Installing and Configuring Matrix Synapse on a VPS: Your Own Server for Element and Federated Chats
TL;DR
In this detailed guide, we will step-by-step configure your own Matrix Synapse server on a Virtual Private Server (VPS) running Ubuntu 24.04 LTS. You will learn how to install all necessary components, including the PostgreSQL database and the Caddy web server for automatic HTTPS management, as well as how to configure Synapse to ensure secure and federated communication. Ultimately, you will have a fully functional Matrix server that will allow you and your team to use clients like Element for private and group chats, and to interact with other Matrix servers worldwide.
Setting up Matrix Synapse on Ubuntu 24.04 LTS using PostgreSQL.
Automatic acquisition and management of TLS certificates via Caddy.
Detailed instructions for configuring the server for federation and user registration.
Recommendations for choosing a VPS configuration and ensuring security.
Scripts for server backup and maintenance.
What We Are Setting Up and Why
Diagram: What We Are Setting Up and Why
In this tutorial, we will focus on installing and configuring Matrix Synapse – the reference implementation of the Matrix server. Matrix is an open protocol for decentralized, federated real-time communication. Simply put, it's like email, but for instant messaging: you can communicate with people using other Matrix servers, just as you send emails to different mail domains.
Matrix Synapse is the heart of your communication platform. It will handle all messages, manage users, rooms, and ensure a secure connection and federation with other Matrix servers. Element is most commonly used as a client for interacting with your server, available on all platforms (web, desktop, mobile devices). You will be able to connect Element to your own Matrix Synapse server.
What will you get in the end? You will become the owner of your own, fully controlled, and private messaging platform. This is an ideal solution for teams, families, or communities that value privacy and do not want to entrust their correspondence to third-party commercial services. You will be able to create private chats, group rooms, exchange files, make voice and video calls – all under your complete control.
There are alternatives, such as cloud-managed Matrix services (e.g., Element Matrix Services) or proprietary solutions like Slack, Discord, Telegram. Cloud services are convenient because they do not require technical knowledge for setup and maintenance, but you lose some control over your data and pay for a subscription. Proprietary solutions offer rich functionality but are completely centralized and give you no control over your information.
Why self-hosted on a VPS? Choosing your own VPS for Matrix Synapse gives you maximum control over data and infrastructure. You decide where data is stored, who has access to it, and what security rules apply. It is cost-effective in the long run, especially for small and medium-sized teams, and provides flexibility for integration with your other services. You become independent of the policies and prices of third-party providers, gaining complete freedom in managing your communication platform.
What VPS Configuration Is Needed for This Task
Diagram: What VPS Configuration Is Needed for This Task
Choosing the right VPS is crucial for the stable operation of Matrix Synapse. Resource requirements depend on the number of active users, the volume of stored messages and media files, and the intensity of federation usage.
Minimum Requirements (up to 10 active users):
CPU: 1-2 vCPU (modern Intel Xeon or AMD EPYC). Synapse is primarily single-threaded, but background tasks can utilize additional cores.
RAM: 2 GB. This is sufficient for running Synapse, PostgreSQL, and the operating system.
Disk: 40-60 GB NVMe SSD. SSD significantly speeds up database operations. NVMe is preferred over SATA SSD.
Network: 100 Mbps or 1 Gbps. Not critical for text chats, but good bandwidth is desirable for voice/video calls and active federation.
Recommended VPS Plan (up to 50-100 active users):
For comfortable operation and scalability, especially if active voice/video calls or a large chat history are planned, the following configuration is recommended:
CPU: 2-4 vCPU.
RAM: 4-8 GB.
Disk: 80-160 GB NVMe SSD.
Network: 1 Gbps.
For such a configuration, you can consider a VPS with the specified characteristics. It is important to ensure that the disk subsystem uses NVMe SSD for maximum database performance.
When a Dedicated Server is Needed, Not a VPS
A dedicated server becomes necessary when the number of active users exceeds several hundred, or when you plan to store a very large volume of media files, and also if you require maximum performance and resource isolation. Dedicated servers provide predictable performance because all hardware resources (CPU, RAM, disk) are fully available only to you. If you plan to deploy a large-scale corporate Matrix instance that will serve thousands of users, or if you have strict security and physical equipment placement requirements, then a suitable dedicated server will be a more reasonable choice.
