synapse-admin
synapse-admin copied to clipboard
Awesome-Technologies
Server Notices Setup
Is there any necessary configuration on the side of the Matrix-Synapse server to utilize Server Notices of Synapse-Admin?
You have to enable this: https://matrix-org.github.io/synapse/latest/server_notices.html
Supposedly in the GUi there should be an option for the server notices?
You can send Server notices to users. Therefore is a an admin API.
But you can not configure Server notices. This you have to do in the homeserver.yaml of Synapse.
assuming this is enabled on homeserver.yaml side already, no further settings on synapse-admin is necessary?
assuming this is enabled on homeserver.yaml side already, no further settings on synapse-admin is necessary?
Just enable it on the server side (homeserver.yaml) and using the synapse API, you can use this option, the other variant is using synapse-admin , the web gives you the option to send Server Notices to a specific user.
Bad at the moment, they are only allowed to send msg to a single user, it is not a general msg for the entire server
assuming this is enabled on homeserver.yaml side already, no further settings on synapse-admin is necessary?
Just enable it on the server side (homeserver.yaml) and using the synapse API, you can use this option, the other variant is using synapse-admin , the web gives you the option to send Server Notices to a specific user.
Bad at the moment, they are only allowed to send msg to a single user, it is not a general msg for the entire server
you can only send msg to a single user??? is this true even if you select multiple users? it is not "Server Notice" if that so
Somehow does not work for me :(
Using Custom Reverse Proxy Apache config since the provided by matrix does not work at all for /healt /_synapse/admin etc
Do you think something is wrong with my conf ->
<VirtualHost *:443>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
ServerName ....
ServerAdmin ....
RequestHeader set X-Forwarded-Proto "https"
ProxyRequests Off
ProxyVia Off
<Proxy *>
Require all granted
</Proxy>
ProxyPass / http://127.0.0.1:8008/ nocanon
ProxyPassReverse / http://127.0.0.1:8008/#
SSLCertificateFile .....fullchain.pem
SSLCertificateKeyFile .....privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
<VirtualHost *:8448>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
ServerName ....
ServerAdmin ....
RequestHeader set X-Forwarded-Proto "https"
ProxyRequests Off
ProxyVia Off
<Proxy *>
Require all granted
</Proxy>
ProxyPass / http://127.0.0.1:8008/ nocanon
ProxyPassReverse / http://127.0.0.1:8008/#
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile .....
SSLCertificateKeyFile .....
</VirtualHost>
Is there a reason for the # at the and of line
ProxyPassReverse / http://127.0.0.1:8008/#
Synapse gives you an error 500. I would recommend to have a look at the Synapse homeserver.log file.
There is an example Apache config file: https://matrix-org.github.io/synapse/latest/reverse_proxy.html#apache - but without proxy pass for /_synapse/admin/
@dklimpel Thank you for your answer, i think i did the # to forward also all futrue links to proxy but im not sure anymore. No i understand why the offiicial Apache config did not work for me, do you have maybe an example config that should fully work with synapse-admin?
The Log i got while sending the notice.
[17/Mar/2022:18:35:20 +0100] "OPTIONS /_synapse/admin/v1/send_server_notice HTTP/1.1" 204 - "http://192.168.193.2/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.74 Safari/537.36"
[17/Mar/2022:18:35:20 +0100] "POST /_synapse/admin/v1/send_server_notice HTTP/1.1" 500 55 "http://192.168.193.2/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.74 Safari/537.36"
Unfortunately this is also just the generic error message for an "internal server error". You may have to activate more verbose logging or debug settings to get a proper error message.
Unfortunately this is also just the generic error message for an "internal server error". You may have to activate more verbose logging or debug settings to get a proper error message.
