Question Matrix Synapse

Currently reading
Question Matrix Synapse

21
6
Hey everybody

Does anybody installed a matrix snapyse docker container on his system? And get it perfectly running with the external database?

Right now I got it running with the internal database. But this is sadly no perfect solution.

Happy new year and thanks in advance!
 

Rusty

Moderator
NAS Support
3,209
958
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Looking at it you just need to make an alias towards your postgres container and use 2 variables in matrix container

POSTGRES_USER=synapsePOSTGRES_PASSWORD
 
Seems like the entrypoint script should generate the correct config if the env variable POSTGRES_PASSWORD is set.
The template uses POSTGRES_USER (default: synapse), POSTGRES_DB (default: synapse), POSTGRES_HOST (default: db) and POSTGRES_PORT (default: 5432).

If this doesn't help, you can still modify the generated config file. The expected structure looks like this:

Code:
database:
  name: "psycopg2"
  args:
    user: "{{ POSTGRES_USER or "synapse" }}"
    password: "{{ POSTGRES_PASSWORD }}"
    database: "{{ POSTGRES_DB or "synapse" }}"
    host: "{{ POSTGRES_HOST or "db" }}"
    port: "{{ POSTGRES_PORT or "5432" }}"
    cp_min: 5
    cp_max: 10

Double brackets are jinja2 placeholders, which will be replaced by value of the environment variable or the default.
 
Indeed the variables are used. I created a docker-compose.yml file that can be easily customized (be sure to replace
${SYNAPSE_APP_FQDN} with a valid publicly accessible domain name):
Code:
version: '2.2'

services:

  app:
    image: matrixdotorg/synapse:latest
    networks:
      private: {}
    ports:
      - 8008:8008
    environment:
      SYNAPSE_SERVER_NAME: '${SYNAPSE_APP_FQDN}'
      SYNAPSE_REPORT_STATS: 'no'
      SYNAPSE_CONFIG_DIR: /data
      SYNAPSE_DATA_DIR: /data
      POSTGRES_USER: synapse
      POSTGRES_PASSWORD: synapse
      POSTGRES_HOST: db
      POSTGRES_DB: synapse
      TZ: 'Europe/Berlin'
      SYNAPSE_NO_TLS: 'true'
    volumes:
      - /volume1/docker/synapse/app/data:/data

  db:
    image: postgres:9.6-alpine
    networks:
      private:
    stop_grace_period: 1m30s
    environment:
      PGDATA: /var/lib/postgresql/data/pgdata
      POSTGRES_USER: synapse
      POSTGRES_PASSWORD: synapse
      POSTGRES_DB: synapse
    volumes:
      - /volume1/docker/synapse/db/data:/var/lib/postgresql/data

networks:
  private: {}

Use the DS reverse proxy to terminate the TLS traffic and you are good to go.
Though, I am totaly unclear about HOW matrix is ment to be used, for instance how users are added.
 
21
6
Thanks for the answer!
Though, I am totaly unclear about HOW matrix is ment to be used, for instance how users are added.
SYNAPSE_ENABLE_REGISTRATION=1 then you can register via riot.

I used your configuation from the configuration. Thanks for the clarification. I had to use a different port for the postgres container. The given port is blocked by another ?service?. Further more I added the UID and GID. Are they necessary?
Sadly I get the same error like before with the database.
Attached is my configuration and the error log.
 

Attachments

  • Bildschirmfoto 2020-01-03 um 22.21.43.png
    Bildschirmfoto 2020-01-03 um 22.21.43.png
    265.2 KB · Views: 138
  • Bildschirmfoto 2020-01-03 um 22.22.04.png
    Bildschirmfoto 2020-01-03 um 22.22.04.png
    289.3 KB · Views: 140
  • Bildschirmfoto 2020-01-03 um 22.22.14.png
    Bildschirmfoto 2020-01-03 um 22.22.14.png
    287.8 KB · Views: 125
  • Bildschirmfoto 2020-01-03 um 22.27.55.png
    Bildschirmfoto 2020-01-03 um 22.27.55.png
    299.1 KB · Views: 132
Last edited:
Welcome! And thanks for sharing the required setting to enable registration :)


had to use a different port for the postgres container. The given port is blocked by another ?service?.
I did not map a host port to the container port (as in publish the port). A container port is always private to the container and will never lead to collisions with anything outside the container.. unless you use `network_mode: host`.

For bridged networks, only published/mapped host ports can suffer from collision. Seems this is whay you experience..

Further more I added the UID and GID. Are they necessary?
This pretty much depends on whether the image starts as root and executes the main process with a restricted user OR directly start as a restricted user. If the image provides a functionality to pass in UID and GID, it is generaly a good idea to identify the UID:GID of the folder, you map as a volume, and use provide them to the container, in order to make the container execute the main process using the UID:GID. Otherweise you might experience permission problems while reading/writting data into the folder. Judging by your screenshots, you already use them :)

The postgres container will only create the user and database, if the database folder is empty. If existing data from a previous attempt exists, it will skip the database creation... Make sure it is empty when started the first time.

Screenshots sillt hide aspects, especially when it commes to container to container interaction. Would you mind sharing the exact docker-compose.yml you used to start everything?
 
21
6
I did not map a host port to the container port (as in publish the port). A container port is always private to the container and will never lead to collisions with anything outside the container.. unless you use `network_mode: host`.
Thanks for that. Didn't know that. Will also use this in the future.

The postgres container will only create the user and database, if the database folder is empty. If existing data from a previous attempt exists, it will skip the database creation... Make sure it is empty when started the first time.
Everytime I tried it, I cleared the postgres container too.

Screenshots sillt hide aspects, especially when it commes to container to container interaction. Would you mind sharing the exact docker-compose.yml you used to start everything?
I just used the link section to connect them. I used only the syno docker GUI for creating the containers.
I never used docker compose on the synology. Maybe I should give it a try.
 
if a private network is used, the default behavior is to register dns entries for service name, container name, host name and network alias (if defined), which can be used by other containers in the same private network to lookup and access other containers. If i remember correct, the default bridged network lacks this functionality and you need to use links instead. Personaly, I prefer to use a dedicated private network for containers that make up a solution.

The environment variable POSTGRES_HOST=db on the Synapse container is worth nothing, if the database container can not be looked up by this name. Can you share the link tab of the postgres container?
 
21
6
Hmm I don't set any Link in the postgres container. Just in the matrix container. Attached are the configuration.
Same error like above.
 

Attachments

  • Bildschirmfoto 2020-01-04 um 17.55.26.png
    Bildschirmfoto 2020-01-04 um 17.55.26.png
    262.9 KB · Views: 57
  • Bildschirmfoto 2020-01-04 um 17.55.29.png
    Bildschirmfoto 2020-01-04 um 17.55.29.png
    261.9 KB · Views: 59
  • Bildschirmfoto 2020-01-04 um 17.56.09.png
    Bildschirmfoto 2020-01-04 um 17.56.09.png
    29.2 KB · Views: 53
  • Bildschirmfoto 2020-01-04 um 17.56.14.png
    Bildschirmfoto 2020-01-04 um 17.56.14.png
    24.6 KB · Views: 47
  • Bildschirmfoto 2020-01-04 um 17.56.53.png
    Bildschirmfoto 2020-01-04 um 17.56.53.png
    58 KB · Views: 51
  • Bildschirmfoto 2020-01-04 um 17.57.15.png
    Bildschirmfoto 2020-01-04 um 17.57.15.png
    31 KB · Views: 54
Its roughly 3-4 years since I last used "link", as it is a depreciated fossil from the early days of Docker and was never ported over to the Docker Swarm Mode.

Seems I was mistaken how "links" work. They seem to be not the same as network aliases. My educated guess is that a link results in an entry in the containers /etc/hosts file and is used for lookup the linked alias. Can you open a terminal into the container and execute the command cat /etc/hosts and paste the output?

