How to set up your own secure messenger with Matrix + Element

03/16/26 01:54 am, by , Categories: IT

Deploying Your Own Secure Messenger: Matrix + Element + NPM 🔥

Today, the question of privacy and control over your data is more relevant than ever.

When I was looking for a simple and clear guide to installing Matrix myself, I ran into either overloaded manuals or fragments of information.

So I decided to write my own guide following a “3-in-1” approach.

In this guide we will deploy a full stack:

Matrix (Synapse) - the brain and server-side of the messenger.
Element - a modern and convenient web client.
Nginx Proxy Manager - for automating SSL certificates and convenient traffic management.

Important: In this guide we focus on a basic deployment. Calling features (VoIP) require additional resources and TURN server configuration, so we will skip them here to keep the guide as simple and fast as possible.

Why Matrix?

Decentralization. You run your own “instance”. All messages within your server remain on your infrastructure - you fully control the system.
End-to-end encryption (E2EE). No compromises. Thanks to the Olm/Megolm protocol, even the server administrator (you) cannot read the contents of encrypted chats.
Federation. This is “email in the world of messengers”. You are not locked inside your own server and can freely communicate with users of other Matrix instances, join global chats and rooms.

Prerequisites

You need to rent a VPS server in a reliable location with at least 2GB of RAM.

In my example I deploy on AWS, but you can choose any available option.

The DNS record must point to your server IP address, i.e.:

55.123.45.67 - yourdomain.com

The following ports must also be open: 80, 81, 443, 22, 8448

In this example I deploy on Debian 12.

Installation and Configuration

Connect to the created server via SSH and switch to root mode.

sudo su

Update the packages.

apt update && apt upgrade -y

Install GIT, Cron, and Curl if they are not installed.

apt install git cron curl -y

Clone my repository.

git clone https://github.com/nikita-butakov/matrix_element.git

Go to the new project folder.

cd matrix_element

First we need to edit the config.json file.

nano config.json

Replace yourdomain.com with your own server domain. In my case it is jitsidevops.website.

After making changes, exit the file. In nano this is done with CTRL + X.

And save the file by pressing Y and ENTER.

You can verify that the file contains the correct information with the command

cat config.json

Grant execution permission to the script that copies certificates.

chmod +x certs.sh

You can check the script permissions with the command

ls -l

The letter x should appear.

After granting execution permission, you need to add periodic execution of this script to Cron.

Check the path of our folder with the command

pwd

For me it is /home/admin/matrix_element, so the command will be

0 3 * * * /home/admin/matrix_element/certs.sh

If your path is different, replace it with your own.

Open the Cron editor.

crontab -e

If asked which editor to use for Cron, you can choose nano by pressing 1 and Enter.

Add the command at the very bottom.

0 3 * * * /home/admin/matrix_element/certs.sh

Exit the file again with CTRL + X, then Y and Enter.

You can verify that the line has been added with the command

crontab -l

Now you need to install Docker. Go to the link https://docs.docker.com/engine/install/debian/

Find the section "Install using the convenience script"

And install using the listed commands.

Check the installation with the command

docker -v

Run the command to generate the config, replacing yourdomain.com with your domain.

docker run --rm -it \ -e SYNAPSE_SERVER_NAME=yourdomain.com \ -e SYNAPSE_REPORT_STATS=no \ -v $(pwd)/synapse/data:/data \ matrixdotorg/synapse:latest generate

After executing the command, go to the folder

cd synapse/data/

And edit the file homeserver.yaml.

nano homeserver.yaml

Carefully delete all lines up to database.

Then paste the config from the link. Also replace yourdomain.com with your own domain.

https://github.com/nikita-butakov/matrix_element/blob/main/homeserver_example

The file after editing with my domain looks like this:

https://github.com/nikita-butakov/matrix_element/blob/main/homeserver_example_done

Return two folders up to the main directory.

cd ../..

First, start only Nginx Proxy Manager to obtain certificates.

docker compose up npm -d

After the container starts, open Nginx Proxy Manager. In my case it is (replace with your domain):

http://jitsidevops.website:81/

The first time you must register and set a password.

After registration, go to Proxy hosts on the main page.

Click Add proxy.

Add your domain name in the domain field. In my case: jitsidevops.website.

Scheme: http
Forward Hostname / IP: element
Forward Port: 80
Block Common Exploits: ON
Websockets Support: ON

Tab Custom locations
Location: /_matrix
Scheme: http
Forward Hostname / IP: synapse
Forward Port: 8008

Location: /_synapse
Scheme: http
Forward Hostname / IP: synapse
Forward Port: 8008

Click Save and return to the console.

Start the remaining containers.

docker compose up -d

After successful startup, return to Nginx Proxy Manager and add a certificate by editing the existing Proxy Host.

SSL Tab
Request a new certificate
Force SSL: ON
HTTP/2 Support: ON

Click Save again.

As a result, the status in Nginx Proxy Manager should be Online and must have a certificate.

In the console, run the first certificate copy manually.

./certs.sh

Important: if the script throws an error, check the folder name

npm/letsencrypt/live

with the certificate and change it to the correct one.

If it is for example npm-2, you must change it in the script to npm-2. In my case it is npm-1.