Ok so I was trying to read up a bit on federation because I was confused why federation was working for my domain without port forwarding but not for you and I believe they are actually both working, albeit it may make sense to have clooudron also set up port forwarding of 8448
for backup.
If you check federation for your base domain, you can see that it actually checks port 443
not 8448
. Federation can work without forwarding port 8448
if the server is configured to use delegation.
While port 8448
is the default for server-to-server federation traffic, an administrator can configure their server to direct this traffic to a different host or port, such as the standard HTTPS port 443
. This is what happens when you set the .well-known
file in the dashboard.
Here is how it works:
- When another server wants to federate with a domain (e.g., malenfant.net), it first checks for a file at
https://malenfant.net/.well-known/matrix/server
- This file contains a JSON object that specifies the actual server and port to connect to for federation
- For a server like
matrix.malenfant.net
to work on port443
, the file would (and does in your case) contain something like this:{ "m.server": "matrix.malenfant.net:443" }
- This instructs all other federating servers to connect to
matrix.malenfant.net
on port443
, completely bypassing the need for port8448
.
I assume your base domain for user names is malenfant.net
not matrix.malenfant.net
? So @didier:malenfant.net
instead of @didier:matrix.malenfant.net
.
So maybe you thought you need to enable federation for matrix.malenfant.net:8448
which is not what would happen, since other servers would check federation for malenfant.net
not matrix.malenfant.net