Protect Your Privacy! Use Matrix: A Self-Hosted, E2E Encrypted, Alternative to WhatsApp and Signal

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey everybody and welcome to Jim's Garage today I've got an exciting video for you we're going to be replacing things like WhatsApp and signal with our own self-hosted end-to-end encrypted decentralized chat server and did I say chat server well it does a hell of a lot more than that not only does it do chat and text it can do video recording conferencing it can do collaboration and a whole host more through a number of extensible plugins now you might be raising your eyebrows and thinking what's this guy talking about this is too good to be true well I was in your shoes and I've been using this tool for a number of years now and I must say that for you watching this video you're likely the one that's going to be setting up this server so I'm going to talk you through all of the processes of getting this done and the great news is for the people that are probably less tech savvy there are a whole load of applications that are friendly with a native UI there are applications for Android iOS and major desktop distributions such as Ubuntu Windows Apple Etc and failing that you can even access this directly through a web browser so what am I talking about well today we're going to be implementing synapse what signups synapse is a Home Server implementation for the Matrix protocol now the Matrix protocol is an open source end-to-end encrypted protocol that's highly extensible I won't go into too much detail about that and synapse is basically an open source implementation of this protocol so a bit like we saw with head scale and tail scale is kind of the same thing so by the end of this video you're going to have a replacement for all of your messaging applications that you host yourself so no longer do we have to rely on any third-party infrastructure we can host this all ourselves now I totally get it there have been a number of audits and Security reviews around the signal protocol which is used by WhatsApp and signal and to my knowledge there's been no known vulnerability and I'm not saying that there's anything wrong with using those Services I've been using them myself but this is home lab right and we want to do things ourselves we want to be self-hosted so like all my videos I'm going to run through some of the core features of synapse and the Matrix protocol I'm going to provide you with a review of the config I'm going to show you exactly what everything does we're then going to walk through the deployment steps and then we're going to have a look at setting up synapse once it's been deployed and there's a little extra I'm going to set up my own Matrix server and when you've got yours configured you can connect to mine and you can drop a little message in there just so I know you've done it so jumping into our feature review as I said this is based upon Matrix so what's Matrix well as you can see on the screen it's an open source Network for secure decentralized communication but effectively the way that Matrix and synapse work is a bit like active directory and other Federation services so people have their own home server and you authenticate through your server but because of Federation you're able to log into other servers with your identification validated Through Your Home Server now I appreciate that might be complicated so a good analogy would be things like when you go to Instagram for example you can log in through Google now that's because there's Federation in place Instagram trusts Google to know who you are so you can log in through Google and it will pull your profile and be able to log you into Instagram not a Perfect Analogy but I hope you kind of get the idea of what's going on here so when you spin up your server and hopefully by the end of this video you'll log into my server and send me a message you will be authenticating with your server I will trust your server has authenticated you and then you'll be able to leave a message and I know that you are you that's kind of the gist as I mentioned this is built around Communications and is set up to be a complete replacement for all of your chat text voice whatever it is need it really is a slick Communications protocol now this is a protocol so what does that mean well think of this as the engine in the car this is what's under the hood and makes you go forward it's what drives the vehicle but it's not sort of the fancy wrap of the Bodywork on top of it so that's kind of where synapse comes in and the clients that go on top of that so before I get onto that we'll just run through a few more of these features and hopefully here you can start to see what this is going to look like now the really cool thing about Matrix being a protocol is there are lots of wrappers or implementations that go on top of this so I think there's something like 10 or 15 popular chat clients for this and we'll have a look at those in a minute but what does that mean well it gives you the flexibility to basically customize your experience with synapse and the Matrix protocol so as you can see on screen there is a video conference call that's going on which looks pretty much exactly like any other of the big players so things like Zoom or teams or Google Chat and that's exactly what you're going to be able to do with Matrix signups so if we hop into the mission statement of Matrix that marries up with pretty much everything I've already said it's an open protocol for decentralized secure Communications and they believe that people should have full control of their own communication should not be locked into centralized communication silos this is kind of where we're trying to break away from the WhatsApp and signal ability to converse securely and private