Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Solved Matrix Federation not working - curl works but Federation Tester doesn't

    Matrix (Synapse/Element)
    3
    11
    66
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Supaiku
      Supaiku last edited by Supaiku

      Curl -L is returning the correct response to :433 but the Federation Tester returns:

      Get "https://[serveripaddress]:8448/_matrix/key/v2/server": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
      

      External rooms are "not accessible at this time"

      The matrix server locaiton is set in cloudron with :443 set explicity
      there is an app (wordpress install) on the bare domain name.

      murgero 1 Reply Last reply Reply Quote 1
      • jdaviescoates
        jdaviescoates last edited by

        had never checked previously, but same:

        Screenshot_20230102-205603_Firefox.png

        Looks like perhaps we need to add some DNS records that it isn't finding

        Here is the json report

        {
          "WellKnownResult": {
            "m.server": "",
            "result": "No .well-known found",
            "CacheExpiresAt": 0
          },
          "DNSResult": {
            "SRVSkipped": false,
            "SRVCName": "",
            "SRVRecords": null,
            "SRVError": {
              "Message": "lookup _matrix._tcp.chat.uniteddiversity.coop on 8.8.8.8:53: no such host"
            },
            "Hosts": {
              "chat.uniteddiversity.coop": {
                "CName": "chat.uniteddiversity.coop.",
                "Addrs": [
                  "89.58.52.168"
                ],
                "Error": null
              }
            },
            "Addrs": [
              "89.58.52.168:8448"
            ]
          },
          "ConnectionReports": {},
          "ConnectionErrors": {
            "89.58.52.168:8448": {
              "Message": "Get \"https://89.58.52.168:8448/_matrix/key/v2/server\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"
            }
          },
          "Version": {
            "error": "Get \"matrix://chat.uniteddiversity.coop/_matrix/federation/v1/version\": dial tcp 89.58.52.168:8448: i/o timeout"
          },
          "FederationOK": false
        }
        

        I'm on my phone but I think that gives some clues as to what needs adding.

        Hopefully @staff can update the package to automate adding the necessary entries needed to make this work.

        I use Cloudron with Gandi & Hetzner

        jdaviescoates murgero 2 Replies Last reply Reply Quote 0
        • jdaviescoates
          jdaviescoates @jdaviescoates last edited by

