Synapse now require to be alone on the domain

[Josue-T]

When you will upgrade synapse to version 102 you might see a warning like this "An other app is installed on this domain. Now synapse require to be alone on the domain."

This is issue is here to give more explanation about the impact and why this happen.

Reason of this change

For several reasons, it's becoming complicated to get other apps to coexist on the synapse domain.

On the Yunohost side, with the v2 packaging restrictions, it's harder to get synapse to install on sub-path (like /_matrix) as for synapse we don't have really a specific sub-path and the used sub-path can't be changed.

And on matrix side is also getting complicated. With their new endpoint /client for sliding proxy, there's a real risk of conflict. And with the future authentication service and element call, running everything on the same domain with other apps is really risky. The constraint rise at a level that we might need some sub domains to make working correctly the Matrix Authentication Service. So by this we are far of having synapse with a shared domain with other apps.

Impact

Let's say that synapse app is installed on domain toto.tld and you have an other app for instance wordpress installed on toto.tld/blog. In this case you won't be able to update synapse any more until to fix the problem.

Solution

To solve it you have 2 solution:

• Move your wordpress app to by example blog.toto.tld/blog. Note that all apps installed on the synapse domain must be moved.
• Move synapse to something like matrix.toto.tld. Note that you won't need to change the domain name of the user account. You'll find some documentation on this subject here: https://github.com/YunoHost-Apps/synapse_ynh/tree/testing/doc/ADMIN.md#change-url

[centralscrutinizer21]

Hi I have difficulties in editing
/etc/ssowat/conf.json.persistent following this steps:
Add "<previous-domain.tld>/_matrix" into the list in: permissions > custom_skipped > uris
What is the correct syntax?

[Josue-T]

Hello,

by example on my side here are my current config:

{
    "permissions": {
        "custom_skipped": {
            "auth_header": false,
            "label": "Custom permissions - skipped",
            "public": true,
            "show_tile": false,
            "uris": ["domain.tld/_matrix"],
            "users": []
        }
    }
}

[centralscrutinizer21]

Thanks 👍

[centralscrutinizer21]

Again asking for support on this subject. Freshly installed synapse on matrix2.domain.com but user domain kept on domain.com i have a bludit site temporarily moved to site.domain.com now when I try to move it back to domain.com i get this error:

This URL is either unavailable, or conflicts with the already installed app(s):

• domain.com/.well-known/matrix → Synapse (Server info for clients. (well-known)) (synapse)

How can I move bludit back to domain.com ?

[Josue-T]

Well do you wan't to install bludit on the root of the domain or a subpath ?

If it's on the root it's probably related to YunoHost/yunohost#1647

[centralscrutinizer21]

Well do you wan't to install bludit on the root of the domain or a subpath ?

If it's on the root it's probably related to YunoHost/yunohost#1647

Yes that's exactly my case... I was wondering if I can expose matrix for federation modifying the dns configuration and remove the ./well-known part from nginx

[centralscrutinizer21]

Well do you wan't to install bludit on the root of the domain or a subpath ?
If it's on the root it's probably related to YunoHost/yunohost#1647

Yes that's exactly my case... I was wondering if I can expose matrix for federation modifying the dns configuration and remove the ./well-known part from nginx

I just don't know how to remove/modify the .well-known part of synapse...

[Josue-T]

Well do you wan't to install bludit on the root of the domain or a subpath ?
If it's on the root it's probably related to YunoHost/yunohost#1647

Yes that's exactly my case... I was wondering if I can expose matrix for federation modifying the dns configuration and remove the ./well-known part from nginx

I just don't know how to remove/modify the .well-known part of synapse...

Well there are no easy way to fix this. Here are the following solution that I can sugest you:

• applying the patch from this [enh] exclude .well-known subpaths from conflict checks YunoHost/yunohost#1647
• patch the synapse package to remove the management of the server_name.
• remove the permission related to the .well-known in yunohost but you need to do this with yunohost tools shell.

In all case the issue remain that after each upgrade of the patched/customized component you will need to apply again the patch.

Probably the most easier solution would be to finish YunoHost/yunohost#1647 so it can be merged and you will definitively have no more issue with this.

[centralscrutinizer21]

applying the patch from this YunoHost/yunohost#1647

That's exactly what I did 5 minutes ago and it worked :)

remove the permission related to the .well-known in yunohost but you need to do this with yunohost tools shell.
Ok that's the tool I was missing...

Thanks for your help!