{"id":50809430,"url":"https://github.com/balnaimi/conduit-deploy","last_synced_at":"2026-06-13T03:14:32.775Z","repository":{"id":344476173,"uuid":"1181878956","full_name":"balnaimi/conduit-deploy","owner":"balnaimi","description":"Deploy your own private Matrix messaging server in minutes. E2EE, voice/video calls, federation — one script, fully automated.","archived":false,"fork":false,"pushed_at":"2026-03-15T06:28:57.000Z","size":489,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-15T07:17:19.543Z","etag":null,"topics":["conduit","docker","encryption","federation","matrix","messaging","privacy","self-hosted"],"latest_commit_sha":null,"homepage":"https://balnaimi.github.io/conduit-deploy/","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/balnaimi.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-14T18:44:03.000Z","updated_at":"2026-03-15T06:29:00.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/balnaimi/conduit-deploy","commit_stats":null,"previous_names":["balnaimi/conduit-deploy"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/balnaimi/conduit-deploy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/balnaimi%2Fconduit-deploy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/balnaimi%2Fconduit-deploy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/balnaimi%2Fconduit-deploy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/balnaimi%2Fconduit-deploy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/balnaimi","download_url":"https://codeload.github.com/balnaimi/conduit-deploy/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/balnaimi%2Fconduit-deploy/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34270550,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-13T02:00:06.617Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["conduit","docker","encryption","federation","matrix","messaging","privacy","self-hosted"],"created_at":"2026-06-13T03:14:32.316Z","updated_at":"2026-06-13T03:14:32.749Z","avatar_url":"https://github.com/balnaimi.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# 🏠 Conduit Deploy\n\n\u003e Deploy your own private Matrix messaging server in minutes.\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://balnaimi.github.io/conduit-deploy/\"\u003e\u003cstrong\u003e🌐 Visit the Website\u003c/strong\u003e\u003c/a\u003e\n\u003c/p\u003e\n\nOne interactive script that sets up a complete, secure Matrix server with **end-to-end encryption**, **voice/video calls**, and **federation**.\n\n\u003e **📝 Personal Project** — I built this for myself and my friends as a learning project, covering the scenarios we needed. It may not fit every use case, but you're welcome to fork it and adapt it to yours.\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Matrix-Conduit-6c63ff?style=for-the-badge\" alt=\"Matrix Conduit\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/License-MIT-green?style=for-the-badge\" alt=\"MIT License\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Debian_13-Tested-blue?style=for-the-badge\" alt=\"Debian 13\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Rust-Lightweight-orange?style=for-the-badge\" alt=\"Rust\"\u003e\n\u003c/p\u003e\n\n## ✨ What You Get\n\n| | |\n|---|---|\n| 🔒 **End-to-End Encryption** | Nobody can read your messages — not even the server |\n| 📞 **Voice \u0026 Video Calls** | Built-in TURN/STUN that works across networks |\n| 🌐 **Federation** | Talk to anyone on the Matrix network |\n| 🔐 **Auto TLS** | Let's Encrypt via Caddy — zero maintenance |\n| 🛡️ **Hardened** | Firewall, fail2ban, OS security patches — all automatic |\n| ⚡ **Lightweight** | ~50MB RAM — runs on a $6/month VPS |\n\n## 🚀 Quick Start\n\n```bash\nssh user@your-server\ncurl -fsSL https://raw.githubusercontent.com/balnaimi/conduit-deploy/main/conduit-deploy.sh -o conduit-deploy.sh\nsudo bash conduit-deploy.sh\n```\n\nThat's it. The interactive menu guides you through everything.\n\n## 📖 Documentation\n\n| Guide | Description |\n|-------|------------|\n| **[Getting Started](docs/getting-started.md)** | New here? Start with this |\n| **[Domain Setup](docs/domain-setup.md)** | How to set up your domain (explained simply) |\n| **[Installation](docs/installation.md)** | Step-by-step installation walkthrough |\n| **[After Install](docs/after-install.md)** | Set up your phone, invite people, secure things |\n| **[Admin Room](docs/admin-room.md)** | Manage users and server settings from your Matrix client |\n| **[FAQ](docs/faq.md)** | Common questions answered |\n| **[Troubleshooting](docs/troubleshooting.md)** | Something not working? Check here |\n| **[Roadmap](TODO.md)** | Future improvements and ideas |\n\n### Advanced\n\n| Guide | Description |\n|-------|------------|\n| [Federation](docs/advanced/federation.md) | How server-to-server communication works |\n| [Voice \u0026 Video](docs/advanced/turn-calls.md) | TURN/STUN configuration details |\n| [Security](docs/advanced/security.md) | What's secured and how |\n\n## 🌐 Domain Modes\n\nChoose how your usernames look:\n\n| Mode | Username | Setup |\n|------|----------|-------|\n| **Clean** (delegation) | `@user:example.com` | Server at a subdomain you choose (e.g. `matrix`, `chat`) + .well-known (auto) |\n| **Simple** (subdomain) | `@user:chat.example.com` | 1 DNS record, done |\n\n\u003e ⚠️ Your server name is **permanent** — choose carefully!\n\nSee [Domain Setup](docs/domain-setup.md) for full details.