path: root/memos/WM-067.txt

Document: WM-067                                                 P. Webb
Category: Self Hosting                                        2025.04.25

                            Enter the Matrix

Abstract

   When all else fails, DIY!

Body

   When Element decided to change their cloud hosting pricing last year,
   I had a decision to make; pay more money[1] per user on my account
   (€60 per user/year, paid annually), setup my own server using Synapse
   (the only Matrix software that was out at the time), or go with some
   third‑party. Synapse was hella complicated to deal with so I decided
   to go with the latter.

   Long story short, this third‑party (Federated Computer) is not good.
   Just this past weekend, they performed an unannounced server upgrade
   which broke my instance and I was gaslit by someone on their support
   team until I mentioned I only experienced issues over the weekend.

   They refused to answer my very direct question ("how can I export my
   data?") three times before pointing me to the room chat export
   feature of Element, which was not what I asked for. EMS (Element
   Matrix Services) provided everyone on their platform with a dashboard
   where they could export the database and other files necessary to
   import to a new host. When I approached FC (who were listed as hosts
   recommended by EMS), they instructed me to upload to SwissTransfer[2]
   so they could concierge the process.

   You'd think the folks at Federated Computer would remember/understand
   that, no?

   They've also got quite the lackluster dashboard UI. I've designed
   better when I got my start coding in 2008. Anyhoo, YMMV but FC is not
   for me. This experience was enough impetus to explore if the Matrix
   self‑host landscape changed and luckily, it has!

   After some quick research, I decided to go with Conduit[3] as my
   Matrix server. It's written in Rust, is in beta at the time of this
   post, and its instructions are slightly wrong so I'm writing this
   post for future me and friends.

   Before I get into it, a few things:

   Sliding Sync[4] is not implemented yet. The fancy Element X client
   uses it for quick syncing of Matrix rooms and I wanna use it.

   I asked about SS in Conduit's Matrix room:

   > The current sliding sync implementation is not working as we need
   > simple sliding sync now. And that is not ready in conduit yet.

   The developer leading this feature has said it is high on his list
   of priorities.

   Also, when I invited my friends to my new server I wasn't able to see
   their messages decrypted, even after verifying my sessions. I still
   can't see those initial messages but the syncing has been fine for
   the past few days so maybe that was just some setup weirdness.

   1. Installing Conduit

      I'll assume you're installing Conduit on Linux. I prefer Ubuntu
      LTS for my servers. The Conduit install tutorial gives you three
      types of binaries to install: statically linked Debian package,
      statically linked binary, and OCI image.

      I didn't realize the Debian package didn't work for me until much
      later. The statically linked binary worked though. Unless you are
      on an ARM platform, you should choose one of the `x86_64` options.
      I used `x86_64-unknown-linux-musl`:

      ```sh
      # download binary to your system
      wget -O /usr/local/bin/matrix-conduit https://gitlab.com/api/v4/projects/famedly%2Fconduit/jobs/artifacts/master/raw/x86_64-unknown-linux-musl?job=artifacts

      # make binary executable
      chmod +x /usr/local/bin/matrix-conduit

      # add a user that will handle the Conduit process
      adduser --system conduit --group --disabled-login --no-create-home
      ```

      Next, we'll set up the systemd service:

      ```sh
      nano /etc/systemd/system/conduit.service
      ```

      ```toml
      [Unit]
      Description=Conduit Matrix Server
      After=network.target

      [Service]
      Environment="CONDUIT_CONFIG=/etc/matrix-conduit/conduit.toml"
      User=conduit
      Group=conduit
      Restart=always
      ExecStart=/usr/local/bin/matrix-conduit

      [Install]
      WantedBy=multi-user.target
      ```

      Reload systemd so it knows about Conduit:

      ```sh
      systemctl daemon-reload
      ```

      Now it's the fun part, creating the Conduit configuration file so
      you can customize (like increasing the file upload limit past the
      default 20MB)!

      ```sh
      # create directory
      mkdir -p /etc/matrix-conduit

      nano /etc/matrix-conduit/conduit.toml
      ```

      The only things I've changed are `max_request_size` (so I can
      share gaming clips with my friends, 20MB is NOT enough),
      `enable_lightning_bolt`, `registration_token`, and `server_name`.
      I thought I needed to give my friends the token but I just sent
      invites to their Matrix addresses instead. I wonder if I can set
      `allow_registration` to false and still invite people to
      my server…

      ```toml
      [global]
      # This makes sure Conduit can only be reached using the
      # reverse proxy
      address = "127.0.0.1"

      allow_check_for_updates = true
      allow_federation = true

      # Enables registration. If set to false, no users can register on
      # this server.
      allow_registration = true

      database_backend = "rocksdb"

      # This is the only directory where Conduit will save its data
      database_path = "/var/lib/matrix-conduit/"

      # Enable the display name lightning bolt on registration.
      enable_lightning_bolt = false

      # Max size for uploads in bytes (100MB)
      max_request_size = 100_000_000

      # The port Conduit will be running on. You need to set up a
      # reverse proxy in your web server (e.g. apache or nginx), so all
      # requests to /_matrix on port 443 and 8448 will be forwarded to
      # the Conduit instance running on this port
      port = 6167

      # A static registration token that new users will have to provide
      # when creating an account. YOU NEED TO EDIT THIS.
      # - Insert a password that users will have to enter
      #   on registration
      # - Start the line with "#" to remove the condition
      registration_token = "your-generated-token"

      server_name = "matrix.webb.page"

      # Servers listed here will be used to gather public keys of
      # other servers.
      trusted_servers = ["matrix.org"]
      ```

      Now we've gotta set file permissions. Almost done!