Location: What It Affects
The choice of VPS location affects several factors:
Latency: The closer the server is to your primary users, the lower the latency will be. This is especially critical for voice and video calls.
Legislation: Choose a location whose legislation complies with your data storage and privacy requirements.
Availability: Some regions may have better connectivity to certain parts of the world.
It is generally recommended to choose a data center located geographically close to most of your users to ensure the best user experience.
Server Preparation
Diagram: Server Preparation
After gaining access to your new VPS (assuming you are using Ubuntu 24.04 LTS), you need to perform a series of basic settings to improve security and ease of management.
1. Connecting via SSH
Connect to the server as the root user or the user provided to you:
ssh root@ВАШ_IP_АДРЕС
Replace ВАШ_IP_АДРЕС with your VPS's IP address.
2. Creating a New User and Granting Sudo Privileges
Working as root is insecure. Let's create a new user and grant them sudo privileges.
adduser matrixuser # Create a new user named matrixuser
usermod -aG sudo matrixuser # Add the user to the sudo group
Now, exit the current root session and log in as the new user.
exit # Exit root
ssh matrixuser@ВАШ_IP_АДРЕС # Log in as the new user
3. Setting Up SSH Keys (Recommended)
For secure and convenient login, set up SSH keys. Generate them on your local machine (if you haven't already):
ssh-keygen -t rsa -b 4096 # Generate a new SSH key
Then copy the public key to the server:
ssh-copy-id matrixuser@ВАШ_IP_АДРЕС # Copy the public key to the server
After this, you can disable password authentication for SSH (recommended). Edit the /etc/ssh/sshd_config file:
sudo nano /etc/ssh/sshd_config
Find and change the following lines:
PasswordAuthentication no
PermitRootLogin no # Disable direct root login via SSH
Restart the SSH service:
sudo systemctl restart sshd
4. System Update
Always start by updating the package database and installed packages.
sudo apt update # Update the list of available packages
sudo apt upgrade -y # Upgrade installed packages to the latest versions
sudo apt autoremove -y # Remove unnecessary dependencies
5. Installing Basic Utilities
Let's install some useful utilities that will come in handy during the process.
Let's configure UFW to allow only necessary ports.
sudo ufw allow ssh # Allow SSH (port 22 by default)
sudo ufw allow http # Allow HTTP (port 80)
sudo ufw allow https # Allow HTTPS (port 443)
sudo ufw allow 8448/tcp # Port for Matrix federation
sudo ufw enable # Enable the firewall
sudo ufw status # Check firewall status
Make sure SSH is allowed before enabling the firewall, otherwise you may lose access to the server.
7. Configuring Fail2Ban
Fail2Ban is already installed. It is automatically configured to protect SSH. You can check its status:
sudo systemctl status fail2ban
If necessary, you can add additional rules, but the standard configuration is sufficient for a start.
Software Installation — Step-by-Step
Diagram: Software Installation — Step-by-Step
Now that the server is prepared, let's proceed with installing the necessary software: PostgreSQL (database for Synapse), Python and its dependencies, and finally, Matrix Synapse itself.
1. Installing PostgreSQL 16
Matrix Synapse strongly recommends using PostgreSQL for data storage due to its performance and reliability. The latest version of PostgreSQL is available on Ubuntu 24.04 LTS.
After installation, we will create a user and a database for Synapse.
sudo -u postgres psql # Enter the PostgreSQL console as the postgres user
Inside the PostgreSQL console, execute the following commands:
CREATE USER synapse_user WITH PASSWORD 'ВАШ_СЛОЖНЫЙ_ПАРОЛЬ'; -- Create a user for Synapse, replace the password!
CREATE DATABASE synapse_db WITH OWNER synapse_user ENCODING 'UTF8' LC_COLLATE 'C' LC_CTYPE 'C' TEMPLATE template0; -- Create the database
\q -- Exit the PostgreSQL console
Replace ВАШ_СЛОЖНЫЙ_ПАРОЛЬ with a strong password. Write it down, as it will be needed when configuring Synapse.
