Can users on my .onion Matrix server communicate with users on matrix.org?

Yes, if your server is configured for outbound federation via Tor to clearnet servers. Matrix federation is designed to work cross-server. Outbound connections from your .onion homeserver to matrix.org use Tor exit nodes - matrix.org sees traffic from Tor exit IPs. The federation connection is authenticated (Matrix uses server-signing keys) regardless of transport. Note: matrix.org may or may not allow federation from .onion servers - this depends on their federation policies.

How much storage does a Matrix homeserver use?

Matrix stores all message history, file attachments, and media in the database and media store. Storage grows over time: a small homeserver with 10 users in active rooms uses 5-20GB after a year. Configure media retention policies and automatic media purging to control disk usage. Synapse's admin API allows purging old events and compressing room state. Plan for expanding storage or configure explicit storage limits.

Can I bridge my .onion Matrix server to other platforms?

Yes. Matrix bridges (mautrix-telegram, mautrix-signal, mautrix-whatsapp) allow messages from Telegram, Signal, WhatsApp, and other platforms to appear in Matrix rooms. Bridges run as separate processes that connect to both the Matrix homeserver and the bridged platform. For .onion deployments: bridges connect to the local homeserver via the loopback interface (not .onion, since they are on the same server). The bridged platform connection (Telegram, etc.) goes through normal internet or via Tor if the bridge is configured with a proxy.

What are the hardware requirements for a Matrix homeserver?

Synapse minimum: 2 CPU cores, 2GB RAM, 20GB disk. Recommended for small teams (10-50 users): 4 CPU cores, 4GB RAM, 50GB disk. Dendrite minimum: 1 CPU core, 512MB RAM. Recommended: 2 CPU cores, 1GB RAM. For the Iceland VPS I ($29.99/mo) or Iceland VPS II ($59.99/mo): Dendrite fits on Iceland VPS I; Synapse is better on Iceland VPS II or larger for comfortable operation.

Is message delivery reliable over Tor for a Matrix homeserver?

Yes. Matrix includes message delivery acknowledgment and retry mechanisms. If a message fails to deliver due to a temporary Tor connectivity issue, Matrix retries delivery. For federation between .onion servers: both servers maintain persistent Tor circuits for federation, and messages queue locally if the circuit fails temporarily. Federation messages are delivered eventually when connectivity is restored. Matrix's design handles intermittent connectivity gracefully, making it well-suited for Tor's inherently less reliable connectivity compared to direct internet connections.

Matrix Homeserver as a Tor Hidden Service

Matrix is an open protocol for real-time federated communication. Unlike Signal (centralized) or XMPP (federated but without end-to-end encryption by default), Matrix provides federated rooms, persistent message history, and end-to-end encryption (via the Matrix E2E encryption protocol) with a rich ecosystem of clients. Running a Matrix homeserver as a Tor hidden service provides the federation benefits of Matrix with the privacy benefits of .onion: your server's IP is not exposed in the federation protocol, users whose accounts are on your server communicate with full encryption over Tor, and the homeserver is not accessible to internet scanners or untrusted actors. This guide covers deploying Synapse (the reference Matrix homeserver) and Dendrite (a newer Go-based implementation) as Tor hidden services.

Need this done for your project?

We implement, you ship. Async, documented, done in days.

Start a Brief

Matrix Federation and .onion Addresses

Matrix federation allows different homeservers to participate in shared rooms - a user on server-a.onion can join a room hosted on server-b.onion, and messages are replicated between servers. For .onion-to-.onion federation, both servers need Tor configured to route outbound federation connections through Tor. The Matrix federation protocol uses HTTPS with mutual TLS authentication of servers. In .onion deployments: configure each homeserver's server name as its .onion address. Federation connections between .onion homeservers travel through Tor's network. For federation with clearnet Matrix servers (matrix.org, etc.): this requires the .onion server to make outbound Tor connections to clearnet HTTPS endpoints - standard Tor exit node traffic.

Deploying Synapse as a .onion Homeserver

Synapse is the reference Matrix homeserver written in Python. Install via the official Debian/Ubuntu package or pip. Configure homeserver.yaml: server_name: youraddress.onion, listeners with bind_addresses: ['127.0.0.1'] and port: 8448 for federation, port: 8008 for client-server API. Configure Tor: HiddenServicePort 8448 127.0.0.1:8448 (federation) and HiddenServicePort 8008 127.0.0.1:8008 (client API). For outbound federation through Tor: configure Synapse's outbound proxy settings (proxy_config in homeserver.yaml, pointing to the local Tor SOCKS5 proxy 127.0.0.1:9050). Synapse requires PostgreSQL (SQLite works only for testing). Database: install PostgreSQL, configure a Synapse database user. Synapse RAM: 1-4GB typical for small deployments - use Iceland VPS I or II.

Dendrite as a Lightweight Alternative

Dendrite is Synapse's younger sibling: a next-generation Matrix homeserver written in Go, designed to be more resource-efficient. Dendrite uses significantly less RAM than Synapse (300-800MB vs 1-4GB). Install from the Dendrite releases page or build from source. Configure dendrite.yaml: global.server_name: youraddress.onion, global.api_path: http://127.0.0.1:8008, matrix_key_id for the server signing key. Configure listeners to bind on 127.0.0.1. Configure Tor hidden service for both the client API port and federation port. Dendrite is still under active development and may have feature gaps compared to Synapse but is suitable for personal or small team deployments. The lower resource requirements make it better suited for smaller VPS plans.

Client Configuration and Element Web on .onion

Matrix clients (Element, Nheko, FluffyChat) connect to the homeserver's client-server API. Configure Element Web or Element Desktop to use the .onion homeserver: Server URL: http://youraddress.onion:8008. The client must be running behind Tor (Tor Browser for Element Web, or Orbot for mobile clients). Element Web can itself be hosted as a .onion service for maximum privacy: serve the static Element Web files from Nginx behind a Tor hidden service. Users access Element Web at the .onion URL, configure it to connect to the homeserver .onion API, and all communication stays within the .onion ecosystem. For mobile: use Element Android or iOS with Orbot running in VPN mode.

Room Encryption and Security Verification

Matrix end-to-end encryption (E2EE) uses the Double Ratchet protocol (same as Signal). Enable E2EE by default for all rooms: configure encryption_enabled_by_default_for_room_type in homeserver.yaml. Cross-signing for device verification: users verify each other's devices using Safety Numbers / QR codes in the Element client. This verification is independent of the .onion transport - it verifies the user's device keys regardless of how messages are transmitted. With .onion transport and E2EE enabled: messages are encrypted end-to-end (only readable by intended recipients) and transmitted over Tor's encrypted transport (hiding the communication metadata from network observers). The combination provides both content privacy and metadata privacy.

Related Services

Offshore VPS from $17.90/mo Dedicated Servers DevOps Services

Why Anubiz Host

100% async — no calls, no meetings

Delivered in days, not weeks

Full documentation included

Production-grade from day one

Security-first approach

Post-delivery support included

Bulletproof Hosting Providers

DMCA-Ignored Servers

Offshore VPS Hosting

Anonymous Hosting Solutions

Ready to get started?

Skip the research. Tell us what you need, and we'll scope it, implement it, and hand it back — fully documented and production-ready.

Start a Brief Iceland VPS II - $59.99/mo