Add Matrix homeserver with MatrixRTC calling support

- Synapse + PostgreSQL + coturn + LiveKit + lk-jwt-service - Caddy entries for mtx.alogins.net, lk.alogins.net, lkjwt.alogins.net - well-known endpoints for Matrix client/server discovery and RTC transport - Users: admin, elizaveta, aleksandra Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-15 14:12:13 +00:00
parent 002f9863b0
commit e04f9059ae
7 changed files with 246 additions and 0 deletions
--- a/27
+++ b/27
@@ -89,6 +89,33 @@ vw.alogins.net {
 	reverse_proxy localhost:8041
 }
 mtx.alogins.net {
 	handle /.well-known/matrix/client {
 		header Content-Type application/json
 		header Access-Control-Allow-Origin *
 		respond `{"m.homeserver":{"base_url":"https://mtx.alogins.net"},"org.matrix.msc4143.rtc_foci":[{"type":"livekit","livekit_service_url":"https://lkjwt.alogins.net"}]}`
 	}
 	handle /.well-known/matrix/server {
 		header Content-Type application/json
 		header Access-Control-Allow-Origin *
 		respond `{"m.server":"mtx.alogins.net:443"}`
 	}
 	handle /_matrix/client/unstable/org.matrix.msc4143/rtc/transports {
 		header Content-Type application/json
 		header Access-Control-Allow-Origin *
 		respond `{"foci":[{"type":"livekit","livekit_service_url":"https://lkjwt.alogins.net"}]}`
 	}
 	reverse_proxy localhost:8008
 }
 lkjwt.alogins.net {
 	reverse_proxy localhost:8009
 }
 lk.alogins.net {
 	reverse_proxy localhost:7880
 }
 localhost:8042 {
 	reverse_proxy localhost:8041
    	tls internal
--- a/matrix/.env
+++ b/matrix/.env
@@ -0,0 +1,7 @@
 SYNAPSE_DATA=./data/synapse
 POSTGRES_DATA=./data/postgres
 POSTGRES_USER=synapse
 POSTGRES_PASSWORD=OimW4JUSXhZBCtLHE1kFnZ7cWVbESsxynapnJ+PSw/4=
 POSTGRES_DB=synapse
 LIVEKIT_KEY=devkey
 LIVEKIT_SECRET=ef3ef4b903ca8469b09b2dd7ab6af529c4d2f3c95668f53832fc351cf67777a9
--- a/matrix/.gitignore
+++ b/matrix/.gitignore
@@ -0,0 +1 @@
 data/
--- a/matrix/README.md
+++ b/matrix/README.md
@@ -0,0 +1,105 @@
 # Matrix Home Server
 Self-hosted Matrix homeserver running on `mtx.alogins.net`.
 ## Stack
 | Service | Purpose |
 |---------|---------|
 | Synapse | Matrix homeserver |
 | PostgreSQL | Synapse database |
 | LiveKit | MatrixRTC media server (calls) |
 | lk-jwt-service | LiveKit JWT auth for Matrix users |
 | coturn | TURN/STUN server (ICE fallback) |
 ## Clients
 - **Element X** (Android/iOS) — recommended, full call support
 - **FluffyChat** — messaging only, calls not supported
 Connect clients to: `https://mtx.alogins.net`
 ## Users
 | Username | Admin |
 |----------|-------|
 | admin | yes |
 | elizaveta | no |
 | aleksandra | no |
 ## Managing Users
 ```bash
 # Add user
 docker exec synapse register_new_matrix_user \
  -c /data/homeserver.yaml \
  -u <username> -p <password> --no-admin \
  http://localhost:8008
 # Add admin
 docker exec synapse register_new_matrix_user \
  -c /data/homeserver.yaml \
  -u <username> -p <password> -a \
  http://localhost:8008
 ```
 ## Start / Stop
 ```bash
 cd /home/alvis/agap_git/matrix
 docker compose up -d       # start all
 docker compose down        # stop all
 docker compose restart     # restart all
 docker compose ps          # status
 docker compose logs -f     # logs
 ```
 ## Caddy
 Entries in `/home/alvis/agap_git/Caddyfile`:
 | Domain | Purpose |
 |--------|---------|
 | `mtx.alogins.net` | Synapse + well-known |
 | `lk.alogins.net` | LiveKit SFU |
 | `lkjwt.alogins.net` | LiveKit JWT service |
 Deploy Caddyfile changes:
 ```bash
 sudo cp /home/alvis/agap_git/Caddyfile /etc/caddy/Caddyfile && sudo systemctl reload caddy
 ```
 ## Firewall Ports Required
 | Port | Protocol | Service |
