hmm... synapse 0.99 will require a CA signed tls cert for the homeserver domain on the federation port. think i'm gonna have to proxy requests to matrix through the main cybre.space nginx unless i can figure out a better way to do this

Follow

anyone else running mastodon and matrix on the same domain?

@chr No, but I've been proxying the whole time. Self-signed certs sounded bad from the get-go.

@ceralor i haven't been proxying the federation port but i will have to now, and i'm not sure of the best way to obtain a letsencrypt cert for it...

@chr Oh! Shit, yeah, I dunno with that one. Honestly nginx is kinda the route I'm going? I have my .well-known dir pointed somewhere in nginx and LE handles it nicely.

@ceralor yeah, it would normally be easy except i run my matrix server as "cybre.space" but accessible on the web from "matrix.cybre.space". an SRV record on the domain points other matrix servers to the right place, but means i will have to get the matrix server a cert for cybre.space somehow

@chr Should be able to do similar still! LE can handle multiple certs, may just need to run two different scheduled tasks for it, specifying a different webroot and doing a `location .well-known { try_files $uri $uri; }`

@ceralor the problem is requests for "cybre.space" will go to the mastodon box, but i need the certs on the matrix box. i guess i could set up a cron job to just scp them over or something, but that feels insecure at best

@chr I guess it becomes a question then about which cert it'll be looking for -- the one it's accessed by, or the one it's known as?

@ceralor afaict it will want matrix.cybre.space for the web API port (for clients, inc web client) but cybre.space for the federation port

@hax domain, they are on two different VMs, which is the problem

Sign in to participate in the conversation
Cybrespace

cybrespace: the social hub of the information superhighway

jack in to the mastodon fediverse today and surf the dataflow through our cybrepunk, slightly glitchy web portal