Thank you for your answer! Where can i set it? in the homeserver.yaml? I dont see any logging parameters beside the logging file path. :/
I think this has to be configured in your reverse proxy. In your case Apache
I think this has to be configured in your reverse proxy. In your case Apache
Thank you, i found something about "SSL library error 1 in handshake" but i dont think this information is very usefull, this is the output with LogLevel debug ->
[Tue Apr 05 21:04:24.395905 2022] [authz_core:debug] [pid 168869] mod_authz_core.c(815): [client xxx.xxx.xxx.xxx:41096] AH01626: authorization result of Require all granted: granted, referer: http://192.168.193.2/
[Tue Apr 05 21:04:24.395909 2022] [authz_core:debug] [pid 168869] mod_authz_core.c(815): [client xxx.xxx.xxx.xxx:41096] AH01626: authorization result of <RequireAny>: granted, referer: http://192.168.193.2/
[Tue Apr 05 21:04:24.395920 2022] [proxy:debug] [pid 168869] mod_proxy.c(1503): [client 62.178.171.172:41096] AH01143: Running scheme http handler (attempt 0), referer: http://192.168.193.2/
[Tue Apr 05 21:04:24.395925 2022] [proxy:debug] [pid 168869] proxy_util.c(2532): AH00942: http: has acquired connection for (127.0.0.1)
[Tue Apr 05 21:04:24.395929 2022] [proxy:debug] [pid 168869] proxy_util.c(2588): [client xxx.xxx.xxx.xxx:41096] AH00944: connecting http://127.0.0.1:8008/_synapse/admin/v1/send_server_notice to 127.0.0.1:8008, referer: http://192.168.193.2/
[Tue Apr 05 21:04:24.395933 2022] [proxy:debug] [pid 168869] proxy_util.c(2811): [client xxx.xxx.xxx.xxx:41096] AH00947: connected /_synapse/admin/v1/send_server_notice to 127.0.0.1:8008, referer: http://192.168.193.2/
[Tue Apr 05 21:04:24.427673 2022] [proxy:debug] [pid 168869] proxy_util.c(2547): AH00943: http: has released connection for (127.0.0.1)
[Tue Apr 05 21:04:24.427765 2022] [ssl:debug] [pid 168869] ssl_engine_io.c(1147): [client xxx.xxx.xxx.xxx:41096] AH02001: Connection closed to child 3 with standard shutdown (server matrix.archgang.com:443)
[Tue Apr 05 21:04:24.484213 2022] [ssl:debug] [pid 168863] ssl_engine_io.c(1147): [client xxx.xxx.xxx.xxx:39368] AH02001: Connection closed to child 11 with standard shutdown (server archgang.com:443)
[Tue Apr 05 21:04:24.653401 2022] [ssl:info] [pid 168836] [client ::1:45276] AH01964: Connection to child 18 established (server archgang.com:443)
[Tue Apr 05 21:04:24.654089 2022] [ssl:info] [pid 168870] (os 0x03f25068)Unrecognized resolver error: [client ::1:45276] AH02008: SSL library error 1 in handshake (server archgang.com:443)
[Tue Apr 05 21:04:24.654129 2022] [ssl:info] [pid 168870] SSL Library Error: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
[Tue Apr 05 21:04:24.654136 2022] [ssl:info] [pid 168870] [client ::1:45276] AH01998: Connection closed to child 18 with abortive shutdown (server archgang.com:443)
[Tue Apr 05 21:04:25.507676 2022] [ssl:info] [pid 168681] [client xxx.xxx.xxx.xxx:35122] AH01964: Connection to child 10 established (server archgang.com:443)
[Tue Apr 05 21:04:25.508393 2022] [ssl:debug] [pid 168871] ssl_engine_kernel.c(2395): [client xxx.xxx.xxx.xxx:35122] AH02043: SSL virtual host for servername archgang.com found
[Tue Apr 05 21:04:25.816913 2022] [ssl:debug] [pid 168871] ssl_engine_kernel.c(2254): [client xxx.xxx.xxx.xxx:35122] AH02041: Protocol: TLSv1.3, Cipher: TLS_AES_256_GCM_SHA384 (256/256 bits)
[Tue Apr 05 21:04:25.817133 2022] [ssl:debug] [pid 168871] ssl_engine_kernel.c(415): [client xxx.xxx.xxx.xxx:35122] AH02034: Initial (No.1) HTTPS request received for child 10 (server archgang.com:443)