          This is what I get when testing matrix.org

          Screenshot_20230102-210309_Firefox.png

          {
            "WellKnownResult": {
              "m.server": "matrix-federation.matrix.org:443",
              "CacheExpiresAt": 1672707841
            },
            "DNSResult": {
              "SRVSkipped": true,
              "SRVCName": "",
              "SRVRecords": null,
              "SRVError": null,
              "Hosts": {
                "matrix-federation.matrix.org": {
                  "CName": "matrix-federation.matrix.org.",
                  "Addrs": [
                    "2606:4700:10::ac43:135a",
                    "2606:4700:10::6814:c825",
                    "2606:4700:10::6814:c925",
                    "104.20.200.37",
                    "172.67.19.90",
                    "104.20.201.37"
                  ],
                  "Error": null
                }
              },
              "Addrs": [
                "[2606:4700:10::ac43:135a]:443",
                "[2606:4700:10::6814:c825]:443",
                "[2606:4700:10::6814:c925]:443",
                "104.20.200.37:443",
                "172.67.19.90:443",
                "104.20.201.37:443"
              ]
            },
            "ConnectionReports": {
              "104.20.200.37:443": {
                "Certificates": [
                  {
                    "SubjectCommonName": "sni.cloudflaressl.com",
                    "IssuerCommonName": "Cloudflare Inc ECC CA-3",
                    "SHA256Fingerprint": "kBX1oyhKwmIT6Tm+cwaR+UvttEmkpHypQcUTPHWrJqU",
                    "DNSNames": [
                      "matrix.org",
                      "*.matrix.org",
                      "sni.cloudflaressl.com"
                    ]
                  },
                  {
                    "SubjectCommonName": "Cloudflare Inc ECC CA-3",
                    "IssuerCommonName": "Baltimore CyberTrust Root",
                    "SHA256Fingerprint": "OrvmPa91bFAWtrhfUgFf2Oisvid8UIexJ6YFY6hB7Yo",
                    "DNSNames": null
                  }
                ],
                "Cipher": {
                  "Version": "TLS 1.3",
                  "CipherSuite": "TLS_AES_128_GCM_SHA256"
                },
                "Checks": {
                  "AllChecksOK": true,
                  "MatchingServerName": true,
                  "FutureValidUntilTS": true,
                  "HasEd25519Key": true,
                  "AllEd25519ChecksOK": true,
                  "Ed25519Checks": {
                    "ed25519:a_RXGa": {
                      "ValidEd25519": true,
                      "MatchingSignature": true
                    }
                  },
                  "ValidCertificates": true
                },
                "Errors": [],
                "Ed25519VerifyKeys": {
                  "ed25519:a_RXGa": "l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ"
                },
                "Info": {},
                "Keys": {
                  "old_verify_keys": {
                    "ed25519:auto": {
                      "expired_ts": 1576767829750,
                      "key": "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
                    }
                  },
                  "server_name": "matrix.org",
                  "signatures": {
                    "matrix.org": {
                      "ed25519:a_RXGa": "+/oYcZdYctgxcZCCrP4wx5S3rc1+2pbdpv3sJkKBpqn/uhJd+7+NPd9hUb3HBw+CVjjGugNSznM3RUgri4kQAQ"
                    }
                  },
                  "valid_until_ts": 1672751664505,
                  "verify_keys": {
                    "ed25519:a_RXGa": {
                      "key": "l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ"
                    }
                  }
                }
              },
              "104.20.201.37:443": {
                "Certificates": [
                  {
                    "SubjectCommonName": "sni.cloudflaressl.com",
                    "IssuerCommonName": "Cloudflare Inc ECC CA-3",
                    "SHA256Fingerprint": "kBX1oyhKwmIT6Tm+cwaR+UvttEmkpHypQcUTPHWrJqU",
                    "DNSNames": [
                      "matrix.org",
                      "*.matrix.org",
                      "sni.cloudflaressl.com"
                    ]
                  },
                  {
                    "SubjectCommonName": "Cloudflare Inc ECC CA-3",
                    "IssuerCommonName": "Baltimore CyberTrust Root",
                    "SHA256Fingerprint": "OrvmPa91bFAWtrhfUgFf2Oisvid8UIexJ6YFY6hB7Yo",
                    "DNSNames": null
                  }
                ],
                "Cipher": {
                  "Version": "TLS 1.3",
                  "CipherSuite": "TLS_AES_128_GCM_SHA256"
                },
                "Checks": {
                  "AllChecksOK": true,
                  "MatchingServerName": true,
                  "FutureValidUntilTS": true,
                  "HasEd25519Key": true,
                  "AllEd25519ChecksOK": true,
                  "Ed25519Checks": {
                    "ed25519:a_RXGa": {
                      "ValidEd25519": true,
                      "MatchingSignature": true
                    }
                  },
                  "ValidCertificates": true
                },
                "Errors": [],
                "Ed25519VerifyKeys": {
                  "ed25519:a_RXGa": "l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ"
                },
                "Info": {},
                "Keys": {
                  "old_verify_keys": {
                    "ed25519:auto": {
