Caddy/Matrix is no longer working -- it worked fine previously but I'm not sure what changed!

1. Output of caddy version:

v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=

2. How I run Caddy:

Docker-compose

a. System environment:

Docker

b. Command:

docker-compose up -d

Paste command here.

c. Service/unit/compose file:

Paste full file contents here.
Make sure backticks stay on their own lines,
and the post looks nice in the preview pane. →

version: "2.1"
services:
        caddy:
                container_name: caddy
                image: caddy:latest
                restart: unless-stopped
                ports:
                        - "80:80"
                        - "443:443"
                volumes:
                        - /docker/caddy/Caddyfile:/etc/caddy/Caddyfile
                        - /docker/caddy/data:/data
                        - /docker/caddy/srv:/srv
                        - /docker/caddy/config:/config
                networks:
                        - t2_proxy
networks:
  t2_proxy:
    external: true

d. My complete Caddy config:

{
        # Global options block. Entirely optional, https is on by default
        # Optional email key for lets encrypt
        email lookatme33@protonmail.com
        # Optional staging lets encrypt for testing. Comment out for production.
        #     acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
}
matrix.naff.casa {
#       enable logging
        log

        # .well-known is delegated from example.co.uk and served here
        header /.well-known/matrix/server {
                Content-Type application/json
        }
        respond /.well-known/matrix/server 200 {
                body "{ \"m.server\": \"matrix.naff.casa:443\" }"
                close
        }
#       .well-known delegate for client
        header /.well-known/matrix/client {
                Content-Type application/json
        }
        respond /.well-known/matrix/client 200 {
                body "{\"m.homeserver\": {\"base_url\": \"https://matrix.naff.casa\"}}"
                close
        }

        reverse_proxy /_matrix/* http://192.168.1.37:8008
        reverse_proxy /_synapse/client/* http://192.168.1.37:8008
}

matrix.naff.casa {
        reverse_proxy 192.168.1.37:8008
}
element.naff.casa {
        reverse_proxy 192.168.1.37:8089
}


Paste your config here, replacing this text.
Use `caddy fmt` to make it readable.
DO NOT REDACT anything except credentials.
LEAVE DOMAIN NAMES INTACT.
Make sure the backticks stay on their own lines.

3. The problem I’m having:

Caddy worked great with Matrix previously and I’m not sure if there’s been an upgrade to Caddy or an upgrade to Matrix becuase my instance no longer works and isn’t federated (fails federation checker).

4. Error messages and/or full log output:

Paste logs/commands/output here.
USE THE PREVIEW PANE TO MAKE SURE IT LOOKS NICELY FORMATTED.

5. What I already tried:

I tried re-creating my instance with an new post-gres database – thought that was the issue but it still won’t federate.

6. Links to relevant resources:

The matrix federation server2server API runs on :8448 by default.
When some other homeserver tries to connect to you, it will do the following:

  1. Check SRV records (might get deprecated)
  2. Check /.well-known/matrix/server for something like { "m.server": "federation-endpoint.example.com:443" }
  3. Connect either directly to the homeserver on :8448 or the delegated endpoint from either SRV or .well-known

So far, so good.
The federation tester https://federationtester.matrix.org/#matrix.naff.casa provides you with more than just “failed”.

Connection Errors

Get “https://98.167.142.137:8448/_matrix/key/v2/server”: context deadline exceeded (Client.Timeout exceeded while awaiting headers)

See the :8448 again?
So your delegation doesn’t seem to work.

Let’s check the .well-known ourselves:

❯ curl https://matrix.naff.casa/.well-known/matrix/server -i
HTTP/2 404 
alt-svc: h3=":443"; ma=2592000
content-type: text/plain
date: Fri, 02 Dec 2022 12:40:22 GMT
server: Caddy
server: Synapse/1.72.0
content-length: 42

404. Is anything ever truly *well* known?

Huh, that isn’t the response you configured in :thinking:

Neither the header nor the respond works.
That’s odd.
And it reverse_proxyies instead?

