Wellknow for sliding sync / syncv3

[genofire]

Description:

Helper or so is here: https://github.com/matrix-org/sliding-sync Needed to use the Element-X Clients ...

[genofire]

has somebody setup it together with it?

https://github.com/matrix-org/sliding-sync/blob/main/docs/Landing.md

---

any idea how to configure .well-known

[nisbet-hubbard]

The only thing that’s assumed on the page you linked to is you need to first create a corresponding entry at your DNS provider for slidingsync.proxy.url.here (which can just be another subdomain under your root domain). Otherwise, just create the file /.well-known/matrix/client and paste in the json code.

[genofire]

@nisbet-hubbard i am not able to create any file -> container environments and the well-know is set by dendrite it-self:

config: https://github.com/matrix-org/dendrite/blob/fa6c7ba45671c8fbf13cb7ba456355a04941b535/dendrite-sample.yaml#L73

code: https://github.com/matrix-org/dendrite/blob/fa6c7ba45671c8fbf13cb7ba456355a04941b535/clientapi/routing/routing.go#L97-L115

[nisbet-hubbard]

Ah, containers! Since the Dendrite team is currently focussed on improving the standalone proxy for sliding sync, I suppose the quickest solution is for you to patch the code you linked to and get it merged.

Along these lines: https://gitlab.com/famedly/conduit/-/blob/next/src/api/client_server/unversioned.rs?ref_type=heads#L47

[genofire]

@nisbet-hubbard yes i see - maybe i write an small helmchart and test conduit with Element X ;)

[troed]

This thread comes up when searching for sliding-sync support in Dendrite. I'd just like to chime in that while a change in Dendrite might be needed for the client URL when Dendrite is the exposed server, for those (like me) who run behind a reverse proxy there's no change needed. Just add the suggested JSON to the web server config and run the sliding-sync Docker container in your Docker setup (as an example).

I'm logged in to my Dendrite server with Element X now and from a superficial look it seems to work. I have a few of these regularly in the sliding-sync container log though, and I'll edit this post if I find any blocking issues.

12:16:39 WRN Poller: sync v2 poll returned temporary error error="DoSyncV2: request failed: Get \"https://matrix.domain/_matrix/client/r0/sync?timeout=30000&since=s414631_528_122586_87620_375669_414630_24579_153255_0&set_presence=offline&filter=%7B%22room%22%3A%7B%22timeline%22%3A%7B%22limit%22%3A50%7D%7D%7D\": unexpected EOF" code=0 device_id=t5zUbHo3 user_id=@troed:matrix.domain

(I posted another message about not getting it to work here before, but that was due to a misunderstanding. If others make the same mistake; SYNCV3_SERVER is not supposed to point to your sync server but the regular Matrix server URL)

[garret]

May I ask for a tutorial on how to get sliding sync to work with dendrite?

I have a dendrite server and sliding sync proxy running both via docker on a raspberry pi 4. However, I only miss the part about to have the proper .well-known. Both services have their own A record (like matrix.mydomain.com and slidingsync.mydomain.com) and I am using traefik as reverse proxy.

However, when I open https://matrix.mydomain.com/.well-known/matrix/client it returns:

{"m.homeserver":{"base\_url":"[https://matrix.mydomain.com"}}]()

While the sliding sync documentation says I should have something like:

{
    "m.homeserver": {
        "base_url": "https://example.com"
    },
    "org.matrix.msc3575.proxy": {
        "url": "https://syncv3.example.com"
    }
}

I guess I should add some labels to the dendrite traefik label section (some middlewares?). At the moment it looks like this:

    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.dendrite-http.entrypoints=http"
      - "traefik.http.routers.dendrite-http.rule=Host(`${MATRIX_HOST}`)"
      - "traefik.http.routers.dendrite-http.middlewares=dendrite-https"
      - "traefik.http.middlewares.dendrite-https.redirectscheme.scheme=https"
      - "traefik.http.routers.dendrite-https.entrypoints=https"
      - "traefik.http.routers.dendrite-https.rule=Host(`${MATRIX_HOST}`)"
      - "traefik.http.routers.dendrite-https.tls.certresolver=ssl"

[gopricy]

is this working now with v0.13.3?

[renehonig]

is this working now with v0.13.3?

I have recently installed it and it runs without any problems so far (Dendrite v0.13.3/Docker/traefik).

[tomasz-c]

Is this option enabled on the dendrite.matrix.org instance? The Element X client that requires it reports that it is not available.

[leafee98]

To enable slide-sync, the org.matrix.msc3575.proxy field from well-known response is required.

For dendrite.matrix.org, its response is:

$ curl https://dendrite.matrix.org/.well-known/matrix/client
{"m.homeserver":{"base_url":"https://dendrite.matrix.org:443"}}%

so it doesn't support slide-sync for now.

