The ungleich Matrix infrastructure

This document concerns the infrastructure side of our MaaS offer and is intended for ungleich staff. See Ungleich Matrix-as-a-Service (MaaS) page for end-user/customer documentation. Common operations can be found on: [[]].


This document is A DRAFT. This service is not in production. Ask Timothée Floure for details.


Our Matrix deployments make use of the Synapse (reference) Matrix homeserver and Riot web client. We use Debian buster as base Operating system, leveraging the matrix-synapse package from the buster-backports repository. The riot client (= static files) is directly fetched from upstream releases on github.

The matrix deployments run on ipv6only VMs, HTTP traffic - including federation - being proxy by the ungleich v4-to-v6 proxy. Federation is delegated using a /.well-known/ URI as described in the customer FAQ.


The whole MaaS setup is defined in the manifest/matrix-as-a-service of dot-cdist file, which wraps the __ungleich_matrix type. This type leverages:

  • __matrix_synapse
  • __matrix_riot
  • __ungleich_nginx_static_type
  • _postgres_role and _postgres_database from upstream cdist.

The matterbridge application service can be deployed with the __matterbridge type.

Matrix Federation Tester:

Synapse Admin UI

  • Allows manual admin management of users and rooms.
  • Use direct address of homeserver for login:


Autodiscovered from consul in monitoring LAN.

Ungleich Deployments

We maintain our own deployments alongside the customer MaaS, both for our own usage and for testing.

Staging instance used to tests the deployment pipeline and Matrix updates.

Production instance for ungleich. Some rooms are bridged to the mattermost instance. The bridge makes use of the local matrix user (i.e. not from LDAP) and matterbridge mattermost user (linked to matterbridge AT ungleich ch).

Customer Deployments

That's too sensitive to be public: this way !

Shared TURN server

Coturn is running at See matrix-as-a-service manifest in dot-cdist for details.

create mass users on matrix host

- info.txt

FirstName LastName Email user_id1 pw1
FirstName LastName Email user_id2 pw2
FirstName LastName Email user_id3 pw3

- creating user shall script

while read A B C D E
  name=$A" "$B
  data='{"password":"'${pw}'", "displayname": "'${name}'", "threepids": [ { "medium": "email", "address": "'${ad}'" }], "admin": false, "deactivated": false, "avatar_url": null }'
  h='Authorization: Bearer <AccessToken>'
  curl -v -X PUT -H "$h" -d "$data" http://localhost:8008/_synapse/admin/v2/users/$
  sleep 2
done < info.txt

invite mass users on matrix host

- info.txt

FirstName LastName Email user_id1 pw1
FirstName LastName Email user_id2 pw2
FirstName LastName Email user_id3 pw3

- get user token

--> user : admin room user : to invite user, admin must be in room.

curl -XPOST -d '{"type":"m.login.password", "user":"[user_id]", "password":"[user_password]"}' "http://localhost:8008/_matrix/client/r0/login" 

- inviting user script


  cat <<EOF

roomID=( 'roomID1 wihtout !' 'roomID2 wihtout !'  )
for rm_id in ${roomID[*]}
   while read A B C D E
      echo $rm_id
      res=$(curl -XPOST -d "$(generate_post_data)" "http://localhost:8008/_matrix/client/r0/rooms/%21$<ACCESS_TOKEN>")
      echo $res
      #avoid error { "errcode": "M_LIMIT_EXCEEDED", "error": "Too Many Requests", "retry_after_ms": 2895 } 
      if [[ $res =~ $errcode ]];then
        sleep 5
        res2=$(curl -XPOST -d "$(generate_post_data)" "http://localhost:8008/_matrix/client/r0/rooms/%21$<ACCESS_TOKEN>")

      if [[ $res2 =~ $errcode ]];then
        echo "===error===" 
        echo $res2
        exit 1
      sleep 1
    done < info.txt

Admin interface at

It's based on synapse-admin:"" and is just a static JS app. It's deployed on

Update procedure

# Clone sources
git clone

# Checkout latest tag
git checkout tags/x.y.z

# Fetch dependencies
yarn install

# Generate static files
yarn build

# Then: copy over content of build/ to staticweb

Updated by Timothée Floure 8 months ago · 22 revisions