Loading... <div class="tip share">请注意,本文编写于 152 天前,最后修改于 3 天前,其中某些信息可能已经过时。</div> # 前言 <div class="tip inlineBlock error"> 已重写安装教程,如需查看,请点击下方卡片传送门前往 </div> <div class="preview"> <div class="post-inser post box-shadow-wrap-normal"> <a href="https://capiry.life/recording/293.html" target="_blank" class="post_inser_a no-external-link no-underline-link"> <div class="inner-image bg" style="background-image: url(https://capiry.life/usr/uploads/2024/05/2555920813.png);background-size: cover;"></div> <div class="inner-content" > <p class="inser-title">支持端到端加密!打造自己专属的去中心化即时聊天室!|自由畅聊,用Matrix!匿名、安全、功能丰富</p> <div class="inster-summary text-muted"> 前言不知道写什么....之前搭建这个纯属为了保留一些有趣的内容,或是传一下链接、文件什么的搭建的......原本的... </div> </div> </a> <!-- .inner-content #####--> </div> <!-- .post-inser ####--> </div> 本文是利用 Ansible 和 Docker 的层面上手动搭建的,对于细节控制或是扩展性要求不高的同学可以直接参考 [Ansible Playbook](https://github.com/spantaleev/matrix-docker-ansible-deploy) 一键部署。 ## 项目前置 * 仓库地址:[/spantaleev/matrix-docker-ansible-deploy](https://github.com/spantaleev/matrix-docker-ansible-deploy) * 最低1H1G服务器吧差不多(本文基于2H2G服务器搭建) * Ubuntu 22.04 64 Bit(我在用的,你可以用别的,但是要把一些命令自行替换,这里不教) * python3(Ubuntu 22.04内置) * docker * git * just * 域名 * DNS解析 * 防火墙端口 * 宝塔/或其他面板(可有可无) ## 再前言 本文是依靠 **Traefik反向代理(内置) + 宝塔网站反代(外置)** 进行代理访问的,如果不想使用宝塔反代,或是完全依靠宝塔反代请在对应步骤自行研究官方文档操作修改 官方问题解答文档:[常见问题解答](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/faq.md) ## 开始安装 ### 项目环境 #### 安装/重装系统 自行前往服务器管理界面 新装/重装 系统为: * Ubuntu 22.04(本文推荐) * Ubuntu 20.04([可能有问题](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md#supported-ansible-versions)) * Ubuntu 18.04 * CentOS (目前仅支持 7;[尚不支持 8](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/300)) * Debian(10/Buster 或更新版本) * ArchLinux 安装完Ubuntu 22.04后,使用ssh连接然后输入:`sudo apt update` #### 安装宝塔 **自行百度**安装教程 必装 **Nginx、Docker管理器**,其他按需安装即可 #### 安装python3 理论上如果你装的是 Ubuntu 22.04 ,那么应该是有内置的 `python3` ,如果没有请**自行百度**安装 查看python3版本,出现如下信息就是有这个,没出现就是没有这个 ``` python3 -V Python 3.10.4 ``` 然后检查有没有安装 pip ``` pip3 Command 'pip3' not found ``` 这就是没有 pip ,所以安装一下(其他系统请**自行百度**安装): ``` apt install python3-pip # 中间会让你输入 Y/n 来确定是否安装,直接回车键确认或是输入 Y 回车即可,不想安装就输入 n # 安装完成后确认一下 pip 的版本 pip -V pip 22.0.2 from /usr/lib/python3/dist-packages/pip (python 3.10) ``` #### 安装 Ansible ``` pip install ansible # 检查版本 ansible --version ansible [core 2.16.2] ...... ``` 最低版本为: * ansible-core:2.11.7 * ansible:4.10.0 基本上这个命令装完就是最新版本,所以可以不用担心 当然你也可以用docker来安装这个,具体教程**自行百度** #### 安装 just 将 `just` 安装至 `~/bin` 目录下(可自行更改安装): ``` # create ~/bin mkdir -p ~/bin # download and extract just to ~/bin/just curl --proto '=https' --tlsv1.2 -sSf https://just.systems/install.sh | bash -s -- --to ~/bin # add `~/bin` to the paths that your shell searches for executables # this line should be added to your shells initialization file, # e.g. `~/.bashrc` or `~/.zshrc` export PATH="$PATH:$HOME/bin" # just should now be executable just --help ``` PS:如果你重开了 ssh 会话,请重新执行命令 #### 配置DNS | 类型 | Host | 优先事项 | Weight | 端口 | 目标 | | ---------- | ----------- | ---------- | -------- | ------ | ------------------------ | | A | `matrix` | - | - | - | `matrix-server-IP` | | 别名记录 | `element` | - | - | - | `matrix.` | <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-ae571ea54d67540b161dca19aeba84d127" aria-expanded="true"><div class="accordion-toggle"><span style="">可选服务/功能的 DNS 设置</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-ae571ea54d67540b161dca19aeba84d127" class="collapse collapse-content"><p></p> | 可选组件 | 类型 | Host | 优先级 | Weight | 端口 | 目标 | | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | -------------------------------- | -------- | -------- | ------ | ----------------------------- | | [ma1sd](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook-ma1sd.md) identity server | SRV | `_matrix-identity._tcp` | 10 | 0 | 443 | `matrix.` | | [Dimension](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook-dimension.md) integration server | CNAME | `dimension` | - | - | - | `matrix.` | | [Jitsi](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook-jitsi.md) video-conferencing platform | CNAME | `jitsi` | - | - | - | `matrix.` | | [Prometheus/Grafana](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook-prometheus-grafana.md) monitoring system | CNAME | `stats` | - | - | - | `matrix.` | | [Go-NEB](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook-bot-go-neb.md) bot | CNAME | `goneb` | - | - | - | `matrix.` | | [Sygnal](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook-sygnal.md) push notification gateway | CNAME | `sygnal` | - | - | - | `matrix.` | | [ntfy](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook-ntfy.md) push notifications server | CNAME | `ntfy` | - | - | - | `matrix.` | | [Etherpad](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook-etherpad.md) collaborative text editor | CNAME | `etherpad` | - | - | - | `matrix.` | | [Hydrogen](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook-client-hydrogen.md) web client | CNAME | `hydrogen` | - | - | - | `matrix.` | | [Cinny](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook-client-cinny.md) web client | CNAME | `cinny` | - | - | - | `matrix.` | | [SchildiChat](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook-client-schildichat.md) web client | CNAME | `schildichat` | - | - | - | `matrix.` | | [wsproxy](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook-bridge-mautrix-wsproxy.md) sms bridge | CNAME | `wsproxy` | - | - | - | `matrix.` | | [Buscarron](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook-bot-buscarron.md) helpdesk bot | CNAME | `buscarron` | - | - | - | `matrix.` | | [Postmoogle](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook-bot-postmoogle.md)/[Email2Matrix](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook-email2matrix.md) email bridges | MX | `matrix` | 10 | 0 | - | `matrix.` | | [Postmoogle](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook-bot-postmoogle.md) email bridge | TXT | `matrix` | - | - | - | `v=spf1 ip4: -all` | | [Postmoogle](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook-bot-postmoogle.md) email bridge | TXT | `_dmarc.matrix` | - | - | - | `v=DMARC1; p=quarantine;` | | [Postmoogle](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook-bot-postmoogle.md) email bridge | TXT | `postmoogle._domainkey.matrix` | - | - | - | get it from`!pm dkim` | <p></p></div></div></div> ### 项目配置 #### 获取源代码 转到你想要安装的目录下,拉取该项目代码: ``` cd /www git clone https://github.com/spantaleev/matrix-docker-ansible-deploy.git cd matrix-docker-ansible-deploy ``` 之后的所有步骤都将在`matrix-docker-ansible-deploy`目录下执行! #### 配置项目 这里以`matrix.example.com`举例,自行将`example.com`替换为你自己的根域名 ``` mkdir inventory/host_vars/matrix.example.com cp examples/vars.yml inventory/host_vars/matrix.example.com/vars.yml cp examples/hosts inventory/hosts ``` ##### 修改 vars.yml 文件 文件目录:`inventory/host_vars/matrix.example.com/vars.yml` <div class="tip inlineBlock warning"> 配置内如出现“XX位密码”,请自行使用命令“`pwgen -s 64 1`”来生成密码,用 XX 替换 64 如果出现没有命令,使用命令“`apt install pwgen`”来安装 </div> 需要修改的配置如下: ``` matrix_domain: example.com matrix_homeserver_generic_secret_key: '64位密码' devture_postgres_connection_password: '20位密码' ``` **新增配置内容:** 1、使用内置反代搭配外置反代访问: <div class="tip inlineBlock warning"> 如果想要完全使用内置反代,或是完全自行反代请参考该文章:[使用您自己的网络服务器,而不是本剧本的默认反向代理](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook-own-webserver.md) </div> ``` # Ensure that public urls use https matrix_playbook_ssl_enabled: false # Disable the web-secure (port 443) endpoint, which also disables SSL certificate retrieval devture_traefik_config_entrypoint_web_secure_enabled: false # If your reverse-proxy runs on another machine, consider using `0.0.0.0:81`, just `81` or `SOME_IP_ADDRESS_OF_THIS_MACHINE:81` devture_traefik_container_web_host_bind_port: '127.0.0.1:81' # We bind to `127.0.0.1` by default (see above), so trusting `X-Forwarded-*` headers from # a reverse-proxy running on the local machine is safe enough. # devture_traefik_config_entrypoint_web_forwardedHeaders_insecure: true # Or, if you're publishing the port (`devture_traefik_container_web_host_bind_port` above) to a public network interfaces: # - remove the `devture_traefik_config_entrypoint_web_forwardedHeaders_insecure` variable definition above # - uncomment and adjust the line below devture_traefik_config_entrypoint_web_forwardedHeaders_trustedIPs: ['127.0.0.1'] # Likewise (to `devture_traefik_container_web_host_bind_port` above), # if your reverse-proxy runs on another machine, consider changing the `host_bind_port` setting below. devture_traefik_additional_entrypoints_auto: - name: matrix-federation port: 8449 host_bind_port: '127.0.0.1:8449' config: {} # If your reverse-proxy runs on another machine, remove the config above and use this config instead: # config: # forwardedHeaders: # insecure: true # # trustedIPs: ['IP-ADDRESS-OF-YOUR-REVERSE-PROXY'] ``` 2、如果你刚才在宝塔安装了 Docker 请添加以下命令: ``` matrix_playbook_docker_installation_enabled: false ``` 3、如果你不想和其他服务器的人聊天,请使用以下命令来关闭该功能: ``` matrix_synapse_federation_enabled: false ``` 如果你想和朋友搭建的服务器互相访问,可使用白名单: ``` matrix_synapse_federation_domain_whitelist: - example.com - another.com ``` 4、如果你想要使用后台来管理当前服务器的用户及房间等内容,可开启管理端: ``` matrix_synapse_admin_enabled: true ``` 访问路径:`https://matrix.example.com/synapse-admin/` 5、其他组件内容请自行查看官方文档安装:[组件列表](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook.md) ##### 修改 hosts 文件 文件目录:`/inventory/host` 完整内容: ``` matrix.example.com ansible_host=服务器IP ansible_ssh_user=root ansible_connection=local ansible_python_interpreter=/usr/bin/python3 ``` ##### 启动项目 <div class="tip inlineBlock warning"> 在**安装之前**以及将来**每次更新配置**时,都需要使用 `just roles` 命令! </div> 因我们这里是全新安装,所以就不贴其他安装方式了,有需求的可看官方文档:[安装文档](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/installing.md) 全新安装命令: ``` ansible-playbook -i inventory/hosts setup.yml --tags=install-all,ensure-matrix-users-created,start --ask-pass -vvv ``` <div class="tip inlineBlock info"> 添加`--ask-pass`后,首先会询问你当前服务器ssh连接的密码,如果你使用的是私钥,你可能需要替换成`--ask-become-pass` </div> 最后修改:2024 年 05 月 17 日 © 允许规范转载 赞 如果觉得我的文章对你有用,请随意赞赏