Server Notices Setup

[sm2x]

Is there any necessary configuration on the side of the Matrix-Synapse server to utilize Server Notices of Synapse-Admin?

[dklimpel]

You have to enable this:
https://matrix-org.github.io/synapse/latest/server_notices.html

[AnonymousWebHacker]

Supposedly in the GUi there should be an option for the server notices?

[dklimpel]

You can send Server notices to users. Therefore is a an admin API.
But you can not configure Server notices. This you have to do in the homeserver.yaml of Synapse.

[sm2x]

assuming this is enabled on homeserver.yaml side already, no further settings on synapse-admin is necessary?

[dklimpel]

There are no stettings in Synapse Admin.

[AnonymousWebHacker]

assuming this is enabled on homeserver.yaml side already, no further settings on synapse-admin is necessary?

Just enable it on the server side (homeserver.yaml) and using the synapse API, you can use this option, the other variant is using synapse-admin , the web gives you the option to send Server Notices to a specific user.

Bad at the moment, they are only allowed to send msg to a single user, it is not a general msg for the entire server

[sm2x]

assuming this is enabled on homeserver.yaml side already, no further settings on synapse-admin is necessary?

Just enable it on the server side (homeserver.yaml) and using the synapse API, you can use this option, the other variant is using synapse-admin , the web gives you the option to send Server Notices to a specific user.

Bad at the moment, they are only allowed to send msg to a single user, it is not a general msg for the entire server

you can only send msg to a single user??? is this true even if you select multiple users? it is not "Server Notice" if that so

[AnonymousWebHacker]

true

[YourSandwich]

Somehow does not work for me :(


Using Custom Reverse Proxy Apache config since the provided by matrix does not work at all for /healt /_synapse/admin etc
Do you think something is wrong with my conf ->

<VirtualHost *:443>
    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP

    ServerName ....
    ServerAdmin ....
    
    RequestHeader set X-Forwarded-Proto "https"
  
    ProxyRequests Off
    ProxyVia Off
    
    <Proxy *>
          Require all granted
    </Proxy>
  
    ProxyPass / http://127.0.0.1:8008/ nocanon
    ProxyPassReverse / http://127.0.0.1:8008/#
    
    SSLCertificateFile .....fullchain.pem
    SSLCertificateKeyFile .....privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>

<VirtualHost *:8448>
    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP

    ServerName ....
    ServerAdmin ....
    
    RequestHeader set X-Forwarded-Proto "https"
  
    ProxyRequests Off
    ProxyVia Off
    
    <Proxy *>
          Require all granted
    </Proxy>
  
    ProxyPass / http://127.0.0.1:8008/ nocanon
    ProxyPassReverse / http://127.0.0.1:8008/#
    
    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile .....
    SSLCertificateKeyFile .....
</VirtualHost>

[dklimpel]

Is there a reason for the # at the and of line

ProxyPassReverse / http://127.0.0.1:8008/#

Synapse gives you an error 500. I would recommend to have a look at the Synapse homeserver.log file.

There is an example Apache config file: https://matrix-org.github.io/synapse/latest/reverse_proxy.html#apache - but without proxy pass for /_synapse/admin/

[YourSandwich]

@dklimpel Thank you for your answer, i think i did the # to forward also all futrue links to proxy but im not sure anymore.
No i understand why the offiicial Apache config did not work for me, do you have maybe an example config that should fully work with synapse-admin?

[YourSandwich]

The Log i got while sending the notice.

[17/Mar/2022:18:35:20 +0100] "OPTIONS /_synapse/admin/v1/send_server_notice HTTP/1.1" 204 - "http://192.168.193.2/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.74 Safari/537.36"
[17/Mar/2022:18:35:20 +0100] "POST /_synapse/admin/v1/send_server_notice HTTP/1.1" 500 55 "http://192.168.193.2/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.74 Safari/537.36"

[awesome-michael]

Unfortunately this is also just the generic error message for an "internal server error". You may have to activate more verbose logging or debug settings to get a proper error message.

[YourSandwich]

Unfortunately this is also just the generic error message for an "internal server error". You may have to activate more verbose logging or debug settings to get a proper error message.

Thank you for your answer! Where can i set it? in the homeserver.yaml? I dont see any logging parameters beside the logging file path. :/

[awesome-michael]

I think this has to be configured in your reverse proxy. In your case Apache

[YourSandwich]

I think this has to be configured in your reverse proxy. In your case Apache

Thank you,
i found something about "SSL library error 1 in handshake" but i dont think this information is very usefull, this is the output with LogLevel debug ->

[Tue Apr 05 21:04:24.395905 2022] [authz_core:debug] [pid 168869] mod_authz_core.c(815): [client xxx.xxx.xxx.xxx:41096] AH01626: authorization result of Require all granted: granted, referer: http://192.168.193.2/
[Tue Apr 05 21:04:24.395909 2022] [authz_core:debug] [pid 168869] mod_authz_core.c(815): [client xxx.xxx.xxx.xxx:41096] AH01626: authorization result of <RequireAny>: granted, referer: http://192.168.193.2/
[Tue Apr 05 21:04:24.395920 2022] [proxy:debug] [pid 168869] mod_proxy.c(1503): [client 62.178.171.172:41096] AH01143: Running scheme http handler (attempt 0), referer: http://192.168.193.2/
[Tue Apr 05 21:04:24.395925 2022] [proxy:debug] [pid 168869] proxy_util.c(2532): AH00942: http: has acquired connection for (127.0.0.1)
[Tue Apr 05 21:04:24.395929 2022] [proxy:debug] [pid 168869] proxy_util.c(2588): [client xxx.xxx.xxx.xxx:41096] AH00944: connecting http://127.0.0.1:8008/_synapse/admin/v1/send_server_notice to 127.0.0.1:8008, referer: http://192.168.193.2/
[Tue Apr 05 21:04:24.395933 2022] [proxy:debug] [pid 168869] proxy_util.c(2811): [client xxx.xxx.xxx.xxx:41096] AH00947: connected /_synapse/admin/v1/send_server_notice to 127.0.0.1:8008, referer: http://192.168.193.2/
[Tue Apr 05 21:04:24.427673 2022] [proxy:debug] [pid 168869] proxy_util.c(2547): AH00943: http: has released connection for (127.0.0.1)
[Tue Apr 05 21:04:24.427765 2022] [ssl:debug] [pid 168869] ssl_engine_io.c(1147): [client xxx.xxx.xxx.xxx:41096] AH02001: Connection closed to child 3 with standard shutdown (server matrix.archgang.com:443)
[Tue Apr 05 21:04:24.484213 2022] [ssl:debug] [pid 168863] ssl_engine_io.c(1147): [client xxx.xxx.xxx.xxx:39368] AH02001: Connection closed to child 11 with standard shutdown (server archgang.com:443)
[Tue Apr 05 21:04:24.653401 2022] [ssl:info] [pid 168836] [client ::1:45276] AH01964: Connection to child 18 established (server archgang.com:443)
[Tue Apr 05 21:04:24.654089 2022] [ssl:info] [pid 168870] (os 0x03f25068)Unrecognized resolver error: [client ::1:45276] AH02008: SSL library error 1 in handshake (server archgang.com:443)
[Tue Apr 05 21:04:24.654129 2022] [ssl:info] [pid 168870] SSL Library Error: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
[Tue Apr 05 21:04:24.654136 2022] [ssl:info] [pid 168870] [client ::1:45276] AH01998: Connection closed to child 18 with abortive shutdown (server archgang.com:443)
[Tue Apr 05 21:04:25.507676 2022] [ssl:info] [pid 168681] [client xxx.xxx.xxx.xxx:35122] AH01964: Connection to child 10 established (server archgang.com:443)
[Tue Apr 05 21:04:25.508393 2022] [ssl:debug] [pid 168871] ssl_engine_kernel.c(2395): [client xxx.xxx.xxx.xxx:35122] AH02043: SSL virtual host for servername archgang.com found
