Enter the Matrix Install your own Matrix server on Arch Linux 1 Who am I? Brendan Abolivier Software engineer @ Element Core team member @ The Matrix.org Foundation Core committer on Synapse, the reference Matrix homeserver implementation Matrix: @brendan:abolivier.bzh E-mail: [email protected] 2 What is Matrix? 3 Matrix is an open network for secure, decentralised real-time communication. Interoperable chat Interoperable VoIP Open comms for VR/AR Real-time IoT data fabric 4 Mission: to create a global decentralised encrypted comms network that provides an open platform for real-time communication. 5 What do you get in the spec? • Decentralised conversation history • Group Messaging (and 1:1) • End-to-end Encryption • VoIP signalling for WebRTC • Server-side push notification rules • Server-side search • Read receipts, Typing Notifs, Presence • Synchronised read state and unread counts • Decentralised content repository • “Account data” for users per room 6 No single party owns your conversations. Conversations are shared over all participants. 7 The Matrix APIs • Client-Server API • Server-Server API (a.k.a. the federation API) • Application Service API • Identity Server API 8 Matrix: Distributed Architecture Clients Homeservers Application Servers Identity Servers 9 The Client-Server API To send a message: curl -XPOST -H 'Authorization: Bearer ACCESS_TOKEN' -d '{"msgtype":"m.text", "body":"hello"}' "https://alice.com:8448/_matrix/client/api/v1/rooms/ROOM_ID/send/m.room.message" { "event_id": "$YUwRidLecu" } 10 The Client-Server API To control a Hue light: curl -XPOST –d '{\ "room": "1",\ "light": 2,\ "brightness": 0.5,\ }' "https://alice.com:8448/_matrix/client/api/v1/rooms/ROOM_ID/send/org.matri x.midi?access_token=ACCESS_TOKEN" { "event_id": “$ORzcZn2” } 11 Server-Server API • Synchronises messages and room state between servers, in real-time • Can retrieve historic messages from each other • Query profile and presence information about users on each other's servers Application Services API • Have privileged access to the server • Can subscribe to server traffic to provide custom application logic • They can masquerade as 'virtual users'. 12 Bridges 13 Telegram Slack IRC Gitter Github 14 Telegram Slack IRC Gitter Github 15 Bridges • IRC • Gitter • Discord • RocketChat • Telegram • Email • Slack • Mastodon • SMS • …more ➔ https://matrix.org/bridges/ 16 Building Bridges 3rd party Clients 3rd party Server Bridge 17 Typical Bridging Stack matrix-appserv matrix-appserv matrix-appserv ice- ice-slack ice-purple irc … matrix-appservice-bridge matrix-appservice-node matrix-js-sdk Node JS 18 Matrix to IRC IRC clients ircd (e.g. Freenode) matrix-appserv ice-irc 19 Matrix to IOT… Parrot Bebop Drone Janus WebRTC Gateway (from MeetEcho) 20 Ecosystem 21 Matrix Open Source Ecosystem Other Clients: Quaternion Nheko (Qt/C++) (Qt/C++) client-side matrix-react-sdk MatrixKit (iOS) FluffyChat Fractal (Flutter) (Gtk+/Rust) matrix-android-sdk2 gomuks Thunderbird matrix-js-sdk matrix-ios-sdk (Go) …and many many more The Matrix Specification (Client/Server API) server-side Synapse Application Dendrite Other Servers: (1st gen Matrix Services and Conduit (Rust), Other Services: (2nd gen Server) Bridges, Bots, Integs… Server) Bridges Construct (C++)… Clients • Clients available for every platform ➔ https://matrix.org/clients/ • Many client-side SDKs: • Official: JS, React, iOS, Android • Community: Go, Python, Erlang, Java, Scala, Ruby, Perl6, Lisp, Elixir, Haskell, Rust, Nintendo 3DS… ➔ https://matrix.org/sdks/ 23 Homeservers • Synapse: reference homeserver implementation from the core team • Dendrite: next generation, work in progress homeserver from the core team • Community implementations • Conduit (Rust) • Construct (C++) • … 24 Community Status •~18.5M global visible accounts •~5.5M messages per day •~4.3M chatrooms •~45,000 federated servers •~3500 msgs/s out, ~35 msgs/s in on Matrix.org •~500 projects building on Matrix •~100 companies building on Matrix •~5 governments deploying Matrix 25 Governance 26 The Matrix.org Foundation • Non-profit Common Interest Company registered in the UK • Neutral guardian of Matrix and its reference implementations on behalf of the entire Matrix community ➔ https://matrix.org/foundation/ 27 Element • For-profit company registered in the UK, in France and in the US • Founded by the creators of Matrix • Employs most of the Matrix core team to enable them to work on Matrix as their day job • All of the work done by Element employees on the spec and reference implementations are donated to the foundation • Doesn’t hold a majority in the foundation’s leadership • Builds commercial services on top of Matrix 28 Let’s install a homeserver! 29 Wait, what’s a homeserver? 30 Three types of Matrix servers • Identity server • Application service • Homeserver 31 What’s a homeserver? • It’s the “home” of a Matrix account • Implements the Client-Server API • Implements the federation API • Clients connect to it to send and receive messages • Other homeservers connect to it to send and receive messages 32 Synapse: the reference implementation 33 The plan • Install Synapse using the official Arch Linux repo sudo pacman -S matrix-synapse • Configure Synapse • Install and configure a reverse proxy (Caddy) 34 Let’s do this! 35 Database • By default, Synapse uses SQLite • PostgreSQL is recommended for production ➔ https://github.com/matrix-org/synapse/blob/master/docs/postgres.md 36 Federation and TLS • Before Matrix 1.0 (June 2019), Matrix was using “perspectives” to validate TLS on federation • From Matrix 1.0, a valid TLS certificate is required • Easiest done through a reverse proxy 37 ACME support • Uses Twisted’s txacme library • Currently only supports ACME v1, which is being turned off by Let’s Encrypt • Work in progress on Twisted’s side to support ACME v2, but progress is slow 38 Reverse proxy • Reverse proxy the localhost listener on port 8008 • This demo was using Caddy because of automatic TLS, but other options work ➔ https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md 39 Let’s do this! 40 Going further 41 Workers • Synapse is written in Python ➔ 1 process = 1 CPU core • Main process + workers that handle part of the main process’s workload • Communication between processes through Redis • Example: Syncing with synchrotrons ➔ https://github.com/matrix-org/synapse/blob/master/docs/workers.md 42 Delegation • Allows the homeserver for example.com to be hosted at, e.g. matrix.example.com • Also allows the federation port to be something else than the default (8448) • Usually done with a JSON file at a .well-known URL on the delegating domain (example.com in our example) 43 Delegation https://example.com/.well-known/matrix/server { "m.server": "matrix.example.com:443" } 44 TURN (VoIP) ➔ https://github.com/matrix-org/synapse/blob/master/docs/turn-howto.md Metrics (Prometheus + Grafana) ➔ https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.md 45 Thank You! @brendan:abolivier.bzh [email protected] @matrixdotorg 46.