2018-05-21 14:45:33 +01:00
# Synapse Docker
2019-02-05 13:42:21 +00:00
This Docker image will run Synapse as a single process. By default it uses a
sqlite database; for production use you should connect it to a separate
postgres database.
2018-05-21 14:45:33 +01:00
2019-02-05 13:42:21 +00:00
The image also does *not* provide a TURN server.
2018-05-21 14:45:33 +01:00
## Volumes
2019-06-27 13:49:48 +01:00
By default, the image expects a single volume, located at ``/data` `, that will hold:
2018-05-21 14:45:33 +01:00
2019-06-27 13:49:48 +01:00
* configuration files;
2018-05-21 14:45:33 +01:00
* temporary files during uploads;
* uploaded media and thumbnails;
* the SQLite database if you do not configure postgres;
* the appservices configuration.
You are free to use separate volumes depending on storage endpoints at your
2019-08-28 04:34:49 -04:00
disposal. For instance, ``/data/media` ` could be stored on a large but low
2018-05-21 14:45:33 +01:00
performance hdd storage while other files could be stored on high performance
endpoints.
In order to setup an application service, simply create an ``appservices` `
directory in the data volume and write the application service Yaml
configuration file there. Multiple application services are supported.
2019-06-27 13:49:48 +01:00
## Generating a configuration file
2019-08-28 04:34:49 -04:00
The first step is to generate a valid config file. To do this, you can run the
image with the `generate` command line option.
2019-06-27 13:49:48 +01:00
You will need to specify values for the `SYNAPSE_SERVER_NAME` and
`SYNAPSE_REPORT_STATS` environment variable, and mount a docker volume to store
the configuration on. For example:
2019-03-07 07:35:14 +00:00
```
2019-05-22 13:53:16 +02:00
docker run -it --rm \
2019-03-07 07:35:14 +00:00
--mount type=volume,src=synapse-data,dst=/data \
-e SYNAPSE_SERVER_NAME=my.matrix.host \
-e SYNAPSE_REPORT_STATS=yes \
matrixdotorg/synapse:latest generate
```
2019-06-27 13:49:48 +01:00
For information on picking a suitable server name, see
https://github.com/matrix-org/synapse/blob/master/INSTALL.md.
2019-03-07 07:35:14 +00:00
2019-06-27 13:49:48 +01:00
The above command will generate a `homeserver.yaml` in (typically)
`/var/lib/docker/volumes/synapse-data/_data` . You should check this file, and
customise it to your needs.
2019-06-25 15:09:22 +01:00
2019-06-27 13:49:48 +01:00
The following environment variables are supported in `generate` mode:
2019-06-25 15:09:22 +01:00
* `SYNAPSE_SERVER_NAME` (mandatory): the server public hostname.
* `SYNAPSE_REPORT_STATS` (mandatory, `yes` or `no` ): whether to enable
anonymous statistics reporting.
2019-06-25 18:21:32 +01:00
* `SYNAPSE_CONFIG_DIR` : where additional config files (such as the log config
and event signing key) will be stored. Defaults to `/data` .
2019-06-27 13:49:48 +01:00
* `SYNAPSE_CONFIG_PATH` : path to the file to be generated. Defaults to
`<SYNAPSE_CONFIG_DIR>/homeserver.yaml` .
2019-06-25 15:18:30 +01:00
* `SYNAPSE_DATA_DIR` : where the generated config will put persistent data
2019-08-28 04:34:49 -04:00
such as the database and media store. Defaults to `/data` .
2019-06-25 15:18:30 +01:00
* `UID` , `GID` : the user id and group id to use for creating the data
directories. Defaults to `991` , `991` .
2019-06-27 13:49:48 +01:00
## Running synapse
Once you have a valid configuration file, you can start synapse as follows:
```
docker run -d --name synapse \
--mount type=volume,src=synapse-data,dst=/data \
-p 8008:8008 \
matrixdotorg/synapse:latest
```
You can then check that it has started correctly with:
```
docker logs synapse
```
If all is well, you should now be able to connect to http://localhost:8008 and
see a confirmation message.
2020-10-11 21:51:11 +02:00
The following environment variables are supported in `run` mode:
2019-06-27 13:49:48 +01:00
* `SYNAPSE_CONFIG_DIR` : where additional config files are stored. Defaults to
`/data` .
* `SYNAPSE_CONFIG_PATH` : path to the config file. Defaults to
`<SYNAPSE_CONFIG_DIR>/homeserver.yaml` .
2019-09-19 22:29:47 +01:00
* `SYNAPSE_WORKER` : module to execute, used when running synapse with workers.
