* Update docs/configuring-playbook-base-domain-serving.md: add an anchor link to docs/configuring-dns.md Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Update documentation related to server delegation Summary: - Add explanation about server delegation and DNS setting for it to docs/configuring-dns.md; "delegation" is a technical term and it is worth being explained simply - Edit explanation about delegation to docs/configuring-playbook-base-domain-serving.md - Use common expressions - Simplify explanation about delegation on docs/configuring-well-known.md and move explanation about the alternative which avoids involving the base domain from that page to its upper documentation, which is docs/howto-server-delegation.md Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Apply suggestions from code review Co-authored-by: Slavi Pantaleev <slavi@devture.com> * Update docs/configuring-dns.md: iterate Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Fix an anchor link to howto-srv-server-delegation.md Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Minor rewording * Minor rewording * Minor rewording --------- Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> Co-authored-by: Suguru Hirahara <acioustick@noreply.codeberg.org> Co-authored-by: Slavi Pantaleev <slavi@devture.com>
15 KiB
Configuring your DNS server
⚡️Quick start | Prerequisites > Configuring your DNS server > Getting the playbook > Configuring the playbook > Installing
To set up Matrix on your domain, you'd need to do some DNS configuration.
DNS setting for server delegation (optional)
In the sample vars.yml
(examples/vars.yml
), we recommend to use a short user identifier like @<username>:example.com
.
To use such an identifier, you don't need to install anything on the actual example.com
server. Instead, you need to instruct the Matrix network that Matrix services for example.com
are redirected over to matrix.example.com
. This redirection is also known as "delegation".
As we discuss in Server Delegation, server delegation can be configured in either of these ways:
- Setting up a
/.well-known/matrix/server
file on the base domain (example.com
) - Setting up a
_matrix._tcp
DNS SRV record
For simplicity reasons, this playbook recommends you to set up server delegation via a /.well-known/matrix/server
file, instead of using a DNS SRV record.
If you choose the recommended method (file-based delegation), you do not need to configure the DNS record to enable server delegation. You will need to add a necessary configuration later, when you finalize the installation after installing and starting Matrix services.
On the other hand, if you choose this method (setting up a DNS SRV record), you need to configure the additional DNS record as well as adjust SSL certificate handling. Take a look at this documentation for more information: Server Delegation via a DNS SRV record (advanced)
DNS settings for services enabled by default
Type | Host | Priority | Weight | Port | Target |
---|---|---|---|---|---|
A | matrix |
- | - | - | matrix-server-IP |
CNAME | element |
- | - | - | matrix.example.com |
Be mindful as to how long it will take for the DNS records to propagate.
If you are using Cloudflare DNS, make sure to disable the proxy and set all records to DNS only
. Otherwise, fetching certificates will fail.
DNS settings for optional services/features
Used by component | Type | Host | Priority | Weight | Port | Target |
---|---|---|---|---|---|---|
ma1sd identity server | SRV | _matrix-identity._tcp |
10 | 0 | 443 | matrix.example.com |
Dimension integration server | CNAME | dimension |
- | - | - | matrix.example.com |
Jitsi video-conferencing platform | CNAME | jitsi |
- | - | - | matrix.example.com |
Prometheus/Grafana monitoring system | CNAME | stats |
- | - | - | matrix.example.com |
Go-NEB bot | CNAME | goneb |
- | - | - | matrix.example.com |
Sygnal push notification gateway | CNAME | sygnal |
- | - | - | matrix.example.com |
ntfy push notifications server | CNAME | ntfy |
- | - | - | matrix.example.com |
Etherpad collaborative text editor | CNAME | etherpad |
- | - | - | matrix.example.com |
Hydrogen web client | CNAME | hydrogen |
- | - | - | matrix.example.com |
Cinny web client | CNAME | cinny |
- | - | - | matrix.example.com |
SchildiChat Web client | CNAME | schildichat |
- | - | - | matrix.example.com |
wsproxy sms bridge | CNAME | wsproxy |
- | - | - | matrix.example.com |
Buscarron helpdesk bot | CNAME | buscarron |
- | - | - | matrix.example.com |
rageshake bug report server | CNAME | rageshake |
- | - | - | matrix.example.com |
Postmoogle/Email2Matrix email bridges | MX | matrix |
10 | 0 | - | matrix.example.com |
Postmoogle email bridge | TXT | matrix |
- | - | - | v=spf1 ip4:<your-ip> -all |
Postmoogle email bridge | TXT | _dmarc.matrix |
- | - | - | v=DMARC1; p=quarantine; |
Postmoogle email bridge | TXT | postmoogle._domainkey.matrix |
- | - | - | get it from !pm dkim |
When setting up a SRV record, if you are asked for a service and protocol instead of a hostname split the host value from the table where the period is. For example use service as _matrix-identity
and protocol as _tcp
.
Subdomains setup
As the table above illustrates, you need to create 2 subdomains (matrix.example.com
and element.example.com
) and point both of them to your new server's IP address (DNS A
record or CNAME
record is fine).
The element.example.com
subdomain may be necessary, because this playbook installs the Element Web client for you. If you'd rather instruct the playbook not to install Element Web (matrix_client_element_enabled: false
when Configuring the playbook later), feel free to skip the element.example.com
DNS record.
