Frequently Asked Questions

Why are .well-known redirects on the base domain important?

The /.well-known/matrix/server file serves a crucial role in making your Matrix usernames appear as @someone:your-server.com instead of @someone:matrix.your-server.com. We typically host your Matrix server on a subdomain, like matrix.your-server.com, which results in full usernames including the matrix. prefix. To change this, you need to configure redirections using /.well-known/matrix/* files on your base domain. These redirects are essential to ensure your Matrix server at matrix.your-server.com is responsible for serving Matrix on the base domain your-server.com. Setting up these redirects allows for shorter, more user-friendly usernames and keeps your base domain available for other purposes, such as hosting a website. It’s a similar concept to email services, where you might have an email server at mail.your-server.com, but you prefer mailbox addresses like someone@your-server.com.

Here is the full list of redirects you need to configure (assuming your base domain is your-server.com):

  • your-server.com/.well-known/matrix/server -> matrix.your-server.com/.well-known/matrix/server
  • your-server.com/.well-known/matrix/client -> matrix.your-server.com/.well-known/matrix/client
  • your-server.com/.well-known/matrix/support -> matrix.your-server.com/.well-known/matrix/support

If you are unable or unwilling to configure these /.well-known/matrix/* redirects on your base domain, we can set up your server exclusively on matrix.your-server.com. In this case, usernames will be longer, such as @someone:matrix.your-server.com. Please indicate your preference during the order discussion.

What are the base Matrix components installed on the server?

We offer a lot of optional Matrix bridges , bots and extra services , but all Matrix servers come installed with a set of core Matrix components:

  • the Synapse Matrix homeserver software. At this moment, this is the most complete and compatible homeserver implementation. We currently do not offer alternative homeserver software like Conduit , Construct or Dendrite .

  • the matrix-synapse-shared-secret-auth module for Synapse, which assists various bridges and bots with authentication

  • the synapse_auto_compressor tool, which runs in the background and periodically compresses the database for the Synapse homeserver, so that it runs optimally.

  • the sliding-sync software which assists next-generation clients like Element X in talking to the homeserver in an optimized manner. In the future, it’s expected that the homeserver itself (e.g. Synapse) will handle these tasks, but for now a separate component is necessary.

  • the Synapse-Admin web UI tool for homeserver management

  • the Coturn TURN server, to assist audio/video calls

  • a PostgreSQL database server, storing the data for Synapse and other services

  • (only for Bring-your-own-server types of orders), the docker-postgres-backup-local software which makes periodic local backups of your PostgreSQL database - we store 7 daily database dumps by default. For Turnkey orders (hosted on Hetzner Cloud VPS servers rented by us), we do not enable local Postgres database dumps, because we enable Hetzner’s server backups feature , which stores the last 7 daily full-disk snapshots.

  • optionally, the Element web application for chatting on your Matrix server, but we also support some alternative client applications like Cinny and SchildiChat . Regardless of the web application we may install on your server, you can connect to your server via any compatible Matrix client application on any platform.

  • a Traefik reverse-proxy server, which obtains free Let’s Encrypt SSL certificates for all domains used in your setup

  • a Prometheus Node Exporter agent for basic monitoring and alerting. Metrics data is collected by our own external Prometheus systems which also does alerting. In the event of trouble, alerts go out to us and to you via email and Matrix.

What ports should be open?

Matrix server components require various ports for operation. The mandatory ports for the base components of the Matrix stack are as follows:

  • 22/tcp - SSH
  • 80/tcp - HTTP
  • 443/tcp - HTTPS
  • 8448/tcp - Matrix Federation (also mandatory for etke.cc/scheduler )
  • 3478/tcp+udp - TURN (for audio/video calls)
  • 5349/tcp+udp - TURN (for audio/video calls)
  • 49152-49573/udp (port range) - TURN (for audio/video calls)

Jitsi:

These ports are required only if you want to install Jitsi on your server:

  • 4443/tcp
  • 10000/udp

Email bridge:

These ports are required only if you want to install Postmoogle on your server:

  • 25/tcp
  • 587/tcp

IRC bridge:

These ports are required only if you want to install Heisenbridge on your server:

  • 113/tcp

WireGuard + dnsmasq:

These ports are required only if you want WireGuard and/or dnsmasq installed on your server:

  • 51820/udp
  • 53/tcp+udp

Can I have multiple administrator accounts on my server?

