1
0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2024-12-12 08:43:55 +02:00
matrix-docker-ansible-deploy/docs/configuring-dns.md

105 lines
14 KiB
Markdown
Raw Normal View History

# Configuring your DNS server
To set up Matrix on your domain, you'd need to do some DNS configuration.
To use an identifier like `@<username>:example.com`, you don't actually need
to install anything on the actual `example.com` server.
You do, however need to instruct the Matrix network that Matrix services for `example.com` are delegated
over to `matrix.example.com`.
2019-02-06 09:36:03 +02:00
As we discuss in [Server Delegation](howto-server-delegation.md), there are 2 different ways to set up such delegation:
- either by serving a `https://example.com/.well-known/matrix/server` file (from the base domain!)
2024-10-21 13:31:53 +02:00
- or by using a `_matrix._tcp` DNS SRV record (don't confuse this with the `_matrix-identity._tcp` SRV record described below)
2019-02-06 09:36:03 +02:00
This playbook mostly discusses the well-known file method, because it's easier to manage with regard to certificates.
2019-02-06 13:02:17 +02:00
If you decide to go with the alternative method ([Server Delegation via a DNS SRV record (advanced)](howto-server-delegation.md#server-delegation-via-a-dns-srv-record-advanced)), please be aware that the general flow that this playbook guides you through may not match what you need to do.
2019-02-06 09:36:03 +02:00
2021-03-24 06:05:48 +02:00
## DNS settings for services enabled by default
2020-03-23 17:13:58 +02:00
| Type | Host | Priority | Weight | Port | Target |
| ----- | ---------------------------- | -------- | ------ | ---- | ---------------------- |
| A | `matrix` | - | - | - | `matrix-server-IP` |
| CNAME | `element` | - | - | - | `matrix.example.com` |
2020-03-23 17:13:58 +02:00
Be mindful as to how long it will take for the DNS records to propagate.
If you are using Cloudflare DNS, make sure to disable the proxy and set all records to `DNS only`. Otherwise, fetching certificates will fail.
2020-03-23 17:13:58 +02:00
When you're done configuring DNS, proceed to [Configuring the playbook](configuring-playbook.md).
2021-03-24 06:05:48 +02:00
## DNS settings for optional services/features
| Used by component | Type | Host | Priority | Weight | Port | Target |
| ----------------------------------------------------------------------------------------------------------------------- | ----- | ------------------------------ | -------- | ------ | ---- | --------------------------- |
| [ma1sd](configuring-playbook-ma1sd.md) identity server | SRV | `_matrix-identity._tcp` | 10 | 0 | 443 | `matrix.example.com` |
| [Dimension](configuring-playbook-dimension.md) integration server | CNAME | `dimension` | - | - | - | `matrix.example.com` |
| [Jitsi](configuring-playbook-jitsi.md) video-conferencing platform | CNAME | `jitsi` | - | - | - | `matrix.example.com` |
| [Prometheus/Grafana](configuring-playbook-prometheus-grafana.md) monitoring system | CNAME | `stats` | - | - | - | `matrix.example.com` |
| [Go-NEB](configuring-playbook-bot-go-neb.md) bot | CNAME | `goneb` | - | - | - | `matrix.example.com` |
| [Sygnal](configuring-playbook-sygnal.md) push notification gateway | CNAME | `sygnal` | - | - | - | `matrix.example.com` |
| [ntfy](configuring-playbook-ntfy.md) push notifications server | CNAME | `ntfy` | - | - | - | `matrix.example.com` |
| [Etherpad](configuring-playbook-etherpad.md) collaborative text editor | CNAME | `etherpad` | - | - | - | `matrix.example.com` |
| [Hydrogen](configuring-playbook-client-hydrogen.md) web client | CNAME | `hydrogen` | - | - | - | `matrix.example.com` |
| [Cinny](configuring-playbook-client-cinny.md) web client | CNAME | `cinny` | - | - | - | `matrix.example.com` |
| [SchildiChat](configuring-playbook-client-schildichat.md) web client | CNAME | `schildichat` | - | - | - | `matrix.example.com` |
| [wsproxy](configuring-playbook-bridge-mautrix-wsproxy.md) sms bridge | CNAME | `wsproxy` | - | - | - | `matrix.example.com` |
| [Buscarron](configuring-playbook-bot-buscarron.md) helpdesk bot | CNAME | `buscarron` | - | - | - | `matrix.example.com` |
