Repository files navigation

Matrix is an ambitious new ecosystem for open federated Instant Messaging andVoIP. The basics you need to know to get up and running are:

• Everything in Matrix happens in a room. Rooms are distributed and do notexist on any single server. Rooms can be located using convenience aliaseslike#matrix:matrix.org or#test:localhost:8448.
• Matrix user IDs look like@matthew:matrix.org (although in the futureyou will normally refer to yourself and others using a third party identifier(3PID): email address, phone number, etc rather than manipulating Matrix user IDs)

The overall architecture is:

client <----> homeserver <=====================> homeserver <----> client       https://somewhere.org/_matrix      https://elsewhere.net/_matrix

#matrix:matrix.org is the official support room for Matrix, and can beaccessed by any client fromhttps://matrix.org/docs/projects/try-matrix-now.html orvia IRC bridge at irc://irc.freenode.net/matrix.

Synapse is currently in rapid development, but as of version 0.5 we believe itis sufficiently stable to be run as an internet-facing service for real usage!

Matrix specifies a set of pragmatic RESTful HTTP JSON APIs as an open standard,which handle:

• Creating and managing fully distributed chat rooms with nosingle points of control or failure
• Eventually-consistent cryptographically secure synchronisation of roomstate across a global open network of federated servers and services
• Sending and receiving extensible messages in a room with (optional)end-to-end encryption
• Inviting, joining, leaving, kicking, banning room members
• Managing user accounts (registration, login, logout)
• Using 3rd Party IDs (3PIDs) such as email addresses, phone numbers,Facebook accounts to authenticate, identify and discover users on Matrix.
• Placing 1:1 VoIP and Video calls

These APIs are intended to be implemented on a wide range of servers, servicesand clients, letting developers build messaging and VoIP functionality on topof the entirely open Matrix ecosystem rather than using closed or proprietarysolutions. The hope is for Matrix to act as the building blocks for a newgeneration of fully open and interoperable messaging and VoIP apps for theinternet.

Synapse is a reference "homeserver" implementation of Matrix from the coredevelopment team at matrix.org, written in Python/Twisted. It is intended toshowcase the concept of Matrix and let folks see the spec in the context of acodebase and let you run your own homeserver and generally help bootstrap theecosystem.

In Matrix, every user runs one or more Matrix clients, which connect through toa Matrix homeserver. The homeserver stores all their personal chat history anduser account information - much as a mail client connects through to anIMAP/SMTP server. Just like email, you can either run your own Matrixhomeserver and control and own your own communications and history or use onehosted by someone else (e.g. matrix.org) - there is no single point of controlor mandatory service provider in Matrix, unlike WhatsApp, Facebook, Hangouts,etc.

We'd like to invite you to join #matrix:matrix.org (viahttps://matrix.org/docs/projects/try-matrix-now.html), run a homeserver, take a lookat theMatrix spec, and experiment with theAPIs andClient SDKs.

Thanks for using Matrix!

For support installing or managing Synapse, please join#synapse:matrix.org (from a matrix.orgaccount if necessary) and ask questions there. We do not use GitHub issues forsupport requests, only for bug reports and feature requests.

• For details on how to install synapse, seeINSTALL.md.
• For specific details on how to configure Synapse for federation seedocs/federate.md

The easiest way to try out your new Synapse installation is by connecting to itfrom a web client.

Unless you are running a test instance of Synapse on your local machine, ingeneral, you will need to enable TLS support before you can successfullyconnect from a client: seeINSTALL.md#tls-certificates.

An easy way to get started is to login or register via Element athttps://app.element.io/#/login orhttps://app.element.io/#/register respectively.You will need to change the server you are logging into frommatrix.organd instead specify a Homeserver URL ofhttps://<server_name>:8448(or justhttps://<server_name> if you are using a reverse proxy).If you prefer to use another client, refer to ourclient breakdown.

If all goes well you should at least be able to log in, create a room, andstart sending messages.

By default, registration of new users via Matrix clients is disabled. To enableit, specifyenable_registration: true inhomeserver.yaml. (It is thenrecommended to also set up CAPTCHA - seedocs/CAPTCHA_SETUP.md.)