is a basic human right so as I mentioned this is end-to-end encrypted and it should be available to everyone free and open unencumbered standard and a Global Network so basically this is open to whoever you want it to be and you would configure that like you would any other internet-facing application in your home lab now if we head over to the clients as I mentioned we're going to be setting up a server which will implement the Matrix protocol but to communicate with that server you're going to need a client so this will be pretty much what everybody on your server will use so I'm thinking for all the mums and dads and the the techulator out there WhatsApp works well signal works well it's really convenient and easy to use but as I said the exact same thing can be said for Matrix synapse so if you look on the Matrix website they've got a few featured clients here and there are a whole host more and you can have a look through here choose which one you like and the user experience will be slightly different but the majority of the features under the HUD will be exactly the same and you'll get all the benefits of end-to-end encryption decentralization Etc this is very much just the presentation layer how you're going to interact with the server my favorite is element and I've been using that for a number of years now it seems to be the most feature-rich the most heavily supported and it has probably the greatest number of applications for all of your distributions so if you have a quick look at element you can see that it's supported on Windows Mac available in your browser on Android on iOS and probably a few others and if we quickly head over to their website it's really simple to get up and running now you can sign in here and you can join the matrix.org server which is basically an open server that is hosted by matrix themselves but we can configure this by clicking edit and we can log into our own home server and as I said this is all driven through the web browser so you haven't even needed to download an application now we're going to get onto this later so I don't want to get ahead of ourselves but it's really straightforward to get this up and running and anyone who's able to use a computer basically can get onto your server with very little technical know-how they're simply going to need to have a username and a password and if they're using the mobile application for this once you're logged in you can use Simple Biometrics to log in so it should behave like any of the messaging apps that you're used to so now we've had a brief overview of the Matrix protocol on what they're trying to achieve and we've looked at some of the clients so you have a feel for what this is going to look like let's jump into what we're actually going to deploy now and that's synapse so remember this is the Home Server that uses the Matrix protocol and we're going to use a client to connect to this Home Server by the end of this video now synapse don't have a nice fancy website like Matrix does or element but it's a very well supported project that's been around for a number of years and has Integrations implementations throughout the world I know people that have been using this for many years now including myself so scrolling down we can see that synapse is an open source Matrix Home Server written and maintained by matrix.org great and it's been around since 2014 with the first major release coming out in 2019 so as I said basically nine years worth of development have gone into this and some of the people that are involved in this are leading academics leading cryptologists Etc so you can have some confidence and reassurance that this is a robust and secure solution so to deploy this it's really straightforward board and if you've been following my previous videos we don't really have to change very much to our existing infrastructure we're going to be using our existing traffic proxy which should already be configured to expose SSL Port 443 to the internet and that's all we need to get Matrix synapse up and running now there is support for any of the major proxy providers and you can find that documentation on the website I'm going to focus today on traffic just because that's the proxy I use and I think it's one of the better proxies for a containerized environment but once we've got through the proxy configuration the actual setup of the server and connecting clients should be the same regardless of what proxy you're using now the deployment of Matrix synapse is quite straightforward and I'll talk you through that but the important bit is we have to do this in a step-by-step process there are certain things that you need to do before you can do the next step so go and grab a coffee we're going to go through this now and hopefully we'll have you up and running with Matrix synapse in about five minutes so before we jump into the configuration review and deployment I just want to go over the steps that we need to do first in order to get this working now this chiefly revolves around creating a configuration file before we do the deployment now we're going to have to mount this configuration file via a volume in our Docker compose but it's pretty straightforward so let's get on to that now now there's a couple of things that we need to do first we need to run the command that's on the middle of the screen here and we can pass it a few variables by default you only really need to tweak two of those and that is your server name and whether or not you want to report stats I'm going to assume no you don't want to I'm also going to tweak it slightly to add in our Ubuntu user and that will be handy later on because we'll want to be able to edit our config file without having to change users all the time more on that later so if we start by logging into our Docker