I'm trying to setup and run Synapse on my Raspberry Pi. So far, I installed it as Python library and setup Postgres for it, and locally it seems to run correctly. But I got some problems on reverse proxy setup (nginx).
Here is my homeserver.yaml contents:
server_name: "synapse.mydomain.com"
pid_file: /home/pi/repos/synapse/homeserver.pid
listeners:
- port: 8008
tls: false
type: http
x_forwarded: true
bind_addresses: \['::1', '127.0.0.1'\]
resources:
- names: \[client, federation\]
compress: false
...
When I do curl http:localhost:8008/health I get OK.
My Raspberry is connected to OpenVPN, it's internal IP inside the VPN is 10.8.0.3. My OpenVPN server (EC2) is also responsible for nginx. Here is how I configured synapse subdomain there (inspired by this example from Synapse docs):
server {
server_name synapse.mydomain.com;
location ~ ^(/_matrix|/_synapse/client) {
proxy_pass http://10.8.0.3:8008;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 50M;
proxy_http_version 1.1;
}
listen 443 ssl; # managed by Certbot
listen [::]:443 ssl;
# For the federation port
listen 8448 ssl default_server;
listen [::]:8448 ssl default_server;
ssl_certificate /etc/letsencrypt/live/synapse.mydomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/synapse.mydomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = synapse.mydomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name synapse.mydomain.com;
listen 80;
return 404; # managed by Certbot
}
Now when I do curl https://synapse.mydomain.com/health I get nginx 404, and for https://synapse.malyshchyk.com/ I get nginx welcome message. Why is that? Shouldn't I see OK for healthcheck endpoint like on localhost?
Using the following location block:
location ~ ^(/_matrix|/_synapse/client) {
...
}
You are explicitly specifying that only requests starting with the /_matrix or /_synapse/client URI prefixes should be proxied. All other requests are processed using the default nginx static content handler, with the <prefix>/html directory as the root web server directory, unless another directory is explicitly specified using the root (or alias) directives. The <prefix> here refers to a precompiled value (commonly /etc/nginx or /usr/share/nginx), which can be determined running the nginx -V command. This is why you receive the nginx default welcome page when accessing the root (/) and a 404 Not Found error for the /health request (since there is no file named health in your web server's root directory).
You can include the /health URI prefix in the list of paths to be proxied to your Raspberry Pi Synapse instance, as shown below:
location ~ ^/(_matrix|_synapse/client|health) {
...
}