Matrix is an open standard communication protocol for decentralized real time communication. Matrix is implemented as home servers which are distributed over the internet; hence there is no single point of control or failure. Matrix provides a RESTful HTTP API for creating and managing the distributed chat servers that includes sending and receiving messages, inviting and managing chat room members, maintaining user accounts, and providing advanced chat features such as VoIP and Video calls, etc. Matrix also establishes a secure synchronization between home servers which are distributed across the globe.<\/p>\n
Synapse is the implementation of Matrix home server written by the Matrix team. The Matrix ecosystem consists of the network of many federated home servers distributed across the globe. A Matrix user uses a chat client to connect to the home server, which in turn connects to the Matrix network. Homeserver stores the chat history and the login information of that particular user.<\/p>\n
In this tutorial, we will use Update your base system using the guide How to Update CentOS 7<\/a>. Once your system is updated, proceed to install Python.<\/p>\n Matrix Synapse needs Python 2.7 to work. Python 2.7 comes preinstalled in all CentOS server instances. You can check the installed version of Python.<\/p>\n You should get a similar output.<\/p>\n Changing the default version of Python may break YUM repository manager. However, if you want the most recent version of Python, you can make an alternative install, without replacing the default Python.<\/p>\n Install the packages in the Install a few more required dependencies.<\/p>\n Install Python pip. Pip is the dependency manager for Python packages.<\/p>\n Create a virtual environment for your Synapse application. Python virtual environment is used to create an isolated virtual environment for a Python project. A virtual environment contains its own installation directories and doesn’t share libraries with global and other virtual environments.<\/p>\n Provide the ownership of the directory to the current user.<\/p>\n Now activate the virtual environment.<\/p>\n Ensure that you have the latest version of Install the latest version of Synapse using pip.<\/p>\n The above command will take some time to execute as it pulls and installs the latest version of Synapse and all the dependencies from Github repository.<\/p>\n Synapse uses SQLite as the default database. SQLite stores the data in a database which is kept as a flat file on disk. Using SQLite is very simple, but not recommended for production as it is very slow compared to PostgreSQL.<\/p>\n PostgreSQL is an object relational database system. You will need to add the PostgreSQL repository in your system, as the application is not available in the default YUM repository.<\/p>\n Install the PostgreSQL database server.<\/p>\n Initialize the database.<\/p>\n Edit the Find the following lines and change Once updated, the configuration should look like this.<\/p>\n Start the PostgreSQL server and enable it to start automatically at boot.<\/p>\n Change the password for the default PostgreSQL user.<\/p>\n Login.<\/p>\n Create a new PostgreSQL user for Synapse.<\/p>\n PostgreSQL provides the Set a password for the newly created user for Synapse database.<\/p>\n Replace Exit from the Switch to the You will also need to install the packages required for Synapse to communicate with the PostgreSQL database server.<\/p>\n Synapse requires a configuration file before it can be started. The configuration file stores the server settings. Switch to the virtual environment and generate the configuration for Synapse.<\/p>\n Replace You should see a similar output.