Could not connect to the integration server Error

[DeviantEng]

Description

In a newly created room, under the settings for said room, the Manage Integrations button is grayed out. After waiting ~60 seconds, I get a warning message that states Could not connect to the integration server.

Steps to reproduce

• Create new room
• Click the settings for that room
• Manage Integrations button is grayed out
• Wait ~60 seconds for the Could not connect to the integration server error message

I expected to be able to click the Manage Integrations Button to configure Integration items.

Version information

• Platform: web (in-browser) AND desktop

For the web app:

• Browser: Chrome, latest
• OS: OS X 10.12.4 Beta
• URL: riot.im/app

For the desktop app:

• OS: OS X 10.12.4 Beta
• Version:

  matrix-react-sdk version: 0.8.6
  vector-web version: 0.9.7
  olm version: 2.2.1

[ara4n]

@DeviantEng what homeserver is this using? do you have any privacy-protection plugins installed in chrome?

[DeviantEng]

Homeserver is Synapse (https://github.com/matrix-org/synapse). No privacy related plugins installed with Chrome.

[amracel]

I have the same issue. I'm running Synapse from the docker appliance (https://hub.docker.com/r/silviof/docker-matrix/) on an Ubuntu box. When setting up an account, I use that as the home server and the default (vector.im) as the 'identity server'. I'm using http://riot.im/app as the client.

I'm calling riot.im from Chrome on said Ubuntu box and from Safari on a Mac. When I try it from Chrome on the mac, I also get a 'CORS request rejected' message.

[aperezdc]

This happens to me running my own HS (Synapse) and using my own instance of Riot, which has integrations_ui_url, integrations_rest_url, and bug_report_endpoint_url set to empty strings hoping that doing that would tell Riot to not even try to contact any integrations/bugreport endpoints at all.

[cl0secall]

I also encountered this on a self-hosted synapse home server. Also, using chrome browser. I opened the developer console and noted that it was getting a 502 back from the integrations API server with a message "user not authenticated" or similar. My home server was not configured to allow federation. Once I configured federation the error went away and I was able to click the "Manage Integrations" button and see the integrations.

edit: updated with testing results.

[almereyda]

@aperezdc You are talking about #1698

[erobotics]

I had the same issue. It turned out that I have to set the port number to 8448. Can not customize the port number if you want to use the integration or invite external users. It seems someone hard-coded the port number.

[almereyda]

@erobotics Is this why on my instance I don't see URL previews, because Matrix is served from :443 on matrix.allmende.io, while Vector runs on :443 at vector.allmende.io?

How did you find this answer, by mere trial, error and guessing?

[aperezdc]

@almereyda Yes, I guess having the options documented (as per #1698) would help. What I tried to say is that disabling the integrations server should hide the message about Riot not being able to connect to it. That was done in #2606 a while ago and now it's possible to leave the options empty to hide the UI elements that deal with integrations.

[almereyda]

Therefore this issue is solved?

A new issue could always appear once synapse allows for a non-hardcoded integrations endpoint and a custom Riot is built with custom settings, yet something in connecting the two doesn't work then.

We could probably also do good in opening an issue at synapse's issue tracker.

[Kleingeldprinz]

Changing the Port back to 8448 isn't a good option to me. Maybe some dev can fix this?

[dkasak]

I'm still seeing this on my homeserver in riot-web.

[Zer0-]

@dkasak same here

[jogleasonjr]

@dkasak @Zer0- try port forwarding 8448 to your internal synapse server's IP.

[dkasak]

It is forwaded. I failed to mention before that federation generally works, only the integrations don't.

[jogleasonjr]

Is your homeserver behind a reverse proxy? If so, one other thing to check is that your proxy itself is using HTTPS (port 8448) with the homeserver. In other words, if your firewall/proxy is serving HTTPS on your WAN but using HTTP internally for local/network services, try changing this to HTTPS for synapse. My integrations did not work until I did so, even though the server worked otherwise.

[Zer0-]

@jogleasonjr At least for me this worked.

[MacLemon]

I'm seeing this message in every room that is using integrations. I'm using my own Synapse server and the Electron client. With the exception of custom web integrations they also still work fine. (Custom website integration is not being rendered anymore.)

[eledroos]

@jogleasonjr where would I set this config?

[jogleasonjr]

@eledroos that depends on which reverse proxy you're using. What I wrote pertains to the proxy, not the homeserver itself. I'm using Squid on pfSense, so it was easy enough in the configuration UI to have Squid pointed at https://192.168.1.101:8448.

The bold bits above are the important ones. If you're using something like nginx you can try configuring it similarly.

[eledroos]

@jogleasonjr ahhhh that worked. I use nginx, so with ufw I just had to do: sudo ufw allow 8448

[MatMaul]

Are integrations supposed to work with a non-federated private server available on the internet ? I also use a private identity manager. It's still not clear to me.

Also Synapse server is on a private network with a proxy cache for internet access, perhaps it needs some stuff so some hooks go through this proxy ? HTTP(S)_PROXY variables are already defined.

I was unable to make it work with a reverse proxy, even using https as a backend as @jogleasonjr mentionned. I am using port 8448.

I'll try port forwarding next week instead to see if it helps.

[MatMaul]

BTW I don't get the same error but some 500 "unauthorized user".

[jonathanraes]

I have the same issue, I run a non-federated homeserver using synapse and I cant seem to get the integrations to work. Everything is portforwarded and I'm not using a reverse proxy. I get this error both on the desktop and web clients.. no clue what to try next Inspection shows that 3 POST requests to https://scalar.vector.im/api/register fail with a 500 (?) status code returning: {"message":"Failed to authenticate user"} Some documentation on this would be greatly appreciated

[turt2live]

You'll need the federation listener for your homeserver exposed so scalar can reach it. If you want to limit your federation exposure, use a reverse proxy (understanding the dangers of doing so for federation) and only expose the OpenID endpoint.

[jonathanraes]

Thanks for pointing me in the right direction. My problem was that I failed to set up the servername correctly in synapse's config.

[simonszu]

I have the same issue and could need some help.

I have set up a synapse listener on port 8448 which is directly forwarded in my firewall, and also a listener for port 8008 which is reverse-proxied. I also have a DNS setting for matrix.mydomain.tld which points to the server, and the DNS SRV for _matrix._tcp set to 5 8448 matrix.mydomain.tld.

I run riot via docker, from keachi/riot. I have set the DEFAULT_HS_URL to https://matrix.mydomain.tld and DEFAULT_IS_URL to https://matrix.org.

However, Riot isn't able to connect to the integrations server, which defaults to https://scalar.vector.im/ in this docker image.

Where's the error?

[dritchie]

@turt2live Can you elaborate on "You'll need the federation listener for your homeserver exposed so scalar can reach it?" What is the federation listener, and how does one expose it?

[turt2live]

It means having a working federation with matrix.org. This can be tested with the federation tester or by trying to communicate with people on another server such as matrix.org.

For synapse this means making sure one of the listeners in the config has a federation resource attached to it, similar to this:

listeners:
  - port: 8448
    tls: true
    type: http
    resources:
      - names: [federation]
        compress: false

[dritchie]

Hmm. I've got that in my homeserver.yaml. I'm using nginx as a reverse proxy, and it's forwarding _matrix to port 8448. I've tried the federation tester with my host's URL, but it just hangs for a few minutes until giving me a 524 timeout error. Possibly related: when I try to connect to port 8448 via nc from outside the local network, it also hangs. Not sure how to debug this further.

[turt2live]

That sounds like a general problem with your synapse installation. I recommend visiting #synapse:matrix.org to get some troubleshooting done.

[jaywink]

For synapse this means making sure one of the listeners in the config has a federation resource attached to it, similar to this:

FYI, these days federation listener is not strictly needed, there is an openid resource as well, so replacing federation with openid in this comment will allow integration manager without federation.

Since time has passed, @DeviantEng , is your issue resolved? If not, can you confirm if your homeserver version and whether it has the federation and/or openid listener enabled?

[jcrabapple]

I'm having the same problem. I've got Synapse behind nginx reverse proxy. Non-federated. Listener on 8448. Opened 8448 in ufw. openid listener enabled. v0.99.3

POST https://scalar.vector.im/api/register?v=1.1 500 rageshake.js:107 Failed to connect to integrations server rageshake.js:107 Error whilst initialising scalarClient for ManageIntegsButton {statusCode: 500}

[jaywink]

@jcrabapple would you be able to PM me your matrix ID, I can have a look at the Scalar integration manager logs? My mxid is @jaywink:federator.dev - thanks!

[bd4]

I was seeing this error when searching for rooms on matrix.org, with Riot.im client, and with nginx reverse proxy on the server. I fixed by changing my proxy config to use https 8448 instead of http 8008:

location /_matrix {
      proxy_pass https://127.0.0.1:8448;
      proxy_set_header X-Forwarded-For $remote_addr;
    }

[nfalcone]

I was getting the same issue as @jcrabapple, what fixed it for me was going over these directions again. I was getting thrown off by the DNS SRV record part since my homeserver is on a subdomain. Once that was in place with my DNS provider the federation tester showed all good and the error was gone.

