New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Removal of NGINX breaks Matrix User Verfication Service functionality #3127
Comments
I'm also experiencing issue with all 3rdparty services, namely :
I haven't investigate the last two. Let me know if more logs are needed and/or if I should create dedicated issues for each. |
I also have issues with Caddy as proxy + 'web_secure: false' (I want ssl from Caddy): Fixed my issues (lots of "invalid entrypoints") with
However registration stopped working
I get:
I have the same configuration on other domain and with a bit older deployment (before nginx deprecation) where it's fine |
I've played around a bit and found out, that the federation api returns a "404 page not found" error on accessing this URL: https://matrix.domain:8448/_matrix/federation/v1/openid/userinfo?access_token=redacted. (This is what UVS is doing, to check the validity of an access token on joining a jitsi call) In a working environment (before NGINX removal) there should be a response like "{"errcode":"M_UNKNOWN_TOKEN","error":"Access Token unknown or expired"}" @spantaleev Have there been any changes regarding the federation API since the switch to the traefik only setup? |
Is your server federating? If you're getting "not found", it may be that it's not and that For my server, I can see the If UVS is doing it from a container, there may be some routing issue, so testing it from the outside is a good first step. If your server is not federating, then that API may still be made available. We supposedly have this variable override which takes care of it (and even takes UVS into account):
|
No, I have explicitly deactivated federation in both instances. (dev -> traefik only + prod-> with NGINX) The variable
is doing what it should and makes the openid available as far as i can tell. But the path |
`matrix_synapse_federation_port_enabled` is defined like this: ``` matrix_synapse_federation_port_enabled: "{{ matrix_synapse_federation_enabled or matrix_synapse_federation_port_openid_resource_required }}" ``` Previously, people that disabled federation, but needed the `openid` listener were running without these federation-related labels. In this patch, we're also dropping the `not matrix_synapse_workers_enabled` condition, because.. none of the Matrix-related labels would be applied anyway when workers are enabled, thanks to `matrix_synapse_container_labels_matrix_related_labels_enabled`. Fixes spantaleev#3127
Hello everyone,
the latest changes to the reverse proxy setup of the playbook (removal of NGINX) breaks the functionality of the Matrix User Verification Service in Jitsi calls. From what I've checked so far the issue could be related to the docker network changes. Maybe someone else has already solved the problem and could share their solution.
The text was updated successfully, but these errors were encountered: