README.rst 19 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458
  1. =========================================================
  2. Synapse |support| |development| |license| |pypi| |python|
  3. =========================================================
  4. .. contents::
  5. Introduction
  6. ============
  7. Matrix is an ambitious new ecosystem for open federated Instant Messaging and
  8. VoIP. The basics you need to know to get up and running are:
  9. - Everything in Matrix happens in a room. Rooms are distributed and do not
  10. exist on any single server. Rooms can be located using convenience aliases
  11. like ``#matrix:matrix.org`` or ``#test:localhost:8448``.
  12. - Matrix user IDs look like ``@matthew:matrix.org`` (although in the future
  13. you will normally refer to yourself and others using a third party identifier
  14. (3PID): email address, phone number, etc rather than manipulating Matrix user IDs)
  15. The overall architecture is::
  16. client <----> homeserver <=====================> homeserver <----> client
  17. https://somewhere.org/_matrix https://elsewhere.net/_matrix
  18. ``#matrix:matrix.org`` is the official support room for Matrix, and can be
  19. accessed by any client from https://matrix.org/docs/projects/try-matrix-now.html or
  20. via IRC bridge at irc://irc.libera.chat/matrix.
  21. Synapse is currently in rapid development, but as of version 0.5 we believe it
  22. is sufficiently stable to be run as an internet-facing service for real usage!
  23. About Matrix
  24. ============
  25. Matrix specifies a set of pragmatic RESTful HTTP JSON APIs as an open standard,
  26. which handle:
  27. - Creating and managing fully distributed chat rooms with no
  28. single points of control or failure
  29. - Eventually-consistent cryptographically secure synchronisation of room
  30. state across a global open network of federated servers and services
  31. - Sending and receiving extensible messages in a room with (optional)
  32. end-to-end encryption
  33. - Inviting, joining, leaving, kicking, banning room members
  34. - Managing user accounts (registration, login, logout)
  35. - Using 3rd Party IDs (3PIDs) such as email addresses, phone numbers,
  36. Facebook accounts to authenticate, identify and discover users on Matrix.
  37. - Placing 1:1 VoIP and Video calls
  38. These APIs are intended to be implemented on a wide range of servers, services
  39. and clients, letting developers build messaging and VoIP functionality on top
  40. of the entirely open Matrix ecosystem rather than using closed or proprietary
  41. solutions. The hope is for Matrix to act as the building blocks for a new
  42. generation of fully open and interoperable messaging and VoIP apps for the
  43. internet.
  44. Synapse is a reference "homeserver" implementation of Matrix from the core
  45. development team at matrix.org, written in Python/Twisted. It is intended to
  46. showcase the concept of Matrix and let folks see the spec in the context of a
  47. codebase and let you run your own homeserver and generally help bootstrap the
  48. ecosystem.
  49. In Matrix, every user runs one or more Matrix clients, which connect through to
  50. a Matrix homeserver. The homeserver stores all their personal chat history and
  51. user account information - much as a mail client connects through to an
  52. IMAP/SMTP server. Just like email, you can either run your own Matrix
  53. homeserver and control and own your own communications and history or use one
  54. hosted by someone else (e.g. matrix.org) - there is no single point of control
  55. or mandatory service provider in Matrix, unlike WhatsApp, Facebook, Hangouts,
  56. etc.
  57. We'd like to invite you to join #matrix:matrix.org (via
  58. https://matrix.org/docs/projects/try-matrix-now.html), run a homeserver, take a look
  59. at the `Matrix spec <https://matrix.org/docs/spec>`_, and experiment with the
  60. `APIs <https://matrix.org/docs/api>`_ and `Client SDKs
  61. <https://matrix.org/docs/projects/try-matrix-now.html#client-sdks>`_.
  62. Thanks for using Matrix!
  63. Support
  64. =======
  65. For support installing or managing Synapse, please join |room|_ (from a matrix.org
  66. account if necessary) and ask questions there. We do not use GitHub issues for
  67. support requests, only for bug reports and feature requests.
