Hello traefik fellows, i'm struggling since many hours(days) on this issue and i hope someone would help me.
I'm using Traefikv2.2 with Docker on a Ubuntu-vm and i have successfully installed Synapse and Element but unfortunately i can't enable the Federation option in Synapse because of a reverse proxy issue or maybe an incompatibility with my domain-name from Duckdns
My Synapse domain is available and secure on the following url:
https://synapse.test.duckdns.org/_matrix/static/
https://test.duckdns.org/_matrix/static/
I can display the Federation message externally on:
https://synapse.test.duckdns.org/_matrix/key/v2/server
https://test.duckdns.org/_matrix/key/v2/server
and internally with the port 8008 open on router:
http://192.168.1.2:8008/_matrix/key/v2/server
The problem comes when Synapse needs to reach the same adresse with the external IP on port 8448. When testing my server on the federationtester service i receive this error:
Get "https://11.11.11.111:8448/_matrix/key/v2/server": dial tcp 11.11.11.111:8448: connect: connection refused
Here are my config files:
traefik.toml
[providers]
[providers.docker]
endpoint = "unix:///var/run/docker.sock"
watch = true
exposedByDefault = false
[providers.file]
directory = "/conf"
filename = "dynamic.toml"
watch = true
[entryPoints.web]
address = ":80"
[entryPoints.web.http.redirections.entryPoint]
to = "websecure"
scheme = "https"
[entryPoints.websecure]
address = ":443"
[certificatesResolvers.leresolver.acme]
email = "glacier@gmail.com"
storage = "acme.json"
[certificatesResolvers.leresolver.acme.httpChallenge]
entryPoint = "web"
rules.tom
[http]
[http.middlewares]
[http.middlewares.gzip-compress]
compress = {}
[http.middlewares.redirect-to-https]
[http.middlewares.redirect-to-https.redirectScheme]
scheme = "https"
permanent = true
[http.routers]
[http.routers.synapse]
rule = "Host(`synapse.test.duckdns.org`) || (Host(`test.duckdns.org`) && PathPrefix(`/_matrix/`))"
entrypoints = ["websecure"]
service = "synapse"
[http.routers.synapse.tls]
certResolver = "myresolver"
[http.services]
[http.services.synapse.loadBalancer]
[[http.services.synapse.loadBalancer.servers]]
url = "http://192.168.1.2:8008"
[tls]
[tls.options]
[tls.options.nowadays-tls]
minVersion = "VersionTLS12"
cipherSuites = [
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
]
docker-compose.yaml
version: "3.3"
services:
traefik:
image: "traefik:v2.2"
container_name: "traefik"
command:
- "--api"
- "--providers.file=true"
- "--providers.file.filename=/conf/rules.toml"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
- "--certificatesresolvers.myresolver.acme.email=glacier@gmail.com"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports:
- "443:443"
- "8085:8080"
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "/home/linux1/docker/traefik/rules.toml:/conf/rules.toml"
restart: unless-stopped
whoami:
image: "containous/whoami"
container_name: "simple-service"
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`test.duckdns.org`)"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls.certresolver=myresolver"
restart: unless-stopped
synapse:
image: matrixdotorg/synapse:latest
container_name: synapse
restart: "unless-stopped"
networks:
- default
ports:
- 8448:8448
- 8008:8008
labels:
- "traefik.enable=true"
volumes:
- /home/linux1/docker/synapse:/data
networks:
default:
external:
name: compose_default
I really wish someone could help me to find a solution, this issue is making my head
Thank you for your help.