📋 项目概述
目标:在Ubuntu桌面环境下,使用腾讯云域名+DDNS搭建可迁移的Matrix家庭服务器
🏗️ 环境准备
系统要求
- 操作系统:Ubuntu 22.04/24.04 Desktop
- 内存:≥4GB(推荐8GB)
- 存储:≥50GB可用空间
- 网络:家庭宽带(有公网IP)或可申请动态公网IP
域名准备
- 腾讯云注册的域名(如:
your-domain.com) - 域名已实名认证
- 确保DNS服务器为腾讯云DNSPod
🔑 第一步:获取腾讯云API密钥
1. 登录腾讯云控制台
~~
访问:https://console.cloud.tencent.com/cam/capi
~~
2. 创建API密钥
- 点击「访问密钥」→「API密钥管理」
- 点击「新建密钥」
- 关键设置 :
- 选择「子用户」
- 用户名:
matrix-ddns-user - 访问方式:编程访问
- 策略:搜索并勾选
QcloudDNSPodFullAccess
- 保存并记录:
- SecretId :
AKIDxxxxxxxxxxxxxxxxxxxxxxxxxxxx - SecretKey :
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
- SecretId :
🖥️ 第二步:Ubuntu系统初始化
1. 系统更新
~~
更新系统
sudo apt update && sudo apt upgrade -y
安装基础工具
sudo apt install -y curl wget git vim jq net-tools htop
~~
2. 配置时区
~~
sudo timedatectl set-timezone Asia/Shanghai
~~
3. 检查网络
~~
查看当前IP
curl http://ip.3322.net
检查是否有公网IP
测试域名解析
nslookup your-domain.com
~~
📡 第三步:安装和配置DDNS服务
1. 创建DDNS工作目录
~~
sudo mkdir -p /opt/matrix-ddns/{config,scripts,logs,backup}
sudo chown -R USER:USER:USER:USER /opt/matrix-ddns
cd /opt/matrix-ddns
~~
2. 安装腾讯云CLI工具
~~
安装Python3和pip
sudo apt install -y python3 python3-pip
Ubuntu 24.04 需要创建虚拟环境
python3 -m venv /opt/matrix-ddns/venv
source /opt/matrix-ddns/venv/bin/activate
安装腾讯云CLI(使用国内镜像)
pip install tccli -i https://mirrors.aliyun.com/pypi/simple/
配置CLI
tccli configure
或分步配置:
tccli configure set secretId 你的SecretId
tccli configure set secretKey 你的SecretKey
tccli configure set region ap-guangzhou
tccli configure set output json
退出虚拟环境
deactivate
~~
3. 创建DDNS脚本
~~
nano /opt/matrix-ddns/scripts/ddns-update.sh
~~
脚本内容:
~~
#!/bin/bash
Matrix服务器专用DDNS更新脚本
激活虚拟环境(确保tccli可用)
source /opt/matrix-ddns/venv/bin/activate
配置文件
CONFIG_FILE="/opt/matrix-ddns/config/ddns-config.json"
LOG_FILE="/opt/matrix-ddns/logs/ddns-$(date +%Y%m%d).log"
STATE_FILE="/opt/matrix-ddns/state/current-ip.txt"
加载配置
SECRET_ID=(jq -r '.secret_id' CONFIGFILE)SECRETKEY=CONFIG_FILE) SECRET_KEY=CONFIGFILE)SECRETKEY=(jq -r '.secret_key' CONFIGFILE)DOMAIN=CONFIG_FILE) DOMAIN=CONFIGFILE)DOMAIN=(jq -r '.domain' CONFIGFILE)SUBDOMAIN=CONFIG_FILE) SUBDOMAIN=CONFIGFILE)SUBDOMAIN=(jq -r '.subdomain' CONFIG_FILE)
TTL=600 # 腾讯云最低TTL
设置腾讯云环境变量
export TENCENTCLOUD_SECRET_ID=SECRETIDexportTENCENTCLOUDSECRETKEY=SECRET_ID export TENCENTCLOUD_SECRET_KEY=SECRETIDexportTENCENTCLOUDSECRETKEY=SECRET_KEY
日志函数
log() {
echo "[(date '+%Y-%m-%d %H:%M:%S')\] 1" | tee -a $LOG_FILE
}
获取公网IP(多源验证)
get_public_ip() {
local ip_sources=(
"https://api.ipify.org?format=text"
)
for source in "${ip_sources[@]}"; do
local ip=$(curl -s --connect-timeout 5 $source)
if [[ $ip =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
log "从 $source 获取到IP: $ip"
echo $ip
return 0
fi
done
log "错误:无法从任何源获取公网IP"
echo ""}
获取DNS记录ID
get_record_id() {
local record_info=$(tccli dnspod DescribeRecordList
--Domain $DOMAIN
--Subdomain $SUBDOMAIN 2>/dev/null)
