Service returns 404 for .well-known/matrix/client despite matching issuer #5514
Description
Describe the bug
In a podman-compose container, the service always returns 404 for .well-known/matrix/client.
The problem is reported by mas-cli doctor (⚠ Matrix client well-known replied with 404 Not Found, expected 2xx.), but the configuration appears to be correct.
Relevant part of config.yaml:
http:
listeners:
- name: web
resources:
- name: discovery
- name: human
- name: oauth
- name: compat
- name: graphql
- name: assets
binds:
- address: '[::]:8080'
proxy_protocol: false
- name: internal
resources:
- name: health
binds:
- address: '[::]:8081'
proxy_protocol: false
trusted_proxies:
- 192.168.0.0/16
- 172.16.0.0/12
- 10.0.0.0/10
- 127.0.0.1/8
- fd00::/8
- ::1/128
public_base: https://MY.DOMAIN/
issuer: https://MY.DOMAIN/
matrix:
kind: synapse
homeserver: 'MY.DOMAIN'
secret_file: /secret.txt
endpoint: http://synapse:8008/
The homeserver-compose.yaml:
server_name: "MY.DOMAIN"
...
matrix_authentication_service:
enabled: true
endpoint: http://matrix-auth:8080/
secret_path: /secret.txt
And the relevant parts of the compose file:
synapse:
image: docker.io/matrixdotorg/synapse:v1.147.0
# Since synapse does not retry to connect to the database, restart upon
# failure
restart: unless-stopped
# See the readme for a full documentation of the environment settings
# NOTE: You must edit homeserver.yaml to use postgres, it defaults to sqlite
environment:
- SYNAPSE_CONFIG_PATH=/data/homeserver-compose.yaml
volumes:
- "./synapse/data:/data"
# Mount the secret for the auth service
- "./matrix-auth/secret.txt:/secret.txt:ro"
depends_on:
- db
db:
image: docker.io/postgres:15-alpine
...
matrix-auth:
image: ghcr.io/element-hq/matrix-authentication-service@sha256:f4ef88a5dc5033a0b4869fceb10c198f0e5a8765c0e4a5abc42490be18d2e96c
restart: unless-stopped
volumes:
- ./matrix-auth/config.yaml:/config.yaml
- ./matrix-auth/secret.txt:/secret.txt:ro
depends_on:
- db
- synapse
To Reproduce
Steps to reproduce the behavior:
podman-compose up -dpodman exec -it server_synapse_1 curl -v -H "Host: MY.DOMAIN" -H "X-Forwarded-Proto: https" http://matrix-auth:8080/.well-known/matrix/client- Alternatively,
podman exec server_matrix-auth_1 mas-cli doctor - See 404 error instead of JSON
Expected behavior
JSON instead of 404. The logs just show WARN http.server.response GET-789 - "GET /.well-known/matrix/client HTTP/1.1" 404 Not Found "curl/8.14.1" [polls: 0, cpu: 0.0ms, elapsed: 0.5ms] which is not particularly helpful in diagnosing why the server returns 404.
Note that this is behind a caddy reverse-proxy, but AFAIK that shouldn't affect the curl command with the hostname and forwarded-proto set since we're sending it directly to the container.