| [Rageshake](docs/configuring-playbook-rageshake.md) bug report server | CNAME | `rageshake` | - | - | - | `matrix.example.com` |
| [Postmoogle](configuring-playbook-bot-postmoogle.md)/[Email2Matrix](configuring-playbook-email2matrix.md) email bridges | MX | `matrix` | 10 | 0 | - | `matrix.example.com` |
| [Postmoogle](configuring-playbook-bot-postmoogle.md) email bridge | TXT | `matrix` | - | - | - | `v=spf1 ip4:<your-ip> -all` |
| [Postmoogle](configuring-playbook-bot-postmoogle.md) email bridge | TXT | `_dmarc.matrix` | - | - | - | `v=DMARC1; p=quarantine;` |
| [Postmoogle](configuring-playbook-bot-postmoogle.md) email bridge | TXT | `postmoogle._domainkey.matrix` | - | - | - | get it from `!pm dkim` |
When setting up a SRV record, if you are asked for a service and protocol instead of a hostname split the host value from the table where the period is. For example use service as `_matrix-identity` and protocol as `_tcp`.
## Subdomains setup
As the table above illustrates, you need to create 2 subdomains (`matrix.example.com` and `element.example.com`) and point both of them to your new server's IP address (DNS `A` record or `CNAME` record is fine).
The `element.example.com` subdomain may be necessary, because this playbook installs the [Element](https://github.com/element-hq/element-web) web client for you.
If you'd rather instruct the playbook not to install Element (`matrix_client_element_enabled: false` when [Configuring the playbook](configuring-playbook.md) later), feel free to skip the `element.example.com` DNS record.
2019-03-10 10:12:31 +02:00
The `dimension.example.com` subdomain may be necessary, because this playbook could install the [Dimension integrations manager](http://dimension.t2bot.io/) for you. The installation of Dimension is disabled by default, because it's only possible to install it after the other Matrix services are working (see [Setting up Dimension](configuring-playbook-dimension.md) later). If you do not wish to set up Dimension, feel free to skip the `dimension.example.com` DNS record.
The `jitsi.example.com` subdomain may be necessary, because this playbook could install the [Jitsi video-conferencing platform](https://jitsi.org/) for you. The installation of Jitsi is disabled by default, because it may be heavy and is not a core required component. To learn how to install it, see our [Jitsi](configuring-playbook-jitsi.md) guide. If you do not wish to set up Jitsi, feel free to skip the `jitsi.example.com` DNS record.
2020-03-23 17:19:15 +02:00
The `stats.example.com` subdomain may be necessary, because this playbook could install [Grafana](https://grafana.com/) and setup performance metrics for you. The installation of Grafana is disabled by default, it is not a core required component. To learn how to install it, see our [metrics and graphs guide](configuring-playbook-prometheus-grafana.md). If you do not wish to set up Grafana, feel free to skip the `stats.example.com` DNS record. It is possible to install Prometheus without installing Grafana, this would also not require the `stats.example.com` subdomain.
2021-01-30 07:11:44 +02:00
The `goneb.example.com` subdomain may be necessary, because this playbook could install the [Go-NEB](https://github.com/matrix-org/go-neb) bot. The installation of Go-NEB is disabled by default, it is not a core required component. To learn how to install it, see our [configuring Go-NEB guide](configuring-playbook-bot-go-neb.md). If you do not wish to set up Go-NEB, feel free to skip the `goneb.example.com` DNS record.
2021-03-11 20:23:01 +02:00
The `sygnal.example.com` subdomain may be necessary, because this playbook could install the [Sygnal](https://github.com/matrix-org/sygnal) push gateway. The installation of Sygnal is disabled by default, it is not a core required component. To learn how to install it, see our [configuring Sygnal guide](configuring-playbook-sygnal.md). If you do not wish to set up Sygnal (you probably don't, unless you're also developing/building your own Matrix apps), feel free to skip the `sygnal.example.com` DNS record.