if [ $? -eq 0 ]; then
local record_id=$(echo $record_info | jq -r '.RecordList[0].RecordId // empty')
echo $record_id
else
echo ""
fi}
创建DNS记录
create_dns_record() {
local ip=$1
log "创建DNS记录: SUBDOMAIN.SUBDOMAIN.SUBDOMAIN.DOMAIN -> $ip"
tccli dnspod CreateRecord \
--Domain $DOMAIN \
--SubDomain $SUBDOMAIN \
--RecordType A \
--Value $ip \
--RecordLine "默认" \
--TTL $TTL 2>&1 | tee -a $LOG_FILE}
更新DNS记录
update_dns_record() {
local record_id=$1
local ip=$2
log "更新DNS记录(ID: $record_id): $SUBDOMAIN.$DOMAIN -> $ip"
tccli dnspod ModifyRecord \
--Domain $DOMAIN \
--RecordId $record_id \
--SubDomain $SUBDOMAIN \
--RecordType A \
--Value $ip \
--RecordLine "默认" \
--TTL $TTL 2>&1 | tee -a $LOG_FILE}
主函数
main() {
log "开始DDNS检查..."
# 获取当前公网IP
CURRENT_IP=$(get_public_ip)
if [ -z "$CURRENT_IP" ]; then
log "无法获取公网IP,退出"
exit 1
fi
# 读取上次记录的IP
if [ -f "$STATE_FILE" ]; then
LAST_IP=$(cat $STATE_FILE)
else
LAST_IP=""
touch $STATE_FILE
fi
# 检查IP是否变化
if [ "$CURRENT_IP" != "$LAST_IP" ]; then
log "检测到IP变化: $LAST_IP -> $CURRENT_IP"
# 获取现有记录ID
RECORD_ID=$(get_record_id)
if [ -z "$RECORD_ID" ]; then
# 记录不存在,创建新记录
create_dns_record "$CURRENT_IP"
else
# 记录存在,更新记录
update_dns_record "$RECORD_ID" "$CURRENT_IP"
fi
# 更新状态文件
echo "$CURRENT_IP" > $STATE_FILE
log "DNS记录更新完成"
# 执行IP变化后的处理脚本
if [ -f "/opt/matrix-ddns/scripts/on-ip-change.sh" ]; then
/opt/matrix-ddns/scripts/on-ip-change.sh "$LAST_IP" "$CURRENT_IP"
fi
else
log "IP未变化: $CURRENT_IP"
fi
log "DDNS检查完成"}
执行主函数
main
退出虚拟环境
deactivate
~~
4. 创建配置文件
~~
nano /opt/matrix-ddns/config/ddns-config.json
~~
~~
{
"secret_id": "你的SecretId",
"secret_key": "你的SecretKey",
"domain": "your-domain.com",
"subdomain": "ddns",
"check_interval": 300,
"enable_email_notify": false,
"email": "your-email@example.com"
}
~~
5. 设置脚本权限
~~
chmod +x /opt/matrix-ddns/scripts/ddns-update.sh
chmod 600 /opt/matrix-ddns/config/ddns-config.json
~~
6. 创建IP变化处理脚本
~~
nano /opt/matrix-ddns/scripts/on-ip-change.sh
~~
~~
#!/bin/bash
IP变化时的处理脚本
OLD_IP=$1
NEW_IP=$2
LOG_FILE="/opt/matrix-ddns/logs/ip-change.log"
echo "[(date '+%Y-%m-%d %H:%M:%S')\] IP变化: OLD_IP -> NEW_IP" \>\> LOG_FILE
可以在这里添加:
1. 重启相关服务
2. 发送通知
3. 更新防火墙规则
示例:发送邮件通知(需要配置邮件服务)
echo "Matrix服务器IP已更新为: $NEW_IP" | mail -s "DDNS IP更新通知" your-email@example.com
示例:重启Nginx(如果需要)
systemctl restart nginx
~~
🚀 第四步:安装和配置Matrix服务器
1. 添加Matrix仓库
~~
下载Matrix GPG密钥(如果官方源无法访问,可以从GitHub下载)
sudo wget -O /usr/share/keyrings/matrix-org-keyring.gpg https://github.com/matrix-org/packages.matrix.org/raw/master/debian/matrix-org-keyring.gpg
添加Matrix软件源
echo "deb [signed-by=/usr/share/keyrings/matrix-org-keyring.gpg] https://packages.matrix.org/debian/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/matrix-org.list
如果官方源无法访问,可能需要等待或使用替代方案
更新包列表(可能会有警告,但可以继续)
sudo apt update
~~
2. 安装Matrix Synapse
~~
如果官方源无法访问,可以使用源码编译安装:
安装编译依赖
sudo apt install -y
build-essential
python3-dev
libffi-dev
python3-pip
python3-setuptools
sqlite3
libssl-dev
libjpeg-dev
libxslt1-dev
libpq-dev
python3-venv
创建虚拟环境
sudo mkdir -p /opt/matrix-synapse
sudo chown -R USER:USER:USER:USER /opt/matrix-synapse
cd /opt/matrix-synapse
python3 -m venv synapse-env
source /opt/matrix-synapse/synapse-env/bin/activate
使用国内PyPI源安装
pip install matrix-synapse -i https://mirrors.aliyun.com/pypi/simple/
生成配置文件
python -m synapse.app.homeserver
--server-name matrix.your-domain.com
--config-path homeserver.yaml
--generate-config
--report-stats=no
~~
3. 配置Synapse
~~
编辑配置文件
nano /opt/matrix-synapse/homeserver.yaml
~~
关键配置项:
~~
服务器名称
server_name: "your-domain.com"
必须添加统计报告设置
report_stats: false
Matrix客户端URL
public_baseurl: "https://matrix.your-domain.com"
监听地址(所有网络接口)
bind_addresses: ['0.0.0.0']
监听端口
listeners:
- port: 8008
tls: false
type: http
x_forwarded: true
resources:- names: [client, federation]
compress: false
- names: [client, federation]
数据库配置(默认SQLite,生产环境建议PostgreSQL)
database:
name: sqlite3
args:
database: /opt/matrix-synapse/homeserver.db
注册设置
enable_registration: false # 初始关闭,手动创建用户
enable_registration_without_verification: false
媒体存储
media_store_path: /opt/matrix-synapse/media_store
日志配置(可选)
log_config: "/opt/matrix-synapse/log.yaml"
~~
4. 创建systemd服务(如果使用源码安装)
~~
创建服务文件
sudo tee /etc/systemd/system/matrix-synapse.service << 'EOF'
Unit
Description=Matrix Synapse Homeserver
After=network.target
Service
Type=simple
User=$USER
WorkingDirectory=/opt/matrix-synapse
Environment="PATH=/opt/matrix-synapse/synapse-env/bin:/usr/bin"
ExecStart=/opt/matrix-synapse/synapse-env/bin/python -m synapse.app.homeserver --config-path=/opt/matrix-synapse/homeserver.yaml
Restart=always
RestartSec=10
StandardOutput=journal
StandardError=journal
Install
WantedBy=multi-user.target
EOF
重新加载systemd
sudo systemctl daemon-reload
创建管理员用户
cd /opt/matrix-synapse
source synapse-env/bin/activate
register_new_matrix_user -c homeserver.yaml http://localhost:8008
按提示输入:
New user localpart: admin
Password: 设置强密码
Make admin [yes]: yes
~~
5. 启动Synapse服务
~~
启动服务
sudo systemctl start matrix-synapse
sudo systemctl enable matrix-synapse
查看状态
sudo systemctl status matrix-synapse
查看日志
sudo journalctl -u matrix-synapse -f
~~
🌐 第五步:配置Nginx反向代理和SSL
1. 安装Nginx和Certbot
~~
sudo apt install -y nginx certbot python3-certbot-nginx
~~
2. 配置Nginx站点
~~
sudo nano /etc/nginx/sites-available/matrix
~~
Nginx配置:
~~
HTTP重定向到HTTPS
server {
listen 80;
listen [::]:80;
server_name matrix.your-domain.com chat.your-domain.com;
# ACME Challenge for Let's Encrypt
location /.well-known/acme-challenge/ {
root /var/www/html;
}
# Matrix服务发现
location /.well-known/matrix {
root /var/www/html;
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
# 重定向到HTTPS
location / {
return 301 https://$server_name$request_uri;