Anyway, from what I see in your screenshots the whole setup should work with the link declared on the Synapse container. if not: is is likely that you found another bug in Synologies messed up docker package.
 
21
6
Ok I skip to try the docker GUI to get things working.
I try to use docker compose directly...
Attached is the configuartion. Is it possible to set also a user to the postgres container? I got a permisson denied when i started it.
YAML:
version: '2.2'

services:

  app:
    image: matrixdotorg/synapse:latest
    networks:
      private: {}
    ports:
      - 8008:8008
    environment:
      SYNAPSE_SERVER_NAME: 'XXXX.com'
      SYNAPSE_REPORT_STATS: 'no'
      SYNAPSE_CONFIG_DIR: /data
      UID: 1031
      PID: 100
      SYNAPSE_DATA_DIR: /data
      SYNAPSE_ENABLE_REGISTRATION: '1'
      POSTGRES_USER: synapse
      POSTGRES_PASSWORD: synapse
      POSTGRES_HOST: db
      POSTGRES_DB: synapse
      TZ: 'Europe/Berlin'
      SYNAPSE_NO_TLS: 'true'
    volumes:
      - /volume1/docker/matrix:/data

  db:
    image: postgres:9.6-alpine
    networks:
      private:
    stop_grace_period: 1m30s
    environment:
      PGDATA: /var/lib/postgresql/data/pgdata
      POSTGRES_USER: synapse
      POSTGRES_PASSWORD: synapse
      POSTGRES_DB: synapse
    volumes:
      - /volume1/docker/matrix/db/data:/var/lib/postgresql/data

networks:
  private: {}
 
Last edited:
yes, you can. add user: {your_uid}:{your_gid}as a node underneath db: (sibling to "image:").
Indention has semantics in yaml files, make sure the level of indention is always correct and done using space. Tabs will break your y(a)ml file.

The postgres container is started as a restricted user. The "user" element replaces the UID:GID for the "default user" inside the container. Instead of just starting the main process as a restricted user, the whole container is started as a restricted.

Update:: are you sure about the volume host path for Synapse? The mounted path will include the whole database data as well. Is this realy what you want?
 
21
6
Grrr it does not work. I created a user for matrix and postgres. They both have access to the docker folder. Do they need an addtional permisson?
I got permisson denied (operation not permitted), when i started the containers...

YAML:
version: '2.2'

services:

  app:
    image: matrixdotorg/synapse:latest
    user: 1031:100
    networks:
      private: {}
    ports:
      - 8008:8008
    environment:
      SYNAPSE_SERVER_NAME: 'XXX'
      SYNAPSE_REPORT_STATS: 'no'
      SYNAPSE_CONFIG_DIR: /data
      SYNAPSE_DATA_DIR: /data
      SYNAPSE_ENABLE_REGISTRATION: '1'
      POSTGRES_USER: synapse
      POSTGRES_PASSWORD: synapse
      POSTGRES_HOST: db
      POSTGRES_DB: synapse
      TZ: 'Europe/Berlin'
      SYNAPSE_NO_TLS: 'true'
    volumes:
      - /volume1/docker/matrix:/data

  db:
    image: postgres:9.6-alpine
    user: 1035:100
    networks:
      private:
    stop_grace_period: 1m30s
    environment:
      PGDATA: /var/lib/postgresql/data/pgdata
      POSTGRES_USER: synapse
      POSTGRES_PASSWORD: synapse
      POSTGRES_DB: synapse
    volumes:
      - /volume1/docker/matrix/db/data:/var/lib/postgresql/data

networks:
  private: {}
 
Docker Containers have no idea about Synologies ACLs on the host. They only understand UID and GID.
Make sure the owner of the folder actualy is the UID and GID you use with the respective container.


Those volume declarations are not a good idea! You will want to make a subfolder for the app as well.