machine in we're going to run the command that was in the previous window to generate that configuration file now I'm going to leave a copy of all of these steps and the commands that you need to run in my GitHub so feel free to go and have a look at those and just tweak them to your setup so the First Command that we need to run is the following now what does this do we haven't done this before so what this is going to do is pull the synapse image and then run the command that we've specified and this will generate the configuration file now I recommend you go and read the documentation that I showed earlier but effectively it's going to spit out a configuration file into the slash 4 Docker Libs folder and we're then going to want to copy that folder back into the directory where we're going to mount it in our locker compose file don't worry if that sounds complicated it's pretty straightforward and I'll show you now so the bit to take note of when we're generating this configuration file is to pass through the server name for your synapse so in my instance it's matrix.gymsgarage dot Co dot UK now you want to change this to something like Matrix dot your subdomain.tld so go ahead and do that and decide whether or not you want to use stats and then simply hit return when we hit return it's going to go and pull that image and then it's going to run that command and hopefully we should have a copy of the configuration file in the location it's specified in the instructions the good news is that whilst it's pulling this image we're going to use the same image again when we actually deploy it for real so everything looks okay there so let's jump into the location specified and just double check what's going on now because we run that command as root we can't actually get to where this folder is because it's a privileged folder so we need to escalate into root to be able to access but we're going to copy that file back to our home directory and we're going to change the ownership of it so that we can edit it with our standard user that we log into our Docker host in this case it's my Ubuntu user so to do that I simply need to type sudo Dash I now you'll see in the bottom left hand corner that I'm now root at Docker so I should be able to go and access the location that's specified above and by default that location is the following we want to do CD for change directory and we want to paste slash 4 slash lib slash Docker slash volumes slash synapse data slash underscore data and hopefully if we run that command we should now be able to do an LS to list the files and we should see the configuration file and a couple of keys and there we go we have my home server.yaml which you'll find a copy of on my GitHub obviously I want you to go through this process to generate your own you can't just use mine and we'll find the signing key and the config so what we need to do now is copy these three files over to our home directory and that's really straightforward and so to do that we're going to use the copy command we're going to use the asterisk to specify we want to copy everything in this directory and we're going to copy it to the location we're going to use in our Docker compose volume mount in this case it's my home folder and slash Docker synapse so let's run this command and we can hop over to win SCP to give us a nice GUI to validate that that's worked so running that command let's hop into winscp so if I now refresh this I'm in the home Ubuntu Docker synapse location and there you can see I have the three files that we just copied over now the important part here is if we check the owners we can see that that's root which isn't going to allow us to edit it through the browser if I double click on one of these files for example it's going to show at me but if I try to edit it and then hit save I'm going to get a permissions problem so we want to change that and we need to make sure that when we run the docker container if we're going to run this as non-root it's not going to have access to edit any of these files so let's Rectify that now so to do that we simply need to again change directory to the folder we've just moved it to so in this case CD slash home slash Ubuntu slash Docker slash synapse and if I do an LS we can see those files here now we need to change these to a different user so how do we do that well we do a CH own for change owner we specify who we want to choose it to I.E the user and their group so in my case Ubuntu and Ubuntu and then we need to specify which files so in this case all files so I'm going to put an asterisk now that looks okay let's go and check so if we head back to win SCP and I hit the refresh button now it's changed that owner to Ubuntu so we should be able to open that with our Ubuntu user which is how I have winscp logged in IE a non-root user and we're able to open and edit those files which is great and it's also going to be the user we set for synapse so that we don't have to run this as a root so back in the terminal let's change our user back to being Ubuntu so as simple as Su and then Ubuntu and now you'll see that I'm back as Ubuntu at Docker so now that we have the configuration file generated we're going to want to edit that from the default because if you have a look through the setup for this by default it's going to use a SQL Lite database which we've used before in previous videos but it's probably not best suited especially if you're going to use this chat server with lots of users that database is going to be bloated pretty quickly and SQL Lite just isn't performant for large databases so for this we're going to use a postgres database and we've used that before so all we need to do is hop into the configuration file the home server.yaml and just specify that we're going to use an external database and