*/me checks Caddyfile again o_O*

Your matrix.naff.casa is defined twice :bulb:

That explains the absence of the Content-Type application/json/respond and the presence of server: Synapse/1.72.0

However, that isn’t valid Caddyfile syntax.
So I would bet the Caddyfile you shared isn’t the one your Caddy actually uses right now. Instead, Caddy might be using some earlier version without the respond/header directives.
Check your logs, and you should see something along the lines of

Error: adapting config using caddyfile: ambiguous site definition: matrix.naff.casa


Also, I would highly recommend enclosing your jsons in ` so you don’t have to use \" everywhere.
And while you are at it, consider grouping the header and respond using handle or handle_path.
Please see Nginx return directive in caddy -- return json - #3 by IndeedNotJames for an example and what I mean by that.


I hope that you kept your synapse’s signing key and didn’t nuke your postgres database tables.
See synapse admin FAQ - I have a problem with my server. Can I just delete my database and start again?

4 Likes

Dude, you nailed it. Thanks for that answer!

2 Likes

Matt – you’re the best.

I am trying to follow your directions the best I can here, and I removed the matrix.naff.casa reverse_proxy entry since I had two.

Here’s what I have currently and it’s not working: might need you to spell it out directly for me on this one brother.

}
matrix.naff.casa {
#       enable logging
        log

#       # .well-known is delegated from example.co.uk and served here
        header /.well-known/matrix/server {
                Content-Type application/json
        }
        respond /.well-known/matrix/server 200 {
                body "{ \"m.server\": \"matrix.naff.casa:443\" }"
                close
        }
        .well-known delegate for client
        header /.well-known/matrix/client {
        Content-Type application/json
        }
        respond /.well-known/matrix/client 200 {
                body "{\"m.homeserver\": {\"base_url\": \"https://matrix.naff.casa\"}}"
                close
        }

        reverse_proxy /_matrix/* http://192.168.1.37:8008
        reverse_proxy /_synapse/client/* http://192.168.1.37:8008

}
element.naff.casa {
        reverse_proxy 192.168.1.37:8089
}

Caddyfile:

matrix.naff.casa {
	handle_path /.well-known/matrix/* {
		header Access-Control-Allow-Origin *
		header Content-Type application/json

		respond /client `{ "m.homeserver": { "base_url": "https://matrix.naff.casa" } }`

		respond /server `{ "m.server": "matrix.naff.casa:443" }`

		## return http/404 if nothing matches 
		respond 404
	}

	reverse_proxy 192.168.1.37:8008
}

I added this into my Caddyfile and it no longer is broken BUT https://matrix.naff.casa doesn’t work.

My matrix instance works if I connect to it via my internal IP so I’m not sure if this is now a matrix issue or a caddy?

I did have this all working at some point previously before I goofed the Caddyfile, so I think it may be a Caddy issue =O

also, it fails the federation tester:
https://federationtester.matrix.org/#matrix.naff.casa

Your synapse server uses naff.casa not matrix.naff.casa for its server name.
Your matrix users look like @user:naff.casa not @user:matrix.naff.casa.
An extremely important detail which you did not share.

So knowing that, your delegation is at the wrong place.
Your Caddyfile should look like the following:

naff.casa {
	handle_path /.well-known/matrix/* {
		header Access-Control-Allow-Origin *
		header Content-Type application/json

		respond /client `{ "m.homeserver": { "base_url": "https://matrix.naff.casa" } }`

		respond /server `{ "m.server": "matrix.naff.casa:443" }`

		## return http/404 if nothing matches 
		respond 404
	}
}

matrix.naff.casa {
	reverse_proxy 192.168.1.37:8008
}

With that Caddyfile, you can check https://federationtester.matrix.org/#naff.casa and you can use naff.casa instead of matrix.naff.casa when entering your homeserver url in Element.

1 Like

I’m confused, per usual.

