Open Infrastructure

h1. Ungleich Matrix-as-a-Service (MaaS)

{{toc}}

*%{color:green}This document concerns end-users/customers. See [[The ungleich Matrix infrastructure]] page for server-side documentation.%*

h2. Status

This document is *in PRODUCTION*

h2. Overview

"Matrix":https://matrix.org/ is an open and decentralized IM system supporting modern features such as end-to-end encryption, message history, bridging to other networks, VoIP and more. It is based a federated structure, similar to what is done with emails: users use a home server as 'gateway' to the network. Our MaaS offer provides you with such a server as well as an hosted web client, "Riot":https://about.riot.im/.

"Riot's features page"https://about.riot.im/features gives you a good overview of Matrix's possibilities.

h2. FAQ

h3. Q: How many users can I have? What are the resources allocated to my matrix server?

We do not enforce a limit of the number of users: you can do anythign you want as long as you fit the resources allocated to your homeserver. You are provided with 1GB of memory, 1vCPU and 20GB of storage with the base offer, which can be extended on demand (Pricing is the same as ipv6onlyhosting VMs, since that's what we use underneath).

h3. Q: What server name will I get?

You can either use your own domain name (see below) or ask us for $ORGANIZATION.0co2.cloud.

h3. Q: Can I use a custom domain name?

Yes! You will have to give us three domain names:

* a) *the homeserver*: this is where the actual server is running - this can be on domain "A" - in case of ungleich we use *ungleich.matrix.ungleich.cloud* and give away *YOURNAME.matrix.ungleich.cloud* for free

* b) *the address of the web client* - this is where people with their webbrowser go to - this should be different from "A". Often this is something like *chat.example.org* or *matrix.example.org*. In case of ungleich this domain is *matrix.ungleich.ch.*

* c) *the main matrix domain*: the one you use for users and rooms. This is usually your main domain and is different from A. For ungleich this is *ungleich.ch*. Most people will choose their "main domain", for instance *example.org* here.

You will also need to configure 2 files below *the main matrix domain*

- */.well-known/matrix/server* containing *{"m.server": "homeserver:443"}*.

       Example: <pre>$ curl https://ungleich.ch/.well-known/matrix/server

{"m.server": "ungleich.matrix.ungleich.cloud:443"}</pre>

   - */.well-known/matrix/client* containing *{ "m.homeserver": { "base_url": "https://homeserver" } }*. Example: <pre>

curl https://ungleich.ch/.well-known/matrix/client 

{ "m.homeserver": { "base_url": "https://ungleich.matrix.ungleich.cloud" } }

</pre>

h3. Q: Why can't I use the same domain for everything?

The home server should be on a different domain to prevent possible XSS (cross site scripting) attacks.

You can find details about it on https://github.com/matrix-org/synapse#security-note.

For this reason we offer YOURNAME.matrix.ungleich.cloud for free for all homeservers.

h3. Q: How many domains do I need for a standard matrix setup?

Typically 3 domain names are used:

* The domain that defines your *room and user names* (for ungleich this is *ungleich.ch*)

* The domain that your users type in the web browser to join the chat (for ungleich this is *matrix.ungleich.ch*)

* The domain on which your *homeserver* (the server providing the matrix server) is reachable (for ungleich this is *ungleich.matrix.ungleich.cloud*)

The homeserver needs to be on a different domain than the other two to avoid possible XSS attacks.

h3. Q: What server implementation and version do you use?

We use the "synapse reference homeserver":https://github.com/matrix-org/synapse/ package "provided by the buster-backports repository":https://packages.debian.org/buster-backports/matrix-synapse.

h3. Q: What client can I use? Do you recommend one?

We recommend and provide you a web version of the "Riot client":https://about.riot.im/ (desktop and mobile) but you can use "any matrix client":https://matrix.org/clients/.

h3. Q: Can I set option X in synapse/riot?

Yes! Contact the ungleich support with the requested changes, which we will apply to the deployment configuration of your instance.

h3. Q: Do you provide a TURN server for VoIP?

Yes.

h3. Q: What are application services can I use?

We support bridging to other services (IRC, Matrix, Telegram, Slack, ...) via "matterbridge":https://github.com/42wim/matterbridge, deployed on demand.

h3. Q: If I do not use an LDAP directory, can I still manage my users?

Yes! We provide you with a management UI on https://admin.matrix.ungleich.cloud. You will have to use the full address of your matrix homeserver (e.g. ungleich.matrix.ungleich.cloud).

h3. Q: How can I delete rooms in Matrix?

To delete a room, simply everybody in the room needs to leave the room. Then the room gets removed from the server. If you are admin, you can kick everybody in the room if you want to force remove the room.

h3. Q: Are video/audio calls in Matrix End-to-end-encrypted(E2EE)?

Video & Phone is handled by a jitsi server by default - matrix adds it as an integration, but does not handle video/audio directly. So the answer is: not E2EE for audio/video