Issues with Synapse and nginx

Hi,

I’ve been using DietPi’s Synapse install for a while now and it’s been working well. I’ve been upgrading it per your pip instructions and am on the most recent version now. Recently, I and some of my users have been had performance issues, so I started to look into how to run proper maintenance on this. I found this about doing that. I knew there was something funny when I could not run the first curl command there, so I started to look into nginx to understand why.

I’ve also looked at some of the other support posts about Synapse and while I’m able to see the page https://myserver.xyz/_matrix/static/ fine, and the Synapse Matrix chat server has been functioning, myself and my users have been experiencing some performance hits.

Nginx issues:

  • Right now I have two fully functional sub domains https://chat.myserver.xyz and https://search.myserver.xyz with proper sites-enabled confs.
  • The issue I have is when I pull up the “root dir” https://myserver.xyz in the browser, I only get some default nginx page. It doesn’t change if I create a conf for it in sites-enabled (& restart nginx) - it still serves the default page. I’ve been able to track down that what’s being “used” for the “root dir” out of some lines in the nginx error.log:

2022/03/18 19:07:27 [error] 99617#99617: *27174 open() “/usr/share/nginx/html/.well-known/matrix/server” failed (2: No such file or directory), client: 192.168.x.yz, server: myserver.xyz, request: “GET /.well-known/matrix/server HTTP/1.1”, host: “myserver.xyz”

– I need to determine how to configure myserver.xyz so that I can run the proper maintenance in the first link.
– I also want to ask what the “Click tracking!” meant as I was going to enable access_log to try to see what is going on here – should I?

Thank you for your help - I’m sure I’m missing something that you can help me with.

can you share the Nginx conf files you created for your Synapse

On the DietPi server, I’ve used “dietpi-letsencrypt” for one domain, chat.myserver.xyz. Also, there are no conf files located in /etc/nginx/sites-dietpi/. For https://search.myserver.xyz, I used certbot at the CLI. For https://myserver.xyz, due to some of the nginx funniness, I’ve had to use acme.sh script to get it to successfully utilize SSL certs.

Here is the sites-enabled conf for chat.myserver.xyz

#D I E T - P I
server {
    server_name chat.myserver.xyz;
    root /var/www/chat.myserver.xyz;
    index index.html index.htm;

    location / {
        try_files $uri $uri/ =404;
    }

    include /etc/nginx/sites-dietpi/*.conf;
 
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/chat.myserver.xyz/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/chat.myserver.xyz/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = chat.myserver.xyz) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    server_name chat.myserver.xyz;
    listen 80;
    return 404; # managed by Certbot
}

The conf file for search.myserver.xyz is identical to the one for chat.myserver.xyz (with servername changed).

Here is the sites-enabled conf file for myserver.xyz. I have tried setting “root /var/www/myserver.xyz;” & “index index.html index.htm;”, but none of that worked for me.

#D I E T - P I
server {
    server_name myserver.xyz;
    #include /etc/nginx/sites-dietpi/*.conf;
 
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    # For the federation port
    listen 8448 ssl http2 default_server;
    listen [::]:8448 ssl http2 default_server;

    ssl_certificate /etc/nginx/ssl/myserver.xyz/fullchain/fullchain.pem;
    ssl_certificate_key /etc/nginx/ssl/myserver.xyz/keyfile/key.pem;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';

    location ~* ^(\/_matrix|\/_synapse\/client) {
        # note: do not add a path (even a single /) after the port in `proxy_pass`,
        # otherwise nginx will canonicalise the URI and cause signature verification
        # errors.
        proxy_pass http://localhost:8008;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $host;

        # Nginx by default only allows file uploads up to 1M in size
        # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
        client_max_body_size 50M;
    }
}

server {
    if ($host = myserver.xyz) {
        return 301 https://$host$request_uri;
    }

    server_name myserver.xyz;
    listen 80;
    return 404;
}

Not sure what other conf files I should share. The nginx.conf file is the default from DietPi.

Also, on a side note, I’ve been able to run some of the Synapse maintenance commands on the CLI of the DietPi server using http://localhost:8008 instead of trying to use https://myserver.xyz.

Also, to explain some of the issues I’ve been having with Synapse Matrix - I’ve only recently (the last few weeks) had to reboot the server for messages to even transmit to accounts on other Matrix servers.

for the following error message, you might need some additional proxy configuration

2022/03/18 19:07:27 [error] 99617#99617: *27174 open() "/usr/share/nginx/html/.well-known/matrix/server" failed (2: No such file or directory), client: 192.168.x.yz, server: myserver.xyz, request: "GET /.well-known/matrix/server HTTP/1.1", host: "myserver.xyz"

I found something on a German guide. https://decatec.de/home-server/matrix-synapse-auf-ubuntu-server-20-04-lts-mit-nginx-postgresql-und-lets-encrypt/

Unfortunately I’m not able to link to the exact position inside the guide, but it’s in the middle around section Virtueller Host für Matrix Synapse. This is the example:

    location /.well-known/matrix/server {
      return 200 '{"m.server": "matrix.meinedomain.de:443"}';
      add_header Content-Type application/json;
    }

    location /.well-known/matrix/client {
      return 200 '{"m.homeserver": {"base_url": "https://matrix.meinedomain.de"}}';
      add_header Content-Type application/json;
      add_header "Access-Control-Allow-Origin" *;
    }