# Generic deployment documentation :::tip Getting help If you run into any problems while setting up Continuwuity, ask us in `#continuwuity:continuwuity.org` or [open an issue on Forgejo][forgejo-new-issue]. ::: [forgejo-new-issue]: https://forgejo.ellis.link/continuwuation/continuwuity/issues/new ## Installing Continuwuity ### Prebuilt binary Download the binary for your architecture (x86_64 or aarch64) - run the `uname -m` to check which you need. Prebuilt binaries are available from: - **Tagged releases**: [see Release page][release-page] - **Development builds**: CI artifacts from the `main` branch (includes Debian/Ubuntu packages), [see Actions page for details][actions-page] When browsing CI artifacts, `ci-bins` contains binaries organised by commit hash, while `releases` contains tagged versions. Sort by last modified date to find the most recent builds. The binaries require jemalloc and io_uring on the host system. Currently we can't cross-build static binaries - contributions are welcome here. [release-page]: https://forgejo.ellis.link/continuwuation/continuwuity/releases/ [actions-page]: https://forgejo.ellis.link/continuwuation/continuwuity/actions/ #### Performance-optimised builds For x86_64 systems with CPUs from the last ~15 years, use the `-haswell-` optimised binaries for best performance. These binaries enable hardware-accelerated CRC32 checksumming in RocksDB, which significantly improves database performance. The haswell instruction set provides an excellent balance of compatibility and speed. If you're using Docker instead, equivalent performance-optimised images are available with the `-maxperf` suffix (e.g. `forgejo.ellis.link/continuwuation/continuwuity:latest-maxperf`). These images use the `release-max-perf` build profile with [link-time optimisation (LTO)][lto-rust-docs] and, for amd64, target the haswell CPU architecture. [lto-rust-docs]: https://doc.rust-lang.org/cargo/reference/profiles.html#lto ### Nix Theres a Nix package defined in our flake, available for Linux and MacOS. Add continuwuity as an input to your flake, and use `inputs.continuwuity.packages.${system}.default` to get a working Continuwuity package. If you simply wish to generate a binary using Nix, you can run `nix build git+https://forgejo.ellis.link/continuwuation/continuwuity` to generate a binary in `result/bin/conduwuit`. ### Compiling Alternatively, you may compile the binary yourself. #### Using Docker See the [Building Docker Images](../development/index.mdx#building-docker-images) section in the development documentation. #### Manual ##### Dependencies - Run `nix develop` to get a devshell with everything you need - Or, install the following: - (On linux) `liburing-dev` on the compiling machine, and `liburing` on the target host - (On linux) `pkg-config` on the compiling machine to allow finding `liburing` - A C++ compiler and (on linux) `libclang` for RocksDB ##### Build You can build Continuwuity using `cargo build --release`. Continuwuity supports various optional features that can be enabled during compilation. Please see the Cargo.toml file for a comprehensive list, or ask in our rooms. #### Building with Nix If you prefer, you can use Nix (or [Lix](https://lix.systems)) to build Continuwuity. This provides improved reproducibility and makes it easy to set up a build environment and generate output. This approach also allows for easy cross-compilation. You can run the `nix build -L .#static-x86_64-linux-musl-all-features` or `nix build -L .#static-aarch64-linux-musl-all-features` commands based on architecture to cross-compile the necessary static binary located at `result/bin/conduwuit`. This is reproducible with the static binaries produced in our CI. ## Adding a Continuwuity user While Continuwuity can run as any user, it is better to use dedicated users for different services. This also ensures that the file permissions are set up correctly. In Debian, you can use this command to create a Continuwuity user: ```bash sudo adduser --system continuwuity --group --disabled-login --no-create-home ``` For distros without `adduser` (or where it's a symlink to `useradd`): ```bash sudo useradd -r --shell /usr/bin/nologin --no-create-home continuwuity ``` ## Setting up a systemd service You can find an example unit for continuwuity below. You may need to change the `ExecStart=` path to match where you placed the Continuwuity binary if it is not in `/usr/bin/conduwuit`. On systems where rsyslog is used alongside journald (i.e. Red Hat-based distros and OpenSUSE), put `$EscapeControlCharactersOnReceive off` inside `/etc/rsyslog.conf` to allow color in logs. If you are using a different `database_path` than the systemd unit's configured default (`/var/lib/conduwuit`), you need to add your path to the systemd unit's `ReadWritePaths=`. You can do this by either directly editing `conduwuit.service` and reloading systemd, or by running `systemctl edit conduwuit.service` and entering the following: ``` [Service] ReadWritePaths=/path/to/custom/database/path ``` ### Example systemd Unit File
Click to expand systemd unit file (conduwuit.service) ```ini file="../../pkg/conduwuit.service" ```
You can also [view the file on Foregejo][systemd-file]. [systemd-file]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/pkg/conduwuit.service ## Creating the Continuwuity configuration file Now you need to create the Continuwuity configuration file in `/etc/conduwuit/conduwuit.toml`. You can find an example configuration at [conduwuit-example.toml](../reference/config.mdx). **Please take a moment to read the config. You need to change at least the server name.** ### Setting the correct file permissions If you are using a dedicated user for Continuwuity, you need to allow it to read the configuration. To do this, run: ```bash sudo chown -R root:root /etc/conduwuit sudo chmod -R 755 /etc/conduwuit ``` If you use the default database path you also need to run this: ```bash sudo mkdir -p /var/lib/conduwuit/ sudo chown -R continuwuity:continuwuity /var/lib/conduwuit/ sudo chmod 700 /var/lib/conduwuit/ ``` ## Exposing ports in the firewall or the router Matrix's default federation port is **:8448**, and clients use port **:443**. You will need to expose these ports on your firewall or router. If you use UFW, the commands to allow them are: `ufw allow 8448/tcp` and `ufw allow 443/tcp`. :::tip Alternative port/domain setups If you would like to use only port 443, a different port, or a subdomain for the homeserver, you will need to set up `.well-known` delegation. Consult the `[global.well_known]` section of the config file, and the [**Delegation/Split-domain**](../advanced/delegation) page to learn more about these kinds of deployments. ::: ## Setting up the Reverse Proxy ### Caddy Caddy is the recommended reverse proxy as it is easy to use, has good defaults, and handle TLS certificates automatically. After installing Caddy via your preferred method, create `/etc/caddy/conf.d/conduwuit_caddyfile` and enter the following (substitute `example.com` with your actual server name): ``` example.com, example.com:8448 { # TCP reverse_proxy reverse_proxy 127.0.0.1:8008 } ``` That's it! Just start and enable the service and you're set. ```bash sudo systemctl enable --now caddy ``` ### Other Reverse Proxies You will need to reverse proxy everything under the following routes: - `/_matrix/` - core Matrix APIs, which includes: - `/_matrix/federation` and `/_matrix/key` - core Server-Server APIs. These should be available on port :8448 - `/_matrix/client` - core Client-Server APIs. These should be available on port :443 - `/_conduwuit/` and/or `/_continuwuity/` - ad-hoc Continuwuity routes such as `/local_user_count` and `/server_version` You can optionally reverse proxy the following individual routes: - `/.well-known/matrix/client` and `/.well-known/matrix/server` if using Continuwuity to perform delegation (see the `[global.well_known]` config section) - `/.well-known/matrix/support` if using Continuwuity to send the homeserver admin contact and support page (formerly known as MSC1929) - `/` and `/_continuwuity/logo.svg` if you would like to see the Continuwuity landing page Normally, all of these could be achieved by reverse proxying everything from port :8448 and :443 back to Continuwuity. Refer to the respective software's documentation and online guides on how to do so. #### Caveats for specific reverse proxies - Lighttpd is not supported as it appears to interfere with the `X-Matrix` Authorization header, making federation non-functional. If you find a workaround, please share it so we can add it to this documentation. - If using Apache, you need to use `nocanon` in your `ProxyPass` directive to prevent httpd from interfering with the `X-Matrix` header (note that Apache is not ideal as a general reverse proxy, so we discourage using it if alternatives are available). - If using Nginx, you need to pass the request URI to Continuwuity using `$request_uri`, like this: - `proxy_pass http://127.0.0.1:6167$request_uri;` - `proxy_pass http://127.0.0.1:6167;` Nginx users need to increase the `client_max_body_size` setting (default is 1M) to match the `max_request_size` defined in conduwuit.toml. ## You're done Now you can start Continuwuity with: ```bash sudo systemctl start conduwuit ``` Set it to start automatically when your system boots with: ```bash sudo systemctl enable conduwuit ``` ## How do I know it works? You can open [a Matrix client](https://matrix.org/ecosystem/clients), enter your homeserver address, and try to register. You can also use these commands as a quick health check (replace `example.com`). ```bash curl https://example.com/_conduwuit/server_version # If using port 8448 curl https://example.com:8448/_conduwuit/server_version # If federation is enabled curl https://example.com:8448/_matrix/federation/v1/version ``` - To check if your server can communicate with other homeservers, use the [Matrix Federation Tester](https://federationtester.mtrnord.blog/). If you can register but cannot join federated rooms, check your configuration and verify that port 8448 is open and forwarded correctly. ## What's next? - For smooth federation, set up a caching resolver according to the [DNS tuning guide](../advanced/dns.mdx) - For Audio/Video call functionality see the [Calls](../calls.md) page. - If you want to set up an appservice, take a look at the [Appservice Guide](../appservices.md).