Matrix server


  • An Always Free virtual machine from Oracle, running Canonical-Ubuntu-20.04-Minimal.
    • This version of Ubuntu comes with an older and buggy version of Ansible. So, I had to install the latest one via instructions documented here. I now activate it on the server by doing: source ~/ansible/bin/activate.
  • Free domain from: Freenom.


In a nutshell:

sudo apt update
sudo apt install git python-is-python3 cron vim

git clone
cd matrix-docker-ansible-deploy # Run all future commands within this directory.

mkdir inventory/host_vars/
cp examples/host-vars.yml inventory/host_vars/ # This is 1 of the 2 configuration files.
cp examples/hosts inventory/hosts # This is 2 of the 2 configuration files.

# Setup everything
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start

# Create a user - admin or not.
ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=foo password=bar admin=yes' --tags=register-user

# Test everything is working as expected.
ansible-playbook -i inventory/hosts setup.yml --tags=self-check

The inventory/host_vars/ file:

# The bare domain name which represents your Matrix identity.
# Matrix user ids for your server will be of the form (`@user:<matrix-domain>`).
# Note: this playbook does not touch the server referenced here.
# Installation happens on another server ("matrix.<matrix-domain>").
# If you've deployed using the wrong domain, you'll have to run the Uninstalling step, 
# because you can't change the Domain after deployment.
# Example value:

# This is something which is provided to Let's Encrypt when retrieving SSL certificates for domains.
# In case SSL renewal fails at some point, you'll also get an email notification there.
# If you decide to use another method for managing SSL certifites (different than the default Let's Encrypt),
# you won't be required to define this variable (see `docs/`).
# Example value:
matrix_ssl_lets_encrypt_support_email: ...

matrix_nginx_proxy_base_domain_serving_enabled: true

# A shared secret (between Coturn and Synapse) used for authentication.
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
matrix_coturn_turn_static_auth_secret: "..."

# A secret used to protect access keys issued by the server.
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
matrix_synapse_macaroon_secret_key: "..."

matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: "..."

matrix_mautrix_whatsapp_enabled: true

matrix_synapse_configuration_extension_yaml: |
    enabled: true
    complexity: 1.0

And inventory/hosts:

# We explicitly ask for your server's external IP address, because the same value is used for configuring Coturn.
# If you'd rather use a local IP here, make sure to set up `matrix_coturn_turn_external_ip_address`.
# To connect using a non-root user (and elevate to root with sudo later),
# replace `ansible_ssh_user=root` with something like this: `ansible_ssh_user=username become=true become_user=root`
# For improved Ansible performance, SSH pipelining is enabled by default in `ansible.cfg`.
# If this causes SSH connection troubles, disable it by adding `ansible_ssh_pipelining=False`
# to the host line below or by adding `ansible_ssh_pipelining: False` to your variables file.
# If you're running this Ansible playbook on the same server as the one you're installing to,
# consider adding an additional `ansible_connection=local` argument below.

[matrix_servers] ansible_host= ansible_ssh_user=root ansible_connection=local