init

.dockerignore

@@ -0,0 +1,5 @@
+.git
+.gitignore
+.dockerignore
+node_modules
+

CHANGELOG

@@ -0,0 +1,84 @@
+[0.1.0]
+* Initial version
+
+[0.1.1]
+* Removed the Riot part of the installation due to security
+* Changed from Sqlite to Postgres
+* Added LDAP support
+* Fixed upload limit in nginx_matrix.conf
+* Added bogus index.html so cloudron recognizes the matrix server as online
+* Added coturn as TURN server
+
+[0.1.2]
+* Updated logo (transparent)
+* Enabled email settings
+
+[0.1.3]
+* Changed log location of nginx due to backup crashes
+
+[0.1.4]
+* Changed log location of synapse due to backup crashes
+* Updated some configs
+
+[0.1.5]
+* Update to synapse v0.31.2
+
+[0.1.6]
+* Update to synapse v0.33.8
+
+[0.1.7]
+* Update to synapse v0.33.9
+
+[0.1.8]
+* Update to synapse v0.99.0
+* Fixed missing LDAP stuff
+
+[0.1.9]
+* Update to synapse v0.99.3
+
+[0.2.0]
+* Update to synapse v0.99.4
+
+[0.2.1]
+* Update to synapse v0.99.5.1
+
+[0.2.2]
+* Update to synapse v0.99.5.2
+
+[0.2.3]
+* Update to synapse v1.0.0
+* Fixed url preview
+* Fixed voip
+
+[0.2.4]
+* Fixed federation
+
+[0.2.5]
+* Update to synapse v1.1.0
+
+[0.2.6]
+* Update to synapse v1.2.1
+
+[0.2.7]
+* Update to synapse v1.3.0
+
+[0.2.8]
+* Update to synapse v1.3.1
+
+[0.2.9]
+* Update to synapse v1.4.0 (lots of changes)
+
+[0.3.0]
+* Update to synapse v1.4.1
+
+[0.3.1]
+* Update to synapse v1.5.1
+
+[0.3.3]
+* Update to synapse v1.6.0
+
+[0.3.4]
+* Update to synapse v1.6.1
+
+[0.3.5]
+* Update to synapse v1.8.0

CloudronManifest.json

@@ -0,0 +1,45 @@
+{
+  "id": "org.matrix.synapse",
+  "title": "Synapse: Matrix homeserver without Riot",
+  "author": "Matrix synapse authors",
+  "description": "file://DESCRIPTION.md",
+  "changelog": "file://CHANGELOG",
+  "tagline": "standalone matrix server",
+  "version": "0.3.5",
+  "healthCheckPath": "/",
+  "httpPort": 8000,
+  "memoryLimit": 536870912,
+  "udpPorts": {
+     "TURN_TLS_PORT": {
+       "title": "Default TURN Port",
+       "description": "Default TURN Port (udp)",
+       "defaultValue": 3478
+     }
+  },
+  "tcpPorts": {
+     "FEDERATION_PORT": {
+       "title": "Federation Port",
+       "description": "Federation Port",
+       "defaultValue": 8448
+     },
+     "WEBHOOKS_PORT": {
+       "title": "Webhooks Port",
+       "description": "Webhooks Port",
+       "defaultValue": 9000
+     }
+  },
+  "addons": {
+    "localstorage": {},
+    "ldap": {},
+    "postgresql": {},
+    "sendmail": {}
+  },
+  "manifestVersion": 1,
+  "website": "https://matrix.org",
+  "contactEmail": "support@cloudron.io",
+  "icon": "logo.png",
+  "tags": [
+    "im", "collaboration", "voip", "videochat"
+  ],
+  "mediaLinks": [ ]
+}

DESCRIPTION.md

@@ -0,0 +1 @@
+Please add the appstore description in markdown format here.

