Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

nginx reverse proxy doc example does not work with API requests #12064

Closed
DexterHaslem opened this issue Feb 23, 2022 · 1 comment
Closed

nginx reverse proxy doc example does not work with API requests #12064

DexterHaslem opened this issue Feb 23, 2022 · 1 comment

Comments

@DexterHaslem
Copy link

Description

The nginx reverse proxy server block in synapse/docs/reverse_proxy.md does not work with API requests

Steps to reproduce

  • follow installation guide, and use the reverse proxy from the doc above
  • curl https://<setup domain>/_synapse/admin/v1/rooms
  • it will 404 as its trying to find that path in www dir instead of going to api and giving missing access token error

I verified this in the nginx error log:

2022/02/22 23:27:58 [error] 200889#200889: *16 open() "/var/www/XX/_synapse/admin/v1/rooms" failed (2: No such file or directory), client: XX, server: XX, request: "GET /_synapse/admin/v1/rooms HTTP/1.1", host: "XX"

The fix is to change the location block from this:

  location ~ ^(/_matrix|/_synapse/client) {
        # note: do not add a path (even a single /) after the port in `proxy_pass`,
        # otherwise nginx will canonicalise the URI and cause signature verification
        # errors.
        proxy_pass http://localhost:8008;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $host;

        # Nginx by default only allows file uploads up to 1M in size
        # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
        client_max_body_size 50M;
    }

to eg:

location / {
        proxy_pass http://localhost:8008;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $host;
    }

  location ~* ^(\/_matrix|\/_synapse\/client)  {
        # note: do not add a path (even a single /) after the port in `proxy_pass`,
        # otherwise nginx will canonicalise the URI and cause signature verification
        # errors.
        proxy_pass http://localhost:8008;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $host;

        # Nginx by default only allows file uploads up to 1M in size
        # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
        client_max_body_size 50M;
    }

This will cause API requests to hit matrix server. There is probably a better regex for the locations, but this illustrates the point.
Unfortunately i do not know how to do the equivalent (or even if the problem exists) for the other reverse proxies caddy, apache, etc.
@DexterHaslem
Copy link
Author

well after reviewing the history of #9579 not exposing admin api by default appears to be intentional

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@DexterHaslem