hmm... synapse 0.99 will require a CA signed tls cert for the homeserver domain on the federation port. think i'm gonna have to proxy requests to matrix through the main nginx unless i can figure out a better way to do this

anyone else running mastodon and matrix on the same domain?

@chr No, but I've been proxying the whole time. Self-signed certs sounded bad from the get-go.

@ceralor i haven't been proxying the federation port but i will have to now, and i'm not sure of the best way to obtain a letsencrypt cert for it...

@chr Oh! Shit, yeah, I dunno with that one. Honestly nginx is kinda the route I'm going? I have my .well-known dir pointed somewhere in nginx and LE handles it nicely.

@ceralor yeah, it would normally be easy except i run my matrix server as "" but accessible on the web from "". an SRV record on the domain points other matrix servers to the right place, but means i will have to get the matrix server a cert for somehow

@chr Should be able to do similar still! LE can handle multiple certs, may just need to run two different scheduled tasks for it, specifying a different webroot and doing a `location .well-known { try_files $uri $uri; }`

@ceralor the problem is requests for "" will go to the mastodon box, but i need the certs on the matrix box. i guess i could set up a cron job to just scp them over or something, but that feels insecure at best

@chr I guess it becomes a question then about which cert it'll be looking for -- the one it's accessed by, or the one it's known as?

@ceralor afaict it will want for the web API port (for clients, inc web client) but for the federation port

@chr this reads like some kind of different language that's just closely enough related to english to understand a few words

@Felthry tech jargon is pretty much another language, yeah



The word "nginx" is pronounced like a punch to the gut.

Sign in to participate in the conversation

cybrespace: the social hub of the information superhighway

jack in to the mastodon fediverse today and surf the dataflow through our cybrepunk, slightly glitchy web portal