How to set the image matrixdotorg/synapse in Docker on Synology?

[one-eyed-king]

So if your saying I could install it on docker syno without a problem for my existing postgres database and it wouldn’t affect anything?

The docker-compose stack will bring it's own database, which is only reachable from within the private container network. Just make sure to set the POSTGRES_VOLUME_HOST_PATH to a "fresh" folder.

Clone the folder in whatever folder you want I would suggest somewhere in /volume1/docker/, this will allow to edit the config file with a decent editor accessed thru a remote share. My user is in the docker group, so I run the last command without sudo, If yours is not, then you will want to add sudo to the ./run.sh up -d as well.

 

[BobW]

The docker-compose stack will bring it's own database, which is only reachable from within the private container network. Just make sure to set the POSTGRES_VOLUME_HOST_PATH to a "fresh" folder.

Clone the folder in whatever folder you want I would suggest somewhere in /volume1/docker/, this will allow to edit the config file with a decent editor accessed thru a remote share. My user is in the docker group, so I run the last command without sudo, If yours is not, then you will want to add sudo to the ./run.sh up -d as well.

So I finally manage to install everything (except web element) on my VM Docker and it’s working fine!

Ehmm I was wondering did you mana to get bridges to work with synapse e.g. Signal app?
Found this Bridge setup with Docker - mautrix-bridges but it doesn’t make any sense to me (yet). My knowledge of programming is still that of a learner

Any help would be welcome

 

[one-eyed-king]

Ehmm I was wondering did you mana to get bridges to work with synapse e.g. Signal app?

The bridges kind of made my shy away from Matrix... I started to integrate Mautrix-Whatsapp, then I moved houses in town two weeks ago and didn't realy follow up on the bridges. I still have plenty moving boxes to unpack...

Matrix kind of feels like a garage-shop to me. It may be many things, but it's definitly not a polished enduser friendy piece of software.

 

[one-eyed-king]

My knowledge of programming is still that of a learner

You don't need any progamming skills to setup bridges. Wiring all bits and pieces together in Matrix/Synapse and all the bridges is a pure configuration task. ... though, the hard part is that is needs context knowledge to understand what to configure how.

I myself am far away from having fully grasped how the adapter integration works.

First rule of automation: you need to know exactly what you want to automate and how to automate it. I am not there yet, when it commes to the bridges

 

[BobW]

You don't need any progamming skills to setup bridges. Wiring all bits and pieces together in Matrix/Synapse and all the bridges is a pure configuration task. ... though, the hard part is that is needs context knowledge to understand what to configure how.

I myself am far away from having fully grasped how the adapter integration works.

First rule of automation: you need to know exactly what you want to automate and how to automate it. I am not there yet, when it commes to the bridges

Yes you are right I am far from that point. But I do enjoy trying and learning.

But for now I'm fine with synapse working just in combination with the various clients (mobile and desktop). I will test this for the time being.

Just another question I see this in my log:
Do you have any idea what it means and how I can fix it?

2021-03-21 10:54:09,994 - synapse.http.server - 657 - WARNING - GET-1362 - Not sending response to request <XForwardedForRequest at 0x7fc72c3f1af0 method='GET' uri='/_matrix/client/r0/sync?filter=0&since=s218_335_58_109_234_1_64_45_1&timeout=30000' clientproto='HTTP/1.1' site='8008'>,

 

[one-eyed-king]

Did you bootstrap Matrix on your Syno, or do you realy run it inside a vm?

If it's the later case, are you running nginx with the reverse proxy configurations my script creates?
It adds two static configured endpoints which are required for federation amongst matrix servers.

 

[BobW]

Did you bootstrap Matrix on your Syno, or do you realy run it inside a vm?

If it's the later case, are you running nginx with the reverse proxy configurations my script creates?
It adds two static configured endpoints which are required for federation amongst matrix servers.

For now I'm running all my Docker containers inside a VM, because of the Synology kernel bug my syno is affected with.
I have setup the reverse proxy using the syno GUI like this:

 

[one-eyed-king]

Please copy the reverse proxy configuration my script creates and copy in same location on your dsm. Then modify the location parameter to point to your vm:port for synapse.

This whole docker bug makes me think, If I should delete the whole github project again (think)

 

[BobW]

Please copy the reverse proxy configuration my script creates and copy in same location on your dsm. Then modify the location parameter to point to your vm:port for synapse.

This whole docker bug makes me think, If I should delete the whole github project again (think)

I found this file in your bootstrap folder nginx-synapse.conf
But How do I alter it to fit my Docker VM needs? I don't understand any of it and Where do I place the file?

