Open Beleggrodion opened 1 year ago
rwjack
commented
1 year ago Try
curl -X POST https://matrix.domain.tld:3000/verify/user -H "Authorization: Bearer syt_token" -H "Content-Type: application/json" -d '{"matrix_server_name": "server.name", "token": "1234" }'Also, you leaked your domain in the portainer env part.
Beleggrodion
commented
1 year ago Thx. Edited it.
Ok, when i try this (with the domain or localhost) i also receive an SSL error.
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to matrix.domain.com:3000
When i connect to the docker image and check "env" all variables looks correct, also i see that the service is running.
root@matrix-user-verification-service:/app# ps wuafx
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 55 1.2 0.0 3864 3220 pts/1 Ss 11:23 0:00 bash
root 62 0.0 0.0 7636 2772 pts/1 R+ 11:24 0:00 \_ ps wuafx
root 36 0.0 0.0 3984 3336 pts/0 Ss+ Jan04 0:00 bash
root 1 0.0 0.1 685992 39652 ? Ssl Jan04 0:00 npm
root 24 0.0 0.0 2388 768 ? S Jan04 0:00 sh -c node src/app.js
root 25 0.0 0.1 587968 41592 ? Sl Jan04 0:00 \_ node src/app.jsWhen i try the curl command directly in the docker image , i receive
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
When i change the curl call to http, instead of https , the access looks like to work inside the docker image.
I don't have any other service, with the same port, because when i stop the container the port is unused.
Is the openid token the same as the token which i receive with?
curl -k -XPOST -d '{"type":"m.login.password", "user":"user", "password":"1234"}' "https://localhost:8448/_matrix/client/r0/login"
When yes, then something other is wrong bcause i also receive no user returned.
rwjack
commented
1 year ago ah yes, I run it behind a proxy so it's https for me, you should do http in that case.
If it works from inside the container, should work from the outside as well.
As for the token, it's the syt_abcdf token you get when you log in with your specially created user for this service, go to all settings -> help and about -> all the way down it says access token.
Beleggrodion
commented
1 year ago Ok, thx.
I found the solution for me to access the api outside of the image. Looks like a ipv6 issue (i don't use it here, because no ipv6 from internet provider), i added UVS_LISTEN_ADDRESS with 0.0.0.0 to the ENV and then access looks like it worked.
I tried it with that token:
curl -XPOST http://localhost:3000/verify/user -H "Authorization: Bearer sometoken" -H "Content-Type: application/json" -d '{"matrix_server_name": "matrix.domain.com", "token": "syt_dmXXXX" }'
i receive
{"results":{"user":false},"user_id":null}
rwjack
commented
1 year ago that is the correct response from the server.
Now configure jitsi, then make a matrix room, invite 2 other test accounts, and make a group conference by pressing the phone button in element.
Relevant jitsi .env config:
MATRIX_UVS_URL=https://matrix.domain.tld
MATRIX_UVS_ISSUER=domain.tld # or with matrix subdomain if your servername in homeserver.yaml is matrix.domain.tld
MATRIX_UVS_AUTH_TOKEN=syt_same_one_as_uvs_service
MATRIX_UVS_SYNC_POWER_LEVELS=1After that last step you will come to find that element desktop is broken for some reason, so you can +1 my issue here. https://github.com/vector-im/element-web/issues/24055
Beleggrodion
commented
1 year ago Ok, The widget is correctly generated i think. It don't points to the default jitsi instance when i enable in the matrix client json.
https://element.domain.com/jitsi.html#conferenceDomain=meet.domain.com&conferenceId=JitsiTpuodyuXXXXX&isAudioOnly=false&isVideoChannel=false&displayName=it&avatarUrl=&userId=%40user%3Amatrix.domain.com&roomId=!meetingXXXX%3Amatrix.domain.com&theme=light&roomName=Test%20Meeting%Room&supportsScreensharing=true&language=de
I checked your ticket and it looks like the same, but i cannot verify it with my mobile phone (android) because , when i try to join the meeting which i created in element-web (which wants authentication like the desktop app) in the android app i receive message that a connection will be established and it hangs in that screen until a timeout is reched.
rwjack
commented
1 year ago That's because when ran from the element-desktop/web apps, the meeting never creates in the first place.
I've managed to start a meeting from my phone, and then it works - that's why this seems to be an element-web related issue.
Also, make sure to have the relevant .well-known entries on your matrix.domain.tld, or just domain.tld if you have it configured to proxy traffic to synapse.
.well-known/element/jitsi
{"auth": "openidtoken-jwt"}.well-known/matrix/client
{
"m.homeserver": {
"base_url": "https://matrix.domain.tld"
},
"m.identity_server": {
"base_url": "https://vector.im"
},
"im.vector.riot.jitsi": {
"preferredDomain": "jitsi.domain.tld"
}
}.well-known/matrix/server
{
"m.server": "matrix.domain.tld:443"
}I had the mentioned entries in my nginx config. The intresting part is that the default jitsi implementation don't have the .well-known entry: https://meet.element.io/.well-known/element/jitsi , so it looks like a different implementation.
rwjack
commented
1 year ago Good find, they really need to address the documentation related to this. Feel free to let them know about this over at the ticket I linked above.
I tried to setup this docker image on our docker server on which docker and jitsi is running. i added this to the docker-compose file.
To the ENV Konfiguration (I Use Portainer) i added: UVS_ACCESS_TOKEN = sometoken UVS_HOMESERVER_URL = https://matrix.domain.com UVS_DISABLE_IP_BLACKLIST = true UVS_OPENID_VERIFY_SERVER_NAME = matrix.domain.com UVS_LOG_LEVEL = debug
I see that now something is running under port "3000" but connect to it is not possible.
root@srv01:/data/docker-data# nc localhost 3000 POST /verify/user root@srv01:/data/docker-data#
The same when i first try to set "Authorization: Bearer sometoken" after connect.
The docker log file only show's me
and no connection attempt. Do i something wrong with my configuration?