2021-01-01 05:47:53 -07:00
# Deploying Conduit
2020-08-12 12:17:53 -07:00
2021-01-01 05:47:53 -07:00
## Getting help
2020-08-12 12:17:53 -07:00
2021-01-01 05:47:53 -07:00
If you run into any problems while setting up Conduit, write an email to `support@conduit.rs` , ask us in `#conduit:matrix.org` or [open an issue on GitLab ](https://gitlab.com/famedly/conduit/-/issues/new ).
2020-08-12 12:17:53 -07:00
2021-01-01 05:47:53 -07:00
## Installing Conduit
2020-08-12 12:17:53 -07:00
2021-01-01 05:47:53 -07:00
You have to download the binary that fits your machine. Run `uname -m` to see
what you need. Now copy the right url:
2020-10-20 05:18:20 -07:00
- x84_64: `https://conduit.rs/master/x86_64/conduit-bin`
- armv7: `https://conduit.rs/master/armv7/conduit-bin`
- armv8: `https://conduit.rs/master/armv8/conduit-bin`
- arm: `https://conduit.rs/master/arm/conduit-bin`
2020-08-12 12:17:53 -07:00
```bash
2021-01-11 12:28:47 -07:00
$ sudo wget -O /usr/local/bin/matrix-conduit < url >
$ sudo chmod +x /usr/local/bin/matrix-conduit
2020-08-12 12:17:53 -07:00
```
2021-04-06 05:26:47 -07:00
## Adding a conduit user
While conduit can run as any user it is usually better to use dedicated users for different services.
This also allows you to make sure that the file permissions are correctly set up.
In debian you can use this command to create a conduit user:
`sudo adduser --system conduit --no-create-home`
2020-08-12 12:17:53 -07:00
2021-01-01 05:47:53 -07:00
## Setting up a systemd service
2020-08-12 12:17:53 -07:00
2021-01-01 05:47:53 -07:00
Now we'll set up a systemd service for Conduit, so it's easy to start/stop
Conduit and set it to autostart when your server reboots. Simply paste the
2020-10-20 05:18:20 -07:00
default systemd service you can find below into
2021-01-01 05:47:53 -07:00
`/etc/systemd/system/conduit.service` .
2020-08-12 12:17:53 -07:00
```systemd
[Unit]
2021-01-01 05:47:53 -07:00
Description=Conduit Matrix Server
2020-08-12 12:17:53 -07:00
After=network.target
[Service]
2021-01-01 05:47:53 -07:00
Environment="CONDUIT_CONFIG=/etc/matrix-conduit/conduit.toml"
2021-04-06 05:26:47 -07:00
User=conduit
Group=nogroup
2020-08-12 12:17:53 -07:00
Restart=always
2021-01-01 05:47:53 -07:00
ExecStart=/usr/local/bin/matrix-conduit
2020-08-12 12:17:53 -07:00
[Install]
WantedBy=multi-user.target
```
Finally, run
```bash
$ sudo systemctl daemon-reload
```
2021-01-01 05:47:53 -07:00
## Creating the Conduit configuration file
Now we need to create the Conduit's config file in `/etc/matrix-conduit/conduit.toml` . Paste this in **and take a moment to read it. You need to change at least the server name.**
```toml
[global]
# The server_name is the name of this server. It is used as a suffix for user
# and room ids. Examples: matrix.org, conduit.rs
# The Conduit server needs to be reachable at https://your.server.name/ on port
# 443 (client-server) and 8448 (federation) OR you can create /.well-known
# files to redirect requests. See
# https://matrix.org/docs/spec/client_server/latest#get-well-known-matrix-client
# and https://matrix.org/docs/spec/server_server/r0.1.4#get-well-known-matrix-server
# for more information
# YOU NEED TO EDIT THIS
#server_name = "your.server.name"
# This is the only directory where Conduit will save its data
database_path = "/var/lib/matrix-conduit/conduit_db"
2020-08-12 12:17:53 -07:00
2021-01-01 05:47:53 -07:00
# The port Conduit will be running on. You need to set up a reverse proxy in
# your web server (e.g. apache or nginx), so all requests to /_matrix on port
# 443 and 8448 will be forwarded to the Conduit instance running on this port
port = 6167
# Max size for uploads
max_request_size = 20_000_000 # in bytes
# Disabling registration means no new users will be able to register on this server
allow_registration = false
# Disable encryption, so no new encrypted rooms can be created
# Note: existing rooms will continue to work
allow_encryption = true
allow_federation = true
#cache_capacity = 1073741824 # in bytes, 1024 * 1024 * 1024
#max_concurrent_requests = 4 # How many requests Conduit sends to other servers at the same time
#workers = 4 # default: cpu core count * 2
address = "127.0.0.1" # This makes sure Conduit can only be reached using the reverse proxy
2020-08-12 12:17:53 -07:00
```
2021-04-06 05:26:47 -07:00
## Setting the correct file permissions
As we are using a conduit specific user we need to allow it to read the config.
