Install Matrix Server with Synapse + Element on NAT VPS

NATVPS.id – Matrix is ​​a communications protocol standard real-time ones designed to provide a secure and decentralized communications infrastructure. Matrix is ​​used as a protocol chatallows users to exchange messages, participate in group chats, share files, and collaborate across platforms and services.

We can-host our own Matrix server to run server chat personal. One of the Matrix-based servers is Synapse, which can then be used with applications client like Elements.

This article discusses the steps for installing a Matrix server with Synapse on a NAT VPS. This article uses Ubuntu 22.04 as a reference, but you can use other distributions as long as they are supported by Synapse.

Port Forwarding Configuration

Considering we are using NAT, we need to add 2 port forwarding configurations on the Virtualizor panel (or other VPS panel according to provider), ie HTTP and HTTPS port forwarding for the Synapse domain.

For example, this article will use domains matrix.tutorial.mdinata.my.id for Synapse. You are free to change the domain according to your choice. Note this domain, because we will use it again in the installation process.

Don’t forget to add a DNS record that goes to your VPS’ NAT public IP, like this:

If you are confused, please read our article regarding domain forwarding here: Explanation of Domain Forwarding in NAT VPS.

Install Synapse

Synapse can be downloaded via its official repository.

First, add the shared repository key signing Matrix:

wget -O /usr/share/keyrings/matrix-org-archive-keyring.gpg \
    
echo "deb [signed-by=/usr/share/keyrings/matrix-org-archive-keyring.gpg] \
     $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/matrix-org.list
apt update

Then, install Synapse with:

apt install matrix-synapse-py3 -y

You will be asked to fill in the server name (The server name). Please fill in the domain you use for Synapse, for example: matrix.tutorial.mdinata.my.id.

Wait until the installation is complete. To check whether Synapse was installed successfully, use command:

systemctl status matrix-synapse

Synapse configuration

Before using Synapse, we need to create 1 user to log in via client (like Element). To be able to create userwe need to create a secret key First.

Entering command follow toproduce secret key 32 characters long:

cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1

Then, open the file /etc/matrix-synapse/homeserver.yamluse text editor like Nano:

apt install nano -y # Jika belum
nano /etc/matrix-synapse/homeserver.yaml

Then, on the bottom row, add registration_shared_secret which contain secret key previously.

Finally, restart the Synapse server by:

systemctl restart matrix-synapse

Adding a New User in Synapse

Entering command following to add a new user:

register_new_matrix_user -c /etc/matrix-synapse/homeserver.yaml

You will be given some input:

• New user local section: Your usernameexample: Ndra
• Password: The password you will use to log in
• Make admin: Yes (new user as Admin)

NGINX (Reverse Proxy) Configuration

Synapse requires an encrypted connection using HTTPS for security reasons. So that we can access URLs with HTTPS via domains such as https://matrix.tutorial.mdinata.my.idwe can use reverse proxy like NGINX.

First, install NGINX via command:

# Hapus Apache2 dan pendukungnya (biasanya terpasang secara bawaan di VPS OpenVZ)
apt purge apache2* -y

# Install NGINX
apt install nginx -y

Create a new host configuration specifically for Synapse:

nano /etc/nginx/sites-available/synapse

Then paste the following configuration:

# 
server {
    listen 80;
    listen [::]:80;
    server_name matrix.tutorial.mdinata.my.id;

    # Allow large request bodies (important for media uploads)
    client_max_body_size 50M;

    # Federation API (for other servers)
    location /_matrix/federation/ {
        proxy_pass 
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $remote_addr;
    }

    # Client APIs (for Element and clients)
    location /_matrix/ {
        proxy_pass 
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $remote_addr;
    }
}

Change matrix.tutorial.mdinata.my.id with your domain.

Activate the configuration by:

ln -sf /etc/nginx/sites-available/synapse /etc/nginx/sites-enabled/

# Restart NGINX
systemctl restart nginx

Generate SSL Certificate (Let’s Encrypt)

In order for our domain to be accessible via HTTPS, we need to create an SSL certificate. We can use a free SSL certificate from Let’s Encrypt via Certbot.

Install Certbot and its NGINX plugin use the command:

apt install python3-certbot python3-certbot-nginx

So, produce certificate via Certbot with command

certbot --nginx -d matrix.tutorial.mdinata.my.id

Change matrix.tutorial.mdinata.my.id with your domain.

Happy! The Synapse server can currently be accessed via a secure HTTPS connection.

Enter Synapse via Elements

To use Matrix, you can use an app like Element, which is available as a mobile app, PC, and Web client. This tutorial will use Element Web as an example.

Open https://app.element.iothen active Home serverclick Edit.

Then enter your Synapse server address.

Finally, log in using the credentials you created earlier.

Congratulations, you have successfully logged in to your private Matrix server.

Cover

That’s it for this article about the steps to install a Matrix server with Synapse on a NAT VPS.

If you are confused or in doubt, don’t hesitate to ask in the Telegram group @IPv6Indonesia. Thank You!