Possibility to configure a different domain for Synapse

yajo · May 25, 2020, 9:33pm

Summary
Synapse possibility of separate domain from server domain.

Problem
When Synapse is installed, it allows to choose homeserver domain.

However, it only allows to choose the domain of the freedombox. But imagine I own example.com and have freedombox in box.example.com. In such case, Matrix supports having @user:example.com instead of @user:box.example.com. You can configure that by adding a SRV DNS record or adding a /.well-known/matrix/server file that defines that.

Matrix would only require to have TLS on box.example.com, but right now, in freedombox, if I configure it as example.com (in system > configure) and then install synapse and set its domain as example.com, installation fails with:

may 25 22:21:12 box /usr/bin/plinth[501]: Internal Server Error: /plinth/apps/matrixsynapse/setup/
                                          Traceback (most recent call last):
                                            File "/usr/lib/python3/dist-packages/django/core/handlers/exception.py", line 41, in inner
                                              response = get_response(request)
                                            File "/usr/lib/python3/dist-packages/django/core/handlers/base.py", line 187, in _get_response
                                              response = self.process_exception_by_middleware(e, request)
                                            File "/usr/lib/python3/dist-packages/django/core/handlers/base.py", line 185, in _get_response
                                              response = wrapped_callback(request, *callback_args, **callback_kwargs)
                                            File "/usr/lib/python3/dist-packages/django/views/generic/base.py", line 68, in view
                                              return self.dispatch(request, *args, **kwargs)
                                            File "/usr/lib/python3/dist-packages/django/views/generic/base.py", line 88, in dispatch
                                              return handler(request, *args, **kwargs)
                                            File "/usr/lib/python3/dist-packages/django/views/generic/edit.py", line 183, in post
                                              return self.form_valid(form)
                                            File "/usr/lib/python3/dist-packages/plinth/modules/matrixsynapse/views.py", line 47, in form_valid
                                              ['setup', '--domain-name', domain_name])
                                            File "/usr/lib/python3/dist-packages/plinth/actions.py", line 118, in superuser_run
                                              log_error=log_error)
                                            File "/usr/lib/python3/dist-packages/plinth/actions.py", line 208, in _run
                                              raise ActionError(action, output, error)
                                          plinth.errors.ActionError: ('matrixsynapse', '', 'Use of uninitialized value $item in hash element at /usr/share/perl5/Debconf/DbDriver/File.pm line 85, <__ANONIO__> chunk 1.\nUse of uninitialized value $item in hash element at /usr/share/perl5/Debconf/DbDriver/File.pm line 85, <__ANONIO__> chunk 1.\nTraceback (most recent call last):\n  File "/usr/share/plinth/actions/matrixsynapse", line 251, in <module>\n    main()\n  File "/usr/share/plinth/actions/matrixsynapse", line 247, in main\n    sub_command_method(arguments)\n  File "/usr/share/plinth/actions/matrixsynapse", line 169, in subcommand_setup\n    _update_tls_certificate()\n  File "/usr/share/plinth/actions/matrixsynapse", line 117, in _update_tls_certificate\n    shutil.copyfile(source_certificate_path, dest_certificate_path)\n  File "/usr/lib/python3.7/shutil.py", line 120, in copyfile\n    with open(src, \'rb\') as fsrc:\nFileNotFoundError: [Errno 2] No such file or directory: \'/etc/letsencrypt/live/example.com/fullchain.pem\'\n')

Solution
Although the easiest solution is to just support @user:box.example.com, the prettiest solution is to use @user:example.com. It would be great if Freedombox supported those 2 separate settings. Maybe calling them “Server name” (example.com) and “Server location” (box.example.com). “Server name” would be an advanced setting, as it requires altering some DNS records or servers that may or may not be in the same server.

Alternatives
Just stick with @user:box.example.com. Not elegant, but works.

fred1m · May 26, 2020, 10:34am

Hello @yajo,

this post helped me to have TLS doing well with myfbx.mydom.tech and *.mydom.tech so I have @user:mydom.tech with FreedomBox matrix-synapse server.

I hope this may help you.

NickA · May 26, 2020, 2:30pm

It could be of great value, not just for synapse, to be generally able to configure freedombox with multiple domain names, incl. optional dyndns updates, and to make apps available by selecting from the list of configured domains (plus entering an optional path field).

yajo · May 26, 2020, 3:00pm

Thanks, but that is more a workaround, as really it’s not a requirement to have the root domain cert to configure a non-root domain as root domain’s matrix server.

sunil · May 26, 2020, 5:53pm

We have been eyeing to make this happen for a while now. We need sort out some basic infrastructure for this first however. We need a reliable dyndns services that allows to have our own name server for all the subdomains or assign wildcard for all subdomains to our domain. For the case where user owns their domain, we need to way to confirm that this was setup properly. We are likely to make some progress this year on all of these items. Then we can start configuring a domain for each app instead of subpath.

Allowing configuration of multiple domains is something we should be able to handle sooner.

The use case in original post is somewhat more advanced.

sunil · May 26, 2020, 6:02pm

For the multiple domains issue, I created: https://salsa.debian.org/freedombox-team/freedombox/-/issues/1866

NickA · May 26, 2020, 8:55pm

Thanks, that’s good news. What I didn’t quite understand yet is why you explicitly mention and limit it to static domains, and why the implementation would be tied to new infrastructure features.

I was thinking that it would not make any difference for the domain configuration (if e.g. configuring his.name, her.name and sports.club)

Including the thoughts from other thread we had, I’d picture the dyndns configuration like a separate app to configure optional update methods for the configured domains. (It would start out in fallback mode, running a dyndns client on the freedombox but displaying information and a reminder to configure the router to redirect its configured dyndns update requests to the freedombox).

Then, when the freedombox receives a redirected update request from the router, let that trigger an update to all configured dyndns domains and start checking the validity of the current IP locally by using it to fetch an identifieable resource of the freedombox (no time based dyndns updates as long as the IP is still valid). (This may need a second (dhcp) IP to redirect the routers dyndns request to, and some trickery to actually send out packages from the second IP to the current external IP, so they come back from the router if the IP is still valid.)

If there are dyndns nameservers that can be made aware that multiple domains are hosted on the same IP, then it would only be necessary to configure (EDIT: or actually only trigger) dynamic updates for one of these domains.