silvio / docker-matrix Goto Github PK

View Code? Open in Web Editor NEW

142.0 16.0 76.0 169 KB

docker image for matrix.org

License: GNU General Public License v2.0

Shell 74.90% Dockerfile 25.10%

shell synapse homeserver matrix turn-servers docker-image docker coturn

docker-matrix's Introduction

Docker image for Matrix

Notice

With v0.99.5 we publish some changes that can breake the backward compatibility.

We change to python3. We could not test everything. Please come into our chat and/or open a issue on github.

Please make sure to use our tagged docker images and not the latest one. Specifically in a production environment you should never use :latest as that the version can be broken.

Creating Issues and Pull request

We are working with the repository at "https://github.com/AVENTER-UG/docker-matrix". If you want to open issues or create pull request, please use that repository.

Security

We verify the docker layers of our image automaticly with clair. Matrix is not a part of the vulnerability scan, which means clair will only find vulnerabilities that are part of the OS (operating system).

Introduction

Dockerfile for installation of matrix open federated Instant Messaging and VoIP communication server.

The riot.im web client has now his own docker file at github.

Contribution

If you want contribute to this project feel free to fork this project, do your work in a branch and create a pull request.

To support this Dockerimage please pledge via liberapay.

Configuration

To configure run the image with "generate" as argument. You have to setup the server domain and a /data-directory. After this you have to edit the generated homeserver.yaml file.

Please read the synapse readme file about configuration settings, there is also an example setup available to read.

To get the things done, "generate" will create a self-signed certificate, which should be replaced with a valid certificate if used in production, either by giving synapse access to the valid certificate, or by using a reverse proxy.

It is recommended to run the container with a --user : flag, to prevent the container from running as root. However, the synapse process will not run as root if the user flag is not supplied.

Example:

$ docker run -v /tmp/data:/data --rm --user 991:991 -e SERVER_NAME=localhost -e REPORT_STATS=no avhost/docker-matrix:<VERSION> generate

Start

For starting you need the port bindings and a mapping for the /data-directory.

$ docker run -d --user 991:991 -p 8448:8448 -p 8008:8008 -p 3478:3478 -v /tmp/data:/data avhost/docker-matrix:<VERSION> start

Port configurations

Matrix Homeserver

The following ports are used in the container for the Matrix server. You can use -p-option on docker run to configure this part (eg.: -p 443:8448):
8008,8448 tcp

Coturn server

If you only need STUN to work you need the following ports:
3478, 5349 udp/tcp
The server has the following as alt-ports: 3479, 5350 udp/tcp

For TURN (using the server as a relay) you also need to forward this portrange:
49152-65535/udp

You may also have to set the external ip of the server in turnserver.conf which is located in the /data volume:
external-ip=XX.XX.XX.XX

In case you don't want to expose the whole port range on udp you can change the portrange in turnserver.conf:
min-port=XXXXX
max-port=XXXXX

Version information

To get the installed synapse version you can run the image with version as argument or look at the container via cat.

$ docker run -ti --rm avhost/docker-matrix:<VERSION> version
-=> Matrix Version
synapse: master (7e0a1683e639c18bd973f825b91c908966179c15)
coturn:  master (88bd6268d8f4cdfdfaffe4f5029d489564270dd6)

# docker exec -it CONTAINERID cat /synapse.version
synapse: master (7e0a1683e639c18bd973f825b91c908966179c15)
coturn:  master (88bd6268d8f4cdfdfaffe4f5029d489564270dd6)

Environment variables

SERVER_NAME: Server and domain name, mandatory, needed only for generate
REPORT_STATS: statistic report, mandatory, values: yes or no, needed only for generate
MATRIX_UID/MATRIX_GID: UserID and GroupID of user within container which runs the synapse server, if the --user flag is not supplied. The files mounted under /data are chowned to this ownership. Default is MATRIX_UID=991 and MATRIX_GID=991. It can overriden via -e MATRIX_UID=... and -e MATRIX_GID=... at start time.
LD_PRELOAD This is set by default to use jemalloc as memory allocator, as that has been shown to greatly reduce the memory useage of synapse. To use the default malloc the environmental variable has to be emptied, by adding -e LD_PRELOAD when running the container.

build specific arguments

BV_SYN: synapse version, optional, defaults to master
BV_TUR: coturn turnserver version, optional, defaults to master

For building of synapse version v0.11.0-rc2 and coturn with commit a9fc47e add --build-arg BV_SYN=v0.11.0-rc2 --build-arg BV_TUR=a9fc47efd77 to the docker build command.

diff between system and fresh generated config file

To get a hint about new options etc you can do a diff between your configured homeserver.yaml and a newly created config file. Call your image with diff as argument.

$ docker run --rm -ti -v /tmp/data:/data avhost/docker-matrix:<VERSION> diff
[...]
+# ldap_config:
+#   enabled: true
+#   server: "ldap://localhost"
+#   port: 389
+#   tls: false
+#   search_base: "ou=Users,dc=example,dc=com"
+#   search_property: "cn"
+#   email_property: "email"
+#   full_name_property: "givenName"
[...]

For generating of this output its diff from busybox used. The used diff parameters can be changed through DIFFPARAMS environment variable. The default is Naur.

Exported volumes

/data: data-container

docker-matrix's People

Contributors

Stargazers

Watchers

docker-matrix's Issues

use tagging

It would be nice if you could tag the docker-file according to the matrix-releases

(thanks for your work so far ❤️ )

Missing email templates / won't start since 0.22

Upgrading results in a startup error:

jinja2.exceptions.TemplateNotFound: notif_mail.html

Creating a clone of the synapse repo in the data dir and changing the path of email/template_dir in homeserver.yaml fixes this, so I guess the file is missing from the image somehow?

