Skip to content

Matrix

Getting Clever with Caddy and Conduwuit / Matrix

A deep dive into We2.ee's Caddy configuration, handling Matrix federation, offering profile and room redirection shortlinks, and combining multiple services on a single domain.

My post earlier this evening discussed generally how Caddy has made self-hosting multiple web services a breeze. Here I want to build on that and look specifically at the Caddy configuration I use for We2.ee, the public Matrix homeserver I run and have posted about already.

The complete Caddyfile entry is available here. Let's look closer at a few key sections. First, you'll see a series of redirection handlers like this: 

    handle /about {
        redir https://sij.law/we2ee/ permanent
    }

This one simply redirects we2.ee/about to sij.law/we2ee . This allows me to create authoritative "About" URL on the we2.ee domain but host the actual page here on my blog – saving me having to host a whole separate CMS just for We2.ee, and potentially lending credibility to We2.ee through my professional online presence here.

Next, you'll see some more redirection handlers that rely on regular expressions ("regex"):

    # Handle Matrix-style room redirects
    @matrix_local_room {
        path_regexp ^/@@([^:]+)$
    }
    redir @matrix_local_room https://matrix.to/#/%23{re.1}:we2.ee permanent

    # Handle Matrix-style room redirects with custom domains
    @matrix_remote_room {
        path_regexp ^/@@([^:]+):([^/]+)$
    }
    redir @matrix_remote_room https://matrix.to/#/%23{re.1}:{re.2} permanent

    # Handle Matrix-style user redirects
    @matrix_local_user {
        path_regexp ^/@([^:]+)$
    }
    redir @matrix_local_user https://matrix.to/#/@{re.1}:we2.ee permanent

    # Handle Matrix-style user redirects with custom domains
    @matrix_remote_user {
        path_regexp ^/@([^:]+):([^/]+)$
    }
    redir @matrix_remote_user https://matrix.to/#/@{re.1}:{re.2} permanent

These are particularly efficient—they allow for much shorter links for Matrix rooms and user profiles that redirect to the Matrix.to service. For example:

Next you'll see the handlers for the actual underlying services, Conduwuit and Element:

    # Handle Conduwuit homeserver
    handle /_matrix/* {
        reverse_proxy localhost:8448
    }

    # Handle federation
    handle /.well-known/matrix/server {
        header Access-Control-Allow-Origin "*"
        header Content-Type "application/json"
        respond `{"m.server": "we2.ee"}`
    }

    # Handle client discovery
    handle /.well-known/matrix/client {
        header Access-Control-Allow-Origin "*"
        header Content-Type "application/json"
        respond `{
            "m.homeserver": {"base_url": "https://we2.ee"},
            "org.matrix.msc3575.proxy": {"url": "https://we2.ee"}
        }`
    }

    # Handle MSC1929 Admin Contact Information
    handle /.well-known/matrix/support {
        header Access-Control-Allow-Origin "*"
        header Content-Type "application/json"
        respond `{
            "contacts": [
                {
                    "matrix_id": "@sij:we2.ee",
                    "email_address": "[email protected]",
                    "role": "m.role.admin"
                }
            ],
            "support_page": "https://we2.ee/about"
        }`
    }

    # Handle Element webUI
    handle {
        reverse_proxy localhost:8637
    }

This part of the Caddy configuration block:

  • serves up the actual Matrix homeserver (powered by conduwuit) at We2.ee
  • provides the necessary endpoints for federation
  • provides the MSC1929 endpoint for handling abuse reports, etc.
  • serves up an Element web interface for accessing the Matrix homeserver directly at We2.ee

I hope some of this is useful for folks running their own Matrix homeservers or anyone interested in seeing how Caddy configurations can be structured for more complex setups.

 &  Sangye Ince-Johannsen
conduwuit, Matrix, Caddy, Self-Hosting, Web server

we2.ee improvements

GDPR-compliant privacy policy, new logo, profile shortlinks, sliding sync, Element Web, Privatebin

I've been working today on some improvements to we2.ee, the end-to-end-encrypted messaging platform for the people.

Privacy Policy, GDPR, and Terms.

