Protect Your Privacy! Use Matrix: A Self-Hosted, E2E Encrypted, Alternative to WhatsApp and Signal

Рет қаралды 26,572

Күн бұрын

With Online Privacy Bills looming, perhaps it's time to take back control? Matrix is a powerful replacement for all of your messaging apps, meaning you no longer have to rely on 3rd party hosted services like WhatsApp, Signal, and Discord. It's a self-hosted, end to end encrypted, and decentralised platform that is highly secured, with a specific focus on privacy and ease of use.
Join me as I show you what Matrix and Synapse are, discuss the key features of the platform, and provide a complete 'How To' guide to deploy it in your home, complete with configuration files on my GitHub.
Why not send me a message on Matrix when you're up and running?:
matrix.to/#/#jims-garage:matrix.jimsgarage.co.uk
Docker-Compose: github.com/JamesTurland/JimsG...
Matrix:
matrix.org
Find me on:
Discord: / discord
Twitter: / jimsgarage_
Reddit: / jims-garage
GitHub: github.com/JamesTurland/JimsG...
00:00 - Introduction to Matrix & Synapse
02:38 - Matrix Features Overview
05:24 - Matrix Mission & Manifesto
06:06 - Matrix Clients (Application)
07:28 - Element Chat Client
08:44 - What is Synapse?
10:26 - Deploying Synapse (Steps Required)
11:48 - Creating and Tweaking a Synapse Configuration File
19:32 - Docker Compose Overview
24:56 - Docker Deployment
26:40 - Create a Synapse Admin User
28:28 - Connect To Our Server As Admin With Element Chat (Browser)
29:50 - Create a Room and Send Your First Message
31:50 - Backing Up Security Keys
34:48 - Create Additional Users (Terminal & Create Account)
35:10 - Testing New User Works & Can Send Messages
37:20 - Setting Up Registration For New Users
39:00 - Setting Up Captcha For New Users
40:32 - Testing New Captcha & User Registration
41:54 - Setting Up Email & SMTP For User Registration & Password Reset
42:43 - Mobile Element Application Walkthrough (Android)
44:34 - Enable Matrix Federation
46:14 - Matrix Federation Tester
46:45 - Outro

Пікірлер: 79

@robertfichtinger 11 ай бұрын

Great video once more, really admirable how you are able to bring this complex material in an easy to understand way 👏🏻 Looking forward to your kubernetes set-up, as I think it would be great if I could just add more resources to these type of containers when needed. Indeed, bridging would also be nice, because it is hard to have others switch to matrix. Did you also considers dendrite instead of synapse? Mastodon would also be very interesting. Your channel is a true gem 💎!

@Jims-Garage 11 ай бұрын

Thanks so much, Robert. I chose Matrix simply because it is the largest, and most mature from the research I did, and my own experience (even though there are others that have similar features). I find if you're trying to convince people to jump ship it's easier when it's something that is "widely" used. I will likely do a follow up on a Discord bridge as I'm going to set that up for my own Jim's Garage Discord server anyway. Kubernetes is coming, there's just a few more 'core' apps and items I want to cover first. I know kubernetes is going to be niche, so I'm keen to have people fully set up on docker first.

@mikebakkeyt 9 ай бұрын

echo the request for bridges - I also use telegram with bots for my internal alerting so bridging would be great. I'd also agree a different piece of content would be a Mastodon server and maybe how to integrate with Matirx (I'm assuming they can as they both seem federated but maybe I'm just deluded 🙂

@SparxNet 11 ай бұрын

A major problem isn't technical - it's about getting your contacts to use alternatives other than the usual suspects. That perhaps is more of a challenge than actually installing and using the software.

@Jims-Garage 11 ай бұрын

I agree with you, adoption and mind switching is the hardest part. Hopefully I've called out how seamless it should be for people, but it's still a bit more effort than just downloading something 'that works'. Hopefully the benefits are in line with the effort.

@Felix-ve9hs 11 ай бұрын

Absolutely, it's the same with Signal, I only managed to convice 10 people to use it in the last 2 years ...

@blender_wiki 6 ай бұрын

Using matrix self hosted server for our business since the beginning of the project, highly recommended

@Jims-Garage 6 ай бұрын

That's great to hear. I wish it was more popular!