Synapse v0.23.1 won't start due to pyopenssl

It errors out with:
Missing Requirement: Can't import 'OpenSSL' which is part of 'pyopenssl>=0.14' To install run: pip install --upgrade --force "pyopenssl>=0.14"

After running:
pip install --upgrade --force "pyopenssl>=0.14"
in the container it did start fine.

Upgrade to 0.32.1

https://matrix.org/blog/2018/07/06/security-update-synapse-0-32-0/

VoIP with TURN does not work without host networking

Does anyone have VoIP calling working when just exposing ports? In order for NATted clients to be able to do voice/video calls, I have to switch to host networking for the container.

Permission errors /homeserver.log

Hi, I'm running into permission errors when building against the release-0.19.2 synapse branch.

Logs are saying;

ValueError: Unable to configure handler 'file': [Errno 13] Permission denied: '/homeserver.log'

Temporarily fixed it by;

$ docker exec synapse touch /homeserver.log
$ docker exec synapse chmod 0666 /homeserver.log

Can't create room/contact user

Hello,
I just launched a synapse server instance using your docker image.
It runs just fine, i registered two users to test it.
But when I try to contact another user, a 404 error appears in my logs. I've tried to contact other accounts, out of my instance, but none of them works.
Here is what happen in my log file:

2019-04-16 16:07:11,179 - synapse.http.client - 295 - INFO - POST-46 - Received response to GET https://matrix.foxty.pw/_matrix/identity/api/v1/lookup?medium=email&address=tom%40matrix.foxty.pw: 404,
2019-04-16 16:07:11,181 - synapse.http.server - 112 - ERROR - POST-46 - Failed handle request via 'RoomCreateRestServlet': <SynapseRequest at 0x7f8b5700a3f8 method=u'POST' uri=u'/_matrix/client/r0/createRoom' clientproto=u'HTTP/1.1' site=8448>,
Traceback (most recent call last):,
File "/usr/local/lib/python2.7/dist-packages/synapse/http/server.py", line 81, in wrapped_request_handler,
yield h(self, request),
File "/usr/local/lib/python2.7/dist-packages/twisted/internet/defer.py", line 1416, in _inlineCallbacks,
result = result.throwExceptionIntoGenerator(g),
File "/usr/local/lib/python2.7/dist-packages/twisted/python/failure.py", line 491, in throwExceptionIntoGenerator,
return g.throw(self.type, self.value, self.tb),
File "/usr/local/lib/python2.7/dist-packages/synapse/http/server.py", line 316, in _async_render,
callback_return = yield callback(request, **kwargs),
File "/usr/local/lib/python2.7/dist-packages/twisted/internet/defer.py", line 1416, in _inlineCallbacks,
result = result.throwExceptionIntoGenerator(g),
File "/usr/local/lib/python2.7/dist-packages/twisted/python/failure.py", line 491, in throwExceptionIntoGenerator,
return g.throw(self.type, self.value, self.tb),
File "/usr/local/lib/python2.7/dist-packages/synapse/rest/client/v1/room.py", line 74, in on_POST,
requester, self.get_room_config(request),
File "/usr/local/lib/python2.7/dist-packages/twisted/internet/defer.py", line 1416, in _inlineCallbacks,
result = result.throwExceptionIntoGenerator(g),
File "/usr/local/lib/python2.7/dist-packages/twisted/python/failure.py", line 491, in throwExceptionIntoGenerator,
return g.throw(self.type, self.value, self.tb),
File "/usr/local/lib/python2.7/dist-packages/synapse/handlers/room.py", line 629, in create_room,
txn_id=None,,
File "/usr/local/lib/python2.7/dist-packages/twisted/internet/defer.py", line 1416, in _inlineCallbacks,
result = result.throwExceptionIntoGenerator(g),
File "/usr/local/lib/python2.7/dist-packages/twisted/python/failure.py", line 491, in throwExceptionIntoGenerator,
return g.throw(self.type, self.value, self.tb),
File "/usr/local/lib/python2.7/dist-packages/synapse/handlers/room_member.py", line 697, in do_3pid_invite,
id_server, medium, address,
File "/usr/local/lib/python2.7/dist-packages/twisted/internet/defer.py", line 1416, in _inlineCallbacks,
result = result.throwExceptionIntoGenerator(g),
File "/usr/local/lib/python2.7/dist-packages/twisted/python/failure.py", line 491, in throwExceptionIntoGenerator,
return g.throw(self.type, self.value, self.tb),
File "/usr/local/lib/python2.7/dist-packages/synapse/handlers/room_member.py", line 737, in _lookup_3pid,
"address": address,,
File "/usr/local/lib/python2.7/dist-packages/twisted/internet/defer.py", line 1416, in _inlineCallbacks,
result = result.throwExceptionIntoGenerator(g),
File "/usr/local/lib/python2.7/dist-packages/twisted/python/failure.py", line 491, in throwExceptionIntoGenerator,
return g.throw(self.type, self.value, self.tb),
File "/usr/local/lib/python2.7/dist-packages/synapse/http/client.py", line 412, in get_json,
body = yield self.get_raw(uri, args, headers=headers),
File "/usr/local/lib/python2.7/dist-packages/twisted/internet/defer.py", line 1418, in _inlineCallbacks,
result = g.send(result),
File "/usr/local/lib/python2.7/dist-packages/synapse/http/client.py", line 493, in get_raw,
raise HttpResponseException(response.code, response.phrase, body),
HttpResponseException: 404: Not Found,

Any idea ?
Thanks !

new build cannot be run.

the lastest build cannot be run. docker container can run, but the matrix site cannot be openned. riot also cannot visit the matrix services.

Error while building Docker image

Running docker build -t matrix . in the repository folder fails with following error:

Sending build context to Docker daemon 20.48 kB
Step 1/16 : FROM debian:jessie
 ---> 62a932a5c143
Step 2/16 : MAINTAINER Silvio Fricke <[email protected]>
 ---> Using cache
 ---> f98040fdf4cf
Step 3/16 : COPY adds/start.sh /start.sh
 ---> Using cache
 ---> 9c6984af9e5c
Step 4/16 : COPY adds/supervisord-matrix.conf /conf/
 ---> Using cache
 ---> 191442ed940f
Step 5/16 : COPY adds/supervisord-turnserver.conf /conf/
 ---> Using cache
 ---> 25e1d38a8478
Step 6/16 : COPY adds/supervisord.conf /
 ---> Using cache
 ---> 2453dd65e66a
Step 7/16 : ENTRYPOINT /start.sh
 ---> Using cache
 ---> 5f81f938be08
Step 8/16 : CMD start
 ---> Using cache
 ---> 66f89c23b266
Step 9/16 : EXPOSE 8448
 ---> Using cache
 ---> 75eefc8bbf1f
Step 10/16 : VOLUME /data
 ---> Using cache
 ---> 53942db5f088
Step 11/16 : ARG BV_SYN=master
 ---> Using cache
 ---> cb0a66ffc205
Step 12/16 : ARG BV_TUR=master
 ---> Using cache
 ---> bae8b3e0eafa
Step 13/16 : ENV LIBRARY_PATH /lib:/usr/lib
 ---> Using cache
 ---> 4106173d0a26
Step 14/16 : ENV MATRIX_UID 991 MATRIX_GID 991
 ---> Using cache
 ---> d29e4910cc0b
Step 15/16 : ARG REBUILD=1
 ---> Using cache
 ---> 3d295b467510
Step 16/16 : RUN set -ex     && mkdir /uploads     && export DEBIAN_FRONTEND=noninteractive     && touch /var/cache/apt/archives/lock     && apt-get clean     && apt-get update -y     && apt-get upgrade -y     && apt-get install -y         bash         coreutils         coturn         file         gcc         git         libevent-2.0-5         libevent-dev         libffi-dev         libffi6         libgnutls28-dev         libjpeg62-turbo         libjpeg62-turbo-dev         libldap-2.4-2         libldap2-dev         libsasl2-dev         libsqlite3-dev         libssl-dev         libssl1.0.0         libtool         libxml2         libxml2-dev         libxslt1-dev         libxslt1.1         linux-headers-amd64         make         pwgen         python         python-dev         python-pip         python-psycopg2         python-virtualenv         sqlite         zlib1g         zlib1g-dev     ;     pip install --upgrade pip ;    pip install --upgrade python-ldap ;    pip install --upgrade lxml ;    pip install --upgrade supervisor     ;     git clone --branch $BV_SYN --depth 1 https://github.com/matrix-org/synapse.git     && cd /synapse     && pip install --upgrade --process-dependency-links .     && GIT_SYN=$(git ls-remote https://github.com/matrix-org/synapse $BV_SYN | cut -f 1)     && echo "synapse: $BV_SYN ($GIT_SYN)" >> /synapse.version     && cd /     && rm -rf /synapse     ;     apt-get autoremove -y         file         gcc         git         libevent-dev         libffi-dev         libjpeg62-turbo-dev         libldap2-dev         libsqlite3-dev         libssl-dev         libtool         libxml2-dev         libxslt1-dev         linux-headers-amd64         make         python-dev         zlib1g-dev     ;     apt-get autoremove -y ;    rm -rf /var/lib/apt/* /var/cache/apt/*
 ---> Running in 66a65e63279b
+ mkdir /uploads
+ export DEBIAN_FRONTEND=noninteractive
+ touch /var/cache/apt/archives/lock
touch: cannot touch '/var/cache/apt/archives/lock': No such file or directory
+ pip install --upgrade pip
/bin/sh: 1: pip: not found
The command '/bin/sh -c set -ex     && mkdir /uploads     && export DEBIAN_FRONTEND=noninteractive     && touch /var/cache/apt/archives/lock     && apt-get clean     && apt-get update -y     && apt-get upgrade -y     && apt-get install -y         bash         coreutils         coturn         file         gcc         git         libevent-2.0-5         libevent-dev         libffi-dev         libffi6         libgnutls28-dev         libjpeg62-turbo         libjpeg62-turbo-dev         libldap-2.4-2         libldap2-dev         libsasl2-dev         libsqlite3-dev         libssl-dev         libssl1.0.0         libtool         libxml2         libxml2-dev         libxslt1-dev         libxslt1.1         linux-headers-amd64         make         pwgen         python         python-dev         python-pip         python-psycopg2         python-virtualenv         sqlite         zlib1g         zlib1g-dev     ;     pip install --upgrade pip ;    pip install --upgrade python-ldap ;    pip install --upgrade lxml ;    pip install --upgrade supervisor     ;     git clone --branch $BV_SYN --depth 1 https://github.com/matrix-org/synapse.git     && cd /synapse     && pip install --upgrade --process-dependency-links .     && GIT_SYN=$(git ls-remote https://github.com/matrix-org/synapse $BV_SYN | cut -f 1)     && echo "synapse: $BV_SYN ($GIT_SYN)" >> /synapse.version     && cd /     && rm -rf /synapse     ;     apt-get autoremove -y         file         gcc         git         libevent-dev         libffi-dev         libjpeg62-turbo-dev         libldap2-dev         libsqlite3-dev         libssl-dev         libtool         libxml2-dev         libxslt1-dev         linux-headers-amd64         make         python-dev         zlib1g-dev     ;     apt-get autoremove -y ;    rm -rf /var/lib/apt/* /var/cache/apt/*' returned a non-zero code: 127