once we've done that I'll hop into the docker compose file and I'll show you how we're going to deploy synapse and we're going to deploy the postgres container and you'll see how the two are linked so let's open up the home server.yaml and now that that's opened you can see that it's populated with some of the variables that we designated in the Run command so for example you can see that matrix.gymsgarage.co.uk was picked up which is what I specified and it's created the signing Keys which are associated with that server so that's all good so the bit I was talking about is here the database this is the part that we need to change so I'm going to change this from the SQL light to a postgres so I'll copy the code in from the website and then we'll tweak it to our config so let's do that now now thankfully this is really straightforward it's a simple copy paste and we just need to tweak it for our setup so overwrite this with the code in my GitHub and you can see that here we've specified that we're using psycho copy2g and we need to pass it some arguments now these should be pretty straightforward it's going to need a user and a password to access the database we need to specify which database within the database container we want to access and we need to specify where the database is located I.E its IP address thankfully with Docker this will be straightforward you can use a nice friendly name so let's save that and now we're going to head into the docker compose file because some of the variables we need to populate in this file are in the docker compose file now you can copy what I've got in there for the large part but you may wish to tweak this to run on different URLs different ports depending on what you've already got running you may have conflicts Etc so if you head over to my GitHub I've got the docker compose file there so let's take a look now as I mentioned this is going to be a multi-container deployment but it's only two containers it's the synapse container and the postgres container so let's have a look at the synapse one first now if you've been following some of my previous videos there's not a great deal different here we've specified the image the latest image we've set the configuration file to this path now this is the path inside the container so Don't Go Changing this to slash home slash Ubuntu Docker Etc this is where the file gets mounted inside that container the bit that you'll be thinking of is possibly down here in the volumes so you can see here that where we've got slash data Home Server yaml that is where we've just copied that home Ubuntu Docker synapse that's where we copied our home server.yaml file too so when we run this container our homeserver.yaml file is going to end up in that slash data folder which is exactly where it expects it I've also changed here in the environment variables for this container to run as user 1000 which by default will be your home user IE non-root so that's why we change the ownership of all of those files previously the next part is we're going to specify a depends on so this means this container will only run if the database is running now obviously that's a good idea because if we don't have the database all of our messages all of our users all the secret Keys Etc they won't be available so we want to check before this spins up that the database is ready and accessible the next part is this is the first time in our series we're going to have a dual network setup so what does this mean well we specified the proxy which is the network that our traffic reverse proxy is running on so as we're going to be accessing this through the proxy with SSL and all that good stuff it needs to be on the proxy network but the database doesn't need to be on the proxy Network so we've created a new one just called synapse and you'll see that when we go through the database container in a moment we only need to specify synapse so that means that no other containers within Docker can access the database it's only containers on that synapse Network which in this instance is just the sign up server now if you're not using a proxy for this you can expose it directly to the web and there's instructions for how to generate TLS certificates but I'm not going to do that because we've gone through the process of setting up a proper reverse proxy with SSL certificates so we're going to use the standard approach of specifying the traffic labels and you'll just need to tweak these to your domains now the important bit is it runs on Port 8008 by default which is actually the HTTP Port but we don't need to worry about that because our reverse proxy is going to be doing all of the SSL termination for us so now that we've gone through that everything looks okay the next bit is to go through the synapse database now this one again isn't too complicated there's nothing too different here from anything we've done previously however there is a command that we need to make sure and I'll talk you through that in a moment so for this we're simply downloading postgres version 15. we've specified the postgres user so synapse user now if you cast your mind back a couple of minutes we were in the config file for the homeserver.yaml and it had things like postgres user password database so these are what we need to copy now into your homeserver.yaml do make sure that you change the password don't use the one that I've got do use something unique and you can just generate a random string mash the keyboard or if you saw my Vault Warden video you can use the generator in there to generate you a long complex password the final part here is the database in it so initiation arguments and we're going to say that it's encoding utf-8 and there's a couple of other commands here that need to be run lastly we've got the volume so this is where postgres is going to store all of its data on our Docker host and we're going to expose this on Port 5432 change this to something that doesn't conflict with your environment if you need to and we're going to stick it on the synapse Network so that synapse can access this via the friendly name of synapse-db so now that we've gone through the docker compose file let's hop back into that server.yaml file and make the necessary adjustments so heading back into the home server.yaml file let's copy and paste over some of those values so the first one we need to change is the user and if we look down here in the docker compose file we'll see that it's just synapse underscore user so let's enter that next we're going to do the password so in this instance it's this password here we're going to copy and paste that into the password section the database I've just called mine synapse so again we put the name synapse and the host if you cast your mind back to recent videos we can just put in synapse DB and Docker has its own internal DNS so it knows exactly the address that this container is running on so once you've done that you should have a config file that looks like this so go and hit save and the exciting news is we're now ready to hit the deployment so jumping back into our terminal let's navigate to where we have our Docker compose file stored once we've navigated there we're ready to spin up these containers so it's the same as always sudo Docker compose up Dash D and because we already have the image downloaded from when we generated our config file this should spin up straight away apart from downloading the database image so now that's completed let's go and check the logs just to make sure that everything's up and running I'm going to hop into portana for this just to make life easier so now that I'm in portina we can see that we've got synapse running and the database so let's check through the logs that the database is up and running here we can see that the database system is ready to accept connections that all looks good and if we hop into the synapse container hopefully we should see a similar story Yep this is great it's connected to the database it's doing a load of read and writes everything looks right so now we should be able to go and execute the URL to access our Matrix installation to do that you'll obviously need to add your matrix.yourdomain.com to your DNS resolver in my instance I'm using pi hole so I've simply added an internal DNS record there so I should now be able to go to matrix.jimsgarage.co.uk and be presented with the Matrix splash screen let's see if that's the case so hopefully if I hit return now I should be presented with the Matrix it works synapse is running message brilliant that's exactly what we wanted to do so for all intents and purposes our server is up and running but now we need to head over to the client to be able to connect to this but before we do that there's one last step in our processes and we need to create an administrator so let's go ahead and do that thankfully it's really simple to create our admin user we simply need to run this command now if you remember from previous videos we're doing a Docker execution here so we're executing a command by going into the Container so we're doing Docker exec you might need sudo before this so it would be pseudo Docker exec it so it's an interactive session we're saying synapse is the container we want to and we want to run the command register new Matrix User it's listening on its localhost at Port 8008 which we specified in the docker compose and the Home Server yaml is in that slash data folder so let's go ahead and run this and when we do it should take us through an interactive prompt to put in a username and a password so now it's asking me what do I want my name to be so I'm going to say gym it's going to ask for a password It'll ask you to confirm the password and then it's going to ask if you want to be an admin in this case I'm going to say yes I want my account to be an admin this gives me complete control over the server and most of it can be administrated through the UI so now that it's gone ahead it's created that registration request and it's come back with a success message brilliant so now we have everything in place to be able to go and access our server through the client now to make this super straightforward and just to demonstrate how easy this is I'm going to go to the element web browser implementation and just run it through the web browser but as I mentioned there are Standalone desktop applications for element and there are mobile applications and just to complicate things further you don't even have to use element there are a myriad of different clients out there go and have a look choose the one which you like the look of the most so now back onto the element page that I showed earlier in the video we want to hit sign in now we want to click edit because we're not connecting to matrix.org in this case I'm going to want to connect to matrix.jimsgarage.co.uk so if I click continue fingers crossed it shouldn't throw an error brilliant it's now going to ask me for a username and password so I'm going to put in the username and password that I just created in the command line so now with any look I'm going to log into my home server and just remember we're doing all of this through our web browser we haven't even had to install anything so hitting signing it's setting up the keys and voila we're into our own Home Server so we've now got complete access to do anything we want so you can enable things like desktop notifications if you want to do so you'll get a notification within your browser I'm going to say no to sending Anonymous information but that's up to you and now that we're logged in here as an admin user we can pretty much