Installing a Matrix server on IPv6 only
Updated by Axel Beckert about 3 years ago
Installing matrix-synapse on an IPv6-only system.
Using the official
matrix-synapse package by Debian or derivatives.
What has been done¶
matrix-synapsepackage from unstable on a Raspberry Pi running Debian Unstable with Apache 2.4 and only being reachable via IPv6.
matrix-synapsepackage from stable-backports on an IPv6-only Devuan 2.0 Ascii VM with h2o. (Connection unreliable, often reconnects)
- Connecting to both with
Doesn't work out of the box, several issues:
- starting the daemon exits with "file /etc/matrix-synapse/homeserver.signing.key not found" (or similar). Solve by calling
/usr/bin/python3 -m synapse.app.homeserver --config-path=/etc/matrix-synapse/homeserver.yaml --config-path=/etc/matrix-synapse/conf.d/ --generate-keysmanually.
- starting the daemon exits with "TLS certificate file not found". Solved by pointing to certbot-generated certificates.
- Hangs upon package configuration (Debian #920339) due to
debconfwaiting for daemon to close its inherited file descriptors. Solved by doing daemonization via
--daemonizein the init script. Sent a patch to the Debian bug report. (sysvinit-only issue)
- Tries to listen on the HTTPS port which is already in use. Set
- Due to fiddling with the above, I once had a daemon which was no more exiting upon
service matrix-synapse stopor
service matrix-synapse restart, but the daemon only noticed seconds after the start that the port is already in use and only mentioned it in the log file. Hence also changed configurations had no effect. Killing that process solved the issue.
makepasswd --chars=42generated password as secret
registration_shared_secretand then call
register_new_matrix_user -u abe -a -c /etc/matrix-synapse/homeserver.yaml http://localhost:8008. It is important to not add a trailing slash to the URL as this results in only
400 Bad Requestreturn codes.
- Pass all requests to
/_matrix…on the webserver (reverse proxy) to
ProxyPass "/_matrix" "http://localhost:8008/_matrix" ProxyPassReverse "/_matrix" "http://localhost:8008/_matrix"
paths: /_matrix: proxy.reverse.url: http://localhost:8008/_matrix
- Both instances don't talk with each other.
- Permissions to access the certbot-generated SSL keys and and certificates. (Client access is proxied through a proper webserver which handles HTTPS and is hence not affected.)
(These two issues might be related.)
- Very frequent connection loss to the Devuan VM with h2o. Likely caused by h2o (despite timeouts have been raised for the
Not ready for prime time. The official Debian packaging (by Debian) still not ready for prime time either.