Declarative, Decentralised, and Secure communication via Matrix, Jitsi, & NixOS

https://kaushikc.org/posts/matrix-jitsi-nixos.html

5 Likes

you can also put your nixos tag into the planet.nixos.org

1 Like

Thanks for this! I tried following your instructions (just for the matrix bit so far) and it mostly seems to work fine, just a couple of notes:

  • I had to add listen configuration for the nginx reverse proxy to forward port 8448 as well as 443: otherwise it doesn’t listen on 8448 for me at all.
  • You can skip "webclient" in the listener resources: apparently this does nothing and synapse warns about it in the startup logs.

Am glad it worked.

I thought port 8448 is the federation port which is required by other servers and is default unless one setup delegation for servers to check .well-known/matrix/server directory for the federation path as described here - https://github.com/matrix-org/synapse/blob/883ac4b1bb7c520e928e8a42d7700de7f0d56055/docs/delegate.md

Do you have to take care of 8448 with .well-known based delegation as well?

Great article! Thanks for mentioning my PR :laughing: I just want to point out that the following bit is no longer true (your configs do it manually so they are correct however):

and enable LetsEncrypt certification for the same

Btw I’m also running Synapse on single port (proxy 443 -> synapse 8448), no .well-known based delegation, and following SRV record, and it seems to work fine:

_matrix._tcp.example.org has SRV record 10 0 443 example.org