do anything so one of the things you'll want to do is obviously set up some chat rooms we can see that we don't have any people and we don't have any rooms so let's just create a new room so add a new room and I'll call this I don't know General chat it's currently set to be in a private room so this is an invite only we can change this to be a public room so anyone browsing your server will see this maybe for a general chat that's what you want or maybe you want a newcomers page and you would set that to be open and the general chat would be for people that you know and trust or have passed a registration process whatever it might be as I said you can pretty much do anything this can be a replacement for Discord it could be a replacement for WhatsApp telegram whatever you want it to be I'm going to enable end-to-end encryption and any of you familiar with signal and WhatsApp for example will have seen this before so this means that messages between you and the other user are end-to-end encrypted so nothing can intercept that traffic and read your message I'm now going to create that room and you can see that the room has been created I now get a handy link to invite people and that's pretty much it to creating rooms you can replicate this process to spin up new rooms new topics new forums Etc and you can invite people to This Server now that we've done this through the web browser I'm going to show you how to do it through the desktop application in this case I've simply downloaded the element chat client for Windows and I'm going to load that up now and show you how to log in the process is straightforward so this should look familiar I've loaded up the application I'm going to hit sign in I'm going to change that server again and I'm going to put in my Matrix server it's going to ask me to log in with my username and password again and once we've logged in it's going to ask us to verify this so you can see now in my browser it's saying was this you that's logging in so in the event of your account being compromised it's going to ask you to validate it a bit like if you sign into your Google account for example on a new machine so we're going to say yes that was me so now it's asked us whether we want to back up so I'm going to say yes just so you've got an idea of what's going on here and this backs up all of your security keys so all of those end-to-end encryption Keys such that if the server was lost and you had to rebuild it you could re-import these keys and then see all of your historic messages so we can generate a security key to encrypt our encryption keys or you could enter a passphrase that you want to use so I'm just going to use a passphrase I'm going to keep this really simple for this video but obviously you'd want to choose something that's long and complex and do keep a note of this in the event that you do lose your keys so sticking in a password and hitting continue it's going to ask us to confirm it and then hit continue again and here you can see that this is our security key so you want to keep this somewhere safe because it's used to encrypt all of your data so you can download this or copy it just make sure that you keep it somewhere safe maybe volt Warden would be the perfect solution for this go and check out my video if you haven't already so once that's done it's going to say that the backup was successful and hopefully we should now be able to hop back into our element desktop application and we're logged in so because it hit two minutes it actually timed out so let's verify that session again click Start and then it's going to give you a little challenge a bit like you get with capture for example so click the Emoji below that are displayed on both devices so I go back into this one and they match so let's click they match on both of them we get a tick got it head back to the element app and we're in and in the element app we know that this is working because there's the general chat room that we created earlier so let's just double check some of the functionality if I click on General chat can I send a message hello and let's check in the web browser behind hopefully we see the message we just sent by ourselves and there we go there's that message so you'll also notice that there's other functionality here that I mentioned earlier we can do photo and video calls so again a bit like WhatsApp and Signal you can use this to do video conferencing there is some additional configuration that you might need to do if you're doing multiple people and port forwarding Etc but I'm not going to cover that in this video we'll come back to that perhaps later down the line so this is all well and good we've got synapse up and running and we're able to send messages but unless you like talking to yourself we need to make some additional changes so that registration is enabled and new users can join it now you might want to just enable registration by default so anyone can come and join that might be fine or you just might want to open up registration and then turn it off or you can even use things like a one-time password so that users need a special token to be able to register on that first occasion and if you don't have that token you can't register so let's jump in now and create a new user and hopefully I'll be able to show that we'll have multiple users being able to talk to one another so the quick and dirty way to do this would simply to be to open up the terminal and go through the new user registration process again like so I'll create a new user let's call them Bob and we're not going to make Bob an admin that looks successful let's go and test that now we'll fire up an incognito browser we'll go to element we'll log into my server and then we'll log in as Bob so back in element we'll sign in we'll edit the server we'll