Closed pexus closed 5 years ago
I've edited your issue to add the code markup - please use it anytime you post logs in a github issue, it makes it much easier to read.
I can't really comment on a synapse stacktrace, especially that this one is very cryptic, but I would venture a guess that the URL you set in the client return 404 if you try to access any Identity endpoints from the synapse host.
A quick test would be to see the output of the following when ran from the host/container running synapse, replacing https://example.org
by what you've put for the Identity server URL in the client:
curl -vk https://example.org/_matrix/identity/api/v1
Thanks for the response and adding the appropriate label.
What should be the response? I get the following when I run the curl command from the container hosting synapse and mxisd
curl -vk https://myserver.example.org/_matrix/identity/api/v1
* Trying XX.XX.XX.XX
* TCP_NODELAY set
* Connected to myserver.example.org (XX.XX.XX.XX) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: CN=myserver.example.org
* start date: Feb 24 16:46:47 2019 GMT
* expire date: May 25 16:46:47 2019 GMT
* issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
* SSL certificate verify ok.
> GET /_matrix/identity/api/v1 HTTP/1.1
> Host: myserver.example.org
> User-Agent: curl/7.52.1
> Accept: */*
>
< HTTP/1.1 404 Not Found
< Date: Thu, 07 Mar 2019 19:53:58 GMT
< Server: Synapse/0.99.2
< Content-Length: 153
< Content-Type: text/html; charset=utf-8
< Via: 1.1 myserver.example.org
< X-Content-Type-Options: nosniff
< X-Frame-Options: sameorigin
< X-XSS-Protection: 1; mode=block
<
<html>
<head><title>404 - No Such Resource</title></head>
<body>
<h1>No Such Resource</h1>
<p>No such child resource.</p>
</body>
</html>
* Curl_http_done: called premature == 0
* Connection #0 to host myserver.example.org left intact
I've edited your issue to add the code markup - please use it anytime you post logs in a github issue, it makes it much easier to read.
The problem is that /_matrix/identity/
is not forwarded to mxisd. Double check your reverse proxy configuration please.
My matrix conf is as follows, may be I need to review this. I thought this should work.
#matrix configuration
<Location /_matrix/identity>
ProxyPass http://[::1]:8090/
ProxyPassReverse http://[::1]:8090/
ProxyPreserveHost On
</Location>
<Location /_matrix>
ProxyPass http://[::1]:8008
ProxyPassReverse http://[::1]:8008
ProxyPreserveHost On
</Location>
I don't think Location
behaves the same way as several ProxyPass
entries. You'll need to check the Apache doc.
This issue is now resolved. I have to use the following conf settigs:
ProxyPreserveHost on
ProxyPass /_matrix/identity http://localhost:8090/_matrix/identity
ProxyPass /_matrix http://localhost:8008/_matrix
Thank you for following up!
@maxidorius when i use mxisd i got the error Failed handle request via 'RoomMembershipRestServlet'
too ,and [<twisted.python.failure.Failure OpenSSL.SSL.Error: [('SSL routines', 'CONNECT_CR_CERT', 'certificate verify failed')]>]
in synapse.
because i use a self signed certificate in the mixsd reverse proxy, when synapse call mxise use https , certificate verify failed, is there some related solutions?
@longfan3 self-signed certificates on the reverse proxy is not a setup we support. As for synapse's config so it works, that's a question for the synapse repo.
@maxidorius Thanks,I have modified the synapse code to support it.
I installed an instance of mxisd on my server. It also runs the matrix synapse. I was able to connect fine via Riot app using my home server and identity server URL. When trying to invite a user to my room via e-mail address. I get the following error trace. (Sensitive data masked out in the following log entries) Appreciate any pointers: