Performances improvements

conf/homeserver.yaml

@@ -97,7 +97,7 @@ presence:
   # Uncomment to disable presence tracking on this homeserver. This option
   # replaces the previous top-level 'use_presence' option.
   #
-  #enabled: false
+  enabled: __PRESENCE__
 
 # Whether to require authentication to retrieve profile data (avatars,
 # display names) of other users through the client API. Defaults to

config_panel.toml

@@ -110,6 +110,13 @@ services = ["__APP__"]
     [main.experience]
     name = "User Experience"
 
+        [main.experience.presence_tracking]
+        ask = "Enable Presence tracking feature"
+        type = "boolean"
+        yes = "true"
+        no = "false"
+        help = "Presence tracking allows users to see the state (e.g online/offline) of other local and remote users. Defaults to 'true'."
+
         [main.experience.web_client_location]
         ask = "Element instance your HomeServer should redirect to"
         type = "url"

doc/ADMIN.md

@@ -6,43 +6,48 @@ For all slow or arm architecture it's recommended to build the dh file before th
 You could build it by this cmd : `openssl dhparam -out /etc/ssl/private/dh2048.pem 2048 > /dev/null`
 After that you can install it without problem.
 
-The package uses a prebuilt python virtual environnement. The binary are taken from this repository: https://github.com/YunoHost-Apps/synapse_python_build
+The package uses a prebuilt python virtual environnement. The binary are taken from this repository: <https://github.com/YunoHost-Apps/synapse_python_build>
 The script to build the binary is also available.
 
 ## Web client
 
-If you want a web client you can also install Element with this package: https://github.com/YunoHost-Apps/element_ynh .
+If you want a web client you can also install Element with this package: <https://github.com/YunoHost-Apps/element_ynh> .
 
 ## Access by federation
 
 If your server name is identical to the domain on which synapse is installed, and the default port 8448 is used, your server is normally already accessible by the federation.
 
 If not, you can add the following line in the dns configuration but you normally don't need it as a `.well-known` file is edited during the install to declare your server name and port to the federation.
 
-```
+```text
 _matrix._tcp.<server_name.tld> <ttl> IN SRV 10 0 <port> <domain-or-subdomain-of-synapse.tld>
 ```
+
 for example
-```
+
+```text
 _matrix._tcp.example.com. 3600    IN      SRV     10 0 <synapse_port> synapse.example.com.
 ```
+
 You need to replace `<synapse_port>` by the real port. This port can be obtained by the command: `yunohost app setting <synapse_instance_name> port_synapse_tls`
 
-For more details, see : https://github.com/element-hq/synapse/blob/master/docs/federate.md
+For more details, see : <https://github.com/element-hq/synapse/blob/master/docs/federate.md>
 
 If it is not automatically done, you need to open this in your ISP box.
 
-You also need a valid TLS certificate for the domain used by synapse. To do that you can refer to the documentation here : https://yunohost.org/#/certificate_en
+You also need a valid TLS certificate for the domain used by synapse. To do that you can refer to the documentation here : <https://yunohost.org/#/certificate_en>
 
-https://federationtester.matrix.org/ can be used to easily debug federation issues
+<https://federationtester.matrix.org/> can be used to easily debug federation issues
 
 ## Turnserver
 
 For Voip and video conferencing a turnserver is also installed (and configured). The turnserver listens on two UDP and TCP ports. You can get them with these commands:
+
 ```bash
 yunohost app setting synapse port_turnserver_tls
 yunohost app setting synapse port_turnserver_alt_tls
 ```
+
 The turnserver will also choose a port dynamically when a new call starts. The range is between 49153 - 49193.
 
 For some security reason the ports range (49153 - 49193) isn't automatically open by default. If you want to use the synapse server for voip or conferencing you will need to open this port range manually. To do this just run this command:
@@ -57,13 +62,14 @@ To prevent the situation when the server is behind a NAT, the public IP is writt
 
 If you have a dynamic IP address, you also might need to update this config automatically. To do that just edit a file named `/etc/cron.d/coturn_config_rotate` and add the following content (just adapt the `<synapse_instance_name>` which could be `synapse` or maybe `synapse__2`).
 
