Page MenuHomePhabricator

Set up homeserver on the Wikimedia Cloud VPS
Open, Stalled, MediumPublic


The MediaWiki-Stakeholders-Group has been trialling Matrix for a while (see T186061), and it generally works pretty well, except it is very slow, which is not only annoying but causes errors in some cases (especially with the IRC bridge, where user joins are not synced in time so some messages are not displayed - a problem for T187634). The "default" network has undergone rapid growth and hardware did not keep up with it, so probably improving the speed is just a matter of not using the overloaded/under-resourced default server, and setting up our own homeserver (and IRC bridge) instead. This would also allow us to use Wikimedia identities instead of requiring yet another password.

Software to install:

Other requirements:

  • a domain name (would be nice to use from start, probably not safe though)
  • public IP?

Other software (nice to have):

Event Timeline

Tgr created this task.May 6 2018, 6:27 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 6 2018, 6:27 AM
Tgr updated the task description. (Show Details)
Tgr updated the task description. (Show Details)May 6 2018, 8:15 AM
Tgr renamed this task from Set up homeserver on the Wikimedia Cloud to Set up homeserver on the Wikimedia Cloud VPS.May 7 2018, 9:44 AM
Tgr updated the task description. (Show Details)
Tgr added a subscriber: bd808.Jun 2 2018, 2:51 PM

The cloud-services-team and I want to be on record here that this project is for testing matrix, and should not be used to create a general purpose production instance. It would be nice to see documented acceptance criteria for your trial somewhere so that it will be easier to decide when things have advanced to a point where discussions with the SRE team about production hosting options are warranted.

Here is an attempt (numbers are somewhat random / made up, feedback welcome):

Matrix is a federated network so for most purposes it makes no difference whether we use the homeserver or one hosted in WM Cloud. There are two exceptions, testing which is the goal of this project:

  • speed
  • single sign-on

So those are the technical success criteria: working single sign-on (or agreement that it cannot be done with reasonable effort and it's OK to go without it) and decent speed (less than 1s completion time for most operations in most cases).
The social success criteria is 20% of IRCCloud / Slack users saying they see it as a viable alternative that's more in line with our values.

Vvjjkkii renamed this task from Set up homeserver on the Wikimedia Cloud VPS to ijdaaaaaaa.Jul 1 2018, 1:11 AM
Vvjjkkii triaged this task as High priority.
Vvjjkkii updated the task description. (Show Details)
Vvjjkkii removed a subscriber: Aklapper.
CommunityTechBot renamed this task from ijdaaaaaaa to Set up homeserver on the Wikimedia Cloud VPS.Jul 2 2018, 4:25 PM
CommunityTechBot raised the priority of this task from High to Needs Triage.
CommunityTechBot updated the task description. (Show Details)
CommunityTechBot added a subscriber: Aklapper.

We now have a working, non-federated, still insecure Synapse instance at

New users have to be registred server side at matrix-synapse-01 with ~$ register_new_matrix_user -c /etc/matrix-synapse/homeserver.yaml https://localhost:8448

Then, any client can be used to connect to it. At that means using the custom server option with , (and manually going to and accepting the self-signed certificate for the time being).

This will not be the final instance setup, and I don't think it is wise to open it to public consumption yet. But I set it up to play with single sign-on and anyone who wants to test the speed difference is welcome to join.

I got a working OAuth_v1 password provider for mediawiki code at

My idea here is to only handle the last step in the OAuth dance on the password provider, it gets the request token and the oauth token and request an access token. Does that seem flawed to anyone?

Matrix has OAuth v2 on the spec, but it seems like a lot more upstream work to make compatible with OAuth v1, so using a password provider seems like a good way out until T125337. That does mean we can't make the full flow in the server, so my idea was to break the flow for the first steps in the client and then pass the request token to the synapse server.

Basic PoC is working for the server-side part.

Is the server communicating with others yet? If I use it will I only be connected with people on this server?

Is the server communicating with others yet? If I use it will I only be connected with people on this server?

Yes, only with people on this server, it is not federated or bridged at all at this point.

Tgr added a comment.Jan 31 2019, 10:20 PM

In the short term, we are going for a (temporary) hosted instance instead. Less effort to set up, trivial amounts of money and makes it possible to gauge organizational interest without expending too much effort first. See T215042: Set up a hosted / Riot instance on

Arkanosis added a subscriber: Arkanosis.
cicalese assigned this task to Tgr.Jul 30 2019, 11:36 PM
cicalese triaged this task as Medium priority.
cicalese moved this task from Inbox to Doing on the MediaWiki-Stakeholders-Group board.
cicalese added a subscriber: cicalese.

@Tgr we're updating the status of the MediaWiki-Stakeholders-Group tasks. If this is not accurate, please feel free to change it.

CCicalese_WMF changed the task status from Open to Stalled.Aug 2 2019, 4:06 PM
CCicalese_WMF moved this task from Doing to Stalled on the MediaWiki-Stakeholders-Group board.
Tgr removed Tgr as the assignee of this task.Aug 2 2019, 4:13 PM

This is not being actively worked on; we decided to go with T215042: Set up a hosted / Riot instance on instead. That has mostly happened (the server is up), although the last few steps have stalled out due to me being otherwise occupied. Hopefully I can wrap it up after Wikimania.