8000 Failed to fetch signing keys - No federation possible · Issue #736 · girlbossceo/conduwuit · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
This repository was archived by the owner on Apr 11, 2025. It is now read-only.

Failed to fetch signing keys - No federation possible #736

Open
Vibeshibe opened this issue Apr 8, 2025 · 1 comment
Open

Failed to fetch signing keys - No federation possible #736

Vibeshibe opened this issue Apr 8, 2025 · 1 comment

Comments

@Vibeshibe
Copy link

Fresh install, according to documentation. .well-known JSON hosted on main website shibabox.eu with redirect to conduwuit instance at chat.shibabox.eu. Using Traefik as a reverse proxy.

Error:
WARN conduwuit_api::router::auth: Failed to fetch signing keys: Failed to fetch federation signing-key key_id="key here" origin="federation instance here"

My docker-compose.yml:

services:
  homeserver:
    ### If you already built the conduduwit image with 'docker build' or want to use the Docker Hub image,
    ### then you are ready to go.
    image: girlbossceo/conduwuit:latest
    restart: unless-stopped
    volumes:
      #- ./data/var/lib/conduwuit:/var/lib/conduwuit
      #- ./data/etc:/etc
     - db:/var/lib/conduwuit
    networks:
      - proxy
    environment:
      CONDUWUIT_SERVER_NAME: 'shibabox.eu'
      CONDUWUIT_DATABASE_PATH: /var/lib/conduwuit
      CONDUWUIT_PORT: 6167
      CONDUWUIT_MAX_REQUEST_SIZE: 60000000
      CONDUWUIT_ALLOW_REGISTRATION: 'true'
      CONDUWUIT_REGISTRATION_TOKEN: '[EXPUNGED]'
      #CONDUWUIT_YES_I_AM_VERY_VERY_SURE_I_WANT_AN_OPEN_REGISTRATION_SERVER_PRONE_TO_ABUSE: 'true'
      CONDUWUIT_ALLOW_FEDERATION: 'true'
      CONDUWUIT_ALLOW_CHECK_FOR_UPDATES: 'true'
      CONDUWUIT_TRUSTED_SERVERS: '["matrix.org", "phenjara.de", "puppygock.gay"]'
      #CONDUWUIT_LOG: warn,state_res=warn
      CONDUWUIT_ADDRESS: 0.0.0.0
      #CONDUWUIT_CONFIG: '/etc/conduwuit.toml'

      # We need some way to serve the client and server .well-known json. The simplest way is via the CONDUWUIT_WELL_KNOWN
      # variable / config option, there are multiple ways to do this, e.g. in the conduwuit.toml file, and in a seperate
      # see the override file for more information about delegation
      CONDUWUIT_WELL_KNOWN: |
        {
         client=https://chat.shibabox.eu,
         server=chat.shibabox.eu:443
        }
    #cpuset: "0-4" # Uncomment to limit to specific CPU cores
    ulimits: # conduwuit uses quite a few file descriptors, and on some systems it defaults to 1024, so you can tell docker to increase it
      nofile:
        soft: 1048567
        hard: 1048567

    ### Uncomment if you want to use your own Element-Web App.
    ### Note: You need to provide a config.json for Element and you also need a second
    ###       Domain or Subdomain for the communication between Element and conduwuit
    ### Config-Docs: https://github.com/vector-im/element-web/blob/develop/docs/config.md
    # element-web:
    #     image: vectorim/element-web:latest
    #     restart: unless-stopped
    #     volumes:
    #         - ./element_config.json:/app/config.json
    #     networks:
    #         - proxy
    #     depends_on:
    #         - homeserver

volumes:
  db:

networks:
  # This is the network Traefik listens to, if your network has a different
  # name, don't forget to change it here and in the docker-compose.override.yml
  proxy:
    external: true

My docker-compose-override.yml:


services:
  homeserver:
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=proxy"  # Change this to the name of your Traefik docker proxy network

      - "traefik.http.routers.to-conduwuit.rule=Host(`chat.shibabox.eu`)"  # Change to the address on which conduwuit is hosted
      - "traefik.http.routers.to-conduwuit.tls=true"
      - "traefik.http.routers.to-conduwuit.tls.certresolver=letsencrypt"
      - "traefik.http.routers.to-conduwuit.middlewares=cors-headers@docker"
      - "traefik.http.services.to_conduwuit.loadbalancer.server.port=6167"

      - "traefik.http.middlewares.cors-headers.headers.accessControlAllowOriginList=*"
      - "traefik.http.middlewares.cors-headers.headers.accessControlAllowHeaders=Origin, X-Requested-With, Content-Type, Accept, Authorization"
      - "traefik.http.middlewares.cors-headers.headers.accessControlAllowMethods=GET, POST, PUT, DELETE, OPTIONS"
@idanoo
Copy link
idanoo commented Apr 11, 2025
edited
Loading

The only difference I can see comparing to my instance, is the content-type response headers (on shibabox.eu main website) aren't set to application/json which could be breaking it

➜  ~ curl  https://shibabox.eu/.well-known/matrix/server
{"m.server":"chat.shibabox.eu:443"}%
➜  ~ curl https://deadnet.nz/.well-known/matrix/server
{"m.server":"chat.deadnet.nz:443"}%

➜  ~ curl -I https://shibabox.eu/.well-known/matrix/server
content-type: application/octet-stream
➜  ~ curl -I https://deadnet.nz/.well-known/matrix/server
content-type: application/json

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@idanoo @Vibeshibe
0