}}
HTTPS服务器配置
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name matrix.your-domain.com;
# SSL证书路径(稍后生成)
ssl_certificate /etc/letsencrypt/live/matrix.your-domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/matrix.your-domain.com/privkey.pem;
# SSL优化配置
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
# 根目录
root /var/www/html;
index index.html;
# 静态文件缓存
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires 1y;
add_header Cache-Control "public, immutable";
}
# Matrix客户端API
location /_matrix/client {
proxy_pass http://localhost:8008;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 600s;
}
# Matrix Federation API
location /_matrix/federation {
proxy_pass http://localhost:8008;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# 媒体文件
location /_matrix/media {
proxy_pass http://localhost:8008;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Element Web客户端
location / {
# 这里可以部署Element Web
# 或者代理到Synapse的客户端接口
proxy_pass http://localhost:8008;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}}
~~
3. 启用站点配置
~~
sudo ln -s /etc/nginx/sites-available/matrix /etc/nginx/sites-enabled/
sudo rm /etc/nginx/sites-enabled/default
测试Nginx配置
sudo nginx -t
重启Nginx
sudo systemctl restart nginx
~~
4. 创建服务发现文件
~~
sudo mkdir -p /var/www/html/.well-known/matrix
sudo nano /var/www/html/.well-known/matrix/server
~~
~~
{
"m.server": "matrix.your-domain.com:443"
}
~~
5. 获取SSL证书
~~
首先确保DNS解析已生效
然后获取证书
sudo certbot --nginx
--agree-tos
--email your-email@example.com
--no-eff-email
--redirect
测试自动续期
sudo certbot renew --dry-run
~~
⚙️ 第六步:配置系统服务和监控
1. 创建DDNS系统服务
~~
sudo nano /etc/systemd/system/matrix-ddns.service
~~
~~
Unit
Description=Matrix DDNS Update Service
After=network-online.target
Wants=network-online.target
Service
Type=simple
User=ubuntu
WorkingDirectory=/opt/matrix-ddns
Environment="PATH=/usr/bin:/usr/local/bin"
ExecStart=/opt/matrix-ddns/scripts/ddns-update.sh
Restart=on-failure
RestartSec=30
StandardOutput=append:/opt/matrix-ddns/logs/service.log
StandardError=append:/opt/matrix-ddns/logs/error.log
Install
WantedBy=multi-user.target
~~
2. 创建定时器(每5分钟运行一次)
~~
sudo nano /etc/systemd/system/matrix-ddns.timer
~~
~~
Unit
Description=Run Matrix DDNS every 5 minutes
Requires=matrix-ddns.service
Timer
OnBootSec=1min
OnUnitActiveSec=5min
AccuracySec=1s
RandomizedDelaySec=30s
Persistent=true
Install
WantedBy=timers.target
~~
3. 启用服务
~~
sudo systemctl daemon-reload
sudo systemctl enable matrix-ddns.service matrix-ddns.timer
sudo systemctl start matrix-ddns.timer
查看服务状态
sudo systemctl status matrix-ddns.timer
sudo systemctl status matrix-ddns.service
查看日志
sudo journalctl -u matrix-ddns.service -f
~~
4. 创建监控脚本
~~
nano /opt/matrix-ddns/scripts/monitor.sh
~~
~~
#!/bin/bash
Matrix服务监控脚本
LOG_FILE="/opt/matrix-ddns/logs/monitor-$(date +%Y%m%d).log"
ALERT_EMAIL="your-email@example.com"
