Reverse-proxying /.well-known/matrix/server with Traefik

[gcaillaut]

Hi,

First, I’d like to thanks all the people who contributed to this project. Thank you all :)

So, here’s my issue. I’m serving my matrix instance using this Ansible playbook and Traefik. Everything works like a charm, except that I can’t find a way to serve /.well-known/matrix/server.

Let’s suppose that my matrix domain is mydomain.com. Then matrix.mydomain.com/ /.well-known/matrix/server serves the json file I expect. But I’d like this file to be served at, obviously, mydomain.com/.well-known/matrix/server.

I tried several configuration (well, only two).

First configuration:

http:
  routers:
    matrix-federation:
      entryPoints:
        - websecure
      rule: Host(`mydomain.com`) && PathPrefix(`/.well-known/matrix`)
      service: matrix-federation
      # I also tried to use with the following
      # service: matrix-nginx-proxy@docker
      tls:
        certResolver: letsencrypt
        domains:
          - main: "mydomain.com"

  services:
    matrix-federation:
      loadBalancer:
        passHostHeader: false
        servers:
          - url: https://matrix.mydomain.com

Second configuration, I’m trying to redirect the client on the right URL. It’s workish but I’m pretty sure it’s not the right solution…

http:
  routers:
    matrix-federation:
      entryPoints:
        - websecure
      rule: Host(`mydomain.com`) && PathPrefix(`/.well-known/matrix`)
      service: noop@internal
      middlewares:
        - matrix-federation-redirect
      tls:
        certResolver: letsencrypt
        domains:
          - main: "mydomain.com"

  middlewares:
    matrix-federation-redirect:
      redirectRegex:
        regex: "^https://example.com/(.*)"
        replacement: "https://matrix.example.com/${1}"

But nothing work… And I can’t find documentation for this setup :( Au secours !

[MTRNord]

Not sure how much this helps but this is what I do https://dashboard-new.nordgedanken.dev/dashboard/#/http/routers/well-known@file

(not the config on purpose as a) I use toml and b) mine is a bit messy on the code side)

[gcaillaut]

Thank you, I checked your configuration and I was able to solve my problem. Actually it was quite simple:

http:
  routers:
    matrix-federation:
      entryPoints:
        - websecure
      rule: Host(`example.com`) && PathPrefix(`/.well-known/matrix/`)
      service: matrix-nginx-proxy@docker
      middlewares:
        - matrix-federation-headers
      tls:
        certResolver: letsencrypt
        domains:
          - main: "example.com"

  middlewares:
    matrix-federation-headers:
      headers:
        customRequestHeaders:
          Host: matrix.example.com
          # Not sur if the following is required
          X-Forwwarded-Host: matrix.example.com
        customResponseHeaders:
          Content-Type: application/json

But now I have other problems. Element is having CORS errors and is not able to reach my matrix domain. I tried adding --label "traefik.http.middlewares.matrix-nginx-proxy.headers.accesscontrolalloworigin=*" in both matrix_nginx_proxy_container_extra_arguments and matrix_synapse_container_extra_arguments (in vars.yml), but it doesn’t work… Any clue on how to fix this?

[tdehaeze]

@GaaH could you solve this problem? I am facing the same issue. Thanks

[gcaillaut]

@GaaH could you solve this problem? I am facing the same issue. Thanks

Yes, I'm still facing CORS errors but everything seems to be working. Actually, I'm a bit ashamed since my problem was caused by forgetting to exposing the port 8448 in my traefik container… That's why element couldn't acces my matrix server… So double check your ports ;)

I'm using the same dynamic configuration as above.