Score:0

Matrix Synapse admin UI behind NGINX reverse proxy

ru flag

I set up a Matrix Synapse server and everything is working fine so far.

My only problem is accessing the admin UI which I got from github Awesome-Technologies / synapse-admin

I symlinked the index.html into nginx webroot at /var/www/html and wrote another server block in my config as well as customised the config on my reverse proxy on a separate server. I already tried with different ports and location directives but somehow nothing seems to work. Concerning documentation or working examples, information on this project are quite scarce. Am I missing something?

Matrix server conf

server {
    listen 8080;
    server_name matrix.example.tld www.matrix.example.tld;
    location /_matrix {
        proxy_pass http://localhost:8008;
        proxy_set_header X-Forwarded-For $remote_addr;
        client_max_body_size 50M;
    }
}

#Matrix Federation
server {
    listen 8448;
    server_name matrix.example.tld www.matrix.example.tld;

    location / {
        proxy_pass http://localhost:8008;
        proxy_set_header X-Forwarded-For $remote_addr;
    }
}

server {
    listen 80;
    root /var/www/html;
    index index.html index.htm

    server_name _;

    location / {
        try_files $uri $uri/ =404;
    }
}

Reverse Proxy conf

##Matrix
server {
    listen 80;
    server_name matrix.example.tld www. matrix.example.tld;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name matrix.example.tld www. matrix.example.tld;

    location /_matrix {
        proxy_pass http://SRV_IP:8080;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        client_max_body_size 50M;
    }

    location /_synapse/admin {
        proxy_pass http://SRV_IP;
        proxy_set_header X-Forwarded-For $remote_addr;
    }

    # Federation Port
    listen  8448 ssl;

    location / {
        proxy_pass http://SRV_IP:8448;
        proxy_set_header X-Forwarded-For $remote_addr;
    }

    ssl_certificate /etc/letsencrypt/live/matrix.example.tld/>
    ssl_certificate_key /etc/letsencrypt/live/matrix.example.tld >
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;


}
us flag
Please add information, which request you tried, what was the expected result and what was the actual result.
ru flag
I tried to request /_synapse/admin and got a 404 error. Expected result would be the index.html of above mentioned github project
Score:0
us flag

This is what happens when you request https://matrix.example.tld/_synapse/admin.

The request hits first location /_synapse/admin block in the reverse proxy virtual host configuration.

The reverse proxy nginx makes a request to http://SRV_IP/_synapse/admin. The default mode for proxy_pass is to append the URI after the domain name / IP when no URI is specified in proxy_pass.

This request hits the main nginx configuration, where it ends up being processed by the last virtual host configuration. There nginx uses the request URI to locate the files for the request.

The root is /var/www/html and the URI is /_synapse/admin. So, nginx tries to serve /var/www/html/_synapse/admin as response to the request. Since there is no such directory, nginx sends 404 response.

If you want https://matrix.example.tld/_synapse/admin to serve files in /var/www/html, you need to change the reverse proxy configuration as follows:

location /_synapse/admin {
    proxy_pass http://SRV_IP/;
    proxy_set_header X-Forwarded-For $remote_addr;
}

This tells nginx to replace the URI in the location part with /.

ru flag
Great answer! I went through the documentation of nginx but it wasn’t quite clear to me how all of that forwarding worked. Thanks again
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.