You are not logged in.

#1 2020-04-10 07:18:58

sloppyperfectionist
Member
From: Graz, Austria
Registered: 2011-01-05
Posts: 8
Website

matrix-synapse behind httpd reverse proxy

Hi all,

I'm trying to set up a matrix homeserver behind an Apache httpd reverse proxy. I installed the matrix-synapse package from the official repository and have the service up and running. I have mod_proxy and mod_proxy_connect loaded in httpd.conf. CURLing localhost:8008 yields the expected result. Following https://github.com/matrix-org/synapse/b … e_proxy.md I set up a vhost for my subdomain matrix.mydomain.name, including /etc/letsencrypt/options-ssl-apache.conf and the paths to fullchain.pem an privkey.pem. (The certificate is valid for my subdomain).

If I now curl matrix.mydomain.name Apache httpd serves the standard page from my webroot, curling matrix.mydomain.name/_matrix gets an empty response.

Does anyone have an idea where to look for my mistake? An help will be greatly appreciated. Thank you.

Last edited by sloppyperfectionist (2020-04-10 08:05:37)

Offline

#2 2020-07-05 22:26:40

satchmosgroove
Member
From: Long Beach, NY
Registered: 2010-01-13
Posts: 88

Re: matrix-synapse behind httpd reverse proxy

Hi, same problem here. I played around with it a year ago or so and had no proxy issues. Now I have exactly the same as you described. Creating users from the command line connecting to localhost:8008 worked.

Offline

#3 2020-07-05 23:13:37

satchmosgroove
Member
From: Long Beach, NY
Registered: 2010-01-13
Posts: 88

Re: matrix-synapse behind httpd reverse proxy

This is what worked for me:

<VirtualHost *:443>

        SSLEngine on
        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP

        SSLCertificateKeyFile "/etc/letsencrypt/live/www.server.com/privkey.pem"
        SSLCertificateFile "/etc/letsencrypt/live/www.server.com/fullchain.pem"

        ServerName matrix.server.com
        ServerAdmin admin@server.com

        ProxyRequests Off
        ProxyVia Off

        <Proxy *>
          Require all granted
        </Proxy>

        ProxyPass / http://192.168.1.37:8008/
        ProxyPassReverse / http://192.168.1.37:8008/#

        RequestHeader set X-Forwarded-Proto "https"

</VirtualHost>

I tested on another server, where I still had the old config. Webclients can now connect. I guess you would have to do similar for port 8448 to federate correctly.

Offline

Board footer

Powered by FluxBB