Open Dima-Kal opened 2 years ago
Well.. what do systemctl status matrix-nginx-proxy.service
and journalctl -fu matrix-nginx-proxy.service
say?
● matrix-nginx-proxy.service - Matrix nginx-proxy server Loaded: loaded (/etc/systemd/system/matrix-nginx-proxy.service; enabled; vendor preset: enabled) Active: activating (auto-restart) (Result: exit-code) since Wed 2022-03-09 19:35:14 UTC; 22s ago Process: 206477 ExecStartPre=/usr/bin/env sh -c /usr/bin/env docker kill matrix-nginx-proxy 2>/dev/null (code=exited, status=1/FAILURE) Process: 206490 ExecStartPre=/usr/bin/env sh -c /usr/bin/env docker rm matrix-nginx-proxy 2>/dev/null (code=exited, status=1/FAILURE) Process: 206503 ExecStart=/usr/bin/env docker run --rm --name matrix-nginx-proxy --log-driver=none --user=997:1001 --cap-drop=ALL --read-only --tmpfs=/tmp:rw,noexec,nosuid,size=7500m --network=matrix -p 80:8080 -p 443:8443 -p 8448:8448 --mount type=bind,src=/matrix/nginx-proxy/nginx.conf,dst=/etc/nginx/nginx.conf> Main PID: 206503 (code=exited, status=1/FAILURE)
Mar 09 19:35:45 linuxserver matrix-nginx-proxy[206987]: /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/ Mar 09 19:35:45 linuxserver matrix-nginx-proxy[206987]: /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh Mar 09 19:35:45 linuxserver matrix-nginx-proxy[206987]: 10-listen-on-ipv6-by-default.sh: info: /etc/nginx/conf.d/default.conf is not a file or does not exist Mar 09 19:35:45 linuxserver matrix-nginx-proxy[206987]: /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh Mar 09 19:35:45 linuxserver matrix-nginx-proxy[206987]: /docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh Mar 09 19:35:45 linuxserver matrix-nginx-proxy[206987]: /docker-entrypoint.sh: Configuration complete; ready for start up Mar 09 19:35:45 linuxserver matrix-nginx-proxy[206987]: 2022/03/09 19:35:45 [emerg] 1#1: cannot load certificate "/matrix/ssl/config/live/element.matrix.myselfhosting.com/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/matrix/ssl/config/live/element.matrix.myselfhosting.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file) Mar 09 19:35:45 linuxserver matrix-nginx-proxy[206987]: nginx: [emerg] cannot load certificate "/matrix/ssl/config/live/element.matrix.myselfhosting.com/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/matrix/ssl/config/live/element.matrix.myselfhosting.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file) Mar 09 19:35:45 linuxserver systemd[1]: matrix-nginx-proxy.service: Main process exited, code=exited, status=1/FAILURE Mar 09 19:35:45 linuxserver systemd[1]: matrix-nginx-proxy.service: Failed with result 'exit-code'.
any thoughts?
The error message looks pretty clear. cannot load certificate "/matrix/ssl/config/live/element.matrix.myselfhosting.com/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory
The error message looks pretty clear.
cannot load certificate "/matrix/ssl/config/live/element.matrix.myselfhosting.com/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory
Well, yea it won’t have a certificate because the certificate is in my home server’s nginx proxy manager, but what to do about this issue? How to skip or resolve?
I don't know anything about nginx proxy manager. You might be looking for https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/26ec3ca1b54accdb944c5cd5fc5a732c23ce41a7/docs/configuring-playbook-own-webserver.md#method-2-fronting-the-integrated-nginx-reverse-proxy-webserver-with-another-reverse-proxy
Specifically
# Do not retrieve SSL certificates.
matrix_ssl_retrieval_method: none
# Do not try to serve HTTPS
matrix_nginx_proxy_https_enabled: false
I don't know anything about nginx proxy manager. You might be looking for https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/26ec3ca1b54accdb944c5cd5fc5a732c23ce41a7/docs/configuring-playbook-own-webserver.md#method-2-fronting-the-integrated-nginx-reverse-proxy-webserver-with-another-reverse-proxy
Specifically
# Do not retrieve SSL certificates. matrix_ssl_retrieval_method: none # Do not try to serve HTTPS matrix_nginx_proxy_https_enabled: false
Already done that, it was required during setup
Im having a similar if not the same problem setting this up. I have all my services behind reverse proxy served by NPM (Nginx Proxy Manager).
For a test run, I just installed the ansible script with the defaults, and changed the port forwarding to the server running the matrix. It works perfectly fine, but of course now all my other reverse proxys dont run anymore, since im forwarding 80, 443 and 8448 to matrix server instead. But at least I know that the basic setup works as expected.
Now, I would like to make this work by using my already exisiting instance of NPM. But even if i follow the instructions for Method 2y I always get 502 Bad Gateway Errors.
What would be the correct way to configure in this scenario? If I understand Method2 correctly, the internal NGINX Server would listen to Traffic on Port 81 and 8448. So I would need to reverse proxy all of the subdomains with 80, 443 and 8448 to the Internal IP:81 & Internal IP:8448 correct?
