Federation not working with riot and https

[enannos]

Hello,

I have a local installation of matrix-synapse, riot and matrix-dimension. The riot website runs with the apache server and is accessible through https on port 443 with a self-signed certificate.

Everything is working OK but I somehow cannot get the matrix-dimension to work with the https. When I open the riot webpage https://chatserver, I can login, everything is working but the "Integrations" icon is shown red and the error "Integrations error" appear.

I have enabled also in the apache config the port 80, when I go the the http://chatserver, I can connect to the server again and the matrix-dimension also connects and communicates with the riot.

Is there a special configuration that I need to change?

[turt2live]

If federation is disabled on synapse, you'll need to fix that. Alternatively, change the federation url for the homeserver in the dimension config.

[enannos]

Hi,

federation is enabled on synapse

---

listeners:

port: 8448
bind_addresses: ['0.0.0.0']

type: http
tls: true
x_forwarded: false
resources:
  - names: [client, webclient]
    compress: true
  - names: [federation]
    compress: false

---

The federation URL points to the synapse server federationUrl: "https://FQDN_OF_SERVER:8448"

[turt2live]

Any errors in the Dimension logs?

[enannos]

Nothing, no errors at all.

Does it have to do with the fact that I am using the apache with https that serves riot?

[turt2live]

Possibly, although there should be some kind of error in the Dimension log. Double check that Dimension is running and that Riot is configured to use Dimension.

[enannos]

Hello,

I did some other tests and changed some things. I now use the nginx server as the proxy. The settings are the following:

server { listen 80; server_name chat01; return 301 https://$server_name$request_uri; }

server { listen 443 ssl; listen [::]:443 ssl; server_name chat01;

ssl_certificate /common/chat01.pem;
ssl_certificate_key /common/chat01.key;

root /var/www/riot;
index index.html index.htm;
#I am using the mxisd to connect the matrix with our AD,the following line is needed
location /_matrix/identity {
    proxy_pass http://localhost:8090/_matrix/identity;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $remote_addr;
}
location /_matrix {
  proxy_pass http://127.0.0.1:8008;
  proxy_set_header X-Forwarded-For $remote_addr;
}

}

Still, there is no way to connect to dimensions. I have also tried to run dimensions on another server, still the same result. If I use the matrix & riot WITHOUT a proxy, the dimensions is working.

[turt2live]

your nginx config is missing a directive for proxying Dimension to somewhere. Note that you should not be running Dimension on the same domain as Riot or Matrix - it should be a dedicated domain like how dimension.t2bot.io is set up.

[enannos]

Hi turt2live,

I've compiled the latest Dimensions in another system, the riot and matrix remain on the first system with the nginx config that I've send you above. Now, when I start the Dimensions, I get the following error:

Mar-28-2019 14:07:42.681 +00:00 info [BotSdk-MatrixLiteClient (REQ-1)] GET http://XXXX:8008/_matrix/client/r0/account/whoami Mar-28-2019 14:07:42.709 +00:00 info [BotSdk-MatrixLiteClient (REQ-1 RESP-H400)] {"errcode":"M_UNRECOGNIZED","error":"Unrecognized request"} Mar-28-2019 14:07:42.710 +00:00 error [BotSdk-MatrixLiteClient (REQ-1)] {"errcode":"M_UNRECOGNIZED","error":"Unrecognized request"}

I have also tried with https://SERVERIP in the clientServerUrl and federationUrl, same error.

What am I doing wrong here?

[enannos]

I am also getting further down an error "authorizationError: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE". But my Certificate is OK, Firefox is not complaining when opening riot.

I have also started with: npm config set strict-ssl=false export NODE_TLS_REJECT_UNAUTHORIZED=0

but still the same error. I am using npm 6.9.0 and nodejs 8.10.0

[enannos]

Ok, I am a step further now.

I have updated to the latest synapse, which solved many of the issues. I did exactly what in the instructions is written but, as long as I log me in riot, the error appears on the dimensions console:

Mar-29-2019 14:30:31.351 +00:00 info [Webserver] Incoming request: OPTIONS /api/v1/scalar/register Mar-29-2019 14:30:31.365 +00:00 info [Webserver] Incoming request: POST /api/v1/scalar/register Mar-29-2019 14:30:31.368 +00:00 warn [Webserver] Handling ApiError 401 {"message":"Invalid API version.","dim_errcode":"D_UNKNOWN"}

[turt2live]

You'll need to use Riot 1.0.4 or higher

[enannos]

You are right. Just updated the Riot and it works.

Thank you