Privacy is really important to me, and I think it shows in our new GDPR-compliant privacy policy. Basically, we collect the minimum needed to run things, encrypt what we can, and try to be totally clear about how data is handled.

I've also added terms because, well, we need some ground rules. While I'm 100% committed to privacy and security, I won't let we2.ee become a place for harm. It's built to protect legitimate privacy interests - not enable abuse or harassment.

The original logo wasn't great. This one is much better:

Here's something neat —we now have shorter profile links. If you use Matrix's matrix.to service, you'll know those URLs can get pretty long. Now you can just use:

  • we2.ee/@user (for we2.ee accounts)
  • we2.ee/@user:homeserver.net (for other Matrix accounts)

Either way, you'll get redirected to matrix.to/#/@user:homeserver.net. This saves 12 characters for we2.ee accounts compared to using matrix.to directly (or 16 characters compared to matrix.org!), and 5 characters for everyone else.

Pretty handy for fitting Matrix profiles into social media bios — especially on the fantastic X-destroying Bluesky (I'm @sij.law over there).

Matrix 2.0 and Sliding Sync.

Really excited about this one — we2.ee now supports sliding sync. It's a key feature of Matrix 2.0 that changes how clients fetch data. Instead of downloading everything at once, clients can just load what they need for what you're actually looking at. Makes everything snappier - login, launch, sync, you name it. Doesn't matter how many rooms you're in either.

This puts us firmly on the Matrix 2.0 roadmap alongside other major improvements like native OIDC authentication and group VoIP. If you're using modern clients like Element X, you'll notice everything feels much more responsive while keeping all the privacy benefits of decentralized, encrypted chat.

Element Web Right There.

we2.ee points to our Element Web instance, which I keep updated with the latest stable release. Element Web is the most full-featured Matrix client out there for browsers, and is a credible alternative to running a dedicated Matrix client. Having this, plus the Matrix homeserver, plus those profile links all on one super short domain is pretty great, if you ask me.

Say Hello to txt.we2.ee!

One last thing — I've set up txt.we2.ee for secure text sharing. It's powered by PrivateBin and works a lot like Pastebin, but with proper end-to-end encryption. Great for sharing code snippets or logs that you want to disappear after being read.

Upcoming we2.ee Roadmap:

  1. Coturn server for more reliable VoIP
  2. Jitsi Meet for videoconferencing
  3. Public Vaultwarden instance
  4. LDAP
  5. SIP gateway for telecom interoperability

That’s all for now—public lands legal work calls.

Cheers,

 &  Sangye Ince-Johannsen
we2ee, E2EE, InfoSec, Matrix, Self-Hosting, Services, Privacy, Messaging, Social Media

we2.ee

encrypted chat for the people

Friends, I'm excited to announce the launch of we2.ee: a free, decentralized, end-to-end encrypted messaging platform that puts privacy first. we2.ee is built as a free-standing platform for everyone. Yes, everyone. End-to-end encrypted communications for all!

For the tech-savvy: we2.ee is a Matrix homeserver powered by Conduwuit and Element web.

For everyone else, you've got three easy ways to get started:

  • Use your existing Matrix account via we2.ee
  • Create a new we2.ee account (like @yourname:we2.ee) and use it with any Matrix app (Element, Cinny, FluffyChat, etc.)
  • Do both - sign up, log in, and start sending encrypted messages to anyone on the Matrix network

If you're new to Matrix, it's an open protocol that's been battle-tested and security-audited, trusted by EU-member governments, sensitive NGOs, and privacy advocates alike. Think of it as a more secure and independent alternative to WhatsApp or Telegram, but one where you control your data.

we2.ee runs on dedicated servers in Tallinn, Estonia and Helsinki, Finland - both chosen for their vaunted privacy laws and green energy grid. Every message is end-to-end encrypted (that's the 'e2ee' in we2.ee), ensuring your conversations stay private.

Give it a try at we2.ee, even if some of this sounds like technical mumbo-jumbo. And feel free to tell me how you're using it—or don't, because that's kind of the whole point.

Cheers,

 &  Sangye Ince-Johannsen
E2EE, InfoSec, Self-Hosting, Encryption, Messaging, Social Media, Matrix, launch