Dockerfile

@@ -0,0 +1,67 @@
+FROM cloudron/base:1.0.0@sha256:147a648a068a2e746644746bbfb42eb7a50d682437cead3c67c933c546357617
+
+MAINTAINER Authors name <support@cloudron.io>
+
+RUN mkdir -p /app/code/nginx
+
+WORKDIR /app/code
+
+ENV MATRIXVERSION=v1.8.0
+
+EXPOSE 8000
+EXPOSE 3478/udp
+# addons wip
+# EXPOSE 9000
+
+# nginx
+RUN rm /etc/nginx/sites-enabled/*
+ADD nginx_matrix.conf /etc/nginx/sites-enabled/
+RUN rm -rf /var/lib/nginx && ln -sf /app/data/nginx /var/lib/nginx
+RUN rm -rf /var/log/nginx && ln -sf /run/nginx_log /var/log/nginx
+
+# TURN
+RUN apt update && apt-get install -y coturn
+RUN sed -e 's,#TURNSERVER_ENABLED=1,TURNSERVER_ENABLED=1,' -i /etc/default/coturn && \
+    rm /etc/turnserver.conf && \
+    ln -s /app/data/turnserver.conf /etc/turnserver.conf
+
+# Synapse
+# a local copy is needed because of the mail templates, else the pip installation would suffice
+RUN git clone https://github.com/matrix-org/synapse.git
+RUN cd /app/code/synapse && git pull origin master
+
+RUN apt-get install -y build-essential python3-dev libffi-dev \
+                     python3-pip python-setuptools sqlite3 libxml2-dev \
+                     libssl-dev python-virtualenv libjpeg-dev libxslt1-dev libldap2-dev libsasl2-dev && \
+    rm -rf /var/cache/apt /var/lib/apt/lists
+
+RUN pip3 install --upgrade pip
+RUN pip3 install --upgrade setuptools
+RUN pip3 install psycopg2-binary python-ldap matrix-synapse-ldap3 lxml netaddr twisted jinja2 bleach bcrypt
+RUN pip3 install https://github.com/matrix-org/synapse/archive/${MATRIXVERSION}.tar.gz
+
+# install addons
+#RUN cd /app/code && git clone http://github.com/turt2live/matrix-appservice-webhooks
+#RUN cd /app/code/matrix-appservice-webhooks && npm install
+#RUN mv /app/code/matrix-appservice-webhooks/db /app/code/matrix-appservice-webhooks/db_orig && \
+    #dir for sqlite db
+#    ln -sf /app/data/appservice/db /app/code/matrix-appservice-webhooks/db && \
+    # config
+#    ln -sf /app/data/appservice/config/config.yaml /app/code/matrix-appservice-webhooks/config/config.yaml && \
+    # hooks
+#    ln -sf /app/data/appservice/appservice-registration-webhooks.yaml /app/code/matrix-appservice-webhooks/appservice-registration-webhooks.yaml
+
+
+# todo:
+# to create the config, run the following from /app/code/matrix-appservice-webhooks
+# node index.js -r -u "http://localhost:9000" -c config/config.yaml
+# add this to homeserver.yml and restart:
+# app_service_config_files: ["appservice-registration-webhooks.yaml"]
+# to start the appservice use
+# node index.js -p 9000 -c config/config.yaml -f appservice-registration-webhooks.yaml
+
+RUN chown -R www-data.www-data /app/code
+
+ADD start_matrix.sh /app/
+
+CMD [ "/app/start_matrix.sh" ]

LICENSE

@@ -0,0 +1,9 @@
+MIT License (MIT)
+Copyright (c) 2016 Cloudron UG
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+

README.md

@@ -0,0 +1 @@
+##matrixsynapse

nginx_matrix.conf

@@ -0,0 +1,20 @@
+server {
+    listen 8000;
+    listen [::]:8000;
+
+    server_name _;
+
+    # required, else the limit is 1mb
+    client_max_body_size 200M;
+
+    location / {
+        proxy_pass http://localhost:8008;
+        proxy_set_header X-Forwarded-For $remote_addr;
+    }
+
+    location /.well-known/matrix/server {
+        return 200 '{"m.server": "$host:443"}';
+        add_header Content-Type application/json;
+    }
+
+}