                      "expired_ts": 1576767829750,
                      "key": "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
                    }
                  },
                  "server_name": "matrix.org",
                  "signatures": {
                    "matrix.org": {
                      "ed25519:a_RXGa": "+/oYcZdYctgxcZCCrP4wx5S3rc1+2pbdpv3sJkKBpqn/uhJd+7+NPd9hUb3HBw+CVjjGugNSznM3RUgri4kQAQ"
                    }
                  },
                  "valid_until_ts": 1672751664505,
                  "verify_keys": {
                    "ed25519:a_RXGa": {
                      "key": "l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ"
                    }
                  }
                }
              },
              "172.67.19.90:443": {
                "Certificates": [
                  {
                    "SubjectCommonName": "sni.cloudflaressl.com",
                    "IssuerCommonName": "Cloudflare Inc ECC CA-3",
                    "SHA256Fingerprint": "kBX1oyhKwmIT6Tm+cwaR+UvttEmkpHypQcUTPHWrJqU",
                    "DNSNames": [
                      "matrix.org",
                      "*.matrix.org",
                      "sni.cloudflaressl.com"
                    ]
                  },
                  {
                    "SubjectCommonName": "Cloudflare Inc ECC CA-3",
                    "IssuerCommonName": "Baltimore CyberTrust Root",
                    "SHA256Fingerprint": "OrvmPa91bFAWtrhfUgFf2Oisvid8UIexJ6YFY6hB7Yo",
                    "DNSNames": null
                  }
                ],
                "Cipher": {
                  "Version": "TLS 1.3",
                  "CipherSuite": "TLS_AES_128_GCM_SHA256"
                },
                "Checks": {
                  "AllChecksOK": true,
                  "MatchingServerName": true,
                  "FutureValidUntilTS": true,
                  "HasEd25519Key": true,
                  "AllEd25519ChecksOK": true,
                  "Ed25519Checks": {
                    "ed25519:a_RXGa": {
                      "ValidEd25519": true,
                      "MatchingSignature": true
                    }
                  },
                  "ValidCertificates": true
                },
                "Errors": [],
                "Ed25519VerifyKeys": {
                  "ed25519:a_RXGa": "l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ"
                },
                "Info": {},
                "Keys": {
                  "old_verify_keys": {
                    "ed25519:auto": {
                      "expired_ts": 1576767829750,
                      "key": "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
                    }
                  },
                  "server_name": "matrix.org",
                  "signatures": {
                    "matrix.org": {
                      "ed25519:a_RXGa": "+/oYcZdYctgxcZCCrP4wx5S3rc1+2pbdpv3sJkKBpqn/uhJd+7+NPd9hUb3HBw+CVjjGugNSznM3RUgri4kQAQ"
                    }
                  },
                  "valid_until_ts": 1672751664505,
                  "verify_keys": {
                    "ed25519:a_RXGa": {
                      "key": "l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ"
                    }
                  }
                }
              },
              "[2606:4700:10::6814:c825]:443": {
                "Certificates": [
                  {
                    "SubjectCommonName": "sni.cloudflaressl.com",
                    "IssuerCommonName": "Cloudflare Inc ECC CA-3",
                    "SHA256Fingerprint": "kBX1oyhKwmIT6Tm+cwaR+UvttEmkpHypQcUTPHWrJqU",
                    "DNSNames": [
                      "matrix.org",
                      "*.matrix.org",
                      "sni.cloudflaressl.com"
                    ]
                  },
                  {
                    "SubjectCommonName": "Cloudflare Inc ECC CA-3",
                    "IssuerCommonName": "Baltimore CyberTrust Root",
                    "SHA256Fingerprint": "OrvmPa91bFAWtrhfUgFf2Oisvid8UIexJ6YFY6hB7Yo",
                    "DNSNames": null
                  }
                ],
                "Cipher": {
                  "Version": "TLS 1.3",
                  "CipherSuite": "TLS_AES_128_GCM_SHA256"
                },
                "Checks": {
                  "AllChecksOK": true,
                  "MatchingServerName": true,
                  "FutureValidUntilTS": true,
                  "HasEd25519Key": true,
                  "AllEd25519ChecksOK": true,
                  "Ed25519Checks": {
                    "ed25519:a_RXGa": {
                      "ValidEd25519": true,
                      "MatchingSignature": true
                    }
                  },
                  "ValidCertificates": true
                },
                "Errors": [],
                "Ed25519VerifyKeys": {
                  "ed25519:a_RXGa": "l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ"
                },
                "Info": {},
                "Keys": {
                  "old_verify_keys": {
                    "ed25519:auto": {
                      "expired_ts": 1576767829750,
                      "key": "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
                    }
                  },
                  "server_name": "matrix.org",
                  "signatures": {
                    "matrix.org": {
                      "ed25519:a_RXGa": "+/oYcZdYctgxcZCCrP4wx5S3rc1+2pbdpv3sJkKBpqn/uhJd+7+NPd9hUb3HBw+CVjjGugNSznM3RUgri4kQAQ"
                    }
                  },
                  "valid_until_ts": 1672751664505,