[Tue Apr 05 21:04:25.817494 2022] [authz_core:debug] [pid 168871] mod_authz_core.c(815): [client xxx.xxx.xxx.xxx:35122] AH01626: authorization result of Require all granted: granted
[Tue Apr 05 21:04:25.817504 2022] [authz_core:debug] [pid 168871] mod_authz_core.c(815): [client xxx.xxx.xxx.xxx:35122] AH01626: authorization result of <RequireAny>: granted
[Tue Apr 05 21:04:25.817534 2022] [proxy:debug] [pid 168871] mod_proxy.c(1503): [client xxx.xxx.xxx.xxx:35122] AH01143: Running scheme http handler (attempt 0)
[Tue Apr 05 21:04:25.817546 2022] [proxy:debug] [pid 168871] proxy_util.c(2532): AH00942: http: has acquired connection for (127.0.0.1)
[Tue Apr 05 21:04:25.817553 2022] [proxy:debug] [pid 168871] proxy_util.c(2588): [client xxx.xxx.xxx.xxx:35122] AH00944: connecting http://127.0.0.1:8008/_matrix/federation/v1/send/1649057099768 to 127.0.0.1:8008
[Tue Apr 05 21:04:25.817602 2022] [proxy:debug] [pid 168871] proxy_util.c(2811): [client xxx.xxx.xxx.xxx:35122] AH00947: connected /_matrix/federation/v1/send/1649057099768 to 127.0.0.1:8008
[Tue Apr 05 21:04:25.817699 2022] [proxy:debug] [pid 168871] proxy_util.c(3277): AH02824: http: connection established with 127.0.0.1:8008 (127.0.0.1)
[Tue Apr 05 21:04:25.817718 2022] [proxy:debug] [pid 168871] proxy_util.c(3463): AH00962: http: connection complete to 127.0.0.1:8008 (127.0.0.1)
[Tue Apr 05 21:04:25.829149 2022] [proxy:debug] [pid 168665] proxy_util.c(2547): AH00943: http: has released connection for (127.0.0.1)
[Tue Apr 05 21:04:25.829594 2022] [proxy:debug] [pid 168677] proxy_util.c(2547): AH00943: http: has released connection for (127.0.0.1)
[Tue Apr 05 21:04:25.832094 2022] [proxy:debug] [pid 168871] proxy_util.c(2547): AH00943: http: has released connection for (127.0.0.1)
[Tue Apr 05 21:04:25.840013 2022] [ssl:debug] [pid 168677] ssl_engine_kernel.c(415): [client xxx.xxx.xxx.xxx:59840] AH02034: Subsequent (No.12) HTTPS request received for child 5 (server matrix.archgang.com:443)
[Tue Apr 05 21:04:25.840041 2022] [authz_core:debug] [pid 168677] mod_authz_core.c(815): [client xxx.xxx.xxx.xxx:59840] AH01626: authorization result of Require all granted: granted
[Tue Apr 05 21:04:25.840047 2022] [authz_core:debug] [pid 168677] mod_authz_core.c(815): [client xxx.xxx.xxx.xxx:59840] AH01626: authorization result of <RequireAny>: granted
[Tue Apr 05 21:04:25.840078 2022] [proxy:debug] [pid 168677] mod_proxy.c(1503): [client xxx.xxx.xxx.xxx:59840] AH01143: Running scheme http handler (attempt 0)
[Tue Apr 05 21:04:25.840085 2022] [proxy:debug] [pid 168677] proxy_util.c(2532): AH00942: http: has acquired connection for (127.0.0.1)
[Tue Apr 05 21:04:25.840091 2022] [proxy:debug] [pid 168677] proxy_util.c(2588): [client xxx.xxx.xxx.xxx:59840] AH00944: connecting http://127.0.0.1:8008/_matrix/client/r0/sync?filter=0&timeout=30000&since=s28507_478656_5359_50095_18460_48_3639_116010_3 to 127.0.0.1:8008
The SSL error might be connected with your problem. You should check for this error "SSL Library Error: error:1408F10B:SSL routines:ssl3_get_record:wrong version number". But this is not caused by synapse-admin, rather some configuration error in your Apache or SSL settings. I can't spot anything else in your logs.
The SSL error might be connected with your problem. You should check for this error "SSL Library Error: error:1408F10B:SSL routines:ssl3_get_record:wrong version number". But this is not caused by synapse-admin, rather some configuration error in your Apache or SSL settings. I can't spot anything else in your logs.
Thank you I will check, if i find a solution then i will post here. It also looks for me like a non synapse-admin issue.
