https://matrix-community-help.codestorm.net/

I believe as of now, the databases do not diverge and hence a binary swap/container image swap is doable. If you already set up SSO logins, then I’m not sure because Continuwuity doesn’t support that yet.

Please re-ask the question with the folks in #continuwuity:continuwuity.org to be extra sure before doing anything. Oh and without saying, do clone and backup the data paths for easy reverts later

Matrix bridges or XMPP gateways (like Slidge) would help.

Not sure how you’d tie them to tasks though. For Matrix, maybe you can set up a private room, and create a thread-based issue tracker with reference to your other chats’ message IDs.

It’s claimed to be official. But I went with https://continuwuity.org/ since it seemed to have a more active community. Plus ever since then, the core maintainer of Tuwunel has been making threats against Continuwuity including personal attacks, and seems to be quite unpleasant to deal with in general. There’s also been a thread about it here. So I honestly lost all taste to reconsider.

For Matrix consider Continuwuity instead of Synapse if you want something easier to maintain. You’ll also want to set up Element Call (i.e. the “new” calling stack) for wider client support.

Notifications can be unreliable but it depends on your push provider (e.g. don’t use the default ntfy.sh instance, use another one or selfhost yours). Do let me know of any other nits though.

For XMPP, notifications is most reliable as it maintains an in-band connection to the server. A/V is a bit more lacking, as mobile clients can only do 1:1 calls, and it misses some smaller features compared to matrix. But it’s very lightweight and should be more than capable for use with family and friends.

Look into DNS-01 challenge where instead of exposing 80/443, you obtain a cert by creating a TXT record for your domain. This requires your ACME client to support talking to your DNS provider’s API. For certbot they’re installable via plugins, for lego-acme many providers are included.

Hello,

Is it safe to use bridges at all? Who can read what on the server if I am using a bridge?

The Whatsapp/Signal bridge-bot thing can decrypt your chat and store them in plain text. So technically, the bridge operators can see the contents of your messages. In your case, they are probably the same people running nope.chat.

Unfortunately this is required for bridges to work across platforms.

If you are technically inclined, you may consider selfhosting your own server and bridges to fully control your data. You can also enable end-to-bridge-encryption if need be.

Second Concern: I keep getting invitations to a WhatsApp-Community I have never joined. I have declined the invitation but it keeps popping up. If I wanted to ban this chat I would have to ban the whole WhatsApp-Bot.

I believe the best way is to ban this chat from the WhatsApp client directly. Alternatively, you can try banning the room in Matrix too.

I know this will happen lol

most of the guides can be outdated because the software changes a lot. You’d find some better support writing on their Discord guild

Caddy supports the HTTP-01 and TLS-ALPN-01 challenges by default, you just need to expose 80/443 and it just works. But if you want to use the DNS-01 challenge you’d need to build it with a plugin of your DNS provider.

Traefik supports all 3 challenges equally ootb, with a wide range of DNS providers. But it is a bit harder to configure and doesn’t support being a web server.

I wanna reshare my experiences here. Essentially it doesn’t scale well with large rooms, and isn’t friendly with janky/underpowered equipment like XMPP. But with a lot of performance tuning it can go a long way.

For a room, the amount of servers you federate with is a more reliable metric than member count (so 5000 accounts on 2 servers would likely take less load than 500 accounts on 500 servers, as an example). There are some large public rooms that are very broken, and I advise banning them before users get to join

Search “selfhosting” on matrixrooms.info and sort by most members, you should find a few

The easy solution is to choose someone other than matrix.org, get everyone over there, and hope it works out in the long run

The technical answer is that if you own your domain name you can migrate from a managed solution to a selfhosted one with some caveats. If you can’t migrate the database, then some data will be lost (namely, unfederated rooms and local-only data) and your friends will likely need to do a few things (reset their passwords, and export/reimport their encryption keys). Unfortunately there are no database migrator between different server software right now

We are (like everyone) on matrix.org now but realize we need to move eventually.

Consider moving to another open registration server too. Find one that supports Element Call

do I need to pay for a domain still?

If you’re gonna selfhost, you should purchase a domain for proper federation with the wider network. IP-only servers are possible, but they are generally banned in most rooms due to antispam. Same with dynamic DNS domains

Unless it really is easy enough to do it on a synology nas for text/voice/screen share…

You’ll need to integrate a Matrix homeserver (I recommend Continuwuity.org, much lighter than Synapse) and Livekit (the software that handle Element Calls). It’s not particularly easy so maybe consider managed hosting beforehand, too

I’m using Continuwuity.org (also a Rust-based server and forked from the same former project as Tuwunel) so I’ll name a few that this one lacks:

• Synapse Admin UI (helps a lot in large server setups)
• Ability to purge rooms and some history (Rust servers use rocksdb with high compaction, so not a high priority for them)
• Matrix Authentication Service (aka next-gen OIDC-based authn)
• Ability to become a notary server (maintain other servers’ signing keys for faster retrieval by the public)
• More niceties implemented for Element Call
• More niceties implemented for encryption

I don’t think anything except for maybe OIDC would be really needed for a small-scale homeserver, but they do lack them. For me the resource efficiency, storage savings, and ease of maintenance is definitely a larger factor in choosing the server implementation

You can try Snikket.org, which is basically Prosody but easier. But you can’t selfhost “on each person’s own computers” as you said because you’d still need a publicly exposable IP addresses and high uptime. Maybe you could try registering on an XMPP or Matrix instance you like and migrate your community over there first

Question for others: is Prosody’s (and XMPP’s) group calls really good? I’m under the impression that Matrix (with Element Call) is currently better due to the SFU architecture, but I’d be happy to be proven otherwise. I’m interested to hear required specs, how large the calls can be, and how much strain it puts on the TURN server and clients especially when it comes to multiparty streaming

AFAIK the Movim people are working on SFU calls too, but not soon

• E2EE: all servers support it
• Federation: this is where most of the resource hog is. If you disable it you can use anything. I enable it and use continuwuity.
• Voice calls/screen shares: requires extra integration with Element Call + Livekit
• Mobile notifs: requires integrating with ntfy or some other UnifiedPush service. Or download Element X from Play Store and use Google’s push services

Edit: the main differences between these servers are that Synapse is written in Python/Twisted and is known to take up huge storage space. Meanwhile all other mentioned projects are Rust based, has a shared lineage, are usually more efficient with storage and ops, though are more focused on a smaller user size and doesn’t yet have advanced Synapse features

If you want a non-federating LAN-only Matrix server, then STUN/TURN can be behind the NAT. Since you have Tailscale, STUN/TURN can also expose itself on the Tailscale VPN too. Just configure proper DNS records per-interface and you should be fine.

Since calls are p2p, the purpose of STUN is to determine a client’s (usually public) IP address, and TURN is to relay the connection if they can’t connect directly (i.e. behind NAT). If your clients are on the same LAN/VPN with unrestrictive firewalls then you might not even need any STUN/TURN altogether.

Few of the answers given were concrete. So here’s my take.

I am able to run singleuser Continuwuity on a 8GB RAM Pi machine with 4 cores, and join many large rooms (around >=1000 users, although the number of homeservers in the room is a more suitable metric). It would use around 2GB RAM, but you can tune it for less (basically reduce cache values, but ask in the room for more advice).

After a few months the database hovers at around 2GB, because the database uses zstd compression by default. It’s not anyhow a major problem like Synapse, just don’t use HDD for storage and you should be fine.

For best experience, I also selfhost a dedicated caching resolver (unbound) for continuwuity. That takes like a few hundred more MBs of memory.

Given the fact you’d like to play around with it, a mid-tier VM/VPS (2CPU, 2GB RAM, 20GB SSD) is a reasonable starting choice. For a non-federating server, it can take a lot less resource than this.

jade-liveit-guide.continuwuity.pages.dev/calls

the call docs are being rewritten to reflect latest developments. Join the Matrix room for further help too, it’s quite active these days