Meshly Meshly
Verification

Checklist for a Meshly-ready Matrix node.

Run through these checks before you hand the node to real users. They focus on what Meshly currently needs most: a reachable client API, a matching Matrix domain, and a working login flow.

DNS and firewall

  • The homeserver host resolves to the VPS from outside your network.
  • Ports 80, 443, and 8448 are open on the VPS firewall.
  • The Matrix host is DNS-only in Cloudflare if federation matters.
  • If the host already had services bound to 127.0.0.1:8008 or 127.0.0.1:8081, confirm the installer selected alternate local ports and that your active proxy snippet matches them.

Client API checks

curl https://your-homeserver.example/_matrix/client/versions
curl https://your-homeserver.example/_matrix/client/v3/login \
  -H 'Content-Type: application/json' \
  -d '{"type":"m.login.password","identifier":{"type":"m.id.user","user":"your-user"},"password":"your-password"}'

If login succeeds, keep the access_token and use it to test whoami. 

curl https://your-homeserver.example/_matrix/client/v3/account/whoami \
  -H "Authorization: Bearer <access-token>"

If you are still using the transitional matrix-only admin flow, also confirm that your active HTTPS vhost forwards /_synapse/admin and that this check returns JSON rather than a reverse-proxy 404. 

curl https://your-homeserver.example/_synapse/admin/v1/server_version \
  -H "Authorization: Bearer <access-token>"

Meshly backend checks

For meshly-full deployments, confirm that the business API is reachable and that the app can discover capabilities without exposing the raw Synapse Admin API. 

curl https://your-homeserver.example/_meshly/client/v1/health
curl https://your-homeserver.example/_meshly/client/v1/capabilities \
  -H "Authorization: Bearer <meshly-or-matrix-token>"

Before relying on Meshly for attendance records, also open the generated INSTALLATION_SUMMARY.txt and confirm that it explicitly reports time-tracking persistence as verified on a persistent Docker volume mounted at /data.

Meshly app checks

  • Connect with homeserver URL plus username and password.
  • Create or join a room.
  • Restart the app and verify the session restores cleanly.
  • Send a message and confirm sync still works after relaunch.

Safe defaults to keep

  • Use PostgreSQL, not SQLite, for any serious deployment.
  • For meshly-full, keep /_synapse/admin off the public internet and expose only /_meshly/client.
  • For meshly-full, keep the time-tracking ledger on a persistent Docker volume and treat a missing /data mount as a deployment blocker, not a minor warning.
  • If you stay on matrix-only, only expose /_synapse/admin if you accept the security trade-off for the transitional in-app admin view.
  • Only leave open registration enabled if you are ready to moderate abuse.
  • Back up the Synapse data directory and database together.