  68. .. |room| replace:: ``#synapse:matrix.org``
  69. .. _room: https://matrix.to/#/#synapse:matrix.org
  70. Synapse Installation
  71. ====================
  72. .. _federation:
  73. * For details on how to install synapse, see
  74. `Installation Instructions <https://matrix-org.github.io/synapse/latest/setup/installation.html>`_.
  75. * For specific details on how to configure Synapse for federation see `docs/federate.md <docs/federate.md>`_
  76. Connecting to Synapse from a client
  77. ===================================
  78. The easiest way to try out your new Synapse installation is by connecting to it
  79. from a web client.
  80. Unless you are running a test instance of Synapse on your local machine, in
  81. general, you will need to enable TLS support before you can successfully
  82. connect from a client: see
  83. `TLS certificates <https://matrix-org.github.io/synapse/latest/setup/installation.html#tls-certificates>`_.
  84. An easy way to get started is to login or register via Element at
  85. https://app.element.io/#/login or https://app.element.io/#/register respectively.
  86. You will need to change the server you are logging into from ``matrix.org``
  87. and instead specify a Homeserver URL of ``https://<server_name>:8448``
  88. (or just ``https://<server_name>`` if you are using a reverse proxy).
  89. If you prefer to use another client, refer to our
  90. `client breakdown <https://matrix.org/docs/projects/clients-matrix>`_.
  91. If all goes well you should at least be able to log in, create a room, and
  92. start sending messages.
  93. .. _`client-user-reg`:
  94. Registering a new user from a client
  95. ------------------------------------
  96. By default, registration of new users via Matrix clients is disabled. To enable
  97. it, specify ``enable_registration: true`` in ``homeserver.yaml``. (It is then
  98. recommended to also set up CAPTCHA - see `<docs/CAPTCHA_SETUP.md>`_.)
  99. Once ``enable_registration`` is set to ``true``, it is possible to register a
  100. user via a Matrix client.
  101. Your new user name will be formed partly from the ``server_name``, and partly
  102. from a localpart you specify when you create the account. Your name will take
  103. the form of::
  104. @localpart:my.domain.name
  105. (pronounced "at localpart on my dot domain dot name").
  106. As when logging in, you will need to specify a "Custom server". Specify your
  107. desired ``localpart`` in the 'User name' box.
  108. Security note
  109. =============
  110. Matrix serves raw, user-supplied data in some APIs -- specifically the `content
  111. repository endpoints`_.
  112. .. _content repository endpoints: https://matrix.org/docs/spec/client_server/latest.html#get-matrix-media-r0-download-servername-mediaid
  113. Whilst we make a reasonable effort to mitigate against XSS attacks (for
  114. instance, by using `CSP`_), a Matrix homeserver should not be hosted on a
  115. domain hosting other web applications. This especially applies to sharing
  116. the domain with Matrix web clients and other sensitive applications like
  117. webmail. See
  118. https://developer.github.com/changes/2014-04-25-user-content-security for more
  119. information.
  120. .. _CSP: https://github.com/matrix-org/synapse/pull/1021
  121. Ideally, the homeserver should not simply be on a different subdomain, but on
  122. a completely different `registered domain`_ (also known as top-level site or
  123. eTLD+1). This is because `some attacks`_ are still possible as long as the two
  124. applications share the same registered domain.
  125. .. _registered domain: https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-03#section-2.3
  126. .. _some attacks: https://en.wikipedia.org/wiki/Session_fixation#Attacks_using_cross-subdomain_cookie
  127. To illustrate this with an example, if your Element Web or other sensitive web
  128. application is hosted on ``A.example1.com``, you should ideally host Synapse on
  129. ``example2.com``. Some amount of protection is offered by hosting on
  130. ``B.example1.com`` instead, so this is also acceptable in some scenarios.