I could fix this by inserting following lines after && export DEBIAN_FRONTEND=noninteractive \ (line 34):

    && mkdir -p /var/cache/apt/archives \
    && touch /var/cache/apt/archives/lock \

Additional information:

docker --version: Docker version 17.03.1-ce, build c6d412e
OS: macOS 10.12.5 (Sierra)

Cannot create pid file: /var/run/turnserver.pid:

I just updated to the latest docker image.
now I got this error. Cannot create pid file: /var/run/turnserver.pid: Permission denied

my turnsserver.conf looks like this:

lt-cred-mech
use-auth-secret
static-auth-secret=<secret>
realm=<myurl>
cert=/data/<myurl>.tls.crt
pkey=/data/<myurl>.tls.key

how can I fix this?

Configure homeserver to enable new registrations

Hi,

how do i modify the docker homeserver.yaml to accept new registrations.. i am trying to use this as a server and connect using the riot android app..

please advice..

502 Bad Gateway

I've set up an instance of this container (behind reverse proxy for port 443; direct for port 8448). I created an account and logged in to my instance using riot-web client with electron. It seems to be working, however, the list of public rooms is empty and I am getting the following errors in the docker logs when I try to search for a room,

5/21/2017 11:50:39 PM2017-05-22 06:50:39,342 - synapse.http.outbound - 239 - INFO - GET-114- {GET-O-5} [matrix.org] Result: 502 Bad Gateway
5/21/2017 11:50:39 PM2017-05-22 06:50:39,366 - root - 181 - WARNING - GET-114- Error retrieving alias
5/21/2017 11:50:39 PM2017-05-22 06:50:39,406 - synapse.http.server - 126 - ERROR - GET-114- 502: Bad Gateway
5/21/2017 11:50:39 PMTraceback (most recent call last):
5/21/2017 11:50:39 PM  File "/usr/local/lib/python2.7/dist-packages/synapse/http/server.py", line 116, in wrapped_request_handler
5/21/2017 11:50:39 PM    yield request_handler(self, request, request_metrics)
5/21/2017 11:50:39 PM  File "/usr/local/lib/python2.7/dist-packages/twisted/internet/defer.py", line 1299, in _inlineCallbacks
5/21/2017 11:50:39 PM    result = result.throwExceptionIntoGenerator(g)
5/21/2017 11:50:39 PM  File "/usr/local/lib/python2.7/dist-packages/twisted/python/failure.py", line 393, in throwExceptionIntoGenerator
5/21/2017 11:50:39 PM    return g.throw(self.type, self.value, self.tb)
5/21/2017 11:50:39 PM  File "/usr/local/lib/python2.7/dist-packages/synapse/http/server.py", line 255, in _async_render
5/21/2017 11:50:39 PM    callback_return = yield callback(request, **kwargs)
5/21/2017 11:50:39 PM  File "/usr/local/lib/python2.7/dist-packages/twisted/internet/defer.py", line 1299, in _inlineCallbacks
5/21/2017 11:50:39 PM    result = result.throwExceptionIntoGenerator(g)
5/21/2017 11:50:39 PM  File "/usr/local/lib/python2.7/dist-packages/twisted/python/failure.py", line 393, in throwExceptionIntoGenerator
5/21/2017 11:50:39 PM    return g.throw(self.type, self.value, self.tb)
5/21/2017 11:50:39 PM  File "/usr/local/lib/python2.7/dist-packages/synapse/rest/client/v1/directory.py", line 50, in on_GET
5/21/2017 11:50:39 PM    res = yield dir_handler.get_association(room_alias)
5/21/2017 11:50:39 PM  File "/usr/local/lib/python2.7/dist-packages/twisted/internet/defer.py", line 1299, in _inlineCallbacks
5/21/2017 11:50:39 PM    result = result.throwExceptionIntoGenerator(g)
5/21/2017 11:50:39 PM  File "/usr/local/lib/python2.7/dist-packages/twisted/python/failure.py", line 393, in throwExceptionIntoGenerator
5/21/2017 11:50:39 PM    return g.throw(self.type, self.value, self.tb)
5/21/2017 11:50:39 PM  File "/usr/local/lib/python2.7/dist-packages/synapse/handlers/directory.py", line 178, in get_association
5/21/2017 11:50:39 PM    ignore_backoff=True,
5/21/2017 11:50:39 PM  File "/usr/local/lib/python2.7/dist-packages/twisted/internet/defer.py", line 1299, in _inlineCallbacks
5/21/2017 11:50:39 PM    result = result.throwExceptionIntoGenerator(g)
5/21/2017 11:50:39 PM  File "/usr/local/lib/python2.7/dist-packages/twisted/python/failure.py", line 393, in throwExceptionIntoGenerator
5/21/2017 11:50:39 PM    return g.throw(self.type, self.value, self.tb)
5/21/2017 11:50:39 PM  File "/usr/local/lib/python2.7/dist-packages/synapse/federation/transport/client.py", line 188, in make_query
5/21/2017 11:50:39 PM    ignore_backoff=ignore_backoff,
5/21/2017 11:50:39 PM  File "/usr/local/lib/python2.7/dist-packages/twisted/internet/defer.py", line 1299, in _inlineCallbacks
5/21/2017 11:50:39 PM    result = result.throwExceptionIntoGenerator(g)
5/21/2017 11:50:39 PM  File "/usr/local/lib/python2.7/dist-packages/twisted/python/failure.py", line 393, in throwExceptionIntoGenerator
5/21/2017 11:50:39 PM    return g.throw(self.type, self.value, self.tb)
5/21/2017 11:50:39 PM  File "/usr/local/lib/python2.7/dist-packages/synapse/http/matrixfederationclient.py", line 451, in get_json
5/21/2017 11:50:39 PM    ignore_backoff=ignore_backoff,
5/21/2017 11:50:39 PM  File "/usr/local/lib/python2.7/dist-packages/twisted/internet/defer.py", line 1301, in _inlineCallbacks
5/21/2017 11:50:39 PM    result = g.send(result)
5/21/2017 11:50:39 PM  File "/usr/local/lib/python2.7/dist-packages/synapse/http/matrixfederationclient.py", line 250, in _request
5/21/2017 11:50:39 PM    response.code, response.phrase, body
5/21/2017 11:50:39 PMHttpResponseException: 502: Bad Gateway