I’d like to have matrix.naff.casa be my link to access my matrix instance, not naff.casa (I have plans to use this as a blog in the future via ghost).

Hey @IndeedNotJames,

Previously, I had a working matrix instance that used a very similar looking Caddyfile to what you just posted BUT you accessed the instance by going to https://matrix.naff.casa NOT naff.casa.

I’d really like to keep it that way, and not change and point it to naff.casa – how do I do that?

You can use both matrix.naff.casa and naff.casa in Element and almost all other matrix clients.
And you can also still host things on naff.casa.

But you need that delegation on naff.casa/.well-known/matrix/server.
Think of it as a redirect, specific to the matrix protocol.

Your Element client will automatically follow and parse that “redirect” at naff.casa/.well-known/matrix/client, which points to matrix.naff.casa, which it will then continue to use.

You can also manually skip that “redirect” and manually enter its destination (matrix.naff.casa) in your Element client when logging in.
That’s up to you, but you have to keep at least the naff.casa/.well-known/matrix/server delegation, so other servers can figure out where to find you.

Please see Delegation - Synapse (permalink) and Installation - Synapse (permalink)

2 Likes

Hello again @IndeedNotJames

thanks again for all of your help and for being so detailed in all of your explanations.

Is this a working config for you?

I get an SSL protocol error.

I can repost my config and caddyfile for you if you would like ot see it.

Where?
Can you share the output of curl --verbose of whatever problem you are facing?

https://federationtester.matrix.org/#naff.casa reports no issues.

1 Like

please just visit https://matrix.naff.casa

it doesn’t load/connect.

https://matrix.naff.casa itself works fine.
It just redirects you to https://element.naff.casa/ which prompts you with a connection reset.

You most likely set configured synapse to do that via web_client_location in the homeserver.yaml.
See Configuration Manual - Synapse (permalink)

Your clients and federation work.

2 Likes

It’s bizzare because I can connect to matrix on my internal lan using: http://192.168.1.37:8089 but I matrix.naff.casa and element.naff.casa don’t do anything for me.

I haven’t touched my homeserver.yaml since I had it all working (before I somehow nuked my Caddyfile and caused this entire mess).

NO IDEA WHAT TO DO AT THIS POINT! LOL!!!

Share the output of:

  • curl --verbose --location http://192.168.1.37:8089
  • curl --verbose --location https://naff.casa/.well-known/matrix/client
  • curl --verbose --location https://matrix.naff.casa/_matrix/static
  • curl --verbose --location https://matrix.naff.casa/
    and
  • curl --verbose --location https://element.naff.casa
Last login: Sat Dec  3 11:40:47 2022 from 192.168.1.131
rnaff@linuxbox:~$ sudo curl --verbose --location http://192.168.1.37:8089
[sudo] password for rnaff:
*   Trying 192.168.1.37:8089...
* Connected to 192.168.1.37 (192.168.1.37) port 8089 (#0)
> GET / HTTP/1.1
> Host: 192.168.1.37:8089
> User-Agent: curl/7.81.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx/1.23.2
< Date: Thu, 08 Dec 2022 05:46:31 GMT
< Content-Type: text/html
< Content-Length: 7280
< Last-Modified: Tue, 06 Dec 2022 13:07:38 GMT
< Connection: keep-alive
< ETag: "638f3e9a-1c70"
< Cache-Control: no-cache
< Accept-Ranges: bytes
<
<!doctype html>
<html lang="en" style="height: 100%;">
  <head>
    <meta charset="utf-8">
    <title>Element</title>
    <link rel="apple-touch-icon" sizes="57x57" href="vector-icons/apple-touch-ic                                                                                                                                                 on-57.a40ca75.png">
    <link rel="apple-touch-icon" sizes="60x60" href="vector-icons/apple-touch-ic                                                                                                                                                 on-60.f236450.png">
    <link rel="apple-touch-icon" sizes="72x72" href="vector-icons/apple-touch-ic                                                                                                                                                 on-72.4e3da92.png">
    <link rel="apple-touch-icon" sizes="76x76" href="vector-icons/apple-touch-ic                                                                                                                                                 on-76.43d8809.png">
    <link rel="apple-touch-icon" sizes="114x114" href="vector-icons/apple-touch-                                                                                                                                                 icon-114.ddb87b5.png">
    <link rel="apple-touch-icon" sizes="120x120" href="vector-icons/apple-touch-                                                                                                                                                 icon-120.b5d5cf5.png">
    <link rel="apple-touch-icon" sizes="144x144" href="vector-icons/apple-touch-                                                                                                                                                 icon-144.fb7efa4.png">
    <link rel="apple-touch-icon" sizes="152x152" href="vector-icons/apple-touch-                                                                                                                                                 icon-152.8b25947.png">
    <link rel="apple-touch-icon" sizes="180x180" href="vector-icons/apple-touch-                                                                                                                                                 icon-180.991bfed.png">
    <link rel="manifest" href="manifest.json">
    <meta name="referrer" content="no-referrer">
    <link rel="shortcut icon" href="vector-icons/favicon.878a87c.ico">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <meta name="apple-mobile-web-app-title" content="Element">
    <meta name="application-name" content="Element">
    <meta name="msapplication-TileColor" content="#da532c">
    <meta name="msapplication-TileImage" content="vector-icons/mstile-150.cd7484                                                                                                                                                 9.png">
    <meta name="msapplication-config" content="vector-icons/browserconfig.93cf61                                                                                                                                                 1.xml">
    <meta name="theme-color" content="#ffffff">
    <meta property="og:image" content="https://app.element.io/themes/element/img                                                                                                                                                 /logos/opengraph.png" />
    <meta http-equiv="Content-Security-Policy" content="
        default-src 'none';
        style-src 'self' 'unsafe-inline' ;
        script-src 'self' 'unsafe-eval' https://www.recaptcha.net https://www.gs                                                                                                                                                 tatic.com ;
        img-src * blob: data:;
        connect-src *;
        font-src 'self' data: ;
        media-src * blob: data:;
        child-src * blob: data:;
        worker-src 'self' blob: ;
        frame-src * blob: data:;
        form-action 'self' ;
        manifest-src 'self' ;
    ">

           <link rel="stylesheet" href="bundles/6c3f5a1e58beccd00667/bundle.css"                                                                                                                                                 >

           <link rel="stylesheet" disabled="disabled" data-mx-theme="Legacy-ligh                                                                                                                                                 t" title="Legacy-light" href="bundles/6c3f5a1e58beccd00667/theme-legacy-light.cs                                                                                                                                                 s">

           <link rel="stylesheet" disabled="disabled" data-mx-theme="Legacy-dark                                                                                                                                                 " title="Legacy-dark" href="bundles/6c3f5a1e58beccd00667/theme-legacy-dark.css">

           <link rel="stylesheet" disabled="disabled" data-mx-theme="Light" titl                                                                                                                                                 e="Light" href="bundles/6c3f5a1e58beccd00667/theme-light.css">

           <link rel="stylesheet" disabled="disabled" data-mx-theme="Light-high-                                                                                                                                                 contrast" title="Light-high-contrast" href="bundles/6c3f5a1e58beccd00667/theme-l                                                                                                                                                 ight-high-contrast.css">

           <link rel="stylesheet" disabled="disabled" data-mx-theme="Dark" title                                                                                                                                                 ="Dark" href="bundles/6c3f5a1e58beccd00667/theme-dark.css">

           <link rel="stylesheet" disabled="disabled" data-mx-theme="Light-custo                                                                                                                                                 m" title="Light-custom" href="bundles/6c3f5a1e58beccd00667/theme-light-custom.cs                                                                                                                                                 s">

           <link rel="stylesheet" disabled="disabled" data-mx-theme="Dark-custom                                                                                                                                                 " title="Dark-custom" href="bundles/6c3f5a1e58beccd00667/theme-dark-custom.css">