\n\n## 🏗️ Architecture\n\n```\nInternet → Caddy (:80/:443/:8448) → Conduit (:6167, internal only)\n           Coturn (:3478/:5349, host network)\n\n🔒 Firewall  🛡️ Fail2ban  📜 OS Security Patches  🔄 Cert auto-renewal\n```\n\nConduit has **no port mapping** — only accessible through Caddy's Docker network.\n\n## 📱 Compatible Apps\n\n| App | Platform |\n|-----|----------|\n| [Element](https://element.io/) | iOS / Android / Web / Desktop |\n| [SchildiChat](https://schildi.chat/) | iOS / Android / Desktop |\n| [FluffyChat](https://fluffychat.im/) | iOS / Android |\n\n## 📋 Requirements\n\n- **Server:** Debian 13 — tested on 1 GB RAM, 1 CPU, 25 GB SSD (DigitalOcean $6/mo). Not tested on other OS or specs.\n- **Domain:** Any provider\n- **Access:** Root or sudo\n- **Time:** ~5 minutes (plus DNS propagation)\n\n## 📦 What Gets Installed\n\nThe script automatically installs missing dependencies. Here's exactly what it adds:\n\n| Package | Purpose |\n|---------|---------|\n| **Docker** | Container runtime for Conduit, Caddy, Coturn |\n| **firewalld** | Firewall with masquerade (opens only ports 80, 443, 8448, 3478, 5349) |\n| **Fail2ban** | Blocks brute-force login attempts |\n| **unattended-upgrades** | Automatic OS security patches |\n| curl, openssl, dnsutils, iproute2, tar, procps, gawk | System utilities for checks, backups, and config |\n\n\u003e Most utilities are already on a fresh Debian install. The script checks each one and only installs what's missing.\n\n## 💾 Backup \u0026 Restore\n\nThe script creates **complete backups** including Docker volume data (database, media, TLS certificates):\n\n| What's Saved | Details |\n|---|---|\n| **Database** | All rooms, messages, accounts, encryption keys (from Docker volume) |\n| **Media** | User uploads, images, videos, documents (optional — you can exclude to save space) |\n| **Configuration** | `.env`, `docker-compose.yml`, `conduit.toml`, `Caddyfile`, `turnserver.conf` |\n| **TLS Certificates** | Let's Encrypt certs and Caddy data (from Docker volume) |\n| **Secrets** | Registration token, TURN secret |\n| **Pinned Image Versions** | SHA256 digests of the exact Docker images running at backup time |\n\n### Media: Include or Exclude\n\nThe backup will show you the size of your media files and ask whether to include them:\n\n- **With media**: Full backup — everything restored exactly as it was\n- **Without media**: Much smaller backup — accounts, messages, and config are saved, but uploaded files (images, videos, documents) are excluded. File names `-no-media` suffix.\n\n### Why Pinned Image Versions?\n\nWhen you restore, the script pulls the **exact same Docker images** (by SHA256 digest) that were running when the backup was taken:\n\n- ✅ No surprise breaking changes from a newer version\n- ✅ Database format matches the software version\n- ✅ You can update later on your own terms\n\n\u003e **After restoring**, your server isn't locked to the old versions. Run **Services → Update containers** anytime to pull the latest. The pinning only applies during the restore itself — to give you a known-good starting point.\n\n### Backup \u0026 Restore from the menu:\n\n```\nServices → Backup (with version pinning)    # Menu → 4 → 3\nServices → Restore from backup              # Menu → 4 → 4\n```\n\nBackups are stored separately at `/opt/conduit-backups/` — they survive uninstall and are never mixed with your live installation.\n\n### What Restore Does\n\nRestore is a **complete recovery** — it handles everything, even after a full uninstall:\n\n- ✅ Extracts config files and imports database + certificates into Docker volumes\n- ✅ Pulls pinned Docker images (exact versions from backup time)\n- ✅ Re-creates firewall rules (firewalld: HTTP, HTTPS, Federation, TURN, UDP forward-port)\n- ✅ Re-creates TLS cert auto-sync (systemd watcher)\n\n\u003e 📖 Full walkthrough with screenshots: [Backup \u0026 Restore Guide](https://balnaimi.github.io/conduit-deploy/walkthrough.html#backup)\n\n## 🖥️ Tested Environment\n\nThis project was built and tested on a specific setup. It hasn't been tested on other operating systems or VPS providers:\n\n| Component | Details |\n|---|---|\n| **VPS Provider** | [DigitalOcean](https://www.digitalocean.com/) (Droplet) |\n| **Droplet Type** | Shared CPU — Basic |\n| **CPU/Disk** | Regular SSD |\n| **Plan** | $6/mo — 1 GB RAM, 1 CPU, 25 GB Disk, 1000 GB transfer |\n| **OS** | Debian 13 (Trixie) 64-bit |\n\n\u003e **Note:** I have no affiliation with DigitalOcean — I've just been using their service for a long time and it works well for me.\n\n\u003e **Not tested on:** Other Linux distributions, other VPS providers, ARM architectures, or different hardware specs. The script may work on similar Debian-based systems, but your mileage may vary.\n\n## ⚠️ Disclaimer\n\nThis is a **personal project** built for my own use and for friends. It's also a learning project — I built it to understand how Matrix servers, Docker, TLS, and server administration work together.\n\n- ✅ It covers the scenarios **I** needed\n- ✅ You're free to use, fork, and modify it (MIT license)\n- ⚠️ It may not cover every edge case or environment\n- ⚠️ No warranty — use at your own risk\n- 🤝 Pull requests and suggestions are welcome\n\n## License\n\nMIT — Use it, share it, modify it.\n\n## Credits\n\nBuilt with ❤️ using [Conduit](https://conduit.rs/), [Caddy](https://caddyserver.com/), and [Coturn](https://github.com/coturn/coturn).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbalnaimi%2Fconduit-deploy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbalnaimi%2Fconduit-deploy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbalnaimi%2Fconduit-deploy/lists"}