Onceenable_registration is set totrue, it is possible to register auser via a Matrix client.

Your new user name will be formed partly from theserver_name, and partlyfrom a localpart you specify when you create the account. Your name will takethe form of:

@localpart:my.domain.name

(pronounced "at localpart on my dot domain dot name").

As when logging in, you will need to specify a "Custom server". Specify yourdesiredlocalpart in the 'User name' box.

For details on having Synapse manage your federation TLS certificatesautomatically, please seedocs/ACME.md.

Matrix serves raw user generated data in some APIs - specifically thecontentrepository endpoints.

Whilst we have tried to mitigate against possible XSS attacks (e.g.matrix-org#1021) we recommend runningmatrix homeservers on a dedicated domain name, to limit any malicious user generatedcontent served to web browsers a matrix API from being able to attack webapps hostedon the same domain. This is particularly true of sharing a matrix webclient andserver on the same domain.

Seeelement-hq/element-web#1977 andhttps://developer.github.com/changes/2014-04-25-user-content-security for more details.

The instructions for upgrading synapse are inUPGRADE.rst.Please check these instructions as upgrading may require extra steps for someversions of synapse.

It is recommended to put a reverse proxy such asnginx,Apache,Caddy orHAProxy in front of Synapse. One advantage ofdoing so is that it means that you can expose the default https port (443) toMatrix clients without needing to run Synapse with root privileges.

For information on configuring one, seedocs/reverse_proxy.md.

Identity servers have the job of mapping email addresses and other 3rd PartyIDs (3PIDs) to Matrix user IDs, as well as verifying the ownership of 3PIDsbefore creating that mapping.

They are not where accounts or credentials are stored - these live on homeservers. Identity Servers are just for mapping 3rd party IDs to matrix IDs.

This process is very security-sensitive, as there is obvious risk of spam if itis too easy to sign up for Matrix accounts or harvest 3PID data. In the longerterm, we hope to create a decentralised system to manage it (matrix-doc #712), but in the meantime,the role of managing trusted identity in the Matrix ecosystem is farmed out toa cluster of known trusted ecosystem partners, who run 'Matrix IdentityServers' such asSydent, whose roleis purely to authenticate and track 3PID logins and publish end-user publickeys.

You can host your own copy of Sydent, but this will prevent you reaching otherusers in the Matrix ecosystem via their email address, and prevent them findingyou. We therefore recommend that you use one of the centralised identity serversathttps://matrix.org orhttps://vector.im for now.

To reiterate: the Identity server will only be used if you choose to associatean email address with your account, or send an invite to another user via theiremail address.

Users can reset their password through their client. Alternatively, a server admincan reset a users password using theadmin APIor by directly editing the database as shown below.

First calculate the hash of the new password:

$ ~/synapse/env/bin/hash_passwordPassword:Confirm password:$2a$12$xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Then update theusers table in the database:

UPDATE users SET password_hash='$2a$12$xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'    WHERE name='@test:test.com';

Join our developer community on Matrix:#synapse-dev:matrix.org

Before setting up a development environment for synapse, make sure you have thesystem dependencies (such as the python header files) installed - seeInstalling from source.

To check out a synapse for development, clone the git repo into a workingdirectory of your choice:

git clone https://github.com/matrix-org/synapse.gitcd synapse

Synapse has a number of external dependencies, that are easiestto install using pip and a virtualenv:

python3 -m venv ./envsource ./env/bin/activatepip install -e ".[all,test]"

This will run a process of downloading and installing all the neededdependencies into a virtual env. If any dependencies fail to install,try installing the failing modules individually:

pip install -e "module-name"

Once this is done, you may wish to run Synapse's unit tests tocheck that everything is installed correctly:

python -m twisted.trial tests

This should end with a 'PASSED' result (note that exact numbers willdiffer):

Ran 1337 tests in 716.064sPASSED (skips=15, successes=1322)

We recommend using the demo which starts 3 federated instances running on ports 8080 - 8082

./demo/start.sh

(to stop, you can use ./demo/stop.sh)

If you just want to start a single instance of the app and run it directly:

# Create the homeserver.yaml config oncepython -m synapse.app.homeserver \  --server-name my.domain.name \  --config-path homeserver.yaml \  --generate-config \  --report-stats=[yes|no]# Start the apppython -m synapse.app.homeserver --config-path homeserver.yaml

Synapse is accompanied bySyTest,a Matrix homeserver integration testing suite, which uses HTTP requests toaccess the API as a Matrix client would. It is able to run Synapse directly fromthe source tree, so installation of the server is not required.