[Tue Apr 05 21:04:25.816913 2022] [ssl:debug] [pid 168871] ssl_engine_kernel.c(2254): [client xxx.xxx.xxx.xxx:35122] AH02041: Protocol: TLSv1.3, Cipher: TLS_AES_256_GCM_SHA384 (256/256 bits)
[Tue Apr 05 21:04:25.817133 2022] [ssl:debug] [pid 168871] ssl_engine_kernel.c(415): [client xxx.xxx.xxx.xxx:35122] AH02034: Initial (No.1) HTTPS request received for child 10 (server archgang.com:443)
[Tue Apr 05 21:04:25.817494 2022] [authz_core:debug] [pid 168871] mod_authz_core.c(815): [client xxx.xxx.xxx.xxx:35122] AH01626: authorization result of Require all granted: granted
[Tue Apr 05 21:04:25.817504 2022] [authz_core:debug] [pid 168871] mod_authz_core.c(815): [client xxx.xxx.xxx.xxx:35122] AH01626: authorization result of <RequireAny>: granted
[Tue Apr 05 21:04:25.817534 2022] [proxy:debug] [pid 168871] mod_proxy.c(1503): [client xxx.xxx.xxx.xxx:35122] AH01143: Running scheme http handler (attempt 0)
[Tue Apr 05 21:04:25.817546 2022] [proxy:debug] [pid 168871] proxy_util.c(2532): AH00942: http: has acquired connection for (127.0.0.1)
[Tue Apr 05 21:04:25.817553 2022] [proxy:debug] [pid 168871] proxy_util.c(2588): [client xxx.xxx.xxx.xxx:35122] AH00944: connecting http://127.0.0.1:8008/_matrix/federation/v1/send/1649057099768 to 127.0.0.1:8008
[Tue Apr 05 21:04:25.817602 2022] [proxy:debug] [pid 168871] proxy_util.c(2811): [client xxx.xxx.xxx.xxx:35122] AH00947: connected /_matrix/federation/v1/send/1649057099768 to 127.0.0.1:8008
[Tue Apr 05 21:04:25.817699 2022] [proxy:debug] [pid 168871] proxy_util.c(3277): AH02824: http: connection established with 127.0.0.1:8008 (127.0.0.1)
[Tue Apr 05 21:04:25.817718 2022] [proxy:debug] [pid 168871] proxy_util.c(3463): AH00962: http: connection complete to 127.0.0.1:8008 (127.0.0.1)
[Tue Apr 05 21:04:25.829149 2022] [proxy:debug] [pid 168665] proxy_util.c(2547): AH00943: http: has released connection for (127.0.0.1)
[Tue Apr 05 21:04:25.829594 2022] [proxy:debug] [pid 168677] proxy_util.c(2547): AH00943: http: has released connection for (127.0.0.1)
[Tue Apr 05 21:04:25.832094 2022] [proxy:debug] [pid 168871] proxy_util.c(2547): AH00943: http: has released connection for (127.0.0.1)
[Tue Apr 05 21:04:25.840013 2022] [ssl:debug] [pid 168677] ssl_engine_kernel.c(415): [client xxx.xxx.xxx.xxx:59840] AH02034: Subsequent (No.12) HTTPS request received for child 5 (server matrix.archgang.com:443)
[Tue Apr 05 21:04:25.840041 2022] [authz_core:debug] [pid 168677] mod_authz_core.c(815): [client xxx.xxx.xxx.xxx:59840] AH01626: authorization result of Require all granted: granted
[Tue Apr 05 21:04:25.840047 2022] [authz_core:debug] [pid 168677] mod_authz_core.c(815): [client xxx.xxx.xxx.xxx:59840] AH01626: authorization result of <RequireAny>: granted
[Tue Apr 05 21:04:25.840078 2022] [proxy:debug] [pid 168677] mod_proxy.c(1503): [client xxx.xxx.xxx.xxx:59840] AH01143: Running scheme http handler (attempt 0)
[Tue Apr 05 21:04:25.840085 2022] [proxy:debug] [pid 168677] proxy_util.c(2532): AH00942: http: has acquired connection for (127.0.0.1)
[Tue Apr 05 21:04:25.840091 2022] [proxy:debug] [pid 168677] proxy_util.c(2588): [client xxx.xxx.xxx.xxx:59840] AH00944: connecting http://127.0.0.1:8008/_matrix/client/r0/sync?filter=0&timeout=30000&since=s28507_478656_5359_50095_18460_48_3639_116010_3 to 127.0.0.1:8008

