6 May 2019 |
Ace | Looking now. Do I need to put my keys in the homeserver.yaml as well as nginx? | 20:10:58 |
Mathijs | This guide, and most others, needs updating | 20:11:04 |
Ace | https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.rst | 20:11:19 |
Ace | I'm using that nginx config and there is no certs mentioned | 20:11:31 |
Mathijs | In reply to @coiner:matrix.org Looking now. Do I need to put my keys in the homeserver.yaml as well as nginx? If you choose (as i would recommend) to use nginx for the reverse proxy of federation traffic you don't need to give synapse access the the certs | 20:12:18 |
Ace | Any example nginx config? The ones provided are not working | 20:15:55 |
Ace | I added the certificates to the one specified on the github page | 20:16:05 |
Ace | And in the homeserver.yaml just in case | 20:16:11 |
Ace | And now the tester just says "error": "msg=Failed to GET JSON to | 20:16:29 |
Ace | And also 502 now on 8448 | 20:16:35 |
Mathijs | right, so what we'll do | 20:22:16 |
Mathijs | is have nginx listen on port 443 for both client-server and server-server traffic | 20:22:38 |
Mathijs | and reverse proxy that to port 8008 | 20:22:44 |
Mathijs | then we'll use a .well-known file to tell other servers to look for your server on port 443 | 20:23:07 |
Mathijs | sound good? | 20:23:16 |
Ace | Sure however surely the SRV record should work? It shows on the federation tester | 20:23:33 |
Mathijs | if you prefer, we could also tell nginx to listen on port 8448 | 20:23:34 |
Ace | I have that | 20:23:39 |
Ace | I have the one from: https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.rst | 20:23:47 |
Ace | Redacted or Malformed Event | 20:23:55 |
Mathijs | In reply to @coiner:matrix.org Sure however surely the SRV record should work? It shows on the federation tester SRV record should work as well, if you prefer that one, we can use the record to point to port 443 | 20:24:05 |
Ace | and specifying the cert and key | 20:24:05 |
Ace | It's pointing to 8448 at the moment so I could set it to 443 | 20:24:33 |
Ace | I am correct in assuming if it just points to mydomain.net then that is the same as @ | 20:24:47 |
Ace | As namecheap won't let me do @ for SRV record and I'm not using subdomain | 20:25:08 |
Ace | In homeserver.yaml should I change 8448 to 443 | 20:26:15 |
Mathijs | no, in homeserver.yaml we'll only have synapse listen on port 8008 | 20:26:33 |
Ace | Okay, only 8008 | 20:26:40 |
Mathijs | and disable tls, so synapse doesn't need an SSL cert | 20:26:51 |
Ace | Gotcha | 20:27:12 |