Closed Bergruebe closed 1 year ago
This is related to our recent changelog entry, (Backward Compatibility) Reverse-proxy configuration changes and initial Traefik support.
See the updated documentation about Using your own nginx reverse-proxy running on the same machine
In short, you should stop using matrix_nginx_proxy_enabled: false
and go for matrix_playbook_reverse_proxy_type: other-nginx-non-container
Thank you very much for you help! That was the problem, now everything works as aspected again.
Now I will read every changelog entry twice. 😀
Describe the bug I have already nginx installed on the server, so I'm using
matrix_nginx_proxy_enabled: false
and included/matrix/nginx-proxy/conf.d
in the nginx-config. It worked fine until the last rerun of the playbook. Now I get502 Bad Gateway
Errors, when I try to connect to Matrix over the Element App or Synapse-Admin.The nginx error log:
The port 8008 isn't in use (
sudo netstat -tunlp | grep 8008
returns nothing)To Reproduce My
vars.yml
file looks like this:My (not manually changed) /matrix/nginx-proxy/conf.d/matrix-domain.conf
```nginx server { listen 80; listen [::]:80; server_name matrix.XX; server_tokens off; root /dev/null; location /.well-known/acme-challenge { proxy_pass http://127.0.0.1:2402; } location / { return 301 https://$http_host$request_uri; } } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name matrix.XX.tld; server_tokens off; root /dev/null; ssl_certificate /matrix/ssl/config/live/matrix.XX/fullchain.pem; ssl_certificate_key /matrix/ssl/config/live/matrix.XX/privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /matrix/ssl/config/live/matrix.XX.tld/chain.pem; ssl_session_tickets off; ssl_session_cache shared:MozSSL:10m; ssl_session_timeout 1d; gzip on; gzip_types text/plain application/json; add_header Permissions-Policy interest-cohort=() always; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header X-XSS-Protection "1; mode=block"; location /.well-known/matrix { root /matrix/static-files; expires 4h; default_type application/json; add_header Access-Control-Allow-Origin *; } location /eb6a210b-4480-5c37-821a-ffd62d3e3c0e { proxy_pass http://127.0.0.1:9006; } rewrite ^/synapse-admin$ $scheme://$server_name/synapse-admin/ permanent; location ~ ^/synapse-admin/(.*) { proxy_pass http://127.0.0.1:8766/$1; } rewrite ^/matrix-registration$ $scheme://$server_name/matrix-registration/ permanent; rewrite ^/matrix-registration/$ $scheme://$server_name/matrix-registration/register redirect; location ~ ^/matrix-registration/(.*) { proxy_pass http://127.0.0.1:8767/$1; sub_filter_once off; sub_filter_types text/css; sub_filter "/static/" "/matrix-registration/static/"; } location ~* ^(/_matrix|/_synapse/client|/_synapse/admin) { proxy_pass http://127.0.0.1:12080; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; client_body_buffer_size 25M; client_max_body_size 50M; proxy_max_temp_file_size 0; } location ~* ^/$ { return 302 $scheme://element.XX.tld$request_uri; } } server { listen 8448 ssl http2; listen [::]:8448 ssl http2; server_name matrix.XX; server_tokens off; root /dev/null; gzip on; gzip_types text/plain application/json; ssl_certificate /matrix/ssl/config/live/matrix.XX/fullchain.pem; ssl_certificate_key /matrix/ssl/config/live/matrix.XX/privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /matrix/ssl/config/live/matrix.XX.tld/chain.pem; ssl_session_tickets off; ssl_session_cache shared:MozSSL:10m; ssl_session_timeout 1d; location / { proxy_pass http://127.0.0.1:12088; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; client_body_buffer_size 25M; client_max_body_size 150M; proxy_max_temp_file_size 0; } } ```My (not manually changed) /matrix/nginx-proxy/conf.d/matrix-synapse.conf
```nginx server { listen 12080; server_tokens off; root /dev/null; gzip on; gzip_types text/plain application/json; location / { proxy_pass http://127.0.0.1:8008; proxy_set_header Host $host; client_body_buffer_size 25M; client_max_body_size 50M; proxy_max_temp_file_size 0; } } server { listen 12088; server_tokens off; root /dev/null; gzip on; gzip_types text/plain application/json; location / { proxy_pass http://127.0.0.1:8048; proxy_set_header Host $host; client_body_buffer_size 25M; client_max_body_size 150M; proxy_max_temp_file_size 0; } } ```Matrix Server:
Ansible: I'm using Ansible 2.14.2 on macOS 13.2.1 (Ventura)
Additional context I'm not sure, if a container named
matrix-synapse-reverse-proxy-companion
should be running whiteout any ports, in my configuration.It would be great, if you could help me. Thank you!