Advanced

Advanced setup

Contents

• Values documentation
• Using a dedicated PostgreSQL database
• Configuring the storage path when using k3s
• Monitoring
• Components Configuration
  • Configuring Element Web
  • Configuring Synapse
  • Configuring Matrix Authentication Service

Values documentation

The Helm chart values documentation is available in:

• The GitHub repository values files.
• The chart README.
• Artifacthub.io.

Configuration samples are available in the GitHub repository.

Using a dedicated PostgreSQL database

The stack can need up to 3 databases:

• For Synapse https://element-hq.github.io/synapse/latest/postgres.html

• For MAS https://element-hq.github.io/matrix-authentication-service/setup/database.html

• For GroupSync

To configure your own PostgreSQL Database in your installation, copy the file charts/matrix-stack/ci/fragments/quick-setup-postgresql.yaml to postgresql.yaml in your ESS configuration values directory and configure it accordingly.

For Group Sync, merge the file charts/matrix-stack/ci/fragments/group-sync-test-postgres.yaml together with charts/matrix-stack/ci/fragments/group-sync-test-postgres-secrets-in-helm.yaml in the postgresql.yaml of your ESS configuration values.

Configuring the storage path when using K3s

K3s by default deploys the storage in /var/lib/rancher/k3s/storage/. If you want to change the path, you will have to run the K3s setup with the parameter --default-local-storage-path <your path>.

Monitoring

The chart provides ServiceMonitor automatically to monitor the metrics exposed by ESS Pro.

If your cluster has Prometheus Operator or Victoria Metrics Operator installed, the metrics will automatically be scraped.

Configuration

ESS Pro allows you to easily configure its individual components. You basically have to create a values file for each component in which you specify your custom configuration. Below you find sections for each component.

If you have created new values files for custom configuration, make sure to apply them by passing them with the helm upgrade command (see Setting up the stack).

Configuring Element Web

Element Web configuration is written in JSON. The documentation can be found in the Element Web repository.

To configure Element Web, create a values file with the JSON config to inject as a string under “additional”:

elementWeb:
  additional:
    user-config.json: |
      {
        "some": "settings"
      }

Configuring Synapse

Synapse configuration is written in YAML. The documentation can be found here.

synapse:
  additional:
    user-config.yaml:
      config: |
        # Add your settings below, taking care of the spacing indentation
        some: settings

Configuring Matrix Authentication Service

Matrix Authentication Service configuration is written in YAML. The MAS documentation can be found here.

See this document for additional ESS MAS documentation.

matrixAuthenticationService:
  additional:
    user-config.yaml:
      config: |
        # Add your settings below, taking care of the spacing indentation
        some: settings

Enable the MAS Admin API

To enable the MAS Admin API, you need to add some additional MAS configuration. There are two modes to use the Admin API. You can enable either one on its own or both as per your requirements. Note you will need to generate valid ULIDs for the client IDs below using a ULID generator like for example https://ulidgenerator.com/

1. Using the Swagger UI provided with MAS. An example is available on the MAS documentation page at https://element-hq.github.io/matrix-authentication-service/api/index.html. However, we encourage you to instead use the one hosted by your MAS instance at https://your-mas-domain.tld/api/doc/. ULID_Admin_Client_1 in the below example enables authentication for graphical MAS clients like the Swagger UI.
2. Manually calling the API using a rest client, for example cURL or Bruno. This is documented in this example in the MAS documentation. This is ULID_Admin_Client_2 in the below example.

Ensure you protect the Client IDs and Secrets as these grant full access to manage all accounts on your server.

Example configuration:

matrixAuthenticationService:
  additional:
    user-config.yaml:
      config: |
      policy:
        data:
          admin_clients:
            - ULID_Admin_Client_1
            - ULID_Admin_Client_2
          admin_users:
            - your-admin-user
      clients:
        - client_id: ULID_Admin_Client_1
          client_auth_method: client_secret_post
          client_secret: A-secret
          redirect_uris:
            - https://account.example.com/api/doc/oauth2-callback
        - client_id: ULID_Admin_Client_2
          client_auth_method: client_secret_basic
          client_secret: Another-secret

Configuring GroupSync

GroupSync configuration is written in YAML. The documentation can be found here.

groupSync:
  additional:
    user-config.yaml:
      config: |
        # Add your settings below, taking care of the spacing indentation
        some: settings