A complete, production-ready Matrix server stack with modern authentication and web client.
- Synapse - Matrix homeserver
- Matrix Authentication Service (MAS) - Modern OIDC-based authentication
- Element Web - Web client interface
- Element Admin - Admin dashboard
- PostgreSQL - Database backend
- Caddy - Reverse proxy with automatic HTTPS
- Clean template-based configuration
- Optional upstream OIDC integration (Authelia, Keycloak, etc.)
- Separate or combined deployment options
- Comprehensive documentation
- Production-ready security defaults
-
Copy templates and configure:
cp templates/docker-compose.yml . cp templates/.env.template .env cp templates/homeserver.yaml synapse/config/ cp templates/mas-config.yaml mas/config/ cp templates/element-config.json element/config/ -
Follow the setup guide:
See SETUP.md for complete step-by-step instructions including:
- Secret generation
- Configuration placeholders
- DNS setup
- Reverse proxy configuration
- First user creation
- Troubleshooting
-
Start the stack:
docker compose up -d
Internet (HTTPS)
↓
Caddy Reverse Proxy
↓
┌─────────────────────────────────────────┐
│ Matrix Stack │
│ ┌──────────┬──────────┬──────────┐ │
│ │ Element │ Synapse │ MAS │ │
│ │ Web │ :8008 │ :8080 │ │
│ └──────────┴─────┬────┴─────┬────┘ │
│ │ │ │
│ ┌────▼──────────▼────┐ │
│ │ PostgreSQL │ │
│ └────────────────────┘ │
└─────────────────────────────────────────┘
- SETUP.md - Complete setup guide with all configuration details
- templates/ - Clean configuration templates for all services
- Built-in authentication via Matrix Authentication Service
- User accounts managed within Matrix
- Simpler setup, fewer dependencies
- Integrate with existing identity providers (Authelia, Keycloak, etc.)
- Centralized authentication across services
- Single Sign-On (SSO) support
See SETUP.md Step 5 for OIDC configuration.
The templates/ directory contains:
docker-compose.yml- Service orchestration.env.template- Environment variables with secret generation guidancehomeserver.yaml- Synapse configurationmas-config.yaml- MAS configuration with optional OIDCelement-config.json- Element Web client configurationCaddyfile- Reverse proxy configurationauthelia-client.yml- Example OIDC client config for Authelia
All templates use {{PLACEHOLDER}} format for easy find-and-replace.
Run everything (Matrix + Caddy) on one machine.
- Matrix stack on dedicated server
- Caddy reverse proxy on separate edge server
- Optional: Authelia on separate authentication server
See SETUP.md Step 7 for details.
- Docker and Docker Compose
- Domain name with DNS configured
- Ports 80, 443 accessible (for HTTPS/certificates)
# Check service status
docker compose ps
# View logs
docker compose logs -f
# Restart services
docker compose restart
# Stop all services
docker compose down
# Update images
docker compose pull
docker compose up -d- HTTPS enforced via Caddy with automatic Let's Encrypt certificates
- Strong secret generation required (see SETUP.md Step 2)
- Database passwords must be synchronized across configs
- Admin interface access should be restricted by IP
See SETUP.md for security considerations and hardening.
Essential data directories:
postgres/data/ - Database
synapse/data/ - Synapse media and state
mas/data/ - MAS sessions
.env - Secrets and configuration
Backup command:
tar -czf matrix-backup-$(date +%Y%m%d).tar.gz \
postgres/data \
synapse/data \
mas/data \
.env- Matrix Synapse: https://github.com/element-hq/synapse
- MAS: https://github.com/element-hq/matrix-authentication-service
- Element Web: https://github.com/element-hq/element-web
- Setup Issues: See SETUP.md Troubleshooting section
This setup uses the following open-source components:
- Matrix Synapse: Apache 2.0
- Matrix Authentication Service: Apache 2.0
- Element Web: Apache 2.0
- PostgreSQL: PostgreSQL License
- Caddy: Apache 2.0