You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
---
# The bare domain name which represents your Matrix identity.# Matrix user ids for your server will be of the form (`@user:<matrix-domain>`).## Note: this playbook does not touch the server referenced here.# Installation happens on another server ("matrix.<matrix-domain>").## If you've deployed using the wrong domain, you'll have to run the Uninstalling step,# because you can't change the Domain after deployment.## Example value: example.commatrix_domain: wencai.org# The Matrix homeserver software to install.# See:# - `roles/custom/matrix-base/defaults/main.yml` for valid options# - the `docs/configuring-playbook-IMPLEMENTATION_NAME.md` documentation page, if one is available for your implementation choicematrix_homeserver_implementation: synapse# A secret used as a base, for generating various other secrets.# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).matrix_homeserver_generic_secret_key: 'mysecret'# By default, the playbook manages its own Traefik (https://doc.traefik.io/traefik/) reverse-proxy server.# It will retrieve SSL certificates for you on-demand and forward requests to all other components.# For alternatives, see `docs/configuring-playbook-own-webserver.md`.matrix_playbook_reverse_proxy_type: playbook-managed-traefik# Ensure that public urls use httpsmatrix_playbook_ssl_enabled: true# Enable the web-secure (port 443) endpoint, which enables SSL certificate retrievaldevture_traefik_config_entrypoint_web_secure_enabled: truedevture_traefik_config_certificatesResolvers_acme_use_staging: false# This is something which is provided to Let's Encrypt when retrieving SSL certificates for domains.## If you decide to use another method for managing SSL certificates (different than the default Let's Encrypt),# you won't be required to define this variable (see `docs/configuring-playbook-ssl-certificates.md`).## Example value: someone@example.comdevture_traefik_config_certificatesResolvers_acme_email: 'sati@wencai.org'# A Postgres password to use for the superuser Postgres user (called `matrix` by default).## The playbook creates additional Postgres users and databases (one for each enabled service)# using this superuser account.devture_postgres_connection_password: 'mypassword'# By default, we configure Coturn's external IP address using the value specified for `ansible_host` in your `inventory/hosts` file.# If this value is an external IP address, you can skip this section.## If `ansible_host` is not the server's external IP address, you have 2 choices:# 1. Uncomment the line below, to allow IP address auto-detection to happen (more on this below)# 2. Uncomment and adjust the line below to specify an IP address manually## By default, auto-detection will be attempted using the `https://ifconfig.co/json` API.# Default values for this are specified in `matrix_coturn_turn_external_ip_address_auto_detection_*` variables in the Coturn role# (see `roles/custom/matrix-coturn/defaults/main.yml`).## If your server has multiple IP addresses, you may define them in another variable which allows a list of addresses.# Example: `matrix_coturn_turn_external_ip_addresses: ['1.2.3.4', '4.5.6.7']`## matrix_coturn_turn_external_ip_address: ''# Bridges# Shared Secret Auth (required for double-puppeting)matrix_synapse_ext_password_provider_shared_secret_auth_enabled: truematrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: 'mysecret'# WhatsApp Bridgematrix_mautrix_whatsapp_enabled: truematrix_mautrix_whatsapp_bridge_relay_enabled: true# Telegram Bridgematrix_mautrix_telegram_enabled: truematrix_mautrix_telegram_api_id: 000matrix_mautrix_telegram_api_hash: 'xxx'
Matrix Server:
OS: Ubuntu 22.04.3 LTS
Architecture amd64
Ansible:
If your problem appears to be with Ansible, tell us:
where you run Ansible -- e.g. on the Matrix server itself; on another computer (which OS? distro? standard installation or containerized Ansible?)
On the Matrix server itself. The server is hosted on a VM in Proxmox.
what version of Ansible you're running (see ansible --version)
It seems like let's-encrypt cert creation wasn't working properly with the certs-dumper.
$ sudo journalctl -xe | grep matrix-traefik-certs-dumper-wait-for-domain@matrix.wencai.org.service
Jan 09 03:43:19 matrix systemd[1]: matrix-traefik-certs-dumper-wait-for-domain@matrix.wencai.org.service: Main process exited, code=exited, status=1/FAILURE
░░ An ExecStart= process belonging to unit matrix-traefik-certs-dumper-wait-for-domain@matrix.wencai.org.service has exited.