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;

  server_name ${SYNAPSE_REVERSE_PROXY_SERVER_NAME};
  ssl_certificate  ${SYNAPSE_NGINX_FULLCHAIN};
  ssl_certificate_key ${SYNAPSE_NGINX_PRIVKEY};
  add_header Strict-Transport-Security \"max-age=15768000; includeSubdomains; preload\" always;

  location / {

    proxy_connect_timeout 600;
    proxy_read_timeout 600;
    proxy_send_timeout 600;
    proxy_intercept_errors off;
    proxy_http_version 1.1;
    proxy_set_header Upgrade \$http_upgrade;
    proxy_set_header Connection \$connection_upgrade;
    proxy_set_header X-Forwarded-For \$remote_addr;
    proxy_set_header Host \$http_host;
    proxy_set_header X-Real-IP \$remote_addr;
    proxy_set_header X-Forwarded-Proto \$scheme;

    client_max_body_size ${SYNAPSE_MAX_UPLOAD_SIDE};
    proxy_pass http://localhost:${SYNAPSE_HOST_PORT_HTTP};
  }

  location ~* ^(\/_matrix|\/_synapse\/client) {

    proxy_connect_timeout 600;
    proxy_read_timeout 600;
    proxy_send_timeout 600;
    proxy_intercept_errors off;
    proxy_http_version 1.1;
    proxy_set_header Upgrade \$http_upgrade;
    proxy_set_header Connection \"Upgrade\";
    proxy_set_header X-Forwarded-For \$remote_addr;
    proxy_set_header Host \$http_host;
    proxy_set_header X-Real-IP \$remote_addr;
    proxy_set_header X-Forwarded-Proto \$scheme;

    client_max_body_size ${SYNAPSE_MAX_UPLOAD_SIDE};
    proxy_pass http://localhost:${SYNAPSE_HOST_PORT_HTTP};

  }

  location /.well-known/matrix/client {
    return 200 '{\"m.homeserver\": {\"base_url\": \"${SYNAPSE_PUBLIC_BASEURL}\"}}';
    add_header Content-Type application/json;
    add_header Access-Control-Allow-Origin *;
  }

  location /.well-known/matrix/server {
    return 200 '{\"m.server\": \"${SYNAPSE_SERVER_NAME}\"}';
    add_header Content-Type application/json;
    add_header Access-Control-Allow-Origin *;
  }

  error_page 403 404 500 502 503 504 @error_page;

  location @error_page {
    root /usr/syno/share/nginx;
    rewrite (.*) /error.html break;
    allow all;
  }
}

 

[BobW]

I have tried to edit your file to fit my needs, do you think this is the correct way? And if yes where do I place this file?

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;

  server_name matrix.mydomain.com;
  ssl_certificate  /usr/syno/etc/certificate/ReverseProxy/64632b24-51ea-470a-8c1a-1c345cd5ad44/fullchain.pem;
  ssl_certificate_key /usr/syno/etc/certificate/ReverseProxy/64632b24-51ea-470a-8c1a-1c345cd5ad44/privkey.pem;
  add_header Strict-Transport-Security \"max-age=15768000; includeSubdomains; preload\" always;

  location / {

    proxy_connect_timeout 600;
    proxy_read_timeout 600;
    proxy_send_timeout 600;
    proxy_intercept_errors off;
    proxy_http_version 1.1;
    proxy_set_header Upgrade \$http_upgrade;
    proxy_set_header Connection \$connection_upgrade;
    proxy_set_header X-Forwarded-For \$remote_addr;
    proxy_set_header Host \$http_host;
    proxy_set_header X-Real-IP \$remote_addr;
    proxy_set_header X-Forwarded-Proto \$scheme;

    client_max_body_size 50M;
    proxy_pass http://192.168.178.120:8008;
  }

  location ~* ^(\/_matrix|\/_synapse\/client) {

    proxy_connect_timeout 600;
    proxy_read_timeout 600;
    proxy_send_timeout 600;
    proxy_intercept_errors off;
    proxy_http_version 1.1;
    proxy_set_header Upgrade \$http_upgrade;
    proxy_set_header Connection \"Upgrade\";
    proxy_set_header X-Forwarded-For \$remote_addr;
    proxy_set_header Host \$http_host;
    proxy_set_header X-Real-IP \$remote_addr;
    proxy_set_header X-Forwarded-Proto \$scheme;

    client_max_body_size 50M;
    proxy_pass http://192.168.178.120:8008;

