• sure thing, but I probably need you to do the testing and everything, since I don't have a use-case ready to play around with πŸ˜‰ give me a few days to free up some space and I'll look into it!

  • Thank you! While at it, check out mautrix-facebook as well, as this seems to work in a similar, multi-user fashion.

  • @msbt I can test too!

  • @msbt I can help test if needed. I use webhooks to filter by keyword and aggregate news articles, forum threads, etc.

    The matrix server and riot app work great so far! Just needed a bump in memory limit when exploring the channel list from

    Recently moved from mattermost -> rocketchat and now excitedly waiting for matrix to go live in the Cloudron app store. Please let me know if there's anything I can do to help!

  • On the topic of App Store inclusion: how relevant is the attack vector of running Matrix and Riot on the same (sub)domain nowadays? I know that the Matrix folks used to recommended against that setup and perhaps they still do.

    Is that threat still as relevant with the Cloudron/Docker setup? After all, Cloudron apps are supposed to work out of the box.

  • @kasini during the little time I had to try things out I didn't really get anywhere. I was having a talk with @girish a while ago and they're planning to add matrix to the app store at some point. Maybe they can have another look at it since they actually know what they're doing πŸ˜‰

    And yes, it requires a lot of RAM if you want to join bigger channels, but if you keep to yourself, you should be good to go with less.

    @yusf good question, if noone else does it, I'll jump on the matrix network and ask if that's still a thing to worry about

  • In addition to looking up security concerns of bundling Riot with Matrix, putting it in the app store also calls for a solution to a reverse proxy solution often used in federated software.

    What I mean is a way of forwarding certain ports from domain.tld to matrixserver.domain.tld so that user handles follows convention by ommitting the technical placement of the server itself. (Hosting the server on domain.tld sucks for obvious reasons πŸ˜„)

    This solution would also enable more federated software with similar needs to come aboard the Cloudron ecosystem.

  • Is this app officially provided by Cloudron yet? What's the status? I see the gitlab repo but I don't know what that means.

    Btw I would also love to see some bridges included as options. Bridging FB Messenger, whatsapp, telegram etc is essential if one is to use it for personal communication purposes.

  • @october As of now you have to build and install using the Cloudron CLI:

    1. install Cloudron CLI
    2. Install docker (or use cloudron build service)
    3. git clone repo
    4. cd repo
    5. docker build -t dockerhubusername/projectname . (Period is important at the end!)
    6. docker push dockerhubusername/projectname
    7. cloudron login
    8. cloudron install --image dockerhubusername/projectname

    That's the general way to install apps not in the cloudron app store. - If using the build service provided by cloudron, replace 5 & 6 with cloudron build

  • maubot would be a nice inclusion in the package as well. It's a bot framework, with a GUI.

    Not necessary to have inside this package at all. Only Application Services are!

  • Hey @msbt, the Synapse package is falling behind on releases. (1.6.0 and 1.6.1) πŸ™‚

  • my bad, I did update my local repos but forgot to push, here you go

    I skipped the 1.6.0 commit since it was a bit weird, wasn't showing the latest version after updating, maybe that's why I didn't push πŸ˜‰

    riot is also at the latest version here

  • I looked into the possibility of a new try to host Riot and Synapse on the same (sub)domain. Here’s the reply:

    Or is there, if it’s decided to host both on same (sub)domain, any method to reduce XSS attack probability?

    Riot dude:
    Basically the attack surface is such that any code which gets executed with access to that subdomain in a browser will have access to that user's matrix access token. So if you run things like synapse or other things on same subdomain and they end up serving malicious code then bad things can happen.

    It's a very narrow surface, csp can make it even more narrow.

    How then to use the CSP setting??

  • Another useful tool to possibly embed in this app package is matrix-corporal, though as an opt-in by default (enabled but void of policy)

Log in to reply