Matrix Synapse behind HAProxy on pfSense
-
Hello,
I am currently trying to deploy a Synapse instance behind pfSense with HAProxy.
Synapse itself works fine, but the federation part of Synapse is not working at all.
Response from federationtester.matrix.org:{ "WellKnownResult": { "m.server": "", "result": "Get \"https://matrix.domain.tld/.well-known/matrix/server\": dial tcp MYIP:443: i/o timeout", "CacheExpiresAt": 0 }, "DNSResult": { "SRVSkipped": false, "SRVCName": "", "SRVRecords": null, "SRVError": { "Message": "lookup _matrix._tcp.matrix.domain.tld on 8.8.8.8:53: no such host" }, "Hosts": { "matrix.domain.tld": { "CName": "mycname.", "Addrs": [ "MYIP" ], "Error": null } }, "Addrs": [ "MYIP:8448" ] }, "ConnectionReports": {}, "ConnectionErrors": { "MYIP8448": { "Message": "Get \"https://MYIP:8448/_matrix/key/v2/server\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)" } }, "Version": { "error": "Get \"matrix://matrix.domain.tld/_matrix/federation/v1/version\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)" }, "FederationOK": false }
For setting up I used this Ansible playbook.
I also tried multiple different configurations for the federation HAProxy part, but to no avail.
I am hoping someone here did setup Synapse behind HAProxy on pfSense and can help me out here.
-
Got mine working here with Pfsense, HAProxy and the same Ansible script.
Matrix Federation Tester Output{ "WellKnownResult": { "m.server": "", "result": "Get \"https://MYDOMAIN/.well-known/matrix/server\": x509: certificate has expired or is not yet valid: current time 2021-12-30T22:11:39Z is after 2019-07-20T00:20:42Z", "CacheExpiresAt": 0 }, "DNSResult": { "SRVSkipped": false, "SRVCName": "_matrix._tcp.MYDOMAIN.", "SRVRecords": [ { "Target": "matrix.MYDOMAIN.", "Port": 8448, "Priority": 10, "Weight": 0 } ], "SRVError": null, "Hosts": { "matrix.MYDOMAIN.": { "CName": "matrix.MYDOMAIN.", "Addrs": [ "MY.IP.Addr.Rss" ], "Error": null } }, "Addrs": [ "MY.IP.Addr.Rss:8448" ] }, "ConnectionReports": { "MY.IP.Addr.Rss:8448": { "Certificates": [ { "SubjectCommonName": "MYDOMAIN", "IssuerCommonName": "R3", "SHA256Fingerprint": "mNxQhNc5kh0y/m0M/lNmUT6tH/ZagjQ+yd/fHuKqwRA", "DNSNames": [ "MYDOMAIN" ] }, { "SubjectCommonName": "R3", "IssuerCommonName": "ISRG Root X1", "SHA256Fingerprint": "Z63RFmsCCuYbj1/JaBPATCqliZYHloZVcqPH5zdhPf0", "DNSNames": null }, { "SubjectCommonName": "ISRG Root X1", "IssuerCommonName": "DST Root CA X3", "SHA256Fingerprint": "bZn7Jl6xxbN0R2X8vGSPPNjhv/r9xML5m51Hz3/xwk8", "DNSNames": null } ], "Cipher": { "Version": "TLS 1.3", "CipherSuite": "TLS_AES_256_GCM_SHA384" }, "Checks": { "AllChecksOK": true, "MatchingServerName": true, "FutureValidUntilTS": true, "HasEd25519Key": true, "AllEd25519ChecksOK": true, "Ed25519Checks": { "ed25519:a_uphM": { "ValidEd25519": true, "MatchingSignature": true } }, "ValidCertificates": true }, "Errors": [], "Ed25519VerifyKeys": { "ed25519:a_uphM": "X9d+yyyMpzQ/KmWXvTScn13Iiki/k8H5tyxii9y64rw" }, "Info": {}, "Keys": { "old_verify_keys": {}, "server_name": "MYDOMAIN", "signatures": { "MYDOMAIN": { "ed25519:a_uphM": "huZnEh+oLK2aKPspuQx5iq12e0QO3I1igbx2vZ513awgDHPieRuw1JUitm1z+kvWWFu6ZCT7W1dBFHyIann3Cg" } }, "valid_until_ts": 1640988673800, "verify_keys": { "ed25519:a_uphM": { "key": "X9d+yyyMpzQ/KmWXvTScn13Iiki/k8H5tyxii9y64rw" } } } } }, "ConnectionErrors": {}, "Version": { "name": "Synapse", "version": "1.49.2" }, "FederationOK": true }
Your HAProxy Config would be helpfull
-
Hi @Baker0052 keen to share your haproxy conf. I have the same problem and cannot figure it out.