blog-contributions/opsec/matrixnew/index.html

343 lines
12 KiB
HTML
Raw Normal View History

2024-07-25 12:23:36 +02:00
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
<title>Matrix Chat Setup</title>
<!-- Bootstrap core CSS -->
<link href="../../assets/css/bootstrap.css" rel="stylesheet">
<link href="../../assets/css/xt256.css" rel="stylesheet">
<!-- Custom styles for this template -->
<link href="../../assets/css/main.css" rel="stylesheet">
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
<script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
<![endif]-->
</head>
<body>
<!-- Static navbar -->
<div class="navbar navbar-inverse-anon navbar-static-top">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand-anon" href="\index.html">nihilist`s Blog</a>
</div>
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav navbar-right">
<li><a href="/about.html">About</a></li>
<li><a href="/blog.html">Categories</a></li>
2024-08-12 23:22:38 +02:00
<li><a href="https://blog.nowhere.moe/donate.html">Donate</a></li>
2024-07-25 12:23:36 +02:00
<li><a href="/contact.html">Contact</a></li>
</ul>
</div><!--/.nav-collapse -->
</div>
</div>
<!-- +++++ Posts Lists +++++ -->
<!-- +++++ First Post +++++ -->
<div id="anon2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
2024-08-18 22:50:34 +02:00
<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>root@Datura - 2024-01-14</ba></p>
2024-07-25 12:23:36 +02:00
<h1>Matrix Chat Setup </h1>
<img src="0.png" style="width:250px">
<p>In this tutorial we're going to setup a private matrix chat server along with VoIP support for the element desktop client. </p>
<p><u>Disclaimer:</u> If you want this service to remain anonymous, make sure you at least keep <a href="../sensitiveremotevshome/index.html">TOR between you and the service</a> from the <a href="../anonymousremoteserver/index.html">VPS acquisition</a> to actual service usage. </p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /grey -->
<!-- +++++ Second Post +++++ -->
<div id="anon3">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Initial Setup </b></h2>
<p>First install the required packages:</p>
<pre><code class="nim">
apt install docker.io docker-compose
</code></pre>
<p>Then create the directories required:</p>
<pre><code class="nim">
mkdir /srv/matrix/data -p
chown -R 755 /srv/matrix/data
cd /srv/matrix
</code></pre>
<p>Then we'll create the docker-compose.yml file and the generateconfig.sh script:</p>
<pre><code class="nim">
2024-08-12 23:22:38 +02:00
[ nowhere.moe ] [ /dev/pts/1 ] [/srv/matrix]
2024-07-25 12:23:36 +02:00
→ cat docker-compose.yml
version: "3.3"
services:
synapse:
image: "matrixdotorg/synapse:latest"
container_name: "matrix_synapse"
ports:
- 8008:8008
volumes:
- "./data:/data" #it will look at the current directory where you save the file and look for the data folder inside
environment:
2024-08-12 23:22:38 +02:00
VIRTUAL_HOST: "m.nowhere.moe"
2024-07-25 12:23:36 +02:00
VIRTUAL_PORT: 8008
2024-08-12 23:22:38 +02:00
LETSENCRYPT_HOST: "m.nowhere.moe"
SYNAPSE_SERVER_NAME: "m.nowhere.moe"
2024-07-25 12:23:36 +02:00
SYNAPSE_REPORT_STATS: "yes"
coturn:
image: instrumentisto/coturn:latest
restart: unless-stopped
volumes:
- ./coturn/turnserver.conf:/etc/coturn/turnserver.conf
ports:
- 47160-47200:47160-47200/udp
- 3478:3478
- 5349:5349
networks:
- mybridge
networks:
mybridge:
driver: bridge
2024-08-12 23:22:38 +02:00
[ nowhere.moe ] [ /dev/pts/1 ] [/srv/matrix]
2024-07-25 12:23:36 +02:00
→ cat generateconfig.sh
#!/bin/bash
2024-08-12 23:22:38 +02:00
docker-compose run --rm -e SYNAPSE_SERVER_NAME=m.nowhere.moe -e SYNAPSE_REPORT_STATS=yes synapse generate
2024-07-25 12:23:36 +02:00
</code></pre>
2024-08-24 16:01:33 +02:00
<p>My matrix server will have the "m.nowhere.moe" domain name. The coturn config mentioned here is used for the VOIP support. Now let's generate the initial keys of the matrix server like so:</p>
2024-07-25 12:23:36 +02:00
<pre><code class="nim">
2024-08-12 23:22:38 +02:00
[ nowhere.moe ] [ /dev/pts/1 ] [/srv/matrix]
2024-07-25 12:23:36 +02:00
→ ./generateconfig.sh
Creating network "matrix_default" with the default driver
Creating network "matrix_mybridge" with driver "bridge"
Setting ownership on /data to 991:991
2024-08-12 23:22:38 +02:00
Creating log config /data/m.nowhere.moe.log.config
2024-07-25 12:23:36 +02:00
Generating config file /data/homeserver.yaml
2024-08-12 23:22:38 +02:00
Generating signing key file /data/m.nowhere.moe.signing.key
A config file has been generated in '/data/homeserver.yaml' for server name 'm.nowhere.moe'. Please review this file and customise it to your needs.
