Fix issues with synapse and synapse-coturn services not starting

[Lab-8916100448256]

Problem

• synapse-coturn service does not start at boot
• synapse service does not start on ipv4 only server

synapse-coturn error (this error is happening only at boot time. if the service is manually started later on, there is no error) :

May 02 22:22:31 domain.tld turnserver[1003]: 0: : NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED
May 02 22:22:31 domain.tld turnserver[1003]: 0: : ===========Discovering listener addresses: =========
May 02 22:22:31 domain.tld turnserver[1003]: 0: : Listener address to use: 127.0.0.1
May 02 22:22:31 domain.tld turnserver[1003]: 0: : ERROR: main: Cannot configure any meaningful IP listener address

synapse error (this error is happening on servers that do not have ipv6 enabled :

May 03 14:08:34 domain.tld python[285652]: twisted.internet.error.CannotListenError: Couldn't listen on ::1:8008: [Errno 99] Cannot assign requested address.

Solution

• for synapse-coturn service error, added the option -L 0.0.0.0 on ExecStart line in systemd unit file
• for synapse service error, changed the listening address to localhost instead of ::1 and 127.0.0.1

PR Status

• [x ] Code finished and ready to be reviewed/tested
• [x ] The fix/enhancement were manually tested (if applicable)

Automatic tests

Automatic tests can be triggered on https://ci-apps-dev.yunohost.org/ after creating the PR, by commenting "!testme", "!gogogadgetoci" or "By the power of systemd, I invoke The Great App CI to test this Pull Request!". (N.B. : for this to work you need to be a member of the Yunohost-Apps organization)

[Salamandar]

Can you link to the doc showing that localhost is a valid value ? Also https://github.com/matrix-org/synapse/blob/be65a8ec0195955c15fdb179c9158b187638e39a/docs/reverse_proxy.md?plain=1#L43 It looks like we could just put 127.0.0.1 because we always have local ipv4

[Salamandar]

Also according to https://github.com/matrix-org/synapse/blob/be65a8ec0195955c15fdb179c9158b187638e39a/docs/usage/configuration/config_documentation.md?plain=1#L457

the default is sane and we could just remove the line altogether.

Also it's for http-not-s traffic, it shouldn't even be used because yunohost enforces https…

[Lab-8916100448256]

Can you link to the doc showing that localhost is a valid value ? Also https://github.com/matrix-org/synapse/blob/be65a8ec0195955c15fdb179c9158b187638e39a/docs/reverse_proxy.md?plain=1#L43 It looks like we could just put 127.0.0.1 because we always have local ipv4

I have not read any doc about that. I just tried it and it was working. I have seen references to computers having only ipv6 somewhere. I don't remember where and I don't know if that could happen with a yunohost server

[Lab-8916100448256]

Also according to https://github.com/matrix-org/synapse/blob/be65a8ec0195955c15fdb179c9158b187638e39a/docs/usage/configuration/config_documentation.md?plain=1#L457

the default is sane and we could just remove the line altogether.

Also it's for http-not-s traffic, it shouldn't even be used because yunohost enforces https…

It's used by nginx that is reverse proxing it to https

[Josue-T]

Hello,

Maybe it look that you have an issue about pour network stack. Are you sure that ipv4 and ipv6 are enabled on your server ?

[Lab-8916100448256]

Hello,

Maybe it look that you have an issue about pour network stack. Are you sure that ipv4 and ipv6 are enabled on your server ?

ipv6 is disabled. And that is on purpose. There are other things that break in my case if I enable ipv6 : https://forum.yunohost.org/t/fixed-installing-letsecrypt-certificate-is-taking-a-very-long-time/28645

[Lab-8916100448256]

Can you link to the doc showing that localhost is a valid value ? Also https://github.com/matrix-org/synapse/blob/be65a8ec0195955c15fdb179c9158b187638e39a/docs/reverse_proxy.md?plain=1#L43 It looks like we could just put 127.0.0.1 because we always have local ipv4

I though about this during the night. And I kind of remember cases (no in synapse) where using localhost for a bind address was not working but using 127.0.0.1 was working. So yes it is probably better to use 127.0.0.1

[Lab-8916100448256]

@Salamandar , I have changed localhost to 127.0.0.1

[Josue-T]

Hello, Maybe it look that you have an issue about pour network stack. Are you sure that ipv4 and ipv6 are enabled on your server ?

ipv6 is disabled. And that is on purpose. There are other things that break in my case if I enable ipv6 : https://forum.yunohost.org/t/fixed-installing-letsecrypt-certificate-is-taking-a-very-long-time/28645

Hello,

Honestly I'm not sure that it's a good idea to drop ipv6 into the config. The future is to move to Ipv6.

For your specific case I think you don't need to completely disable ipv6. Since you don't have any default ipv6 route your issue should be solved.

Also as on nginx config side it's configured to reverse proxy to localhost so your change will break instance with ipv6 enabled.

[Salamandar]

Honestly I'm not sure that it's a good idea to drop ipv6 into the config. The future is to move to Ipv6.

Well yes but actually no, here we are talking exclusively about internal IP, and most apps are curently only listening on ipv4 127.0.0.1.

[Lab-8916100448256]

I'll do some more tests to see what is strictly necessary to do in all that I have disabled regarding IPV6 to fix my issue of let's encrypt timeouts and try to find a better fix of my IP stack. However note that this will affect only the synapse error. If I remember correctly, the coturn error is also happening on IPV6 enabled host. I'll test that again to confirm.