search

spantaleev / matrix-docker-ansible-deploy

🐳 Matrix (An open network for secure, decentralized communication) server setup using Ansible and Docker
GNU Affero General Public License v3.0
4.71k stars 1.02k forks source link

playbook-managed-traefik fails when fronted by apache2 #2544

Open xschlef opened 1 year ago

xschlef commented 1 year ago

All requests result in 404 when using the recommended settings using current HEAD https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/2a872e95fcc171a0bb96317b4a811762957600e3

https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook-own-webserver.md#fronting-the-integrated-reverse-proxy-webserver-with-another-reverse-proxy

traefik has an error: Error while building configuration (for the first time): http cannot be a standalone element (type *dynamic.HTTPConfiguration)" providerName=file

traefik configuration look rather empty, but I'm no expert on that.

/ # cat /config/provider.yml 

http:
  middlewares:

  routers:

/ # cat /config/traefik.yml 
accessLog: {}
api:
  dashboard: false
certificatesResolvers: null
entryPoints:
  matrix-federation:
    address: :8449
  web:
    address: :80
    forwardedHeaders:
      insecure: true
global:
  checkNewVersion: false
  sendAnonymousUsage: false
log:
  level: INFO
providers:
  docker:
    exposedByDefault: false
    network: traefik
  file:
    filename: /config/provider.yml

looks like traefic is not really routing anything?

randomsnowflake commented 1 year ago

I have the same issue. My config works with NGINX, once I switch to the new Traefik I receive 404 errors.

Ramblurr commented 1 year ago

I think your issue is the same as mine: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2543

The root cause is that the traefik configuration that tells traefik to reverse-proxy synapse is missing.

randomsnowflake commented 1 year ago

OK, so I added the config tag matrix_nginx_proxy_enabled: true and reran the setup.

It failed with the following error:

failed: [matrix.MYDOMAIN] (item=matrix-traefik.service) => changed=false
  ansible_loop_var: item
  item: matrix-traefik.service
  msg: matrix-traefik.service was not detected to be running. It's possible that there's a configuration problem or another service on your server interferes with it (uses the same ports, etc.). Try running `systemctl status matrix-traefik.service` and `journalctl -fu matrix-traefik.service` on the server to investigate. If you're on a slow or overloaded server, it may be that services take a longer time to start and that this error is a false-positive. You can consider raising the value of the `devture_systemd_service_manager_up_verification_delay_seconds` variable. See `/Users/user/Matrix/matrix-docker-ansible-deploy/roles/galaxy/com.devture.ansible.role.systemd_service_manager/defaults/main.yml` for more details about that.

I then, manually, stopped all matrix related Docker images on the server and restarted the setup. Now I have my previous error back:

TASK [custom/matrix-synapse : Fail if Matrix Client API not working] ***************************************************************************************************************************************************************************************
fatal: [matrix.MYDOMAIN.de]: FAILED! => changed=false
  msg: 'Failed checking Matrix Client API is up at `matrix.MYDOMAIN` (checked endpoint: `https://matrix.MYDOMAIN/_matrix/client/versions`). Is Synapse running? Is port 443 open in your firewall? Full error: {''redirected'': False, ''url'': ''https://matrix.MYDOMAIN/_matrix/client/versions'', ''status'': 404, ''date'': ''Wed, 08 Mar 2023 07:27:11 GMT'', ''server'': ''Apache/2.4.52 (Ubuntu)'', ''content_type'': ''text/plain; charset=utf-8'', ''x_content_type_options'': ''nosniff'', ''content_length'': ''19'', ''connection'': ''close'', ''elapsed'': 0, ''changed'': False, ''failed'': True, ''msg'': ''Status code was 404 and not [200]: HTTP Error 404: Not Found''}'

Switching back to matrix_playbook_reverse_proxy_type: playbook-managed-nginx I now receive:

TASK [custom/matrix-synapse : Check Matrix Client API] *****************************************************************************************************************************************************************************************************
fatal: [matrix.MYDOMAIN.de -> 127.0.0.1]: FAILED! => changed=false
  connection: close
  content_length: '19'
  content_type: text/plain; charset=utf-8
  date: Wed, 08 Mar 2023 07:43:48 GMT
  elapsed: 0
  msg: 'Status code was 404 and not [200]: HTTP Error 404: Not Found'
  redirected: false
  server: Apache/2.4.52 (Ubuntu)
  status: 404
  url: https://matrix.MYDOMAIN.de/_matrix/client/versions
  x_content_type_options: nosniff
...ignoring

TASK [custom/matrix-synapse : Fail if Matrix Client API not working] ***************************************************************************************************************************************************************************************
fatal: [matrix.MYDOMAIN.de]: FAILED! => changed=false
  msg: 'Failed checking Matrix Client API is up at `matrix.MYDOMAIN.de` (checked endpoint: `https://matrix.MYDOMAIN.de/_matrix/client/versions`). Is Synapse running? Is port 443 open in your firewall? Full error: {''redirected'': False, ''url'': ''https://matrix.MYDOMAIN.de/_matrix/client/versions'', ''status'': 404, ''date'': ''Wed, 08 Mar 2023 07:43:48 GMT'', ''server'': ''Apache/2.4.52 (Ubuntu)'', ''content_type'': ''text/plain; charset=utf-8'', ''x_content_type_options'': ''nosniff'', ''content_length'': ''19'', ''connection'': ''close'', ''elapsed'': 0, ''changed'': False, ''failed'': True, ''msg'': ''Status code was 404 and not [200]: HTTP Error 404: Not Found''}'

Since my Matrix setup seems about as reliable as Windows 95 install in the 90s, I restarted the server. Now my setup works and the server is working again.

But I did see your post before and I do think our issues are indeed related. On the first of March, I first tried to update the server to Traefik. Didn't work; switching back to NGINX did, however. Only problem: /synapse-admin would 404. Now it's back available (with the only change being matrix_nginx_proxy_enabled: true.

spantaleev commented 1 year ago

When using the new matrix_playbook_reverse_proxy_type variable, there's no need to touch matrix_nginx_proxy_enabled manually. matrix-nginx-proxy will be enabled/disabled as the playbook sees fit.

The playbook pretty much always enables matrix-nginx-proxy right now, because various services (Matrix homeserver, Jitsi, ..) still go through matrix-nginx-proxy (Traefik -> matrix-nginx-proxy -> some service). We're slowly getting rid of this dependency on matrix-nginx-proxy . In a week or two, this dependency should be gone and the playbook may no longer enable matrix-nginx-proxy for these setups.

Force-disabling it will cause troubles.

Error while building configuration (for the first time): http cannot be a standalone element (type *dynamic.HTTPConfiguration)" providerName=file

This is just merely a warning. In some cases (as is the case with the default setup), the provider.yml file is fairly empty and Traefik complains about it. It's not a problem.