<\/p>\n By default, the Edit the newly created Find the existing database configuration which uses SQLite3. Comment out the lines as shown below. Also, add the new database configuration for PostgreSQL. Make sure that you use the correct database credentials.<\/p>\n Registration of a new user from a web interface is disabled by default. To enable registration, you can set Save the file and exit from the editor. Now you will need to register your first user. Before you can register a new user, though, you will need to start the application first.<\/p>\n You should see the following lines.<\/p>\n Register a new Matrix user.<\/p>\n You should see the following.<\/p>\n Finally, before you can use the Homeserver, you will need to allow port 8448 through the Firewall. Port You can now log in to the Matrix web chat client by going to Instead of using a self-signed certificate for securing federation port, we can use Let’s Encrypt free SSL. Let’s Encrypt free SSL can be obtained through the official Let’s Encrypt client called Certbot.<\/p>\n Install Certbot.<\/p>\n Adjust your firewall setting to allow the standard To obtain certificates from Let’s Encrypt CA, you must ensure that the domain for which you wish to generate the certificates is pointed towards the server. If it is not, then make the necessary changes to the DNS records of your domain and wait for the DNS to propagate before making the certificate request again. Certbot checks the domain authority before providing the certificates.<\/p><\/blockquote>\n Now use the built-in web server in Certbot to generate the certificates for your domain.<\/p>\n The generated certificates are likely to be stored in Copy the certificates.<\/p>\n You will need to change the path to the certificates and keys from the Find the following lines and modify the path.<\/p>\n Save the file and exit from the editor. Restart the Synapse server so that the changes can take effect.<\/p>\n Let’s Encrypt certificates are due to expire in 90 days, so it is recommended that you setup auto renewal for the certificates using cron jobs. Cron is a system service which is used to run periodic tasks.<\/p>\n Create a new script to renew certificates and copy the renewed certificates to the Synapse directory.<\/p>\n Populate the file.<\/p>\n Provide the execution permission.<\/p>\n Open the cron job file.<\/p>\n Add the following line at the end of the file.<\/p>\n The above cron job will run every Monday at 5:30 AM. If the certificate is due to expire, it will automatically renew them.<\/p>\n Now you can visit Apart from the secured federation port Create a new configuration file.<\/p>\n Populate the file with the following content.<\/p>\n Restart and enable Nginx to automatically start at boot time.<\/p>\n Finally, you can verify if Synapse can be accessed through the reverse proxy.<\/p>\n You should get similar output.<\/p>\n It is recommended to use the Systemd service to manage the Synapse server process. Using Systemd will ensure that the server is automatically started on system startup and failures.<\/p>\n Create a new Systemd service file.<\/p>\n Populate the file.<\/p>\n Now you can quickly start the Synapse server.<\/p>\n To stop or restart the server using following commands.<\/p>\n You can check the status of service.<\/p>\n Matrix Synapse server is now installed and configured on your server. As the built-in web client for Matrix is outdated, you can choose from the variety of the client applications<\/a> available for chat. Riot<\/strong> is the most popular chat client, which is available on almost all platforms. You can use the hosted version of Riot’s web chat client, or you can also host a copy of it on your own server. Apart from this, you can also use Riot’s desktop and mobile chat clients, which are available for Windows, Mac, Linux, IOS and Android.