Cloudron Forum

I did some digging, this is what I think is needed: The current package uses: Synapse v1.144.0 (which is compatible - MAS requires v1.136.0+) Cloudron OIDC for SSO (traditional OIDC provider approach) PostgreSQL as the database Standard Matrix authentication endpoints What MAS Integration Requires MAS is fundamentally different from traditional OIDC - it's not just another identity provider, but a complete replacement for Synapse's internal authentication system per MSC3861. It needs: 1. MAS Service Deployment MAS needs to run as a separate service (not just a config change) It requires its own separate PostgreSQL database It needs its own domain/subdomain (e.g., auth.matrix.example.com) Docker image: ghcr.io/element-hq/matrix-authentication-service:latest 2. MAS Configuration Requirements Encryption secrets and signing keys (RSA minimum) Connection to Synapse via shared secret Database configuration for its own PostgreSQL database HTTP listener configuration Email configuration for password recovery Policy configuration (WASM file) 3. Synapse Configuration Changes Replace traditional OIDC with matrix_authentication_service section: matrix_authentication_service: enabled: true endpoint: http://mas-internal:8080/ secret: "SharedSecretWithMAS" 4. Reverse Proxy Changes These Matrix endpoints must be routed to MAS (not Synapse): /_matrix/client/*/login /_matrix/client/*/logout /_matrix/client/*/refresh 5. User Migration (For Existing Deployments) MAS includes syn2mas tool to migrate: Existing password hashes (bcrypt → argon2id) Sessions and devices Access tokens Upstream IdP mappings

@humptydumpty i really want search working on the browser and mobile app

I clarified in https://docs.cloudron.io/apps/synapse/#admin that there is no admin UI

Just answering my own question: Following some more digging we can just use vector.im or matrix.org. In fact browsing to my Element web app on mobile suggests I configure the native mobile app using vector.im. However, when I do, I get errors suggesting something ain't right. I set the well known and even opened 8448 in my fw. Any help @girish or @nebulon can give to help a poor, tired sysadmin out? please [image: 1672617683381-screenshot_20230101-235616_element-resized.jpg] [image: 1672617727627-screenshot_20230101-235656_element-resized.jpg] [image: 1672617760653-screenshot_20230102-000223_brave-resized.jpg] oh, yeah ... and Happy New Year!

@girish said in Matrix / Element First Run - Cannot login: @LoudLemur you have to login with Cloudron username/password. Thanks, that solved it. I think it might help if this information is included in the "First Run" section. How can I mark this "Solved"?

@ApplegateR It is working now

@jdaviescoates Came across this other day too!

@nebulon said in Question regarding setting up sydent as an identity server: . Ok, yes I haven't installed it via cloudron. Thank you for the reply!

@murgero I thought your comment was good, in fact Because @nebulon said, don't update Cloudron (but it doesn't affect existing installations). I will edit his post.

Zulip is quite different UI-wise from other chat applications. It's concept of threads/topics may or may not be confusing depending on what previous chat application you used. https://rust-lang.zulipchat.com/ is rust lang's zulip instance if you want to check it out. Does anyone have experiences to share about Zulip here?

Locking this, please see other topic.

@msbt I have upped the memory to 2GB and since, this error : Oct 08 15:22:37 /app/pkg/start.sh: line 82: 101 Killed gosu cloudron:cloudron python3 -m synapse.app.homeserver --config-path /app/data/configs/homeserver.yaml is completely gone. But I'm still stuck at the same : even joining little rooms does not work, or works "randomly" ?

@girish I needed it to be able to properly federate with other Matrix servers. Like I said, it was pretty weird.

@xavierl You practically can. Just grant no Cloudron users access to it while also enabling open registration in the Matrix app internal settings.

@scooke No problem It's quite confusing because I have been leaving various bits of progress all over this forum in various places... Just to give an update on the current status. I have gotten synapse published. I put some initial docs at https://cloudron.io/documentation/apps/synapse/ (reading that now, there seems to a big wall of text. I have to simplify it). I am publishing riot now. But both the apps require Cloudron 5.1.4 which is now going through our CI. In 5.1.4, we have a way to add .well-known docs which is required for synapse/riot to work. Hopefully, we should be in a releasable state tomorrow.