                  "verify_keys": {
                    "ed25519:a_RXGa": {
                      "key": "l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ"
                    }
                  }
                }
              },
              "[2606:4700:10::6814:c925]:443": {
                "Certificates": [
                  {
                    "SubjectCommonName": "sni.cloudflaressl.com",
                    "IssuerCommonName": "Cloudflare Inc ECC CA-3",
                    "SHA256Fingerprint": "kBX1oyhKwmIT6Tm+cwaR+UvttEmkpHypQcUTPHWrJqU",
                    "DNSNames": [
                      "matrix.org",
                      "*.matrix.org",
                      "sni.cloudflaressl.com"
                    ]
                  },
                  {
                    "SubjectCommonName": "Cloudflare Inc ECC CA-3",
                    "IssuerCommonName": "Baltimore CyberTrust Root",
                    "SHA256Fingerprint": "OrvmPa91bFAWtrhfUgFf2Oisvid8UIexJ6YFY6hB7Yo",
                    "DNSNames": null
                  }
                ],
                "Cipher": {
                  "Version": "TLS 1.3",
                  "CipherSuite": "TLS_AES_128_GCM_SHA256"
                },
                "Checks": {
                  "AllChecksOK": true,
                  "MatchingServerName": true,
                  "FutureValidUntilTS": true,
                  "HasEd25519Key": true,
                  "AllEd25519ChecksOK": true,
                  "Ed25519Checks": {
                    "ed25519:a_RXGa": {
                      "ValidEd25519": true,
                      "MatchingSignature": true
                    }
                  },
                  "ValidCertificates": true
                },
                "Errors": [],
                "Ed25519VerifyKeys": {
                  "ed25519:a_RXGa": "l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ"
                },
                "Info": {},
                "Keys": {
                  "old_verify_keys": {
                    "ed25519:auto": {
                      "expired_ts": 1576767829750,
                      "key": "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
                    }
                  },
                  "server_name": "matrix.org",
                  "signatures": {
                    "matrix.org": {
                      "ed25519:a_RXGa": "+/oYcZdYctgxcZCCrP4wx5S3rc1+2pbdpv3sJkKBpqn/uhJd+7+NPd9hUb3HBw+CVjjGugNSznM3RUgri4kQAQ"
                    }
                  },
                  "valid_until_ts": 1672751664505,
                  "verify_keys": {
                    "ed25519:a_RXGa": {
                      "key": "l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ"
                    }
                  }
                }
              },
              "[2606:4700:10::ac43:135a]:443": {
                "Certificates": [
                  {
                    "SubjectCommonName": "sni.cloudflaressl.com",
                    "IssuerCommonName": "Cloudflare Inc ECC CA-3",
                    "SHA256Fingerprint": "kBX1oyhKwmIT6Tm+cwaR+UvttEmkpHypQcUTPHWrJqU",
                    "DNSNames": [
                      "matrix.org",
                      "*.matrix.org",
                      "sni.cloudflaressl.com"
                    ]
                  },
                  {
                    "SubjectCommonName": "Cloudflare Inc ECC CA-3",
                    "IssuerCommonName": "Baltimore CyberTrust Root",
                    "SHA256Fingerprint": "OrvmPa91bFAWtrhfUgFf2Oisvid8UIexJ6YFY6hB7Yo",
                    "DNSNames": null
                  }
                ],
                "Cipher": {
                  "Version": "TLS 1.3",
                  "CipherSuite": "TLS_AES_128_GCM_SHA256"
                },
                "Checks": {
                  "AllChecksOK": true,
                  "MatchingServerName": true,
                  "FutureValidUntilTS": true,
                  "HasEd25519Key": true,
                  "AllEd25519ChecksOK": true,
                  "Ed25519Checks": {
                    "ed25519:a_RXGa": {
                      "ValidEd25519": true,
                      "MatchingSignature": true
                    }
                  },
                  "ValidCertificates": true
                },
                "Errors": [],
                "Ed25519VerifyKeys": {
                  "ed25519:a_RXGa": "l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ"
                },
                "Info": {},
                "Keys": {
                  "old_verify_keys": {
                    "ed25519:auto": {
                      "expired_ts": 1576767829750,
                      "key": "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
                    }
                  },
                  "server_name": "matrix.org",
                  "signatures": {
                    "matrix.org": {
                      "ed25519:a_RXGa": "+/oYcZdYctgxcZCCrP4wx5S3rc1+2pbdpv3sJkKBpqn/uhJd+7+NPd9hUb3HBw+CVjjGugNSznM3RUgri4kQAQ"
                    }
                  },
                  "valid_until_ts": 1672751664505,
                  "verify_keys": {
                    "ed25519:a_RXGa": {
                      "key": "l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ"
                    }
                  }
                }
              }
            },
            "ConnectionErrors": {},
            "Version": {
              "name": "Synapse",
              "version": "1.74.0 (b=matrix-org-hotfixes,5a1b56b9b0)"
            },
            "FederationOK": true
          }
          

