spantaleev / matrix-docker-ansible-deploy

🐳 Matrix (An open network for secure, decentralized communication) server setup using Ansible and Docker
GNU Affero General Public License v3.0
4.93k stars 1.05k forks source link

Matrix servers don't work in a federation #3314

Open rissabekov-tyro opened 6 months ago

rissabekov-tyro commented 6 months ago

Playbook Configuration:

My vars.yml file looks like this:

---
# The bare domain name which represents your Matrix identity.
# Matrix user ids for your server will be of the form (`@user:<matrix-domain>`).
#
# Note: this playbook does not touch the server referenced here.
# Installation happens on another server ("matrix.<matrix-domain>").
#
# If you've deployed using the wrong domain, you'll have to run the Uninstalling step,
# because you can't change the Domain after deployment.
#
# Example value: example.com
matrix_domain: ps.knb

# The Matrix homeserver software to install.
# See:
#  - `roles/custom/matrix-base/defaults/main.yml` for valid options
# - the `docs/configuring-playbook-IMPLEMENTATION_NAME.md` documentation page, if one is available for your implementation choice
matrix_homeserver_implementation: synapse

# A secret used as a base, for generating various other secrets.
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
matrix_homeserver_generic_secret_key: '*******************'

# By default, the playbook manages its own Traefik (https://doc.traefik.io/traefik/) reverse-proxy server.
# It will retrieve SSL certificates for you on-demand and forward requests to all other components.
# For alternatives, see `docs/configuring-playbook-own-webserver.md`.
matrix_playbook_reverse_proxy_type: playbook-managed-traefik

matrix_coturn_container_network: host

matrix_synapse_workers_enabled: true

matrix_synapse_workers_preset: little-federation-helper

# This is something which is provided to Let's Encrypt when retrieving SSL certificates for domains.
#
# In case SSL renewal fails at some point, you'll also get an email notification there.
#
# If you decide to use another method for managing SSL certificates (different than the default Let's Encrypt),
# you won't be required to define this variable (see `docs/configuring-playbook-ssl-certificates.md`).
#
# Example value: someone@example.com
#devture_traefik_config_certificatesResolvers_acme_email: 'isabekov@dspi.knb'

# A Postgres password to use for the superuser Postgres user (called `matrix` by default).
#
# The playbook creates additional Postgres users and databases (one for each enabled service)
# using this superuser account.
devture_postgres_connection_password: '*******************'
devture_postgres_backup_enabled: true

matrix_synapse_federation_enabled: true
matrix_synapse_allow_public_rooms_over_federation: true
matrix_nginx_proxy_base_domain_serving_enabled: true

#matrix_static_files_file_matrix_support_enabled: true
matrix_static_files_container_labels_base_domain_enabled: true
matrix_static_files_file_index_html_enabled: true

jitsi_enabled: true
jitsi_jvb_container_extra_arguments:
  - '--env "JVB_ADVERTISE_IPS=10.16.48.34"'
  - '--env "JVB_DISABLE_STUN=true"'

matrix_synapse_admin_enabled: true

# Disable ACME / Let's Encrypt support.
devture_traefik_config_certificatesResolvers_acme_enabled: false

# Disabling ACME support (above) automatically disables the creation of the SSL directory.
# Force-enable it here, because we'll add our certificate files there.
devture_traefik_ssl_dir_enabled: true

# Tell Traefik to load our custom configuration file (certificates.yml).
# The file is created below, in `matrix_aux_file_definitions`.
# The `/config/..` path is an in-container path, not a path on the host (like `/matrix/traefik/config`). Do not change it!
devture_traefik_configuration_extension_yaml: 
  providers:
    file:
      filename: /config/certificates.yml
      watch: true
# Use the matrix-aux role to create our custom files on the server.
# If you'd like to do this manually, you remove this `matrix_aux_file_definitions` variable.
aux_file_definitions:
  # Create the privkey.pem file on the server by
  # uploading a file from the computer where Ansible is running.
  - dest: "{{ devture_traefik_ssl_dir_path }}/privkey.pem"
    src: /home/user/privkey.pem
# Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline.
# Note the indentation level.
# content: |
#   FILE CONTENT
#   HERE

# Create the cert.pem file on the server
# uploading a file from the computer where Ansible is running.
  - dest: "{{ devture_traefik_ssl_dir_path }}/cert.pem"
    src: /home/user/cert.pem
# Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline.
# Note the indentation level.
# content: |
#   FILE CONTENT
#   HERE

# Create the custom Traefik configuration.
# The `/ssl/..` paths below are in-container paths, not paths on the host (/`matrix/traefik/ssl/..`). Do not change them!
  - dest: "{{ devture_traefik_config_dir_path }}/certificates.yml"
    content: 
      tls:
        certificates:
          - certFile: /ssl/cert.pem
            keyFile: /ssl/privkey.pem
        stores:
          default:
            defaultCertificate:
              certFile: /ssl/cert.pem
              keyFile: /ssl/privkey.pem

Problem description:

Cannot connect two or more servers in a federation in my work LAN. We are using self-signed certificates, DNS seems to be configured correctly. Question: My work LAN doesn't have access to the Internet, do I need to adjust my config files for this scenario?

Also, I can use telnet to connect from one Matrix server to a Matrix port on another server, but the Matrix servers don't see each other. Any ideas why?

ZelChief commented 4 months ago

Try to debug your Matrix instance by The Matrix Federation Tester.