Testing with SyTest is recommended for verifying that changes related to theClient-Server API are functioning correctly. See theinstallation instructions for details.

Need help? Join our community support room on Matrix:#synapse:matrix.org

If synapse runs out of file handles, it typically fails badly - live-lockingat 100% CPU, and/or failing to accept new TCP connections (blocking theconnecting client). Matrix currently can legitimately use a lot of file handles,thanks to busy rooms like #matrix:matrix.org containing hundreds of participatingservers. The first time a server talks in a room it will try to connectsimultaneously to all participating servers, which could exhaust the availablefile descriptors between DNS queries & HTTPS sockets, especially if DNS is slowto respond. (We need to improve the routing algorithm used to be better thanfull mesh, but as of March 2019 this hasn't happened yet).

If you hit this failure mode, we recommend increasing the maximum number ofopen file handles to be at least 4096 (assuming a default of 1024 or 256).This is typically done by editing/etc/security/limits.conf

Separately, Synapse may leak file handles if inbound HTTP requests get stuckduring processing - e.g. blocked behind a lock or talking to a remote server etc.This is best diagnosed by matching up the 'Received request' and 'Processed request'log lines and looking for any 'Processed request' lines which take more thana few seconds to execute. Please let us know at #synapse:matrix.org ifyou see this failure mode so we can help debug it, however.

First, ensure you are running the latest version of Synapse, using Python 3with a PostgreSQL database.

Synapse's architecture is quite RAM hungry currently - we deliberatelycache a lot of recent room data and metadata in RAM in order to speed upcommon requests. We'll improve this in the future, but for now the easiestway to either reduce the RAM usage (at the risk of slowing things down)is to set the almost-undocumentedSYNAPSE_CACHE_FACTOR environmentvariable. The default is 0.5, which can be decreased to reduce RAM usagein memory constrained enviroments, or increased if performance starts todegrade.

However, degraded performance due to a low cache factor, common onmachines with slow disks, often leads to explosions in memory use duebacklogged requests. In this case, reducing the cache factor will makethings worse. Instead, try increasing it drastically. 2.0 is a goodstarting value.

Usinglibjemalloc can also yield a significantimprovement in overall memory use, and especially in terms of giving backRAM to the OS. To use it, the library must simply be put in theLD_PRELOAD environment variable when launching Synapse. On Debian, thiscan be done by installing thelibjemalloc1 package and adding thisline to/etc/default/matrix-synapse:

LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libjemalloc.so.1

This can make a significant difference on Python 2.7 - it's unclear howmuch of an improvement it provides on Python 3.x.

If you're encountering high CPU use by the Synapse process itself, youmay be affected by a bug with presence tracking that leads to amassive excess of outgoing federation requests (seediscussion). If metricsindicate that your server is also issuing far more outgoing federationrequests than can be accounted for by your users' activity, this is alikely cause. The misbehavior can be worked around by settinguse_presence: false in the Synapse config file.

The typical failure mode here is that you send an invitation to someoneto join a room or direct chat, but when they go to accept it, they get anerror (typically along the lines of "Invalid signature"). They might seesomething like the following in their logs:

2019-09-11 19:32:04,271 - synapse.federation.transport.server - 288 - WARNING - GET-11752 - authenticate_request failed: 401: Invalid signature for server <server> with key ed25519:a_EqML: Unable to verify signature for <server>

This is normally caused by a misconfiguration in your reverse-proxy. Seedocs/reverse_proxy.md and double-check that your settings are correct.