          I use Cloudron with Gandi & Hetzner

          1 Reply Last reply Reply Quote 0
          • jdaviescoates
            jdaviescoates last edited by

            Seems for some reason on Cloudron it's not picking up the well known and port. Odd

            I use Cloudron with Gandi & Hetzner

            1 Reply Last reply Reply Quote 0
            • murgero
              murgero App Dev @Supaiku last edited by murgero

              @Supaiku You have to use the matrix federated domain NOT the app domain (unless these are both the same, by default on cloudron they are NOT)

              Example, my matrix server is matrix.urgero.org with urgero.org being the user's domain for federation.

              Testing matrix.urgero.org actually fails with that tool - but urgero.org does not.

              Hope this helps.

              Edit: @jdaviescoates

              --
              https://urgero.org
              ~ Professional Nerd. Freelance Programmer. ~
              Matrix: @murgero:urgero.org

              Supaiku 1 Reply Last reply Reply Quote 1
              • murgero
                murgero App Dev @jdaviescoates last edited by

                @jdaviescoates said in Matrix Federation not working - curl works but Federation Tester doesn't:

                uniteddiversity.coop

                103849e3-f86a-4251-ac43-f338e73c75ca-image.png

                --
                https://urgero.org
                ~ Professional Nerd. Freelance Programmer. ~
                Matrix: @murgero:urgero.org

                jdaviescoates 1 Reply Last reply Reply Quote 2
                • jdaviescoates
                  jdaviescoates @murgero last edited by jdaviescoates

                  @murgero thanks! 🙂

                  So looks like everything is actually working fine 😃👍

                  I use Cloudron with Gandi & Hetzner

                  murgero 1 Reply Last reply Reply Quote 1
                  • murgero
                    murgero App Dev @jdaviescoates last edited by

                    @jdaviescoates The tool says your matrix install is working perfectly lol

                    --
                    https://urgero.org
                    ~ Professional Nerd. Freelance Programmer. ~
                    Matrix: @murgero:urgero.org

                    jdaviescoates 1 Reply Last reply Reply Quote 1
                    • jdaviescoates
                      jdaviescoates @murgero last edited by

                      @murgero yep! presumably the same for OP @Supaiku domain too?

                      I use Cloudron with Gandi & Hetzner

                      murgero 1 Reply Last reply Reply Quote 0
                      • murgero
                        murgero App Dev @jdaviescoates last edited by

                        @jdaviescoates I'd imagine it would be so.

                        --
                        https://urgero.org
                        ~ Professional Nerd. Freelance Programmer. ~
                        Matrix: @murgero:urgero.org

                        1 Reply Last reply Reply Quote 1
                        • Supaiku
                          Supaiku @murgero last edited by

                          @murgero ah yes... this does seem to be the trick.

                          I just found the line in the docs that says:

                          Step 3. Federation
                          
                          Federation setup is automatic. Use the Federation Tester to verify that everything is setup properly. Note you must enter the server_name (like example.com) in the form field in the website and NOT the location of your home server (despite what the form says).
                          
                          1 Reply Last reply Reply Quote 2
                          • Topic has been marked as a question  nebulon nebulon 
                          • Topic has been marked as solved  nebulon nebulon 
                          • First post
                            Last post
                          Powered by NodeBB