SysAdmin/DevOps Engineer
Hosting your own Matrix Synapse server using Ansible
Why
There are many reasons for hosting your own matrix server. Here are some of them:
- Control of your data: Maybe you need something similar to closed source platforms like Microsoft Teams or Slack, but you don’t want them to have all your personal data.
- Bridges: Matrix has the ability to set up bridges to other platforms like WhatsApp, Telegram, Microsoft Teams and many others.
- WhatsApp alternative: Matrix has a lot of functionalities, but you can just tell your friends to switch to your Matrix instance (or any other instance, thanks to its federation capabilities) and stop using the Facebook proprietary software for your personal and private communications.
- Learning purposes: Why not? Just try it.
How
There is an official ansible playbook for deploying the full Synapse server. You can follow its great documentation using this link. There is a problem though: the default setup works if you have only matrix and no other services/reverse proxy installed in your server.
…Seting up a reverse proxy with HTTPS for intranet services
I have been selfhosting some useful services on my home raspberry pi for a while. It is easy to set up a reverse proxy and expose the services to the Internet and access then from everywhere, but I didn’t want to allow access to a lot of them from the outside, such as radarr or sonarr.
The solution I adopted for a long time is to set up a VPN, access my local network trough the VPN and then connect to the services. This is not optimal, because I have to enter something along the lines of http://X.X.X.X:YYYY
to access the website. Even if I setup a reverse proxy to access a service with http://service.local
, the connection is still made through unencrypted HTTP. A lot of browsers nowadays do not like plain HTTP connections, and even for a local network, you may not like using unencrypted connections either.
Banning bots in nginx using fail2ban
Some days ago I started learning a bit more about fail2ban in order to ban bad HTTP petitions reaching my nginx server. Here is a brief of what I learnt and did.
fail2ban jails
Normally configured in /etc/fail2ban/jail.local
file. In this file you configure fail2ban jails. Each jail will search for a type of bad behavior and ban IPs with that specific pattern.
Here is an example of a little jail I made.