Update README.md Clarification on port 443, revisions to external proxy instructions#1110
Update README.md Clarification on port 443, revisions to external proxy instructions#1110AndyQuantonium wants to merge 4 commits intoelement-hq:mainfrom
Conversation
clarified that port 443 is used with MatrixRTC Revised traefik-config.yaml instructions as the previous file content was not working
|
|
AndyQuantonium
changed the title
README.md
Outdated
| For this simple setup you need to open the following ports: | ||
| - TCP 80: This port will be used for the HTTP connections of all services, which will redirect to the HTTPS connection. | ||
| - TCP 443: This port will be used for the HTTPS connections of all services. | ||
| - TCP 443: This port will be used for the HTTPS connections of all services. This port is also used by the Matrix RTC Backend for authentication over HTTPS. |
There was a problem hiding this comment.
It feels a bit odd to clarify it only for Matrix RTC Backend here. What was the source of confusion in the first place?
There was a problem hiding this comment.
The source of confusion about the port was what the domains would point to. In my setup I configured k3s to run alongside an existing traefik docker container. I thought that there would be no traffic on the mRTC domain on https, so I didn't configure traefik to reverse proxy connections under the domain, and relied on port forwarding on the host to route the mRTC ports. After finding out via the browser console that http requests are sent to the mRTC domain to authenticate, I updated traefik to handle the additional domain.
In a more advanced setup, it's possible to host the mRTC backend on a different machine, which would mean the domain would route to a different IP. As is, the documentation may lead someone to expose only ports 30881 and 30882 on the other machine, when at least port 443 is also needed.
Co-authored-by: Gaël Goinvic <97093369+gaelgatelement@users.noreply.github.com>
| service: | ||
| spec: | ||
| externalIPs: | ||
| - `<external IP returned by the command above>` |
There was a problem hiding this comment.
Is that really not required ? 🤔
There was a problem hiding this comment.
Here's the config in my server:
~# cat /var/lib/rancher/k3s/server/manifests/traefik-config.yaml
apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
name: traefik
namespace: kube-system
spec:
valuesContent: |-
ports:
web:
exposedPort: 8888
websecure:
exposedPort: 4430
Like with issue #1060 I was getting the issue where the port wouldn't change despite the file being present. I tried different things, what I know is this config I have works. Though one thing in peculiar, the external IP traefik's service is on is the external IP to the server (ideally I would want this set manually to an internal IP).
There was a problem hiding this comment.
I tried without setting an external IP and it would not bind here AFAICT. That's a bit surprising.
I agree that it would be great to make k3s traefik to bind on alternatively on a local IP. If you are able to document it that would be a very valuable contribution!
3 participants
Clarified that port 443 is used with MatrixRTC. I ran into an issue with video chat not working, due to the certificate for the mRTC domain missing. I was under the impression that the mRTC domain was only used for ports 30881 and 30882, however it handles HTTPS requests as well.
Revised traefik-config.yaml instructions as the previous file content was not working (related to #1060). This is identical to the file in my config, which has updated the ports traefik was listening on appropriately. I am not sure if this is the definitive fix. This is an issue with k3s which I found reported elsewhere (though I cannot find the issue I saw this in currently).
Also changed step 3 with
kubectl apply ...which directly applies the file, rather than assuming k3s will update automatically.