The dimension.example.com
subdomain may be necessary, because this playbook could install the Dimension integration manager for you. The installation of Dimension is disabled by default, because it's only possible to install it after the other Matrix services are working (see Setting up Dimension integration manager later). If you do not wish to set up Dimension, feel free to skip the dimension.example.com
DNS record.
The jitsi.example.com
subdomain may be necessary, because this playbook could install the Jitsi video-conferencing platform for you. The installation of Jitsi is disabled by default, because it may be heavy and is not a core required component. To learn how to install it, see our Jitsi guide. If you do not wish to set up Jitsi, feel free to skip the jitsi.example.com
DNS record.
The stats.example.com
subdomain may be necessary, because this playbook could install Grafana and setup performance metrics for you. The installation of Grafana is disabled by default, it is not a core required component. To learn how to install it, see our metrics and graphs guide. If you do not wish to set up Grafana, feel free to skip the stats.example.com
DNS record. It is possible to install Prometheus without installing Grafana, this would also not require the stats.example.com
subdomain.
The goneb.example.com
subdomain may be necessary, because this playbook could install the Go-NEB bot. The installation of Go-NEB is disabled by default, it is not a core required component. To learn how to install it, see our configuring Go-NEB guide. If you do not wish to set up Go-NEB, feel free to skip the goneb.example.com
DNS record.
The sygnal.example.com
subdomain may be necessary, because this playbook could install the Sygnal push gateway. The installation of Sygnal is disabled by default, it is not a core required component. To learn how to install it, see our configuring Sygnal guide. If you do not wish to set up Sygnal (you probably don't, unless you're also developing/building your own Matrix apps), feel free to skip the sygnal.example.com
DNS record.
The ntfy.example.com
subdomain may be necessary, because this playbook could install the ntfy UnifiedPush-compatible push notifications server. The installation of ntfy is disabled by default, it is not a core required component. To learn how to install it, see our configuring ntfy guide. If you do not wish to set up ntfy, feel free to skip the ntfy.example.com
DNS record.
The etherpad.example.com
subdomain may be necessary, because this playbook could install the Etherpad a highly customizable open source online editor providing collaborative editing in really real-time. The installation of Etherpad is disabled by default, it is not a core required component. To learn how to install it, see our configuring Etherpad guide. If you do not wish to set up Etherpad, feel free to skip the etherpad.example.com
DNS record.
The hydrogen.example.com
subdomain may be necessary, because this playbook could install the Hydrogen web client. The installation of Hydrogen is disabled by default, it is not a core required component. To learn how to install it, see our configuring Hydrogen guide. If you do not wish to set up Hydrogen, feel free to skip the hydrogen.example.com
DNS record.
The cinny.example.com
subdomain may be necessary, because this playbook could install the Cinny web client. The installation of Cinny is disabled by default, it is not a core required component. To learn how to install it, see our configuring Cinny guide. If you do not wish to set up Cinny, feel free to skip the cinny.example.com
DNS record.
The schildichat.example.com
subdomain may be necessary, because this playbook could install the SchildiChat Web client. The installation of SchildiChat Web is disabled by default, it is not a core required component. To learn how to install it, see our configuring SchildiChat Web guide. If you do not wish to set up SchildiChat Web, feel free to skip the schildichat.example.com
DNS record.
The wsproxy.example.com
subdomain may be necessary, because this playbook could install the wsproxy web client. The installation of wsproxy is disabled by default, it is not a core required component. To learn how to install it, see our configuring wsproxy guide. If you do not wish to set up wsproxy, feel free to skip the wsproxy.example.com
DNS record.
The buscarron.example.com
subdomain may be necessary, because this playbook could install the Buscarron bot. The installation of Buscarron is disabled by default, it is not a core required component. To learn how to install it, see our configuring Buscarron guide. If you do not wish to set up Buscarron, feel free to skip the buscarron.example.com
DNS record.
The rageshake.example.com
subdomain may be necessary, because this playbook could install the rageshake bug report server. The installation of rageshake is disabled by default, it is not a core required component. To learn how to install it, see our configuring rageshake guide. If you do not wish to set up rageshake, feel free to skip the rageshake.example.com
DNS record.
_matrix-identity._tcp
SRV record setup
To make the ma1sd Identity Server (which this playbook may optionally install for you) enable its federation features, set up an SRV record that looks like this:
- Name:
_matrix-identity._tcp
(use this text as-is) - Content:
10 0 443 matrix.example.com
(replaceexample.com
with your own)
This is an optional feature for the optionally-installed ma1sd service. See ma1sd's documentation for information on the privacy implications of setting up this SRV record.
Note: This _matrix-identity._tcp
SRV record for the identity server is different from the _matrix._tcp
that can be used for Synapse delegation. See howto-server-delegation.md for more information about delegation.
_dmarc
, postmoogle._domainkey
TXT and matrix
MX records setup
To make the postmoogle email bridge enable its email sending features, you need to configure SPF (TXT), DMARC (TXT), DKIM (TXT) and MX records
When you're done with the DNS configuration and ready to proceed, continue with Getting the playbook.