matrix-docker-ansible-deploy/docs/prerequisites.md

# Prerequisites

- An **x86** server running one of these operating systems:
  - **CentOS** (7 only for now; [8 is not yet supported](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/300))
  - **Debian** (9/Stretch+)
  - **Ubuntu** (16.04+, although [20.04 may be problematic](ansible.md#supported-ansible-versions))
  - **Archlinux**

This playbook doesn't support running on ARM (see [this issue](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/299)), however a minimal subset of the tools can be built on the host, which may result in a working configuration, even on a Raspberry pi (see [Alternative Architectures](alternative-architectures.md)). We only strive to support released stable versions of distributions, not betas or pre-releases. This playbook can take over your whole server or co-exist with other services that you have there.

- `root` access to your server (or a user capable of elevating to `root` via `sudo`).

- [Python](https://www.python.org/) being installed on the server. Most distributions install Python by default, but some don't (e.g. Ubuntu 18.04) and require manual installation (something like `apt-get install python`).

- A `cron`-like tool installed on the server such as `cron` or `anacron` to automatically schedule the Let's Encrypt SSL certificates's renewal. *This can be ignored if you use your own SSL certificates.*

- The [Ansible](http://ansible.com/) program being installed on your own computer. It's used to run this playbook and configures your server for you. Take a look at [our guide about Ansible](ansible.md) for more information, as well as [version requirements](ansible.md#supported-ansible-versions) and alternative ways to run Ansible.

- Either the `dig` tool or `python-dns` installed on your own computer. Used later on, by the playbook's [services check](maintenance-checking-services.md) feature.

- An HTTPS-capable web server at the base domain name (`<your-domain>`) which is capable of serving static files. Unless you decide to [Serve the base domain from the Matrix server](configuring-playbook-base-domain-serving.md) or alternatively, to use DNS SRV records for [Server Delegation](howto-server-delegation.md).

- Properly configured DNS records for `<your-domain>` (details in [Configuring DNS](configuring-dns.md)).

- Some TCP/UDP ports open. This playbook configures the server's internal firewall for you. In most cases, you don't need to do anything special. But **if your server is running behind another firewall**, you'd need to open these ports:

  - `80/tcp`: HTTP webserver
  - `443/tcp`: HTTPS webserver
  - `3478/tcp`: TURN over TCP (used by Coturn)
  - `3478/udp`: TURN over UDP (used by Coturn)
  - `5349/tcp`: TURN over TCP (used by Coturn)
  - `5349/udp`: TURN over UDP (used by Coturn)
  - `8448/tcp`: Matrix Federation API HTTPS webserver. In some cases, this **may necessary even with federation disabled**. Integration Servers (like Dimension) and Identity Servers (like ma1sd) may need to access `openid` APIs on the federation port.
  - the range `49152-49172/udp`: TURN over UDP
  - `4443/tcp`: Jitsi Harvester fallback
  - `10000/udp`: Jitsi video RTP. Depending on your firewall/NAT setup, incoming RTP packets on port `10000` may have the external IP of your firewall as destination address, due to the usage of STUN in JVB (see [`matrix_jitsi_jvb_stun_servers`](../roles/matrix-jitsi/defaults/main.yml)).

When ready to proceed, continue with [Configuring DNS](configuring-dns.md).
Split README into a bunch of files in docs/ 2018-08-08 07:07:02 +00:00			`# Prerequisites`

Add notes about running Ansible on Ubuntu 20.04 Discussed in #669 (Github Issue). 2020-10-15 08:34:50 +00:00			`- An x86 server running one of these operating systems:`
			`- CentOS (7 only for now; [8 is not yet supported](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/300))`
			`- Debian (9/Stretch+)`
			`- Ubuntu (16.04+, although [20.04 may be problematic](ansible.md#supported-ansible-versions))`
			`- Archlinux`

			This playbook doesn't support running on ARM (see [this issue](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/299)), however a minimal subset of the tools can be built on the host, which may result in a working configuration, even on a Raspberry pi (see [Alternative Architectures](alternative-architectures.md)). We only strive to support released stable versions of distributions, not betas or pre-releases. This playbook can take over your whole server or co-exist with other services that you have there.
Split README into a bunch of files in docs/ 2018-08-08 07:07:02 +00:00
Mention that root access is a requirement Fixes #396 (Github Issue). 2020-03-15 11:04:55 +00:00			- `root` access to your server (or a user capable of elevating to `root` via `sudo`).

Split README into a bunch of files in docs/ 2018-08-08 07:07:02 +00:00			- [Python](https://www.python.org/) being installed on the server. Most distributions install Python by default, but some don't (e.g. Ubuntu 18.04) and require manual installation (something like `apt-get install python`).