<\/p>\n If you wish to host your own copy of Riot web client, you can read further for the instructions to install Riot on your server. For hosted, desktop and mobile client, you can use your username and password to login directly to your homeserver. Just choose Riot Login Example<\/a><\/p>\n Riot is also open source and free to host on your own server. It does not require any database or dependencies. As we already have an Nginx server running, we can host it on the same server.<\/p>\n The domain or subdomain you are using for Synapse and Riot must be different to avoid cross-site scripting. However, you can use two subdomains of the same domain. In this tutorial, we will be using Download Riot on your server.<\/p>\n You can always find the link to the latest version on Riot’s Github<\/a>.<\/p>\n Extract the archive.<\/p>\n Rename the directory for handling convenience.<\/p>\n Because we have already installed Certbot, we can generate the certificates directly. Make sure that the domain or subdomain you are using is pointed towards the server.<\/p>\n The generated certificates are likely to be stored in the Create a virtual host for the Riot application.<\/p>\n Populate the file.<\/p>\n Copy the sample configuration file.<\/p>\n Now edit the configuration file to make few changes.<\/p>\n Find the following lines.<\/p>\n Replace the value of the default home server URL with the URL of your Matrix server. For the identity server URL, you can use the default option, or you can also provide its value to the Matrix identity server, which is Save the file and exit. Provide ownership of the files to the Nginx user.<\/p>\n Restart Nginx.<\/p>\n You can access Riot on You now have a Matrix Synapse home server up and running. You also have a hosted copy of Riot, which you can use to send a message to other people using their Matrix ID, email or mobile number. Start by creating a chat room on your server and invite your friends on Matrix to join the chat room you have created.<\/p>\n Have fun!<\/strong><\/em><\/p>\n","protected":false},"excerpt":{"rendered":" Matrix is an open standard communication protocol for decentralized real time communication. Matrix is implemented as home servers which are distributed over the internet; hence there is no single point of control or failure. Matrix provides a RESTful HTTP API for creating and managing the distributed chat servers that includes sending and receiving messages, inviting … Continue reading Create a Chat Server Using Matrix Synapse and Riot on CentOS 7<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2366","post","type-post","status-publish","format-standard","hentry","category-general"],"_links":{"self":[{"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/posts\/2366","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/comments?post=2366"}],"version-history":[{"count":0,"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/posts\/2366\/revisions"}],"wp:attachment":[{"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/media?parent=2366"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/categories?post=2366"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/tags?post=2366"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}matrix.example.com<\/code> as the domain name used for Matrix Synapse. Replace all occurrences of matrix.example.com<\/code> with your actual domain name you want to use for your Synapse home server.<\/p>\nInstall Development Tools<\/h3>\n