@peterwassmuth4014 3 ай бұрын

Awesome Thank you for Sharing! 💯✴

@chell6022 11 ай бұрын

Thank you and God bless.

@chrisumali9841 11 ай бұрын

Thanks for the demo and info, have a great day

@Jims-Garage 11 ай бұрын

Thanks, Chris. Enjoy the weekend.

@jeroenwieldraaijer 7 ай бұрын

I also could not get in touch through matrix, but thank you. This video helped me setup matrix synapse and I managed to figure out the proxy and whatsapp bridge myself. Now I can finally read messages from WhatsApp groups on my iPhone without having to install that Meta stuff which i refuse to use. Sadly most people don’t care about privacy.

@Jims-Garage 7 ай бұрын

Thanks. Unfortunately I had to close down the matrix server as it was being spammed.

@PK5Dloks 8 ай бұрын

Nice solid video for getting yourself set up with a basic Matrix instance. Well done! I've been running a server for a group of friends for just over two years now, it's been absolutely rock steady and has been surprisingly simple to keep maintained. Slowly over time I'm bringing more friends on-board. It runs really smooth on an on-prem server with UPS backup and redundant failover networking, so has about 99.8% uptime so far (downtime is me tinkering with it lol). Tried to drop you a message via the room link, but seems it's not there anymore.

@Jims-Garage 8 ай бұрын

Hey, thanks! It is there just I've had to put an aggressive geo block on it due to spam. I love it , just wish more people used it...

@kevinhughes9801 11 ай бұрын

Excellent video thank you defo getting this setup

@Jims-Garage 11 ай бұрын

No problem 👍 Drop a hello in my public Matrix channel when you have it up and running.

@kevinhughes9801 11 ай бұрын

@@Jims-Garage will do thanks

@danbrown586 6 ай бұрын

Good and clear explanation. I've been running Synapse for probably a year or so now as "one chat to rule them all"--I have the bridges installed for iMessage, Signal, Telegram, and WhatsApp, so I can use one app to communicate with any of those. Including iMessage on a Windows machine--that bridge is kind of fiddly to set up (and it looks like they're in the process of a complete overhaul of it), but it still works pretty well.

@Jims-Garage 6 ай бұрын

That's awesome, good job. How do you find the experience? Do any non-Techie friends and family use it?

@danbrown586 6 ай бұрын

@@Jims-Garage That wasn't really my purpose in installing it, so I haven't pursued having my non-techie friends/family use my Synapse server. Most of them are using my mail server, which is a start, and a few are using my self-hosted Bitwarden server. Once thing at a time... I have it installed on an Oracle VPS, which is free since it's small enough. There's an Ansible installation that takes care of most of the details (except, at the time, for the iMessage bridge)--Synapse itself, Synapse Admin, web client(s) of your choice, bridges of choice, etc. Pretty comprehensive, but it's a lot of moving pieces.

@alpineai 6 ай бұрын

Wow do tell

@dmbrv 11 ай бұрын

Awesome video

@TismoGaming 4 ай бұрын

Hey Jim. Love your videos. Caption idea for your Merch: {it’s pretty straightforward} Looking forward to a free hoodie for the idea 😅

@Jims-Garage 4 ай бұрын

Haha, thanks for the idea 😜

@idenver_bot 11 ай бұрын

Great content, keep doing that

@Jims-Garage 11 ай бұрын

Thanks 👍

@ahwx 11 ай бұрын

Looks good! Is there a follow-up planned with Matrix bridges? (looks like you don't really talk about them, seeing the chapters in the description.)

@Jims-Garage 11 ай бұрын

Thanks. Happy to visit some of them if there's sufficient interest.

@freestudymusic550 4 ай бұрын

I use signal is very good❤

@user-rg2zg2oj9y 4 ай бұрын

You should do this on ubuntu and show everything you have, like if you are setting up a reverse proxy, full in depth tutorail

@janhenkins 2 ай бұрын

Hi Jim. Thanks, cracking video - I'm busy working through it to get Matrix installed. I have a couple of questions regarding the initial docker command at timecode 11:50 and onwards: Why does it have to be run via SUDO at all? Surely if we have (a) the user we are running as (ubuntu in this case) set to be part of the docker group, there should not be a need for SUDO, and therefore we won't have permission issues. Is this a valid argument? And (b) would it be possible to change "dst=data" to "dst=./data" so that the config and certs are created in a subfolder called "data" in our working directory? Thanks for all your beautifully crafted videos, they are an inspiration! 🙂

@Jims-Garage 2 ай бұрын

Thanks. It doesn't have to be run as sudo if you've added your user to the sudo group (that's up to you). Yes, you can use ./ notation if you want to create local directories, completely up to you how you want your folder structure.

@mikebakkeyt 9 ай бұрын

Very useful thanks. Just one question - what was the database name specified in the config file - PSYCOPG2 - couldn't relate that to anything as I think you called the PGDB Synapse? For future content - really suggest the topic of enabling external calling as in my experience, that is always a nightmare. I assume it involves deploying coturn and that seems a black art.

@Jims-Garage 9 ай бұрын

Thanks. Yes, I haven't touched on coturn yet as my understanding is that NAT breaks it, which pretty much rules out home use. I do recommend jitsi though if you need a voice conference tool, I have a video on that.

@damswallace2408 5 ай бұрын

Hello Jim, Firstly, thanks for your hard work. Lots of your videos help me to understand how to deploy easily dokcer container. I was able to deploy SYNAPSE without so much problem (except securityHeader middle middleware in Traefik that was "too" secure lol). But ... ! Everything is working in Synapse when 1 client is on the lan network. Since both client are outside of the line, call are ringing but you cannot hear anybody. Do you have the same behavior ? Looks like a TURN server is required, do you agree ? Or Am I missing something ? Regards,

@Jims-Garage 5 ай бұрын

Yes, calls require a turn server. You can either do that or check out my jitsi video (far simpler)

@sethharpenger607 20 күн бұрын

So, A matrix isn't secure, they can tell who's in what rooms and when they're posting B they can't close their rooms because of how that process works to CP is just rampant

@Jims-Garage 17 күн бұрын

Matrix is definitely secure if you configure it correctly, remember that privacy and security are very different things. You can also restrict access if you want but by default it's designed to be open and federated (AFAIK).

@MarcMcMillin 8 ай бұрын

Hi Jim! great video as usual. Thank your for making this one. I followed your instructions closely and I'm getting an error where when I'm spinning up the container, it says it can't find the homeserver.yml file (Config file '/data/homeserver.yaml' does not exist. You should either create a new config file by running with the `generate` argument (and then edit the resulting file before restarting) or specify the path to an existing config file with the SYNAPSE_CONFIG_PATH variable.) Wondering if you have any thoughts on this?

@Jims-Garage 8 ай бұрын

Thanks 👍 double check your bind mount for the homeserver.yaml file. This is something you can copy from my GitHub and tweak. It needs to be in the right place before it'll run.

@MarcMcMillin 8 ай бұрын

I rechecked my binding and tweaked it and now everything is golden! Thanks 🙂@@Jims-Garage

@mahadevaswamy8190 11 ай бұрын

sir i wanted to know how you will host each docker services like will you spin up new vm /lxc container for each service or you will host in a single vm docker instance

@Jims-Garage 11 ай бұрын

I originally had a Docker VM with all my containers. This is good for security (doesn't use the host's kernel), and portability. I now Kubernetes, with an 8 VM cluster split across 2 physical Proxmox nodes. I also have a HA Sophos XG firewall so if a physical node fails, my services remain up. I'll come onto this setup later in my video series.

@Sfeclicel 9 ай бұрын

Why you use a docker image for a separate db when synapse by default uses sqlite?

@Jims-Garage 9 ай бұрын

Choose whatever suits, but an external database is better (more performant) for larger servers. Sqlite becomes very slow as it increases in size (it's usually used for testing purposes).

@LavaCreeperPeople 6 ай бұрын

I see

@potorrero 10 ай бұрын

Oh it would a killer feature if it accepted authentication with google accounts.

@Jims-Garage 10 ай бұрын

It does via OpenID: github.com/matrix-org/synapse/blob/develop/docs/openid.md

@syotos8643 11 ай бұрын

How do manage user and passwords in .yaml files? Do you leave them in there or do you just remove them after you have ran it?

@Jims-Garage 11 ай бұрын

The "proper" way is to use an .env file that you reference in the compose file. See here: docs.docker.com/compose/use-secrets/#:~:text=Getting%20a%20secret%20into%20a,on%20a%20per%2Dservice%20basis.

