Solved matrix.org (communication)
-
https://github.com/matrix-org/synapse
https://medium.com/@RiotChat/lets-riot-f5b0aa99dc8e#.p9qy35ruz
Run a matrix home server in the cloudron, that also can join in a federated decentralized network of many servers. Can be bridged with a lot of stuff, including IRC. Text/audio/video chats, groups, etc.
-
Initial attempt has been started:
https://git.cloudron.io/msbt/matrix-riot-app
Have deployed locally (not app store) - works great. Just need to package an additional app to do the front end (Riot). -
Just made another update, a few things weren't working properly. Everything should run a bit smoother now, but it's still a work in progress (I want it to be a dedicated identity server as well).
Not sure if it's necessary to pack the client itself, but if you want, it was already included in the version that I forked my app from (https://git.cloudron.io/joey/matrix-riot-app), maybe you could just grab the riot part and make a new app out of it.
Cheers, M
-
@msbt Your version works great so far. Do you plan to add the Riot client as well? I’m happy with just the server part but I believe I read somewhere that Cloudron Web Store apps are required a proper front-end to be published.
-
hey @yusf, glad to hear that, although I should be updating more often, there has been quite a few updates since I packed it. They say it's not good security-wise to put the client in the same place as the server, that's why I actually removed it from the initial setup that I forked. But I just updated the riot-app itself, you can check it out here: https://git.cloudron.io/msbt/riot-app
It will try to use $APP_DOMAIN as a host, which is exactly what you're not supposed to do (and won't work with the cloudron setup), so you need to edit the config file after the installation.
-
Sorry for eons time until replying. You’re right, I’ve heard about that vulnerability myself now that I think on it.
Have you considered adding mxisd? The project seem to add complete LDAP support without too much hassle which would make the package an ideal Cloudron app. https://github.com/kamax-matrix/mxisd/blob/master/docs/stores/ldap.md
-
I think I did check it out at some point, but the package as it is now already supports ldap login. I also wanted to add an identity server, but ran out of time to test it back when I built it.
-
already supports ldap login
Oh, that's great! I'm trying to install the latest app version with
cloudron build
andcloudron install
but now I get:ERROR No image found, please run `cloudron build` first or specify a `dockerImage` in the CloudronManifest [ /usr/local/lib/node_modules/cloudron/src/helper.js:68:29 ]
-
Looks like
cloudron build
was not run. Can you also make sure you are using the latest cloudron CLI?cloudron --version
will say1.7.0
. -
-
Can you try deleting ~/.cloudron.json and try again? There was a format change about 2-3 months ago and maybe the json file is in the old format/corrupt.
-
That solved my problem, thank you.
-
This post is deleted! -
@msbt Care to update the Riot package?
-
hey @yusf, sure thing, will check it out tomorrow. I haven't used it in a while because I changed to the electron desktop client, but I'll see if it's an easy update and let you know.
-
ok this was a quick fix, had a few minutes to do it, here you go:
https://git.cloudron.io/msbt/riot-app
please compare your config to the example one, not that you miss anything, but I think it's good to go like that. -
Thanks! There are some bugs with the package however. Users have to login twice to get inside.
Also, the Security & Privacy section won't open at all.
I've carefully compared my
riot_config.json
with the new one and adjusted accordingly (almost no diff). -
which version of matrix are you using?
-
@yusf I can't confirm that. I deployed it, replaced all occurences of the riot domain to the matrix/synapse one and it works right out of the box (using username to login). Are you on the latest matrix build? Might push another update in a bit as they released 0.99.2rc1 earlier today, this means the 0.99.2 should be out soon.
-
@msbt Dang, I forgot to push an update of matrix, sorry. After I did, things started working more proper.
Security & Privacy section of room settings still won't open but I’ve pinned that issue down to a specific room, the premade ”discuss” room, so let’s put that blame on Riot.
Thank you for your help and advice. Is matrix/riot coming to the app store some day?
-
that I don't know, it would require a lot more testing since I've just forked and updated someone else's repo for my own needs. 0.99.2 is out, maybe I'll do a rebuild when 1.0 is ready and add all features that are required/available.
-
I'd be interested in an integrations server app for Cloudron, built on dimension.
-
@msbt Would you bump the version please?
v1.0.5
is the latest release. -
sure thing @yusf, there you go: https://git.cloudron.io/msbt/riot-app
-
What’s the process of getting this to the App Store?
-
well, riot alone won't do much good. as for matrix: I would want to wait for v1.0 and redo the repo (v0.99.3rc1 got released today).
-
@yusf before you ask, I've just pushed the 1.0.6 update
-
@msbt Lol, I was just going to!
-
Matrix is also updated to v0.99.3: https://git.cloudron.io/msbt/matrix-riot-app
-
Btw, there's an inofficial Matrix channel at
#cloudron:matrix.org
. -
So since matrix.org’s development infrastructure got megaowned today i figured I’d put this here:
After Matrix has restored its major services, they noticed that the GPG keys used for signing packages where compromised.
The key IDs are:
AD0592FE47F0DF61
(synapse)
E019645248E8F4A1
(Riot/Web)Please make sure to no longer use those keys.
