This howto explains how to install the matrix-synapse server including the mautrix-whatsapp bridge. Maybe other bridges will follow. Thanks to @robb for inspiring and testing.
I ended up using docker-compose because it was the only way for me to make the database container work.
Download and install docker-compose:
curl -L https://github.com/docker/compose/releases/download/v2.15.0/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
Create the synapse-docker directory:
mkdir /opt/synapse-docker
Create /opt/synapse-docker/docker-compose.yml
with following content:
version: '3.7'
services:
synapse:
image: docker.io/matrixdotorg/synapse:latest
restart: unless-stopped
volumes:
- ./synapse-data:/data
depends_on:
- db
ports:
- '127.0.0.1:8008:8008/tcp'
db:
image: docker.io/postgres:latest
restart: unless-stopped
environment:
- POSTGRES_USER=synapse
- POSTGRES_PASSWORD=synapse
- POSTGRES_INITDB_ARGS=--encoding='UTF8' --lc-collate='C' --lc-ctype='C'
volumes:
- ./postgres-data:/var/lib/postgresql/data
mautrix-whatsapp:
container_name: mautrix-whatsapp
image: dock.mau.dev/mautrix/whatsapp:latest
restart: unless-stopped
volumes:
- ./mautrix-whatsapp:/data
networks:
default:
name: aqua
external: true
Create /etc/httpd/conf.d/a_synapse.conf
with following content and edit the ServerName to match your domain:
<VirtualHost *:443>
SSLEngine on
ServerName matrix.example.com
AllowEncodedSlashes NoDecode
ProxyPass /_matrix http://127.0.0.1:8008/_matrix nocanon
ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix
</VirtualHost>
Listen 8448
<VirtualHost *:8448>
SSLEngine on
AllowEncodedSlashes NoDecode
ProxyPass /_matrix http://127.0.0.1:8008/_matrix nocanon
ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix
</VirtualHost>
Restart httpd to apply the config:
systemctl restart httpd
Enter the synapse-docker dir, else docker-compose wonât work:
cd /opt/synapse-docker
Run the below Docker command to generate the synapse config file, edit SYNAPSE_SERVER_NAME to match your domain:
docker run -it --rm \
-v $PWD/synapse-data:/data \
-e SYNAPSE_SERVER_NAME=matrix.example.com \
-e SYNAPSE_REPORT_STATS=no \
matrixdotorg/synapse:latest generate
Remove/comment out the sqlite database and add the postgresql database section in synapse-data/homeserver.yaml
so it looks like
#database:
# name: sqlite3
# args:
# database: /data/homeserver.db
database:
name: psycopg2
args:
user: synapse
password: synapse
database: synapse
host: db # The service name defined in your docker-compose file
cp_min: 5
cp_max: 10
Run the following Docker command to generate mautrix-whatsapp config in mautrix-whatsapp:
docker run --rm -v $PWD/mautrix-whatsapp:/data:z dock.mau.dev/mautrix/whatsapp:latest
Edit mautrix-whatsapp/config.yaml and change addresses, domain and uri:
- homeserver address:
https://matrix.example.com
- homeserver domain:
matrix.example.com
- appservice address:
http://mautrix-whatsapp:29318
- database uri:
postgres://synapse:synapse@db/mautrix?sslmode=disable
- Set your domain at the permissions section:
permissions:
"*": relay
"matrix.example.com": user
"@admin:matrix.example.com": admin
Run the following Docker command to generate registration file
docker run --rm -v $PWD/mautrix-whatsapp:/data:z dock.mau.dev/mautrix/whatsapp:latest
Copy the registration to a directory where synapse can read it and set owner:
cp mautrix-whatsapp/registration.yaml synapse-data/
chown 991:991 synapse-data/registration.yaml
Add the following registration entry at the end of synapse-data/homeserver.yaml
app_service_config_files:
- /data/registration.yaml
Add the firewall rule for port 8448 (used for federation):
config set synapse service status enabled TCPPort 8448 access red,green
signal-event firewall-adjust
Start the containers using docker-compose:
docker-compose up -d
Wait until containers are up or the following command wonât work because it needs the database container.
To stop the containers if needed, eg for restarting:
docker-compose down
Create mautrix database:
docker exec -it synapse-docker-db-1 psql -U synapse
CREATE DATABASE mautrix
ENCODING 'UTF8'
LC_COLLATE='C'
LC_CTYPE='C'
template=template0
OWNER synapse;
\q
Install Element web client v1.11.20, check Releases · vector-im/element-web · GitHub for new releases:
wget https://github.com/vector-im/element-web/releases/download/v1.11.20/element-v1.11.20.tar.gz
tar -xzf element-v1.11.20.tar.gz
mv element-v1.11.20 /var/www/html/element
cp /var/www/html/element/config.sample.json /var/www/html/element/config.json
rm -f element-v1.11.20.tar.gz
Run the following Docker command to create a user:
docker exec -it synapse-docker-synapse-1 register_new_matrix_user http://localhost:8008 -c /data/homeserver.yaml
Login to the element web client at https://matrix.example.com/element
To connect to the Whatsapp bridge you need to start a chat to @whatsappbot:matrix.example.com
.
help
shows some information about usable commands.
login
shows a QR Code to connect WhatsApp Web to the bridge. After connecting the bridge should work and you get the WA messages in your element client.
Synapse-admin
To make the synapse admin api work, we need to add a location directive to /etc/httpd/conf.d/a_synapse.conf
:
<VirtualHost *:443>
SSLEngine on
ServerName example.com
AllowEncodedSlashes NoDecode
ProxyPreserveHost on
ProxyPass /_matrix http://127.0.0.1:8008/_matrix nocanon
ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix
<Location /_synapse/admin>
Require all denied
# Change the network as needed, we don't want to allow the synapse admin api to public.
Require ip 192.168.1.0/24
ProxyPass http://127.0.0.1:8008/_synapse/admin nocanon
ProxyPassReverse http://127.0.0.1:8008/_synapse/admin
</Location>
</VirtualHost>
The synapse-admin service needs to be added to the docker-compose.yml
: (in this example itâs added after the synapse service)
services:
synapse:
image: docker.io/matrixdotorg/synapse:latest
restart: unless-stopped
volumes:
- ./synapse-data:/data
- ./shared_secret_authenticator.py:/usr/local/lib/python3.9/site-packages$
depends_on:
- db
ports:
- '127.0.0.1:8008:8008/tcp'
synapse-admin:
container_name: synapse-admin
hostname: synapse-admin
image: awesometechnologies/synapse-admin
ports:
- "8095:80"
restart: unless-stopped
A reverse proxy is needed to reach the site:
Start the synapse admin:
docker-compose up -d synapse-admin
Now the Synapse Admin should be reachable via the reverse proxy. Login is possible with synapse admins only.