Minor docs formatting cleanup 2020-05-27 13:55:11 +00:00			- A `cron`-like tool installed on the server such as `cron` or `anacron` to automatically schedule the Let's Encrypt SSL certificates's renewal. This can be ignored if you use your own SSL certificates.
Specify that cron is likely required on the server When using Let's Encrypt SSL certificates, a cronjob is set up to automatically renew them. Though it does require a `cron`-compatible program on the server. This fixes the error that is caused by the `/etc/cron.d` directory not existing and the `ansible-cron` module trying to write out a file there -- without checking if the directory exists first. 2019-03-22 16:44:24 +00:00
Minor docs formatting cleanup 2020-05-27 13:55:11 +00:00			`- The [Ansible](http://ansible.com/) program being installed on your own computer. It's used to run this playbook and configures your server for you. Take a look at [our guide about Ansible](ansible.md) for more information, as well as [version requirements](ansible.md#supported-ansible-versions) and alternative ways to run Ansible.`
Update Prerequisites a bit 2019-02-20 09:39:04 +00:00
Minor docs formatting cleanup 2020-05-27 13:55:11 +00:00			- Either the `dig` tool or `python-dns` installed on your own computer. Used later on, by the playbook's [services check](maintenance-checking-services.md) feature.
Split README into a bunch of files in docs/ 2018-08-08 07:07:02 +00:00
Minor docs formatting cleanup 2020-05-27 13:55:11 +00:00			- An HTTPS-capable web server at the base domain name (`<your-domain>`) which is capable of serving static files. Unless you decide to [Serve the base domain from the Matrix server](configuring-playbook-base-domain-serving.md) or alternatively, to use DNS SRV records for [Server Delegation](howto-server-delegation.md).
Split README into a bunch of files in docs/ 2018-08-08 07:07:02 +00:00
Minor docs formatting cleanup 2020-05-27 13:55:11 +00:00			- Properly configured DNS records for `<your-domain>` (details in [Configuring DNS](configuring-dns.md)).
Split README into a bunch of files in docs/ 2018-08-08 07:07:02 +00:00
Automatically enable openid listeners when ma1sd enabled ma1sd requires the openid endpoints for certain functionality. Example: https://github.com/ma1uta/ma1sd/blob/90b2b5301c34168346fdc5e7eccc09d6958e999f/src/main/java/io/kamax/mxisd/auth/AccountManager.java#L67-L99 If federation is disabled, we still need to expose these openid APIs on the federation port. Previously, we were doing similar magic for Dimension. As per its documentation, when running unfederated, one is to enable the openid listener as well. As per their recommendation, people are advised to do enable it on the Client-Server API port and use the `federationUrl` variable to override where the federation port is (making federation requests go to the Client-Server API). Because ma1sd always uses the federation port (unless you do some DNS overwriting magic using its configuration -- which we'd rather not do), it's better if we just default to putting the `openid` listener where it belongs - on the federation port. With this commit, we retain the "automatically enable openid APIs" thing we've been doing for Dimension, but move it to the federation port instead. We also now do the same thing when ma1sd is enabled. 2020-12-08 14:48:25 +00:00			`- Some TCP/UDP ports open. This playbook configures the server's internal firewall for you. In most cases, you don't need to do anything special. But if your server is running behind another firewall, you'd need to open these ports:`

			- `80/tcp`: HTTP webserver
			- `443/tcp`: HTTPS webserver
			- `3478/tcp`: TURN over TCP (used by Coturn)
			- `3478/udp`: TURN over UDP (used by Coturn)
			- `5349/tcp`: TURN over TCP (used by Coturn)
			- `5349/udp`: TURN over UDP (used by Coturn)
			- `8448/tcp`: Matrix Federation API HTTPS webserver. In some cases, this may necessary even with federation disabled. Integration Servers (like Dimension) and Identity Servers (like ma1sd) may need to access `openid` APIs on the federation port.
			- the range `49152-49172/udp`: TURN over UDP
			- `4443/tcp`: Jitsi Harvester fallback
			- `10000/udp`: Jitsi video RTP. Depending on your firewall/NAT setup, incoming RTP packets on port `10000` may have the external IP of your firewall as destination address, due to the usage of STUN in JVB (see [`matrix_jitsi_jvb_stun_servers`](../roles/matrix-jitsi/defaults/main.yml)).
Split README into a bunch of files in docs/ 2018-08-08 07:07:02 +00:00
Initial work on Synapse 0.99/1.0 preparation 2019-02-05 09:07:08 +00:00			`When ready to proceed, continue with [Configuring DNS](configuring-dns.md).`