search

kamax-matrix / mxisd

Federated Matrix Identity Server
GNU Affero General Public License v3.0
220 stars 112 forks source link

synapse integration and HTTPS #1

Closed wjhtinger closed 7 years ago

wjhtinger commented 7 years ago

Run ./gradlew bootRun, then meet some errors and blocked, the log as below:

  .   ____          _            __ _ _
 /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
 \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  |____| .__|_| |_|_| |_\__, | / / / /
 =========|_|==============|___/=/_/_/_/
 :: Spring Boot ::        (v1.4.3.RELEASE)

2017-02-09 11:04:35.853  INFO 11624 --- [           main] i.k.m.MatrixIdentityServerApplication    : Starting MatrixIdentityServerApplication on localhost with PID 11624 (/home/wangjh/work/mxisd/build/classes/main started by wangjh in /home/wangjh/work/mxisd)
2017-02-09 11:04:35.883  INFO 11624 --- [           main] i.k.m.MatrixIdentityServerApplication    : No active profile set, falling back to default profiles: default
2017-02-09 11:04:36.126  INFO 11624 --- [           main] ationConfigEmbeddedWebApplicationContext : Refreshing org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@13d73f29: startup date [Thu Feb 09 11:04:36 CST 2017]; root of context hierarchy
2017-02-09 11:04:39.902  INFO 11624 --- [           main] s.b.c.e.t.TomcatEmbeddedServletContainer : Tomcat initialized with port(s): 8090 (http)
2017-02-09 11:04:39.932  INFO 11624 --- [           main] o.apache.catalina.core.StandardService   : Starting service Tomcat
2017-02-09 11:04:39.936  INFO 11624 --- [           main] org.apache.catalina.core.StandardEngine  : Starting Servlet Engine: Apache Tomcat/8.5.6
2017-02-09 11:04:40.196  INFO 11624 --- [ost-startStop-1] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring embedded WebApplicationContext
2017-02-09 11:04:40.199  INFO 11624 --- [ost-startStop-1] o.s.web.context.ContextLoader            : Root WebApplicationContext: initialization completed in 4084 ms
2017-02-09 11:04:40.554  INFO 11624 --- [ost-startStop-1] o.s.b.w.servlet.ServletRegistrationBean  : Mapping servlet: 'dispatcherServlet' to [/]
2017-02-09 11:04:40.561  INFO 11624 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'characterEncodingFilter' to: [/*]
2017-02-09 11:04:40.563  INFO 11624 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'hiddenHttpMethodFilter' to: [/*]
2017-02-09 11:04:40.564  INFO 11624 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'httpPutFormContentFilter' to: [/*]
2017-02-09 11:04:40.565  INFO 11624 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'requestContextFilter' to: [/*]
2017-02-09 11:04:41.929  INFO 11624 --- [           main] s.w.s.m.m.a.RequestMappingHandlerAdapter : Looking for @ControllerAdvice: org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@13d73f29: startup date [Thu Feb 09 11:04:36 CST 2017]; root of context hierarchy
2017-02-09 11:04:42.118  INFO 11624 --- [           main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/_matrix/identity/api/v1/store-invite],methods=[POST]}" onto public java.lang.String io.kamax.mxisd.controller.v1.InvitationController.store()
2017-02-09 11:04:42.129  INFO 11624 --- [           main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/_matrix/identity/api/v1/pubkey/ephemeral/isvalid],methods=[GET]}" onto public java.lang.String io.kamax.mxisd.controller.v1.KeyController.checkEphemeralKeyValidity()
2017-02-09 11:04:42.131  INFO 11624 --- [           main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/_matrix/identity/api/v1/pubkey/isvalid],methods=[GET]}" onto public java.lang.String io.kamax.mxisd.controller.v1.KeyController.checkKeyValidity()
2017-02-09 11:04:42.133  INFO 11624 --- [           main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/_matrix/identity/api/v1/pubkey/{keyType}:{keyId}],methods=[GET]}" onto public java.lang.String io.kamax.mxisd.controller.v1.KeyController.getKey(java.lang.String,int)
2017-02-09 11:04:42.137  INFO 11624 --- [           main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/_matrix/identity/api/v1/lookup],methods=[GET]}" onto public java.lang.String io.kamax.mxisd.controller.v1.MappingController.lookup(java.lang.String,java.lang.String)
2017-02-09 11:04:42.142  INFO 11624 --- [           main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/_matrix/identity/api/v1/validate/email/submitToken],methods=[GET || POST]}" onto public java.lang.String io.kamax.mxisd.controller.v1.SessionController.validate()
2017-02-09 11:04:42.144  INFO 11624 --- [           main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/_matrix/identity/api/v1/3pid/bind],methods=[POST]}" onto public java.lang.String io.kamax.mxisd.controller.v1.SessionController.bind()
2017-02-09 11:04:42.146  INFO 11624 --- [           main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/_matrix/identity/api/v1/validate/email/requestToken],methods=[POST]}" onto public java.lang.String io.kamax.mxisd.controller.v1.SessionController.init()
2017-02-09 11:04:42.150  INFO 11624 --- [           main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/_matrix/identity/api/v1/3pid/getValidated3pid],methods=[POST]}" onto public java.lang.String io.kamax.mxisd.controller.v1.SessionController.check()
2017-02-09 11:04:42.163  INFO 11624 --- [           main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/error],produces=[text/html]}" onto public org.springframework.web.servlet.ModelAndView org.springframework.boot.autoconfigure.web.BasicErrorController.errorHtml(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)
2017-02-09 11:04:42.169  INFO 11624 --- [           main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/error]}" onto public org.springframework.http.ResponseEntity<java.util.Map<java.lang.String, java.lang.Object>> org.springframework.boot.autoconfigure.web.BasicErrorController.error(javax.servlet.http.HttpServletRequest)
2017-02-09 11:04:42.263  INFO 11624 --- [           main] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped URL path [/webjars/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2017-02-09 11:04:42.265  INFO 11624 --- [           main] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped URL path [/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2017-02-09 11:04:42.367  INFO 11624 --- [           main] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped URL path [/**/favicon.ico] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2017-02-09 11:04:43.063  INFO 11624 --- [           main] o.s.j.e.a.AnnotationMBeanExporter        : Registering beans for JMX exposure on startup
2017-02-09 11:04:43.181  INFO 11624 --- [           main] s.b.c.e.t.TomcatEmbeddedServletContainer : Tomcat started on port(s): 8090 (http)
2017-02-09 11:04:43.194  INFO 11624 --- [           main] i.k.m.MatrixIdentityServerApplication    : Started MatrixIdentityServerApplication in 8.619 seconds (JVM running for 10.035)
maxidorius commented 7 years ago