Jan 09 03:43:19 matrix systemd[1]: matrix-traefik-certs-dumper-wait-for-domain@matrix.wencai.org.service: Failed with result 'exit-code'.
░░ The unit matrix-traefik-certs-dumper-wait-for-domain@matrix.wencai.org.service has entered the 'failed' state with result 'exit-code'.
░░ Subject: A start job for unit matrix-traefik-certs-dumper-wait-for-domain@matrix.wencai.org.service has failed
░░ A start job for unit matrix-traefik-certs-dumper-wait-for-domain@matrix.wencai.org.service has finished with a failure.
Jan 09 04:13:47 matrix sudo[107855]: sati : TTY=pts/0 ; PWD=/home/sati/matrix-docker-ansible-deploy ; USER=root ; COMMAND=/usr/bin/systemctl status matrix-traefik-certs-dumper-wait-for-domain@matrix.wencai.org.service
Jan 09 05:11:39 matrix sudo[112667]: sati : TTY=pts/0 ; PWD=/home/sati/matrix-docker-ansible-deploy ; USER=root ; COMMAND=/usr/bin/systemctl status matrix-traefik-certs-dumper-wait-for-domain@matrix.wencai.org.service
$sudo systemctl status matrix-traefik-certs-dumper-wait-for-domain@matrix.wencai.org.service
× matrix-traefik-certs-dumper-wait-for-domain@matrix.wencai.org.service - Traefik certs dumper waiter (matrix-traefik-certs-dumper-wait-for-domain) for matrix.wencai.org
Loaded: loaded (/etc/systemd/system/matrix-traefik-certs-dumper-wait-for-domain@.service; disabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Tue 2024-01-09 03:43:19 UTC; 1h 43min ago
Main PID: 103557 (code=exited, status=1/FAILURE)
CPU: 143ms
Jan 09 03:43:18 matrix matrix-traefik-certs-dumper-matrix.wencai.org[103557]: Giving up waiting for /matrix/traefik-certs-dumper/dumped-certificates/matrix.wencai.org/certificate.crt is missing.. Waiting (180/180)...
Jan 09 03:43:19 matrix systemd[1]: matrix-traefik-certs-dumper-wait-for-domain@matrix.wencai.org.service: Main process exited, code=exited, status=1/FAILURE
Jan 09 03:43:19 matrix systemd[1]: matrix-traefik-certs-dumper-wait-for-domain@matrix.wencai.org.service: Failed with result 'exit-code'.
Jan 09 03:43:19 matrix systemd[1]: Failed to start Traefik certs dumper waiter (matrix-traefik-certs-dumper-wait-for-domain) for matrix.wencai.org.
The missing directory was not even created.
$sudo ls -l /matrix/traefik-certs-dumper/dumped-certificates
total 4
drwxr-xr-x 2 matrix matrix 4096 Jan 9 03:42 private
There are many similar issues on this repository. Search and you shall find. Check Traefik logs - it's probably failing to obtain certificates for matrix.DOMAIN - most likely due to a firewall or DNS issue.
Playbook Configuration:
My
vars.yml
file looks like this:Matrix Server:
Ansible:
If your problem appears to be with Ansible, tell us:
On the Matrix server itself. The server is hosted on a VM in Proxmox.
ansible --version
)ansible [core 2.16.2]
config file = /home/sati/matrix-docker-ansible-deploy/ansible.cfg
configured module search path = ['/home/sati/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/sati/.local/pipx/venvs/ansible/lib/python3.10/site-packages/ansible
ansible collection location = /home/sati/.ansible/collections:/usr/share/ansible/collections
executable location = /home/sati/.local/bin/ansible
python version = 3.10.12 (main, Nov 20 2023, 15:14:05) [GCC 11.4.0] (/home/sati/.local/pipx/venvs/ansible/bin/python)
jinja version = 3.1.2
libyaml = True
Problem description:
Describe what you're doing, what you expect to happen and what happens instead here.
Tell us what you've tried and what you're aiming to achieve.
Client (please complete the following information):
Service failed to start with this error:
Additional context
It seems like
let's-encrypt
cert creation wasn't working properly with thecerts-dumper
.The missing directory was not even created.
$sudo ls -l /matrix/traefik-certs-dumper/dumped-certificates total 4 drwxr-xr-x 2 matrix matrix 4096 Jan 9 03:42 private
matrix_ssl_base_path
is not created.The text was updated successfully, but these errors were encountered: