Introduction

Matrix is an instant messaging platform that provides:

  • Instant messaging between users.
  • Group messages.
  • File transfers.
  • Images, emoticons, etc.

The most popular Matrix server is Synapse. Synapse is not part of Enswitch, but it can be configured to use Enswitch for authentication, allowing you to provide instant messaging services to your users using their Enswitch username and password.

Configuring integration between Synapse and Enswitch

  • Install Synapse. You can find an installation manual on the matrix-synapse website.
  • Configure Synapse to be accessible from the internet, either directly or using a reverse web proxy.
  • Set Synapse to authenticate from Enswitch using a custom auth provider module. Link this to the matrix-synapse path:
    • ln -s /opt/enswitch/current/contrib/matrix-synapse/enswitch_auth_provider.py /opt/venvs/matrix-synapse/lib/python3.6/site-packages/
  • In /etc/matrix-synapse/homeserver.yaml, disable local password checking and enable the Enswitch auth provider module:
    password_config:
	localdb_enabled: false

password_providers:
	- module: "enswitch_auth_provider.EnswitchAuthProvider"
		config:
		endpoint: "http://127.0.0.1/api/matrix-synapse/password/index.pl"
  • Restart the matrix-synapse server:
    • systemctl restart matrix-synapse
  • Check you can open https://<IP address>/ from a web browser.
  • Test with any Matrix client, such as Element, using your Enswitch web interface username and password.

Reverse proxy sample configurations

The Synapse server listens for HTTP or HTTPS requests on localhost port 8008 by default. If you wish to use a reverse proxy to make it accessible from the internet, here are some sample configurations. Since Synapse is not part of Enswitch, these configurations are samples only and are unsupported.

Example configuration for Apache. The mod_proxy and mod_proxy_http modules are required:

<VirtualHost *>
	ServerName <DOMAIN.NAME>

	ProxyRequests Off
	<Proxy *>
		Order deny,allow
		Allow from all
	</Proxy>

	ProxyPass / http://<IP>:8008/
	ProxyPassReverse / http://<IP>:8008/
	<Location />
		Order allow,deny
		Allow from all
	</Location>
</VirtualHost>

Example configuration for nginx:

server {
	listen       80;
	listen       443 ssl;
	ssl_certificate /path/to/cert.pem;
	ssl_certificate_key /path/to/cert.key;

	server_name  <DOMAIN.NAME>;
	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	location / {
		proxy_set_header Host $host;
		proxy_set_header X-Forwarded-For $remote_addr;
		proxy_pass http://<IP>:8008;
	}
}

Copyright © Integrics Ltd., all rights reserved. Permission is granted for Enswitch partners, customers, and their resellers to copy the contents of this page into their own documentation and redistribute this to their customers.