  131. However, you should *not* host your Synapse on ``A.example1.com``.
  132. Note that all of the above refers exclusively to the domain used in Synapse's
  133. ``public_baseurl`` setting. In particular, it has no bearing on the domain
  134. mentioned in MXIDs hosted on that server.
  135. Following this advice ensures that even if an XSS is found in Synapse, the
  136. impact to other applications will be minimal.
  137. Upgrading an existing Synapse
  138. =============================
  139. The instructions for upgrading synapse are in `the upgrade notes`_.
  140. Please check these instructions as upgrading may require extra steps for some
  141. versions of synapse.
  142. .. _the upgrade notes: https://matrix-org.github.io/synapse/develop/upgrade.html
  143. .. _reverse-proxy:
  144. Using a reverse proxy with Synapse
  145. ==================================
  146. It is recommended to put a reverse proxy such as
  147. `nginx <https://nginx.org/en/docs/http/ngx_http_proxy_module.html>`_,
  148. `Apache <https://httpd.apache.org/docs/current/mod/mod_proxy_http.html>`_,
  149. `Caddy <https://caddyserver.com/docs/quick-starts/reverse-proxy>`_,
  150. `HAProxy <https://www.haproxy.org/>`_ or
  151. `relayd <https://man.openbsd.org/relayd.8>`_ in front of Synapse. One advantage of
  152. doing so is that it means that you can expose the default https port (443) to
  153. Matrix clients without needing to run Synapse with root privileges.
  154. For information on configuring one, see `<docs/reverse_proxy.md>`_.
  155. Identity Servers
  156. ================
  157. Identity servers have the job of mapping email addresses and other 3rd Party
  158. IDs (3PIDs) to Matrix user IDs, as well as verifying the ownership of 3PIDs
  159. before creating that mapping.
  160. **They are not where accounts or credentials are stored - these live on home
  161. servers. Identity Servers are just for mapping 3rd party IDs to matrix IDs.**
  162. This process is very security-sensitive, as there is obvious risk of spam if it
  163. is too easy to sign up for Matrix accounts or harvest 3PID data. In the longer
  164. term, we hope to create a decentralised system to manage it (`matrix-doc #712
  165. <https://github.com/matrix-org/matrix-doc/issues/712>`_), but in the meantime,
  166. the role of managing trusted identity in the Matrix ecosystem is farmed out to
  167. a cluster of known trusted ecosystem partners, who run 'Matrix Identity
  168. Servers' such as `Sydent <https://github.com/matrix-org/sydent>`_, whose role
  169. is purely to authenticate and track 3PID logins and publish end-user public
  170. keys.
  171. You can host your own copy of Sydent, but this will prevent you reaching other
  172. users in the Matrix ecosystem via their email address, and prevent them finding
  173. you. We therefore recommend that you use one of the centralised identity servers
  174. at ``https://matrix.org`` or ``https://vector.im`` for now.
  175. To reiterate: the Identity server will only be used if you choose to associate
  176. an email address with your account, or send an invite to another user via their
  177. email address.
  178. Password reset
  179. ==============
  180. Users can reset their password through their client. Alternatively, a server admin
  181. can reset a users password using the `admin API <docs/admin_api/user_admin_api.rst#reset-password>`_
  182. or by directly editing the database as shown below.
  183. First calculate the hash of the new password::
  184. $ ~/synapse/env/bin/hash_password
  185. Password:
  186. Confirm password:
  187. $2a$12$xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  188. Then update the ``users`` table in the database::
  189. UPDATE users SET password_hash='$2a$12$xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
  190. WHERE name='@test:test.com';
  191. Synapse Development
  192. ===================
  193. Join our developer community on Matrix: `#synapse-dev:matrix.org <https://matrix.to/#/#synapse-dev:matrix.org>`_
  194. Before setting up a development environment for synapse, make sure you have the
  195. system dependencies (such as the python header files) installed - see
  196. `Installing from source <https://matrix-org.github.io/synapse/latest/setup/installation.html#installing-from-source>`_.
