eda735e4bb
### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [X] Pull request is based on the develop branch * [X] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [X] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters)) --------- Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> |
||
---|---|---|
.ci | ||
.github | ||
changelog.d | ||
contrib | ||
debian | ||
demo | ||
docker | ||
docs | ||
rust | ||
scripts-dev | ||
stubs | ||
synapse | ||
synmark | ||
tests | ||
.codecov.yml | ||
.coveragerc | ||
.dockerignore | ||
.editorconfig | ||
.git-blame-ignore-revs | ||
.gitignore | ||
.rustfmt.toml | ||
AUTHORS.rst | ||
book.toml | ||
build_rust.py | ||
Cargo.lock | ||
Cargo.toml | ||
CHANGES.md | ||
CONTRIBUTING.md | ||
flake.lock | ||
flake.nix | ||
INSTALL.md | ||
LICENSE | ||
mypy.ini | ||
poetry.lock | ||
pyproject.toml | ||
README.rst | ||
sytest-blacklist | ||
tox.ini | ||
UPGRADE.rst |
Element Synapse - Matrix homeserver implementation
Synapse is an open source Matrix homeserver implementation, written and maintained by Element. Matrix is the open standard for secure and interoperable real time communications. You can directly run and manage the source code in this repository, available under an AGPL license. There is no support provided from Element unless you have a subscription.
Subscription alternative
Alternatively, for those that need an enterprise-ready solution, Element Server Suite (ESS) is available as a subscription. ESS builds on Synapse to offer a complete Matrix-based backend including the full Admin Console product, giving admins the power to easily manage an organization-wide deployment. It includes advanced identity management, auditing, moderation and data retention options as well as Long Term Support and SLAs. ESS can be used to support any Matrix-based frontend client.
🛠️ Installing and configuration
The Synapse documentation describes how to install Synapse. We recommend using Docker images or Debian packages from Matrix.org.
Synapse has a variety of config options which can be used to customise its behaviour after installation. There are additional details on how to configure Synapse for federation here.
Using a reverse proxy with Synapse
It is recommended to put a reverse proxy such as nginx, Apache, Caddy, HAProxy or relayd in front of Synapse. One advantage of doing so is that it means that you can expose the default https port (443) to Matrix clients without needing to run Synapse with root privileges. For information on configuring one, see the reverse proxy docs.
Upgrading an existing Synapse
The instructions for upgrading Synapse are in the upgrade notes. Please check these instructions as upgrading may require extra steps for some versions of Synapse.
Platform dependencies
Synapse uses a number of platform dependencies such as Python and PostgreSQL, and aims to follow supported upstream versions. See the deprecation policy for more details.
Security note
Matrix serves raw, user-supplied data in some APIs -- specifically the content repository endpoints.
Whilst we make a reasonable effort to mitigate against XSS attacks (for instance, by using CSP), a Matrix homeserver should not be hosted on a domain hosting other web applications. This especially applies to sharing the domain with Matrix web clients and other sensitive applications like webmail. See https://developer.github.com/changes/2014-04-25-user-content-security for more information.
Ideally, the homeserver should not simply be on a different subdomain, but on a completely different registered domain (also known as top-level site or eTLD+1). This is because some attacks are still possible as long as the two applications share the same registered domain.
To illustrate this with an example, if your Element Web or other
sensitive web application is hosted on A.example1.com
, you
should ideally host Synapse on example2.com
. Some amount of
protection is offered by hosting on B.example1.com
instead,
so this is also acceptable in some scenarios. However, you should
not host your Synapse on A.example1.com
.
Note that all of the above refers exclusively to the domain used in
Synapse's public_baseurl
setting. In particular, it has no
bearing on the domain mentioned in MXIDs hosted on that server.
Following this advice ensures that even if an XSS is found in Synapse, the impact to other applications will be minimal.
🧪 Testing a new installation
The easiest way to try out your new Synapse installation is by connecting to it from a web client.
Unless you are running a test instance of Synapse on your local machine, in general, you will need to enable TLS support before you can successfully connect from a client: see TLS certificates.
An easy way to get started is to login or register via Element at https://app.element.io/#/login
or https://app.element.io/#/register
respectively. You will need to change the server you are logging into
from matrix.org
and instead specify a Homeserver URL of
https://<server_name>:8448
(or just
https://<server_name>
if you are using a reverse
proxy). If you prefer to use another client, refer to our client breakdown.
If all goes well you should at least be able to log in, create a room, and start sending messages.
Registering a new user from a client
By default, registration of new users via Matrix clients is disabled. To enable it:
- In the registration
config section set
enable_registration: true
inhomeserver.yaml
. - Then either:
- set up a CAPTCHA, or
- set
enable_registration_without_verification: true
inhomeserver.yaml
.
We strongly recommend using a CAPTCHA, particularly if your homeserver is exposed to the public internet. Without it, anyone can freely register accounts on your homeserver. This can be exploited by attackers to create spambots targeting the rest of the Matrix federation.
Your new user name will be formed partly from the
server_name
, and partly from a localpart you specify when
you create the account. Your name will take the form of:
@localpart:my.domain.name
(pronounced "at localpart on my dot domain dot name").
As when logging in, you will need to specify a "Custom server".
Specify your desired localpart
in the 'User name' box.
🎯 Troubleshooting and support
🚀 Professional support
Enterprise quality support for Synapse including SLAs is available as part of an Element Server Suite (ESS) subscription.
If you are an existing ESS subscriber then you can raise a support request and access the knowledge base.
🤝 Community support
The Admin FAQ includes tips on dealing with some common problems. For more details, see Synapse's wider documentation.
For additional support installing or managing Synapse, please ask in
the community support room #synapse:matrix.org
_ (from a
matrix.org account if necessary). We do not use GitHub issues for
support requests, only for bug reports and feature requests.
🪪 Identity Servers
Identity servers have the job of mapping email addresses and other 3rd Party IDs (3PIDs) to Matrix user IDs, as well as verifying the ownership of 3PIDs before creating that mapping.
They are not where accounts or credentials are stored - these live on home servers. Identity Servers are just for mapping 3rd party IDs to matrix IDs.
This process is very security-sensitive, as there is obvious risk of spam if it is too easy to sign up for Matrix accounts or harvest 3PID data. In the longer term, we hope to create a decentralised system to manage it (matrix-doc #712), but in the meantime, the role of managing trusted identity in the Matrix ecosystem is farmed out to a cluster of known trusted ecosystem partners, who run 'Matrix Identity Servers' such as Sydent, whose role is purely to authenticate and track 3PID logins and publish end-user public keys.
You can host your own copy of Sydent, but this will prevent you
reaching other users in the Matrix ecosystem via their email address,
and prevent them finding you. We therefore recommend that you use one of
the centralised identity servers at https://matrix.org
or
https://vector.im
for now.
To reiterate: the Identity server will only be used if you choose to associate an email address with your account, or send an invite to another user via their email address.
🛠️ Development
We welcome contributions to Synapse from the community! The best place to get started is our guide for contributors. This is part of our larger documentation, which includes
information for Synapse developers as well as Synapse administrators. Developers might be particularly interested in:
Alongside all that, join our developer community on Matrix: #synapse-dev:matrix.org, featuring real humans!