Any ideas?

Upgrade docker hub image to Synapse v0.23.1

The image on docker hub still uses v0.22.1.

Upgrade docker hub image to Synapse v0.24.1

https://github.com/matrix-org/synapse/releases

License

Hi, thanks for your work.
I did not see any software license applied to this repo. Do you plan to add one?

socket: Protocol not supported

When starting my matrix docker service, I see socket: Protocol not supported printed many times

Here's the compose file:

version: '3'
services:
  matrix:
    container_name: matrix
    image: avhost/docker-matrix
    ports:
     - "8008:8008"
     - "8448:8448"
     - "3478:3478"
    volumes:
     - ./matrix:/data
     - ./db/homeserver.db:/data/homeserver.db
     - ./db/uploads:/uploads
    command: start
    #restart: always

And this is the output:

matrix    | -=> start turn
matrix    | -=> start riot.im client
matrix    | -=> start matrix
matrix    | groupadd: group 'matrix' already exists
matrix    | useradd: user 'matrix' already exists
matrix    | 2018-03-05 17:16:58,624 CRIT Supervisor running as root (no user in config file)
matrix    | 2018-03-05 17:16:58,625 INFO Included extra file "/conf/supervisord-matrix.conf" during parsing
matrix    | 2018-03-05 17:16:58,625 INFO Included extra file "/conf/supervisord-turnserver.conf" during parsing
matrix    | 2018-03-05 17:16:58,627 INFO supervisord started with pid 1
matrix    | 2018-03-05 17:16:59,635 INFO spawned: 'matrix' with pid 13
matrix    | 2018-03-05 17:16:59,639 INFO spawned: 'turnserver' with pid 14
matrix    | socket: Protocol not supported
matrix    | socket: Protocol not supported
matrix    | socket: Protocol not supported
matrix    | socket: Protocol not supported
matrix    | socket: Protocol not supported
matrix    | socket: Protocol not supported
matrix    | socket: Protocol not supported
matrix    | socket: Protocol not supported
matrix    | socket: Protocol not supported
matrix    | socket: Protocol not supported
matrix    | socket: Protocol not supported
matrix    | socket: Protocol not supported
matrix    | socket: Protocol not supported
matrix    | socket: Protocol not supported
matrix    | socket: Protocol not supported
matrix    | socket: Protocol not supported
matrix    | 2018-03-05 17:17:00,776 INFO success: matrix entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
matrix    | 2018-03-05 17:17:00,776 INFO success: turnserver entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
matrix    | 2018-03-05 17:17:00,824 - twisted - 131 - INFO - - SynapseSite (TLS) starting on 8448
matrix    | 2018-03-05 17:17:00,826 - twisted - 131 - INFO - - Starting factory <synapse.http.site.SynapseSite instance at 0x7f9cb26827a0>
matrix    | 2018-03-05 17:17:00,833 - twisted - 131 - INFO - - SynapseSite starting on 8008
matrix    | 2018-03-05 17:17:00,834 - twisted - 131 - INFO - - Starting factory <synapse.http.site.SynapseSite instance at 0x7f9cb20d3098>

Synapse 0.9.x and later remove commandline options which break the dockerfile

Hi Silvio,

In Synapse 0.9.0 we removed most of the commandline parameters for synapse as they were duplicating the main YAML config file which has now become really large/nested/complicated. To quote the changelog:

Remove support for specifying config options on the command line, except
for:
- --daemonize - Daemonize the home server.
- --manhole - Turn on the twisted telnet manhole service on the given
  port.
- --database-path - The path to a sqlite database to use.
- --verbose - The verbosity level.
- --log-file - File to log to.
- --log-config - Python logging config file.
- --enable-registration - Enable registration for new users.

This means that the dockerfile breaks because you preferred commandline args over maintaining a YAML config file.

Let me know if you can fix this or whether we should provide a PR. Synapse 0.9 is lightyears ahead of where we were back in March btw :)

Permission issue

Hello,

I'm trying to install docker-matrix with OpenShift Enterprise 3.6, i'm issuing those errors as soon as the container creation begin.

