technotame last edited by
I believe it is mostly working. The link you provided gave all green checks. I think the main issue was the small amount of RAM Matrix and/or Riot was given by default. I bumped them both up to 2 gigs or so and that seemed to be the main fix.
@msbt Performed the upgrade. Everything seem to work as good as the old version. Need to manually edit Synapse and TURN config files to be able to report back on things like group video chat but 1on1 voice and video calls works regardless for me (at least between users on the same server)
Many thanks for your effort. You’re effectively enabling Matrix adoption for several communities.
thanks @yusf, glad to hear that! maybe you can share the info if something is not working out of the box for group video chat so I can adjust the code
yes @technotame, bigger channels require a lot of ram, like the #matrix:matrix.org one with several 1000s of users, <2GB probably won't do it, maybe if you're very patient, but the more the better
I’ll be sure to do that. Thanks again.
Hi @msbt! Sadly I haven't had the time to configure and test the TURN-server.
The server has been online and stable for months btw. I'm looking to expand it with app services, webhooks for instance. However, I'm unsure on how to proceed since the Cloudron app is only configured for specific ports only and so on, limiting installing app services in Cloudron user space. Would you be interested in adding a bunch of useful default but opt-in app services?
hey @yusf, happy to see other people using the package
I would be happy to add more features/packages, in this case it really needs to be added in the app itself and can't be run as a regular integration. I've been thinking about including other addons as well (this seems to be an extensive setup where we could pick things that are nice2have). Let me know what might be interesting for you and I see what I can do about it.
Although it might be a good idea if either @girish or @nebulon also take a look at those and maybe give some pointers, I don't want to spend time on something which they can either do way more quickly and/or don't want in an app at all
I've been looking at matrix-appservice-webhooks a bit and the way it works makes it a good candidate for inclusion.
It works like so:
- a webhooks bot is created
- you invite this bot to a room
- you create a new webhook with the
- the bot sends you a pm with the credentials for this specific new webhook
This means that this integrations grants an unlimited amount of webhooks, so it's not a one-time thing.
Would you be willing to look into it?
sure thing, but I probably need you to do the testing and everything, since I don't have a use-case ready to play around with give me a few days to free up some space and I'll look into it!
Thank you! While at it, check out mautrix-facebook as well, as this seems to work in a similar, multi-user fashion.
@msbt I can test too!
@msbt I can help test if needed. I use webhooks to filter by keyword and aggregate news articles, forum threads, etc.
The matrix server and riot app work great so far! Just needed a bump in memory limit when exploring the channel list from matrix.org
Recently moved from mattermost -> rocketchat and now excitedly waiting for matrix to go live in the Cloudron app store. Please let me know if there's anything I can do to help!
On the topic of App Store inclusion: how relevant is the attack vector of running Matrix and Riot on the same (sub)domain nowadays? I know that the Matrix folks used to recommended against that setup and perhaps they still do.
Is that threat still as relevant with the Cloudron/Docker setup? After all, Cloudron apps are supposed to work out of the box.
@kasini during the little time I had to try things out I didn't really get anywhere. I was having a talk with @girish a while ago and they're planning to add matrix to the app store at some point. Maybe they can have another look at it since they actually know what they're doing
And yes, it requires a lot of RAM if you want to join bigger channels, but if you keep to yourself, you should be good to go with less.
@yusf good question, if noone else does it, I'll jump on the matrix network and ask if that's still a thing to worry about
In addition to looking up security concerns of bundling Riot with Matrix, putting it in the app store also calls for a solution to a reverse proxy solution often used in federated software.
What I mean is a way of forwarding certain ports from
matrixserver.domain.tldso that user handles follows convention by ommitting the technical placement of the server itself. (Hosting the server on
domain.tldsucks for obvious reasons )
This solution would also enable more federated software with similar needs to come aboard the Cloudron ecosystem.
Is this app officially provided by Cloudron yet? What's the status? I see the gitlab repo but I don't know what that means.
Btw I would also love to see some bridges included as options. Bridging FB Messenger, whatsapp, telegram etc is essential if one is to use it for personal communication purposes.
@october As of now you have to build and install using the Cloudron CLI:
- install Cloudron CLI
- Install docker (or use cloudron build service)
git clone repo
docker build -t dockerhubusername/projectname .(Period is important at the end!)
docker push dockerhubusername/projectname
cloudron install --image dockerhubusername/projectname
That's the general way to install apps not in the cloudron app store. - If using the build service provided by cloudron, replace 5 & 6 with
maubot would be a nice inclusion in the package as well. It's a bot framework, with a GUI.
Not necessary to have inside this package at all. Only Application Services are!
Hey @msbt, the Synapse package is falling behind on releases. (1.6.0 and 1.6.1)
my bad, I did update my local repos but forgot to push, here you go
I skipped the 1.6.0 commit since it was a bit weird, wasn't showing the latest version after updating, maybe that's why I didn't push
riot is also at the latest version here
I looked into the possibility of a new try to host Riot and Synapse on the same (sub)domain. Here’s the reply:
Or is there, if it’s decided to host both on same (sub)domain, any method to reduce XSS attack probability?
Basically the attack surface is such that any code which gets executed with access to that subdomain in a browser will have access to that user's matrix access token. So if you run things like synapse or other things on same subdomain and they end up serving malicious code then bad things can happen.
It's a very narrow surface, csp can make it even more narrow.
How then to use the CSP setting??