python -V\r\n<\/code><\/pre>\n[user@vultr ~]$ python -V\r\nPython 2.7.5\r\n<\/code><\/pre>\nDevelopment tools<\/code> group that are required for compiling the installer files.<\/p>\nsudo yum groupinstall -y \"Development tools\"\r\n<\/code><\/pre>\nsudo yum -y install libtiff-devel libjpeg-devel libzip-devel freetype-devel lcms2-devel libwebp-devel tcl-devel tk-devel redhat-rpm-config python-virtualenv libffi-devel openssl-devel \r\n<\/code><\/pre>\nwget https:\/\/bootstrap.pypa.io\/get-pip.py\r\nsudo python get-pip.py\r\n<\/code><\/pre>\nInstall Synapse<\/h3>\n
sudo virtualenv -p python2.7 \/opt\/synapse\r\n<\/code><\/pre>\nsudo chown -R $USER:$USER \/opt\/synapse\/\r\n<\/code><\/pre>\nsource \/opt\/synapse\/bin\/activate\r\n<\/code><\/pre>\npip<\/code> and setuptools<\/code>.<\/p>\npip install --upgrade pip \r\npip install --upgrade setuptools\r\n<\/code><\/pre>\npip install https:\/\/github.com\/matrix-org\/synapse\/tarball\/master\r\n<\/code><\/pre>\nInstalling and Configuring PostgreSQL<\/h3>\n
sudo rpm -Uvh https:\/\/download.postgresql.org\/pub\/repos\/yum\/9.6\/redhat\/rhel-7-x86_64\/pgdg-centos96-9.6-3.noarch.rpm\r\n<\/code><\/pre>\nsudo yum -y install postgresql96-server postgresql96-contrib\r\n<\/code><\/pre>\nsudo \/usr\/pgsql-9.6\/bin\/postgresql96-setup initdb\r\n<\/code><\/pre>\n\/var\/lib\/pgsql\/9.6\/data\/pg_hba.conf<\/code> to enable MD5 based authentication.<\/p>\nsudo nano \/var\/lib\/pgsql\/9.6\/data\/pg_hba.conf\r\n<\/code><\/pre>\npeer<\/code> to trust<\/code> and idnet<\/code> to md5<\/code>.<\/p>\n# TYPE DATABASE USER ADDRESS METHOD\r\n\r\n# \"local\" is for Unix domain socket connections only\r\nlocal all all peer\r\n# IPv4 local connections:\r\nhost all all 127.0.0.1\/32 idnet\r\n# IPv6 local connections:\r\nhost all all ::1\/128 idnet\r\n<\/code><\/pre>\n# TYPE DATABASE USER ADDRESS METHOD\r\n\r\n# \"local\" is for Unix domain socket connections only\r\nlocal all all trust\r\n# IPv4 local connections:\r\nhost all all 127.0.0.1\/32 md5\r\n# IPv6 local connections:\r\nhost all all ::1\/128 md5\r\n<\/code><\/pre>\nsudo systemctl start postgresql-9.6\r\nsudo systemctl enable postgresql-9.6\r\n<\/code><\/pre>\nsudo passwd postgres\r\n<\/code><\/pre>\nsudo su - postgres\r\n<\/code><\/pre>\ncreateuser synapse\r\n<\/code><\/pre>\npsql<\/code> shell to run queries on the database. Switch to the PostgreSQL shell by running.<\/p>\npsql\r\n<\/code><\/pre>\nALTER USER synapse WITH ENCRYPTED password 'DBPassword';\r\n<\/code><\/pre>\nDBPassword<\/code> with a strong password and make a note of it as we will use the password later. Create a new database for the PostgreSQL database.<\/p>\nCREATE DATABASE synapse ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER synapse;\r\n<\/code><\/pre>\npsql<\/code> shell.<\/p>\n\\q\r\n<\/code><\/pre>\nsudo<\/code> user from current postgres<\/code> user.<\/p>\nexit\r\n<\/code><\/pre>\nsudo yum -y install postgresql-devel libpqxx-devel.x86_64\r\nsource \/opt\/synapse\/bin\/activate\r\npip install psycopg2\r\n<\/code><\/pre>\nConfiguring Synapse<\/h3>\n
source \/opt\/synapse\/bin\/activate\r\ncd \/opt\/synapse\r\npython -m synapse.app.homeserver --server-name matrix.example.com --config-path homeserver.yaml --generate-config --report-stats=yes\r\n<\/code><\/pre>\nmatrix.example.com<\/code> with your actual domain name and make sure that the server name is resolvable to the IP address of your Vultr instance. Provide --report-stats=yes<\/code> if you want the servers to generate the reports, provide --report-stats=no<\/code> to disable the generation of reports and statistics.<\/p>\n(synapse)[user@vultr synapse]$ python -m synapse.app.homeserver --server-name matrix.example.com --config-path homeserver.yaml --generate-config --report-stats=yes\r\nA config file has been generated in 'homeserver.yaml' for server name 'matrix.example.com' with corresponding SSL keys and self-signed certificates. Please review this file and customise it to your needs.