How do I deploy MAS and Synapse on Railway?

You can deploy MAS and Synapse on Railway by clicking the "Deploy Now" button on this page. Railway will automatically set up all the necessary services and configurations for you.

What are the system requirements?

Railway handles all the infrastructure requirements. You only need a web browser to deploy and manage your application.

Is this template free to use?

Yes, this template is free to use within your existing Railway account.

Can I customize this template?

Yes, you can fully customize this template. After deployment, you will have full control of what you've deployed in your Railway project.

How do I get support for this template?

You can get support through our community forum: mas-and-synapse-f2c3166e, or click "Get template help" for this template for more assistance.

Deploy MAS and Synapse

we use mas and synapse for homeserver

synapse

Penghuot/ess-helm

Just deployed

mas-service

Penghuot/ess-helm

Just deployed

synapse-db

railwayapp-templates/postgres-ssl:17

Just deployed

/var/lib/postgresql/data

mas-db

railwayapp-templates/postgres-ssl:17

Just deployed

/var/lib/postgresql/data

Deploy and Host MAS and Synapse on Railway

Matrix Authentication Service (MAS) is an identity provider that enables secure login and account management for Matrix clients. Synapse is the reference homeserver implementation for the Matrix protocol, powering decentralized communication. Together, they provide authentication and messaging infrastructure for Matrix-based applications.

About Hosting MAS and Synapse

Hosting MAS and Synapse on Railway involves deploying two tightly integrated services: Synapse as the homeserver and MAS as the authentication provider. Each service requires its own PostgreSQL database and a set of environment variables for secrets, endpoints, and client configuration. Railway simplifies this process by auto-injecting service domains and database credentials, reducing manual setup. With MAS handling OIDC flows and Synapse managing communication, you can run a full Matrix stack with minimal effort. This setup is ideal for developers, communities, or organizations wanting to host secure, scalable, and decentralized communication infrastructure without managing servers directly.

Why Deploy MAS and Synapse on Railway

Railway is a singular platform to deploy your infrastructure stack. Railway will host your infrastructure so you don't have to deal with configuration, while allowing you to vertically and horizontally scale it.

By deploying MAS and Synapse on Railway, you are one step closer to supporting a complete full-stack application with minimal burden. Host your servers, databases, AI agents, and more on Railway.

Common Use Cases

Running a personal or community Matrix homeserver with secure authentication

Integrating Element Web with MAS for OIDC-based login flows

Hosting scalable, production-ready Matrix infrastructure with minimal configuration

Dependencies for MAS and Synapse Hosting

PostgreSQL databases: One dedicated database for Synapse, one for MAS

RSA signing key: Required by MAS to sign tokens and enable secure authentication

Deployment Dependencies

Railway-managed PostgreSQL instances

Railway environment variable injection (RAILWAY_PUBLIC_DOMAIN, RAILWAY_PRIVATE_DOMAIN)

Matrix Synapse Documentation

Matrix Authentication Service (MAS) GitHub (github.com in Bing)

Template Content

synapse

Penghuot/ess-helm

PORT

Port Synapse listens on inside the container. Example: 8008

MAS_CLIENT_ID

OIDC client ID registered for Synapse with MAS. Example: 0000000000000000000SYNAPSE

MAS_PUBLIC_URL

Public URL of MAS service. Example: https://mas-service-production-6c0a.up.railway.app

MAS_CLIENT_SECRET

OIDC client secret registered for Synapse with MAS. Example: 7XG6t2DaxVLtk81T3JaPRO9c3GBsfhapSutjnn/ieGE=

MAS_MATRIX_ENDPOINT

Public endpoint of MAS service. Example: https://mas-service-production-6c0a.up.railway.app

SYNAPSE_FORM_SECRET

Secret used for CSRF protection in Synapse forms. Example: 574308507c1054af6354fcfe02d580120f01349e5b5abd6e0194e69beb531983

MAS_MATRIX_SHARED_SECRET

Shared secret for secure communication with MAS. Must match MAS side. Example: 95946d21b1ae4cf8aef0c801b44dd35226d7a5f1ca500c08563151e128a89398

SYNAPSE_MACAROON_SECRET_KEY

Secret key used to sign macaroons (auth tokens). Example: 8f8f25f9a17fa9a7b495f8e8f44b9344ca47081f5defb0416b57b241c5d56284

mas-service

Penghuot/ess-helm

MAS_CLIENT_ID

OIDC client ID registered for Synapse. Example: 0000000000000000000SYNAPSE

ELEMENT_WEB_URL

Public URL of your Element Web client. Example: https://web-element-production-1fad.up.railway.app

MAS_SIGNING_KEY

RSA private key used by MAS to sign tokens. Example: -----BEGIN RSA PRIVATE KEY----- ... -----END RSA PRIVATE KEY-----

MAS_EMAIL_DOMAIN

Domain used for email addresses issued by MAS. Example: matrix.synape-production-7433.up.railway.app

MAS_CLIENT_SECRET

OIDC client secret registered for Synapse. Example: 7XG6t2DaxVLtk81T3JaPRO9c3GBsfhapSutjnn/ieGE=

MAS_ENCRYPTION_KEY

Key used by MAS for encrypting sensitive data. Example: e30ced82286c06d0d873277811e4d004afb200744080969cad9cebbbda4d0149

MAS_MATRIX_ENDPOINT

Public endpoint MAS uses to reach Synapse. Example: https://synape-production-7433.up.railway.app

ELEMENT_WEB_CLIENT_ID

OIDC client ID registered for Element Web. Example: 00000000000000000000SEC0ND

MAS_MATRIX_HOMESERVER

The domain name of the homeserver. Example: synape-production-7433.up.railway.app

MAS_MATRIX_SERVER_NAME

The internal server name for your Matrix homeserver. Example: synape-production-7433.up.railway.app

MAS_CLIENT_REDIRECT_URI

Redirect URI Synapse uses for OIDC callback. Example: https://synape-production-7433.up.railway.app/_synapse/client/oidc/callback

MAS_MATRIX_SHARED_SECRET

Shared secret for secure communication between MAS and Synapse. Example: 95946d21b1ae4cf8aef0c801b44dd35226d7a5f1ca500c08563151e128a89398

MAS_MATRIX_PUBLIC_ENDPOINT

The public HTTPS endpoint MAS uses to reach Synapse. Example: https://synape-production-7433.up.railway.app

synapse-db

ghcr.io/railwayapp-templates/postgres-ssl:17

mas-db

ghcr.io/railwayapp-templates/postgres-ssl:17