marcel/zoraxy
1
0
Fork 0
mirror of https://github.com/tobychui/zoraxy.git synced 2025-06-01 13:17:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

Updated Troubleshooting Workarounds (markdown)

Marcel 2024-04-26 15:21:27 +02:00
parent e801f0c0f4
commit 3134fa77ee
1 changed files with 90 additions and 223 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

313
Troubleshooting----Workarounds.md

@ -1,3 +1,92 @@
# Synapse (Matrix) nginx delegation example for Zoraxy
```
server {
listen 8200;
listen [::]:8200;
server_name MATRIX.YOUR.DOMAIN;
location /.well-known/matrix/server {
add_header Access-Control-Allow-Origin '*';
return 200 '{ "m.server": "MATRIX.YOUR.DOMAIN:443" }';
}
location /.well-known/matrix/client {
# If your sever_name here doesn't match your matrix homeserver URL
# (e.g. hostname.com as server_name and matrix.hostname.com as homeserver URL)
add_header Access-Control-Allow-Origin '*';
return 200 '{ "m.homeserver": { "base_url": "https://MATRIX.YOUR.DOMAIN" } }';
}
location /_matrix {
proxy_pass http://172.40.0.50:8008;
}
}
```
# Fixing Wordpress "Mixed content" or "CSP header" errors
Apache needs to be informed, that HTTPS is already server by another proxy, Zoraxy in our case.
Now your site can look like this:
![wp1](https://github.com/tobychui/zoraxy/assets/110860055/09900779-0845-4c00-8fe7-5451f7775176)
Adminpanel
We need to edit the wp-config.php file as root user.
Switch to root user:
`sudo su`
The file is located at the Wordpress-webroot (/var/www/html/wordpress).
`cd /var/www/html/wordpress`
Sidenote:
If you use Wordpress in Docker and you used the standard docker-compose example the file should located at /var/lib/docker/volumes/wordpress_wordpress/_data/wp-config.php
Open the wp-config.php with editor as root
`nano wp-config.php`
Put in these lines after the "<?php" part of the file
`if ( (!empty( $_SERVER['HTTP_X_FORWARDED_HOST'])) || (!empty( $_SERVER['HTTP_X_FORWARDED_FOR'])) ) { $_SERVER['HTTPS'] = 'on'; }`
![addedlines](https://github.com/tobychui/zoraxy/assets/110860055/b38051de-a61a-4d29-aa7e-78c1c47b8652)
Save the file with **CTRL + O** and leave nano with **CTRL + X**
Now we need to edit the vHost for apache:
`nano /etc/apache2/sites-available/wordpress.conf`
Add this under `ServerName`
```
Protocols h2 h2c http/1.1
RemoteIPHeader X-Forwarded-For
SetEnvIf X-Forwarded-Proto "^https$" HTTPS=on
```
Save the file with **CTRL + O** and leave nano with **CTRL + X**
Restart apache with `sudo systemctl restart apache2` and reload your page!
![finished](https://github.com/tobychui/zoraxy/assets/110860055/8d433ac8-a5ff-4638-a105-e59f4b2151a1)
Adminpanel
You can now leave the root shell with
`exit`
Tested with Wordpress and Apache on a hostinstallation and Wordpress in Docker (wordpress:latest) with existing sites.
# Install Go on your host (Debian 11 / Ubuntu 22.04)
Installing Go is required to build Zoraxy. The packages in the Ubuntu and Debian repositories provide an outdated version (v1.18 for Ubuntu 22.04 and v1.15 for Debian Bullseye), but Zoraxy needs v1.20.
@ -30,226 +119,4 @@ On Debian we need a few more steps, but it is not this hard:
![go](https://github.com/tobychui/zoraxy/assets/110860055/88a35607-8c98-438d-b75f-e08018ab913a)
Successfully installed Go
# Synapse (Matrix) in Docker with federation support for Zoraxy
I assume Matrix is already running in docker with docker compose and you want to switch over to Zoraxy installed on your hostsystem. We will use a little workaround and use NGINX on the hostsystem.
Stop the container with `docker compose down`
Your docker-compose.yml looks something like this:
```
`version: '3'
`services:`
`synapse:`
`image: matrixdotorg/synapse:latest`
`restart: unless-stopped`
`ports:`
`- "8008:8008"`
`environment:`
`- TZ=Europe/Berlin`
`volumes:`
`- ./files:/data`
`healthcheck:`
`test: ["CMD", "curl", "-fSs", "http://localhost:8008/health"]`
`interval: 15s`
`timeout: 5s`
`retries: 3`
`start_period: 5s`
`db:`
`image: postgres:15-alpine`
`container_name: matrix-db`
`restart: unless-stopped`
`volumes:`
`- ./schemas:/var/lib/postgresql/data`
`environment:`
`- POSTGRES_DB=synapse`
`- POSTGRES_USER=synapse`
`- POSTGRES_PASSWORD=changeme`
`- POSTGRES_INITDB_ARGS= --encoding='UTF8' --lc-collate='C' --lc-ctype='C'
```
We will now create a new docker network and set a static IP to the synapse container. This is needed, since we can not use docker hostnames, because Zoraxy is outside the container.
If you just use the current IP from the container Synapse will be offline, if you do `docker compose down` and `docker compose up -d` again.
First let us create the network with:
`docker network create --subnet=172.40.0.0/16 staticnet`
