quot;,
 &quot;https://scalar.vector.im/api&quot;,
 &quot;https://scalar-staging.vector.im/_matrix/integrations/v1&quot;,
 &quot;https://scalar-staging.vector.im/api&quot;,
 &quot;https://scalar-staging.riot.im/scalar/api&quot;
 ],
 &quot;default_country_code&quot;: &quot;CN&quot;,
 &quot;show_labs_settings&quot;: false,
 &quot;features&quot;: {},
 &quot;default_federate&quot;: true,
 &quot;default_theme&quot;: &quot;light&quot;,
 &quot;room_directory&quot;: {
 &quot;servers&quot;: [&quot;matrix.xxx.com&quot;]
 },
 &quot;enable_presence_by_hs_url&quot;: {
 &quot;https://matrix.xxx.com:443&quot;: false
 },
 &quot;setting_defaults&quot;: {
 &quot;breadcrumbs&quot;: true
 },
 &quot;jitsi&quot;: {
 &quot;preferred_domain&quot;: &quot;meet.element.io&quot;
 },
 &quot;element_call&quot;: {
 &quot;url&quot;: &quot;https://call.element.io&quot;,
 &quot;participant_limit&quot;: 8,
 &quot;brand&quot;: &quot;Element Call&quot;
 },
 &quot;map_style_url&quot;: &quot;https://api.maptiler.com/maps/streets/style.json?key=fU3vlMsMn4Jb6dnEIFsx&quot;
}</code></pre><hr>创建账户<pre><code class="lang-bash">docker exec -it matrix_synapse register_new_matrix_user http://172.17.0.1:47808 -c /data/homeserver.yaml -a -u admin -p a12013o23jb45jkjasdjkasdn994a7162oaijso3213n4m2k3j0asaaj25cea32</code></pre>nginx配置文件(这个是适配这篇文章: <a href="https://blog.dreamdusk.com/archives/573/">docker运行nginx并用非标端口申请ssl证书</a> 的配置文件: (普通的nginx配置文件在更下面)<pre><code class="lang-bash"># websocket支持
map $http_upgrade $connection_upgrade {
 default upgrade;
 '' close;
}
server {
 listen 80;
 listen [::]:80;
 http2 on;
 server_name matrix.xxx.com;

access_log /var/log/nginx/matrix.xxx.com_access.log geoip_enriched;
    error_log /var/log/nginx/matrix.xxx.com_error.log;

return 301 https://$host:443$request_uri;
}
server {
    listen 443 ssl;
    listen [::]:443 ssl;
    http2 on;
    server_name matrix.xxx.com;

auth_request @geoip;

# 从auth_request返回的头信息中提取变量
    auth_request_set $geoip_country $upstream_http_x_geoip_country;
    auth_request_set $geoip_stateprov $upstream_http_x_geoip_stateprov;
    auth_request_set $geoip_city $upstream_http_x_geoip_city;
    auth_request_set $geoip_latitude $upstream_http_x_geoip_latitude;
    auth_request_set $geoip_longitude $upstream_http_x_geoip_longitude;
    auth_request_set $geoip_continent $upstream_http_x_geoip_continent;
    auth_request_set $geoip_timezone $upstream_http_x_geoip_timezone;
    auth_request_set $geoip_asn $upstream_http_x_geoip_asn;
    auth_request_set $geoip_asnorganization $upstream_http_x_geoip_asnorganization;

# 将提取到的变量添加到头信息中
    add_header X-Geoip-Country $geoip_country always;
    add_header X-Geoip-StateProv $geoip_stateprov always;
    add_header X-Geoip-City $geoip_city always;
    add_header X-Geoip-Latitude $geoip_latitude always;
    add_header X-Geoip-Longitude $geoip_longitude always;
    add_header X-Geoip-Continent $geoip_continent always;
    add_header X-Geoip-Timezone $geoip_timezone always;
    add_header X-Geoip-Asn $geoip_asn always;
    add_header X-Geoip-AsnOrganization $geoip_asnorganization always;

ssl_certificate /home/nginx/certs/matrix.xxx.com/fullchain.pem;
    ssl_certificate_key /home/nginx/certs/matrix.xxx.com/privkey.pem;

# 启动HSTS
    add_header Strict-Transport-Security &quot;max-age=63072000; includeSubDomains; preload&quot; always;

# 强制使用安全协议
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256';
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;

access_log /var/log/nginx/matrix.xxx.com_access.log geoip_enriched;
    error_log /var/log/nginx/matrix.xxx.com_error.log;

location /.well-known/matrix/server {
        default_type application/json;
        return 200 '{&quot;m.server&quot;: &quot;matrix.xxx.com:443&quot;}';
    }

location ~* ^(\/_matrix|\/_synapse\/client) {
        proxy_pass http://172.17.0.1:47808;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $host;

# Nginx by default only allows file uploads up to 1M in size
        # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
        client_max_body_size 50M;
    }

location / {
        proxy_pass http://172.17.0.1:47809;

# 隐藏X-Powered-By
        proxy_hide_header X-Powered-By;

# 显示真实ip
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

#cloudflare真实ip，如果使用了cf的cdn需要取消注释下面两行
        #set_real_ip_from 0.0.0.0/0;
        #real_ip_header CF-Connecting-IP;

proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout         900;

# websocket支持
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;

proxy_set_header Connection $http_connection;
        proxy_http_version 1.1;

# 密码验证 （可选）
        # auth_basic &quot;Registry Realm&quot;; #（可选）
        # auth_basic_user_file /home/docker-registry/registry.passwords;# （可选）

}
    location = @geoip {
      internal;

proxy_pass http://172.17.0.1:8081/;
 # proxy_pass_request_body off;
 proxy_set_header X-Geoip-Address $remote_addr;
 }
}</code></pre>普通的nginx配置文件:<pre><code class="lang-bash"># websocket支持
map $http_upgrade $connection_upgrade {
 default upgrade;
 '' close;
}
server {
 listen 80;
 listen [::]:80;
 http2 on;
 server_name matrix.xxx.com;

access_log /var/log/nginx/matrix.xxx.com_access.log default;
    error_log /var/log/nginx/matrix.xxx.com_error.log;

return 301 https://$host:443$request_uri;
}
server {
    listen 443 ssl;
    listen [::]:443 ssl;
    http2 on;
    server_name matrix.xxx.com;

ssl_certificate /home/nginx/certs/matrix.xxx.com/fullchain.pem;
    ssl_certificate_key /home/nginx/certs/matrix.xxx.com/privkey.pem;

# 启动HSTS
    add_header Strict-Transport-Security &quot;max-age=63072000; includeSubDomains; preload&quot; always;

access_log /var/log/nginx/matrix.xxx.com_access.log default;
    error_log /var/log/nginx/matrix.xxx.com_error.log;

location /.well-known/matrix/server {
        default_type application/json;
        return 200 '{&quot;m.server&quot;: &quot;matrix.xxx.com:443&quot;}';
    }

# Nginx by default only allows file uploads up to 1M in size
        # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
        client_max_body_size 50M;
    }

location / {
        proxy_pass http://172.17.0.1:47809;

# 隐藏X-Powered-By
        proxy_hide_header X-Powered-By;

# 显示真实ip
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

#cloudflare真实ip，如果使用了cf的cdn需要取消注释下面两行
        #set_real_ip_from 0.0.0.0/0;
        #real_ip_header CF-Connecting-IP;

proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout         900;

# websocket支持
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;

proxy_set_header Connection $http_connection;
        proxy_http_version 1.1;

# 密码验证 （可选）
        # auth_basic &quot;Registry Realm&quot;; #（可选）
        # auth_basic_user_file /home/docker-registry/registry.passwords;# （可选）

}
}</code></pre>最后<a class="no-external-link" href="https://matrix.xxx.com:443" target="_blank">https://matrix.xxx.com:443</a> 登录各种平台也都有<a class="no-external-link" href="https://matrix.org/ecosystem/clients/" target="_blank">客户端</a>查看所有客户端: <a class="no-external-link" href="https://matrix.org/ecosystem/clients/" target="_blank">https://matrix.org/ecosystem/clients/</a>iOS/iPadOS客户端个人推荐: <a class="no-external-link" href="https://apps.apple.com/us/app/synod-im/id1488171544" target="_blank">Synod.im</a>测试与其他服务器连通性的工具: <a class="no-external-link" href="https://federationtester.matrix.org" target="_blank">https://federationtester.matrix.org</a><a class="no-external-link" href="https://element-hq.github.io/synapse/latest/" target="_blank">官方文档</a>

docker安装 Synapse（Matrix 服务器）和 Element Web（Matrix 客户端）

Leave a Comment Cancel reply
使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款

解决openwrt中80、443端口的占用--修改uhttpd和nginx端口

systemd报错:Fatal error: failed to mount FUSE fs

光猫开启ipv6几个注意事项

emby刮削数据保存对应路径

国行PS5备份，并还原为港版教程

解决ubuntu中文乱码

查看端口占用

自动备份dockerhub的镜像

python检测是否安装了所需的运行库，不满足的话自动安装

macOS 自带hpptd/apache

docker安装 Synapse（Matrix 服务器）和 Element Web（Matrix 客户端）

Leave a Comment Cancel reply 使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款

docker安装 Synapse（Matrix 服务器）和 Element Web（Matrix 客户端）

Leave a Comment Cancel reply
使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款