2021-05-21 11:43:04 +02:00
The `ntfy.example.com` subdomain may be necessary, because this playbook could install the [ntfy](https://ntfy.sh/) UnifiedPush-compatible push notifications server. The installation of ntfy is disabled by default, it is not a core required component. To learn how to install it, see our [configuring ntfy guide](configuring-playbook-ntfy.md). If you do not wish to set up ntfy, feel free to skip the `ntfy.example.com` DNS record.
2022-06-27 23:20:02 +02:00
The `etherpad.example.com` subdomain may be necessary, because this playbook could install the [Etherpad](https://etherpad.org/) a highly customizable open source online editor providing collaborative editing in really real-time. The installation of Etherpad is disabled by default, it is not a core required component. To learn how to install it, see our [configuring Etherpad guide](configuring-playbook-etherpad.md). If you do not wish to set up Etherpad, feel free to skip the `etherpad.example.com` DNS record.
2022-11-04 11:36:10 +02:00
The `hydrogen.example.com` subdomain may be necessary, because this playbook could install the [Hydrogen](https://github.com/element-hq/hydrogen-web) web client. The installation of Hydrogen is disabled by default, it is not a core required component. To learn how to install it, see our [configuring Hydrogen guide](configuring-playbook-client-hydrogen.md). If you do not wish to set up Hydrogen, feel free to skip the `hydrogen.example.com` DNS record.
The `cinny.example.com` subdomain may be necessary, because this playbook could install the [Cinny](https://github.com/ajbura/cinny) web client. The installation of Cinny is disabled by default, it is not a core required component. To learn how to install it, see our [configuring Cinny guide](configuring-playbook-client-cinny.md). If you do not wish to set up Cinny, feel free to skip the `cinny.example.com` DNS record.
The `schildichat.example.com` subdomain may be necessary, because this playbook could install the [SchildiChat](https://github.com/SchildiChat/schildichat-desktop) web client. The installation of SchildiChat is disabled by default, it is not a core required component. To learn how to install it, see our [configuring SchildiChat guide](configuring-playbook-client-schildichat.md). If you do not wish to set up SchildiChat, feel free to skip the `schildichat.example.com` DNS record.
The `wsproxy.example.com` subdomain may be necessary, because this playbook could install the [wsproxy](https://github.com/mautrix/wsproxy) web client. The installation of wsproxy is disabled by default, it is not a core required component. To learn how to install it, see our [configuring wsproxy guide](configuring-playbook-bridge-mautrix-wsproxy.md). If you do not wish to set up wsproxy, feel free to skip the `wsproxy.example.com` DNS record.
wsproxy for Android SMS (#2261) * Inital work, copeid from mautrix-amp PR * Some fixes leftover code copeid over from whatsapp * Got it to run and register * Fixed service issue with docker image * I now realize I need 2 roles wsproxy and imessage * Got someting working, still rough * Closer to working but still not working * reverting ports * Update main.yml * Add matrix-nginx-proxy config for mautrix-wsproxy * Changed * Add back file * fix for error hopefully * Changed the the way nginx was recieved * basically did not add anything ugh * Added some arguments * just trying stuff now * Ugh i messed up port number * Changed docs * Change dns config * changed generic secret key * Testing new nginx proxy * test * Fix linting errors * Add mautrix syncproxy to wsproxy for Android SMS * WIP * Move wsproxy to custom * Squashed commit of the following: commit 943189a9aa163f9fbcb795636b4cc0fd3c0d2877 Merge: 4a229d68 f5a09f30 Author: Slavi Pantaleev <slavi@devture.com> Date: Sun Nov 13 08:54:32 2022 +0200 Merge pull request #2259 from throny/patch-3 warn users about upgrading to pg15 when using borg commit 4a229d68700536491ee3bec611f62568dbe7c442 Merge: 9b326e08 c68def08 Author: Slavi Pantaleev <slavi@devture.com> Date: Sun Nov 13 08:53:13 2022 +0200 Merge pull