Question about Synapse Server completly isolated

[lunainvictum]

Hi!

First: I dont want a Matrix Account and dont want to use it. I dont accept the Data Policy from Matrix.org, so it isnt for me possible to ask for Information or Support there.

Since Months im searching for a way to host a messagingservice at my place, where i have 100% control over it. Without any connection outside to other services or servers.

I asked friends and searched online, and everybody says matrix-synapse is the way to go.

Then i dig deeper, and found out that it isnt possible to set up a matrix-synapse Server completly isolated.

I found these Issuses:
github.com//issues/6401
github.com//pull/2820
github.com//issues/2917

And no solution. Until now i use a jabber server and clients for Android. But this isnt a practicable solution for a long term use.

Is there a way or documentation how to set a server up like described? Or a another free open source project wich makes this possible?

Thanks for help & suggestions.

Sry for my bad english. Im a old german native speaker.

[clokep]

You can run a Synapse that is not federated with other servers. You can control what servers Synapse will talk to via the federation_domain_whitelist. There might be some other tweaks (as discussed in #6401 that would make this better), but it is possible to do that today.

[lunainvictum]

Thanks for your Answer.

Year like you see, i already found 6401.

But what means that:

"Setting the federation whitelist to an empty string,
Disabling the federation listener
Auditing all other cases where an outbound federation request might be made."

The first i understand i can do that with federation_domain_whitelist.
But how i disable the federation listener ?

And what means the third one?

[clokep]

Disabling the federation listener

The easiest way to do this is probably at the firewall, blocking all traffic to /_matrix/federation path.

I'd suggest asking in the #synapse:matrix.org channel to see if anyone has already done this!

[dklimpel]

You can block /_matrix/federation in your reverse proxy and do not enable federation listener.

synapse/docs/sample_config.yaml

Lines 229 to 275 in 98a64b7

	# federation: the server-server API (/_matrix/federation). Also implies
	# 'media', 'keys', 'openid'
	#
	# keys: the key discovery API (/_matrix/keys).
	#
	# media: the media API (/_matrix/media).
	#
	# metrics: the metrics interface. See docs/metrics-howto.md.
	#
	# openid: OpenID authentication.
	#
	# replication: the HTTP replication API (/_synapse/replication). See
	# docs/workers.md.
	#
	# static: static resources under synapse/static (/_matrix/static). (Mostly
	# useful for 'fallback authentication'.)
	#
	# webclient: A web client. Requires web_client_location to be set.
	#
	listeners:
	# TLS-enabled listener: for when matrix traffic is sent directly to synapse.
	#
	# Disabled by default. To enable it, uncomment the following. (Note that you
	# will also need to give Synapse a TLS key and certificate: see the TLS section
	# below.)
	#
	#- port: 8448
	# type: http
	# tls: true
	# resources:
	# - names: [client, federation]
	# Unsecure HTTP listener: for when matrix traffic passes through a reverse proxy
	# that unwraps TLS.
	#
	# If you plan to use a reverse proxy, please see
	# https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md.
	#
	- port: 8008
	tls: false
	type: http
	x_forwarded: true
	bind_addresses: ['::1', '127.0.0.1']
	resources:
	- names: [client, federation]
	compress: false