            <link rel="preload" as="font" href="./fonts/Inter/Inter-BoldItalic.2                                                                                                                                                 129bd0.woff2" crossorigin="anonymous"/>

            <link rel="preload" as="font" href="./fonts/Inter/Inter-Bold.fc28dff                                                                                                                                                 .woff2" crossorigin="anonymous"/>

            <link rel="preload" as="font" href="./fonts/Inter/Inter-SemiBoldItal                                                                                                                                                 ic.10a60d8.woff2" crossorigin="anonymous"/>

            <link rel="preload" as="font" href="./fonts/Inter/Inter-SemiBold.080                                                                                                                                                 2d48.woff2" crossorigin="anonymous"/>

            <link rel="preload" as="font" href="./fonts/Inter/Inter-MediumItalic                                                                                                                                                 .8154ac2.woff2" crossorigin="anonymous"/>

            <link rel="preload" as="font" href="./fonts/Inter/Inter-Medium.027d1                                                                                                                                                 4e.woff2" crossorigin="anonymous"/>

            <link rel="preload" as="font" href="./fonts/Inter/Inter-Italic.b7918                                                                                                                                                 61.woff2" crossorigin="anonymous"/>

            <link rel="preload" as="font" href="./fonts/Inter/Inter-Regular.4232                                                                                                                                                 a67.woff2" crossorigin="anonymous"/>


  </head>
  <body style="height: 100%; margin: 0;">
    <noscript>Sorry, Element requires JavaScript to be enabled.</noscript> <!--                                                                                                                                                  TODO: Translate this? -->
    <section id="matrixchat" style="height: 100%;" class="notranslate"></section                                                                                                                                                 >
    <script src="bundles/6c3f5a1e58beccd00667/bundle.js"></script>

    <!-- Legacy supporting Prefetch images -->
    <img src="img/warning.05cc423.svg" aria-hidden alt="" width="24" height="23"                                                                                                                                                  style="visibility: hidden; position: absolute; top: 0px; left: 0px;"/>
    <img src="img/e2e/warning.bce3bca.svg" aria-hidden alt="" width="24" height=                                                                                                                                                 "23" style="visibility: hidden; position: absolute; top: 0px; left: 0px;"/>
    <img src="img/feather-customised/warning-triangle.d050a38.svg" aria-hidden a                                                                                                                                                 lt="" width="24" height="23" style="visibility: hidden; position: absolute; top:                                                                                                                                                  0px; left: 0px;"/>
    <img src="img/format/bold.38e6779.svg" aria-hidden alt="" width="25" height=                                                                                                                                                 "22" style="visibility: hidden; position: absolute; top: 0px; left: 0px;"/>
    <img src="img/format/code.ea9f385.svg" aria-hidden alt="" width="25" height=                                                                                                                                                 "22" style="visibility: hidden; position: absolute; top: 0px; left: 0px;"/>
    <img src="img/format/italics.4e279d1.svg" aria-hidden alt="" width="25" heig                                                                                                                                                 ht="22" style="visibility: hidden; position: absolute; top: 0px; left: 0px;"/>
    <img src="img/format/quote.5843424.svg" aria-hidden alt="" width="25" height                                                                                                                                                 ="22" style="visibility: hidden; position: absolute; top: 0px; left: 0px;"/>
    <img src="img/format/strikethrough.bac51cb.svg" aria-hidden alt="" width="25                                                                                                                                                 " height="22" style="visibility: hidden; position: absolute; top: 0px; left: 0px                                                                                                                                                 ;"/>