\r\nIf this server name is incorrect, you will need to regenerate the SSL certificates\r\n<\/code><\/pre>\nhomeserver.yaml<\/code> is configured to use a SQLite database. We need to modify it to use the PostgreSQL database we have created earlier.<\/p>\nhomeserver.yaml<\/code>.<\/p>\nnano homeserver.yaml\r\n<\/code><\/pre>\n# Database configuration\r\n#database:\r\n # The database engine name\r\n #name: \"sqlite3\"\r\n # Arguments to pass to the engine\r\n #args:\r\n # Path to the database\r\n #database: \"\/opt\/synapse\/homeserver.db\"\r\n\r\n\r\ndatabase:\r\n name: psycopg2\r\n args:\r\n user: synapse\r\n password: DBPassword\r\n database: synapse\r\n host: localhost\r\n cp_min: 5\r\n cp_max: 10\r\n<\/code><\/pre>\nenable_registration<\/code> to True<\/code>. You can also set a secret registration key, which allows anyone to register who has the secret key, even if registration is disabled.<\/p>\nenable_registration: False\r\n\r\nregistration_shared_secret: \"YPPqCPYqCQ-Rj,ws~FfeLS@maRV9vz5MnnV^r8~pP.Q6yNBDG;\"\r\n<\/code><\/pre>\nsource \/opt\/synapse\/bin\/activate && cd \/opt\/synapse\r\nsynctl start\r\n<\/code><\/pre>\n2017-09-05 11:10:41,921 - twisted - 131 - INFO - - SynapseSite starting on 8008\r\n2017-09-05 11:10:41,921 - twisted - 131 - INFO - - Starting factory <synapse.http.site.SynapseSite instance at 0x44bbc68>\r\n2017-09-05 11:10:41,921 - synapse.app.homeserver - 201 - INFO - - Synapse now listening on port 8008\r\n2017-09-05 11:10:41,922 - synapse.app.homeserver - 442 - INFO - - Scheduling stats reporting for 3 hour intervals\r\nstarted synapse.app.homeserver('homeserver.yaml')\r\n<\/code><\/pre>\nregister_new_matrix_user -c homeserver.yaml https:\/\/localhost:8448\r\n<\/code><\/pre>\n(synapse)[user@vultr synapse]$ register_new_matrix_user -c homeserver.yaml https:\/\/localhost:8448\r\nNew user localpart [user]: admin\r\nPassword:\r\nConfirm password:\r\nMake admin [no]: yes\r\nSending registration request...\r\nSuccess.\r\n<\/code><\/pre>\n8448<\/code> is used as the secured federation port. Homeservers use this port to communicate with each other securely. You can also use the built-in Matrix web chat client through this port.<\/p>\nsudo firewall-cmd --permanent --zone=public --add-port=8448\/tcp\r\nsudo firewall-cmd --reload\r\n<\/code><\/pre>\nhttps:\/\/matrix.example.com:8448<\/code> through your favorite browser. You will see a warning about the SSL certificate as the certificates used are self-signed. We will not use this web chat client as it is outdated and not maintained anymore. Just try to check if you can log in using the user account you just created.<\/p>\nSetting up Let’s Encrypt Certificates<\/h3>\n
sudo yum -y install certbot\r\n<\/code><\/pre>\nHTTP<\/code> and HTTPS<\/code> ports through the firewall. Certbot needs to make an HTTP<\/code> connection to verify the domain authority.<\/p>\nsudo firewall-cmd --permanent --zone=public --add-service=http\r\nsudo firewall-cmd --permanent --zone=public --add-service=https\r\nsudo firewall-cmd --reload\r\n<\/code><\/pre>\nsudo certbot certonly --standalone -d matrix.example.com\r\n<\/code><\/pre>\n\/etc\/letsencrypt\/live\/matrix.example.com\/<\/code>. The SSL certificate will be stored as fullchain.pem<\/code> and the private key will be stored as privkey.pem<\/code>.<\/p>\nsudo cp \/etc\/letsencrypt\/live\/matrix.example.com\/fullchain.pem \/opt\/synapse\/letsencrypt-fullchain.pem\r\n\r\nsudo cp \/etc\/letsencrypt\/live\/matrix.example.com\/privkey.pem \/opt\/synapse\/letsencrypt-privkey.pem\r\n<\/code><\/pre>\nhomeserver.yaml<\/code> file. Edit the configuration.