search

wiresafe / wiresafe-deploy

Deployment scripts, Docker, Kubernetes, etc... for Wiresafe projects
0 stars 0 forks source link

Identity server failure to resolve invite with the homeserver #6

Closed maxidorius closed 7 years ago

maxidorius commented 7 years ago

Due to missconfigured hosts/DNS pointing to the external IP of the HS container:

2017-09-13 18:48:10.155  INFO 1 --- [       Thread-7] i.k.mxisd.invitation.InvitationManager   : Posting onBind event to https://neo.wiresafe.com:8448/_matrix/federation/v1/3pid/onbind
2017-09-13 18:50:17.381  WARN 1 --- [       Thread-7] i.k.mxisd.invitation.InvitationManager   : Unable to tell HS neo.wiresafe.com about invite being mapped

org.apache.http.conn.HttpHostConnectException: Connect to neo.wiresafe.com:8448 [neo.wiresafe.com/35.190.4.176] failed: Operation timed out (Connection timed out)
    at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:159) ~[httpclient-4.5.3.jar!/:4.5.3]
    at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:359) ~[httpclient-4.5.3.jar!/:4.5.3]
    at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381) ~[httpclient-4.5.3.jar!/:4.5.3]
    at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237) ~[httpclient-4.5.3.jar!/:4.5.3]
    at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185) ~[httpclient-4.5.3.jar!/:4.5.3]
    at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) ~[httpclient-4.5.3.jar!/:4.5.3]
    at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111) ~[httpclient-4.5.3.jar!/:4.5.3]
    at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) ~[httpclient-4.5.3.jar!/:4.5.3]
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) ~[httpclient-4.5.3.jar!/:4.5.3]
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108) ~[httpclient-4.5.3.jar!/:4.5.3]
    at io.kamax.mxisd.invitation.InvitationManager.lambda$publishMappingIfInvited$1(InvitationManager.java:222) ~[classes!/:na]
    at java.lang.Thread.run(Thread.java:748) ~[na:1.8.0_131]
Caused by: java.net.ConnectException: Operation timed out (Connection timed out)
    at java.net.PlainSocketImpl.socketConnect(Native Method) ~[na:1.8.0_131]
    at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350) ~[na:1.8.0_131]
    at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206) ~[na:1.8.0_131]
    at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188) ~[na:1.8.0_131]
    at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) ~[na:1.8.0_131]
    at java.net.Socket.connect(Socket.java:589) ~[na:1.8.0_131]
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:339) ~[httpclient-4.5.3.jar!/:4.5.3]
    at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) ~[httpclient-4.5.3.jar!/:4.5.3]
    ... 11 common frames omitted

Need to allow access to the external IP only from the IS, or configure kube with an internal host/DNS resolver that dynapically set an entry with the IP of a container/service?

maxidorius commented 7 years ago

This was solved using the DNS overwrite feature of mxisd and the following config snipset

{
    "dns": {
        "overwrite": {
            "homeserver": {
                "name": "neo.wiresafe.com",
                "value": "matrix:8448"
            }
        }
    }
}