Matrix Synapse

Matrix is easy-to-use, decentralized and encrypted private chat software. Matrix is federated, meaning that with a Matrix account on any server, including your own, you can talk to any other Matrix account on the internet, similar to email. Matrix also allows fully end-to-end encrypted group chats.

Synapse is the name of the default Matrix server. It is written in Python. While it is requires somewhat more system resources than an XMPP server, it makes up for that in being very accessible to non-technical users.


Synapse is not in the Debian package repositories by default, but we can easily add Matrix's repository including it:

apt install -y lsb-release wget apt-transport-https
wget -O /usr/share/keyrings/matrix-org-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/matrix-org-archive-keyring.gpg] $(lsb_release -cs) main" > /etc/apt/sources.list.d/matrix-org.list

After we update our packages lists, we will be able to install Synapse with apt.

apt update
apt install matrix-synapse-py3

When prompted, give your main domain name (not a subdomain). This will be the domain appended to your Matrix address, e.g.

Nginx configuration

Create an Nginx configuration file for Matrix, say /etc/nginx/sites-available/matrix and add the content below:

server {
        server_name ;
        listen 80;
        listen [::]:80;
        location / {
                proxy_pass http://localhost:8008;
        location ~* ^(\/_matrix|\/_synapse\/client) {
                proxy_pass http://localhost:8008;
                proxy_set_header X-Forwarded-For $remote_addr;
                client_max_body_size 50M ;
        location /.well-known/matrix/server {
                return 200 '{"m.homeserver": {"base_url": ""}}';
                default_type application/json;
                add_header Access-Control-Allow-Origin *;

Note the client_max_body_size variable. By default, Nginx caps the size of files it can transfer. We increase that to 50M if needed by Matrix. (Note however that both Matrix and Nginx have seperate settings for this and to raise it to something much larger, you will have to increase the value in both configuration files.)

Now let's enable the Nginx Matrix site and reload Nginx to make it active.

ln -s /etc/nginx/sites-available/matrix /etc/nginx/sites-enabled
systemctl reload nginx


Obviously, we need to encrypt our matrix subdomain as well. Let's do that with certbot:

certbot --nginx -d


Read the config file

The configuration file for Matrix is in /etc/matrix-synapse/homeserver.yaml. It is well documented and commented, so you can read about the settings, but let's change the essential ones here.

Make what changes you want and run systemctl reload matrix-synapse to make the system configuration active.

Create an administrator account

If you allow open registration on your server in the configuration file, you can create an account through Element or another Matrix client, but you are probably going to want an official admin account to use. To make one, simply run the following command, which will then give you several choices for creating a user, among which will be the ability to make it an admin.

cd /etc/matrix-synapse

register_new_matrix_user -c homeserver.yaml http://localhost:8008

Error Shared secret registration is not enabled

Sometimes the default configuration is not fully setup, so you need to add the following the keys to your homeserver.yaml:

Make sure to restart Matrix Synapse

systemctl restart matrix-synapse

Using Matrix with Element Matrix logoElement

There are many different clients that can be used on desktops or phones to chat on your Matrix server, but the most popular and most widely vetted is ElementlogoElement.

Get Element to access your Matrix server:

Note also that Element has a web client (i.e. a version that can be accessed on your own website) that is also easy to install on an Nginx server, although that will be covered in another article.