2. Installing Python 3 and Dependencies
Synapse is written in Python. Ubuntu 24.04 LTS comes with Python 3.12, which is the current version for 2026.
We will install Synapse from the official Matrix repository for Ubuntu, which will provide easier updates.
sudo apt install -y lsb-release wget apt-transport-https # Install utilities for working with repositories
sudo wget -O /usr/share/keyrings/matrix-org-archive-keyring.gpg https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg # Add the repository's GPG key
echo "deb [signed-by=/usr/share/keyrings/matrix-org-archive-keyring.gpg] https://packages.matrix.org/debian/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/matrix-org.list # Add the Matrix repository
sudo apt update # Update the package list to include the new repository
sudo apt install -y matrix-synapse # Install Matrix Synapse (current version 1.100.0+ for 2026)
During the installation, you will be asked for the Server Name. Enter your domain here, for example, matrix.yourdomain.com. This will be the public name of your Matrix server. You will also be asked if you want to use PostgreSQL. Select "Yes" and provide the parameters you created earlier: username synapse_user, database name synapse_db, and password.
4. Installing Caddy Web Server
Caddy is a modern web server that automatically obtains and renews TLS certificates (HTTPS) from Let's Encrypt. This significantly simplifies HTTPS setup compared to Nginx and Certbot.
The main Synapse configuration file is located at /etc/matrix-synapse/homeserver.yaml.
sudo nano /etc/matrix-synapse/homeserver.yaml
Find and modify (or ensure they are set correctly) the following parameters:
server_name: Ensure this is your domain (e.g., matrix.yourdomain.com).
database: Ensure your PostgreSQL database parameters are specified here.
public_baseurl: Set to https://matrix.yourdomain.com/.
enable_registration: Set to true if you want to allow open registration. For private servers, it's better to set it to false and register users manually.
listeners: Ensure Synapse is listening on port 8008 (or another port if you changed it).
Example excerpt from the homeserver.yaml file:
# /etc/matrix-synapse/homeserver.yaml
server_name: "matrix.yourdomain.com" # Replace with your domain
database:
name: "psycopg2"
args:
user: "synapse_user"
password: "ВАШ_СЛОЖНЫЙ_ПАРОЛЬ" # Your PostgreSQL user password
database: "synapse_db"
host: "localhost"
cp_min: 5
cp_max: 10
public_baseurl: "https://matrix.yourdomain.com/"
listeners:
- port: 8008
tls: false
type: http
x_forwarded_for: true
bind_addresses: ['127.0.0.1'] # Listen locally only
resources:
- names: [client, federation]
compress: false
enable_registration: true # Change to false for closed registration
After making changes, restart Synapse:
sudo systemctl restart matrix-synapse
sudo systemctl enable matrix-synapse # Ensure Synapse starts on system boot
3. Configuring Caddy for Matrix Synapse
Now let's configure Caddy to act as a reverse proxy for Synapse and provide HTTPS.
sudo nano /etc/caddy/Caddyfile
Delete all content from the file and insert the following, replacing matrix.yourdomain.com with your domain:
# /etc/caddy/Caddyfile
matrix.yourdomain.com {
# For clients (Element)
reverse_proxy /_matrix/ localhost:8008
# For federation
reverse_proxy /_matrix/federation/ localhost:8008
# For .well-known (auto-discovery)
# If your root domain is yourdomain.com, and Synapse is on matrix.yourdomain.com
# then you need to configure a redirect or proxy for .well-known on the root domain
# This is an example for when both Matrix and .well-known are on the same domain
# If .well-known is on the root domain yourdomain.com:
# reverse_proxy /.well-known/matrix/ matrix.yourdomain.com:8008
# If Synapse and .well-known are on matrix.yourdomain.com:
redir /.well-known/matrix/server /_matrix/federation/v1/well-known/matrix/server 301
redir /.well-known/matrix/client /_matrix/client/v1/well-known/matrix/client 301
}
# If you want clients to be able to connect to your root domain,
# but Synapse is on a subdomain, you need to configure .well-known redirection
# on the root domain yourdomain.com.
# In this case, if your "Server Name" in Synapse is yourdomain.com,
# but Synapse runs on matrix.yourdomain.com, you need to add:
# yourdomain.com {
# redir /.well-known/matrix/server /_matrix/federation/v1/well-known/matrix/server 301
# redir /.well-known/matrix/client /_matrix/client/v1/well-known/matrix/client 301
# # You might also need to proxy or redirect to matrix.yourdomain.com
# # reverse_proxy matrix.yourdomain.com {
# # header_up Host {host}
# # }
# }
Important note about .well-known: Matrix clients look for the .well-known/matrix/server file to determine the server. If your server_name in Synapse (e.g., yourdomain.com) differs from the domain on which Synapse actually runs (e.g., matrix.yourdomain.com), then you need to configure .well-known redirection on the root domain. In our example, we assume that server_name matches the domain on which Caddy runs (matrix.yourdomain.com). If this is not the case, you will need to create a separate block for yourdomain.com in the Caddyfile and configure redirections there.
Caddy will automatically obtain and configure SSL/TLS certificates for your domain.
4. Verifying Functionality
After all configurations, let's check that everything is working as expected.
Check Caddy and HTTPS:
curl -v https://matrix.yourdomain.com/ # Ensure the request goes through HTTPS
You should see a successful response (possibly 404, but with a correct TLS certificate). Check the certificate in your browser.
Check Synapse Client API:
curl -v https://matrix.yourdomain.com/_matrix/client/versions # Should return JSON with API versions
Check Synapse Federation API:
curl -v https://matrix.yourdomain.com/_matrix/federation/v1/version # Should return JSON with server version
Check SRV records (locally):
dig SRV _matrix._tcp.yourdomain.com # Should show your SRV record
dig SRV _matrix-federation._tcp.yourdomain.com # Should show your SRV record
If all checks are successful, your Matrix Synapse server is ready! You can now connect to it using the Element client (or any other Matrix client), specifying matrix.yourdomain.com as the homeserver.
5. Registering the First User
If you set enable_registration: false, you need to register the first user manually.
sudo register_new_matrix_user -c /etc/matrix-synapse/homeserver.yaml https://localhost:8008 # Run the registration utility
Follow the instructions to create a username and password. You can make the first user an administrator, which is very useful for server management.
After this, you can log in to Element using the created credentials and start using your own Matrix server.
Backups and Maintenance
Diagram: Backups and Maintenance
Reliable backup and regular maintenance are key to the stability and longevity of your Matrix server.
What to Back Up
For a full recovery of Matrix Synapse, you will need:
PostgreSQL Database: Contains all messages, metadata, users, and rooms. This is the most critical component.
Synapse Media Store: The directory where Synapse stores all user-uploaded files (images, videos, documents). This is usually /var/lib/matrix-synapse/media_store.
Synapse Configuration File:/etc/matrix-synapse/homeserver.yaml and other files in this directory (e.g., log.yaml).
Caddy Configuration:/etc/caddy/Caddyfile and certificates (although Caddy will restore them itself).
Simple Auto-Backup Script
Let's create a simple script for automatic backups. We will use pg_dump for the database and tar for files.
sudo mkdir -p /opt/backups/matrix # Create directory for backups
sudo chown matrixuser:matrixuser /opt/backups/matrix # Grant permissions to our user
nano /opt/backups/matrix/backup_matrix.sh
Insert the following content into the backup_matrix.sh file:
#!/bin/bash
# Settings
BACKUP_DIR="/opt/backups/matrix"
DATE=$(date +%Y%m%d%H%M%S)
DB_USER="synapse_user"
DB_NAME="synapse_db"
DB_PASSWORD="YOUR_STRONG_PASSWORD" # Use the same password as when configuring PostgreSQL
SYNAPSE_CONFIG_DIR="/etc/matrix-synapse"
SYNAPSE_MEDIA_DIR="/var/lib/matrix-synapse/media_store"
CADDY_CONFIG_DIR="/etc/caddy"
# Stop Synapse for a consistent DB backup (optional, but recommended for large databases)
# sudo systemctl stop matrix-synapse
# PostgreSQL Database Backup
echo "Dumping PostgreSQL database..."
PGPASSWORD="${DB_PASSWORD}" pg_dump -U "${DB_USER}" -h localhost "${DB_NAME}" > "${BACKUP_DIR}/synapse_db_${DATE}.sql"
if [ $? -eq 0 ]; then
echo "Database backup successful: ${BACKUP_DIR}/synapse_db_${DATE}.sql"
else
echo "Database backup failed!"
exit 1
fi
# Media Store and Config Backup
echo "Archiving media store and configurations..."
tar -czf "${BACKUP_DIR}/synapse_data_config_${DATE}.tar.gz" "${SYNAPSE_MEDIA_DIR}" "${SYNAPSE_CONFIG_DIR}" "${CADDY_CONFIG_DIR}"
if [ $? -eq 0 ]; then
echo "Data and config backup successful: ${BACKUP_DIR}/synapse_data_config_${DATE}.tar.gz"
else
echo "Data and config backup failed!"
exit 1
fi
# Start Synapse back up
# sudo systemctl start matrix-synapse
# Delete old backups (keep for 7 days)
find "${BACKUP_DIR}" -type f -name "*.sql" -mtime +7 -delete
find "${BACKUP_DIR}" -type f -name "*.tar.gz" -mtime +7 -delete
echo "Backup process finished."
Make the script executable:
chmod +x /opt/backups/matrix/backup_matrix.sh
For automatic execution, add it to cron. Run the command as user matrixuser:
crontab -e
Add the following line for a daily backup at 3 AM:
Storing backups on the same server as the original data is highly discouraged. In case of hardware failure or server compromise, you will lose everything. It is recommended to use:
External S3-compatible storage: For example, AWS S3, Backblaze B2, or MinIO. For this, you can use utilities like s3cmd or rclone in your script.
Separate VPS: You can set up a second, small VPS and use rsync or scp to copy backups there.
Local storage on your machine: If the server is not critical and you can perform manual copying.
For more advanced backup solutions, consider tools like Restic or BorgBackup, which support deduplication, encryption, and various storage backends.
Updates: rolling vs maintenance window
Rolling updates: For Matrix Synapse, "rolling updates" are typically used – meaning you simply update packages and restart the service. Synapse is designed to be quite resilient to such updates.
Maintenance window: For major PostgreSQL or operating system updates, as well as for Synapse database migrations (which are rare), it is recommended to plan a "maintenance window" when the server will be unavailable. Inform users in advance.
It is recommended to regularly (once a month) update the system:
sudo apt update && sudo apt upgrade -y
sudo apt autoremove -y
sudo systemctl restart matrix-synapse # Restart Synapse after updating system libraries
sudo systemctl restart caddy # Restart Caddy if there were updates
Also, keep an eye on Matrix Synapse project news for information on critical updates and new versions.
Troubleshooting + FAQ
In this section, we will cover common issues you might encounter when setting up Matrix Synapse and provide answers to frequently asked questions.
Federation is not working (cannot communicate with other servers)
What to check:
DNS SRV records: Ensure that _matrix._tcp.yourdomain.com and _matrix-federation._tcp.yourdomain.com correctly point to your server and port 8448. Use dig SRV _matrix._tcp.yourdomain.com.
Firewall (UFW): Ensure that port 8448 is open for incoming connections: sudo ufw status.
Caddy/Nginx: Check web server logs. Ensure it correctly proxies requests to /_matrix/federation/ to Synapse (port 8008).
Synapse Logs: Check Synapse logs for federation errors: sudo journalctl -u matrix-synapse -f. Look for messages related to "federation" or "remote server".
.well-known files: Ensure that https://yourdomain.com/.well-known/matrix/server and https://yourdomain.com/.well-known/matrix/client are accessible and return correct JSON pointing to your server_name.