-```
+```text
 */15 * * * * root bash /opt/yunohost/matrix-<synapse_instance_name>/Coturn_config_rotate.sh;
 ```
 
 ## OpenVPN
 
 In case of you have an OpenVPN server you might want than `synapse-coturn` restart when the VPN restart. To do this create a file named `/usr/local/bin/openvpn_up_script.sh` with this content:
+
 ```bash
 #!/bin/bash
 
@@ -75,12 +81,14 @@ exit 0
 ```
 
 Add this line in you sudo config file `/etc/sudoers`
-```
+
+```text
 openvpn    ALL=(ALL) NOPASSWD: /bin/systemctl restart synapse-coturn.service
 ```
 
 And add this line in your OpenVPN config file
-```
+
+```text
 ipchange /usr/local/bin/openvpn_up_script.sh
 ```
 
@@ -94,7 +102,7 @@ access to Element (or other apps) due to sharing the same domain.
 
 We have put some coarse mitigations into place to try to protect against this
 situation, but it's still not a good practice to do it in the first place. See
-https://github.com/vector-im/element-web/issues/1977 for more details.
+<https://github.com/vector-im/element-web/issues/1977> for more details.
 
 ## Limitations
 
@@ -117,6 +125,7 @@ Before any manipulation it's recommended to do a backup by this following comman
 Actually there are no functions in the client interface to set a user as admin. So it's possible to enable it manually in the database.
 
 The following command will grant admin privilege to the specified user:
+
 ```bash
 /opt/yunohost/matrix-<synapse_instance_name>/set_admin_user.sh '@user_to_be_admin:domain.tld'
 ```
@@ -134,6 +143,7 @@ Synapse give the possibility to change the domain of the instance. Note that thi
 The advantage of this is that you can put the app on a specific domain without impacting the domain name of the accounts. For instance you can have the synapse app on `matrix.yolo.net` and the user account will be something like that `@michu:yolo.net`. Note that it's the main difference between the domain of the app (which is `matrix.yolo.net`) and the "server name" which is `yolo.net`.
 
 **Note that this change will have some important implications:**
+
 - **This will break the connection from all previous connected clients. So all client connected before this change won't be able to communicate with the server until users will do a logout and login (which can also be problematic for e2e keys).** [There are a workaround which are described below](#avoid-the-need-to-reconnect-all-client-after-change-url-operation).
 - In some case the client configuration will need to be updated. By example on element we can configure a default matrix server, this settings by example will need to be updated to the new domain to work correctly.
 - In case of the "server name" domain are not on the same server than the synapse domain, you will need to update the `.well-known` or your DNS.
@@ -153,12 +163,14 @@ The idea is to setup again a minimal configuration on the previous domain so the
 ##### Nginx config
 
 Retrive the server port with this command:
+
 ```bash
 yunohost app setting synapse port_synapse
 ```
 
 Edit the file `/etc/nginx/conf.d/<previous-domain.tld>.d/synapse.conf` and add this text:
-```
+
+```text
 location /_matrix/ {
         proxy_pass http://localhost:<server_port_retrived_before>;
         proxy_set_header X-Forwarded-For $remote_addr;
@@ -170,6 +182,7 @@ location /_matrix/ {
 ```
 
 Then reload nginx config:
+
 ```bash
 systemctl reload nginx.service
 ```
@@ -186,17 +199,20 @@ Now the configured client before the change-url should work again.
 This app use now the core-only feature of the backup. To keep the integrity of the data and to have a better guarantee of the restoration is recommended to proceed like this:
 
 - Stop synapse service with theses following command:
+
 ```bash
 systemctl stop synapse.service
 ```
 
 - Launch the backup of synapse with this following command:
+
 ```bash
 yunohost backup create --app synapse
 ```
 
 - Do a backup of your data with your specific strategy (could be with rsync, borg backup or just cp). The data is generally stored in `/home/yunohost.app/synapse`.
 - Restart the synapse service with these command:
+
 ```bash
 systemctl start synapse.service
 ```
@@ -206,3 +222,12 @@ systemctl start synapse.service
 Due of the backup core only feature the data directory in `/home/yunohost.app/synapse` **is not removed**.
 
 Use the `--purge` flag with the command, or remove it manually to purge app user data.
+
+## Slow server
+
+If your server is slow, you can do the following, according to [the official doc](https://matrix-org.github.io/synapse/latest/usage/administration/admin_faq.html#help-synapse-is-slow-and-eats-all-my-ramcpu):
+
+- increase the `SYNAPSE_CACHE_FACTOR` value in your `/etc/default/matrix-__APP__`, `2` is a good value
+  - note that the counterpart is more RAM usage
+- if synapse is heavy on CPU, you can try to disable presence tracking in your config, using the config panel, under "User Experience" category
+- note: this package already implemented the `libjemalloc` part, you con't need to touch that

doc/POST_INSTALL.md

@@ -2,14 +2,16 @@ If your server name is identical to the domain on which synapse is installed, an
 
 If not, you may need to put the following line in the dns configuration:
 
+```text
 _matrix._tcp.__DOMAIN__. 3600    IN      SRV     10 0 __PORT_SYNAPSE_TLS__ __DOMAIN__.
+```
 
-For more details, see : https://github.com/element-hq/synapse#setting-up-federation
+For more details, see : <https://github.com/element-hq/synapse#setting-up-federation>
 
 You also need to open the TCP port __PORT_SYNAPSE_TLS__ on your ISP box if it's not automatically done.
 
