Closed vilyaua closed 5 years ago
Hi!
Congrats on successfully setting up your Matrix server!
It seems like it's configured correctly and should work.. Besides the fact that Federation with other servers may be having problems, because https://perfsys.io/.well-known/matrix/server does not serve a file.
It appears that your SSL certificates on perfsys.io are not configured correctly.
Judging by http://perfsys.io/ (note the HTTP protocol), it seems like the main perfsys.io domain leads to CloudFlare. I guess you have configured Amazon CloudFlare for your domain and that HTTPS doesn't work?
You will need working HTTPS for the base domain (perfsys.io) to be able to serve the well-known files from there (using one of the 2 methods described here)
If you cannot arrange to have HTTPS for the base domain (perfsys.io), you can switch to the other method for Server Delegation: Server Delegation via a DNS SRV record (advanced).
Doing that, you won't be required to set up a /.well-known/matrix/server
on the base domain. Running a self-check would still report a failure because /.well-known/matrix/client
is not configured, but that's not very important. It's an optional thing that can be skipped.
perfsys.io is located at AWS
Judging by http://perfsys.io/ (note the HTTP protocol), it seems like the main perfsys.io domain leads to CloudFlare. I guess you have configured Amazon CloudFlare for your domain and that HTTPS doesn't work?
There's an alias that I can change
I'll try to make a copy of /.well-known/matrix/server and /.well-known/matrix/client to S3 bucket and point perfsys.io on it
Where do I get these files?
You can find these files at these URLs:
They are also in the /matrix/static-files/.well-known/matrix
directory on the server.
Looks like the server
file is missing for you now, which means you've either not used an up-to-date playbook (us generating the server
file is a fairly new thing) or you've intentionally disabled the generation of the server
file by using matrix_well_known_matrix_server_enabled: false
.
Can't find the matrix_well_known_matrix_server_enabled variable in my inventory's vars.yml file. Looks like I miss something. Would you take a brief look at it, please:
`host_specific_matrix_ssl_lets_encrypt_support_email: vperminov@perfsys.net host_specific_hostname_identity: perfsys.io
matrix_coturn_turn_static_auth_secret: "some_key" matrix_synapse_macaroon_secret_key: "some_key"
matrix_nginx_proxy_docker_image: "nginx:1.15.8-alpine" matrix_nginx_proxy_data_path: "{{ matrix_base_data_path }}/nginx-proxy" matrix_nginx_proxy_confd_path: "{{ matrix_nginx_proxy_data_path }}/conf.d" matrix_nginx_proxy_systemd_required_services_list: ['docker.service'] matrix_nginx_proxy_systemd_wanted_services_list: [] matrix_nginx_proxy_container_additional_volumes: []
matrix_nginx_proxy_proxy_riot_enabled: true matrix_nginx_proxy_proxy_riot_hostname: "{{ hostname_riot }}"
matrix_nginx_proxy_proxy_matrix_enabled: true matrix_nginx_proxy_proxy_matrix_hostname: "{{ hostname_matrix }}"
matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: false matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081" matrix_nginx_proxy_proxy_matrix_corporal_api_addr_sans_container: "127.0.0.1:41081"
matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: false matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container: "matrix-mxisd:8090" matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "127.0.0.1:8090"
matrix_nginx_proxy_proxy_matrix_identity_api_enabled: false matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-mxisd:8090" matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container: "127.0.0.1:8090"
matrix_nginx_proxy_proxy_synapse_metrics: false matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled: false matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key: ""
matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container: "matrix-synapse:8008" matrix_nginx_proxy_proxy_matrix_client_api_addr_sans_container: "127.0.0.1:8008" matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb: 25
matrix_nginx_proxy_tmp_directory_size_mb: "{{ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb * 50 }}"
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: []
matrix_nginx_proxy_reload_cron_time_definition: "20 4 /5 *"
matrix_nginx_proxy_ssl_protocols: "TLSv1.1 TLSv1.2 TLSv1.3"
matrix_ssl_retrieval_method: "lets-encrypt"
matrix_ssl_domains_to_obtain_certificates_for: []
matrix_ssl_lets_encrypt_staging: false matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:v0.30.0" matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402 matrix_ssl_lets_encrypt_support_email: "{{ host_specific_matrix_ssl_lets_encrypt_support_email }}"
matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl" matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config" matrix_ssl_log_dir_path: "{{ matrix_ssl_base_path }}/log"
matrix_mxisd_enabled: true
matrix_mxisd_docker_image: "kamax/mxisd:1.2.2" matrix_mxisd_base_path: "{{ matrix_base_data_path }}/mxisd" matrix_mxisd_config_path: "{{ matrix_mxisd_base_path }}/config" matrix_mxisd_data_path: "{{ matrix_mxisd_base_path }}/data"
matrix_mxisd_container_expose_port: false
matrix_mxisd_systemd_required_services_list: ['docker.service']
matrix_mxisd_systemd_wanted_services_list: []
matrix_mxisd_matrixorg_forwarding_enabled: false
matrix_mxisd_synapsesql_enabled: false matrix_mxisd_synapsesql_type: "" matrix_mxisd_synapsesql_connection: ""
matrix_mxisd_threepid_medium_email_identity_from: "matrix@{{ hostname_identity }}" matrix_mxisd_threepid_medium_email_connectors_smtp_host: "smtp.gmail.com" matrix_mxisd_threepid_medium_email_connectors_smtp_port: 587 matrix_mxisd_threepid_medium_email_connectors_smtp_tls: 1 matrix_mxisd_threepid_medium_email_connectors_smtp_login: "vperminov@perfsys.net" matrix_mxisd_threepid_medium_email_connectors_smtp_password: "some_passwd"
matrix_mxisd_dns_overwrite_enabled: false matrix_mxisd_dns_overwrite_homeserver_client_name: "{{ hostname_matrix }}" matrix_mxisd_dns_overwrite_homeserver_client_value: "http://matrix-synapse:8008"
matrix_mxisd_configuration_yaml: | matrix: domain: {{ hostname_identity }}
server: name: {{ hostname_matrix }}
key: path: /var/mxisd/sign.key
storage: provider: sqlite: database: /var/mxisd/mxisd.db
{% if matrix_mxisd_dns_overwrite_enabled %} dns: overwrite: homeserver: client:
name: {{ matrix_mxisd_dns_overwrite_homeserver_client_name }} value: {{ matrix_mxisd_dns_overwrite_homeserver_client_value }} {% endif %}
{% if matrix_mxisd_matrixorg_forwarding_enabled %} forward: servers: ['matrix-org'] {% endif %}
threepid: medium: email: identity: from: {{ matrix_mxisd_threepid_medium_email_identity_from }} connectors: smtp: host: {{ matrix_mxisd_threepid_medium_email_connectors_smtp_host }} port: {{ matrix_mxisd_threepid_medium_email_connectors_smtp_port }} tls: {{ matrix_mxisd_threepid_medium_email_connectors_smtp_tls }} login: {{ matrix_mxisd_threepid_medium_email_connectors_smtp_login }} password: {{ matrix_mxisd_threepid_medium_email_connectors_smtp_password }}
synapseSql: enabled: {{ matrix_mxisd_synapsesql_enabled }} type: {{ matrix_mxisd_synapsesql_type }} connection: {{ matrix_mxisd_synapsesql_connection }}
matrix_mxisd_configuration_extension_yaml: | matrix_mxisd_configuration: "{{ matrix_mxisd_configuration_yaml|from_yaml|combine(matrix_mxisd_configuration_extension, recursive=True) }}"`
You should be able to see matrix_well_known_matrix_server_enabled
and its default value (true
) in roles/matrix-base/defaults/main.yml
.
If you don't see it in that file, it means you are running an old version of this playbook.
If so, you should update the playbook. Either git pull
to update (if you got the source code using git
), or download a new archive of the source code and bring your vars.yml
and hosts
files over.
I've cloned the spantaleev/matrix-docker-ansible-deploy a few days ago, so it should be fresh enough ) And being shelled on the EC2 instance that hosts the synapse, I can't get into /matrix directory even through sudo
Ok, I'll try to PULL tomorrow. Thanks for your time, Slavi
If it's from a few days ago, it's not very fresh, because there was a big upgrade just yesterday.
See this changelog entry: Synapse v0.99 support and preparation for Synapse v1.0.
The /.well-known/matrix/server
file is only available from that update, because it's a brand new thing.
That's why you don't have the file. On the other hand, you are reading the most recent docs online, which is confusing. Your setup (made by the old version of the playbook) is outdated compared to the docs.
The solution is to just update the playbook and re-run it.
You can then proceed to figure out how to set up HTTPS at your base domain.. Or go with an alternative method for Server Delegation: Server Delegation via a DNS SRV record (advanced).
@spantaleev What would you suggest as a final solution to use Keycloak/SSO together with a Matrix ?
We see several auth options on the link https://github.com/spantaleev/matrix-docker-ansible-deploy
Another words do we to deploy mxisd
or we need matrix-synapse-rest-auth
?
You should be able to see
matrix_well_known_matrix_server_enabled
and its default value (true
) inroles/matrix-base/defaults/main.yml
.If you don't see it in that file, it means you are running an old version of this playbook.
If so, you should update the playbook. Either
git pull
to update (if you got the source code usinggit
), or download a new archive of the source code and bring yourvars.yml
andhosts
files over.
Hello, Slavi!
Playbook is updated, now I'm working on Main Domain's SSL certificate I think we can close this issue for now
Thanks again!
P.S.: I'm going to move the question about Matrix-Keycloak combination in another issue, if you don't mind
Hello!
First of all, I'd like to thank you for your work!
Would you please help me to find out where things go wrong.
The first task I'd like to solve is to make a Matrix-Keycloak connection. I suppose there is a module mxisd that could help me with that.
Got synapse installed. Can successfully connect via Riot mobile client and via web-based client as well: https://matrix.perfsys.io https://riot.perfsys.io So I assume that Server Delegation via a DNS SRV record (https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/howto-server-delegation.md) was made in the right way. But I can't get JSON file neither visiting https://perfsys.io/.well-known/matrix/server nor https://perfsys.io/.well-known/matrix/client, I get "Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP" instead.
Got mxisd enabled. But self-check (ansible-playbook -i inventory/hosts setup.yml --tags=self-check) returns:
So is it Reverse Proxying or incompatible SSL issue? Thanks in advance for your help