<\/p>\nnano \/opt\/synapse\/homeserver.yaml\r\n<\/code><\/pre>\ntls_certificate_path: \"\/opt\/synapse\/letsencrypt-fullchain.pem\"\r\n\r\n# PEM encoded private key for TLS\r\ntls_private_key_path: \"\/opt\/synapse\/letsencrypt-privkey.pem\"\r\n<\/code><\/pre>\nsource \/opt\/synapse\/bin\/activate && cd \/opt\/synapse\r\nsynctl restart\r\n<\/code><\/pre>\nsudo nano \/opt\/renew-letsencypt.sh \r\n<\/code><\/pre>\n#!\/bin\/sh\r\n\r\n\/usr\/bin\/certbot renew --quiet --nginx\r\ncp \/etc\/letsencrypt\/live\/matrix.example.com\/fullchain.pem \/opt\/synapse\/letsencrypt-fullchain.pem\r\ncp \/etc\/letsencrypt\/live\/matrix.example.com\/privkey.pem \/opt\/synapse\/letsencrypt-privkey.pem\r\n<\/code><\/pre>\nsudo chmod +x \/opt\/renew-letsencypt.sh\r\n<\/code><\/pre>\nsudo crontab -e\r\n<\/code><\/pre>\n30 5 * * 1 \/opt\/renew-letsencypt.sh\r\n<\/code><\/pre>\nhttps:\/\/matrix.example.com:8448<\/code>. You will see that there is no SSL warning before connection.<\/p>\nSetup Nginx With Let’s Encrypt<\/h3>\n
8448<\/code>, Synapse also listens to the unsecured client port 8008<\/code>. We will now configure Nginx as a reverse proxy to the Synapse application.<\/p>\nsudo yum -y install nginx\r\n<\/code><\/pre>\nsudo nano \/etc\/nginx\/conf.d\/synapse.conf\r\n<\/code><\/pre>\nserver {\r\n listen 80;\r\n server_name matrix.example.com;\r\n return 301 https:\/\/$host$request_uri;\r\n}\r\nserver {\r\n\r\n listen 443;\r\n server_name matrix.example.com;\r\n\r\n ssl_certificate \/etc\/letsencrypt\/live\/matrix.example.com\/fullchain.pem;\r\n ssl_certificate_key \/etc\/letsencrypt\/live\/matrix.example.com\/privkey.pem;\r\n\r\n ssl on;\r\n ssl_session_cache builtin:1000 shared:SSL:10m;\r\n ssl_protocols TLSv1 TLSv1.1 TLSv1.2;\r\n ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;\r\n ssl_prefer_server_ciphers on;\r\n\r\n access_log \/var\/log\/nginx\/synapse.access.log;\r\n\r\n location \/_matrix {\r\n\r\n proxy_pass http:\/\/localhost:8008;\r\n proxy_set_header X-Forwarded-For $remote_addr;\r\n\r\n }\r\n }\r\n<\/code><\/pre>\nsudo systemctl restart nginx\r\nsudo systemctl enable nginx\r\n<\/code><\/pre>\ncurl https:\/\/matrix.example.com\/_matrix\/key\/v2\/server\/auto\r\n<\/code><\/pre>\n[user@vultr ~]$ curl https:\/\/matrix.example.com\/_matrix\/key\/v2\/server\/auto\r\n{\"old_verify_keys\":{},\"server_name\":\"matrix.example.com\",\"signatures\":{\"matrix.example.com\":{\"ed25519:a_ffMf\":\"T\/Uq\/UN5vyc4w7v0azALjPIJeZx1vQ+HC6ohUGkTSqiFI4WI\/ojGpb2763arwSSQLr\/tP\/2diCi1KLU2DEnOCQ\"}},\"tls_fingerprints\":[{\"sha256\":\"eorhQj\/kubI2PEQZyBZvGV7K1x3EcQ7j\/AO2MtZMplw\"}],\"valid_until_ts\":1504876080512,\"verify_keys\":{\"ed25519:a_ffMf\":{\"key\":\"Gc1hxkpPmQv71Cvjyk+uzR5UtrpmgV\/UwlsLtosawEs\"}}}\r\n<\/code><\/pre>\nSetting up the Systemd Service<\/h3>\n
sudo nano \/etc\/systemd\/system\/matrix-synapse.service\r\n<\/code><\/pre>\n[Unit]\r\nDescription=Matrix Synapse service\r\nAfter=network.target\r\n\r\n[Service]\r\nType=forking\r\nWorkingDirectory=\/opt\/synapse\/\r\nExecStart=\/opt\/synapse\/bin\/synctl start\r\nExecStop=\/opt\/synapse\/bin\/synctl stop\r\nExecReload=\/opt\/synapse\/bin\/synctl restart\r\nRestart=always\r\nStandardOutput=syslog\r\nStandardError=syslog\r\nSyslogIdentifier=synapse\r\n\r\n[Install]\r\nWantedBy=multi-user.target\r\n<\/code><\/pre>\nsudo systemctl start matrix-synapse\r\n<\/code><\/pre>\nsudo systemctl stop matrix-synapse\r\nsudo systemctl restart matrix-synapse\r\n<\/code><\/pre>\nsudo systemctl status matrix-synapse\r\n<\/code><\/pre>\nUsing Riot<\/h3>\n
my Matrix ID<\/code> from the dropdown menu of the Sign In<\/code> option and provide the username and password you have created during the registration of a new user. Click on the Custom server<\/code> and use the domain name of your Synapse instance. As we have already configured Nginx, we can just use https:\/\/matrix.example.com<\/code> as the Home server and https:\/\/matrix.org<\/code> as Identity server URL.<\/p>\nSetup Riot on Your Own Server.<\/h3>\n
