Matrix is the new standard for instant messaging, VOIP and video: http://matrix.org/
It’s a decentralized system like Yunohost, with bridges to legacy protocols, as explained in this presentation at Fosdem 2016 (PDF)
It would be great to have a Matrix server in Yunohost
I have tested Matrix with Riot client recently and communication work very well. Group messages of course, but also voip 1:1 are excellent quality and reliable, even when connection is not really good.
Just the encryption mechanism is not full functional : for instance if I start an encrypted conversation with Riot on my desktop and I want to continue through Riot for Android, then I can’t read on Android the messages I wrote on my desktop. Sure the dev will improve encryption mechanism to allow multiple devices conversation.
Few days ago, I tried to install Matrix Synapse server on my server where Yunohost is running without success so far. Synapse is installed on a specific subdomain managed by Yunohost. Synapse server is working but I can’t connect to it from riot.im.
I have to identify yet what to modify on Nginx or the firewall to allow the communication on port 8448 to arrive to Synapse server, as Synapse is not recognize by Yunohost so far.
Thanks for these links.
I have read them before starting, they are very informative, particularly the one on https://xo.tc/.
Indeed I think the problem is not Matrix / synapse but rather my very limited knowledge on how Yunohost is designed and the role of Nginx.
As I declared the sub-domain where I want to install Synapse on the Yunohost system, I guess Yunohost is managing completely this subdomain and so Synapse can’t use it.
I think either I have to remove this sub-domain form the management of Yunohost or to find the way to let synapse connected with Internet (maybe modifying Nginx). I have read instruction on how to modify Apache, but not Nginx so far.
This is what happen when a beginner try to make a rocket takes off, it doesn’t always starts …
Welcome to the forum @swift11 and thanks for the links. Are you affiliated with Matrix?
When you say it’s the new standard, is it your opinion or did I miss something in the news?
For me the standard in this paradigm is still xmpp (and Matrix does not support e2e encryption for the moment).
Although I am interested in different paradigms like tox that works without servers.
I understand from the presentation that the advantage of Matrix in this regard is its possible future connections to other platforms. Is there anything else from the user perspective?
I’m certainly not an expert but I’ve heard that Tox doesn’t work very well on mobile: battery problems, etc
But the main point of Matrix is that any client should be able to join the federation.
Thanks again @swift11 for the links about Nginx.
My synapse server seems running well, I can connect to it from Riot, but the federation doesn’t works. I didn’t want to touch on the Yunohost Nginx config files, fearing to break everything.
I have the feeling the Matrix servers connect to Yunohost Nginx and so the SSO, and not to Synapse, even if I set the 8448 port when connecting from Riot. Maybe I’ll find the way to exclude some port from the management of Yunhost server.
I’ll look for information and try when I have some time, but now it is more family time
Hello,
Some information on what I did to install Synapse on matrix. example.com
I have currently yunohost running on mon.example.com
I modified the DNS of example.com to send matrix.example.com to my yunohost server. I took profit to add the specific SRV Record for Matrix _matrix._tcp.matrix.example.com 3600 IN SRV 10 0 8448 matrix. example.com
I created on Yunohost an additionnal sub domain specifically for Matrix : matrix.example.com (with domain section of Yunohost), in addition of the main “subdomain” that is still mon.example.com
Install Let’s Encrypt certificate for this new sub-domain with Let’s Encrypt app of Yunohost
Install synapse server adding the debian repository
I opened the port 8448 of yunohost firewall (but not the 8008)
And that’s all.
At the end Synapse is working status says “Running”, I can connect to it (from riot.im, for instance).
Users of the same server can talk to each other but federation is not working : I can’t chat with a user of another matrix server.
Any idea what I should change to allow federation ?
I tried to install matrixtool to test my server but install with cpan App::MatrixTool failed.
Pretty cool, that sounds like it could be easily packaged into an app !
Not sure that’s a good practice to do this. LE certificates are only valid 90 days and will be renewed at some point. You might want to use a symbolic link instead (e.g. ln -s /etc/yunohost/cert/domain.tld/file.pem ./file.pem). If the program isn’t launched as root somehow, you can set the group owner to ssl-cert (which metronome is in for instance) and put your program user in the ssl-cert group.
I am looking for tools to diagnose the problem I face. I am less and less sure it is a problem of the way Yunohost handle Nginx.
I will contact people on #matrix-dev:matrix.org to have more advices…
Why do you think I should set up a proxy for the federation post ? I understood it is possible but not really encouraged.
For the LDAP, I think I will go that way on second steps, once “my matrix” is working fully.
(indeed my Internet provider is OVH so I keep the OVH DNS resolver for my server)
And miracle ! I can talk with other Matrix server ! Youpi tralala
But… it seems the /etc/resolv.conf is overwritten by Yunohost regularly so this is not a sustainable way of solving my problem.
Is there another way to change from IPV6 to IPV4 DNS resolver, waiting Matrix to handle properly IPV ?
Has this change consequence on the Yunohost server ?
As this patch doesn’t seems to for now, do you know how I can permanently change DNS resolver in Yunohost ?
This would solve my problem for the time being…
[Edit : I wrote in French indeed, sorry for that… translation below + an addition]
Waiting for the patch of the Synapse Server, a solution that allows (in my case) to have a DNS resolver working with IPV4 at DNS resolver : how to add permanently an IPV4 server?
With this change, federation works (chat, calls,…)
However, I am waiting for the confirmation of Yunohost dev that my proposed solution has no consequences on the running and the security of Yunohost server.