 |------|----------|---------|
 | 443 | TCP | Caddy (HTTPS) |
 | 3478 | UDP+TCP | coturn TURN |
 | 5349 | UDP+TCP | coturn TURNS |
 | 7881 | TCP | LiveKit |
 | 49152-65535 | UDP | coturn relay |
 | 50100-50200 | UDP | LiveKit media |
 ## Data Locations
 | Data | Path |
 |------|------|
 | Synapse config & media | `./data/synapse/` |
 | PostgreSQL data | `./data/postgres/` |
 | LiveKit config | `./livekit/livekit.yaml` |
 | coturn config | `./coturn/turnserver.conf` |
 ## First-Time Setup (reference)
 ```bash
 # Generate Synapse config
 docker run --rm \
  -v ./data/synapse:/data \
  -e SYNAPSE_SERVER_NAME=mtx.alogins.net \
  -e SYNAPSE_REPORT_STATS=no \
  matrixdotorg/synapse:latest generate
 # Edit database section in data/synapse/homeserver.yaml, then:
 docker compose up -d
 ```
--- a/matrix/coturn/turnserver.conf
+++ b/matrix/coturn/turnserver.conf
@@ -0,0 +1,18 @@
 listening-port=3478
 tls-listening-port=5349
 external-ip=83.99.190.32/192.168.1.3
 realm=mtx.alogins.net
 server-name=mtx.alogins.net
 use-auth-secret
 static-auth-secret=144152cc09030796a4fd0109437dfc2089db2d5181b848d38d20c646c1d7a14b
 no-multicast-peers
 denied-peer-ip=10.0.0.0-10.255.255.255
 denied-peer-ip=172.16.0.0-172.31.255.255
 denied-peer-ip=192.168.0.0-192.168.255.255
 log-file=stdout
 no-software-attribute
--- a/matrix/docker-compose.yml
+++ b/matrix/docker-compose.yml
@@ -0,0 +1,73 @@
 services:
  synapse:
    image: matrixdotorg/synapse:latest
    container_name: synapse
    restart: unless-stopped
    volumes:
      - ${SYNAPSE_DATA}:/data
      - /etc/localtime:/etc/localtime:ro
    environment:
      - SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
    ports:
      - "127.0.0.1:8008:8008"
    depends_on:
      - db
    networks:
      - matrix
      - frontend
  db:
    image: postgres:16-alpine
    container_name: synapse-db
    restart: unless-stopped
    environment:
      - POSTGRES_USER=${POSTGRES_USER}
      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
      - POSTGRES_DB=${POSTGRES_DB}
      - POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C
    volumes:
      - ${POSTGRES_DATA}:/var/lib/postgresql/data
      - /etc/localtime:/etc/localtime:ro
    networks:
      - matrix
  lk-jwt-service:
    image: ghcr.io/element-hq/lk-jwt-service:latest
    container_name: lk-jwt-service
    restart: unless-stopped
    ports:
      - "127.0.0.1:8009:8080"
    environment:
      - LIVEKIT_JWT_BIND=:8080
      - LIVEKIT_URL=wss://lk.alogins.net
      - LIVEKIT_KEY=${LIVEKIT_KEY}
      - LIVEKIT_SECRET=${LIVEKIT_SECRET}
      - LIVEKIT_FULL_ACCESS_HOMESERVERS=mtx.alogins.net
    extra_hosts:
      - "mtx.alogins.net:host-gateway"
      - "lk.alogins.net:host-gateway"
  livekit:
    image: livekit/livekit-server:latest
    container_name: livekit
    restart: unless-stopped
    network_mode: host
    volumes:
      - ./livekit/livekit.yaml:/etc/livekit.yaml:ro
    command: --config /etc/livekit.yaml
  coturn:
    image: coturn/coturn:latest
    container_name: coturn
    restart: unless-stopped
    network_mode: host
    volumes:
      - ./coturn/turnserver.conf:/etc/coturn/turnserver.conf:ro
      - /etc/localtime:/etc/localtime:ro
 networks:
  matrix:
    driver: bridge
    internal: true
  frontend:
    driver: bridge
--- a/matrix/livekit/livekit.yaml
+++ b/matrix/livekit/livekit.yaml
@@ -0,0 +1,15 @@
 port: 7880
 rtc:
  tcp_port: 7881
  port_range_start: 50100
  port_range_end: 50200
  use_external_ip: true
 keys:
  devkey: ef3ef4b903ca8469b09b2dd7ab6af529c4d2f3c95668f53832fc351cf67777a9
 room:
  auto_create: false
 logging:
  level: info