Defaults to `synapse.app.homeserver` , which is suitable for non-worker mode.
2019-06-27 13:49:48 +01:00
* `UID` , `GID` : the user and group id to run Synapse as. Defaults to `991` , `991` .
2019-07-02 19:31:06 +10:00
* `TZ` : the [timezone ](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones ) the container will run with. Defaults to `UTC` .
2019-06-27 13:49:48 +01:00
2020-10-11 21:51:11 +02:00
For more complex setups (e.g. for workers) you can also pass your args directly to synapse using `run` mode. For example like this:
```
docker run -d --name synapse \
--mount type=volume,src=synapse-data,dst=/data \
-p 8008:8008 \
matrixdotorg/synapse:latest run \
-m synapse.app.generic_worker \
--config-path=/data/homeserver.yaml \
--config-path=/data/generic_worker.yaml
```
If you do not provide `-m` , the value of the `SYNAPSE_WORKER` environment variable is used. If you do not provide at least one `--config-path` or `-c` , the value of the `SYNAPSE_CONFIG_PATH` environment variable is used instead.
2020-07-17 18:25:48 +01:00
## Generating an (admin) user
After synapse is running, you may wish to create a user via `register_new_matrix_user` .
This requires a `registration_shared_secret` to be set in your config file. Synapse
must be restarted to pick up this change.
You can then call the script:
```
docker exec -it synapse register_new_matrix_user http://localhost:8008 -c /data/homeserver.yaml --help
```
Remember to remove the `registration_shared_secret` and restart if you no-longer need it.
2019-06-27 13:49:48 +01:00
## TLS support
The default configuration exposes a single HTTP port: http://localhost:8008. It
is suitable for local testing, but for any practical use, you will either need
to use a reverse proxy, or configure Synapse to expose an HTTPS port.
For documentation on using a reverse proxy, see
2019-10-28 16:39:57 +01:00
https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md.
2019-06-27 13:49:48 +01:00
For more information on enabling TLS support in synapse itself, see
https://github.com/matrix-org/synapse/blob/master/INSTALL.md#tls -certificates. Of
course, you will need to expose the TLS port from the container with a `-p`
argument to `docker run` .
## Legacy dynamic configuration file support
2020-02-18 11:41:53 +00:00
The docker image used to support creating a dynamic configuration file based
on environment variables. This is no longer supported, and an error will be
raised if you try to run synapse without a config file.
2019-06-27 13:52:40 +01:00
2020-02-18 11:41:53 +00:00
It is, however, possible to generate a static configuration file based on
the environment variables that were previously used. To do this, run the docker
2019-06-27 13:52:40 +01:00
container once with the environment variables set, and `migrate_config`
2019-08-28 04:34:49 -04:00
command line option. For example:
2019-06-27 13:52:40 +01:00
```
docker run -it --rm \
--mount type=volume,src=synapse-data,dst=/data \
-e SYNAPSE_SERVER_NAME=my.matrix.host \
-e SYNAPSE_REPORT_STATS=yes \
matrixdotorg/synapse:latest migrate_config
```
2020-02-18 11:41:53 +00:00
This will generate the same configuration file as the legacy mode used, and
will store it in `/data/homeserver.yaml` . You can then use it as shown above at
[Running synapse ](#running-synapse ).
Note that the defaults used in this configuration file may be different to
those when generating a new config file with `generate` : for example, TLS is
enabled by default in this mode. You are encouraged to inspect the generated
configuration file and edit it to ensure it meets your needs.
2019-11-22 19:54:05 +00:00
## Building the image
If you need to build the image from a Synapse checkout, use the following `docker
build` command from the repo's root:
2020-02-18 11:41:53 +00:00
2019-11-22 19:54:05 +00:00
```
docker build -t matrixdotorg/synapse -f docker/Dockerfile .
```
You can choose to build a different docker image by changing the value of the `-f` flag to
point to another Dockerfile.
2020-08-24 18:15:18 +01:00
## Disabling the healthcheck
If you are using a non-standard port or tls inside docker you can disable the healthcheck
whilst running the above `docker run` commands.
```
--no-healthcheck
```
## Setting custom healthcheck on docker run
If you wish to point the healthcheck at a different port with docker command, add the following
```
--health-cmd 'curl -fSs http://localhost:1234/health'
```
## Setting the healthcheck in docker-compose file
You can add the following to set a custom healthcheck in a docker compose file.
You will need version >2.1 for this to work.
```
healthcheck:
test: ["CMD", "curl", "-fSs", "http://localhost:8008/health"]
interval: 1m
timeout: 10s
retries: 3
```