[jaywink]

Since this issue is 2 years old and the latest comments seem to have related more to Synapse set up and routing, not actual issues with the integration server itself, and there isn't much we can do with this information to fix or improve things, I'll close this issue.

Please feel free to add comments if relevant to these kind of problems or especially relevant to the integration manager not working when Synapse is correctly set up and lets reopen if needed.

[chized]

I setup a homeserver over intranet and I have a similar error. I using Nginx for reverse proxy. user can make one-one calls but this error shows up one the user on a call becomes three or more. Can I use matrix.org for federation? If not, do I need another local server for federation i.e separate server, Or is there a way to make conference call work within our intranet without federation. Thanks in advance

[jaywink]

@chized Sounds like your issue is with the Jitsi conference call widget, For this to work on a non-federated Synapse, you will need to enable the openid listener resource (see this comment).

If this is not your issue, I would suggest using a federating account for example on matrix.org to jump into the Synapse admins room https://matrix.to/#/#synapse:matrix.org and asking for support there.

[chized]

@chized Sounds like your issue is with the Jitsi conference call widget, For this to work on a non-federated Synapse, you will need to enable the openid listener resource (see this comment).

If this is not your issue, I would suggest using a federating account for example on matrix.org to jump into the Synapse admins room https://matrix.to/#/#synapse:matrix.org and asking for support there.

No, am using a Riot client.

[recolic]

I have the same issue. I'm running Synapse from the docker appliance (https://hub.docker.com/r/silviof/docker-matrix/) on an Ubuntu box. When setting up an account, I use that as the home server and the default (vector.im) as the 'identity server'. I'm using http://riot.im/app as the client.

I'm calling riot.im from Chrome on said Ubuntu box and from Safari on a Mac. When I try it from Chrome on the mac, I also get a 'CORS request rejected' message.

I'm also experiencing the CORS error. Any solution available?

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://scalar-staging.riot.im/scalar/api/register?v=1.1. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://scalar-staging.riot.im/scalar/api/register?v=1.1. (Reason: CORS request did not succeed).

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://scalar-staging.riot.im/scalar/api/register?v=1.1. (Reason: CORS request external redirect not allowed).

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://scalar-staging.riot.im/scalar/api/register?v=1.1. (Reason: CORS preflight response did not succeed).

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://scalar-staging.riot.im/scalar/api/register?v=1.1. (Reason: CORS request did not succeed).

Error: "CORS request rejected: https://scalar-staging.riot.im/scalar/api/register?v=1.1"
    u https://chat.recolic.org/riot/bundles/44ad918b2bd0a9925fd6/bundle.js:2
    onreadystatechange https://chat.recolic.org/riot/bundles/44ad918b2bd0a9925fd6/bundle.js:2

[Maasea]

I use nginx to reverse proxy and the default port is 8443. The above solution mentions port 8448 and HTTPS several times, so I consider add 8448 port to nginx and it works. Following is my nginx conf. Hope it can help you.

server { 
        root /var/www/html;
        index index.html index.htm index.nginx-debian.html;
        server_name yourdomain;
        location / {
                try_files $uri $uri/ =404;
        }

    listen 8443 ssl; 
    listen 8448 ssl; #add this
    ssl_certificate /home/ubuntu/ssl/domain.crt;
    ssl_certificate_key /home/ubuntu/ssl/domain.key;

    location ~* ^(\/_matrix|\/_synapse\/client) {
        proxy_pass http://localhost:8008; 
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $host;
        client_max_body_size 50M;
    }
    location /.well-known/matrix/client {
     return 200 '{"m.homeserver": {"base_url": "https://domain.com:8443"}}';
     default_type application/json;
     add_header Access-Control-Allow-Origin *;
    }

}

Note: You should make sure your firewall is open on port 8448.

PS: I have two servers, one listens 443 and the other listens 8443, the former one doesn't need to listen 8448 and works well. So I guess it may be related to the listening port.

[pilot51]

I had this issue and found that it specifically requires port 443 to be open and forwarded to Synapse. It will not use any other configured port. I was using 8443 because the AT&T U-Verse gateway blocked 443. Turns out it only blocks 443 when remote access is enabled on 8368. I needed to keep access since it's at my parents and I do most of the network management, especially with my server there because AT&T Fixed Wireless at my place prevents hosting any public servers. I worked around it by forwarding another port on the router to the gateway's LAN port 443. Once remote access was disabled, forwarding 443 to my server in the router and Apache proxy worked and Integration Manager could connect to it.