Matrix聊天IM工具搭建
Posted
2023-11-8
Updated
2023-11-
8
By
Heisenberg
16~21 min
read
搭建聊天软件
简介
Matrix旨在为实时通信提供一个开放的、安全的和去中心化的解决方案,而Synapse和Element是实现这一目标的关键组件。
Synapse是Matrix协议的参考实现,它是一个开源的、分布式的、实时通信服务器。
Element则是基于Matrix协议的一个开源客户端,它支持多种平台,并提供了友好的用户界面来与其他Matrix用户交互。
通过使用Synapse和Element,用户和开发者可以构建和使用去中心化的、实时的通信工具,而无需依赖单一的、中心化的服务提供商。
端对端的加密
Matrix协议支持端到端加密(E2EE),确保只有消息的发送者和接收者能够访问消息内容。它通过使用的是Double Ratchet算法,与Signal应用相同的算法,为每个会话提供了独立的加密。
架构方面,Matrix的端到端加密设计为多设备友好,可以在用户的所有设备间同步加密的消息。
实现方面,Matrix的加密功能由libolm和megolm这两个库提供支持。libolm提供了单对单的加密,而megolm则用于在群组聊天中实现端到端加密。
这些特点使得Matrix的加密功能非常强大且用户友好,同时保证了通信的安全性。
服务端配置
生成配置文件和密钥
docker run -it --rm \
--mount type=bind,src=*/root/chat/synapsedata*,dst=/data \
-e SYNAPSE_SERVER_NAME=yourdomain*.com* \
-e SYNAPSE_REPORT_STATS=no \
matrixdotorg/synapse:latest generate
完成这一步会在 /root/chat/synapsedata 中创建几个文件,其中一个是一个 config.json 文件;
配置自己的服务器配置
# Configuration file for Synapse.
#
# This is a YAML file: see [1] for a quick introduction. Note in particular
# that *indentation is important*: all the elements of a list or dictionary
# should have the same indentation.
#
# [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html
#
# For more information on how to configure Synapse, including a complete accounting of
# each option, go to docs/usage/configuration/config_documentation.md or
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html
server_name: "yourdomain"
pid_file: /data/homeserver.pid
listeners:
- port: 8008
tls: false
type: http
x_forwarded: true
resources:
- names: [client, federation]
compress: false
database:
name: sqlite3
args:
database: /data/homeserver.db
log_config: "/data/nova.19h62.com.log.config"
media_store_path: /data/media_store
#此处省略很多
turn_uris:
- "turn:nova.19h62.com:3478?transport=udp"
- "turn:nova.19h62.com:3478?transport=tcp"
turn_shared_secret: "***********"
# vim:ft=yaml
部署到容器中
docker run -d --name synapse \
--mount type=bind,src=*/root/chat/synapsedata*,dst=/data \
-p *20015*:8008 \
matrixdotorg/synapse:latest
配置TLS
server {
listen 20016 ssl;
server_name yourdomain;
ssl_certificate /path/to/your/certificate.crt;
ssl_certificate_key */path/to/your/private.key*;
location / {
proxy_pass http://localhost:20015;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
后台命令添加管理员
docker exec -it synapse register_new_matrix_user *http://localhost:20015* -c /data/homeserver.yaml --admin -u *your_username* -p *your_password*
添加普通用户
docker exec -it synapse register_new_matrix_user *http://localhost:20015* -c /data/homeserver.yaml -u *your_username* -p *your_password*
客户端配置
增加客户端配置
修改config.json 文件:
{
"default_server_config": {
"m.homeserver": {
"base_url": "<https://yourdomain>:*20016*",
"server_name": "yourdomain"
},
"m.identity_server": {
"base_url": "<https://vector.im>"
}
},
"disable_custom_urls": false,
"disable_guests": false,
"disable_login_language_selector": false,
"disable_3pid_login": false,
"brand": "NovaElement",
"integrations_ui_url": "<https://scalar.vector.im/>",
"integrations_rest_url": "<https://scalar.vector.im/api>",
"integrations_widgets_urls": [
"<https://scalar.vector.im/_matrix/integrations/v1>",
"<https://scalar.vector.im/api>",
"<https://scalar-staging.vector.im/_matrix/integrations/v1>",
"<https://scalar-staging.vector.im/api>",
"<https://scalar-staging.riot.im/scalar/api>"
],
"default_country_code": "GB",
"show_labs_settings": false,
"features": {},
"default_federate": true,
"default_theme": "light",
"room_directory": {
"servers": [
""
]
},
"enable_presence_by_hs_url": {
"<https://matrix.org>": false,
"<https://matrix-client.matrix.org>": false
},
"setting_defaults": {
"breadcrumbs": true
},
"jitsi": {
"preferred_domain": "meet.element.io"
},
"element_call": {
"url": "<https://call.element.io>",
"participant_limit": 8,
"brand": "Element Call"
},
"map_style_url": "<https://api.maptiler.com/maps/streets/style.json?key=fU3vlMsMn4Jb6dnEIFsx>"
}
Docker启动容器
docker run -d --name element-web \
-p *20017*:80 \
-v */root/chat/element-web/config.json*:/app/config.json \
vectorim/element-web
配置TLS
server {
listen 20018 ssl;
server_name yourdomain;
ssl_certificate /path/to/your/certificate.crt;
ssl_certificate_key */path/to/your/private.key*;
location / {
proxy_pass http://localhost:20017;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
重启Nginx
systemctl reload nginx
使用CloudFlare反代
自定义hostname和port ,worker可以通过自定义域名访问,反代了源地址以后更加安全,还能少写端口号,可以反代前端地址,后端也可以,CloudFlare always awesome!
addEventListener('fetch', event => {
event.respondWith(handleRequest(event.request));
});
async function handleRequest(request) {
let url = new URL(request.url);
// 设置新的目标服务器和端口
url.hostname = 'your-domain.com';
url.port = '****';
const modifiedRequest = new Request(url, {
method: request.method,
headers: request.headers,
body: request.body
});
const response = await fetch(modifiedRequest);
return response;
}