检查服务状态
check_service() {
local service=$1
if ! systemctl is-active --quiet service;thenecho"[service; then echo "[service;thenecho"[(date '+%Y-%m-%d %H:%M:%S')] 警告: 服务 service 未运行" \>\> LOG_FILE
systemctl restart $service
return 1
fi
return 0
}
检查端口
check_port() {
local port=$1
if ! nc -z localhost KaTeX parse error: Expected 'EOF', got '&' at position 19: ...t >/dev/null 2>&̲1; then ...(date '+%Y-%m-%d %H:%M:%S')] 警告: 端口 port 未监听" \>\> LOG_FILE
return 1
fi
return 0
}
检查DNS解析
check_dns() {
local domain="matrix.your-domain.com"
local resolved_ip=$(dig +short domain@8.8.8.8)localcurrentip=domain @8.8.8.8) local current_ip=domain@8.8.8.8)localcurrentip=(curl -s http://ip.3322.net)
if [ "$resolved_ip" != "$current_ip" ]; then
echo "[$(date '+%Y-%m-d %H:%M:%S')] 警告: DNS解析不匹配" >> $LOG_FILE
echo " 解析IP: $resolved_ip" >> $LOG_FILE
echo " 当前IP: $current_ip" >> $LOG_FILE
return 1
fi
return 0}
执行检查
echo "[(date '+%Y-%m-%d %H:%M:%S')\] 开始服务检查..." \>\> LOG_FILE
检查关键服务
check_service "matrix-synapse"
check_service "nginx"
check_service "matrix-ddns.service"
检查关键端口
check_port 443
check_port 8008
检查DNS
check_dns
echo "[(date '+%Y-%m-%d %H:%M:%S')\] 服务检查完成" \>\> LOG_FILE
~~
🔧 第七步:安装Element Web客户端
1. 下载Element Web
~~
创建Element目录
sudo mkdir -p /var/www/element
cd /var/www/element
下载最新版Element
sudo wget https://github.com/vector-im/element-web/releases/latest/download/element-v$(curl -s https://api.github.com/repos/vector-im/element-web/releases/latest | jq -r '.tag_name' | cut -c2-).tar.gz
解压
sudo tar -xzf element-v*.tar.gz
sudo mv element-/ .
sudo rm -rf element-* element-v*.tar.gz
~~
2. 配置Element
~~
复制配置文件
sudo cp config.sample.json config.json
编辑配置
sudo nano config.json
~~
修改配置:
~~
{
"default_server_config": {
"m.homeserver": {
"base_url": "https://matrix.your-domain.com",
"server_name": "your-domain.com"
},
"m.identity_server": {
"base_url": "https://vector.im"
}
},
"brand": "My Matrix Server",
"integrations_ui_url": "https://scalar.vector.im/",
"integrations_rest_url": "https://scalar.vector.im/api",
"default_country_code": "CN",
"show_labs_settings": true,
"features": {
"feature_pinning": true,
"feature_latex_maths": true
}
}
~~
3. 配置Nginx支持Element
~~
sudo nano /etc/nginx/sites-available/element
~~
~~
server {
listen 443 ssl http2;
server_name chat.your-domain.com;
ssl_certificate /etc/letsencrypt/live/matrix.your-domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/matrix.your-domain.com/privkey.pem;
root /var/www/element;
index index.html;
location / {
try_files $uri $uri/ =404;
}
# 禁用缓存index.html
location = /index.html {
add_header Cache-Control "no-cache, no-store, must-revalidate";
}}
~~
~~
启用配置
sudo ln -s /etc/nginx/sites-available/element /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx
~~
📊 第八步:测试和验证
1. 测试Matrix服务
~~
测试Synapse服务(如果使用源码安装,端口可能不同)