@finebrian2247 9 ай бұрын

What about the plain text password in the home server.yaml file?

@Taylor-ys2vh 2 ай бұрын

Did I miss something? I changed the password and all I get are password authorization problems, my user is unable to authenticate.

@RiffyDevine 2 ай бұрын

You don't happen to plan to do a video on how to set up a turn server for getting voip/video working on this do you?

@Jims-Garage 2 ай бұрын

It's on the list but a little way down. There are instructions on the GitHub if you're looking to do it sooner.

@brayd1778 5 ай бұрын

Synapse up and running including working federation. I couldn't join your room though and your server URL is getting errors on Federation Tester.

@Jims-Garage 5 ай бұрын

Great job getting it working. Sadly I had to close it due to abuse. Perhaps in the future :)

@brayd1778 5 ай бұрын

@@Jims-Garage ah sad! Maybe a tip: There's a bot called Draupnir that can be set up on a server to be able to moderate it better. Set this up for mine, too. Very handy! But of course involves still some time for moderation even though it is much quicker than per hand

@SireSquish 4 ай бұрын

24:40 - it looks like you might have a couple of mistakes in the homeserver.yaml user: synapse-db -- should be synapse_user ? the line cp_max:1log_con.... -- seems to be missing a line break after cp_max: 10, and seems to have the zero lopped off. Much docker logs -f ing ensued.

@Jims-Garage 4 ай бұрын

Thanks. Always check the GitHub for latest versions and fixes.

@SireSquish 4 ай бұрын

@@Jims-GarageBTW - do you have a guide on using tokens for authentication, instead of using anything google?

@maselitoamazigh1385 4 ай бұрын

is this more secure than briar ?

@chrisarmstrong2721 11 ай бұрын

How does this compare to Jami?

@Jims-Garage 11 ай бұрын

I don't know a great deal about Jami, other than it shares similar features and mission statement. Adoption of matrix synapse is significantly larger, hence why I chose it. Adoption of new platforms (matrix is 9 years old) is always challenging, and larger populations often triumph.

@sosoh329 3 ай бұрын

Hi, great video, can I just let my friends and I use my home server or can anyone use it?

@Jims-Garage 3 ай бұрын

You can create private rooms etc and disable registration

@sosoh329 3 ай бұрын

@@Jims-Garage thank you for the quick reply, much faster than many youtubers who don't respond at all! Can I still make sure they are the only ones with accounts and no on else can accses it?

@Jims-Garage 3 ай бұрын

@@sosoh329 yes, check this out: matrix.org/blog/2019/11/09/avoiding-unwelcome-visitors-on-private-matrix-servers/

@Jims-Garage 3 ай бұрын

@@sosoh329 you can also put it behind a VPN

@sosoh329 3 ай бұрын

@@Jims-Garage Thank you!

@realjoecast 4 ай бұрын

don't use biometrics for access to your mobile devices especially. you are defeating (some of) the purpose of using e2e encryption. if one of you are using biometrics your conversation is vulnerable to your friend having a late night out.. passing out and someone unlocking the phone. worse.. if an officer asks you to unlock your phone.. and you refuse they'll 'accidentally' point it at your face.. so physical privacy with bio metrics is horrible.

@Jims-Garage 4 ай бұрын

From a purist perspective you're right, but most will lean on the other side of the security productivity scale. Besides, there are probably back doors in the OS anyway 😂

@realjoecast 4 ай бұрын

@@Jims-Garagethere are, but you don't want your girl friend grabbing your phone while you are sleeping, pointing the phone at you to unlock it and then sees your conversations with your wife.... i mean you may deserve it... or maybe enjoy it depending on how they take the news but no reason to make it easier. worse, someone knocks you out on the street to mug you find your wallet empty... put your thumb on your phone then drain your paypal account (or whatever). the average police department won't have access to those back doors... they can just ask amazon, amazon will share your data with anyone who asks haha 🙂 three letter agencies have access, especially if you don't fall into their political circle This is why you should just buy a phone from main land china. At least you know that they're stealing your data and probably not sharing it with the US government. Yeah what ever works for the user.. but the important part is that they know that any bio-metrics are a bad idea then decide what they want to do...