Any idea ?
thanks

-=> start matrix
mv: cannot move '/conf/supervisord-turnserver.conf' to '/conf/supervisord-turnserver.conf.deactivated': Permission denied
groupadd: Permission denied.
groupadd: cannot lock /etc/group; try again later.
useradd: group 'matrix' does not exist
chown: changing ownership of '/data': Operation not permitted
chown: changing ownership of '/uploads': Operation not permitted
chmod: changing permissions of '/run': Operation not permitted
Error: Invalid user name matrix in section 'program:matrix' (file: '/conf/supervisord-matrix.conf')
For help, use /usr/local/bin/supervisord -h```

Feature request: Log to STDOUT

Following principle 11 of the 12 Factor App, it's widely believed that good docker apps should treat logs as event streams by writing them to STDOUT, not to a file. If this feature is available for matrix, it's somewhat badly documented. I'd like to request that the default log options for this container be to write the log to STDOUT where they will be automatically collected by the docker daemon, not to a file.

Several high vulnerabilities reported by "clair"

The linked "clair" travis ci job shows several (17 currently) severity level high vulnerabilities to be present in the docker image.
This seems concerning. If it's not then there should be an explanation why.

`docker exec -it cat /synapse.version` prints out `master` instead of the version

Does the docker image always contain the newest synapse when I build a new image out of your repo?
Using docker exec -it cat /synapse.version says that I am on master but not where the HEAD is or which version. So I could be an an old master, right?

how to stop / turn on the server?

I changed the configuration file as homeserver.yaml reboot to apply the changes? Thank you

Force a image rebuild

Hi,

After the last critical security vulnerability in Synapse I think that must delete all older docker builds in DockerHub and force to build a new one.

Greetings.

Security update - 0.28.1

https://matrix.org/blog/2018/05/01/security-update-synapse-0-28-1/

Error when I try to build docker image

Cloned after #63 and ...

+ pip install --upgrade pip
Collecting pip
  Downloading pip-10.0.0-py2.py3-none-any.whl (1.3MB)
Installing collected packages: pip
  Found existing installation: pip 9.0.1
    Not uninstalling pip at /usr/lib/python2.7/dist-packages, outside environment /usr
Successfully installed pip-10.0.0
+ pip install --upgrade wheel
Traceback (most recent call last):
  File "/usr/bin/pip", line 9, in <module>
    from pip import main
ImportError: cannot import name main

contact to you silvio :-)

Hi Silvio,
hast Du ein liberapay account? Wir haben dort ein docker-matrix team eingerichtet und ich würde Dich dem gerne hinzufügen. Des weiteren wäre es schön wenn wir noch einen anderen weg hätten um in kontakt zu kommen. Du kannst Dich ja mal via "https://matrix.aventer.biz/#/room/#avEnterSupport:matrix.aventer.biz" melden, wenn Du lust hast.

Viele Grüße,
Andreas

We are interesting to maintain your project.

Hi Silvio,

we already had a contact via a github issue and pull request. I just
read u can not maintain your docker-matrix anymore. Sorry to hear that,
but I know it from myself, life is changing and sometimes sth happend
that u will not have the time anymore. Well, if u like, my company can
maintain your project for u. Actually we already fork it some months
ago, (https://github.com/AVENTER-UG/docker-matrix) but I think the best
would be to fork it again.

So, hope u will warm with it, take your time to think about it.

Regards,
Andreas

Add LDAP support

The LDAP support is missing in docker.

Add this support is very simply:

 diff --git a/Dockerfile b/Dockerfile
 index 05a8a66..d79f064 100644
 --- a/Dockerfile
 +++ b/Dockerfile
 @@ -42,6 +42,7 @@ RUN chmod a+x /start.sh \
          make \
          musl \
          musl-dev \
 +        openldap-dev \
          openssl-dev \
          pwgen \
          py-pip \
 @@ -58,6 +59,7 @@ RUN chmod a+x /start.sh \
      && unzip s.zip \
      && cd /synapse-$BV_SYN \
      && pip install --process-dependency-links . \
 +    && pip install python-ldap \
      && GIT_SYN=$(git ls-remote https://github.com/matrix-org/synapse $BV_SYN | cut -f 1) \
      && echo "synapse: $BV_SYN ($GIT_SYN)" >> /synapse.version \
      && cd / \

Thanks!

error 403 when trying to log in

Hello guys,
I'm trying to use this docker on unraid. I binded all the ports to the docker but when i try to log in using my server i get a the following error

2016-12-19 09:39:56,827 - synapse.http.server - 123 - INFO - POST-6- <SynapseRequest at 0x2b08dbf4fb48 method=POST uri=/_matrix/client/r0/login? clientproto=HTTP/1.1 site=8448> SynapseError: 403 -

Any ideas what could be worng?

Invalid network setup

You only expose port 8448 and recommend to change the self-signed certificate but it has been established in matrix-org/synapse#2438 that this is not the recommended setup.

Port 8448 and 8008 should be exposed, with a reverse proxy on 8008

TURN server udp port range and external IP

If you want the TURN part of coturn to work you'll need to forward the udp portrange.
By default that is 49152-65535/udp but it's configurable in turnserver.conf with min-port=XXX and max-port=XXX

You might also have to configure the external ip address in turnserver.conf with external-ip=XX.XX.XX.XX

STUN works fine with the config described in the readme, though. Maybe this can be put in the readme.

Riot.im v0.8.1 Crash Synapse v0.18.0

Hi,
Im running Synapse v0.18.0 with Python 2.7.12. The users are authenticated agains our LDAP server.
When using Riot.im on iOS everything works ok, but the instant I login with Chrome, or Safari, the servers crash and I guess the DB gets corrupted because I can't even use the iOS App anymore.

