Conduwuit

Sections added on deploying Conduwuit using Docker with either Caddy or Nginx, mainly covering the common Docker options and linking back to the official docs.

src/SUMMARY.md

@@ -1,6 +1,13 @@
 # Table of Contents
 
 - [Welcome](welcome.md)
+- [Matrix Conduwuit](conduwuit/README.md)
+  - [Docker Deployment](conduwuit/docker.md)
+  - [Configuration](conduwuit/config.md)
+  - [Reverse Proxies](conduwuit/reverse-proxies/README.md)
+    - [SSL Certificates](conduwuit/reverse-proxies/ssl.md)
+    - [Caddy Configuration](conduwuit/reverse-proxies/caddy.md)
+    - [Nginx Configuration](conduwuit/reverse-proxies/nginx.md)
 - [Matrix Synapse](synapse/README.md)
   - [Deployment](synapse/deployment/README.md)
     - [Docker Compose with Templates](synapse/deployment/docker.md)

src/conduwuit/README.md

@@ -0,0 +1,65 @@
+# Matrix Conduwuit Homeserver Guides
+
+This section provides comprehensive guides for deploying Conduwuit, a featureful fork of the Conduit
+Matrix homeserver. Written in Rust, Conduwuit aims to be a high-performance and efficient homeserver
+that's easy to set up and "just works".
+
+## Quick Start
+
+These Docker guides will walk you through:
+
+1. [Docker Deployment](docker.md) - Set up the Conduwuit container
+2. [Server Configuration](config.md) - Configure your homeserver
+3. [Reverse Proxies](reverse-proxies/README.md) - Set up external access
+   - [SSL Certificates](reverse-proxies/ssl.md) - Secure your server
+   - Choose your proxy:
+     - [Caddy](reverse-proxies/caddy.md) - Simple, automatic HTTPS
+     - [Nginx](reverse-proxies/nginx.md) - Popular and flexible
+
+## Deployment Options
+
+While these guides focus on Docker deployment, Conduwuit provides several installation options:
+
+- **Docker containers** (covered in this guide)
+- **Debian packages** (.deb) for x86_64 and ARM64
+- **Static binaries** for Linux (x86_64/ARM64) and macOS (x86_64/ARM64)
+
+You can find all these options in the [official releases](https://github.com/girlbossceo/conduwuit/releases).
+For non-Docker deployments, refer to the [generic deployment guide](https://conduwuit.puppyirl.gay/deploying/generic.html)
+which covers setting up users, systemd services, and more.
+
+Conduwuit is quite stable and very usable as a daily driver for low-medium sized homeservers. While
+technically in Beta (inherited from Conduit), this status is becoming less relevant as the codebase
+significantly diverges from upstream Conduit.
+
+Key features and differences from Conduit:
+
+- Written in Rust for high performance and memory efficiency
+- Complete drop-in replacement for Conduit (when using RocksDB)
+- Single-process architecture (no worker configuration needed)
+- Actively maintained with regular updates
+- Designed for stability and real-world use
+
+## Getting Help
+
+If you need assistance, you can join these Matrix rooms:
+
+- [#conduwuit:puppygock.gay](https://matrix.to/#/#conduwuit:puppygock.gay) -
+  Main support and discussion
+- [#conduwuit-offtopic:girlboss.ceo](https://matrix.to/#/#conduwuit-offtopic:girlboss.ceo) -
+  Community chat
+- [#conduwuit-dev:puppygock.gay](https://matrix.to/#/#conduwuit-dev:puppygock.gay) -
+  Development discussion
+
+Please review our [Community Code of Conduct](https://conduwuit.puppyirl.gay/conduwuit_coc.html)
+before participating in these rooms.
+
+## Try It Out
+
+You can try Conduwuit on the official instance at `transfem.dev`, which provides both
+[Element](https://element.transfem.dev) and [Cinny](https://cinny.transfem.dev) web clients.
+This is a public homeserver listed on [servers.joinmatrix.org](https://servers.joinmatrix.org),
+so please review the rules at [transfem.dev/homeserver_rules.txt](https://transfem.dev/homeserver_rules.txt)
+before registering.
+
+Let's get started with deploying your own efficient Matrix homeserver!

