注意:此文章已存档
参考 #
- https://element-hq.github.io/dendrite/installation/docker/install
- https://element-hq.github.io/dendrite/installation/domainname
- https://element-hq.github.io/dendrite/installation/planning#reverse-proxy
- https://element-hq.github.io/dendrite/administration/createusers
安装 #
我使用 docker compose 来安装 Dendrite
Dendrite 提供了一个 示例 Docker Compose 文件,需要进行一些准备才能成功启动。请注意,此 Compose 文件仅具有 Postgres 作为依赖项,并且您需要配置反向代理。
services:
postgres:
hostname: postgres
image: postgres:15-alpine
restart: always
volumes:
# This will create a docker volume to persist the database files in.
# If you prefer those files to be outside of docker, you'll need to change this.
- dendrite_postgres_data:/var/lib/postgresql/data
environment:
POSTGRES_PASSWORD: itsasecret
POSTGRES_USER: dendrite
POSTGRES_DATABASE: dendrite
healthcheck:
test: ["CMD-SHELL", "pg_isready -U dendrite"]
interval: 5s
timeout: 5s
retries: 5
networks:
- internal
monolith:
hostname: monolith
image: ghcr.io/element-hq/dendrite-monolith:latest
ports:
- 8008:8008
- 8448:8448
volumes:
- ./config:/etc/dendrite
# The following volumes use docker volumes, change this
# if you prefer to have those files outside of docker.
- dendrite_media:/var/dendrite/media
- dendrite_jetstream:/var/dendrite/jetstream
- dendrite_search_index:/var/dendrite/searchindex
depends_on:
postgres:
condition: service_healthy
networks:
- internal
restart: unless-stopped
networks:
internal:
attachable: true
volumes:
dendrite_postgres_data:
dendrite_media:
dendrite_jetstream:
dendrite_search_index:
# Sample Caddyfile for using Caddy in front of Dendrite.
#
# Customize email address and domain names.
# Optional settings commented out.
#
# BE SURE YOUR DOMAINS ARE POINTED AT YOUR SERVER FIRST.
# Documentation: https://caddyserver.com/docs/
#
# Bonus tip: If your IP address changes, use Caddy's
# dynamic DNS plugin to update your DNS records to
# point to your new IP automatically:
# https://github.com/mholt/caddy-dynamicdns
#
# Global options block
{
# In case there is a problem with your certificates.
# email example@example.com
# Turn off the admin endpoint if you don't need graceful config
# changes and/or are running untrusted code on your machine.
# admin off
# Enable this if your clients don't send ServerName in TLS handshakes.
# default_sni example.com
# Enable debug mode for verbose logging.
# debug
# Use Let's Encrypt's staging endpoint for testing.
# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
# If you're port-forwarding HTTP/HTTPS ports from 80/443 to something
# else, enable these and put the alternate port numbers here.
# http_port 8080
# https_port 8443
}
# The server name of your matrix homeserver. This example shows
# "well-known delegation" from the registered domain to a subdomain,
# which is only needed if your server_name doesn't match your Matrix
# homeserver URL (i.e. you can show users a vanity domain that looks
# nice and is easy to remember but still have your Matrix server on
# its own subdomain or hosted service).
example.com {
header /.well-known/matrix/* Content-Type application/json
header /.well-known/matrix/* Access-Control-Allow-Origin *
respond /.well-known/matrix/server `{"m.server": "matrix.example.com:443"}`
respond /.well-known/matrix/client `{"m.homeserver": {"base_url": "https://matrix.example.com"}}`
}
# The actual domain name whereby your Matrix server is accessed.
matrix.example.com {
# Set localhost:8008 to the address of your Dendrite server, if different
reverse_proxy /_matrix/* localhost:8008
}
生成私钥 #
首先我们将生成私钥,用于对事件进行签名,下面将在 ./config 中创建一个私钥:
mkdir -p ./config
docker run --rm --entrypoint="/usr/bin/generate-keys" \
-v $(pwd)/config:/mnt \
ghcr.io/element-hq/dendrite-monolith:latest \
-private-key /mnt/matrix_key.pem
执行完这些命令后,生成的私钥文件 matrix_key.pem 将会保存在当前目录下的 config 目录中。
(注意:这只需执行一次,否则您将覆盖密钥)
生成配置 #
与上面的命令类似,我们可以生成一个要使用的配置,它将使用示例 docker-compose 文件中指定的正确路径。根据您对 docker-compose 文件的更改( services.postgres.environment 值),更改 server 为您的域还有 db :
mkdir -p ./config
docker run --rm --entrypoint="/bin/sh" \
-v $(pwd)/config:/mnt \
ghcr.io/element-hq/dendrite-monolith:latest \
-c "/usr/bin/generate-config \
-dir /var/dendrite/ \
-db postgres://dendrite:itsasecret@postgres/dendrite?sslmode=disable \
-server YourDomainHere > /mnt/dendrite.yaml"
执行完这些命令后,生成的配置文件 dendrite.yaml 将会保存在当前目录下的 config 目录中。
注意:请为数据库设置强度比较大的密码:
设置 postgres://dendrite:itsasecret@postgres/dendrite?sslmode=disable 中的 itsasecret 。
然后您可以根据自己的喜好更改 config/dendrite.yaml 。
注意:
server是委派域(即 example.org )
启动Dendrite #
完成配置更改后,你现在可以启动 Dendrite:
docker-compose -f docker-compose.yml up
设置域 #
您必须将所有路径反向代理到您的 Dendrite 服务器。例如,使用 Caddy:
reverse_proxy /_matrix/* localhost:8008
委派 #
委派允许您指定可访问 Dendrite 安装的服务器名称和端口,或者将 Dendrite 服务器托管在与委派域不同的服务器名称上。
委派的例子(以Caddy为例):
handle /.well-known/matrix/server {
header Content-Type application/json
header Access-Control-Allow-Origin *
respond `{"m.server": "matrix.example.com:8448"}`
}
handle /.well-known/matrix/client {
header Content-Type application/json
header Access-Control-Allow-Origin *
respond `{"m.homeserver": {"base_url": "https://matrix.example.com:8448"}}`
}
管理 #
注意:要求启用共享密钥注册,注册完账户后可以将 registration_shared_secret 字段留空以再次禁用共享密钥注册
要启用共享密钥注册,您必须首先在 dendrite.yaml 配置文件中通过指定共享密钥来启用它。在 client_api 配置部分中,在 registration_shared_secret字段 中输入新密钥:
client_api:
# ...
registration_shared_secret: ""
创建账户:( CONTAINERNAME 使用 docker ps 获得)
普通账户:
docker exec -it CONTAINERNAME /usr/bin/create-account -config /path/to/dendrite.yaml -username USERNAME
管理员账户:
docker exec -it CONTAINERNAME /usr/bin/create-account -config /path/to/dendrite.yaml -username USERNAME -admin
/path/to/dendrite.yaml为容器内的路径
Admin APIs #
注意:有些 API 是 Dendrite 特有的,并没有经过反代,因此可能需要在服务器上进行操作或者将其反代
access_token可以通过登陆 Element Web 获取:Settings -> Help & About -> Advanced -> Access Token
要求为管理员,管理员可以管理本地账户(只要是在本地的账户,不论是否是管理员)
详见:https://element-hq.github.io/dendrite/administration/adminapi
更新 #
sudo docker compose down
sudo docker compose pull
sudo docker compose up -d
清理存储 #
目前已知有以下卷的删除不会影响涉及用户账户的有无:
- dendrite_media
- dendrite_jetstream
- dendrite_search_index
个人的配置 #
- docker compose 不必映射 8448