  }

  location /.well-known/matrix/client {
    return 200 '{\"m.homeserver\": {\"base_url\": \"https://matrix.mydomain.com/\"}}';
    add_header Content-Type application/json;
    add_header Access-Control-Allow-Origin *;
  }

  location /.well-known/matrix/server {
    return 200 '{\"m.server\": \"mydomain.com\"}';
    add_header Content-Type application/json;
    add_header Access-Control-Allow-Origin *;
  }

  error_page 403 404 500 502 503 504 @error_page;

  location @error_page {
    root /usr/syno/share/nginx;
    rewrite (.*) /error.html break;
    allow all;
  }
}

 

[one-eyed-king]

Instead of butchering things, please modify the run.sh for your needs to get the proper outcome. None of the template files are valid configuration files as they include escaped characters or conditions that are not supposed to be in the config.

 

[one-eyed-king]

You will need to replace all occoureances of \" with ". Those " are escaped due the way the templating works.

Though, you realy put me in a hard position and ask me to support you with my script in an environment it was not ment to be used in. We are fighting problems introduced by not running the script in the environment it is designed for. Honestly, this was not what I had in mind when creating the bootstrap project.

Any ERROR during the prepare step means that the configuration is incomplete/broken. The prepare step can never succeed anywhere else then on a Synology DS, unless you mimic the folders from the DS it expects.

 

[BobW]

You will need to replace all occoureances of \" with ". Those " are escaped due the way the templating works.

Though, you realy put me in a hard position and ask me to support you with my script in an environment it was not ment to be used in. We are fighting problems introduced by not running the script in the environment it is designed for. Honestly, this was not what I had in mind when creating the bootstrap project.

Any ERROR during the prepare step means that the configuration is incomplete/broken. The prepare step can never succeed anywhere else then on a Synology DS, unless you mimic the folders from the DS it expects.

Well I think modifying the run script is beyond my knowledge. I have too little knowledge and experience with that.

For the record I did not use your script or bootstrap to install matrix inside docker VM, I did everything according to the CLi command steps described here on the github page:matrix-org/synapse .
I just used your files as reference to check how to set it up Matrix for docker VM, because a lot of it matches.

Don't worry about support, I only asked these things because I assumed you might have more experience with it. I'll figure out how to fix it further.

 

[one-eyed-king]

Ah! Now everything makes more sense. using my scripts and the template to match steps is actualy a good idea, as you will need to perform the same things. Just search for every occourance of ${ - it will show where I used variables to inject information.

Whenever something is escapped with a \ in a template file, it means that the next character is ment to be preserved. You can simply remove the \ characters and replace the variables with the real values. If I remember right I only had to escape " . ` and $ characters in the template files.

Honestly, I just picked up a tutorial in the german syno forum and turned it into a script and added all necessary things to make it fly.

 

[BackedUpBooty]

@one-eyed-king I found this thread kind of by accident, but loving the docker-matrix-bootstrap you created. the one thing I'm having a little difficulty with is a turn server for VoIP. I've found a fair amount of stuff to look through in the homeserver.yaml, including the ## TURN ## area, but I've not been able to find a turn docker image which works for me (tried instrumentisto/coturn which I thought I got sorted but now keeps giving auth errors, and the spreed/turnserver images). Do you happen to have any suggestions? The rest of the features built into element all work great!

 

[one-eyed-king]

Glad that it helped to get you started.
I gave up on Matrix. It's not polished enough for my taste and some of the bridges use chrome under the hood to scrape message content... While the server itself is efficient with ressources, many bridges are not.

 

[BackedUpBooty]

Fair enough. If you don't mind me asking, what's your current matrix replacement or setup of choice?

 

[one-eyed-king]

Last months I have to buisy to follow up on it. I am not sure whether there is an alternative.

I have seen that an ansible Playbook with role support for each and every bridge exists: spantaleev/matrix-docker-ansible-deploy, but skipped it. It made me figure out how to run ansible playbooks on Synoloy with ansible containers and then finaly create docker-matrix-bootstrap to keep things simple.

 

[cksit]

Last months I have to buisy to follow up on it. I am not sure whether there is an alternative.

I have seen that an ansible Playbook with role support for each and every bridge exists: spantaleev/matrix-docker-ansible-deploy, but skipped it. It made me figure out how to run ansible playbooks on Synoloy with ansible containers and then finaly create docker-matrix-bootstrap to keep things simple.

Is it possible to follow the installation guide of "matrix-docker-ansible-doploy" in Synology? Are they compatible?

 

[one-eyed-king]

Could you elaborate more on that question? What do you mean by "Are they compatible"?