http://localhost:3000/http://localhost:3000/favicon.ico?16699092332019-06-01T12:03:26Zungleich redminehack4glarus-2019-summer - Task #6753: Installing a Matrix server on IPv6 onlyhttp://localhost:3000/issues/6753?journal_id=269112019-06-01T12:03:26ZAxel Beckert
<ul></ul><a name="General-idea"></a>
<h1 >General idea<a href="#General-idea" class="wiki-anchor">¶</a></h1>
<p>Installing matrix-synapse on an IPv6-only system.</p>
<a name="Choosen-way"></a>
<h2 >Choosen way<a href="#Choosen-way" class="wiki-anchor">¶</a></h2>
<p>Using the official <code>matrix-synapse</code> package by Debian or derivatives.</p>
<a name="What-has-been-done"></a>
<h1 >What has been done<a href="#What-has-been-done" class="wiki-anchor">¶</a></h1>
<ul>
<li>Installed <code>matrix-synapse</code> package from unstable on a Raspberry Pi running Debian Unstable with Apache 2.4 and only being reachable via IPv6.</li>
<li>Installed <code>matrix-synapse</code> package from stable-backports on an IPv6-only Devuan 2.0 Ascii VM with h2o. (Connection unreliable, often reconnects)</li>
<li>Connecting to both with <code>quaternion</code>.</li>
</ul>
<a name="Solved-Issues"></a>
<h1 >Solved Issues<a href="#Solved-Issues" class="wiki-anchor">¶</a></h1>
<p>Doesn't work out of the box, several issues:</p>
<ul>
<li>starting the daemon exits with "file /etc/matrix-synapse/homeserver.signing.key not found" (or similar). Solve by calling <pre>/usr/bin/python3 -m synapse.app.homeserver --config-path=/etc/matrix-synapse/homeserver.yaml --config-path=/etc/matrix-synapse/conf.d/ --generate-keys</pre> manually.</li>
<li>starting the daemon exits with "TLS certificate file not found". Solved by pointing to certbot-generated certificates.</li>
<li>Hangs upon package configuration (<a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920339" class="external">Debian #920339</a>) due to <code>debconf</code> waiting for daemon to close its inherited file descriptors. Solved by doing daemonization via <code>start-stop-daemon</code>'s <code>--background</code> instead of <code>matrix-synapse</code>'s buggy <code>--daemonize</code> in the init script. Sent a patch to the Debian bug report. (sysvinit-only issue)</li>
<li>Tries to listen on the HTTPS port which is already in use. Set <code>no_tls: True</code>.</li>
<li>Due to fiddling with the above, I once had a daemon which was no more exiting upon <code>service matrix-synapse stop</code> or <code>service matrix-synapse restart</code>, but the daemon only noticed seconds after the start that the port is already in use and only mentioned it in the log file. Hence also changed configurations had no effect. Killing that process solved the issue.</li>
</ul>
<a name="Configuration"></a>
<h1 >Configuration<a href="#Configuration" class="wiki-anchor">¶</a></h1>
<ul>
<li>Use <code>makepasswd --chars=42</code> generated password as secret <code>registration_shared_secret</code> and then call <code>register_new_matrix_user -u abe -a -c /etc/matrix-synapse/homeserver.yaml http://localhost:8008</code>. It is important to not add a trailing slash to the URL as this results in only <code>400 Bad Request</code> return codes.</li>
<li>Pass all requests to <code>/_matrix…</code> on the webserver (reverse proxy) to <code>http://localhost:8000/_matrix…</code>:
<ul>
<li>Apache:<br /><pre>
ProxyPass "/_matrix" "http://localhost:8008/_matrix"
ProxyPassReverse "/_matrix" "http://localhost:8008/_matrix"
</pre></li>
<li>h2o:<br /><pre>
paths:
/_matrix:
proxy.reverse.url: http://localhost:8008/_matrix
</pre></li>
</ul></li>
</ul>
<a name="Unsolved-Issues"></a>
<h1 >Unsolved Issues<a href="#Unsolved-Issues" class="wiki-anchor">¶</a></h1>
<ul>
<li>Both instances don't talk with each other.</li>
<li>Permissions to access the certbot-generated SSL keys and and certificates. (Client access is proxied through a proper webserver which handles HTTPS and is hence not affected.)</li>
</ul>
<p>(These two issues might be related.)</p>
<ul>
<li>Very frequent connection loss to the Devuan VM with h2o. Likely caused by h2o (despite timeouts have been raised for the <code>/_matrix*</code> paths).</li>
</ul>
<a name="Conclusion"></a>
<h1 >Conclusion<a href="#Conclusion" class="wiki-anchor">¶</a></h1>
<p>Not ready for prime time. The official Debian packaging (by Debian) still not ready for prime time either.</p> hack4glarus-2019-summer - Task #6753: Installing a Matrix server on IPv6 onlyhttp://localhost:3000/issues/6753?journal_id=269422019-06-02T20:43:17ZNico Schotteliusnico.schottelius@ungleich.ch
<ul><li><strong>Status</strong> changed from <i>In Progress</i> to <i>Resolved</i></li></ul><p>Thanks everyone for participating! It was great seeing all of you!</p> hack4glarus-2019-summer - Task #6753: Installing a Matrix server on IPv6 onlyhttp://localhost:3000/issues/6753?journal_id=269472019-06-02T20:44:25ZNico Schotteliusnico.schottelius@ungleich.ch
<ul><li><strong>Status</strong> changed from <i>Resolved</i> to <i>Closed</i></li></ul>