Setup Nginx proxy to avoid IP tracking #38

New Issue

Closed

opened 2023-10-07 16:38:41 +00:00 by decentral1se · 5 comments

decentral1se commented 2023-10-07 16:38:41 +00:00

Owner

Copy Link

I have been in touch with comrades from Systemli about IP tracking issues in Synapse:

This is happening, at least, in the user sessions[1] and the user_ips
table, which is not possible to disable right now[2]. There's config
to clear this after some time, but as I understand it, it is put back
in the database afterwards.

It's true that Synapse currently doesn't provide an option to disable IP
logging. But regardless of this, you may put a reverse proxy in front
which doesn't forward the actual IP addresses of users to Synapse.

Such a simple solution! We should setup an Nginx proxy in this recipe as a standard.

It's the only way to avoid IP tracking with Synapse right now.

I have been in touch with comrades from Systemli about IP tracking issues in Synapse: > > This is happening, at least, in the user sessions[1] and the user_ips > > table, which is not possible to disable right now[2]. There's config > > to clear this after some time, but as I understand it, it is put back > > in the database afterwards. > > It's true that Synapse currently doesn't provide an option to disable IP > logging. But regardless of this, you may put a reverse proxy in front > which doesn't forward the actual IP addresses of users to Synapse. Such a simple solution! We should setup an Nginx proxy in this recipe as a standard. It's the only way to avoid IP tracking with Synapse right now.

decentral1se referenced this issue 2023-10-07 23:31:40 +00:00

Block admin endpoints from public internet access #37

decentral1se referenced this issue 2023-10-07 23:38:32 +00:00

Allow public room listing over federation #36

decentral1se referenced this issue from a commit 2023-10-07 23:42:01 +00:00

feat: use nginx proxy, config for public rooms (fedi)

decentral1se referenced this issue 2023-10-08 00:10:11 +00:00

feat: use nginx proxy, config for public rooms (fedi) #39

decentral1se closed this issue 2023-10-11 09:09:07 +00:00

moritz reopened this issue 2023-10-19 19:30:12 +00:00

moritz commented 2023-10-19 19:31:42 +00:00

Member

Copy Link

If I update to version 5.0.0+v1.93.0 I get a 404 error from nginx.
Logs:
nginx: [emerg] host not found in upstream "matrix_example_com_synapse" in /etc/nginx/nginx.conf:17

If I update to version `5.0.0+v1.93.0` I get a `404` error from nginx. Logs: `nginx: [emerg] host not found in upstream "matrix_example_com_synapse" in /etc/nginx/nginx.conf:17`

decentral1se commented 2023-10-20 09:28:14 +00:00

Author

Owner

Copy Link

@moritz idk why you're seeing matrix_example_com? Is that something to do with how you configured the DOMAIN=...? Can't see anything immediately jumping out as wrong in the config. Also, you need to undeploy/deploy to get the app -> synapse rename of the services too.

@moritz idk why you're seeing `matrix_example_com`? Is that something to do with how you configured the `DOMAIN=...`? Can't see anything immediately jumping out as wrong in the config. Also, you need to undeploy/deploy to get the `app` -> `synapse` rename of the services too.

moritz commented 2023-10-23 09:03:49 +00:00

Member

Copy Link

@moritz idk why you're seeing matrix_example_com? Is that something to do with how you configured the DOMAIN=...? Can't see anything immediately jumping out as wrong in the config. Also, you need to undeploy/deploy to get the app -> synapse rename of the services too.

I just renamed the real domain to example_com here for the report. I deployed it as new app, without any special configuration, only with SSO config. And I can't get it running.

> @moritz idk why you're seeing `matrix_example_com`? Is that something to do with how you configured the `DOMAIN=...`? Can't see anything immediately jumping out as wrong in the config. Also, you need to undeploy/deploy to get the `app` -> `synapse` rename of the services too. I just renamed the real domain to `example_com` here for the report. I deployed it as new app, without any special configuration, only with SSO config. And I can't get it running.

👀 1

3wordchant commented 2024-04-13 13:56:41 +00:00

Owner

Copy Link

@moritz is this still happening for you?

@moritz is this still happening for you?

moritz commented 2024-04-16 08:41:36 +00:00

Member

Copy Link

No everything works fine, can be closed.

No everything works fine, can be closed.

3wordchant closed this issue 2024-04-16 14:04:31 +00:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

homeserver-config-updates

backupbot

serve_server_wellknown

coturn

5.0.6+v1.100.0

6.0.2+v1.100.0

6.0.1+v1.100.0

6.0.0+v1.100.0

5.0.5+v1.100.0

5.0.4+v1.100.0

5.0.3+v1.100.0

5.0.2+v1.93.0

5.0.1+v1.93.0

5.0.0+v1.93.0

4.0.0+v1.93.0

3.9.1+v1.87.0

3.9.0+v1.87.0

3.8.0+v1.84.1

3.7.0+v1.82.0

3.6.0+v1.81.0

3.5.0+v1.81.0

3.4.0+v1.80.0

3.3.0+v1.78.0

3.2.0+v1.77.0

3.1.0+v1.76.0

3.0.0+v1.74.0

2.6.0+v1.74.0

2.5.0+v1.73.0

2.4.0+v1.72.0

2.3.0+v1.71.0

2.2.0+v1.68.0

2.1.0+v1.62.0

2.0.0+v1.58.1

1.3.0+v1.55.2

1.2.0+v1.52.0

1.1.0+v1.51.0

1.0.1+1.48.0

Labels

Clear labels

No items

No Label

Milestone

Clear milestone

No items

No Milestone

Assignees

Clear assignees

No Assignees

3 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: coop-cloud/matrix-synapse#38

No description provided.