Matrix – Setting Up Synapse Admin UI Behind NGINX Reverse Proxy

matrixnginx-reverse-proxy

I set up a Matrix Synapse server and everything is working fine so far.

My only problem is accessing the admin UI which I got from github Awesome-Technologies
/
synapse-admin

I symlinked the index.html into nginx webroot at /var/www/html and wrote another server block in my config as well as customised the config on my reverse proxy on a separate server. I already tried with different ports and location directives but somehow nothing seems to work. Concerning documentation or working examples, information on this project are quite scarce.
Am I missing something?

Matrix server conf

server {
    listen 8080;
    server_name matrix.example.tld www.matrix.example.tld;
    location /_matrix {
        proxy_pass http://localhost:8008;
        proxy_set_header X-Forwarded-For $remote_addr;
        client_max_body_size 50M;
    }
}

#Matrix Federation
server {
    listen 8448;
    server_name matrix.example.tld www.matrix.example.tld;

    location / {
        proxy_pass http://localhost:8008;
        proxy_set_header X-Forwarded-For $remote_addr;
    }
}

server {
    listen 80;
    root /var/www/html;
    index index.html index.htm

    server_name _;

    location / {
        try_files $uri $uri/ =404;
    }
}

Reverse Proxy conf

##Matrix
server {
    listen 80;
    server_name matrix.example.tld www. matrix.example.tld;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name matrix.example.tld www. matrix.example.tld;

    location /_matrix {
        proxy_pass http://SRV_IP:8080;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        client_max_body_size 50M;
    }

    location /_synapse/admin {
        proxy_pass http://SRV_IP;
        proxy_set_header X-Forwarded-For $remote_addr;
    }

    # Federation Port
    listen  8448 ssl;

    location / {
        proxy_pass http://SRV_IP:8448;
        proxy_set_header X-Forwarded-For $remote_addr;
    }

    ssl_certificate /etc/letsencrypt/live/matrix.example.tld/>
    ssl_certificate_key /etc/letsencrypt/live/matrix.example.tld >
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;


}

Best Answer

This is what happens when you request https://matrix.example.tld/_synapse/admin.

The request hits first location /_synapse/admin block in the reverse proxy virtual host configuration.

The reverse proxy nginx makes a request to http://SRV_IP/_synapse/admin. The default mode for proxy_pass is to append the URI after the domain name / IP when no URI is specified in proxy_pass.

This request hits the main nginx configuration, where it ends up being processed by the last virtual host configuration. There nginx uses the request URI to locate the files for the request.

The root is /var/www/html and the URI is /_synapse/admin. So, nginx tries to serve /var/www/html/_synapse/admin as response to the request. Since there is no such directory, nginx sends 404 response.

If you want https://matrix.example.tld/_synapse/admin to serve files in /var/www/html, you need to change the reverse proxy configuration as follows:

location /_synapse/admin {
    proxy_pass http://SRV_IP/;
    proxy_set_header X-Forwarded-For $remote_addr;
}

This tells nginx to replace the URI in the location part with /.

Related Topic