matrix-docker-ansible-deploy/docs/configuring-well-known.md
Slavi Pantaleev 9dad4c7c2d Fix /.well-known/matrix/client for CORS
This is provoked by Github issue .

No client had made use of the well-known mechanism
so far, so the set up performed by this playbook was not tested
and turned out to be a little deficient.

Even though /.well-known/matrix/client is usually requested with a
simple request (no preflight), it's still considered cross-origin
and [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS)
applies. Thus, the file always needs to be served with the appropriate
`Access-Control-Allow-Origin` header.

Github issue  attempts to fix it at the "reverse-proxying" layer,
which may work, but would need to be done for every server.
It's better if it's done "upstream", so that all reverse-proxy
configurations can benefit.
2018-11-29 09:13:25 +02:00

4.1 KiB

Configuring service discovery via .well-known

Introduction

Service discovery lets various client programs which support it, to receive a full user id (e.g. @username:example.com) and determine where the Matrix server is automatically (e.g. https://matrix.example.com).

This lets your users easily connect to your Matrix server without having to customize connection URLs.

As per the specification Matrix does service discovery using a /.well-known/matrix/client file hosted on the base domain (e.g. example.com).

However, this playbook installs your Matrix server on another domain (e.g. matrix.example.com) and not on the base domain (e.g. example.com), so it takes a little extra manual effort to set up the file.

Prerequisites

To implement service discovery, your base domain's server (e.g. example.com) needs to support HTTPS.

Setting it up

To make things easy for you to set up, this playbook generates and hosts the well-known file on the Matrix domain's server (e.g. https://matrix.example.com/.well-known/matrix/client), even though this is the wrong place to host it.

You have 2 options when it comes to installing the file on the base domain's server:

(Option 1): Copying the file manually to your base domain's server

Hint: Option 2 (below) is generally a better way to do this. Make sure to go with that one, if possible.

All you need to do is:

  • copy the /.well-known/matrix/client from the Matrix server (e.g. matrix.example.com) to your base domain's server (example.com).

  • set up the server at your base domain (e.g. example.com) so that it adds an extra HTTP header when serving the /.well-known/matrix/client file. CORS, the Access-Control-Allow-Origin header should be set with a value of *. If you don't do this step, web-based Matrix clients (like Riot) may fail to work.

This is relatively easy to do and possibly your only choice if you can only host static files from the base domain's server. It is, however, a little fragile, as future updates performed by this playbook may regenerate the well-known file and you may need to notice that and copy it again.

(Option 2): Setting up reverse-proxying of the well-known file from the base domain's server to the Matrix server

This option is less fragile and generally better.

On the base domain's server (e.g. example.com), you can set up reverse-proxying, so that any access for the /.well-known/matrix location prefix is forwarded to the Matrix domain's server (e.g. matrix.example.com).

With this method, you don't need to add special HTTP headers for CORS reasons (like Access-Control-Allow-Origin), because your Matrix server (where requests ultimately go) will be configured by this playbook correctly.

For nginx, it would be something like this:

# This is your HTTPS-enabled server for DOMAIN.
server {
	server_name DOMAIN;

	location /.well-known/matrix {
		proxy_pass https://matrix.DOMAIN/.well-known/matrix;
		proxy_set_header X-Forwarded-For $remote_addr;
	}

	# other configuration
}

For Apache, it would be something like this:

<VirtualHost *:443>
	ServerName DOMAIN

	SSLProxyEngine on
	<Location /.well-known/matrix>
		ProxyPass "https://matrix.DOMAIN/.well-known/matrix"
	</Location>

	# other configuration
</VirtualHost>

For Caddy, it would be something like this:

proxy /.well-known/matrix https://matrix.DOMAIN

Make sure to:

  • replace DOMAIN in the server configuration with your actual domain name
  • and: to do this for the HTTPS-enabled server block, as that's where Matrix expects the file to be

Confirming it works

No matter which method you've used to set up the well-known file, if you've done it correctly you should be able to see a JSON file at a URL like this: https://<domain>/.well-known/matrix/client.

You can also check if everything is configured correctly, by checking if services work.