There is no error in the log, all seems fine.

./gradlew bootRun is used to spin up a local dev version of the code without having to go more trouble, which is exactly what is happening here.

The command won't go in background and won't exit until you press Ctrl+C, if that's where you are blocked.

Could you elaborate on what the issue is exactly?

wjhtinger commented 7 years ago

OK. I see. And test the signing key, works fine.

But now I still cant work it with a synapse homeserver. I have configure the trusted_third_party_id_servers: with - http://localhost:8090 in homeserver.yaml. And get the error of "Untrusted ID server '8090' (Status 400)" in client.

In README.md, said that must run an HTTPS reverse proxy? But how?

maxidorius commented 7 years ago

Synapse will try to establish a HTTPS connection from my experience, so that's most likely the untrusted error.

As for the reverse proxy, you can do it with Apache or Nginx or HAProxy...
The web server will perform the SSL handling and proxy the HTTP part to the Identity Server.

You can find many tutorial online about this.

wjhtinger commented 7 years ago

OK, thanks. I have run a Nginx, can you give a cofigure demo for this?

maxidorius commented 7 years ago

It's a bit difficult to provide you with a demo config since it usually requires a non-trivial config (as you need to enable modules, have a certificate, know if synapse runs on the same machine as the mxisd, etc.) and I feel this is out of scope here.

I do agree it's an important part and that you can't get anywhere without it so I'll create a Wiki page in the coming days that will show a deployment example with synapse, mxisd and a reverse proxy for both.

maxidorius commented 7 years ago

I didn't forget you, I'm still working on the architecture and the integration with Synapse - a bit harder than expected.

Stay tuned...

maxidorius commented 7 years ago

For anyone interested, we are currently talking design with the Matrix devs on the dedicated Matrix Identity room: #matrix-identity:matrix.org

maxidorius commented 7 years ago

I've also created a Matrix room for this project: #mxisd:kamax.io

maxidorius commented 7 years ago

@wjhtinger would you consider using Apache2 as reverse proxy? I could share my current setup

slipeer commented 7 years ago

@maxidor Interesting. Please, share you current setup.

maxidorius commented 7 years ago

@slipeer I'll write a wiki page within the next 24h and ping you then.

maxidorius commented 7 years ago

Synapse integration howto