    <audio id="messageAudio">
        <source src="media/message.ogg" type="audio/ogg" />
        <source src="media/message.mp3" type="audio/mpeg" />
    </audio>
    <audio id="ringAudio" loop>
        <source src="media/ring.ogg" type="audio/ogg" />
        <source src="media/ring.mp3" type="audio/mpeg" />
    </audio>
    <audio id="ringbackAudio" loop>
        <source src="media/ringback.ogg" type="audio/ogg" />
        <source src="media/ringback.mp3" type="audio/mpeg" />
    </audio>
    <audio id="callendAudio">
        <source src="media/callend.ogg" type="audio/ogg" />
        <source src="media/callend.mp3" type="audio/mpeg" />
    </audio>
    <audio id="busyAudio">
        <source src="media/busy.ogg" type="audio/ogg" />
        <source src="media/busy.mp3" type="audio/mpeg" />
    </audio>
    <audio id="remoteAudio"></audio>
    <!-- let CSS themes pass constants to the app -->
    <div id="mx_theme_accentColor"></div><div id="mx_theme_secondaryAccentColor"                                                                                                                                                 ></div><div id="mx_theme_tertiaryAccentColor"></div>
  </body>
</html>
* Connection #0 to host 192.168.1.37 left intact
rnaff@linuxbox:~$

* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx/1.23.2
< Date: Thu, 08 Dec 2022 05:46:31 GMT
< Content-Type: text/html
< Content-Length: 7280
< Last-Modified: Tue, 06 Dec 2022 13:07:38 GMT
< Connection: keep-alive
< ETag: "638f3e9a-1c70"
< Cache-Control: no-cache
< Accept-Ranges: bytes
<
<!doctype html>
<html lang="en" style="height: 100%;">
  <head>
    <meta charset="utf-8">
    <title>Element</title>
    <link rel="apple-touch-icon" sizes="57x57" href="vector-icons/apple-touch-ic                                                                                                                                                 on-57.a40ca75.png">
    <link rel="apple-touch-icon" sizes="60x60" href="vector-icons/apple-touch-ic                                                                                                                                                 on-60.f236450.png">
    <link rel="apple-touch-icon" sizes="72x72" href="vector-icons/apple-touch-ic                                                                                                                                                 on-72.4e3da92.png">
    <link rel="apple-touch-icon" sizes="76x76" href="vector-icons/apple-touch-ic                                                                                                                                                 on-76.43d8809.png">
    <link rel="apple-touch-icon" sizes="114x114" href="vector-icons/apple-touch-                                                                                                                                                 icon-114.ddb87b5.png">
    <link rel="apple-touch-icon" sizes="120x120" href="vector-icons/apple-touch-                                                                                                                                                 icon-120.b5d5cf5.png">
    <link rel="apple-touch-icon" sizes="144x144" href="vector-icons/apple-touch-                                                                                                                                                 icon-144.fb7efa4.png">
    <link rel="apple-touch-icon" sizes="152x152" href="vector-icons/apple-touch-                                                                                                                                                 icon-152.8b25947.png">
    <link rel="apple-touch-icon" sizes="180x180" href="vector-icons/apple-touch-                                                                                                                                                 icon-180.991bfed.png">
    <link rel="manifest" href="manifest.json">
    <meta name="referrer" content="no-referrer">
    <link rel="shortcut icon" href="vector-icons/favicon.878a87c.ico">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <meta name="apple-mobile-web-app-title" content="Element">
    <meta name="application-name" content="Element">
    <meta name="msapplication-TileColor" content="#da532c">
    <meta name="msapplication-TileImage" content="vector-icons/mstile-150.cd7484                                                                                                                                                 9.png">
    <meta name="msapplication-config" content="vector-icons/browserconfig.93cf61                                                                                                                                                 1.xml">
    <meta name="theme-color" content="#ffffff">
    <meta property="og:image" content="https://app.element.io/themes/element/img                                                                                                                                                 /logos/opengraph.png" />
    <meta http-equiv="Content-Security-Policy" content="
        default-src 'none';
        style-src 'self' 'unsafe-inline' ;
        script-src 'self' 'unsafe-eval' https://www.recaptcha.net https://www.gs                                                                                                                                                 tatic.com ;
        img-src * blob: data:;
        connect-src *;
        font-src 'self' data: ;
        media-src * blob: data:;
        child-src * blob: data:;
        worker-src 'self' blob: ;
        frame-src * blob: data:;
        form-action 'self' ;
        manifest-src 'self' ;
    ">

