matrix-docker-ansible-deploy icon indicating copy to clipboard operation
matrix-docker-ansible-deploy copied to clipboard

Published 20 hours ago verified publisher icon spantaleev

Cant access https://matrix.<my-domain> from local network

Open alamahant opened this issue 4 years ago • 6 comments

Although my server can be accessed from [email protected] client and from Element desktop app and from Tor browser,I cant access it locally via a browser-I get connection refused from element.Also when self-checking it always fails the Client-API check with connection refused.Strangely enough https://matrix./synapse-admin works just fine from local network.Same goes with ..../matrix-registration BUT when trying to create token I get error can not access https://matrix. 443. Is it maybe an iptables issue?

alamahant avatar Jan 29 '21 10:01 alamahant

This is an issue with your firewall, not the Playbook

pushytoxin avatar Jan 29 '21 13:01 pushytoxin

I have no firewall rules preventing access. It must be some iptables issue INSIDE the Debian vm where Synapse was installed by ansible. Also inside the VM there is no ufw no firewalld no iptables config except the one put there by ansible. Strange... Very strange.....

alamahant avatar Jan 29 '21 13:01 alamahant

Futhermore I checked if Letsencrypt certs are ok with openssl s_client -showcerts -connect matrix.mtx.gleeze.com:443 and everything returned ok. Now something interesting happened. I can to access the server by ip both http and https BUT not by DOMAIN from local network(where as from external network accessing by https://matrix. works fine). Although I use DYNU and the matrix is not hosted in my local machine named server I do have an entry in /etc/hosts pointing the matrix domain.It IS ping-able.Maybe synapse is checking if one arrives via dns query and prohibits all else.

alamahant avatar Jan 29 '21 14:01 alamahant

It's an issue on your NAT gateway. It's routing packets arriving on the HTTPS port from the external network towards the proxy, but it is not routing them from the internal network

pushytoxin avatar Jan 29 '21 22:01 pushytoxin

in this case, it can help to search how to enable "nat reflection" on your router.

jsddsfoh avatar Jan 30 '21 16:01 jsddsfoh

Another simple fix would be to write a static entry to your /etc/hosts file on your client PC. On Windows it is located at C:\Windows\System32\drivers\etc\hosts

For example, if your matrix server is matrix.DOMAIN.tld and has a LAN IP of 192.168.1.100

192.168.1.100    matrix.DOMAIN.tld

It is simple but you would need to disable this rule (comment the line with #) every time you would try to connect to matrix from outside your home network.

Another cool solution would be to install a local DNS server, such as pi-hole, add an A record to your LAN matrix server's IP and setup your DHCP server (probably your router) to propagate your new local DNS instance as the default DNS server in your home network.

But I guess @jsddsfoh's NAT reflection solution is simpler, so try this one first.

This issue is more than a year old, have you found a solution since then?

simtrami avatar May 25 '22 12:05 simtrami