postgresql

前期操作见 PostgreSQL

# sudo -u postgres createuser -P dendrite_user
# sudo -u postgres createdb -O dendrite_suer matrix_db

创建 matrix_db

安装

$ yay -S dendrite

配置

生成配置

$ cd /etc/dendrite
$ dendrite-generate-config -db 'postgres://<POSTGRES_USER>:<POSTGRES_USER_PASSWD>@localhost/<DB_BANE>?sslmode=disable' -server <SERVER_DOMAIN> >config.yaml

生成 matrix key

$ cd /var/lib/dendrite
# sudo -u dendrite dendrite-generate-keys --private-key matrix_key.pem

修改config.yaml中的matrix_key.pem/var/lib/dendrite/matrix_key.pem 生成 dhparams key

$ openssl  dhparam -out  /etc/letsencrypt/dhparams.pem 2048

根据 https://federationtester.matrix.org/ 生成的 json 编辑 config.yaml 中的 key_perspectives: 创建用户

$ cd /etc/dendrite
$ dendrite-create-account --config config.yaml -username <USER_NAME> -password <PASSWORD> -admin

nginx

upstream monolith{
    server 127.0.0.1:8008;
}
server {
    listen 443 ssl; # IPv4
    listen [::]:443 ssl; # IPv6
    server_name SERVER_DOMAIN;


    proxy_set_header Host      $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_read_timeout         600;

    location /.well-known/matrix/server {
        return 200 '{ "m.server": "SERVER_DOMAIN:443" }';
    }

    location /.well-known/matrix/client {
        # If your sever_name here doesn't match your matrix homeserver URL
        # (e.g. hostname.com as server_name and matrix.hostname.com as homeserver URL)
        # add_header Access-Control-Allow-Origin '*';
        return 200 '{ "m.homeserver": { "base_url": "https://SERVER_DOMAIN" } }';
    }

    location /_matrix {
    proxy_pass http://monolith;
    }

    ssl_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/DOMAIN/privkey.pem; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/dhparams.pem;
}

启动

# systemctl start dendrite
# systemctl enable dendite