2024-07-25 12:23:36 +02:00
2024-08-12 23:22:38 +02:00
[ nowhere.moe ] [ /dev/pts/1 ] [/srv/matrix]
2024-07-25 12:23:36 +02:00
→ ls
2024-08-12 23:22:38 +02:00
coturn data docker-compose.yml docker-compose.yml.coturn generateconfig.sh m.nowhere.moe.conf.nginx
2024-07-25 12:23:36 +02:00
2024-08-12 23:22:38 +02:00
[ nowhere.moe ] [ /dev/pts/1 ] [/srv/matrix]
2024-07-25 12:23:36 +02:00
→ ls data -lash
total 20K
4.0K drwxr-xr-x 2 991 991 4.0K Jan 14 11:12 .
4.0K drwxr-xr-x 4 root root 4.0K Jan 4 13:50 ..
4.0K -rw-r--r-- 1 root root 1.3K Jan 14 11:12 homeserver.yaml
2024-08-12 23:22:38 +02:00
4.0K -rw-r--r-- 1 root root 694 Jan 14 11:12 m.nowhere.moe.log.config
4.0K -rw-r--r-- 1 root root 59 Jan 14 11:12 m.nowhere.moe.signing.key
2024-07-25 12:23:36 +02:00
</code></pre>
<p>Now that's done, we can edit the homeserver.yaml if you want to remove trust into the "matrix.org" keys for federation to make it a truly private server:</p>
<pre><code class="nim">
2024-08-12 23:22:38 +02:00
[ nowhere.moe ] [ /dev/pts/1 ] [/srv/matrix]
2024-07-25 12:23:36 +02:00
→ cat data/homeserver.yaml | grep server
trusted_key_servers:
- server_name: ""
</code></pre>
<p>Then we can edit the coturn config like so:</p>
<pre><code class="nim">
2024-08-12 23:22:38 +02:00
[ nowhere.moe ] [ /dev/pts/1 ] [/srv/matrix]
2024-07-25 12:23:36 +02:00
→ ls
2024-08-12 23:22:38 +02:00
coturn data docker-compose.yml docker-compose.yml.coturn generateconfig.sh m.nowhere.moe.conf.nginx
2024-07-25 12:23:36 +02:00
2024-08-12 23:22:38 +02:00
[ nowhere.moe ] [ /dev/pts/1 ] [/srv/matrix]
2024-07-25 12:23:36 +02:00
→ cat coturn/turnserver.conf
use-auth-secret
static-auth-secret=cuAWWAAWWAAWWAWADDWADWADWADWADWADWAWADDWADWWADWADDWADWDWoy
2024-08-12 23:22:38 +02:00
realm=m.nowhere.moe
2024-07-25 12:23:36 +02:00
listening-port=3478
tls-listening-port=5349
min-port=47160
max-port=47200
verbose
allow-loopback-peers
cli-password=cuAWWAAWWAAWWAWADDWADWADWADWADWADWAWADDWADWWADWADDWADWDWoy
external-ip=116.202.216.190
2024-08-12 23:22:38 +02:00
[ nowhere.moe ] [ /dev/pts/1 ] [/srv/matrix]
2024-07-25 12:23:36 +02:00
→ cat data/homeserver.yaml | grep turn
2024-08-12 23:22:38 +02:00
turn_uris: [ "turn:m.nowhere.moe?transport=udp", "turn:m.nowhere.moe?transport=tcp" ]
2024-07-25 12:23:36 +02:00
turn_shared_secret: "cuAWWAAWWAAWWAWADDWADWADWADWADWADWAWADDWADWWADWADDWADWDWoy"
turn_user_lifetime: 86400000
turn_allow_guests: true
</code></pre>
<p>Make sure the ports match the ones in the docker-compose.yml file, and the external IP is the one of your server:</p>
<pre><code class="nim">
2024-08-12 23:22:38 +02:00
[ nowhere.moe ] [ /dev/pts/1 ] [/srv/matrix]
2024-07-25 12:23:36 +02:00
→ curl ifconfig.me -4
116.202.216.190
</code></pre>
<p>Then we start the docker-compose:</p>
<pre><code class="nim">
2024-08-12 23:22:38 +02:00
[ nowhere.moe ] [ /dev/pts/1 ] [/srv/matrix]
2024-07-25 12:23:36 +02:00
→ docker-compose up -d
Creating matrix_coturn_1 ... done
Creating matrix_synapse ... done
</code></pre>
<p>Then we create the accounts like so:</p>
<pre><code class="nim">
2024-08-12 23:22:38 +02:00
[ nowhere.moe ] [ /dev/pts/1 ] [/srv/matrix]
2024-07-25 12:23:36 +02:00
→ docker container ls | grep matrixdot
134d440b1480 matrixdotorg/synapse:latest "/start.py" About a minute ago Up 25 seconds (healthy) 8009/tcp, 0.0.0.0:8008->8008/tcp, :::8008->8008/tcp, 8448/tcp matrix_synapse
2024-08-12 23:22:38 +02:00
[ nowhere.moe ] [ /dev/pts/1 ] [/srv/matrix]
2024-07-25 12:23:36 +02:00
→ docker exec -it 134 bash
root@134d440b1480:/#
2024-08-12 23:22:38 +02:00
[ nowhere.moe ] [ /dev/pts/1 ] [/srv/matrix]
2024-07-25 12:23:36 +02:00
→ docker exec -it 134 bash
root@134d440b1480:/# register_new_matrix_user -c /data/homeserver.yaml http://localhost:8008
New user localpart [root]: nihilist
Password:
Confirm password:
Make admin [no]: yes
Sending registration request...