      ```sh
      chown -R root:root /etc/matrix-conduit

      chmod 755 /etc/matrix-conduit

      # gotta make more directories
      mkdir -p /var/lib/matrix-conduit/

      chown -R conduit:conduit /var/lib/matrix-conduit/

      chmod 700 /var/lib/matrix-conduit/
      ```

      I already had Caddy setup from my new server install script[6],
      but here's the relevant portion:

      ```sh
      apt install debian-keyring debian-archive-keyring apt-transport-https curl -y

      curl -1sLf "https://dl.cloudsmith.io/public/caddy/stable/gpg.key" | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg

      curl -1sLf "https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt" | tee /etc/apt/sources.list.d/caddy-stable.list

      apt update -y

      apt install caddy -y
      ```

      The Conduit tutorial mentions making a particular directory for
      the Caddy config but that didn't work for me. Instead, do this:

      ```sh
      nano /etc/caddy/Caddyfile
      ```

      Obviously you'll swap my domains for yours.

      ```
      matrix.webb.page, matrix.webb.page:8448 {
        reverse_proxy /_matrix/* 127.0.0.1:6167
      }
      ```

      Reload Caddy and enable Conduit!

      ```sh
      service caddy reload

      systemctl start conduit

      systemctl enable conduit
      ```

      To ensure your Matrix server works, run these locally (not on your
      server). Oh, and if you don't have `jq`[7] installed…why not? Just
      remove "| jq" to get raw JSON (jq is a pretty formatter).

      ```sh
      curl https://matrix.webb.page/_matrix/client/versions | jq

      # if using port 8448
      curl https://matrix.webb.page:8448/_matrix/client/versions | jq
      ```

      Your response should look like this:

      ```json
      {
        "versions": [
          "r0.5.0",
          "r0.6.0",
          "v1.1",
          "v1.2",
          "v1.3",
          "v1.4",
          "v1.5"
        ],
        "unstable_features": {
          "org.matrix.e2e_cross_signing": true,
          "org.matrix.msc3916.stable": true
        }
      }
      ```

   2. Install Element

      Getting Elememt installed[8] is quite simple.

      ```sh
      apt install -y wget apt-transport-https

      wget -O /usr/share/keyrings/element-io-archive-keyring.gpg https://packages.element.io/debian/element-io-archive-keyring.gpg

      echo "deb [signed-by=/usr/share/keyrings/element-io-archive-keyring.gpg] https://packages.element.io/debian/ default main" | sudo tee /etc/apt/sources.list.d/element-io.list

      apt update -y

      apt install -y element-web

      nano /etc/element-web/config.json
      ```

      Here is the relevant portion that I changed in my Element config:

      ```json
        "default_server_config": {
          "m.homeserver": {
            "base_url": "https://matrix.webb.page",
            "server_name": "webb.page"
          },
          "m.identity_server": {
            "base_url": "https://vector.im"
          }
        },
      ```

      You're gonna add something new to your Caddyfile as well:

      ```sh
      nano /etc/caddy/Caddyfile
      ```

      ```
      # again, swap my domain for yours

      element.webb.page {
        file_server
        root * /usr/share/element-web
      }
      ```

      You made another change so refresh Caddy.

      ```sh
      service caddy reload
      ```

   FIN

      That should be it! I hope I didn't leave anything out and if I
      did, you know where to find and correct me. Hope this helps!

      🕸️

      EDIT: Made my file upload limit 200MB because 100MB wasn't enough.
      Also learned that you need to close and re‑open your Element
      client so it syncs the new limit. You'd think
      `service conduit restart` would actually restart but it seems to
      hang for me…or maybe I'm just impatient so I end up rebooting
      my server.

References

   [1] <https://element.io/pricing>
   [2] <https://www.swisstransfer.com>
   [3] <https://conduit.rs>
   [4] <https://ems-docs.element.io/books/element-server-suite-documentation-lts-2310/page/setting-up-sliding-sync>
   [5] <https://docs.conduit.rs/deploying/generic.html#installing-conduit>
   [6] <https://gist.github.com/NetOpWibby/4b8c4729b18171a1c3d322837835cf68>
   [7] <https://formulae.brew.sh/formula/jq>
   [8] <https://github.com/element-hq/element-web/blob/develop/docs/install.md>