ideclon's tilde blog

whatever i think up

Multiple Dendrite instances

26 December 2022 — ~ideclon

Hosting multiple Dendrite instances on one server

As mentioned in my previous post, I’m running Dendrite as my Matrix homeserver.

As well as my ideclon.uk Matrix instance, I’m running other instances of Dendrite in the same VM for other purposes. Each of these instances are running as a separate SystemD service.

Here’s the basics of setting up another Dendrite instance on a server already running one.

Notes

  • Note that I am not using Docker.

  • You'll notice that I'm not using SSL here. SSL is being added by a Traefik proxy. If you're not using a reverse proxy, use -https-bind-address instead.

  • If you are using HTTPS, the default port is 8448, not 8008. (8008 is the default HTTP port, 8448 is the default HTTPS port).

Configuration

Each instance will need it’s own config file and storage directory. I’m using /etc/dendrite/[DOMAIN].

Config file

You can just copy the default config file and replace:

  • server_name

  • private_key

  • database -> connection_string

private_key is the Matrix signing key you’ll generate below.

For the connection_string, you just need to replace the database name.

Ports

Dendrite listens on port 8008 on all interfaces by default. You can override this with the CLI flag --http-bind-address. Multiple Dendrite instances won’t be able to listen on the same interface/port combo, so you could have Dendrite listen on a different port (as I do - 8008, 8018, 8028…), or on the same port on different IPs (if you have them).

As mentioned in my previous post, other Matrix servers (and clients) will expect to find your server on port 8448. You can deal with this via delegation (see that post), or run a proxy server like Traefik in front of your server and forward based on hostnames.

Keys

Generate a new Matrix signing key: $ ./bin/generate-keys --private-key [NEW_KEY_NAME].pem

Database

Each instance will need it’s own database. Assuming you’re using PostgreSQL (as is recommended in the docs), you can just run $ sudo -u postgres createdb -O dendrite -E UTF-8 dendrite_[DOMAIN] to create a new database called dendrite_[DOMAIN], owned by the dendrite role.

SSL / TLS

As mentioned above, this post assumes you’ve set up a Dendrite server before (on the same server you’ll be running this one). This is not a guide on setting up / configuring Matrix. I’m just going to point to the docs on this.

SystemD service

The SystemD service broadly needs to do the following:

  • Run as dendrite:dendrite

  • Run in your new storage directory

  • Run after network-online.target and postgres.service.

Here’s an example:

[Unit]
Description=[DOMAIN] Dendrite (Matrix Homeserver)
After=syslog.target
After=network-online.target
After=postgresql.service

[Service]
Environment=GODEBUG=madvdontneed=1
RestartSec=2s
Type=simple
User=dendrite
Group=dendrite
WorkingDirectory=/etc/dendrite/[DOMAIN]/
ExecStart=/usr/local/bin/dendrite-monolith-server -config /etc/dendrite/[DOMAIN]/dendrite.monolith.yml –http-bind-address :[PORT]
Restart=always
LimitNOFILE=65535

[Install]
WantedBy=multi-user.target

CLI Administration

When running the ./bin/create-account binary, you’ll need to make sure to point it at the correct config file - so -config /etc/dendrite/[DOMAIN]/dendrite.monolith.yml.

read more...

Matrix hosting tips

22 December 2022 — ~ideclon

I’ve recently re setup my Matrix server and there were a few things I wish would have been slightly easier to find. So here they are.

I’m running Dendrite, so some things may be slightly different to Synapse or some other homeservers, but this is mostly just tips on Matrix hosting in general.

Dendrite is running in a VM on a server in my office, and is exposed to the Internet via Traefik running on a cheap VPS. Traefik can talk to Dendrite over Tailscale.

Dendrite installation docs

Ports

Matrix expects to find your homeserver on port 8448. Dendrite by default listens on port 8008, but this is configurable with the --http-bind-address CLI flag.

You can really have your homeserver listen on whichever port you like, as long as you configure that in delegation (see below).

Domain / Delegation

I’m @me:ideclon.uk. I needed to have Traefik forward /_matrix to my Matrix server (and there’s also /_dendrite for the Dendrite API, but that’s not required). But you don’t need to run your homeserver on the same webserver as your website. For some of my other homeservers, their domains are at matrix.[DOMAIN_NAME], but I still want the users to be @[USERNAME]:[DOMAIN_NAME]! To do this, you’ll need delegation.

There are two basic ways to do delegation - well-known and DNS SRV.

Well-known

You just need to serve the following two files on your website:

/.well-known/matrix/server:

{ "m.server": "[MATRIX_HOMESERVER]:[MATRIX_PORT]" }

/.well-known/matrix/client:

{ "m.homeserver": { "base_url": "https://[MATRIX_HOMESERVER]:[MATRIX_PORT]/" } }

You must set Access-Control-Allow-Origin * on both of these files. I do this with a .htaccess file in the /.well-known/matrix directory:

Header add Access-Control-Allow-Origin "*"

DNS SRV

The Dendrite docs do a good enough job of this - https://matrix-org.github.io/dendrite/installation/domainname#dns-srv-delegation

read more...