start_matrix.sh

@@ -0,0 +1,164 @@
+#!/bin/bash
+
+set -eux
+
+if [[ ! -f /app/data/synapse/homeserver.yaml ]]; then
+    echo "=> Detected first run"
+
+    # create dirs (for whatever reason the nginx dir couldn't get created by  nginx)
+    mkdir -p /app/data/synapse \
+             /app/data/nginx/fastcgi \
+             /run/nginx_log \
+             /run/synapse \
+             /run/turn_log \
+	     /app/data/appservice/config /app/data/appservice/db
+
+    # copy matrix-appservice-webhooks config
+#    cp /app/code/matrix-appservice-webhooks/config/sample.yaml /app/data/appservice/config/config.yaml
+#    ln -sf /app/data/appservice/appservice-registration-webhooks.yaml /app/data/synapse/appservice-registration-webhooks.yaml
+
+    # create certs
+    openssl req -new -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out /app/data/synapse/${APP_DOMAIN}.tls.crt -keyout /app/data/synapse/${APP_DOMAIN}.tls.key -subj "/C=DE/ST=Germany/L=Germany/O=Example/OU=Example/CN=${APP_DOMAIN}"
+
+    # fix permissions
+    chown -R www-data.www-data /run/synapse \
+                               /run/turn_log \
+                               /app/data
+
+    # copy turn config
+    cp /usr/share/coturn/examples/etc/turnserver.conf /app/data/turnserver.conf
+
+    # copy email templates for matrix
+    cp -r /app/code/synapse/synapse/res/templates /app/data/templates
+
+    # set default TURN listening port
+    if [ -z ${TURN_TLS_PORT+x} ]; then TURN_TLS_PORT="3478"; else echo "TURN_TLS_PORT is set to '$TURN_TLS_PORT'"; fi
+
+    cd /app/data/synapse
+    python3 -m synapse.app.homeserver \
+	    --server-name ${APP_DOMAIN} \
+	    --config-path homeserver.yaml \
+	    --report-stats=no \
+	    --generate-config
+
+    # synapse config
+    sed -i "s/server_name:.*/server_name: ${APP_DOMAIN}/" homeserver.yaml
+    sed -i "s/#public_baseurl:.*/public_baseurl: https:\/\/${APP_DOMAIN}/" homeserver.yaml
+    sed -i "s/web_client:.*/web_client: False/" homeserver.yaml
+    sed -i "s/bind_addresses: \['::1'.*/bind_addresses: \['0.0.0.0'\]/" homeserver.yaml
+    sed -i "s/sqlite3/psycopg2/" homeserver.yaml
+    sed -i "s/    database: .*/    user: ${POSTGRESQL_USERNAME}\n    password: ${POSTGRESQL_PASSWORD}\n    database: ${POSTGRESQL_DATABASE}\n    host: ${POSTGRESQL_HOST}\n    cp_min: 5\n    cp_max: 10/" homeserver.yaml
+    sed -i "s/#enable_registration:.*/enable_registration: True/" homeserver.yaml
+    sed -i "s/#password_providers:/password_providers:/" homeserver.yaml
+    sed -i 's/#    - module: "ldap_auth_provider.LdapAuthProvider"/    - module: "ldap_auth_provider.LdapAuthProvider"/' homeserver.yaml
+    sed -i 's/#      config:/      config:/' homeserver.yaml
+    sed -i 's/#        enabled: true/        enabled: true/' homeserver.yaml
+    sed -i "s,#        uri: .*,        uri: \"${LDAP_URL}\"," homeserver.yaml
+    sed -i 's/#        start_tls: true/        start_tls: false/' homeserver.yaml
+    sed -i 's/#        base: "ou=users,dc=example,dc=com"/        base: "ou=users,dc=cloudron"/' homeserver.yaml
+    sed -i 's/#        attributes:/        attributes:/' homeserver.yaml
+    sed -i 's/#           uid: "cn"/          uid: "username"/' homeserver.yaml
