matrix-docker-ansible-deploy
matrix-docker-ansible-deploy copied to clipboard
spantaleev
.well-known/matrix/server returns a 418 "I'm a teapot" error
Describe the bug My federation is not working. I am getting a 418 error, when connecting to https://mydomain.de/.well-known/matrix/server https://matrix.mydomain.de/.well-known/matrix/server works fine I have set up traefik and there is no ngnix running.
I have also setup a redirect to my website, which is also returning a 418 error.
For some time, restarting the server helped for a while, until it had to be restarted, again. Now even that does not help anymore.
To Reproduce
My vars.yml file looks like this:
---
matrix_domain: mydomain.de
matrix_homeserver_implementation: synapse
matrix_homeserver_generic_secret_key: 'asecret'
matrix_ssl_lets_encrypt_support_email: 'mymail'
devture_postgres_connection_password: 'asecret'
# Use a sensible location for matrix files
matrix_base_data_path: '/opt/matrix'
matrix_well_known_matrix_support_enabled: true
matrix_homeserver_admin_contacts:
- matrix_id: "mymatrixid"
email_address: mymail
role: admin
matrix_homeserver_support_url: "https://www.mydomain.de"
# Custom Website
matrix_nginx_proxy_base_domain_serving_enabled: true
matrix_nginx_proxy_base_domain_homepage_enabled: false
matrix_synapse_push_include_content: false
matrix_synapse_allow_public_rooms_without_auth: true
matrix_synapse_allow_public_rooms_over_federation: true
matrix_nginx_proxy_access_log_enabled: false
# which reverse proxy to use
matrix_playbook_reverse_proxy_type: playbook-managed-traefik
devture_traefik_config_certificatesResolvers_acme_email: 'mymail'
devture_postgres_backup_enabled: true
matrix_synapse_admin_enabled: true
matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: 'asecret'
# Additional domains for ssl certificates.
matrix_ssl_additional_domains_to_obtain_certificates_for:
- '{{ matrix_domain }}'
- 'www.{{ matrix_domain }}'
##############
## BRIDGES ##
##############
matrix_mautrix_telegram_enabled: true
# more settings for the bridge ...
matrix_mautrix_discord_enabled: true
# more settings for the bridge ...
matrix_mautrix_signal_enabled: true
# more settings for the bridge ...
Expected behavior The website should be served and both https://mydomain.de/.well-known/matrix/server and https://matrix.mydomain.de/.well-known/matrix/server should work, so that federation can happen.
Matrix Server:
- OS: Debian 11 (bullseye)
- Architecture: amd64
Ansible:
- I run ansible on a different machine than the matrix server and use ssh agent.
- Ansible 2.10.8
Traefik:
We noticed, that the /opt/matrix/traefik/config/provider.yml file looks like this, which does not look right to me:
http:
middlewares:
routers:
mydomain.de-dummy:
rule: Host(`mydomain.de`)
service: noop@internal
entryPoints: "web-secure"
tls:
certResolver: "default"
www.mydomain.de-dummy:
rule: Host(`www.mydomain.de`)
service: noop@internal
entryPoints: "web-secure"
tls:
certResolver: "default"
A friend of mine has probably found the issue. By combining
matrix_ssl_additional_domains_to_obtain_certificates_for:
- '{{ matrix_domain }}'
with
matrix_nginx_proxy_base_domain_serving_enabled: true
there were multiple rules for the same domain. By removing the
- '{{ matrix_domain }}'
entry, we hope to have fixed the issue.
Will update in a few days, once I know for sure, that the issue is fixed.
FYI, we also had to add
matrix_nginx_proxy_container_labels_traefik_proxy_base_domain_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_base_domain_hostname }}`) || Host(`www.{{ matrix_nginx_proxy_container_labels_traefik_proxy_base_domain_hostname }}`)"
to the vars.yaml in order to make serving my website from www.mydomain.de work.