Complete Docker-based Conduit Matrix homeserver deployment with SSL certificate management and identity integration for production and development environments.
Automatic SSL certificate management from Let's Encrypt for production deployments. Provides seamless HTTPS integration for Docker containers using nginx-proxy and acme-companion. Learn more about Let's Encrypt Manager configuration.
Local domain stack with trusted self-signed certificates for virtual network deployments. Includes private CA management and local DNS resolution for development environments. Learn more about Step CA Manager configuration.
Enterprise-grade identity and access management solution. Provides authentication, authorization, and user management for secure application access. Learn more about Keycloak configuration.
For Conduit integration, see: Conduit OIDC Configuration
Modern identity and access management server with comprehensive authentication capabilities. Provides secure identity management with modular configuration system and multiple deployment modes. Learn more about Kanidm configuration.
Modular Docker Compose configuration system for Conduit Matrix homeserver with support for multiple environments and OIDC integration capabilities. Provides lightweight, Rust-based Matrix homeserver deployment with customizable configurations for development and production. Learn more about Conduit configuration.
Database migration tools for Conduit Matrix homeserver. Migrate between different database backends (RocksDB, SQLite) without losing your Matrix data. Includes DevContainer setup and comprehensive migration guides. Learn more about database migration.
Each component has its own README with detailed setup instructions. Choose the certificate management solution and identity provider that fits your deployment scenario.
-
Choose SSL Management:
- Production: Use Let's Encrypt Manager
- Development: Use Step CA Manager
-
Configure Identity (Optional):
- Enterprise: Use Keycloak
- Modern: Use Kanidm
-
Deploy Conduit Matrix Server:
- Configure Conduit homeserver with desired environment and extensions
# 1. Build Conduit configurations
cd src/conduit/
./build.sh
# 2. Choose your deployment scenario
# For development with OIDC
cd build/forwarding/oidc/
# For production with Let's Encrypt and OIDC
cd build/letsencrypt/oidc/
# For production with Step CA, OIDC and Step CA trust
cd build/step-ca/oidc+step-ca-trust/
# 3. Configure environment
cp .env.example .env
# Edit .env with your values
# 4. Deploy
docker-compose up -dβββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββ
β Matrix Client ββββββ Conduit Matrix ββββββ RocksDB β
β (Element/Cinny) β β Homeserver β β (Database) β
βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββ
β β
β β
βββββββββββββββββββ βββββββββββββββββββ
β Identity Server β β SSL Manager β
β (Keycloak/ β β (Let's Encrypt/ β
β Kanidm) β β Step CA) β
βββββββββββββββββββ βββββββββββββββββββ- Docker & Docker Compose
- Domain name (for production deployments)
- Email address (for Let's Encrypt)
yqtool for configuration building
All services use modular Docker Compose configurations with:
- Base components: Core service definitions
- Environment components: Development, production, SSL configurations
- Extension components: OIDC, identity integration, Step CA trust
- Build system: Automatic generation of deployment combinations
# Conduit with port forwarding
cd src/conduit/build/forwarding/base/
docker-compose up -d
# Conduit with port forwarding and OIDC
cd src/conduit/build/forwarding/oidc/
docker-compose up -d# Conduit with Let's Encrypt SSL
cd src/conduit/build/letsencrypt/base/
docker-compose up -d
# Conduit with Let's Encrypt SSL and OIDC
cd src/conduit/build/letsencrypt/oidc/
docker-compose up -d
# Conduit with Step CA SSL, OIDC and Step CA trust
cd src/conduit/build/step-ca/oidc+step-ca-trust/
docker-compose up -d# Conduit in DevContainer
cd src/conduit/build/devcontainer/base/
docker-compose up -d
# Conduit in DevContainer with OIDC and Step CA trust
cd src/conduit/build/devcontainer/oidc+step-ca-trust/
docker-compose up -d- SSL/TLS Encryption: Automatic certificate management
- Identity Integration: OIDC authentication
- Network Isolation: Docker network segmentation
- Secret Management: Environment-based configuration
- Access Control: Registration tokens and federation controls
- Step CA Trust: Automatic certificate trust for internal services
- Lightweight: Rust-based Matrix homeserver with minimal resource usage
- Performance: RocksDB backend for optimal performance
- Federation: Full Matrix federation support
- OIDC: External authentication provider integration
- Well-known: Automatic Matrix well-known delegation setup
- Registration: Configurable user registration with token support
- SSL Certificate Issues: Check Let's Encrypt/Step CA configuration
- Identity Integration: Verify OIDC provider settings
- Network Connectivity: Ensure proper Docker network configuration
- Federation Issues: Check server name and well-known configuration
- Database Issues: Verify RocksDB permissions and storage
# Conduit logs
docker logs conduit
# Identity provider logs
docker logs keycloak # or kanidm
# SSL automation logs
docker logs nginx-proxy
docker logs letsencrypt-companion # or step-ca-manager- Conduit Matrix Server Configuration
- SSL Automation
- Identity Management
- Official Conduit Documentation
- Element: Full-featured Matrix client
- Cinny: Modern Matrix client with clean UI
- FluffyChat: Cross-platform Matrix client
- Nheko: Desktop Matrix client
- Matrix Bridges: Connect to Telegram, Discord, and other platforms
- Maubot: Matrix bot framework
- Matrix Widgets: Embedded applications in Matrix rooms
Conduit supports full Matrix federation, allowing communication with:
- matrix.org: The flagship Matrix homeserver
- Other Conduit instances: Lightweight Matrix homeservers
- Synapse instances: Reference Matrix homeserver implementation
- Dendrite instances: Next-generation Matrix homeserver
Each service supports extensive customization through:
- Environment variables
- Configuration files
- Docker Compose overrides
- Extension combinations
- Container health checks
- Log aggregation
- Metrics collection (when integrated with monitoring stack)
- Performance monitoring
- Fork the repository
- Create a feature branch
- Make your changes
- Test configurations
- Submit a pull request
This project is dual-licensed under:
- Matrix.org - Open network for secure, decentralized communication
- Conduit - Lightweight Matrix homeserver written in Rust
- Element.io - Secure collaboration and messaging
- Keycloak - Identity and access management
- Kanidm - Modern identity management
- Let's Encrypt - Free SSL certificates
- Smallstep - Private certificate authority