Comments (2)
Klar
commented on June 16, 2024
I dont get it to work. Fresh installed with the following config
---
# The bare domain name which represents your Matrix identity.
# Matrix user ids for your server will be of the form (`@user:<matrix-domain>`).
#
# Note: this playbook does not touch the server referenced here.
# Installation happens on another server ("matrix.<matrix-domain>").
#
# If you've deployed using the wrong domain, you'll have to run the Uninstalling step,
# because you can't change the Domain after deployment.
#
# Example value: example.com
matrix_domain: domain.com
# The Matrix homeserver software to install.
# See:
# - `roles/custom/matrix-base/defaults/main.yml` for valid options
# - the `docs/configuring-playbook-IMPLEMENTATION_NAME.md` documentation page, if one is available for your implementation choice
matrix_homeserver_implementation: synapse
# A secret used as a base, for generating various other secrets.
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
matrix_homeserver_generic_secret_key: 'xxx'
# By default, the playbook manages its own Traefik (https://doc.traefik.io/traefik/) reverse-proxy server.
# It will retrieve SSL certificates for you on-demand and forward requests to all other components.
# For alternatives, see `docs/configuring-playbook-own-webserver.md`.
matrix_playbook_reverse_proxy_type: playbook-managed-traefik
# Ensure that public urls use https
matrix_playbook_ssl_enabled: true
# Disable the web-secure (port 443) endpoint, which also disables SSL certificate retrieval.
# This has the side-effect of also automatically disabling TLS for the matrix-federation entrypoint
# (by toggling `matrix_federation_traefik_entrypoint_tls`).
devture_traefik_config_entrypoint_web_secure_enabled: false
# If your reverse-proxy runs on another machine, consider using `0.0.0.0:81`, just `81` or `SOME_IP_ADDRESS_OF_THIS_MACHINE:81`
devture_traefik_container_web_host_bind_port: '127.0.0.1:81'
# We bind to `127.0.0.1` by default (see above), so trusting `X-Forwarded-*` headers from
# a reverse-proxy running on the local machine is safe enough.
# If you're publishing the port (`devture_traefik_container_web_host_bind_port` above) to a public network interface:
# - remove the `devture_traefik_config_entrypoint_web_forwardedHeaders_insecure` variable definition below
# - uncomment and adjust the `devture_traefik_config_entrypoint_web_forwardedHeaders_trustedIPs` line below
devture_traefik_config_entrypoint_web_forwardedHeaders_insecure: true
# devture_traefik_config_entrypoint_web_forwardedHeaders_trustedIPs: ['IP-ADDRESS-OF-YOUR-REVERSE-PROXY']
# Expose the federation entrypoint on a custom port (other than port 8448, which is normally used publicly).
#
# We bind to `127.0.0.1` by default (see above), so trusting `X-Forwarded-*` headers from
# a reverse-proxy running on the local machine is safe enough.
#
# If your reverse-proxy runs on another machine, consider:
# - using `0.0.0.0:8449`, just `8449` or `SOME_IP_ADDRESS_OF_THIS_MACHINE:8449` below
# - adjusting `matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_custom` (below) - removing `insecure: true` and enabling/configuring `trustedIPs`
matrix_playbook_public_matrix_federation_api_traefik_entrypoint_host_bind_port: '127.0.0.1:8449'
# Depending on the value of `matrix_playbook_public_matrix_federation_api_traefik_entrypoint_host_bind_port` above,
# this may need to be reconfigured. See the comments above.
matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_custom:
forwardedHeaders:
insecure: true
# trustedIPs: ['IP-ADDRESS-OF-YOUR-REVERSE-PROXY']
# This is something which is provided to Let's Encrypt when retrieving SSL certificates for domains.
#
# In case SSL renewal fails at some point, you'll also get an email notification there.
#
# If you decide to use another method for managing SSL certificates (different than the default Let's Encrypt),
# you won't be required to define this variable (see `docs/configuring-playbook-ssl-certificates.md`).
#
# Example value: [email protected]
# devture_traefik_config_certificatesResolvers_acme_email: ''
# A Postgres password to use for the superuser Postgres user (called `matrix` by default).
#
# The playbook creates additional Postgres users and databases (one for each enabled service)
# using this superuser account.
devture_postgres_connection_password: 'xxx'
# By default, we configure Coturn's external IP address using the value specified for `ansible_host` in your `inventory/hosts` file.
# If this value is an external IP address, you can skip this section.
#
# If `ansible_host` is not the server's external IP address, you have 2 choices:
# 1. Uncomment the line below, to allow IP address auto-detection to happen (more on this below)
# 2. Uncomment and adjust the line below to specify an IP address manually
#
# By default, auto-detection will be attempted using the `https://ifconfig.co/json` API.
# Default values for this are specified in `matrix_coturn_turn_external_ip_address_auto_detection_*` variables in the Coturn role
# (see `roles/custom/matrix-coturn/defaults/main.yml`).
#
# If your server has multiple IP addresses, you may define them in another variable which allows a list of addresses.
# Example: `matrix_coturn_turn_external_ip_addresses: ['1.2.3.4', '4.5.6.7']`
#
# matrix_coturn_turn_external_ip_address: ''
# backup
devture_postgres_backup_enabled: true
# enable matrix registration token links
matrix_registration_enabled: true
# Generate a strong secret using: `pwgen -s 64 1`.
matrix_registration_admin_secret: "xxx"My Haproxy config is the following:
frontend www-https
bind *:80
bind *:443 ssl crt ....
