hmm... synapse 0.99 will require a CA signed tls cert for the homeserver domain on the federation port. think i'm gonna have to proxy requests to matrix through the main cybre.space nginx unless i can figure out a better way to do this

Follow

anyone else running mastodon and matrix on the same domain?

@chr No, but I've been proxying the whole time. Self-signed certs sounded bad from the get-go.

@ceralor i haven't been proxying the federation port but i will have to now, and i'm not sure of the best way to obtain a letsencrypt cert for it...

@chr Oh! Shit, yeah, I dunno with that one. Honestly nginx is kinda the route I'm going? I have my .well-known dir pointed somewhere in nginx and LE handles it nicely.

@ceralor yeah, it would normally be easy except i run my matrix server as "cybre.space" but accessible on the web from "matrix.cybre.space". an SRV record on the domain points other matrix servers to the right place, but means i will have to get the matrix server a cert for cybre.space somehow

@chr Should be able to do similar still! LE can handle multiple certs, may just need to run two different scheduled tasks for it, specifying a different webroot and doing a `location .well-known { try_files $uri $uri; }`

@ceralor the problem is requests for "cybre.space" will go to the mastodon box, but i need the certs on the matrix box. i guess i could set up a cron job to just scp them over or something, but that feels insecure at best

@chr I guess it becomes a question then about which cert it'll be looking for -- the one it's accessed by, or the one it's known as?

@ceralor afaict it will want matrix.cybre.space for the web API port (for clients, inc web client) but cybre.space for the federation port

Sign in to participate in the conversation
Cybrespace

cybrespace: the social hub of the information superhighway

jack in to the mastodon fediverse today and surf the dataflow through our cybrepunk, slightly glitchy web portal