Matrix Conduit Server — Self-Hosted Secure Chat

Features

Why Matrix Conduit?

A lightweight, secure, and federated messaging server you can deploy on a small VPS in minutes.

🔒

End-to-End Encryption

All messages encrypted by default using Olm/Megolm. Not even the server can read your conversations.

📞

Voice & Video Calls

Built-in TURN/STUN server for encrypted voice and video calls with any Matrix client.

🌐

Federation

Talk to users on other Matrix servers. Your server, their server — one open network.

🛡️

Auto TLS & Security

Automatic HTTPS with Caddy. Conduit runs isolated — no port exposure. Zero maintenance certificates.

⚡

Lightweight

Uses ~50MB RAM. Written in Rust with embedded database. Perfect for minimal hardware.

🔧

One-Script Deploy

Interactive installer handles Docker, TLS, firewall, and configuration. Up and running in minutes.

Under the Hood

What's Inside

No black boxes. Here's exactly what runs on your server and why each piece was chosen.

💬

Conduit

The Matrix homeserver. Written in Rust, single binary, ~50MB RAM. Uses RocksDB as its embedded database — no external database needed. Implements the Matrix protocol for messaging, encryption, and federation.

Language: Rust · DB: RocksDB (embedded) · License: Apache-2.0

conduit.rs →

🔐

Caddy

Reverse proxy & TLS. Handles all incoming traffic and terminates HTTPS. Automatically obtains and renews Let's Encrypt certificates — zero manual certificate management. Conduit never touches the internet directly.

Certificates: Let's Encrypt (auto-renewed) · Ports: 80, 443, 8448

caddyserver.com →

📞

Coturn

TURN/STUN server for calls. Enables voice and video calls by relaying media traffic through NAT. Without it, calls between users on different networks would fail. Runs alongside Conduit automatically.

Protocols: STUN + TURN · Ports: 3478 (UDP), 5349 (TCP/TLS)

github.com/coturn →

🐳

Docker & Compose

Container runtime. All three services (Conduit, Caddy, Coturn) run as isolated Docker containers on a shared internal network. No service exposes ports directly — everything goes through Caddy.

Containers: 3 · Network: Internal bridge (isolated)

docs.docker.com →

🔒

Olm / Megolm

End-to-end encryption. The same cryptographic protocol family used by Signal. Messages are encrypted on the sender's device and decrypted only on the recipient's — the server never sees plaintext.

Type: Double Ratchet (per-session) · Groups: Megolm (efficient group keys)

matrix.org/encryption →

🌐

Matrix Federation

Server-to-server protocol. Your users can message anyone on any other Matrix server (matrix.org, etc.). Federation uses port 8448 with TLS verification between servers. Fully optional — you can disable it.

Port: 8448 · Auth: Server key signatures · Optional: Yes

matrix.org/federation →

Installation

Quick Start

Download, run, answer a few questions — your Matrix server is live.

Interactive Setup

Download the installer and run it. A friendly menu guides you through everything.

curl -o conduit-deploy.sh https://raw.githubusercontent.com/balnaimi/conduit-deploy/main/conduit-deploy.sh
chmod +x conduit-deploy.sh
sudo ./conduit-deploy.sh

💡

The script asks your domain, email, and preferred setup mode — then does everything automatically.

📖 See the full step-by-step walkthrough →

conduit-deploy.sh — bash

██████╗ ██████╗ ███╗ ██╗██████╗ ██╗ ██╗██╗████████╗ ██╔════╝██╔═══██╗████╗ ██║██╔══██╗██║ ██║██║╚══██╔══╝ ██║ ██║ ██║██╔██╗ ██║██║ ██║██║ ██║██║ ██║ ██║ ██║ ██║██║╚██╗██║██║ ██║██║ ██║██║ ██║ ╚██████╗╚██████╔╝██║ ╚████║██████╔╝╚██████╔╝██║ ██║ ╚═════╝ ╚═════╝ ╚═╝ ╚═══╝╚═════╝ ╚═════╝ ╚═╝ ╚═╝ Matrix Homeserver Deploy Tool 1) Prepare — What you need before installing 2) Install — Deploy Matrix server 3) Health Check — Verify services & security 4) Services — Start/stop/restart/update/logs 5) Uninstall — Remove everything 0) Exit Choose [0-5]: _

What happens on first install?

Checks system requirements (Docker, ports, DNS)
Asks for your domain name and admin email
Lets you choose delegation mode (clean usernames or subdomain)
Downloads and configures Conduit + Caddy + Coturn
Generates your first admin account
Sets up automatic TLS certificates (HTTPS)
Configures firewall rules (if firewalld is present)
Starts everything and shows you next steps

🗺️ Roadmap

Ideas for future improvements. No specific order — contributions welcome!

🔥 High Impact

☐ Automatic scheduled backups
☐ Script self-update from GitHub
☐ Status dashboard (RAM, disk, users)

💡 Nice to Have

☐ Admin account privileges
☐ Notifications (email/webhook/ntfy)
☐ Custom TURN domain
☐ User list & export

🎨 Quality of Life

☐ Interactive config editor
☐ Log viewer with filtering
☐ Disk space alerts (80%+)

🔮 Future Ideas

☐ Federation testing tool
☐ Web admin panel
☐ Remote backup (S3/Backblaze)

Full list: TODO.md on GitHub

🖥️ Tested Environment

Built and tested on a specific setup. Not tested on other OS or providers.

🌊

DigitalOcean

$6/mo Droplet

💻

1 CPU / 1 GB RAM

25 GB SSD

🐧

Debian 13

Trixie, 64-bit

Not affiliated with DigitalOcean — just a long-time user who likes their service. The script may work on similar Debian-based systems, but has not been tested elsewhere.

⚠️ Disclaimer

This is a personal project built for my own use and for friends. It's also a learning project. It covers the scenarios I needed — it may not cover every edge case or environment. No warranty — use at your own risk. You're free to fork, modify, and adapt it to your needs. Pull requests and suggestions are welcome!

Your Own Matrix Chat Server

Why Matrix Conduit?

End-to-End Encryption

Voice & Video Calls

Federation

Auto TLS & Security

Lightweight

One-Script Deploy

What's Inside

Conduit

Caddy

Coturn

Docker & Compose

Olm / Megolm

Matrix Federation

Quick Start

Interactive Setup

What happens on first install?

🗺️ Roadmap

🔥 High Impact

💡 Nice to Have

🎨 Quality of Life

🔮 Future Ideas

🖥️ Tested Environment

⚠️ Disclaimer