If it is successfull it will give you a long output like "2cabe0428cb514e3e3d8e49d358df0930f519b8a80a39886dd8c8cae4fd6cfa1", if it fails with "Error response from daemon: Pool overlaps with other one on this address space", then increase the number 40 to 41, 42 etc.. in the subnet parameter. Now we have a new network named "staticnet".
Next step is to integrate this network in the docker-compose.
`nano docker-compose.yml`
Paste the following lines into your file and comment out the ports of synapse (they are not needed anymore):
```
###This needs to be integrated in the synapse container###
networks:
staticnet:
ipv4_address: 172.40.0.2
###Those lines at the END of your file###
networks:
staticnet:
external: true
```
Your file should now look similar to this:
```
version: '3'
services:
synapse:
image: matrixdotorg/synapse:latest
restart: unless-stopped
# ports:
# - "8008:8008"
networks:
staticnet:
ipv4_address: 172.40.0.2
environment:
- TZ=Europe/Berlin
volumes:
- ./files:/data
healthcheck:
test: ["CMD", "curl", "-fSs", "http://localhost:8008/health"]
interval: 15s
timeout: 5s
retries: 3
start_period: 5s
db:
image: postgres:15-alpine
restart: unless-stopped
volumes:
- ./schemas:/var/lib/postgresql/data
environment:
- POSTGRES_DB=synapse
- POSTGRES_USER=synapse
- POSTGRES_PASSWORD=changeme
- POSTGRES_INITDB_ARGS= --encoding='UTF8' --lc-collate='C' --lc-ctype='C'
networks:
staticnet:
external: true
```
Save with CTRL + O and close with CTRL + X
We have now successfully set a static IP to Synapse. This works for other conatiners too. You only need to increase the last number 172.40.0.2 to 172.40.0.3, 172.40.0.4 and so on...
Next step is to install nginx on the host system and stop it afterwards so it won´t interfere with other services.
`sudo apt install nginx && sudo systemctl stop nginx`
Create a vHost for Synapse now:
`sudo nano /etc/nginx/sites-available/matrix`
Paste these lines inside the new file and ONLY modify MATRIX.YOUR.DOMAIN to your actual domain. It is needed 3 times. Keep the portnumber at the last one (:443)!
```
server {
listen 8200;
listen [::]:8200;
server_name MATRIX.YOUR.DOMAIN;
location ~ ^(/_matrix|/_synapse/client) {
# note: do not add a path (even a single /) after the port in `proxy_pass`,
# otherwise nginx will canonicalise the URI and cause signature verification
# errors.
proxy_pass http://172.40.0.2:8008;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
}
location /.well-known/matrix/client {
return 200 '{\"m.homeserver\": {\"base_url\": \"https://MATRIX.YOUR.DOMAIN\"}}';
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
client_max_body_size 50M;
}
location /.well-known/matrix/server {
return 200 '{\"m.server\": \"MATRIX.YOUR.DOMAIN:443\"}';
}
# Synapse responses may be chunked, which is an HTTP/1.1 feature.
proxy_http_version 1.1;
}
```
Save with CTRL + O and close with CTRL + X
Now activate the vHost and start Nginx again:
`sudo ln -s /etc/nginx/sites-available/matrix /etc/nginx/sites-enabled/matrix && sudo systemctl start nginx`
Now Nginx listens for Synapse on port 8200. It proxies the traffic inside the container (that´s why we needed the static IP) to port 8008 INSIDE the container. You don´t need portmappings with the static IP, this is why we commented it out.
In Zoraxy you can set your Matrix (sub)domain to localhost:8200
You do not need to open the port 8200 in your firewall!
I wanted originally to integrate nginx to the docker-compose.yml but it did not work as I expected, so it is better to have nginx on the hostsystem.
# Fixing Wordpress "Mixed content" or "CSP header" errors
You already have a running Wordpress site with HTTPS and now it looks messed up since you switched to Zoraxy?
Now your site can look like this:
![wp1](https://github.com/tobychui/zoraxy/assets/110860055/09900779-0845-4c00-8fe7-5451f7775176)
Adminpanel
We need to edit the wp-config.php file as root user.
Switch to root user:
`sudo su`
The file is located at the Wordpresswebroot (/var/www/html/wordpress).
`cd /var/www/html/wordpress`
Sidenote:
If you use Wordpress in Docker and you used the standard docker-compose example the file should located at /var/lib/docker/volumes/wordpress_wordpress/_data/wp-config.php
Open the wp-config.php with nano editor
`nano wp-config.php`
Put in these lines after the "<?php" part of the file
`if ( (!empty( $_SERVER['HTTP_X_FORWARDED_HOST'])) || (!empty( $_SERVER['HTTP_X_FORWARDED_FOR'])) ) { $_SERVER['HTTPS'] = 'on'; }`
![addedlines](https://github.com/tobychui/zoraxy/assets/110860055/b38051de-a61a-4d29-aa7e-78c1c47b8652)
Save the file with **CTRL + O** and leave nano with **CTRL + X**
Reload your page!
![finished](https://github.com/tobychui/zoraxy/assets/110860055/8d433ac8-a5ff-4638-a105-e59f4b2151a1)
Adminpanel
You can now leave the root shell with
`exit`
Tested with Wordpress and Apache on a hostinstallation and Wordpress in Docker (wordpress:latest) with existing sites.
Successfully installed Go