-Your synapse server also implements a turnserver (for VoIP), to have this fully functional please read the 'Turnserver' section in the README available here: https://github.com/YunoHost-Apps/synapse_ynh .
+Your synapse server also implements a turnserver (for VoIP), to have this fully functional please read the 'Turnserver' section in the README available here: <https://github.com/YunoHost-Apps/synapse_ynh> .
 
-If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/synapse_ynh
+If you're facing an issue or want to improve this app, please open a new issue in this project: <https://github.com/YunoHost-Apps/synapse_ynh>
 
-You also need a valid TLS certificate for the domain used by synapse. To do that you can refer to the documentation here : https://yunohost.org/#/certificate_en
+You also need a valid TLS certificate for the domain used by synapse. To do that you can refer to the documentation here : <https://yunohost.org/#/certificate_en>

manifest.toml

@@ -118,7 +118,8 @@ ram.runtime = "200M"
     [resources.apt]
     packages = ["coturn", "acl", "postgresql", "php-fpm",
                 "python3-dev", "python3-venv", "python3-pip", "python3-setuptools", "python3-lxml",
-                "build-essential", "libffi-dev", "libssl-dev", "libxml2-dev", "libxslt1-dev", "zlib1g-dev", "libjpeg-dev", "libpq-dev"]
+                "build-essential", "libffi-dev", "libssl-dev", "libxml2-dev", "libxslt1-dev",
+                "zlib1g-dev", "libjpeg-dev", "libpq-dev", "libjemalloc-dev"]
 
     [resources.database]
     type = "postgresql"

scripts/install

@@ -25,6 +25,7 @@ ynh_script_progression --message="Storing installation settings..." --weight=1
 
 report_stats="false"
 e2e_enabled_by_default="off"
+presence_tracking=true
 allow_public_rooms_without_auth="false"
 allow_public_rooms_over_federation="false"
 max_upload_size="100M"
@@ -72,6 +73,7 @@ ynh_app_setting_set --app=$app --key=web_client_location --value=$web_client_loc
 ynh_app_setting_set --app=$app --key=client_base_url --value=$client_base_url
 ynh_app_setting_set --app=$app --key=invite_client_location --value=$invite_client_location
 ynh_app_setting_set --app=$app --key=allow_public_rooms_without_auth --value=$allow_public_rooms_without_auth
+ynh_app_setting_set --app=$app --key=presence_tracking --value=$presence_tracking
 ynh_app_setting_set --app=$app --key=allow_public_rooms_over_federation --value=$allow_public_rooms_over_federation
 ynh_app_setting_set --app=$app --key=max_upload_size --value=$max_upload_size
 ynh_app_setting_set --app=$app --key=disable_msisdn_registration --value=$disable_msisdn_registration
@@ -196,6 +198,10 @@ ynh_add_systemd_config --service=$app --template=synapse.service
 cp ../conf/default_coturn /etc/default/coturn-$app
 ynh_add_systemd_config --service=$app-coturn --template=synapse-coturn.service
 
+# add libjemalloc.so to the matrix-synapse env file
+libjemalloc_path=$(whereis libjemalloc | cut -d ' ' -f 3)
+echo "LD_PRELOAD=$libjemalloc_path" >> "/etc/default/matrix-$app"
+
 #=================================================
 # NGINX CONFIGURATION
 #=================================================

scripts/upgrade

@@ -205,6 +205,12 @@ then
     ynh_app_setting_set --app=$app --key=enable_dtls_for_audio_video_turn_call --value=$enable_dtls_for_audio_video_turn_call
 fi
 
+if [ -z "${presence_tracking:-}" ]
+then
+    presence_tracking=true
+    ynh_app_setting_set --app=$app --key=presence_tracking --value=$presence_tracking
+fi
+
 #=================================================
 # MIGRATION 7 : STANDARDIZE SYSTEMD UNIT
 #=================================================
@@ -466,6 +472,12 @@ ynh_add_systemd_config --service=$app --template=synapse.service
 cp ../conf/default_coturn /etc/default/coturn-$app
 ynh_add_systemd_config --service=$app-coturn --template=synapse-coturn.service
 
+# if necessary, add libjemalloc.so to the matrix-synapse env file
+if ! grep -q "libjemalloc" "/etc/default/matrix-$app"; then
+    libjemalloc_path=$(whereis libjemalloc | cut -d ' ' -f 3)
+    echo "LD_PRELOAD=$libjemalloc_path" >> "/etc/default/matrix-$app"
+fi
+
 #=================================================
 # UPGRADE FAIL2BAN
 #=================================================