Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Documentation for using Sygnal behind a reverse proxy #345

Closed
hmanzer opened this issue Aug 31, 2023 · 9 comments
Closed

Documentation for using Sygnal behind a reverse proxy #345

hmanzer opened this issue Aug 31, 2023 · 9 comments
Labels
X-Needs-Info This issue is blocked awaiting information from the reporter

Comments

@hmanzer
Copy link

hmanzer commented Aug 31, 2023

I am looking at some guidance for running the sygnal server with https using caddy or any other reverse_proxy server
@richvdh richvdh changed the title HTTPS reverse_proxy support Documentation for using Sygnal behind a reverse proxy Aug 31, 2023
@richvdh richvdh mentioned this issue Aug 31, 2023
Open
@hmanzer
Copy link
Author

hmanzer commented Sep 6, 2023
edited
Loading

I am trying to use let's encrypt certificate (Caddy reverse proxy) same caddyfile as my matrix server but additional lines

xx.xx.com{
  reverse_proxy /_matrix/v1/notify localhost:5000/
}

so our push gateway url in the client is https://xx.xx.com/_matrix/v1/notify
However the let's encrypt certificate doesn't work with push gateway but it works fine with matrix server.
If we remove push gateway from reverse proxy and directly hit push gateway with its staticip http://staticip:5000/_matrix/v1/notfiy the push notification reaches sygnal.

Don't know why let's encrypt/reverse proxy isn't working for our push gateway configuration.

The error we get if we use https with push gateway is JSONDecode error

@clokep
Copy link
Member

clokep commented Sep 6, 2023

However the let's encrypt certificate doesn't work with push gateway but it works fine with matrix server.

Can you expand more about what "doesn't work"? Are you getting an error somewhere? From the homeserver logs perhaps?

There should not be anything special about the reverse proxy for Sygnal, not that the URL is /_matrix/push/v1/notify, not /_matrix//v1/notify.

@clokep clokep added the X-Needs-Info This issue is blocked awaiting information from the reporter label Sep 6, 2023
@hmanzer
Copy link
Author

hmanzer commented Sep 7, 2023
edited
Loading

sorry it was manually typed, and not copy pasted. We are using the URL /_matrix/push/v1/notify

The error when used with https is JSONDecode Error. Shown below, we get a 200 code and then JSONDecode error if we use reverse proxy. The 200 code confirms that it is working fine but when matrix server tries to send the message it can't.
This error is not there if we bypass the reverse proxy and use http only.

2023-09-04 11:52:54,842 - synapse.http.client - 414 - INFO - http_pusher.on_new_receipts-55 - Received response to POST https://xx.xx.com/_matrix/push/v1/notify: 200
2023-09-04 11:52:54,842 - synapse.push.httppusher - 527 - WARNING - http_pusher.on_new_receipts-55 - Failed to send badge count to @myname:xx.xx.com.my/im.zz.app/onb+OSOY7qAcGWm5H7DxscYw2pClY5PvQBvK5wb5r5M=: <class 'json.decoder.JSONDecodeError'> Expecting value: line 1 column 1 (char 0)

@clokep
Copy link
Member

clokep commented Sep 7, 2023

What are the sygnal logs? Do they show that a request comes in?

From the response I would guess that caddy is either responding directly or that it is sending it to the wrong process. Without showing more of your caddy file it is hard to know which it is.

@hmanzer
Copy link
Author

hmanzer commented Sep 8, 2023

There is nothing in sygnal logs when caddy/https is used. I saw that there is 200 code in matrix logs for pusher log which tells us that matrix is able to reach sygnal but the actual POST fails from matrix, sygnal logs nothing (while using https).

Caddyfile

zz.xx.com {
  reverse_proxy /_matrix/* localhost:8008
  reverse_proxy /_synapse/client/* localhost:8008
  reverse_proxy localhost:8008
}

xx.xx.com {
  reverse_proxy /_matrix/v1/notify localhost:5000/
}
server.xx.com:8448 {
  reverse_proxy localhost:8008
}

Where zz.xx.com is our main matrix URL and zz.xx.com is the pusher URL (sharing subdomain xx.com)
I have a thought that caddy is generating a let's encrypt certificate for zz.xx.com fine, I checked on browser, is there a conflict for xx.xx.com?. Can pusher and matrix share same reverse proxy?

@clokep
Copy link
Member

clokep commented Sep 8, 2023

Can pusher and matrix share same reverse proxy?

They should be able to. Are zz and xx different subdomains? (I'm wondering if there's any chance that the /_matrix/* is matching first as it encompasses /_matrix/v1.... I'm not sure how caddy resolves that.)

Note that again you've typed /_matrix/v1/notify instead of /_matrix/push/v1/notify -- this makes me very uncertain your config is correct.

@hmanzer
Copy link
Author

hmanzer commented Sep 8, 2023

zz and xx are subdomains and share the same domain name of xx.com
yes it does seem there is a mistake in caddyfile as I copied as it is and find and replaced keywords. Let me make the changes and get back here if all is working.

@DMRobertson
Copy link
Contributor

@hmanzer did you manage to get this working?

@hmanzer
Copy link
Author

hmanzer commented Nov 24, 2023 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
X-Needs-Info This issue is blocked awaiting information from the reporter
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@clokep @DMRobertson @hmanzer