change it to my home server we're going to log in as Bob hopefully this should sign in it has excellent so now we should be able to send a message to Jim so how do we do that well we click on send a direct message we're going to say at gym colon Matrix dot Jims garage dot Co dot UK and that should be a little hint as to how you can communicate from your home server to other Home servers and we'll come on to that in a little bit later so click on this it's a suggestion here's Jim we'll go okay and I can send my first message to Jim so let's say test now it's created a room with Jim and it's invited me in if I go now to my element server and I'm logged in here as Jim we can see that Bob has sent us a message so let's have a look firstly it's going to say do you actually want to start chatting to Bob it could be a spammer for example so we're going to say start chatting and there's the test message that we sent great everything seems to be working and now that we have two people configured we can do things like phone calls or voice calls so simply keep the voice call you might be able to hear that in the background it's ringing through my headphones it's calling Bob to Jim so we could have a conversation and similarly you could do a voice conversation if you wanted to and this setup might work if you're only interested in having a local implementation where you manually configured all users but I suspect that people external they're not going to be happy with this solution a they don't want you to have their password and B this is an administrative nightmare where you're the bottleneck in this process so what do we do well I mentioned it earlier thankfully you can set up registration for Matrix so heading over to the synapse documentation there's some handy tips here for how to get this up and running so the first thing we need to do is go back into our home server.yaml and simply add a few lines in the registration section it really is simple so first thing we need to do is to enable registration that just says yep registration's on because if I now go to element and create an account on my Home Server it would say that registration is disabled so if I change my server to mine I click continue and then I try to create a new account registration has been disabled so let's hop back to the documentation and let's Rectify this so once we've enabled registration by setting the enable registration flag to True we've got a few options now you can enable registration without verification but as the note says that pretty much leaves you wide open to Bots and spam we don't want to do that so the other options are require three pieces of ID or disable msdin registration or use something like a capture and you could even do a token here so the way that I'm going to do this is I'm going to do a captcha I think that's a decent trade-off between security and user experience so let's go and configure registration with a captcha and we'll also need to set up email because we want users to be able to receive their password in an email reset their password via email and have the ability to receive notifications via email when they have a new message waiting for them so to implement capture we're going to use Google's recapture and that requires an API key so we need to head to google.com recapture admin create we need to specify the public base URL which in our case is the server name then we need to get the key and the secret we need to enable registration as true for capture and then we should be good to go then we can redeploy our synapse server and hopefully everything should be up and running let's go ahead and create the recapture key now so heading over to the Google API I filled in my details I've given it the label which is my server name I've specified that I want version 3 of recapture and I've added it to the domain for my Matrix server so hopefully we click submit and then we're presented with our API keys so we need to keep a copy of these because we're going to put them into our config file so hopping back into our Home Server yaml file let's add the necessary section for registration and fill in all of the details to get this up and running so now I've added the details to the bottom of my Home Server yaml file I now need to save this and then restart my synapse container so if I restart my synapse container this should now pick up the new changes and hopefully registration should be enabled let's go and test that in the browser so heading back over to element let's sign in let's specify my server continue and in this case we're going to click create a new account so there we go we're going to create a new username so let's call him test and I've given it a password so let's hit register and here we're presented with a captcha so let's go ahead and complete this oh we've got to pick buses that looks like a bus that looks like a bus and that does let's verify you're in excellent so what do we want to do uh we're going to talk to friends and family so we're not going to improve it and we're going to start our first chat so let's start our first chat and again if we remember let's do at gym and then we're going to put Matrix dot Jim's Garage and hopefully it'll come up with a suggestion yep there we go so exactly the same as before let's hit go let's send a test message we should now be able to go back to our element desktop app and we can see that test has sent a message we can start chatting and voila we've got it working externally so that now users can register as long as they pass a recapture one final thing that I recommend you go and set up is email now this follows the exact same process as previously we simply need to copy these parameters into our homeserver.yaml file and populate them with the SMTP server settings that you receive from your email