Closed merspieler closed 8 months ago
I'm afraid I'm not really following you.
It appears that the configuration at merspieler.tk
is no longer as it was when you reported this issue. Obviously, this makes it very much harder to diagnose any issues.
I strongly suspect the behaviour you observed was correct. Note that the use of SRV records is not really recommended unless you have a very specific need for them, because correct use of them is not very intuitive. If you do want to use a SRV record, please study the specification which makes it very explicit which TLS certificate must be presented.
I'm going to go ahead and close this issue for now. If you still consider there to be a bug, please provide a test domain which exhibits the faulty behaviour.
I'd consider the spec faulty... cause it doesn't work with an SNI proxy... broken as intended ig.
Following setup: Domain.
merspieler.tk
Delegation to:matrix.merspieler.tk
via SRV record:_matrix._tcp.merspieler.tk. 3600 IN SRV 1 1 443 matrix.merspieler.tk.
Federation tester result:
SNI Proxy logs:
As you can see, for all requests to the server, the SNI header is set to
merspieler.tk
for some that is expected as it tries to query the.well-known
file. After it looked at the SRV record, it tries to gethttps://[2a03:4000:28:19a::b:ba]:443/_matrix/key/v2/server
but that now should have the delegatedmatrix.merspieler.tk
domain in the SNI header to get to the right machine, right now it again just uses the main domain.