           <link rel="stylesheet" href="bundles/6c3f5a1e58beccd00667/bundle.css"                                                                                                                                                 >

           <link rel="stylesheet" disabled="disabled" data-mx-theme="Legacy-ligh                                                                                                                                                 t" title="Legacy-light" href="bundles/6c3f5a1e58beccd00667/theme-legacy-light.cs                                                                                                                                                 s">

           <link rel="stylesheet" disabled="disabled" data-mx-theme="Legacy-dark                                                                                                                                                 " title="Legacy-dark" href="bundles/6c3f5a1e58beccd00667/theme-legacy-dark.css">

           <link rel="stylesheet" disabled="disabled" data-mx-theme="Light" titl                                                                                                                                                 e="Light" href="bundles/6c3f5a1e58beccd00667/theme-light.css">

shit – i should have done these 1 by 1 – I’m not sure this is even helpful to you becuase I"m probably not doing it correctly.

* Issue another request to this URL: 'https://element.naff.casa/'
*   Trying 98.167.142.137:443...
* Connected to element.naff.casa (98.167.142.137) port 443 (#1)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Unknown (21):
* TLSv1.3 (IN), TLS alert, internal error (592):
* error:0A000438:SSL routines::tlsv1 alert internal error
* Closing connection 1
curl: (35) error:0A000438:SSL routines::tlsv1 alert internal error
rnaff@linuxbox:~$ sudo curl --verbose --location https://element.naff.casa
*   Trying 98.167.142.137:443...
* Connected to element.naff.casa (98.167.142.137) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Unknown (21):
* TLSv1.3 (IN), TLS alert, internal error (592):
* error:0A000438:SSL routines::tlsv1 alert internal error
* Closing connection 0
curl: (35) error:0A000438:SSL routines::tlsv1 alert internal error
rnaff@linuxbox:~$ sudo curl --verbose --location https://matrix.naff.casa/
*   Trying 98.167.142.137:443...
* Connected to matrix.naff.casa (98.167.142.137) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=matrix.naff.casa
*  start date: Oct 20 20:12:11 2022 GMT
*  expire date: Jan 18 20:12:10 2023 GMT
*  subjectAltName: host "matrix.naff.casa" matched cert's "matrix.naff.casa"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* Using Stream ID: 1 (easy handle 0x55ecd13be960)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET / HTTP/2
> Host: matrix.naff.casa
> user-agent: curl/7.81.0
> accept: */*
>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 302
< alt-svc: h3=":443"; ma=2592000
< content-type: text/html; charset=utf-8
< date: Thu, 08 Dec 2022 05:52:35 GMT
< location: https://element.naff.casa
< server: Caddy
< server: Synapse/1.73.0
< content-length: 228
<
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Ignoring the response-body
* Connection #0 to host matrix.naff.casa left intact
* Issue another request to this URL: 'https://element.naff.casa/'
*   Trying 98.167.142.137:443...
* Connected to element.naff.casa (98.167.142.137) port 443 (#1)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Unknown (21):
* TLSv1.3 (IN), TLS alert, internal error (592):
* error:0A000438:SSL routines::tlsv1 alert internal error
* Closing connection 1
curl: (35) error:0A000438:SSL routines::tlsv1 alert internal error
rnaff@linuxbox:~$

So, what I conclude from this is, that by

you mean something along the lines of

  • matrix.naff.casa redirects to element.naff.casa (as configured in synapse)
  • element.naff.casa does not serve Element Web, because Caddy isn’t configured to do so
  • http://192.168.1.37:8089 on your LAN is Element Web most likely running the vectorim/element-web docker image, thus Server: nginx/1.23.2
  • Federation works, delegation works, Synapse itself works, Caddy works
1 Like