curl http://localhost:8008/_matrix/client/versions
测试Federation
curl https://matrix.your-domain.com/.well-known/matrix/server
测试SSL证书
curl -I https://matrix.your-domain.com
测试Element Web
curl -I https://chat.your-domain.com
~~
2. 测试DDNS功能
~~
手动运行DDNS脚本
/opt/matrix-ddns/scripts/ddns-update.sh
查看DNS解析
nslookup ddns.your-domain.com
nslookup matrix.your-domain.com
dig matrix.your-domain.com +short
从外部测试
nslookup matrix.your-domain.com 8.8.8.8
~~
3. 创建测试用户
~~
通过命令行创建测试用户(如果使用源码安装)
cd /opt/matrix-synapse
source synapse-env/bin/activate
register_new_matrix_user -c homeserver.yaml http://localhost:8008
或通过管理API
curl -X POST
-H "Authorization: Bearer YOUR_ADMIN_TOKEN"
-d '{"username":"testuser", "password":"StrongPass123", "admin":false}'
https://matrix.your-domain.com/_matrix/client/r0/register
~~
🛡️ 第九步:安全加固
1. 防火墙配置
~~
安装UFW
sudo apt install -y ufw
配置规则
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow 8448/tcp # Matrix Federation端口
sudo ufw enable
查看状态
sudo ufw status verbose
~~
2. 更新和自动化安全
~~
创建自动更新脚本
sudo nano /etc/cron.weekly/auto-update.sh
~~
~~
#!/bin/bash
apt update
apt upgrade -y
apt autoremove -y
systemctl restart matrix-synapse nginx
~~
3. 备份脚本
~~
nano /opt/matrix-ddns/scripts/backup.sh
~~
~~
#!/bin/bash
Matrix服务器备份脚本
BACKUP_DIR="/opt/matrix-ddns/backup"
DATE=$(date +%Y%m%d_%H%M%S)
创建备份目录
mkdir -p BACKUPDIR/BACKUP_DIR/BACKUPDIR/DATE
备份Synapse配置和数据
sudo tar -czf BACKUPDIR/BACKUP_DIR/BACKUPDIR/DATE/matrix-synapse.tar.gz
/etc/matrix-synapse
/var/lib/matrix-synapse
备份Nginx配置
sudo tar -czf BACKUPDIR/BACKUP_DIR/BACKUPDIR/DATE/nginx.tar.gz /etc/nginx
备份DDNS配置
cp -r /opt/matrix-ddns/config BACKUPDIR/BACKUP_DIR/BACKUPDIR/DATE/
备份SSL证书
sudo tar -czf BACKUPDIR/BACKUP_DIR/BACKUPDIR/DATE/ssl.tar.gz /etc/letsencrypt
清理旧备份(保留最近30天)
find $BACKUP_DIR -type d -mtime +30 -exec rm -rf {} ;
echo "备份完成: BACKUPDIR/BACKUP_DIR/BACKUPDIR/DATE"
~~
📝 第十步:日常运维命令
服务管理命令
~~
Matrix服务
sudo systemctl status matrix-synapse
sudo systemctl restart matrix-synapse
sudo journalctl -u matrix-synapse -f
DDNS服务
sudo systemctl status matrix-ddns.service
sudo systemctl restart matrix-ddns.service
sudo journalctl -u matrix-ddns.service -f
Nginx服务
sudo systemctl status nginx
sudo nginx -t
sudo systemctl reload nginx
查看所有服务状态
sudo systemctl list-units --type=service | grep -E "(matrix|nginx)"
~~
日志查看
~~
Matrix日志
sudo tail -f /var/log/matrix-synapse/homeserver.log
DDNS日志
tail -f /opt/matrix-ddns/logs/ddns-$(date +%Y%m%d).log
Nginx日志
sudo tail -f /var/log/nginx/access.log
sudo tail -f /var/log/nginx/error.log
系统日志
sudo tail -f /var/log/syslog
~~
监控命令
~~
检查服务状态
/opt/matrix-ddns/scripts/monitor.sh
检查磁盘空间
df -h
检查内存使用
free -h
检查进程
htop
~~
🔄 第十一步:迁移到家庭宽带环境
迁移前准备
~~
1. 备份所有数据
/opt/matrix-ddns/scripts/backup.sh
2. TTL已经是600,无法再降低
3. 通知用户可能的短暂中断(最长10分钟)
4. 准备家庭宽带环境
- 申请动态公网IP(联系运营商)
- 配置路由器端口转发:
443 → 服务器内网IP:443