# Matrix
acl matrix_domain hdr_dom(host) -i matrix.domain.com
use_backend matrix-main if matrix_domain
acl matrix_domain hdr_dom(host) -i element.domain.com
use_backend matrix-main if matrix_domain
frontend matrix-federation
bind *:8448 ssl crt /etc/haproxy/certs/matrix.domain.com.pem
http-request set-header X-Forwarded-Proto https
option httplog
option http-server-close
default_backend matrix-federation
backend matrix-main
server matrix-main 127.0.0.1:81 check
backend matrix-federation
server matrix-federation 127.0.0.1:8449 check
backend element
server element 127.0.0.1:81 checkdocker services:
5abfcb92d6f1 prodrigestivill/postgres-backup-local:16-alpine-1a66318 "/bin/sh -c 'exec /u…" 18 minutes ago Up 18 minutes (healthy) 5432/tcp matrix-postgres-backup
fda29f7099a7 joseluisq/static-web-server:2.28.0-alpine "/entrypoint.sh stat…" 18 minutes ago Up 18 minutes 80/tcp matrix-static-files
0da411773721 zeratax/matrix-registration:v0.7.2 "matrix-registration…" 19 minutes ago Up 19 minutes 5000/tcp matrix-registration
741081a91ba2 vectorim/element-web:v1.11.63 "/docker-entrypoint.…" 19 minutes ago Up 19 minutes 80/tcp matrix-client-element
26a1b07ce69e ghcr.io/element-hq/synapse:v1.103.0 "/start.py run -m sy…" 19 minutes ago Up 19 minutes (healthy) 8008-8009/tcp, 8448/tcp matrix-synapse
bf10497e8449 coturn/coturn:4.6.2-r5-alpine "turnserver -c /turn…" 19 minutes ago Up 19 minutes 0.0.0.0:3478->3478/tcp, 0.0.0.0:3478->3478/udp, :::3478->3478/tcp, :::3478->3478/udp, 0.0.0.0:5349->5349/udp, :::5349->5349/udp, 0.0.0.0:5349->5349/tcp, 0.0.0.0:49152-49172->49152-49172/udp, :::5349->5349/tcp, :::49152-49172->49152-49172/udp matrix-coturn
43c6b42d657f devture/exim-relay:4.97-r0-0 "/sbin/tini -- exim …" 19 minutes ago Up 19 minutes 8025/tcp matrix-exim-relay
a8f6f2e71d18 postgres:16.1-alpine "docker-entrypoint.s…" 19 minutes ago Up 19 minutes 5432/tcp matrix-postgres
54ffc988e57c traefik:v2.11.0 "/entrypoint.sh --co…" 19 minutes ago Up 19 minutes 80/tcp, 127.0.0.1:81->8080/tcp, 127.0.0.1:8449->8448/tcp matrix-traefik
c932a4aff5ac ghcr.io/tecnativa/docker-socket-proxy:0.1.1 "/docker-entrypoint.…" 19 minutes ago Up 19 minutes 2375/tcp matrix-container-socket-proxyfederation tester (not sure which domain is correct) - the one I think I should use has not found, the other cert issue. I switched in haproxy the certs.
from matrix-docker-ansible-deploy.
Klar
commented on June 16, 2024
I switched to dns matrix with
# as we make dns _matrix._tcp
matrix_static_files_file_matrix_server_enabled: false
and had to add (probably because using haproxy with certs)
# To serve the federation from any domain, as long as the path matches
matrix_synapse_container_labels_public_federation_api_traefik_rule: PathPrefix(`/_matrix/`)
now it is working, maybe it helps someone...
from matrix-docker-ansible-deploy.
Related Issues (20)
- matrix_ldap_registration_proxy Undefined variable
- '404 page not found' after installation and migration old data HOT 8
- please start and enable {{ matrix_static_files_identifier }}.service if matrix_static_files_container_labels_base_domain_enabled true HOT 2
- Unable to complete Matrix Server installation with Ansible HOT 1
- Etherpad v2 doesn't work
- Etherpad v2 still doesn't work HOT 1
- wrong comment in 'example/hosts' HOT 1
- Consider OpenTalk for video conferencing HOT 3
- Serving Base Domain Questions
- IPv6 setup fails because URL is not found HOT 3
- Conduit install failure due to wrong file path
- Manual Cert Renewal Command? HOT 5
- Ansible Script crashes due to Service Error after Update HOT 3
- matrix-bot-maubot logging not functioning HOT 5
- Registration bot fails with 404 api call HOT 1
- matrix-client-element container fails to start with Permission denied HOT 2
- Migrating from mautrix-facebook HOT 5
- Traefik directories are not automatically created HOT 2
- Latest deployment was missing internal entrypoint in traefik config
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from matrix-docker-ansible-deploy.