Sliding sync 502 on /_matrix/client/r0/account/whoami

[iMarv]

Playbook Configuration:

My vars.yml file looks like this:

# The bare domain name which represents your Matrix identity.
# Matrix user ids for your server will be of the form (`@user:<matrix-domain>`).
# Note: this playbook does not touch the server referenced here.
# Installation happens on another server ("matrix.<matrix-domain>").
#
# If you've deployed using the wrong domain, you'll have to run the Uninstalling step,
# because you can't change the Domain after deployment.
#
# Example value: example.com
matrix_domain: example.de

# This is something which is provided to Let's Encrypt when retrieving SSL certificates for domains.
#
# In case SSL renewal fails at some point, you'll also get an email notification there.
#
# If you decide to use another method for managing SSL certifites (different than the default Let's Encrypt),
# you won't be required to define this variable (see `docs/configuring-playbook-ssl-certificates.md`).
#
# Example value: someone@example.com
matrix_ssl_lets_encrypt_support_email: "mail@example.com"

# A shared secret (between Coturn and Synapse) used for authentication.
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
matrix_coturn_turn_static_auth_secret: "secret"

# A secret used to protect access keys issued by the server.
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
matrix_synapse_macaroon_secret_key: "secret"
matrix_homeserver_generic_secret_key: "{{ matrix_synapse_macaroon_secret_key }}"

# A Postgres password to use for the superuser Postgres user (called `matrix` by default).
#
# The playbook creates additional Postgres users and databases (one for each enabled service)
# using this superuser account.
devture_postgres_connection_password: "secret"

devture_postgres_data_path: "/some_path"

prometheus_node_exporter_enabled: true
prometheus_node_exporter_container_http_host_bind_port: "10.0.0.5:9100"
matrix_synapse_container_metrics_api_host_bind_port: "10.0.0.5:9101"
matrix_synapse_metrics_enabled: true

matrix_mautrix_telegram_enabled: true
matrix_mautrix_telegram_api_id: secret
matrix_mautrix_telegram_api_hash: secret
matrix_mautrix_telegram_bot_token: secret

matrix_mautrix_whatsapp_enabled: true
matrix_mautrix_whatsapp_configuration_extension_yaml:
  bridge:
    enable_status_broadcast: true
    extev_polls: true
    history_sync:
      backfill: true

matrix_mautrix_signal_enabled: true
matrix_mautrix_signal_relaybot_enabled: true

matrix_mautrix_signal_bridge_permissions: {"*": "relay", "@marv:example.de": "admin"}

matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: secret

devture_postgres_backup_enabled: true
devture_postgres_backup_base_path: "/some_path"

matrix_synapse_admin_enabled: true
matrix_synapse_workers_enabled: true
matrix_synapse_workers_preset: little-federation-helper
matrix_client_element_enabled: false

matrix_synapse_configuration_extension_yaml: |
  experimental_features:
    msc2716_enabled: true

matrix_client_hydrogen_enabled: true

matrix_mautrix_discord_enabled: true
matrix_mautrix_discord_federate_rooms: false

matrix_playbook_reverse_proxy_type: playbook-managed-traefik
devture_traefik_config_certificatesResolvers_acme_email: "mail@.com"

matrix_sliding_sync_enabled: true

Matrix Server:

• OS: Ubuntu 22.04
• Architecture amd64

Problem description:

I enabled the sliding sync proxy as displayed in the config. My Element X Android client gets stuck on the setup page. On checking logs, I see the following lines that keep repeating:

Sep 24 10:28:15 matrix matrix-sliding-sync[3008822]: {"level":"warn","error":"Get \"https://matrix.example.de/_matrix/client/r0/account/whoami\": dial tcp 127.0.1.1:443: connect: connection refused","time":"2023-09-24T10:28:15Z","message":"failed to get user ID from device ID"}
Sep 24 10:28:15 matrix matrix-sliding-sync[3008822]: {"level":"warn","error":"Get \"https://matrix.example.de/_matrix/client/r0/account/whoami\": dial tcp 127.0.1.1:443: connect: connection refused","time":"2023-09-24T10:28:15Z","message":"failed to get user ID from device ID"}
Sep 24 10:28:15 matrix matrix-sliding-sync[3008822]: 10:28:15 ERR failed to get or create Conn error="HTTP 502 : Get \"https://matrix.example.de/_matrix/client/r0/account/whoami\": dial tcp 127.0.1.1:443: connect: connection refused"
Sep 24 10:28:15 matrix matrix-sliding-sync[3008822]: 10:28:15 ERR failed to get or create Conn error="HTTP 502 : Get \"https://matrix.example.de/_matrix/client/r0/account/whoami\": dial tcp 127.0.1.1:443: connect: connection refused"
Sep 24 10:28:16 matrix matrix-traefik[3008391]: <ip> - - [24/Sep/2023:10:28:15 +0000] "POST /sliding-sync/_matrix/client/unstable/org.matrix.msc3575/sync?timeout=30000 HTTP/2.0" 502 140 "-" "-" 1234 "matrix-sliding-sync@docker" "http://172.24.0.6:8008" 1013ms
Sep 24 10:28:16 matrix matrix-traefik[3008391]: <ip> - - [24/Sep/2023:10:28:15 +0000] "POST /sliding-sync/_matrix/client/unstable/org.matrix.msc3575/sync?timeout=30000 HTTP/2.0" 502 140 "-" "-" 1235 "matrix-sliding-sync@docker" "http://172.24.0.6:8008" 1013ms

To me this reads like the sliding sync proxy has issues reaching some internal whoami endpoint, which is why I am opening the ticket here. Anything in this setup is stock-standard, the well-known files are redirected from my example.de to the matrix.example.de domain.

I re-ran the setup and also rebooted the server to ensure that this is no hiccup.

Do you have any hints/ideas what may be going wrong here?

[Marwel]

I have the same issue. From inside the sliding sync container, i can reach everything via curl but not "https://matrix.example.de" and therefore https://matrix.example.de/_matrix/client/r0/account/whoami is also not reachable. Tried to set the env SYNCV3_SERVER=http://matrix-synapse:8048, same result, but different error, this time 404.

[spantaleev]

See if the changes in 0a4cff5 make things better

[Marwel]

@spantaleev works for me. Thanks for the quick reply and fix.

[spantaleev]

Good to hear! I'll close this issue then