Getting Matrix Online

sealight ops nix dstory 2020-11-29 20:55

Finally taking steps in almost exactly 1 year since taking up the mantle of friend-hosting ( and I finally have a runnig matrix server that I plan to keep in production as much as I can. I worked out how to configure everything I wanted correctly by using these resources:

= It's Always DNS = I had two significantly large hurdles; DNS, NixOS + ACME. I started with an SRV Record to redirect all requests to if they were trying to reach that instance. But I couldn't quite get this to work right, and then ending up switching to an imperative step which was:

echo '{ "m.server": "" }' > /<webroot>/.well-known/matrix/server

Which removed the need for the SRV file. At this point I had a working SSL installation of NixOS 19.09 with only a synapse server running. Great first step I thought.

Or SSL for DNS

Then I had the bright idea to update to 20.09 so that I could run the Element web client instead of Riot (now rebranded). That was naive in hindsight. ACME, it's nixOS module and even perhaps the underlying software logo may have bugs that made their way into 20.09 and these bugs occur specifically when upgrading from the older ACME client. In order to fix this I had to delete the old user account and started fresh. It didn't help that I would often run into Rate Limiting due to the way the nixOS ACME module works. I had to be particularly careful when running a rebuild otherwise I'd hit the rate limit. This meant I couldn't just try random fixes and hope it worked. I really had to read the logs, come to understand what was happening and why (and in case it was a rate limit just wait 1 - 3 hours before doing anything). This was a useful experience.

These resources were especially helpful in debugging ACME issues:


Once I fixed the Let's Encrypt requests being sent, I was left with a beautiful static site hosted at, the matrix server that federates at; with all handles will be of the form, and an Element client running at that points users to create an account at my instance by default.

If I'm being honest I still don't understand all the intracacies of my own configuration. NixOS does an excellent job of abstracting away so much of the configuration troubles. I'm finally beginning to understand how to do things with this tool. However it cannot abstract away everything. I need to learn nginx configuration, and what the hell SNI, SRV and .well-known have in common that makes them able to mask the URL in handles.


I need to configure monitoring agents and plan to go with the TIG Stack Install the Slack Bridge to help my friends migrate Install the Telegram / Discord bridge to consolidate my online profile