RamNode logo
    Sign UpLogin
    Secure Communication Guide

    Deploy Matrix/Element

    Matrix is an open standard for real-time, decentralized communication with end-to-end encryption. Element is the flagship client application. Self-host your own secure communication platform on RamNode's reliable VPS hosting.

    End-to-End Encryption
    Federation
    Voice & Video
    Data Sovereignty
    1

    Prerequisites

    RamNode VPS Requirements

    ComponentMinimumRecommended
    CPU1 vCPU2+ vCPUs
    RAM2 GB4+ GB
    Storage20 GB SSD50+ GB
    OSUbuntu 22.04Ubuntu 24.04

    DNS Requirements

    • A record: matrix.yourdomain.com → VPS IP
    • A record: element.yourdomain.com → VPS IP
    • Optional: SRV record for federation delegation
    2

    System Preparation

    Update system packages
    sudo apt update && sudo apt upgrade -y
sudo apt install -y curl wget gnupg lsb-release apt-transport-https ca-certificates
    Configure firewall
    sudo ufw allow 22/tcp       # SSH
sudo ufw allow 80/tcp       # HTTP (for Let's Encrypt)
sudo ufw allow 443/tcp      # HTTPS
sudo ufw allow 8448/tcp     # Matrix federation
sudo ufw enable
    3

    Install PostgreSQL

    Install PostgreSQL
    sudo apt install -y postgresql postgresql-contrib
sudo systemctl start postgresql
sudo systemctl enable postgresql
    Create Synapse database
    sudo -u postgres psql << EOF
CREATE USER synapse_user WITH PASSWORD 'your_secure_password_here';
CREATE DATABASE synapse ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER synapse_user;
EOF

    Important: Replace 'your_secure_password_here' with a strong, unique password. Store this securely.

    4

    Install Matrix Synapse

    Add Matrix repository
    sudo wget -O /usr/share/keyrings/matrix-org-archive-keyring.gpg \
  https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg

echo "deb [signed-by=/usr/share/keyrings/matrix-org-archive-keyring.gpg] \
  https://packages.matrix.org/debian/ $(lsb_release -cs) main" | \
  sudo tee /etc/apt/sources.list.d/matrix-org.list

sudo apt update
    Install Synapse
    sudo apt install -y matrix-synapse-py3

    During installation, enter your domain (e.g., yourdomain.com) when prompted. This cannot be changed later.

    Configure Synapse

    Edit /etc/matrix-synapse/homeserver.yaml
    server_name: "yourdomain.com"

listeners:
  - port: 8008
    tls: false
    type: http
    x_forwarded: true
    bind_addresses: ['127.0.0.1']
    resources:
      - names: [client, federation]
        compress: false

database:
  name: psycopg2
  args:
    user: synapse_user
    password: "your_secure_password_here"
    database: synapse
    host: localhost
    cp_min: 5

enable_registration: false
enable_registration_without_verification: false
federation_domain_whitelist: []
media_store_path: /var/lib/matrix-synapse/media
max_upload_size: 50M
url_preview_enabled: true
log_config: "/etc/matrix-synapse/log.yaml"
    5

    Configure Nginx Reverse Proxy

    Install Nginx and Certbot
    sudo apt install -y nginx certbot python3-certbot-nginx
    Matrix Nginx config
    # /etc/nginx/sites-available/matrix
server {
    listen 80;
    listen [::]:80;
    server_name matrix.yourdomain.com;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    listen 8448 ssl http2;
    listen [::]:8448 ssl http2;

    server_name matrix.yourdomain.com;

    ssl_certificate /etc/letsencrypt/live/matrix.yourdomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/matrix.yourdomain.com/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;

    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

    client_max_body_size 50M;

    location /.well-known/matrix/client {
        return 200 '{"m.homeserver":{"base_url":"https://matrix.yourdomain.com"}}';
        default_type application/json;
    }

    location /.well-known/matrix/server {
        return 200 '{"m.server":"matrix.yourdomain.com:443"}';
        default_type application/json;
    }

    location ~ ^(/_matrix|/_synapse/client) {
        proxy_pass http://127.0.0.1:8008;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $host;
        proxy_read_timeout 600s;
    }
}
    Obtain SSL certificate
    sudo certbot certonly --webroot -w /var/www/html \
  -d matrix.yourdomain.com --non-interactive --agree-tos \
  -m admin@yourdomain.com

sudo ln -s /etc/nginx/sites-available/matrix /etc/nginx/sites-enabled/
sudo nginx -t && sudo systemctl reload nginx
    6

    Deploy Element Web Client

    Download Element Web
    sudo mkdir -p /var/www/element

ELEMENT_VERSION=$(curl -s https://api.github.com/repos/element-hq/element-web/releases/latest | \
  grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/')
echo "Installing Element Web version: $ELEMENT_VERSION"

cd /tmp
wget "https://github.com/element-hq/element-web/releases/download/v${ELEMENT_VERSION}/element-v${ELEMENT_VERSION}.tar.gz"
tar -xzf "element-v${ELEMENT_VERSION}.tar.gz"
sudo cp -r "element-v${ELEMENT_VERSION}"/* /var/www/element/
sudo chown -R www-data:www-data /var/www/element
    Configure Element (/var/www/element/config.json)
    {
  "default_server_config": {
    "m.homeserver": {
      "base_url": "https://matrix.yourdomain.com",
      "server_name": "yourdomain.com"
    },
    "m.identity_server": {
      "base_url": "https://vector.im"
    }
  },
  "disable_custom_urls": false,
  "disable_guests": true,
  "brand": "Element",
  "default_country_code": "US",
  "show_labs_settings": true,
  "default_theme": "light"
}
    Element Nginx config
    # /etc/nginx/sites-available/element
server {
    listen 80;
    server_name element.yourdomain.com;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name element.yourdomain.com;
    root /var/www/element;
    index index.html;

    ssl_certificate /etc/letsencrypt/live/element.yourdomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/element.yourdomain.com/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;

    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

    location / {
        try_files $uri $uri/ /index.html;
    }

    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2)$ {
        expires 30d;
        add_header Cache-Control "public, immutable";
    }
}
    Enable Element site
    sudo certbot certonly --webroot -w /var/www/html \
  -d element.yourdomain.com --non-interactive --agree-tos \
  -m admin@yourdomain.com

sudo ln -s /etc/nginx/sites-available/element /etc/nginx/sites-enabled/
sudo nginx -t && sudo systemctl reload nginx
    7

    Start and Verify Services

    Start Matrix Synapse
    sudo systemctl start matrix-synapse
sudo systemctl enable matrix-synapse
sudo systemctl status matrix-synapse

# View logs if needed
sudo journalctl -u matrix-synapse -f
    Create admin user
    sudo register_new_matrix_user -c /etc/matrix-synapse/homeserver.yaml http://localhost:8008

# Follow prompts:
# - Enter username (e.g., admin)
# - Enter password
# - Confirm password
# - Make admin? yes
    8

    Verify Federation

    Test federation endpoints
    # Test client endpoint
curl https://matrix.yourdomain.com/.well-known/matrix/client

# Test server endpoint
curl https://matrix.yourdomain.com/.well-known/matrix/server

# Use Matrix Federation Tester
# Visit: https://federationtester.matrix.org/

    Your Matrix homeserver can now federate with the global Matrix network, allowing you to communicate with users on other servers.

    Matrix/Element Deployed Successfully!

    Your self-hosted secure communication platform is now running. Access Element at your configured domain and enjoy end-to-end encrypted messaging, voice, and video calls.