provider now you might be thinking why do we want to do this well this is how we use things for password resets so at the moment people don't have a password reset so if they forget their password they're not going to be able to reset it so I do recommend you go and configure this and then redeploy your server and it should be really straightforward and I recommend that you then go and test with a password reset Journey so now that we have everything configured and set up let me just show you the mobile application so you get a feel for what it will look like when you're on your mobile device because this is probably the most common use case for this application so once you've downloaded the application on your mobile open it up hit create account I've selected friends and family here I don't think it matters too much but we're going to hit the edit on the server and we're going to change matrix.org to matrix.yourdomain.tld once you've got that hit next you're then going to need your username and password and if you've already configured email you're going to have to specify an email address in here once you've entered those details just hit next it's going to present the capture that we set up complete that and then you should be in then you just need to configure a name and hit next and once you've entered that you should be good to go so now we should be able to start a new chat and this application should look and behave exactly like the desktop or the web-based client so here you can see that I'm sending a message to at gym matrix.jimsgarage.co.uk this is the same user we're using previously and it's come up and shown that it's a known user so if we hit that person we should be able to create a chat with them and it should look and behave exactly like the other application previously so let's jump back in now we sent that message and just validate that it was sent correctly and now that we've created a user on a mobile and we sent a test message we can see that we've received it here and a simple hello gym message so there we go we've got all of the configuration steps set for kind of basic use of synapse and I say basic this already has external facing end-to-end encryption decentralization voice and chat and a whole host more if you want to add it I thoroughly recommend that you go and read through all of the documentation check out all of the features and then enable what you want to have one final thing that you might want to add to this to make it more feature-rich is the highlighted section that I put in the config file in my GitHub now the first part here is to enable three pieces of ID changes so this allows people to change their email address the next part is to allow people to be able to search all users in the directory so when you're wanting to start a new chat it should list all of the people that are available to do so the next bit is around Federation and that's important so we want people who are Federated I.E other Home servers to be able to view our public rooms just remember this is public rooms not private rooms so if you set a room to private it will remain private and the final part is the important bit which enables Federation and as I mentioned earlier Federation is the part whereby you can log into your home server but access other Home servers so not the best analogy but a little bit like you will have an account on Discord and you can access multiple servers this is sort of the same you can log into your server it will validate your identity other Home servers will trust that you've been authenticated through your home server and that your identity is accurate and this will enable you then to log into their Home Server so what this command is doing more specifically is enabling Federation on Port 443 so we already have that exposed through the proxy we don't need to open up and you might see Port 8448 mentioned this command is going to overrule that and actually specify that Federation is available on Port 443 so that's great and once you've got this set up you can go and validate it through the handy Federation tester and I'll show you that quickly now so if you head over to the Matrix Federation tester and enter your server name and hit go hopefully you should get a number of green ticks to show that it's been set up correctly and here you can see that I've got four checks and they all came back a success so I have Federation successfully enabled on my home server and as I showed it really is as simple as adding it to your configuration file and then just restarting your container so thanks for staying with me I know that was a long one and there's quite a lot to get through but hopefully it's been worth it because synapse is an awesome application that I use on a daily basis to have conversations with my friends and family now you're able to do exactly the same and join the decentralized Matrix Network so if you like this video it took me a long time to create Please Subscribe like and drop me a comment and if you want to why don't you jump onto my Matrix server and say hello take care and I'll see you on the next one foreign [Music] thank you

Info

Channel: Jim's Garage

Views: 24,405

Rating: undefined out of 5

Keywords: whatsapp privacy, whatsapp, signal privacy, signal, whatsapp messenger, linux, docker, self hosted, privacy, proxmox, data privacy, private message, end to end encryption, encrypted messages, whatsapp end to end encryption, whatsapp privacy settings, whatsapp alternative, whatsapp security, encryption, element chat, what is whatsapp end to end encryption, encryption whatsapp, matrix protocol, synapse home server, federation, smtp, email, recaptcha, google captcha, gmail, android, ios, ubuntu

Id: SVMHsoWMKI4

Channel Id: undefined

Length: 47min 21sec (2841 seconds)

Published: Fri Aug 11 2023