+    sed -i 's/#           mail: "email"/          mail: "mail"/' homeserver.yaml
+    sed -i 's/#           name: "givenName"/          name: "username"/' homeserver.yaml
+    sed -i 's/#max_upload_size:.*/max_upload_size: "100M"/' homeserver.yaml
+    sed -i 's/#auto_join_rooms:/auto_join_rooms:/' homeserver.yaml
+    sed -i 's/#  - "#example:example.com"/  - "#example:example.com"/' homeserver.yaml
+    sed -i "s/example:example.com/discuss:${APP_DOMAIN}/" homeserver.yaml
+    sed -i "s/turn_allow_guests:.*/turn_allow_guests: False/" homeserver.yaml
+    sed -i "s/enable_group_creation:.*/enable_group_creation: True/" homeserver.yaml
+    sed -i "s/enable_group_creation:.*/enable_group_creation: True/" homeserver.yaml
+    sed -i "s/#url_preview_enabled:.*/url_preview_enabled: true/" homeserver.yaml
+    sed -i "s/#url_preview_ip_range_blacklist.*/url_preview_ip_range_blacklist:\n  - '127.0.0.0\/8'\n  - '10.0.0.0\/8'/" homeserver.yaml
+
+    sed -i "s/## Server ##/## Server ##\n\nno_tls: True/" homeserver.yaml
+
+    # also enable the tls port, not quite sure why this is needed, but without it, no integratiosn are possible
+    #sed -i "s/#- port: 8448/- port: 8448/" homeserver.yaml
+    #sed -i "s/#  type: http/  type: http/" homeserver.yaml
+    #sed -i "s/#  tls: true/  tls: true/" homeserver.yaml
+    #sed -i "s/#  resources:/  resources:/" homeserver.yaml
+    #sed -i "s/#    - names: \[client, federation\]/    - names: \[client, federation\]/" homeserver.yaml
+    #sed -i "s/#tls_certificate_path:/tls_certificate_path:/" homeserver.yaml
+    #sed -i "s/#tls_private_key_path:/tls_private_key_path:/" homeserver.yaml
+
+
+    # get synapse log name and set path
+    LOG_CONFIG=$(ls *.log.config)
+    sed -i "s/log_file: .*/log_file: \"\/run\/synapse\/homeserver.log\"/" homeserver.yaml
+    sed -i "s/    filename:.*/    filename: \/run\/synapse\/homeserver.log/" ${LOG_CONFIG}
+
+
+    # coturn
+    TURNPWD=$(pwgen -s 64 1)
+    sed -i "s/#tls-listening-port=5349/tls-listening-port=3478/" /app/data/turnserver.conf
+    sed -i "s/#realm=mycompany.org/realm=${APP_DOMAIN}/" /app/data/turnserver.conf
+    sed -i "s/#lt-cred-mech/lt-cred-mech/" /app/data/turnserver.conf
+    sed -i "s/#use-auth-secret/use-auth-secret/" /app/data/turnserver.conf
+    sed -i "s/#lt-cred-mech/lt-cred-mech/" /app/data/turnserver.conf
+    sed -i "s/#static-auth-secret=.*/static-auth-secret=${TURNPWD}/" /app/data/turnserver.conf
+    sed -i "s/#turn_uris: .*/turn_uris: [\"turn:${APP_DOMAIN}:${TURN_TLS_PORT}?transport=udp\", \"turn:${APP_DOMAIN}:${TURN_TLS_PORT}?transport=tcp\"]/" homeserver.yaml
+    sed -i "s/#turn_shared_secret: .*/turn_shared_secret: \"${TURNPWD}\"/" homeserver.yaml
+    sed -i "s/#cipher-list=.*/cipher-list=\"HIGH\"/" /app/data/turnserver.conf
+    sed -i "s/#log-file=.*/log-file=\/run\/turn_log\/turn.log/" /app/data/turnserver.conf
+
+
+    # get cert names from synapse
+    TLS_CRT=$(ls *.tls.crt)
+    TLS_KEY=$(ls *.tls.key)
+    #TLS_DH=$(ls *.tls.dh)
+    sed -i "s,#cert=.*,cert=/app/data/synapse/${TLS_CRT}," /app/data/turnserver.conf
+    sed -i "s,#pkey=.*,pkey=/app/data/synapse/${TLS_KEY}," /app/data/turnserver.conf
