Enter the Matrix Install Your Own Matrix Server on Arch Linux

Home , Matrix (protocol)

Enter the Matrix Install your own Matrix server on Arch Linux

1 Who am I?

Brendan Abolivier

Software engineer @ Element Core team member @ The Matrix.org Foundation

Core committer on Synapse, the reference Matrix homeserver implementation

Matrix: @brendan:abolivier.bzh E-mail: [email protected]

2 What is Matrix?

3 Matrix is an open network for secure, decentralised real-time communication.

Interoperable chat Interoperable VoIP Open comms for VR/AR Real-time IoT data fabric

4 Mission: to create a global decentralised encrypted comms network that provides an open platform for real-time communication.

5 What do you get in the spec? • Decentralised conversation history • Group Messaging (and 1:1) • End-to-end Encryption • VoIP signalling for WebRTC • Server-side push notiﬁcation rules • Server-side search • Read receipts, Typing Notifs, Presence • Synchronised read state and unread counts • Decentralised content repository • “Account data” for users per room 6 No single party owns your conversations.

Conversations are shared over all participants.

7 The Matrix APIs

• Client-Server API • Server-Server API (a.k.a. the federation API) • Application Service API • Identity Server API

8 Matrix: Distributed Architecture

Clients

Homeservers

Application Servers

Identity Servers

9 The Client-Server API

To send a message: curl -XPOST -H 'Authorization: Bearer ACCESS_TOKEN' -d '{"msgtype":"m.text", "body":"hello"}' "https://alice.com:8448/_matrix/client/api/v1/rooms/ROOM_ID/send/m.room.message"

{ "event_id": "$YUwRidLecu" }

10 The Client-Server API

To control a Hue light: curl -XPOST –d '{\ "room": "1",\ "light": 2,\ "brightness": 0.5,\ }' "https://alice.com:8448/_matrix/client/api/v1/rooms/ROOM_ID/send/org.matri x.midi?access_token=ACCESS_TOKEN"

{ "event_id": “$ORzcZn2” }

11 Server-Server API

• Synchronises messages and room state between servers, in real-time • Can retrieve historic messages from each other • Query proﬁle and presence information about users on each other's servers

Application Services API

• Have privileged access to the server

• Can subscribe to server traﬃc to provide custom application logic

• They can masquerade as 'virtual users'.

12 Bridges

13 Telegram

Slack

IRC

Gitter Github

14 Telegram

Slack

IRC

Gitter Github

15 Bridges

• IRC • Gitter

• Discord • RocketChat

• Telegram • Email

• Slack • Mastodon

• SMS • …more

➔ https://matrix.org/bridges/

16 Building Bridges

3rd party Clients

3rd party Server Bridge

17 Typical Bridging Stack matrix-appserv matrix-appserv matrix-appserv ice- ice-slack ice-purple irc …

matrix-appservice-bridge

matrix-appservice-node

matrix-js-sdk

Node JS 18 Matrix to IRC

IRC clients

ircd (e.g. Freenode) matrix-appserv ice-irc 19 Matrix to IOT…

Parrot Bebop Drone

Janus WebRTC Gateway (from MeetEcho)

20 Ecosystem

21 Matrix Open Source Ecosystem

Other Clients:

Quaternion Nheko (Qt/C++) (Qt/C++) client-side matrix-react-sdk MatrixKit (iOS) FluﬀyChat Fractal (Flutter) (Gtk+/Rust)

matrix-android-sdk2

gomuks Thunderbird matrix-js-sdk matrix-ios-sdk (Go)

…and many many more

The Matrix Speciﬁcation (Client/Server API) server-side Synapse Application Dendrite Other Servers: (1st gen Matrix Services and Conduit (Rust), Other Services: (2nd gen Server) Bridges, Bots, Integs… Server) Bridges Construct (C++)… Clients

• Clients available for every platform ➔ https://matrix.org/clients/

• Many client-side SDKs: • Oﬃcial: JS, React, iOS, Android • Community: Go, Python, Erlang, Java, Scala, Ruby, Perl6, Lisp, Elixir, Haskell, Rust, Nintendo 3DS… ➔ https://matrix.org/sdks/

23 Homeservers

• Synapse: reference homeserver implementation from the core team • Dendrite: next generation, work in progress homeserver from the core team • Community implementations • Conduit (Rust) • Construct (C++) • …

24 Community Status

•~18.5M global visible accounts •~5.5M messages per day •~4.3M chatrooms •~45,000 federated servers •~3500 msgs/s out, ~35 msgs/s in on Matrix.org •~500 projects building on Matrix •~100 companies building on Matrix •~5 governments deploying Matrix 25 Governance

26 The Matrix.org Foundation

• Non-proﬁt Common Interest Company registered in the UK

• Neutral guardian of Matrix and its reference implementations on behalf of the entire Matrix community

➔ https://matrix.org/foundation/

27 Element

• For-proﬁt company registered in the UK, in France and in the US • Founded by the creators of Matrix • Employs most of the Matrix core team to enable them to work on Matrix as their day job • All of the work done by Element employees on the spec and reference implementations are donated to the foundation • Doesn’t hold a majority in the foundation’s leadership • Builds commercial services on top of Matrix

28 Let’s install a homeserver!

29 Wait, what’s a homeserver?

30 Three types of Matrix servers

• Identity server

• Application service

• Homeserver

31 What’s a homeserver?

• It’s the “home” of a Matrix account • Implements the Client-Server API • Implements the federation API • Clients connect to it to send and receive messages • Other homeservers connect to it to send and receive messages

32 Synapse: the reference implementation

33 The plan

• Install Synapse using the oﬃcial Arch Linux repo sudo pacman -S matrix-synapse

• Conﬁgure Synapse

• Install and conﬁgure a reverse proxy (Caddy)

34 Let’s do this!

35 Database

• By default, Synapse uses SQLite

• PostgreSQL is recommended for production

➔ https://github.com/matrix-org/synapse/blob/master/docs/postgres.md

36 Federation and TLS

• Before Matrix 1.0 (June 2019), Matrix was using “perspectives” to validate TLS on federation

• From Matrix 1.0, a valid TLS certiﬁcate is required

• Easiest done through a reverse proxy

37 ACME support

• Uses Twisted’s txacme library

• Currently only supports ACME v1, which is being turned oﬀ by Let’s Encrypt

• Work in progress on Twisted’s side to support ACME v2, but progress is slow

38 Reverse proxy

• Reverse proxy the localhost listener on port 8008

• This demo was using Caddy because of automatic TLS, but other options work

➔ https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md

39 Let’s do this!

40 Going further

41 Workers

• Synapse is written in Python ➔ 1 process = 1 CPU core

• Main process + workers that handle part of the main process’s workload

• Communication between processes through Redis

• Example: Syncing with synchrotrons

➔ https://github.com/matrix-org/synapse/blob/master/docs/workers.md

42 Delegation

• Allows the homeserver for example.com to be hosted at, e.g. matrix.example.com

• Also allows the federation port to be something else than the default (8448)

• Usually done with a JSON ﬁle at a .well-known URL on the delegating domain (example.com in our example)

43 Delegation

https://example.com/.well-known/matrix/server

{ "m.server": "matrix.example.com:443" }

44 TURN (VoIP)

➔ https://github.com/matrix-org/synapse/blob/master/docs/turn-howto.md

Metrics (Prometheus + Grafana)

➔ https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.md

45 Thank You!

@brendan:abolivier.bzh [email protected] @matrixdotorg 46