riot.example.com<\/code> as the domain for the Riot application. Replace all occurrence of riot.example.com<\/code> with your actual domain or subdomain for the Riot application.<\/p><\/blockquote>\ncd \/opt\/\r\nsudo wget https:\/\/github.com\/vector-im\/riot-web\/releases\/download\/v0.12.3\/riot-v0.12.3.tar.gz\r\n<\/code><\/pre>\nsudo tar -xzf riot-v*.tar.gz\r\n<\/code><\/pre>\nsudo mv riot-v*\/ riot\/\r\n<\/code><\/pre>\nsudo systemctl stop nginx\r\nsudo certbot certonly --standalone -d riot.example.com\r\n<\/code><\/pre>\n\/etc\/letsencrypt\/live\/riot.example.com\/<\/code> directory.<\/p>\nsudo nano \/etc\/nginx\/conf.d\/riot.conf\r\n<\/code><\/pre>\nserver {\r\n listen 80;\r\n server_name riot.example.com;\r\n return 301 https:\/\/$host$request_uri;\r\n}\r\nserver {\r\n\r\n listen 443;\r\n server_name riot.example.com;\r\n\r\n ssl_certificate \/etc\/letsencrypt\/live\/riot.example.com\/fullchain.pem;\r\n ssl_certificate_key \/etc\/letsencrypt\/live\/riot.example.com\/privkey.pem;\r\n\r\n ssl on;\r\n ssl_session_cache builtin:1000 shared:SSL:10m;\r\n ssl_protocols TLSv1 TLSv1.1 TLSv1.2;\r\n ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;\r\n ssl_prefer_server_ciphers on;\r\n\r\n root \/opt\/riot;\r\n index index.html index.htm;\r\n\r\n location \/ {\r\n try_files $uri $uri\/ =404;\r\n }\r\n\r\n access_log \/var\/log\/nginx\/riot.access.log;\r\n\r\n }\r\n<\/code><\/pre>\nsudo cp \/opt\/riot\/config.sample.json \/opt\/riot\/config.json\r\n<\/code><\/pre>\nsudo nano \/opt\/riot\/config.json\r\n<\/code><\/pre>\n\"default_hs_url\": \"https:\/\/matrix.org\",\r\n\"default_is_url\": \"https:\/\/vector.im\",\r\n<\/code><\/pre>\nhttps:\/\/matrix.org<\/code>.<\/p>\n\"default_hs_url\": \"https:\/\/matrix.example.com\",\r\n\"default_is_url\": \"https:\/\/matrix.org\",\r\n<\/code><\/pre>\nsudo chown -R nginx:nginx \/opt\/riot\/\r\n<\/code><\/pre>\nsudo systemctl restart nginx\r\n<\/code><\/pre>\nhttps:\/\/riot.example.com<\/code>. You can now log in using the username and password which you have created earlier. You can connect using the default server as we have already changed the default Matrix server for our application.<\/p>\n
![Riot Login Example<\/a><\/p>\nSetup Riot on Your Own Server.<\/h3>\nRiot is also open source and free to host on your own server. It does not require any database or dependencies. As we already have an Nginx server running, we can host it on the same server.<\/p>\nThe domain or subdomain you are using for Synapse and Riot must be different to avoid cross-site scripting. However, you can use two subdomains of the same domain. In this tutorial, we will be using riot.example.com<\/code> as the domain for the Riot application. Replace all occurrence of riot.example.com<\/code> with your actual domain or subdomain for the Riot application.<\/p><\/blockquote>\nDownload Riot on your server.<\/p>\ncd \/opt\/\r\nsudo wget https:\/\/github.com\/vector-im\/riot-web\/releases\/download\/v0.12.3\/riot-v0.12.3.tar.gz\r\n<\/code><\/pre>\nYou can always find the link to the latest version on Riot’s Github<\/a>.<\/p>\nExtract the archive.<\/p>\nsudo tar -xzf riot-v*.tar.gz\r\n<\/code><\/pre>\nRename the directory for handling convenience.<\/p>\nsudo mv riot-v*\/ riot\/\r\n<\/code><\/pre>\nBecause we have already installed Certbot, we can generate the certificates directly. Make sure that the domain or subdomain you are using is pointed towards the server.<\/p>\nsudo systemctl stop nginx\r\nsudo certbot certonly --standalone -d riot.example.com\r\n<\/code><\/pre>\nThe generated certificates are likely to be stored in the \/etc\/letsencrypt\/live\/riot.example.com\/<\/code> directory.