Success!
root@134d440b1480:/# exit
exit
</code></pre>
<p>Then we make sure that we can access the matrix server via nginx:</p>
<pre><code class="nim">
2024-08-12 23:22:38 +02:00
[ nowhere.moe ] [ /dev/pts/1 ] [/srv/matrix]
→ cat /etc/nginx/sites-enabled/m.nowhere.moe.conf
2024-07-25 12:23:36 +02:00
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
# For the federation port
listen 8448 ssl http2;
listen [::]:8448 ssl http2;
2024-08-12 23:22:38 +02:00
server_name m.nowhere.moe;
2024-07-25 12:23:36 +02:00
2024-08-12 23:22:38 +02:00
ssl_certificate /etc/acme/certs/m.nowhere.moe/fullchain.cer;
ssl_certificate_key /etc/acme/certs/m.nowhere.moe/m.nowhere.moe.key;
2024-07-25 12:23:36 +02:00
location ~ ^(/_matrix|/_synapse/client) {
# note: do not add a path (even a single /) after the port in `proxy_pass`,
# otherwise nginx will canonicalise the URI and cause signature verification
# errors.
proxy_pass http://localhost:8008;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
# Nginx by default only allows file uploads up to 1M in size
# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
client_max_body_size 50M;
# Synapse responses may be chunked, which is an HTTP/1.1 feature.
proxy_http_version 1.1;
}
}
2024-08-12 23:22:38 +02:00
[ nowhere.moe ] [ /dev/pts/1 ] [/srv/matrix]
2024-07-25 12:23:36 +02:00
→ nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
</code></pre>
<p>Then we test that we can login from a matrix client (which can be installed inside a <a href="../whonixqemuvms/index.html">whonix VM</a>), let's use <a href="https://element.io/download">element</a> because we want to be able to do voicecalls:</p>
<img src="1.png" class="imgRz">
<img src="2.png" class="imgRz">
<img src="3.png" class="imgRz">
<img src="4.png" class="imgRz">
<img src="5.png" class="imgRz">
<p>Here we will setup a secure backup password, that is a separate password, for end to end encryption purposes. Then you can do the following steps:</p>
<img src="6.png" class="imgRz">
<p>Make sure you log out of every unverified session:</p>
<img src="7.png" class="imgRz">
<img src="8.png" class="imgRz">
<p>You may need to log in and log out before being able to send messages so do that, then create the space along with the chatroom</p>
<img src="9.png" class="imgRz">
<img src="10.png" class="imgRz">
<img src="11.png" class="imgRz">
<img src="12.png" class="imgRz">
<img src="13.png" class="imgRz">
<img src="14.png" class="imgRz">
<img src="15.png" class="imgRz">
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<!-- +++++ Footer Section +++++ -->
<div id="anonb">
<div class="container">
<div class="row">
<div class="col-lg-4">
<h4>Nihilism</h4>
<p>
Until there is Nothing left.
</p>
</div><!-- /col-lg-4 -->
<div class="col-lg-4">
<h4>My Links</h4>
<p>
2024-08-15 14:43:58 +02:00
<a target="_blank" rel="noopener noreferrer" href="http://blog.nowhere.moe/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://matrix.to/#/#nowheremoe:nowhere.moe">Matrix Chat</a><br/>
2024-07-25 12:23:36 +02:00
</p>
</div><!-- /col-lg-4 -->
<div class="col-lg-4">
<h4>About nihilist</h4>
2024-08-12 23:22:38 +02:00
<p style="word-wrap: break-word;"><u>Donate XMR:</u> 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8</p></br><p><u>Contact:</u> nihilist@nowhere.moe (<a href="https://nowhere.moe/nihilist.pubkey">PGP</a>)</p>
2024-07-25 12:23:36 +02:00
</div><!-- /col-lg-4 -->
</div>
</div>
</div>
<!-- Bootstrap core JavaScript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
</body>
</html>