To do that you can run this command on debian:
`sudo chown -R conduit:nogroup /etc/matrix-conduit`
If you use the default database path you also need to run this. (It might be that you first need to create that folder):
`sudo chown -R conduit:nogroup /var/lib/matrix-conduit/conduit_db`
2020-08-12 12:17:53 -07:00
2021-01-01 05:47:53 -07:00
## Setting up the Reverse Proxy
2020-08-12 12:17:53 -07:00
2021-01-01 05:47:53 -07:00
This depends on whether you use Apache, Nginx or another web server.
### Apache
Create `/etc/apache2/sites-enabled/050-conduit.conf` and copy-and-paste this:
```
Listen 8448
< VirtualHost *:443 * :8448 >
ServerName your.server.name # EDIT THIS
2020-08-12 12:17:53 -07:00
AllowEncodedSlashes NoDecode
2021-01-01 05:47:53 -07:00
ProxyPass /_matrix/ http://localhost:6167/
ProxyPassReverse /_matrix/ http://localhost:6167/
2020-08-12 12:17:53 -07:00
Include /etc/letsencrypt/options-ssl-apache.conf
2021-01-01 05:47:53 -07:00
SSLCertificateFile /etc/letsencrypt/live/your.server.name/fullchain.pem # EDIT THIS
SSLCertificateKeyFile /etc/letsencrypt/live/your.server.name/privkey.pem # EDIT THIS
2020-08-12 12:17:53 -07:00
< / VirtualHost >
```
2021-01-01 05:47:53 -07:00
**You need to make some edits again.** When you are done, run
2020-08-12 12:17:53 -07:00
```bash
$ sudo systemctl reload apache2
```
2021-01-01 05:47:53 -07:00
### Nginx
If you use Nginx and not Apache, add the following server section inside the
http section of `/etc/nginx/nginx.conf`
```
server {
listen 443;
listen 8448;
server_name your.server.name; # EDIT THIS
location /_matrix/ {
proxy_pass http://localhost:6167/_matrix/;
}
}
```
**You need to make some edits again.** When you are done, run
```bash
$ sudo systemctl reload nginx
```
2020-08-12 12:17:53 -07:00
## SSL Certificate
2021-01-01 05:47:53 -07:00
The easiest way to get an SSL certificate, if you don't have one already, is to install `certbot` and run this:
2020-08-12 12:17:53 -07:00
```bash
2021-01-01 05:47:53 -07:00
$ sudo certbot -d your.server.name
2020-08-12 12:17:53 -07:00
```
## You're done!
2020-10-20 05:18:20 -07:00
Now you can start Conduit with:
2020-08-12 12:17:53 -07:00
```bash
$ sudo systemctl start conduit
```
2020-10-20 05:18:20 -07:00
Set it to start automatically when your system boots with:
2020-08-12 12:17:53 -07:00
```bash
$ sudo systemctl enable conduit
```