-
@msbt Errors installing Matrix app anew:
sed: can't read homeserver.yaml: No such file or directory
When looking in
/app/data
onlynginx
andsynapse
folders show, and they are both empty.Please look into it.
-
hey @yusf
I've pushed another update for the latest riot and matrix apps. I did not set up email and ignored the turn settings too, since quite a few things changed since they're heading towards v1.0 and I don't have too much time on my hands. But I tested it and login should work for Ldap users. Thanks for the info, didn't realize it wasn't working on fresh setups. -
Thanks so much, will try soon.
-
Works good so far. Email is not important in this case but TURN is, so I’m eagerly awaiting that feature.
Thank you for fixing it.
I just reread an earlier post of yours. From this version of synapse an onwards, will there be forward compatibility? It’s my bad I didn’t read it properly and of course my fault for installing unfinished packages but since I’m pretty screwed if I can’t upgrade this package later I want to inquire if that’s the case and possibly beg you to keep future versions compatible with this version. I’d help with testing if that
-
Idea: Put
index.html
in/app/data
so that it's editable. -
Building app I get deprecation warnings:
DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7.
Is that on app or box level?
-
This message is on app-level but valid nonetheless. In a week (10th of June) there should be the release of v1.0 and I'll do a rebuild of the container with python 3 and hopefully audio/video support. I'll keep you posted.
-
That is great, thank you!
-
fyi, v1.0.0 got released earlier and I'm working on it. Everything is looking good so far, the only things that aren't working at the moment are videocalls (audio is working) and the integration server, not sure why. Will keep you posted and eventually push the "final" version so people can test it.
-
That’s exciting. Your work is much appreciated, @msbt .
-
alright alright alright, v1.0.0 is (mostly) working, as far as I can see only the videochat feature is missing, I'll further investigate when I have the time. Other than that it seems to be looking good, changed to python3, registration including email & activation is working, url preview (which wasn't always before), introduced a new healthcheck page.
Grab it from here and let me know if you encounter any other issues. Not sure if upgrading from older versions work flawlessly, since quite a few config items got introduced and some are required. So if it doesn't work from scratch, install a fresh one on another domain and compare with your current one before upgrading.
Possible things that might need changing if you want the features (depending on the the version you first installed it) in homeserver.yaml:
enable_notifs: true comment #template_dir require_transport_security: false comment #riot_base_url add public_base_url: https://yourmatrixserver.com change case url_preview_enabled: true comment '172.18.0.0/12' in url_preview_ip_range_blacklist
The Riot app also got pushed to 1.2.2, available here as usual.
-
ok this is embarrassing, videochat was working all along, only my strict windows settings prohibited me from using it
-
Nice work! From a glance I can't see anything breaking when upgrading the Matrix package.
Is federation working for you though?
Log.
-
Thanks for working on this! I've tested it out and it works great so far, both Matrix and Riot.
One issue I see, and this may just be me not being very familiar with Matrix, is that when I go to search the room directory for Matrix.org, I get
Riot failed to get the public room list. Internal server error
. I don't know if I am supposed to be able to search and connect to Matrix.org rooms, but I thought I should be able to. Is this a bug or just me?Thanks again!
-
Ah nice catch, I haven't tested federation because it used to work. This could be for a number of reasons, either new regular homeserver settings, nginx config or cors related issues. I'll try to narrow it down, thanks for reporting!
-
@msbt I can test if there is a need for that.
-
@msbt I noticed this app does not actually have Riot front end? Also is the identity server implemented?
Edit: for the federation errors, here is my relevant log line(s):
2019-06-21 19:25:33,552 - synapse.http.matrixfederationclient - 433 - INFO - POST-317 - {GET-O-4} [matrix.org] Got response headers: 401 Unauthorized 2019-06-21 19:25:33,553 - synapse.http.matrixfederationclient - 517 - WARNING - POST-317 - {GET-O-4} [matrix.org] Request failed: GET matrix://matrix.org/_matrix/federation/v1/publicRooms?include_all_networks=true&limit=20: HttpResponseException("401: b'Unauthorized'",) 2019-06-21 19:25:33,554 - synapse.http.server - 112 - ERROR - POST-317 - Failed handle request via 'PublicRoomListRestServlet': <XForwardedForRequest at 0x7f13e8464ba8 method='POST' uri='/_matrix/client/r0/publicRooms?server=matrix.org' clientproto='HTTP/1.0' site=8008> Traceback (most recent call last): File "/usr/local/lib/python3.6/dist-packages/synapse/http/server.py", line 81, in wrapped_request_handler yield h(self, request) File "/usr/local/lib/python3.6/dist-packages/twisted/internet/defer.py", line 1416, in _inlineCallbacks result = result.throwExceptionIntoGenerator(g) File "/usr/local/lib/python3.6/dist-packages/twisted/python/failure.py", line 512, in throwExceptionIntoGenerator return g.throw(self.type, self.value, self.tb) File "/usr/local/lib/python3.6/dist-packages/synapse/http/server.py", line 316, in _async_render callback_return = yield callback(request, **kwargs) File "/usr/local/lib/python3.6/dist-packages/twisted/internet/defer.py", line 1416, in _inlineCallbacks result = result.throwExceptionIntoGenerator(g) File "/usr/local/lib/python3.6/dist-packages/twisted/python/failure.py", line 512, in throwExceptionIntoGenerator return g.throw(self.type, self.value, self.tb) File "/usr/local/lib/python3.6/dist-packages/synapse/rest/client/v1/room.py", line 387, in on_POST third_party_instance_id=third_party_instance_id, File "/usr/local/lib/python3.6/dist-packages/twisted/internet/defer.py", line 1416, in _inlineCallbacks result = result.throwExceptionIntoGenerator(g) File "/usr/local/lib/python3.6/dist-packages/twisted/python/failure.py", line 512, in throwExceptionIntoGenerator return g.throw(self.type, self.value, self.tb) File "/usr/local/lib/python3.6/dist-packages/synapse/handlers/room_list.py", line 467, in get_remote_public_room_list third_party_instance_id=third_party_instance_id, File "/usr/local/lib/python3.6/dist-packages/twisted/internet/defer.py", line 1416, in _inlineCallbacks result = result.throwExceptionIntoGenerator(g) File "/usr/local/lib/python3.6/dist-packages/twisted/python/failure.py", line 512, in throwExceptionIntoGenerator return g.throw(self.type, self.value, self.tb) File "/usr/local/lib/python3.6/dist-packages/synapse/federation/transport/client.py", line 348, in get_public_rooms ignore_backoff=True, File "/usr/local/lib/python3.6/dist-packages/twisted/internet/defer.py", line 1416, in _inlineCallbacks result = result.throwExceptionIntoGenerator(g) File "/usr/local/lib/python3.6/dist-packages/twisted/python/failure.py", line 512, in throwExceptionIntoGenerator return g.throw(self.type, self.value, self.tb) File "/usr/local/lib/python3.6/dist-packages/synapse/http/matrixfederationclient.py", line 760, in get_json timeout=timeout, File "/usr/local/lib/python3.6/dist-packages/twisted/internet/defer.py", line 1416, in _inlineCallbacks result = result.throwExceptionIntoGenerator(g) File "/usr/local/lib/python3.6/dist-packages/twisted/python/failure.py", line 512, in throwExceptionIntoGenerator return g.throw(self.type, self.value, self.tb) File "/usr/local/lib/python3.6/dist-packages/synapse/http/matrixfederationclient.py", line 248, in _send_request_with_optional_trailing_slash request, **send_request_args File "/usr/local/lib/python3.6/dist-packages/twisted/internet/defer.py", line 1418, in _inlineCallbacks result = g.send(result) File "/usr/local/lib/python3.6/dist-packages/synapse/http/matrixfederationclient.py", line 472, in _send_request raise e synapse.api.errors.HttpResponseException: 401: b'Unauthorized'
-
@murgero yes, the riot frontend is here: https://git.cloudron.io/msbt/riot-app - the devs suggested not to run both on the same machine, splitting the apps was the way to go. The identity server is also not implemented (yet), so the registration uses vector.im at the moment.
Thanks for your input, I'll review the changes and try to figure out the point where the federation stopped working.
-
Also check my log records in https://forum.cloudron.io/post/3817
-
Any news on federation?
Edit: I know the devs for Cloudron recommended that these apps be separated, however I believe they would be better together (maybe a 3rd app that includes both?) because:Users can get confused on the domains (logging into riot.example.com, but user is matrix.example.com)Having them in the same place can allow for better troubleshooting, and in some cases, is just more convenient.Easier to update both at the same time, then to have to rebuild the app twice.
-
This is no recommendation from cloudron, but from the riot-devs themselves: https://github.com/vector-im/riot-web#important-security-note
I didn't have time to look further into the federation issue, maybe I'll find some time this weekend, sorry for the delay.
-
@msbt Ah my bad on misinterpreting that. and No worries. This is awesome work and worth the wait!
-
Recently learned that federation is needed for integrations to work so it's important for any integrations as well.
-
Weirdly enough, integrations are working, but federation is not... Is it possible, that the requests are being denied by cloudron and not the app @nebulon @girish? I remember we had the embedding feature which got removed and will eventually be replaced with CSP. I've tried several things, but I don't really know how to fix it... I'll jump on the matrix network and ask there if they have a clue.
-
@msbt Is there anything in the browser console? CSP/X-Frame related issue will be printed in browser console.
-
federation is working, thanks to the help of the synapse admins and community! Please grab the latest version from here and let me know if it also works for you. You might need to adjust the homeserver.yaml again, probably best if you install a fresh one and compare the config. There might be some finetuning required for preview and such, but since I'm on vacation, that's a topic for another day
-
@msbt That's weird, I installed a fresh Matrix server, still getting error 500 XHR requests when trying to federate to another room off-server. (though I can list rooms now???)
-
Alright so federation is working but some rooms don't (maybe they time out because a bridge is down??)
-
@msbt Many thanks! Can’t wait to try it.