Jail: matrix
one time
zfs create ship/matrix
create jail
export JAIL=matrix
export JAILHOSTNAME=matrix
export JAILDOMAIN=ahlawat.com
export JAILIP=60
export JAILUSER=X
export JAILUSERID=1000
export JAILUSERVNC=false

/root/FreeBSD/jails/create.sh $JAIL $JAILHOSTNAME $JAILDOMAIN $JAILIP $JAILUSER $JAILUSERID $JAILUSERVNC

iocage exec $JAIL "mkdir /data"
iocage fstab -a $JAIL /mnt/ship/$JAIL /data nullfs rw 0 0
iocage fstab -l $JAIL

iocage exec $JAIL "pkg install -y rust py39-matrix-synapse py39-matrix-synapse-ldap3 element-web nginx"
# pip also updates 
# pip install --upgrade matrix-synapse matrix-synapse-ldap3

iocage exec $JAIL "mkdir /data/media_store"
iocage exec $JAIL "mkdir /data/uploads"
iocage exec $JAIL "chown -R synapse:synapse /data"

iocage exec $JAIL "sysrc synapse_enable=YES"
iocage exec $JAIL "cp -f /mnt/config/secret/homeserver.yaml /usr/local/etc/matrix-synapse/"
iocage exec $JAIL "cp -f /mnt/config/secret/matrix.ahlawat.com.signing.key /usr/local/etc/matrix-synapse/"
iocage exec $JAIL "cp -f /mnt/config/matrix.ahlawat.com.log.config /usr/local/etc/matrix-synapse/"
iocage exec $JAIL "cp -f /mnt/config/nginx.conf /usr/local/etc/nginx/"
iocage exec $JAIL "cp -f /mnt/config/config.json /usr/local/www/element/"

iocage exec $JAIL "service synapse start"
iocage exec $JAIL "service nginx start"

iocage exec $JAIL "mkdir -p /usr/local/www/element/.well-known/matrix"

iocage console $JAIL
echo '{ "m.server": "matrix.ahlawat.com:8448" }' > /usr/local/www/riot/.well-known/matrix/server
Notes:
Configuring Synapse:

matrix ~ # /usr/local/bin/python3.7 -B -m synapse.app.homeserver -c /usr/local/etc/matrix-synapse/homeserver.yaml --generate-config -H matrix.ahlawat.com --report-stats no
Generating config file /usr/local/etc/matrix-synapse/homeserver.yaml
Generating log config file /usr/local/etc/matrix-synapse/matrix.ahlawat.com.log.config which will log to /root/homeserver.log
Generating signing key file /usr/local/etc/matrix-synapse/matrix.ahlawat.com.signing.key
A config file has been generated in '/usr/local/etc/matrix-synapse/homeserver.yaml' for server name 'matrix.ahlawat.com'. Please review this file and customise it to your needs.
matrix ~ #

Please note that you will still need to manually configure paths to log directory, database, and media storage with this method.

matrix ~ # register_new_matrix_user -c homeserver.yaml http://localhost:8008


Open ports on pfSense
${fwcmd} add pass tcp from any to me 8448 setup         # MATRIX

Open ports on pfSense to TURN on proxy jail
${fwcmd} add pass tcp from any to me 3478 setup         # TURN
${fwcmd} add pass udp from any to me 3478 keep-state    # TURN
${fwcmd} add pass tcp from any to me 5349 setup         # TURN TLS
${fwcmd} add pass udp from any to me 5349 keep-state    # TURN TLS


on web jail:
mkdir -p /usr/local/www/apache24/data/.well-known/matrix
echo '{ "m.server": "matrix.ahlawat.com:8448" }' > /usr/local/www/apache24/data/.well-known/matrix/server

on dns jail:
add SRV record to ahlawat.com.db file
_matrix._tcp.ahlawat.com. 300 IN SRV 10 5 8448 matrix.ahlawat.com.
Showcased here is a capital and operational cost effective approach, using minimal server and networking hardware with multiple virtualized applications for Home and Business. This solution template can be easily scaled out and adapted for larger Enterprise deployments.
drop by the diyIT Matrix public room at #diyit:matrix.ahlawat.com
if you have any IT questions/feedback or to request pro bono consulting for a nonprofit

message me privately at @sharad:matrix.ahlawat.com
or email me at - sharad@ahlawat.com - pgpkey: 68DD6B89
Networking and Security Technologist.
EngineerĀ andĀ an avid Programmer.

https://sharad.ahlawat.com
strive to learn and pass on the knowledge to the next generation
one day humanity will understand the meaning of life and hopefully it will be more than ASCII 42 = "*" regex for whatever you want it to be,
and destiny is more than just a roll of a pair of dice with 42 dots (Lets nail down Quantum Entanglement)

May you Live Long (Intelligently) and Prosper and work on technology that matters.
© 2024 Sharad Ahlawat

No personal identifying data is collected or any form of analytics/metrics reported to a third-party by this website.