Yes, you can have multiple administrator accounts on your Matrix server. However, there are some important details to consider:

  1. Matrix Homeserver Administration: By default, our order form on the website configures a single administrator user account. This user has full access to the synapse-admin tool and various administration APIs of your Matrix server. You can create additional Matrix administrator accounts using the synapse-admin tool without needing to contact us.
  2. etke.cc Service Management: To manage your server using our scheduler bot for maintenance scheduling and other commands, you need to prepare Matrix accounts for additional administrators. You can create these accounts (e.g., using synapse-admin ) and provide us with their Matrix IDs (e.g., @someone:YOUR_SERVER). We will grant them access to the bot. These accounts must be on your server’s domain and not on other Matrix servers across federation.
  3. Matrix Bridge Administration: If you require additional administrators for your Matrix bridges, whether on your server or other servers, provide us with their Matrix IDs (e.g., @someone:YOUR_SERVER or @someone:ANOTHER_SERVER). We will grant them administrator access to your bridges.

Can I change the registration (sign-up) flow?

By default, we configure invite-based registration on all servers we set up. Enabling completely open registration is generally not recommended due to potential spam and abuse.

Check the supported registration types for your Matrix server below.

(Default) Invite-Based Registration

The Matrix protocol supports Token-authenticated registration . This means registration is closed by default, allowing only those with a valid invite token to register. Admins can issue invite tokens using the synapse-admin tool, and each token can be configured for multiple registrations with various options, including expiration dates.

Closed Registration

Closed registration is similar to invite-based registration . Admins can still manually register users using the synapse-admin tool, but users cannot register themselves with invitation tokens.

Open Registration

Completely open registration allows anyone on the internet to register on your server without restrictions. However, this can lead to spam and abuse. To enhance security, you can enable mandatory email verification, ensuring users confirm their email addresses. An SMTP relay is recommended for this setup to prevent emails from landing in spam.

Single Sign-On (SSO)

You can use Single Sign-On (SSO) with an OpenID Connect provider to allow registration for specific groups of people. SSO can work alongside other registration types, including invite-based , closed registration , or open registration with or without domain restrictions. For instance, you can link your Matrix server to a provider like Google Workspace for one-click registration for your users while restricting access for others.

My newly-installed server joins new rooms slowly

Newly set up Matrix servers lack knowledge about other servers. When you join a room over federation, your server contacts other servers and retrieves data about the room and its members. This process can be slow, especially in larger rooms, as each step involves rate limiting and potential network issues. Over time, your server builds a network of federated servers, and room joins become faster. Be patient, and room joins will improve with time.

Bridge bot doesn’t respond

If your bridge bot isn’t responding, there are two common issues to check:

  1. Wrong Bridge MXID: Ensure you’re contacting the correct bridge bot associated with your server. Make sure to use the correct Matrix IDs, which are listed in your onboarding materials or bridge documentation pages .

  2. Encrypted Room: We typically set up bridges with encryption support disabled as it can be unstable. Some client apps may automatically create encrypted rooms when trying to chat with a bridge bot. To avoid this, create a new room and disable encryption. Then invite the bridge bot to the room

If you encounter other issues, please refer to our additional documentation resources.


Don't have a Matrix server yet?

Step into the Matrix with your very own server! Whether it's an old laptop or a sleek VPS, we specialize in hosting, setup, and maintenance. No server? No problem! We offer affordable hosting options. Elevate your communication game with a Matrix server tailored just for you. Let's build your Matrix haven together!