How to fix: Correct DNS records, open ports in the firewall, check Caddy/Nginx configuration for proxying errors. For .well-known files, if your server_name differs from the root domain, ensure your web server correctly redirects requests to these paths to the domain where Synapse is installed.
Clients cannot connect to the server
What to check:
HTTPS: Ensure your domain is accessible via HTTPS (port 443) and the certificate is valid. Check via browser or curl -v https://matrix.yourdomain.com/.
Caddy/Nginx: Check web server logs. Ensure that requests to /_matrix/client/ are proxied to Synapse.
Synapse Logs: Look for errors related to "client" or "connection".
Port 8008: Ensure that Synapse is listening on port 8008 (or another if you changed it) and is accessible to the web server (netstat -tulnp | grep 8008).
How to fix: Resolve HTTPS issues (Caddy might not have obtained a certificate), check proxying rules in Caddyfile, ensure Synapse is running and listening on the correct port. If you changed server_name in homeserver.yaml, ensure it matches the domain clients are trying to connect to.
Cannot register a new user
What to check:
enable_registration: Check that the enable_registration parameter in /etc/matrix-synapse/homeserver.yaml is set to true. After changing, remember to restart Synapse.
Synapse Logs: Check logs for registration errors.
Spam protection: Synapse has built-in spam protection mechanisms that may block registration. Check the relevant settings.
How to fix: Set enable_registration: true and restart Synapse. If the problem persists, temporarily disable any spam protection in the config to check if it's the cause.
What is the minimum suitable VPS configuration?
For a small personal or family Matrix Synapse server (up to 10 active users), a minimum of 1-2 vCPU, 2 GB RAM, and a 40-60 GB NVMe SSD is required. This configuration will be sufficient for basic chat functions and a small number of media files. However, if you plan active use of voice/video calls or a large volume of message history, it is recommended to increase resources to 4 GB RAM and 80 GB SSD for more stable operation.
What to choose — VPS or dedicated for this task?
The choice between a VPS and a dedicated server depends on the scale of your project and performance requirements. For most personal, family, or small team deployments (up to several hundred users), a VPS will be an optimal and cost-effective solution. It offers sufficient flexibility and performance. A dedicated server becomes necessary if you plan to serve thousands of users, store terabytes of data, or if you have very strict requirements for resource isolation, performance, security, and regulatory compliance. Dedicated servers provide maximum control over hardware but come with higher costs and management complexity.
Server is slow or freezes
What to check:
Resource usage: Use htop or top to monitor CPU and RAM. If Synapse or PostgreSQL consume too many resources, you might be lacking RAM or CPU.
Synapse Logs: Check logs for warnings or errors indicating performance issues (e.g., slow DB queries).
Disk subsystem: A slow disk (especially HDD or slow SATA SSD) can be a bottleneck. Ensure you have an NVMe SSD.
PostgreSQL Indexes: For large databases, ensure that indexes are created and used efficiently. Synapse usually creates them itself, but manual optimization may sometimes be required.
How to fix: If you lack RAM or CPU, consider upgrading your VPS. If the problem is with the disk, ensure you are using an NVMe SSD. Check PostgreSQL and Synapse configurations for inefficient settings. It might be worthwhile to clear old media files or chat history if they are taking up too much space.
Conclusions and Next Steps
Diagram: Conclusions and Next Steps
Congratulations! You have successfully installed and configured your own Matrix Synapse server on a VPS. You now have a fully controlled and private communication platform that provides secure communication for you and your users, and also allows interaction with other Matrix servers worldwide. You have gained valuable experience in deploying and managing complex network services.
Where to go next?
Integration with other services: Explore Matrix Bridges to connect to other chat platforms such as Telegram, Discord, IRC, Slack. This will allow your users to communicate with people on these platforms directly from your Matrix server.
Performance optimization: For large installations, consider using Prometheus and Grafana to monitor server resources and Synapse performance. Optimize PostgreSQL and Synapse settings to improve operational speed.
Additional features: Explore the possibility of adding voice/video calls via your own STUN/TURN servers (e.g., Coturn) to improve communication quality, especially if users are behind NAT.