+    #sed -i "s,#dh-file=.*,dh-file=/app/data/synapse/${TLS_DH}," /app/data/turnserver.conf
+
+    # set up email
+    sed -i 's/#email:/email:/' homeserver.yaml
+    sed -i 's/#   enable_notifs: false/   enable_notifs: true/' homeserver.yaml
+    sed -i 's/#   smtp_host: \"localhost\"/   smtp_host: \"${MAIL_SMTP_SERVER}\"/' homeserver.yaml
+    sed -i 's/#   smtp_port: .*/   smtp_port: ${MAIL_SMTP_PORT}/' homeserver.yaml
+    sed -i 's/#   smtp_user: \"exampleusername\"/   smtp_user: \"${MAIL_SMTP_USERNAME}\"/' homeserver.yaml
+    sed -i 's/#   smtp_pass: \"examplepassword\"/   smtp_pass: \"${MAIL_SMTP_PASSWORD}\"/' homeserver.yaml
+    sed -i 's/#   require_transport_security: False/   require_transport_security: false/' homeserver.yaml
+    sed -i "s/#   notif_from: .*/   notif_from: \"Your Friendly Matrix Home Server <${MAIL_FROM}>\"/" homeserver.yaml
+    sed -i 's/#   app_name: Matrix/   app_name: Matrix/' homeserver.yaml
+    sed -i 's/#   notif_template_html: .*/   notif_template_html: notif_mail.html/' homeserver.yaml
+    sed -i 's/#   notif_template_text: .*/   notif_template_text: notif_mail.txt/' homeserver.yaml
+    sed -i 's/#   notif_for_new_users: True/   notif_for_new_users: True/' homeserver.yaml
+
+    sed -i "s,#tls_fingerprints:.*,tls_fingerprints: [{sha256: \"${TLS_FINGERPRINT}\"}]," homeserver.yaml
+
+
+fi
+
+# logs
+mkdir -p /run/nginx_log /run/synapse /run/turn_log
+
+# fix permissions
+chown -R www-data.www-data /run/synapse /run/turn_log /app/data
+cd /app/data/synapse
+
+# check if TURN port has changed and update it
+if [ -z ${TURN_TLS_PORT+x} ]; then TURN_TLS_PORT="3478"; fi
+sed -i "s/turn_uris: .*/turn_uris: [\"turn:${APP_DOMAIN}:${TURN_TLS_PORT}?transport=udp\", \"turn:${APP_DOMAIN}:${TURN_TLS_PORT}?transport=tcp\"]/" homeserver.yaml
+sed -i "s/tls-listening-port=.*/tls-listening-port=${TURN_TLS_PORT}/" /app/data/turnserver.conf
+
+# check if certificate changed and update fingerprint
+TLS_FINGERPRINT=$(openssl s_client -connect ${APP_DOMAIN}:${TURN_TLS_PORT} < /dev/null 2> /dev/null | openssl x509 -outform DER | openssl sha256 -binary | base64 | tr -d '=')
+sed -i "s,^tls_fingerprints:.*,tls_fingerprints: [{sha256: \"${TLS_FINGERPRINT}\"}]," homeserver.yaml
+
+gosu www-data turnserver -c /app/data/turnserver.conf --daemon -v
+
+# update user and pass in case they changed
+sed -i "s/ user: .*/ user: ${POSTGRESQL_USERNAME}/" homeserver.yaml
+sed -i "s/ password: .*/ password: ${POSTGRESQL_PASSWORD}/" homeserver.yaml
+sed -i "s/ database: .*/ database: ${POSTGRESQL_DATABASE}/" homeserver.yaml
+sed -i "s,         uri: .*,         uri: \"${LDAP_URL}\"," homeserver.yaml
+
+#update email settings in case they changed
+sed -i "s/   smtp_host:.*/   smtp_host: \"${MAIL_SMTP_SERVER}\"/" homeserver.yaml
+sed -i "s/   smtp_port:.*/   smtp_port: ${MAIL_SMTP_PORT}/" homeserver.yaml
+sed -i "s/   smtp_user:.*/   smtp_user: \"${MAIL_SMTP_USERNAME}\"/" homeserver.yaml
+sed -i "s/   smtp_pass:.*/   smtp_pass: \"${MAIL_SMTP_PASSWORD}\"/" homeserver.yaml
+
+gosu www-data python3 -m synapse.app.homeserver --config-path homeserver.yaml &> /dev/null &
+
+exec /usr/sbin/nginx -g 'daemon off;'