<\/p>\nCreate a virtual host for the Riot application.<\/p>\nsudo nano \/etc\/nginx\/conf.d\/riot.conf\r\n<\/code><\/pre>\nPopulate the file.<\/p>\nserver {\r\n listen 80;\r\n server_name riot.example.com;\r\n return 301 https:\/\/$host$request_uri;\r\n}\r\nserver {\r\n\r\n listen 443;\r\n server_name riot.example.com;\r\n\r\n ssl_certificate \/etc\/letsencrypt\/live\/riot.example.com\/fullchain.pem;\r\n ssl_certificate_key \/etc\/letsencrypt\/live\/riot.example.com\/privkey.pem;\r\n\r\n ssl on;\r\n ssl_session_cache builtin:1000 shared:SSL:10m;\r\n ssl_protocols TLSv1 TLSv1.1 TLSv1.2;\r\n ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;\r\n ssl_prefer_server_ciphers on;\r\n\r\n root \/opt\/riot;\r\n index index.html index.htm;\r\n\r\n location \/ {\r\n try_files $uri $uri\/ =404;\r\n }\r\n\r\n access_log \/var\/log\/nginx\/riot.access.log;\r\n\r\n }\r\n<\/code><\/pre>\nCopy the sample configuration file.<\/p>\nsudo cp \/opt\/riot\/config.sample.json \/opt\/riot\/config.json\r\n<\/code><\/pre>\nNow edit the configuration file to make few changes.<\/p>\nsudo nano \/opt\/riot\/config.json\r\n<\/code><\/pre>\nFind the following lines.<\/p>\n\"default_hs_url\": \"https:\/\/matrix.org\",\r\n\"default_is_url\": \"https:\/\/vector.im\",\r\n<\/code><\/pre>\nReplace the value of the default home server URL with the URL of your Matrix server. For the identity server URL, you can use the default option, or you can also provide its value to the Matrix identity server, which is https:\/\/matrix.org<\/code>.<\/p>\n\"default_hs_url\": \"https:\/\/matrix.example.com\",\r\n\"default_is_url\": \"https:\/\/matrix.org\",\r\n<\/code><\/pre>\nSave the file and exit. Provide ownership of the files to the Nginx user.<\/p>\nsudo chown -R nginx:nginx \/opt\/riot\/\r\n<\/code><\/pre>\nRestart Nginx.<\/p>\nsudo systemctl restart nginx\r\n<\/code><\/pre>\nYou can access Riot on https:\/\/riot.example.com<\/code>. You can now log in using the username and password which you have created earlier. You can connect using the default server as we have already changed the default Matrix server for our application.<\/p>\nYou now have a Matrix Synapse home server up and running. You also have a hosted copy of Riot, which you can use to send a message to other people using their Matrix ID, email or mobile number. Start by creating a chat room on your server and invite your friends on Matrix to join the chat room you have created.<\/p>\nHave fun!<\/strong><\/em><\/p>\n","protected":false},"excerpt":{"rendered":"Matrix is an open standard communication protocol for decentralized real time communication. Matrix is implemented as home servers which are distributed over the internet; hence there is no single point of control or failure. Matrix provides a RESTful HTTP API for creating and managing the distributed chat servers that includes sending and receiving messages, inviting … Continue reading Create a Chat Server Using Matrix Synapse and Riot on CentOS 7<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2366","post","type-post","status-publish","format-standard","hentry","category-general"],"_links":{"self":[{"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/posts\/2366","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/comments?post=2366"}],"version-history":[{"count":0,"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/posts\/2366\/revisions"}],"wp:attachment":[{"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/media?parent=2366"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/categories?post=2366"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/tags?post=2366"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}](\"http:\/\/i.imgur.com\/INH1IVy.png\"){kind=link}