request #2260 from etkecc/patch-117 Update ntfy 1.28.0 -> 1.29.0 commit f5a09f30b746f1c19dbec3b077f9d3a612ba15e7 Author: throny <m.throne12@gmail.com> Date: Sat Nov 12 23:48:57 2022 +0100 Update maintenance-postgres.md commit b12cdbd99d381acc587cef7b895cd3ac814a230c Author: throny <m.throne12@gmail.com> Date: Sat Nov 12 23:40:46 2022 +0100 Update maintenance-postgres.md commit c68def0809aa68cf8a7c0c70b1e3ddad39db105a Author: Aine <97398200+etkecc@users.noreply.github.com> Date: Sat Nov 12 22:01:31 2022 +0000 Update ntfy 1.28.0 -> 1.29.0 commit adbc09f152c390af8f272a0580a1810983ae592f Author: throny <m.throne12@gmail.com> Date: Sat Nov 12 11:20:43 2022 +0100 warn users about upgrading to pg15 when using borg * Fix linting errors * Cleanup after merge * Correct outdated variable names * Enable both Android and iMessage with wsproxy * Restructure wsproxy service defs and nginx config * Fix linter errors * Apply suggestions from code review Co-authored-by: Slavi Pantaleev <slavi@devture.com> * Fix comments for documentation, volumes and ports * Correct mount syntax * Complete network and traefik support for wsproxy * Remove wsproxy data_path * Fix wsproxy service definitions * Actually include syncproxy service * Remove wsproxy PathPrefix, it needs a subdomain There's no setting in the iMessage bridge that allows a path. Also don't bind port by default, wsproxy has no TLS. Syncproxy should never expose a port, it's only internal. --------- Co-authored-by: hanthor <jreilly112@gmail.com> Co-authored-by: Miguel Alatzar <miguel@natrx.io> Co-authored-by: Shreyas Ajjarapu <github.tzarina@aleeas.com> Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2023-08-23 14:05:32 +02:00
The `buscarron.example.com` subdomain may be necessary, because this playbook could install the [buscarron](https://github.com/etkecc/buscarron) bot. The installation of buscarron is disabled by default, it is not a core required component. To learn how to install it, see our [configuring buscarron guide](configuring-playbook-bot-buscarron.md). If you do not wish to set up buscarron, feel free to skip the `buscarron.example.com` DNS record.
2022-04-23 15:19:24 +02:00
The `rageshake.example.com` subdomain may be necessary, because this playbook could install the [rageshake](https://github.com/matrix-org/rageshake) bug report server. The installation of Rageshake is disabled by default, it is not a core required component. To learn how to install it, see our [configuring Rageshake guide](configuring-playbook-rageshake.md). If you do not wish to set up Rageshake, feel free to skip the `rageshake.example.com` DNS record.
## `_matrix-identity._tcp` SRV record setup
To make the [ma1sd](https://github.com/ma1uta/ma1sd) Identity Server (which this playbook may optionally install for you) enable its federation features, set up an SRV record that looks like this:
2018-08-15 09:23:22 +02:00
- Name: `_matrix-identity._tcp` (use this text as-is)
- Content: `10 0 443 matrix.example.com` (replace `example.com` with your own)
This is an optional feature for the optionally-installed [ma1sd service](configuring-playbook-ma1sd.md). See [ma1sd's documentation](https://github.com/ma1uta/ma1sd/wiki/mxisd-and-your-privacy#choices-are-never-easy) for information on the privacy implications of setting up this SRV record.
2021-03-24 06:05:48 +02:00
**Note**: This `_matrix-identity._tcp` SRV record for the identity server is different from the `_matrix._tcp` that can be used for Synapse delegation. See [howto-server-delegation.md](howto-server-delegation.md) for more information about delegation.
2018-10-21 14:04:13 +02:00
2021-07-16 22:15:34 +02:00
When you're done with the DNS configuration and ready to proceed, continue with [Getting the playbook](getting-the-playbook.md).
2022-09-09 09:47:00 +02:00
## `_dmarc`, `postmoogle._domainkey` TXT and `matrix` MX records setup
2022-09-09 12:19:25 +02:00
To make the [postmoogle](configuring-playbook-bot-postmoogle.md) email bridge enable its email sending features, you need to configure
2022-09-09 09:47:00 +02:00
SPF (TXT), DMARC (TXT), DKIM (TXT) and MX records