src/conduwuit/config.md

@@ -0,0 +1,120 @@
+# Configuring Conduwuit
+
+This guide covers the essential Conduwuit configuration options for Docker deployments. For a
+complete reference, see the [example configuration file](https://github.com/girlbossceo/conduwuit/blob/main/conduwuit-example.toml).
+
+## Example Configuration
+
+Start by downloading the example configuration file which includes comprehensive documentation for
+all available options:
+
+```bash
+curl -o data/conduwuit.toml https://raw.githubusercontent.com/girlbossceo/conduwuit/main/conduwuit-example.toml
+```
+
+## Core Settings
+
+These are the only required settings:
+
+```toml:conduwuit.toml
+[global]
+# Your server's domain name (required)
+server_name = "server.name"
+
+# Trusted servers for key verification (recommended)
+trusted_servers = ["envs.net", "beeper.com", "matrix.org"]
+```
+
+## Connection Settings
+
+Choose between TCP ports or Unix sockets:
+
+```toml:conduwuit.toml
+# TCP Configuration
+port = 6167
+address = "0.0.0.0"  # For Docker
+
+# Or Unix Socket Configuration (recommended when possible)
+unix_socket_path = "/run/conduwuit/conduwuit.sock"
+unix_socket_perms = 666
+```
+
+**Note:** If you're using Unix sockets, you'll need to ensure the `port` and `address` settings are
+commented out or you'll get an error when Conduwuit launches.
+
+## Federation and Security
+
+```toml:conduwuit.toml
+# Federation Controls
+allow_federation = true
+allow_public_room_directory_over_federation = true
+allow_profile_lookup_federation_requests = true
+
+# Registration Controls
+allow_registration = true
+registration_token = "your-secure-token-here"
+
+# Privacy Settings
+allow_device_name_federation = false
+allow_legacy_media = false  # Enable to allow older clients and servers to load media
+```
+
+You can generate a secure registration token using this command:
+
+```bash
+# Generate a 64-character random token
+openssl rand -base64 48 | tr -d '/+' | cut -c1-64
+```
+
+## Performance Tuning
+
+In practice, I've found requiring DNS over TCP is the best way to run Conduwuit, as it can easily
+DNS resolvers with UDP, and TCP offers a higher level of reliability.
+
+If you want to do this, you can set the cache high to save repeated lookups, and increase the
+timeout to allow the batched lookups over TCP to do their thing:
+
+```toml:conduwuit.toml
+# DNS Optimisation
+dns_cache_entries = 1_000_000
+dns_timeout = 60
+query_over_tcp_only = true
+```
+
+## Presence and Real-time Features
+
+Conduwuit is extremely performant over federation, so these options should perform very well, but
+you can choose whether or not you want them for performance or privacy reasons:
+
+```toml:conduwuit.toml
+# Presence Settings
+allow_local_presence = true
+allow_incoming_presence = true
+allow_outgoing_presence = true
+
+# Typing Indicators
+allow_outgoing_typing = true
+allow_incoming_typing = true
+```
+
+## URL Preview Settings
+
+URL previews are a great way to improve the user experience of your Matrix server, but they can
+also be a source of abuse, so you can choose whether you want to use them here:
+
+```toml:conduwuit.toml
+# URL Preview Controls
+url_preview_domain_contains_allowlist = ["*"]
+url_preview_domain_explicit_allowlist = ["*"]
+url_preview_url_contains_allowlist = ["*"]
+url_preview_max_spider_size = 16_777_216
+url_preview_check_root_domain = true
+```
+
+## Advanced Options
+
+There are tons of other options available, including setting TURN servers for VoIP calling.
+
+For detailed tuning of database performance, federation behaviour, or other advanced settings,
+refer to the [example configuration file](https://raw.githubusercontent.com/girlbossceo/conduwuit/main/conduwuit-example.toml)
+which includes comprehensive documentation for all available options.

