Matrix Dendrite

The Matrix protocol’s default implementation, Synapse, is very memory and processor hungry, mostly due to it being written in the interpreted Python programming language. This means that running Synapse on less powerful servers may take a lot of resources away from other services. If you need a more efficient and less memory-intensive but still fully functional Matrix server, then Dendrite is for you.

Prerequisities

DNS Records and Delegation

You are not required to run a Matrix server under a subdomain (like matrix.example.org), regardless of server software. You can run your server under example.org to ensure usernames and rooms look like @user:example.org and #room:example.org respectively.

Because Matrix uses HTTP for transport over the SSL ports (443 and 8448), you’ll have to configure NGINX for it to work. This can cause confusion, especially if you’re running both a static website and Matrix server under the same domain (like example.org).

Depending on your setup, there are 2 different configurations to achieve this:

  1. Your desired domain (example.org) has an A DNS record that already poinst to your desired Matrix server, so you can configure this or add to your existing NGINX static site configuration to setup Matrix.

  2. You wish to use Matrix with your desired domain (example.org) but this domain’s A record points to a different server, accessible through another domain (like matrix.example.org). In this case, look into delegation.

NGINX Configuration

Here’s an example configuration for a Matrix server running under example.org:

server {
        server_name example.org;

        listen 80;
        listen [::]:80;

        listen 443 ssl http2 default_server;
        listen [::]:443 ssl http2 default_server;

        listen 8448 ssl http2 default_server;
        listen [::]:8448 ssl http2 default_server;

        location ~* ^(\/_matrix|\/_synapse|\/_client) {
                proxy_pass http://localhost:8008;
                proxy_set_header X-Forwarded-For $remote_addr;
                client_max_body_size 50M;
        }

        # These sections are required for client and federation discovery
        # (AKA: Client Well-Known URI)
        location /.well-known/matrix/client {
                return 200 '{"m.homeserver": {"base_url": "https://example.org"}}';
                default_type application/json;
                add_header Access-Control-Allow-Origin *;
        }

        location /.well-known/matrix/server {
                return 200 '{"m.server": "example.org:443"}';
                default_type application/json;
                add_header Access-Control-Allow-Origin *;
        }
}

Let’s say you also want to run a static website under example.org. This can be achieved by adding these usual lines under the server section:

		# Basic static site configuration, like any other site
		root /var/www/example.org;
		index index.html;		

		location / {
                try_files $uri $uri/ =404;
        }

Certbot Certificates

Finally, make sure to download and enable TLS certificates for this setup by using the certbot command:

certbot --nginx -d example.org

Installation

Dendrite has no official distribution packages at the time of writing. To install and run it, you must first install the Go programming language and then compile the Dendrite software from source.

Installing Go

First, download the latest Go tarball:

curl -fLO "https://dl.google.com/go/$(curl https://go.dev/VERSION?m=text).linux-amd64.tar.gz"

Then, extract the contents to /usr/local, which will create the directory /usr/local/go:

tar -C /usr/local -xzfv go*.tar.gz

Then finally, make sure the /usr/local/go/bin/ path is accessible in the $PATH variable for every user by editing /etc/profile and adding the following line:

export PATH=$PATH:/usr/local/go/bin

Compiling and Installing Dendrite

Besides Go, we also need the build-essential package to compile software:

apt install build-essential

Now download the Dendrite repository using git and change directory to it:

git clone https://github.com/matrix-org/dendrite
cd dendrite

Finally, compile Dendrite using go build:

go build -o bin/ ./cmd/...

This might take a few minutes, but once the process is finished you should find the final Dendrite programs populating the bin/ directory.

Configuration

To configure Dendrite, begin by coping the dendrite-sample.yaml configuration file to dendrite.yaml:

cp dendrite-sample.yaml dendrite.yaml

To configure your domain, edit the following under the global: section:

server_name: example.org

Server Signing Keys

Generate the signing keys used by your homeserver with the following command, ran from the Dendrite repository:

./bin/generate-keys --private-key matrix_key.pem

You can also import old keys from Synapse, by specifying their file path in the old_private_keys: variable in dendrite.yaml.

Database Configuration

By default, Dendrite will create SQLite databases for all its various components. On most server deployments however, it is beneficial to run Dendrite with a more efficient database backend, like PostgreSQL.

Begin by installing PostgreSQL:

apt install postgresql

Then start the daemon:

systemctl restart postgresql

Now create a user named dendrite to manage your database:

su -c "createuser --pwprompt dendrite" postgres

And finally, create the actual database:

su -c "psql -c 'CREATE DATABASE dendrite ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER dendrite;'" postgres

Now we can configure this in dendrite.yaml using the connection_string: option under the database: section:

  database:
    connection_string: postgres://dendrite:password@localhost/dendrite?sslmode=disable
    max_open_conns: 90
    max_idle_conns: 5
    conn_max_lifetime: -1

Important: If you find database: sub-sections under the individual Dendrite modules in dendrite.yaml (app_service_api, federation_api, key_server, media_api, mscs, room_server, sync_api and user_api), make sure to comment these out as these would override the global database configuration.

Voice and Video Calls

Dendrite supports native voice and video calling by connecting to a compatible TURN and STUN server.

Begin by setting up the coturn TURN server using the guide provided, setting either a shared secret or a username-password pair for authentication.

Then edit the turn: section in dendrite.yaml:

  turn:
    turn_user_lifetime: "5m"
    turn_uris:
      - turn:turn.example.org?transport=udp
      - turn:turn.example.org?transport=tcp

    turn_shared_secret: "your_shared_secret"

    # If your TURN server requires static credentials, then you will need to enter
    # them here instead of supplying a shared secret. Note that these credentials
    # will be visible to clients!
    # turn_username: ""
    # turn_password: ""

File Directory and Ownership

Like Synapse, it’s recommended you place the Dendrite program files in /opt to keep your server organized:

mv dendrite/ /opt/

It’s also recommended you create a dendrite user, who will own the /opt/dendrite directory, so it can be used to run Dendrite as a service:

useradd dendrite -d /opt/dendrite
chown -R dendrite:dendrite /opt/dendrite

Setting up a systemd Service

Now setup a systemd service in /etc/systemd/system/dendrite.service to run Dendrite automatically for you. Make sure to set the WorkingDirectory to the directory where your Dendrite repository is located!

[Unit]
Description=Dendrite (Matrix Homeserver)
After=syslog.target
After=network.target
After=postgresql.service ## Remove this if you're not using PostgreSQL

[Service]
Environment=GODEBUG=madvdontneed=1
RestartSec=2s
Type=simple
User=dendrite
Group=dendrite
WorkingDirectory=/opt/dendrite/
ExecStart=/opt/dendrite/bin/dendrite
Restart=always
LimitNOFILE=65535

[Install]
WantedBy=multi-user.target

Refresh the systemd daemon configuration by running:

systemctl daemon-reload

And finally, run Dendrite by running:

systemctl restart dendrite

Using Dendrite

Creating Users

To create users on the Dendrite server, first ensure it is running. Then, enter a secret value into the registration_shared_secret: field under the client_api section:

registration_shared_secret: "your_secret_string"

Then, use the ./bin/create-account tool located in its repository:

./bin/create-account -config dendrite.yaml -username user -admin 

This will automatically prompt you for a password.

Congratulations! You’ve installed the Matrix Dendrite homeserver. Now you can login with any Matrix client you wish, and chat securely.


Written by Denshi. Donate Monero at: 48dnPpGgo8WernVJp5VhvhaX3u9e46NujdYA44u8zuMdETNC5jXiA9S7JoYMM6qRt1ZcKpt1J3RZ3JPuMyXetmbHH7Mnc9C