The las request Riot make before the crash is always a synapse.rest.client.v2_alpha.sync, like:

2016-09-22 14:40:55,243 - synapse.access.https.8448 - 59 - INFO - GET-1- <IP_ADDRESS> - 8448 - Received request: GET /_matrix/client/r0/sync?filter=0&timeout=0&since=s1_2_0_1_1_1_1&access_token=<redacted>

Which produces the following log:

2016-09-22 14:40:55,243 - synapse.access.https.8448 - 59 - INFO - GET-1- 201.214.200.227 - 8448 - Received request: GET /_matrix/client/r0/sync?filter=0&timeout=0&since=s1_2_0_1_1_1_1&access_token=<redacted>
2016-09-22 14:40:55,245 - synapse.storage.txn - 224 - DEBUG - - [TXN START] {get_user_by_access_token-2}
2016-09-22 14:40:55,246 - synapse.storage.txn - 280 - DEBUG - - [TXN END] {get_user_by_access_token-2} 0.621094
2016-09-22 14:40:55,246 - synapse.util.logcontext - 243 - DEBUG - - Unexpected logging context: GET-1@7f045188cbb0 is not sentinel
2016-09-22 14:40:55,247 - synapse.rest.client.v2_alpha.sync - 114 - INFO - GET-1- /sync: user=DomainSpecificString(localpart=u'username', domain=u'matrix.example.com'), timeout=0, since='s1_2_0_1_1_1_1', set_presence='online', filter_id='0', device_id=u'UNNJJGIJAV'
2016-09-22 14:40:55,247 - synapse.metrics - 212 - INFO - - Collecting gc 0
2016-09-22 14:40:55,248 - synapse.storage.txn - 224 - DEBUG - - [TXN START] {insert_client_ip-3}
2016-09-22 14:40:55,249 - synapse.metrics - 212 - INFO - - Collecting gc 1
2016-09-22 14:40:55,249 - synapse.storage._base - 483 - DEBUG - - [SQL] UPDATE user_ips SET last_seen = ? WHERE access_token = ? AND ip = ? AND user_id = ? AND user_agent = ? AND device_id = ? Args=[1474555255247, 'MDAyMGxvY2F0aW9uIG1hdHJpeC56Ym94YXBwLmNvbQowMDEzaWRlbnRpZmllciBrZXkKMDAxMGNpZCBnZW4gPSAxCjAwMmRgPCAxNDc0NTU4NDUyNDQ4CjAwMmZzaWduYXR1cmUgU08gtiGusp7e3by4rWozEPvS4ZPLmNJvopHRCcuwXU8K', '201.224.209.256', u'@username:matrix.example.com', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36', u'U769GIJAV']
2016-09-22 14:40:55,275 - synapse.storage.txn - 280 - DEBUG - - [TXN END] {insert_client_ip-3} 27.266113
2016-09-22 14:40:55,276 - synapse.storage.txn - 224 - DEBUG - - [TXN START] {get_user_filter-4}
2016-09-22 14:40:55,276 - synapse.storage.txn - 280 - DEBUG - - [TXN END] {get_user_filter-4} 0.373047
2016-09-22 14:40:55,278 - synapse.util.logcontext - 243 - DEBUG - GET-1- Unexpected logging context: sentinel is not GET-1@7f045188cbb0
2016-09-22 14:40:55,278 - synapse.storage.txn - 224 - DEBUG - GET-1- [TXN START] {get_updated_account_data_for_user-5}
/start.sh: line 57:    16 Segmentation fault      (core dumped) python -m synapse.app.homeserver --config-path /data/homeserver.yaml

Note: I changed the real username, domain and IPAddress.

Before the Crash, Riot make the following request without problem:

https://matrix.example.com/_matrix/client/r0/presence/username/status
https://matrix.example.com/_matrix/client/unstable/keys/upload/JZBZGPVPPK?access_token=
https://matrix.example.com/_matrix/client/r0/voip/turnServer?access_token
https://matrix.example.com/_matrix/client/r0/pushrules/?access_token
https://matrix.example.com/_matrix/client/r0/user/user/filter?access_token
https://matrix.example.com/_matrix/client/r0/sync?filter=0&timeout=30000&_cacheBuster=1474554706574&access_token
https://matrix.example.com/_matrix/client/unstable/sendToDevice/m.new_device/m147455436634.0?access_token=
https://matrix.example.com/_matrix/client/r0/user/username/account_data/m.direct?access_token
https://matrix.example.com/_matrix/client/r0/publicRooms?access_token=

Tha last return an empty {} because there is no public rooms. And the next request is the one that crash the server:

https://matrix.example.com/_matrix/client/r0/sync?filter=0&timeout=30000&since=s1_2_0_1_1_1_1&access_token=

Yesterday I debuged this and found that the crash happen when the json.loads method runs, of the file storage/account_data.py:

global_account_data = {     
  row["account_data_type"]: json.loads(row["content"]) for row in rows
}

The SegFault Info of GDB is:

Core was generated by `python -m synapse.app.homeserver --config-path /data/homeserver.yaml'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f04551a3a30 in JSON_DecodeObject () from /usr/lib/python2.7/site-packages/ujson.so

And the trace:

#0  0x00007f04551a3a30 in JSON_DecodeObject () from /usr/lib/python2.7/site-packages/ujson.so
#1  0x00007f04551a198f in JSONToObj () from /usr/lib/python2.7/site-packages/ujson.so
#2  0x00007f045b330cd8 in PyEval_EvalFrameEx () from /usr/lib/libpython2.7.so.1.0
#3  0x00007f045b332b4c in PyEval_EvalCodeEx () from /usr/lib/libpython2.7.so.1.0
#4  0x00007f045b330e5a in PyEval_EvalFrameEx () from /usr/lib/libpython2.7.so.1.0
#5  0x00007f045b332b4c in PyEval_EvalCodeEx () from /usr/lib/libpython2.7.so.1.0
#6  0x00007f045b2d6e02 in ?? () from /usr/lib/libpython2.7.so.1.0
#7  0x00007f045b2ba13c in PyObject_Call () from /usr/lib/libpython2.7.so.1.0
#8  0x00007f045b33237f in PyEval_EvalFrameEx () from /usr/lib/libpython2.7.so.1.0
#9  0x00007f045b332b4c in PyEval_EvalCodeEx () from /usr/lib/libpython2.7.so.1.0
#10 0x00007f045b2d6e02 in ?? () from /usr/lib/libpython2.7.so.1.0
#11 0x00007f045b2ba13c in PyObject_Call () from /usr/lib/libpython2.7.so.1.0
#12 0x00007f045b33237f in PyEval_EvalFrameEx () from /usr/lib/libpython2.7.so.1.0
#13 0x00007f045b332b4c in PyEval_EvalCodeEx () from /usr/lib/libpython2.7.so.1.0
#14 0x00007f045b2d6e02 in ?? () from /usr/lib/libpython2.7.so.1.0
#15 0x00007f045b2ba13c in PyObject_Call () from /usr/lib/libpython2.7.so.1.0
#16 0x00007f045b33237f in PyEval_EvalFrameEx () from /usr/lib/libpython2.7.so.1.0
#17 0x00007f045b332b4c in PyEval_EvalCodeEx () from /usr/lib/libpython2.7.so.1.0
#18 0x00007f045b2d6e02 in ?? () from /usr/lib/libpython2.7.so.1.0
#19 0x00007f045b2ba13c in PyObject_Call () from /usr/lib/libpython2.7.so.1.0
#20 0x00007f045b33237f in PyEval_EvalFrameEx () from /usr/lib/libpython2.7.so.1.0
#21 0x00007f045b332b4c in PyEval_EvalCodeEx () from /usr/lib/libpython2.7.so.1.0
#22 0x00007f045b2d6e02 in ?? () from /usr/lib/libpython2.7.so.1.0
#23 0x00007f045b2ba13c in PyObject_Call () from /usr/lib/libpython2.7.so.1.0
#24 0x00007f045b33237f in PyEval_EvalFrameEx () from /usr/lib/libpython2.7.so.1.0
#25 0x00007f045b332b4c in PyEval_EvalCodeEx () from /usr/lib/libpython2.7.so.1.0
#26 0x00007f045b2d6e02 in ?? () from /usr/lib/libpython2.7.so.1.0
#27 0x00007f045b2ba13c in PyObject_Call () from /usr/lib/libpython2.7.so.1.0
#28 0x00007f045b33237f in PyEval_EvalFrameEx () from /usr/lib/libpython2.7.so.1.0
#29 0x00007f045b332b4c in PyEval_EvalCodeEx () from /usr/lib/libpython2.7.so.1.0
#30 0x00007f045b330e5a in PyEval_EvalFrameEx () from /usr/lib/libpython2.7.so.1.0
#31 0x00007f045b332b4c in PyEval_EvalCodeEx () from /usr/lib/libpython2.7.so.1.0
#32 0x00007f045b330e5a in PyEval_EvalFrameEx () from /usr/lib/libpython2.7.so.1.0
#33 0x00007f045b332b4c in PyEval_EvalCodeEx () from /usr/lib/libpython2.7.so.1.0
#34 0x00007f045b330e5a in PyEval_EvalFrameEx () from /usr/lib/libpython2.7.so.1.0
#35 0x00007f045b332b4c in PyEval_EvalCodeEx () from /usr/lib/libpython2.7.so.1.0
#36 0x00007f045b2d6e02 in ?? () from /usr/lib/libpython2.7.so.1.0
#37 0x00007f045b2ba13c in PyObject_Call () from /usr/lib/libpython2.7.so.1.0
#38 0x00007f045b33237f in PyEval_EvalFrameEx () from /usr/lib/libpython2.7.so.1.0
#39 0x00007f045b330dfc in PyEval_EvalFrameEx () from /usr/lib/libpython2.7.so.1.0
#40 0x00007f045b330dfc in PyEval_EvalFrameEx () from /usr/lib/libpython2.7.so.1.0
#41 0x00007f045b332b4c in PyEval_EvalCodeEx () from /usr/lib/libpython2.7.so.1.0
#42 0x00007f045b2d6e02 in ?? () from /usr/lib/libpython2.7.so.1.0
#43 0x00007f045b2ba13c in PyObject_Call () from /usr/lib/libpython2.7.so.1.0
#44 0x00007f045b2c5d07 in ?? () from /usr/lib/libpython2.7.so.1.0
#45 0x00007f045b2ba13c in PyObject_Call () from /usr/lib/libpython2.7.so.1.0
#46 0x00007f045b32ac88 in PyEval_CallObjectWithKeywords () from /usr/lib/libpython2.7.so.1.0
#47 0x00007f045b357a95 in ?? () from /usr/lib/libpython2.7.so.1.0
#48 0x00007f045b6674ce in ?? () from /lib/ld-musl-x86_64.so.1
#49 0x0000000000000000 in ?? ()

Slight Rework of Container Startup

The process of having to run 'generate', then 'start' argument is subpar for many docker workflows.

Would you be open to a PR which would allow the image to be run without any commands?

This would run generate once, then run the start command every time after that - a flag would be set in the config directory to note that generate has already run.

Currently, this wouldn't be usable with how I run docker on my server, but with this minor PR, it would work wonderfully with my workflow, as well as how I know many others use it.

Remove notice on top

A few people seem to think this is no longer maintained.