There is a closed issue with somebody trying to add a standalone matrix server via NPM. But what helped him, didnt help me much yet. Same results for me: NPM ISSUE
@almostserious have you been able to solve this? I am running into the same issue.
I have a Nginx proxy running as well on a different machine and would like to forward the right requests to the VM running Matrix. So I followed method 2 from here;
Then I tried to take the configuration files installed on the Matrix VM and use them in my Nginx configuration (for element. and martrix.domainname.com), as this was mentioned on the page as well:
"You can most likely directly use the config files installed by this playbook at: /matrix/nginx-proxy/conf.d. Just include them in your own nginx.conf like this: include /matrix/nginx-proxy/conf.d/*.conf;"
That would mean to forward Nginx right subdomains to ports 81, 8081, 8449 using the 3 files from the playbook (matrix-client-element.conf, matrix-domain.conf, matrix-synapse.conf)
But I'm not sure how you can use the different conf templates from the playbook in Nginx, I tried copy pasting and overwriting the existing configuration that was created by setup in the UI of Nginx. Not sure that is the way.
Edit: In my specific case, what could be an issue is that I'm running Nginx in a docker environment (separate network type) and I have setup the playbook on a VM.
E.g. this is the file created by the playbook named matrix-client-element.conf;
server { listen 8080; listen [::]:8080;
server_name element.servername.com;
server_tokens off;
root /dev/null;
gzip on;
gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Frame-Options SAMEORIGIN;
add_header Content-Security-Policy "frame-ancestors 'self'";
add_header Permissions-Policy interest-cohort=() always;
location / {
resolver <<I tried adding the VM IP here>> valid=5s;
set $backend "matrix-client-element:8081";
proxy_pass http://$backend;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
@koen81 I never solved this issue, and no support here so i just dropped the idea and yet to come back and try it...
I have had same problem and solved it as following steps:
matrix_ssl_retrieval_method: none
matrix_nginx_proxy_https_enabled: false
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all
ansible-playbook -i inventory/hosts setup.yml --tags=start
If you're using NPM and Cloudflare, wouldn't you just use option 1 here?: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook-own-webserver.md
matrix_nginx_proxy_enabled: false
matrix_ssl_retrieval_method: none
Then just go into each of the roles folders for the services you use and bind examples such as 0.0.0.0:XXXX and user them in your vars file as in the examples here:
matrix_synapse_container_client_api_host_bind_port: '0.0.0.0:8008'
matrix_synapse_container_federation_api_plain_host_bind_port: '0.0.0.0:8048'
matrix_client_element_container_http_host_bind_port: "0.0.0.0:8765"
That way you can target the containers with NPM. Or am I missing something?
Hi, im trying to run this on a different VM from my main server to use this ansible playbook and my setup is as follows:
Main server is running:
I have a cloudflare domain for my server but none of the ports are exposed so im using dns challenge to get wildcard certificates for my subdomains (i.e matrix.domain.com)
in my config i've disabled fetching ssl certificates as it is done by the nginx-p-m on the main server. Installation is finished but when trying to start im getting error:
TASK [matrix-common-after : Fail if service isn't detected to be running] ***** skipping: [matrix.domain.com] => (item=matrix-mailer.service) skipping: [matrix.domain.com] => (item=matrix-postgres.service) skipping: [matrix.domain.com] => (item=matrix-mautrix-telegram.service) skipping: [matrix.domain.com] => (item=matrix-synapse.service) skipping: [matrix.domain.com] => (item=matrix-client-element.service) skipping: [matrix.domain.com] => (item=matrix-ma1sd.service) failed: [matrix.myselfhosting.com] (item=matrix-nginx-proxy.service) => changed=false ansible_loop_var: item item: matrix-nginx-proxy.service msg: matrix-nginx-proxy.service was not detected to be running. It's possible that there's a configuration problem or another service on your server interferes with it (uses the same ports, etc.). Try running
systemctl status matrix-nginx-proxy.service
andjournalctl -fu matrix-nginx-proxy.service
on the server to investigate. If you're on a slow or overloaded server, it may be that services take a longer time to start and that this error is a false-positive. You can consider raising the value of thematrix_common_after_systemd_service_start_wait_for_timeout_seconds
variable. Seeroles/matrix-common-after/defaults/main.yml
for more details about that.PLAY RECAP **** matrix.domain.com : ok=24 changed=2 unreachable=0 failed=1 skipped=174 rescued=0 ignored=0
config:
matrix_domain: matrix.domain.com
matrix_homeserver_implementation: synapse
matrix_homeserver_generic_secret_key: 'asdasdasdasd'
matrix_ssl_retrieval_method: none
matrix_postgres_connection_password: 'asdasdasd'
matrix_coturn_turn_external_ip_address: 192.168.50.179 matrix_coturn_enabled: false
matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: asdasdasd
matrix_mautrix_telegram_enabled: true matrix_mautrix_telegram_api_id: asdasd matrix_mautrix_telegram_api_hash: asdasdasd