While the response of matrix.org which already deployed slide-sync:

$ curl https://matrix.org/.well-known/matrix/client
{
    "m.homeserver": {
        "base_url": "https://matrix-client.matrix.org"
    },
    "m.identity_server": {
        "base_url": "https://vector.im"
    },
    "org.matrix.msc3575.proxy": {
        "url": "https://slidingsync.lab.matrix.org"
    }
}

[mike-pisman]

Could some eli5 what needs to be done? The documentation is lacking in this aspect. What should I put into the fields well_known_client_name and well_known_sliding_sync_proxy? Do I still need to run sliding-sync? If so, does anyone have a manifest for deploying sliding sync to kubernetes? Would greatly appreciate it.

[genofire]

Yes it is still needed, it just the well-known which could be set. So i split to #3236 and rename the issues.

If you like to improve the Docu, so i keep this issue open.

[mike-pisman]

Ok, I figured it out, was not hard at all and it fixed issue with android version of element client not connecting. @genofire, thanks for clarifying.

I'm going to add my manifests , in case it will help someone. I use matrix namespace.

secret

1. Generate a long string for SYNCV3_SECRET
2. Create kubernetes secret

kubectl create secret generic syncv3-secret \
  --from-literal=secret='<super-long >' \
  --namespace=matrix

deployment.yaml

Follow the Readme.md for the instructions regarding variables

apiVersion: apps/v1
kind: Deployment
metadata:
name: sliding-sync-deployment
namespace: matrix
labels:
  app: sliding-sync
spec:
replicas: 1
selector:
  matchLabels:
    app: sliding-sync
template:
  metadata:
    labels:
      app: sliding-sync
  spec:
    containers:
    - name: sliding-sync
      image: ghcr.io/matrix-org/sliding-sync:latest
      ports:
      - containerPort: 8008
      env:
      - name: SYNCV3_SERVER
        value: "<matrix-server-url>"
      - name: SYNCV3_SECRET
        valueFrom:
          secretKeyRef:
            name: syncv3-secret
            key: secret
      - name: SYNCV3_DB
        value: "user=$(whoami) dbname=syncv3 sslmode=disable host=host.docker.internal password='DATABASE_PASSWORD_HERE'"

service.yaml

apiVersion: v1
kind: Service
metadata:
  name: sliding-sync-service
  namespace: matrix
spec:
  selector:
    app: sliding-sync
  ports:
    - protocol: TCP
      port: 8008
      targetPort: 8009
  type: LoadBalancer

Dendrite Helm chart values

dendrite_config:
  global:
    server_name: "<matrix-server-url>"
    well_known_server_name: "<matrix-server-url>:443"
    well_known_client_name: "<matrix-server-url>:443"
    well_known_sliding_sync_proxy: "<matrix-server-url>:8009"
...

</details>

<details>
  <summary>*Optional* Firewall setup</summary>

Not sure if this is needed, but I set up my firewall to forward the http requests on port 8008 to the SYNCv3 server.

I use HA Proxy with OPNsense. 

Basically, I created a public service, which listens on `0.0.0.0:8008` and forwards the request to Load Balancer IP of the `sliding-sync-service`.
</details>

[mike-pisman]

Checking out the element-x, and getting errors on IOS and Android client.

The .well-known/matrix/client returns the correct address of sliding sync

{
    "m.homeserver": {
        "base_url":"matrix.myurl.cc:443"
    },
    "org.matrix.msc3575.proxy": {
        "url":"matrix.myurl.cc:8009"
    }
}

My HAProxy forwards any TCP connection on port 8009 to the sliding-sync server.

if I try to send a GET to matrix.myurl.cc:8009 I can see that it registered the requests:

Sync v3 [0.99.11] (a86e01a)
Debug=false LogLevel= MaxConns=0
2023/11/04 06:38:40 goose: no migrations to run. current version: 20230913120537
06:38:40 INF creating handler
06:38:40 INF retrieved global snapshot from database
06:38:40 INF listening on 0.0.0.0:8008
06:38:40 INF StartV2Pollers num_devices=0 num_fail_decrypt=0
06:38:40 INF StartV2Pollers finished
06:38:55 INF c= duration=0.000 path=/ size=19 status=404
06:39:28 INF c= duration=0.000 path=/ size=19 status=404

However, on the element-x-ios client, when I try to login with credentials I get an error:

element x the selected homeserver doesn't support password or OIDC login

On element-x-android I get a different error:

We couldn't reach this homeserver. Please check that you have entered the homeserver URL correctly.

I think it's still the configuration error on my part. Has anyone encountered this issue or knows how to troubleshoot sliding-sync?

Update

I have resolved the issue. It is important to specify protocol in dendrite well_known settings, so that response from .well-known/matrix/client returns address with http/https prefix:

{
    "m.homeserver": {
        "base_url":"https://matrix.myurl.cc:443"
    },
    "org.matrix.msc3575.proxy": {
        "url":"https://matrix.myurl.cc:8009"
    }
}