8448 → 服务器内网IP:8008
~~
迁移步骤
~~
1. 在新位置启动服务器
2. 恢复备份数据
sudo tar -xzf backup/matrix-synapse.tar.gz -C /
sudo tar -xzf backup/nginx.tar.gz -C /
3. 启动DDNS服务
sudo systemctl start matrix-ddns.timer
4. 验证DNS更新(由于TTL=600,可能需要等待)
watch -n 10 'dig matrix.your-domain.com +short'
5. 测试服务
curl https://matrix.your-domain.com/_matrix/client/versions
~~
📈 性能优化建议
1. 数据库优化(从SQLite迁移到PostgreSQL)
~~
安装PostgreSQL
sudo apt install -y postgresql postgresql-contrib
创建数据库和用户
sudo -u postgres psql
CREATE USER synapse WITH PASSWORD 'StrongPassword123';
CREATE DATABASE synapse OWNER synapse ENCODING 'UTF8' LC_COLLATE 'C' LC_CTYPE 'C' template=template0;
\q
修改Synapse配置
sudo nano /etc/matrix-synapse/homeserver.yaml
~~
~~
database:
name: psycopg2
args:
user: synapse
password: StrongPassword123
database: synapse
host: localhost
cp_min: 5
cp_max: 10
~~
~~
2. 启用媒体压缩
~~
在homeserver.yaml中添加
enable_media_repo: true
media_store_path: /var/lib/matrix-synapse/media
uploads_path: /var/lib/matrix-synapse/uploads
max_upload_size: "50M"
~~
3. 调整内存限制
~~
编辑Synapse服务文件
sudo nano /etc/systemd/system/matrix-synapse.service.d/override.conf
~~
~~
Service
LimitNOFILE=65535
LimitMEMLOCK=infinity
~~
~~
🚨 故障排除指南
常见问题1:DDNS不更新
~~
检查步骤:
- 查看日志:tail -f /opt/matrix-ddns/logs/ddns-*.log
- 手动运行:/opt/matrix-ddns/scripts/ddns-update.sh
- 检查API密钥:tccli dnspod DescribeDomainList
- 检查网络:curl http://ip.3322.net
- 检查DNS解析:dig ddns.your-domain.com
~~
常见问题2:Matrix服务无法连接
~~
检查步骤:
- 检查服务状态:sudo systemctl status matrix-synapse
- 检查端口监听:sudo netstat -tlnp | grep 8008
- 检查防火墙:sudo ufw status
- 检查Nginx:sudo nginx -t
- 查看错误日志:sudo journalctl -u matrix-synapse --no-pager | tail -50
- 检查report_stats配置:确保homeserver.yaml中有 report_stats: false 或 true
- 直接运行测试:cd /opt/matrix-synapse && source synapse-env/bin/activate && python -m synapse.app.homeserver --config-path homeserver.yaml
~~
常见问题3:SSL证书问题
~~
检查步骤:
- 证书是否过期:sudo certbot certificates
- 自动续期测试:sudo certbot renew --dry-run
- Nginx配置:检查ssl_certificate路径
- 证书权限:ls -la /etc/letsencrypt/live/
~~
📚 维护文档
定期维护任务
~~
每周任务:
- 检查服务状态:/opt/matrix-ddns/scripts/monitor.sh
- 清理日志:find /opt/matrix-synapse -name "*.log" -mtime +30 -delete
- 更新系统:sudo apt update && sudo apt upgrade -y
- 备份数据:/opt/matrix-ddns/scripts/backup.sh
- 更新Python包:cd /opt/matrix-synapse && source synapse-env/bin/activate && pip install --upgrade matrix-synapse
每月任务:
- 检查磁盘使用:df -h
- 检查证书有效期:sudo certbot certificates
- 重启服务:sudo systemctl restart matrix-synapse nginx
- 安全扫描:sudo apt install unattended-upgrades
- 清理Python缓存:pip cache purge
~~
应急响应流程
-
服务不可用:
- 检查DDNS日志
- 重启相关服务:sudo systemctl restart matrix-synapse nginx
- 检查网络连接
- 查看Matrix日志:sudo journalctl -u matrix-synapse --no-pager | tail -100
-
数据丢失:
- 从备份恢复
- 检查数据库状态
- 联系技术支持
-
安全事件:
- 立即断开网络
- 分析日志
- 重置密码和密钥
- 恢复干净备份
- 更新所有软件包
~~
🎯 总结
已完成部署
- ✅ 腾讯云域名 + DDNS动态解析(使用ddns二级域名)
- ✅