- /volume1/docker/matrix:/data
- /volume1/docker/matrix/db/data:/var/lib/postgresql/data

Then run following commands to fix the permission:
Code:
chmod 1031:100 -R /volume1/docker/matrix/app
chmod 1035:100 -R /volume1/docker/matrix/db

Even though the Postgres image is desinged to work with Docker's build in "user:" mapping, the Synapse image is not! It handles user mapping thru environment-variables and some magic in its entrypoint scripts. Please re-add UID and GID for Synapse again and remove "user:".
 
21
6
Code:
chmod1031:100 -R /volume1/docker/matrix/app
chmod 1035:100 -R /volume2/docker/matrix/db
Sadly the commands do not work. I use chown to set the permissions to the folders.
The synapse container works, but the postgres container does not work.
Code:
chmod: /var/run/postgresql: Operation not permitted
initdb: could not look up effective user ID 1035: user does not exist

When I look on the folder properties, it says the folder is owned by USER ID 1035.

Thanks for your patience...šŸ˜­
YAML:
version: '2.2'

services:

  app:
    image: matrixdotorg/synapse:latest
    networks:
      private: {}
    ports:
      - 8008:8008
    environment:
      SYNAPSE_SERVER_NAME: ''
      SYNAPSE_REPORT_STATS: 'no'
      SYNAPSE_CONFIG_DIR: /data
      SYNAPSE_DATA_DIR: /data
      UID: 1031
      GID: 100
      SYNAPSE_ENABLE_REGISTRATION: '1'
      POSTGRES_USER: synapse
      POSTGRES_PASSWORD: synapse
      POSTGRES_HOST: db
      POSTGRES_DB: synapse
      TZ: 'Europe/Berlin'
      SYNAPSE_NO_TLS: 'true'
    volumes:
      - /volume1/docker/matrix/app/data:/data

  db:
    image: postgres:9.6-alpine
    user: 1035:100
    networks:
      private:
    stop_grace_period: 1m30s
    environment:
      PGDATA: /var/lib/postgresql/data/pgdata
      POSTGRES_USER: synapse
      POSTGRES_PASSWORD: synapse
      POSTGRES_DB: synapse
    volumes:
      - /volume1/docker/matrix/db/data:/var/lib/postgresql/data

networks:
  private: {}
 
21
6
Finally... I got it working.
I removed the USER option in the postgres container. Set the complete permisson to the USER of the matrix container. Started both. Stopped the matrix container and waited until the postgres container was ready. Restarted the matrix container and then it worked!
Thank you very much one-eyed-king
 
You are right, I mixed it up: of course it is chown, not chmod.

Glad it worked at the end!

Side note: I am using the StorageOS volume plugin with my Swarm cluster. It presents a block device for each volume and maintains synchronized replicas of them on each of my swarm nodes. Instead of mounting a remote share to all nodes, it brings the volume to the node where the container is running ;) The plugin makes sense on a multi node setup, where a container can die any time and respawn on a different node...
 
2
0
NAS
DS718+
I almost got it worked, but synapse container log says:

Code:
2020-02-17 09:47:34,498 - twisted - 192 - ERROR - None - *******************************************************
2020-02-17 09:47:34,498 - twisted - 192 - ERROR - None -  Database is incorrectly configured:
2020-02-17 09:47:34,498 - twisted - 192 - ERROR - None - 
2020-02-17 09:47:34,498 - twisted - 192 - ERROR - None -      - 'COLLATE' is set to 'en_US.utf8'. Should be 'C'
2020-02-17 09:47:34,499 - twisted - 192 - ERROR - None -      - 'CTYPE' is set to 'en_US.utf8'. Should be 'C'
2020-02-17 09:47:34,499 - twisted - 192 - ERROR - None - 
2020-02-17 09:47:34,499 - twisted - 192 - ERROR - None -  See docs/postgres.md for more information.
2020-02-17 09:47:34,499 - twisted - 192 - ERROR - None - *******************************************************

Haven't found solution to correct this.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Similar threads

Similar threads

Top