Matrix Synapse errors

0x17 · August 3, 2023, 11:25am

Hello,

I setup a Matrix-Synapse Homeserver on NixOS. Matrix, NGINX and other services are running.

Error #1:
I tested my Matrix-Synapse Homeserver with federationtester.matrix.org and I get the errormessage:

Get "https://*IP*:8448/_matrix/key/v2/server": dial tcp *IP*:8448: connect: connection refused

Where is the problem and how do I solve this?

Error #2:
When I log in with my user in Fluffychat I got the Error message:

The homeserver support spec versions: "r0.0.1, r0.1.0, r0.2.0, r0.3.0, r0.4.0, r0.5.0, r0.6.0, r0.6.1" But this App supports: "v1.1, v1.2"

I installed synapse from the stable packages with version 1.89.0
Maybe the problem is error nr. 1 so I’m focused to solve this first.

Here are my configuration.nix ({ config, pkgs, ... }: { imports = [ ./hardware-configuration.nix . - Pastebin.com) and the synapse.nix ({ pkgs, lib, config, ... }:let fqdn = "m.metacortex.space"; clientConfig - Pastebin.com)

I hope someone knows what to do
Thanks

rnhmjoj · August 3, 2023, 11:41am

I see you have port 8448 in the firewall rules: you’re not supposed to expose that directly (unless you take care of provisioning the certificates for TLS). You should only open 443.

Also, it seems you forgot to use mkWellKnown. See here for a working example.

0x17 · August 8, 2023, 11:57pm

I removed the port 8448 from the firewall settings as recommended.

I added the well-known components and now the tests pass in federation tester.

When I try to connect with fluffychat / elements both apps say that the server does not exist.
Do you know where I have to look to fix this new problem?

EDIT: first federation tester failed with 404 but I change the config and now it passes

rnhmjoj · August 9, 2023, 9:35am

I’ve had this reported to me about my homeserver as well, it was transient in my case. I have yet to investigate what it actually means.

0x17 · August 10, 2023, 8:15am

OK. I play around with the config. Now elements & fluffy chat recognize my server.
But I can not log in. When I try to register a new user (like here: NixOS 23.05 manual | Nix & NixOS) I got the following message:

ERROR! Received 400 Bad Request
Shared secret registration is not enabled

I thought I enabled it with:

  services.matrix-synapse.extraConfigFiles = [
  	"/etc/nixos/modules/matrix-shared-secret" ];

Content:
registration_shared_secret: secret

but when I have a look in the homeserver.yaml the secret is not set.
Maybe this could be the problem.

My working synapse.nix:

{ pkgs, lib, config, ... }:
{
  services.postgresql.enable = true;
  services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" ''
    CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'XXX';
    CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
      TEMPLATE template0
      LC_COLLATE = "C"
      LC_CTYPE = "C";
  '';

  services.matrix-synapse = {
    enable = true;
    settings.server_name = "m.metacortex.space";
    settings.enable_metrics = true;

    settings.database.name = "psycopg2";
    settings.database.args = {
      	user = "matrix-synapse";
	password = "XXX";
    };
    settings.listeners = [
      {
        bind_addresses = [ "localhost" ];
	port = 8448;
	tls = false;
       resources = [
          { compress = true; names = ["client" "federation"]; }
	  { compress = false; names = [ "federation" ]; }
        ];
	type = "http";
	x_forwarded = false;
      }
      {
	bind_addresses = [ "127.0.0.1" ];
	port = 8008;
	resources = [ { compress = true; names = [ "client" "federation" ]; }
	];
	tls = false;
	type = "http";
	x_forwarded = true;
      }

    ];
  };
  services.matrix-synapse.extraConfigFiles = [
  	"/etc/nixos/modules/matrix-shared-secret" ];

}

any ideas?

dmo84 · September 3, 2023, 10:55am

You won’t find your options defined in extraConfigFiles in the homeserver.yaml because the files defined in extraConfigFiles are passed to synapse via the --config <path-to-file> argument.

You should see your extraConfigFiles pathes if you run

systemctl status systemctl status matrix-synapse.service | grep -e "--config"

besides of that I recognised that you have defined two synapse listeners on the loopback interface. One defined for localhost on port 8448 and another one defined for 127.0.0.1 on port 8008. Especially because they are configured differently (different ports, compress option and x_forwarded option).
This looks awkward to me.

Assuming you have a IPv4 configuration I would suggest to remove the first listener and test your configuration only with the following config:

services.matrix-synapse = {
      enable = true;
      settings.server_name = "m.metacortex.space";
      settings.enable_metrics = true;
      settings.database.args = {
          password = "XXX";
      };
      settings.listeners = [
        {
          bind_addresses = [ "127.0.0.1" ];
          port = 8008;
          resources = [ 
            { compress = true; 
              names = [ "client" "federation" ]; 
            }
          ];
          tls = false;
          type = "http";
          x_forwarded = true;
        }
      ];
    };