Hello, sorry for the very long abstenc. I finally learnt how to use the api. It is not an Proxy issue apperently. I am running the following API Request directly on the server
curl -XPOST "http://10.0.0.14:8008/_synapse/admin/v1/send_server_notice" -H "Authorization: Bearer TOKEN" -H 'Content-Type: application/json' -d ' {"user_id": "@sandwich:archgang.com","content":{"msgtype": "m.text","body": "Test"}} '
This returns me the following error in the homeserver.log:
2022-08-18 23:53:26,148 - synapse.server_notices.server_notices_manager - 160 - INFO - POST-179166 - Creating server notices room for @sandwich:archgang.com
2022-08-18 23:53:26,189 - synapse.http.server - 183 - ERROR - POST-179166 - Failed handle request via 'SendServerNoticeServlet': <XForwardedForRequest at 0x7fcad4760130 method='POST' uri='/_synapse/admin/v1/send_server_notice' clientproto='HTTP/1.1' site='8008'>
Traceback (most recent call last):
File "/usr/lib/python3.10/site-packages/twisted/internet/defer.py", line 1661, in _inlineCallbacks
result = current_context.run(gen.send, result)
StopIteration
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.10/site-packages/twisted/internet/defer.py", line 1661, in _inlineCallbacks
result = current_context.run(gen.send, result)
StopIteration: <FrozenEventV3 event_id=$8FGPYbxJd7fmWN5kG-lcTTEJ8ZtnAGW1RYNsiTBdbEo, type=m.room.create, state_key=, outlier=False>
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.10/site-packages/synapse/http/server.py", line 366, in _async_render_wrapper
callback_return = await self._async_render(request)
File "/usr/lib/python3.10/site-packages/synapse/http/server.py", line 572, in _async_render
callback_return = await raw_callback_return
File "/usr/lib/python3.10/site-packages/synapse/rest/admin/server_notice_servlet.py", line 99, in on_POST
event = await self.server_notices_manager.send_notice(
File "/usr/lib/python3.10/site-packages/synapse/server_notices/server_notices_manager.py", line 68, in send_notice
room_id = await self.get_or_create_notice_room_for_user(user_id)
File "/usr/lib/python3.10/site-packages/synapse/server_notices/server_notices_manager.py", line 175, in get_or_create_notice_room_for_user
info, _ = await self._room_creation_handler.create_room(
File "/usr/lib/python3.10/site-packages/synapse/handlers/room.py", line 896, in create_room
) = await self._send_events_for_new_room(
File "/usr/lib/python3.10/site-packages/synapse/handlers/room.py", line 1097, in _send_events_for_new_room
member_event_id, _ = await self.room_member_handler.update_membership(
File "/usr/lib/python3.10/site-packages/synapse/handlers/room_member.py", line 567, in update_membership
result = await self.update_membership_locked(
File "/usr/lib/python3.10/site-packages/synapse/handlers/room_member.py", line 690, in update_membership_locked
if not await self.profile_handler.check_avatar_size_and_mime_type(
File "/usr/lib/python3.10/site-packages/twisted/internet/defer.py", line 1661, in _inlineCallbacks
result = current_context.run(gen.send, result)
File "/usr/lib/python3.10/site-packages/synapse/handlers/profile.py", line 310, in check_avatar_size_and_mime_type
server_name, _, media_id = parse_and_validate_mxc_uri(mxc)
File "/usr/lib/python3.10/site-packages/synapse/util/stringutils.py", line 186, in parse_and_validate_mxc_uri
m = MXC_REGEX.match(mxc)
TypeError: expected string or bytes-like object
I am running ArchLinux, could it be that the Python version is to new or something?
My server notice config still looks like this ->
Thank you for any help!
IMO you have found a bug in Synapse. Introduced with: https://github.com/matrix-org/synapse/pull/11846
You do not set system_mxid_avatar_url. The default is None.
https://github.com/matrix-org/synapse/blob/2c42673a9b8c708a73f49575673c85a32ea32b82/synapse/config/server_notices.py#L62
This is set to the profile for creating the room:
https://github.com/matrix-org/synapse/blob/2c42673a9b8c708a73f49575673c85a32ea32b82/synapse/server_notices/server_notices_manager.py#L166-L172
The profile is validated there: https://github.com/matrix-org/synapse/blob/2c42673a9b8c708a73f49575673c85a32ea32b82/synapse/handlers/room_member.py#L692-L696
if "avatar_url" in content: is True because content["avatar_url"] is set and None
The function check_avatar_size_and_mime_type requires a string and not None.
https://github.com/matrix-org/synapse/blob/2b5ab8e3674b7d6003a5f17252c7933c2d6a381a/synapse/handlers/profile.py#L291
A workaround is to set system_mxid_avatar_url: "" (empty string)
An empty string is valid: https://github.com/matrix-org/synapse/blob/2b5ab8e3674b7d6003a5f17252c7933c2d6a381a/synapse/handlers/profile.py#L304-L305
Thank you! I can confirm, setting system_mxid_avatar_url as "" made a working workaround.
Thank for the help, so this issue was never related to synapse-admin. I am glad that it is resolved now and we can close the issue.