[awesome-michael]

The SSL error might be connected with your problem. You should check for this error "SSL Library Error: error:1408F10B:SSL routines:ssl3_get_record:wrong version number". But this is not caused by synapse-admin, rather some configuration error in your Apache or SSL settings.
I can't spot anything else in your logs.

[YourSandwich]

The SSL error might be connected with your problem. You should check for this error "SSL Library Error: error:1408F10B:SSL routines:ssl3_get_record:wrong version number". But this is not caused by synapse-admin, rather some configuration error in your Apache or SSL settings. I can't spot anything else in your logs.

Thank you I will check, if i find a solution then i will post here. It also looks for me like a non synapse-admin issue.

[YourSandwich]

Hello, sorry for the very long abstenc. I finally learnt how to use the api. It is not an Proxy issue apperently. I am running the following API Request directly on the server

curl -XPOST "http://10.0.0.14:8008/_synapse/admin/v1/send_server_notice" -H "Authorization: Bearer TOKEN" -H 'Content-Type: application/json' -d ' {"user_id": "@sandwich:archgang.com","content":{"msgtype": "m.text","body": "Test"}} '

This returns me the following error in the homeserver.log:

2022-08-18 23:53:26,148 - synapse.server_notices.server_notices_manager - 160 - INFO - POST-179166 - Creating server notices room for @sandwich:archgang.com
2022-08-18 23:53:26,189 - synapse.http.server - 183 - ERROR - POST-179166 - Failed handle request via 'SendServerNoticeServlet': <XForwardedForRequest at 0x7fcad4760130 method='POST' uri='/_synapse/admin/v1/send_server_notice' clientproto='HTTP/1.1' site='8008'>
Traceback (most recent call last):
  File "/usr/lib/python3.10/site-packages/twisted/internet/defer.py", line 1661, in _inlineCallbacks
    result = current_context.run(gen.send, result)
StopIteration

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.10/site-packages/twisted/internet/defer.py", line 1661, in _inlineCallbacks
    result = current_context.run(gen.send, result)
StopIteration: <FrozenEventV3 event_id=$8FGPYbxJd7fmWN5kG-lcTTEJ8ZtnAGW1RYNsiTBdbEo, type=m.room.create, state_key=, outlier=False>

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.10/site-packages/synapse/http/server.py", line 366, in _async_render_wrapper
    callback_return = await self._async_render(request)
  File "/usr/lib/python3.10/site-packages/synapse/http/server.py", line 572, in _async_render
    callback_return = await raw_callback_return
  File "/usr/lib/python3.10/site-packages/synapse/rest/admin/server_notice_servlet.py", line 99, in on_POST
    event = await self.server_notices_manager.send_notice(
  File "/usr/lib/python3.10/site-packages/synapse/server_notices/server_notices_manager.py", line 68, in send_notice
    room_id = await self.get_or_create_notice_room_for_user(user_id)
  File "/usr/lib/python3.10/site-packages/synapse/server_notices/server_notices_manager.py", line 175, in get_or_create_notice_room_for_user
    info, _ = await self._room_creation_handler.create_room(
  File "/usr/lib/python3.10/site-packages/synapse/handlers/room.py", line 896, in create_room
    ) = await self._send_events_for_new_room(
  File "/usr/lib/python3.10/site-packages/synapse/handlers/room.py", line 1097, in _send_events_for_new_room
    member_event_id, _ = await self.room_member_handler.update_membership(
  File "/usr/lib/python3.10/site-packages/synapse/handlers/room_member.py", line 567, in update_membership
    result = await self.update_membership_locked(
  File "/usr/lib/python3.10/site-packages/synapse/handlers/room_member.py", line 690, in update_membership_locked
    if not await self.profile_handler.check_avatar_size_and_mime_type(
  File "/usr/lib/python3.10/site-packages/twisted/internet/defer.py", line 1661, in _inlineCallbacks
    result = current_context.run(gen.send, result)
  File "/usr/lib/python3.10/site-packages/synapse/handlers/profile.py", line 310, in check_avatar_size_and_mime_type
    server_name, _, media_id = parse_and_validate_mxc_uri(mxc)
  File "/usr/lib/python3.10/site-packages/synapse/util/stringutils.py", line 186, in parse_and_validate_mxc_uri
    m = MXC_REGEX.match(mxc)
TypeError: expected string or bytes-like object

I am running ArchLinux, could it be that the Python version is to new or something?
My server notice config still looks like this ->

Thank you for any help!

[dklimpel]

IMO you have found a bug in Synapse.
Introduced with: matrix-org/synapse#11846

You do not set system_mxid_avatar_url. The default is None.
https://github.com/matrix-org/synapse/blob/2c42673a9b8c708a73f49575673c85a32ea32b82/synapse/config/server_notices.py#L62

This is set to the profile for creating the room:
https://github.com/matrix-org/synapse/blob/2c42673a9b8c708a73f49575673c85a32ea32b82/synapse/server_notices/server_notices_manager.py#L166-L172

The profile is validated there:
https://github.com/matrix-org/synapse/blob/2c42673a9b8c708a73f49575673c85a32ea32b82/synapse/handlers/room_member.py#L692-L696

if "avatar_url" in content: is True because content["avatar_url"] is set and None

The function check_avatar_size_and_mime_type requires a string and not None.
https://github.com/matrix-org/synapse/blob/2b5ab8e3674b7d6003a5f17252c7933c2d6a381a/synapse/handlers/profile.py#L291

A workaround is to set system_mxid_avatar_url: "" (empty string)

An empty string is valid:
https://github.com/matrix-org/synapse/blob/2b5ab8e3674b7d6003a5f17252c7933c2d6a381a/synapse/handlers/profile.py#L304-L305

[dklimpel]

I have created a PR matrix-org/synapse#13566

[YourSandwich]

Thank you! I can confirm, setting system_mxid_avatar_url as "" made a working workaround.

[dklimpel]

This is fixed with Synapse 1.66.0.

[YourSandwich]

Thank for the help, so this issue was never related to synapse-admin.
I am glad that it is resolved now and we can close the issue.