  197. To check out a synapse for development, clone the git repo into a working
  198. directory of your choice::
  199. git clone https://github.com/matrix-org/synapse.git
  200. cd synapse
  201. Synapse has a number of external dependencies, that are easiest
  202. to install using pip and a virtualenv::
  203. python3 -m venv ./env
  204. source ./env/bin/activate
  205. pip install -e ".[all,test]"
  206. This will run a process of downloading and installing all the needed
  207. dependencies into a virtual env. If any dependencies fail to install,
  208. try installing the failing modules individually::
  209. pip install -e "module-name"
  210. We recommend using the demo which starts 3 federated instances running on ports `8080` - `8082`
  211. ./demo/start.sh
  212. (to stop, you can use `./demo/stop.sh`)
  213. If you just want to start a single instance of the app and run it directly::
  214. # Create the homeserver.yaml config once
  215. python -m synapse.app.homeserver \
  216. --server-name my.domain.name \
  217. --config-path homeserver.yaml \
  218. --generate-config \
  219. --report-stats=[yes|no]
  220. # Start the app
  221. python -m synapse.app.homeserver --config-path homeserver.yaml
  222. Running the unit tests
  223. ======================
  224. After getting up and running, you may wish to run Synapse's unit tests to
  225. check that everything is installed correctly::
  226. trial tests
  227. This should end with a 'PASSED' result (note that exact numbers will
  228. differ)::
  229. Ran 1337 tests in 716.064s
  230. PASSED (skips=15, successes=1322)
  231. For more tips on running the unit tests, like running a specific test or
  232. to see the logging output, see the `CONTRIBUTING doc <CONTRIBUTING.md#run-the-unit-tests>`_.
  233. Running the Integration Tests
  234. =============================
  235. Synapse is accompanied by `SyTest <https://github.com/matrix-org/sytest>`_,
  236. a Matrix homeserver integration testing suite, which uses HTTP requests to
  237. access the API as a Matrix client would. It is able to run Synapse directly from
  238. the source tree, so installation of the server is not required.
  239. Testing with SyTest is recommended for verifying that changes related to the
  240. Client-Server API are functioning correctly. See the `SyTest installation
  241. instructions <https://github.com/matrix-org/sytest#installing>`_ for details.
  242. Platform dependencies
  243. =====================
  244. Synapse uses a number of platform dependencies such as Python and PostgreSQL,
  245. and aims to follow supported upstream versions. See the
  246. `<docs/deprecation_policy.md>`_ document for more details.
  247. Troubleshooting
  248. ===============
  249. Need help? Join our community support room on Matrix:
  250. `#synapse:matrix.org <https://matrix.to/#/#synapse:matrix.org>`_
  251. Running out of File Handles
  252. ---------------------------
  253. If synapse runs out of file handles, it typically fails badly - live-locking
  254. at 100% CPU, and/or failing to accept new TCP connections (blocking the
  255. connecting client). Matrix currently can legitimately use a lot of file handles,
  256. thanks to busy rooms like #matrix:matrix.org containing hundreds of participating
  257. servers. The first time a server talks in a room it will try to connect
  258. simultaneously to all participating servers, which could exhaust the available
  259. file descriptors between DNS queries & HTTPS sockets, especially if DNS is slow
  260. to respond. (We need to improve the routing algorithm used to be better than
  261. full mesh, but as of March 2019 this hasn't happened yet).
  262. If you hit this failure mode, we recommend increasing the maximum number of
  263. open file handles to be at least 4096 (assuming a default of 1024 or 256).
  264. This is typically done by editing ``/etc/security/limits.conf``
  265. Separately, Synapse may leak file handles if inbound HTTP requests get stuck
  266. during processing - e.g. blocked behind a lock or talking to a remote server etc.
  267. This is best diagnosed by matching up the 'Received request' and 'Processed request'
  268. log lines and looking for any 'Processed request' lines which take more than
  269. a few seconds to execute. Please let us know at #synapse:matrix.org if
  270. you see this failure mode so we can help debug it, however.
  271. Help!! Synapse is slow and eats all my RAM/CPU!
  272. -----------------------------------------------
  273. First, ensure you are running the latest version of Synapse, using Python 3
  274. with a PostgreSQL database.
  275. Synapse's architecture is quite RAM hungry currently - we deliberately
  276. cache a lot of recent room data and metadata in RAM in order to speed up
  277. common requests. We'll improve this in the future, but for now the easiest
  278. way to either reduce the RAM usage (at the risk of slowing things down)
  279. is to set the almost-undocumented ``SYNAPSE_CACHE_FACTOR`` environment
  280. variable. The default is 0.5, which can be decreased to reduce RAM usage
  281. in memory constrained enviroments, or increased if performance starts to
  282. degrade.
  283. However, degraded performance due to a low cache factor, common on
  284. machines with slow disks, often leads to explosions in memory use due
  285. backlogged requests. In this case, reducing the cache factor will make
  286. things worse. Instead, try increasing it drastically. 2.0 is a good
  287. starting value.
  288. Using `libjemalloc <http://jemalloc.net/>`_ can also yield a significant
  289. improvement in overall memory use, and especially in terms of giving back
  290. RAM to the OS. To use it, the library must simply be put in the
  291. LD_PRELOAD environment variable when launching Synapse. On Debian, this
  292. can be done by installing the ``libjemalloc1`` package and adding this
  293. line to ``/etc/default/matrix-synapse``::
  294. LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libjemalloc.so.1
  295. This can make a significant difference on Python 2.7 - it's unclear how
  296. much of an improvement it provides on Python 3.x.
  297. If you're encountering high CPU use by the Synapse process itself, you
  298. may be affected by a bug with presence tracking that leads to a
  299. massive excess of outgoing federation requests (see `discussion
  300. <https://github.com/matrix-org/synapse/issues/3971>`_). If metrics
  301. indicate that your server is also issuing far more outgoing federation
  302. requests than can be accounted for by your users' activity, this is a
  303. likely cause. The misbehavior can be worked around by setting
  304. the following in the Synapse config file:
  305. .. code-block:: yaml
  306. presence:
  307. enabled: false
  308. People can't accept room invitations from me
  309. --------------------------------------------
  310. The typical failure mode here is that you send an invitation to someone
  311. to join a room or direct chat, but when they go to accept it, they get an
  312. error (typically along the lines of "Invalid signature"). They might see
  313. something like the following in their logs::
  314. 2019-09-11 19:32:04,271 - synapse.federation.transport.server - 288 - WARNING - GET-11752 - authenticate_request failed: 401: Invalid signature for server <server> with key ed25519:a_EqML: Unable to verify signature for <server>
  315. This is normally caused by a misconfiguration in your reverse-proxy. See
  316. `<docs/reverse_proxy.md>`_ and double-check that your settings are correct.
  317. .. |support| image:: https://img.shields.io/matrix/synapse:matrix.org?label=support&logo=matrix
  318. :alt: (get support on #synapse:matrix.org)
  319. :target: https://matrix.to/#/#synapse:matrix.org
  320. .. |development| image:: https://img.shields.io/matrix/synapse-dev:matrix.org?label=development&logo=matrix
  321. :alt: (discuss development on #synapse-dev:matrix.org)
  322. :target: https://matrix.to/#/#synapse-dev:matrix.org
  323. .. |license| image:: https://img.shields.io/github/license/matrix-org/synapse
  324. :alt: (check license in LICENSE file)
  325. :target: LICENSE
  326. .. |pypi| image:: https://img.shields.io/pypi/v/matrix-synapse
  327. :alt: (latest version released on PyPi)
  328. :target: https://pypi.org/project/matrix-synapse
  329. .. |python| image:: https://img.shields.io/pypi/pyversions/matrix-synapse
  330. :alt: (supported python versions)
  331. :target: https://pypi.org/project/matrix-synapse