Matrix Ansible Playbook - Fronting Integrated Reverse Proxy with Boring Proxy

I’m trying to configure Boring Proxy to self host my Ansible/Matrix server in the hope of shutting down the expensive Digital Ocean VPS and hosting the playbook on a computer in my local office.

I purchased a separate IBM M900 to run in my office as the “new” Ansible/Matrix server, it’s got a 500GB SSD so I can shut down the Digital Ocean VPS.

So far I’ve done some testing by following the Migration guide here, it all seems to be working:

a. Adjust permissions for /matrix to run as local user
b. rsync the entire /matrix folder from my Digital Ocean VPS
c. Adjust permissions for /matrix as matrix:matrix
d. Run the playbook (setup-all, start)

All of the above steps seem to be working fine (the playbook runs & finishes, no errors).

(Editing to get around hidden post / flagged as spam)

(It wouldn’t let me post my whole thread as one topic because I had more than 2 links, so here’s a reply with the rest)

The part that I’m looking for guidance with is is configuring the playbook to listen on the same port that I use in the Boring Proxy tunnels.

And actually updating my DNS, hopefully with minimal downtime.

It looks like this is the overall guide: fronting integrated reverse proxy

However, based on my experience setting up the Matrix server manually using Docker Compose, I’m going to need to run Matrix Federation over port 443 because I won’t be able to create a separate Boring Proxy tunnel for port 8448. I’m THINK I need to update this configuration as follows:

  - name: matrix-federation
    port: 443
    host_bind_port: ''
    config: {}

Then to actually deploy this, I’m 95% confident this will work, hopefully someone can point me in the right direction:

a. Final Sync:

sudo chown -R nate:nate /matrix
rsync -avz -e "ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" --progress root@c2matrix:/matrix /
sudo chown -R matrix:matrix /matrix

b. DNS Change: Update matrix-dot A record to point at my Boring Proxy VPS

c. Create a new tunnel in Boring Proxy that maps “matrix-dot” to port 81 (I don’t care about Jitsi, Element, or other subdomains)

d. Update /.well-known/matrix/server (on web server) to point at port 443 instead of 8448

m.server": "

e. Run Playbook:

ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start

f. Set TTL back to 14400

(Editing to get around hidden post / flagged as spam)

Hey @c2oxide, sorry for the super late response. Busy summer so far!

Unfortunately I’m not really familiar with Ansible or Matrix. Only dabbled with each. One thing to be aware of is that boringproxy multiplexes incoming requests over a single TCP connection (through SSH) for each tunnel. Throughput is generally good, but in use cases with many incoming connections, you may end up with head-of-line blocking issues. See this post.

You might have better luck with a more advanced tool like frp which supports tunneling over QUIC which would sidestep this. Or if you don’t mind using hosted services, Cloudflare Tunnel is really good and free and also supports QUIC.

Hi Anders, thanks for your pointers, I was able to finally get this working.

First step is to configure the ansible playbook to use this, instead of Nginx or Trafik:
matrix_playbook_reverse_proxy_type: other-on-another-host

Normally the related file is this:

And includes:
m.server": "

This approach works with a standard Matrix server (synapse) using Docker Compose but this Ansible Playbook took extra setup:

For me I had to map to port 8008 in my Ansible playbook.

Then I added another subdomain:

Well known went like this instead:
m.server": "

This matrix-fed subdomain got mapped to port 8048 in my Ansible playbook.

1 Like

Glad you got it working! And appreciate you reporting back what you learned which will hopefully help others in the future.