I am trying to run a synapse server on my kubernetes cluster. Therefore, I am using the currently latest official container (Version 1.109.0) from docker hub in combination with an official postgresql container. The server is reverse-proxied by HAProxy (with SSL Offloading) using a lets-encrypt certificate.
After being able to register a user on this server using the flatpak version of the Element client on Linux, I tried logging in with the Android Element app from the Google Play store. On Android, the Element client rejects the server name claiming that the entered server name "is not a valid matrix server address".
From what I found out is that the Android version of the Element App relies on the Federation API, which brought me to the Matrix Federation Tester website, where my server fails the test. In the json-report of the test, it is stated that the server which seems to be addressed with its IP address, does not respond with HTTP response code 200, which might have to do with the fact, that lets-encrypt does not issue SSL-certificates for IP addresses and therefore a connection to the server via its IP address fails due to certificate validation.
Next thing I tried was to switch from serving wellknown info to having a SRV record for the server... same negative result.
Is it even possible to host a federated synapse homeserver with letsencrypt certificates?
Description
I am trying to run a synapse server on my kubernetes cluster. Therefore, I am using the currently latest official container (Version 1.109.0) from docker hub in combination with an official postgresql container. The server is reverse-proxied by HAProxy (with SSL Offloading) using a lets-encrypt certificate.
After being able to register a user on this server using the flatpak version of the Element client on Linux, I tried logging in with the Android Element app from the Google Play store. On Android, the Element client rejects the server name claiming that the entered server name "is not a valid matrix server address".
From what I found out is that the Android version of the Element App relies on the Federation API, which brought me to the Matrix Federation Tester website, where my server fails the test. In the json-report of the test, it is stated that the server which seems to be addressed with its IP address, does not respond with HTTP response code 200, which might have to do with the fact, that lets-encrypt does not issue SSL-certificates for IP addresses and therefore a connection to the server via its IP address fails due to certificate validation.
Next thing I tried was to switch from serving wellknown info to having a SRV record for the server... same negative result.
Is it even possible to host a federated synapse homeserver with letsencrypt certificates?
Please find a slightly obfuscated json report from the tester below:
{ "WellKnownResult": { "m.server": "mydomain.com:443", "CacheExpiresAt": 0 }, "DNSResult": { "SRVSkipped": true, "SRVCName": "", "SRVRecords": null, "SRVError": null, "Hosts": { "hxz.one": { "CName": "mydomain.com.", "Addrs": [ "1.2.3.4" ], "Error": null } }, "Addrs": [ "1.2.3.4:443" ] }, "ConnectionReports": {}, "ConnectionErrors": { "1.2.3.4:443": { "Message": "Non-200 response 404 from remote server" } }, "Version": { "name": "Synapse", "version": "1.109.0" }, "FederationOK": false }Steps to reproduce
Homeserver
another homeserver
Synapse Version
1.109.0
Installation Method
Docker (matrixdotorg/synapse)
Database
I am using a single PostgreSQL server
Workers
Single process
Platform
The deployment is done on a microk8s cluster running Ubuntu Server 24.04 LTS
Configuration
No response
Relevant log output
Anything else that would be useful to know?
The firewall log shows a third connection from 94.237.61.73, that is not passed to the haproxy backend due to the issues described above.