src/conduwuit/docker.md

@@ -0,0 +1,100 @@
+# Deploying Conduwuit with Docker
+
+This guide covers deploying Conduwuit using Docker and Docker Compose, with several options for
+reverse proxy configurations.
+
+## Container Images
+
+Official Conduwuit images are available from GitHub's container registry:
+
+| Image                                | Notes                                          |
+|--------------------------------------|------------------------------------------------|
+| ghcr.io/girlbossceo/conduwuit:latest | Stable releases, recommended for production    |
+| ghcr.io/girlbossceo/conduwuit:main   | Latest features, suitable for personal servers |
+
+While the `:latest` tag is recommended for production use, the `:main` tag provides access to the
+latest features and fixes. The main branch undergoes significant testing before changes are merged,
+making it reliable for personal use while not necessarily "stable" for production environments.
+
+## Quick Start
+
+The simplest way to run Conduwuit is with a basic Docker command:
+
+```bash
+docker run -d -p 8448:6167 \
+    -v db:/var/lib/conduwuit/ \
+    -e CONDUWUIT_SERVER_NAME="your.server.name" \
+    -e CONDUWUIT_ALLOW_REGISTRATION=false \
+    --name conduwuit ghcr.io/girlbossceo/conduwuit:latest
+```
+
+However, for production deployments, we recommend using Docker Compose for better maintainability.
+
+## Docker Compose Deployment
+
+We provide two main deployment patterns, depending on how you want to connect to your reverse proxy:
+
+### TCP Port Configuration
+
+This configuration exposes Conduwuit on a TCP port, suitable for when your reverse proxy is on a
+different host or when using Kubernetes:
+
+```yaml:docker-compose.yml
+version: '3.8'
+
+services:
+  conduwuit:
+    cpus: 3
+    image: ghcr.io/girlbossceo/conduwuit:latest
+    environment:
+      CONDUWUIT_CONFIG: '/var/lib/conduwuit/conduwuit.toml'
+    mem_limit: 4G
+    ports:
+      - "6167:6167"
+    restart: unless-stopped
+    volumes:
+      - ./data:/var/lib/conduwuit
+```
+
+### Unix Socket Configuration
+
+This configuration uses Unix sockets for improved performance when your reverse proxy is on the same
+host:
+
+```yaml:docker-compose.yml
+version: '3.8'
+
+services:
+  conduwuit:
+    cpus: 3
+    image: ghcr.io/girlbossceo/conduwuit:latest
+    environment:
+      CONDUWUIT_CONFIG: '/var/lib/conduwuit/conduwuit.toml'
+    mem_limit: 4G
+    restart: unless-stopped
+    volumes:
+      - ./data:/var/lib/conduwuit
+      - /run/conduwuit:/run/conduwuit
+```
+
+For both configurations, create a configuration file in the `data` directory:
+
+```bash
+curl -o data/conduwuit.toml https://raw.githubusercontent.com/girlbossceo/conduwuit/main/conduwuit-example.toml
+```
+
+See the [configuration guide](config.md) for more information on configuring Conduwuit, and the
+[reverse proxy guide](reverse-proxies/README.md) for more information on how to set up a reverse
+proxy to handle inbound connections to the server.
+
+## Starting the Server
+
+Once you've chosen and configured your setup:
+
+```bash
+# Start the services
+docker compose up -d
+
+# View the logs
+docker compose logs -f
+```

src/conduwuit/reverse-proxies/README.md

@@ -0,0 +1,23 @@
+# Configuring Reverse Proxies for Conduwuit
+
+A reverse proxy is essential for running Conduwuit in production, handling TLS termination and
+providing a secure interface to the internet. This section covers configuration for three popular
+reverse proxies:
+
+Before configuring your chosen reverse proxy, you'll need to [set up SSL certificates](ssl.md)
+for your domains.
+
+1. [Caddy](caddy.md) - Known for its simplicity and automatic HTTPS
+2. [Nginx](nginx.md) - Popular for its performance and flexibility
+
+Choose the guide that matches your preferred reverse proxy. All options will provide:
+
+- TLS termination
+- HTTP/2 support
+- Proper header forwarding
+- WebSocket support for live updates
+
+If you're new to reverse proxies, Caddy might be the easier choice as it handles SSL certificates
+automatically. If you're using Docker Compose, Traefik integrates particularly well with container
+deployments. However, if you're already familiar with Nginx or need more fine-grained control,
+the Nginx configuration will serve you well.