Matrix synapse admin GUI or admin API

Hello everybody

I have Yunohost on a VPS hosted by OVH

To be able to use the synapse-admin GUI or the user admin-API need to make the following endpoint accessible

/_synapse/admin

how do i do that on the ngnix configuration ?

However an access to these endpoint grants the caller a lot of power. So I don’t want to expose it to the public internet. Does someone has an alternative.

Thank in advance.

So you would like to access it only if logged-in Yunohost SSO ?

Yes this is a great idea.
Because in both cases when usining the API or the Admin Gui you have to use the credentials of a user on matrix. And the user I use for that was created through the admin interface of the yunohost server.
How do I do that?

To test it on my side, what url should be tested ?
If I understand well, it should be accessible for instance at mymatrixsubdomain.maindomain.tdl/_synapse/admin/ ?
If it was only protected by SSO, it should be accessible once you are logged in Yunohost.
In my case it’s not, so maybe it’s a nginx issue indeed…

here is my ngnix conf for synapse

location /_matrix {
proxy_pass http://localhost:8008;
proxy_set_header X-Forwarded-For $remote_addr;
client_max_body_size 100M;
location /_matrix/cas_server.php {
alias /var/www/synapse/;
fastcgi_split_path_info ^(.+?.php)(/.*)$;
fastcgi_pass unix:/run/php7.3-fpm-synapse.sock;
include fastcgi_params;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME cas_server.php;
}
}

I think I have to add a location with /_synapse
But I am a noob on ngnix

ping @Josue, maybe you can have some clue here ?

When you installed the app, you should have chosen wether the app is public or private …

If you chose private but want to make it public, you should tweak the group/permissions, c.f. this doc

But if I understand well, the thing is @seppy doesn’t want to make this URL public, but instead instead access this special URL if logged in the SSO.
Synapse is the server part, not the client (Element), and if I understand well we’re trying to access an URL that depends on Synapse server. @seppy is that correct ?

Yes for security reasons I would prefer that this endpoint is not public. But I am a pragmatic person. First I need to get access to it so I can use the Admin API. I need to be able to kick out people from my server if they are not behaving. Then I can still figure out a way to make it only accessible for me.

So i checked again all the user rights. Synapse is available for “all users” and “the visitors”.

When I type in the browser www.domain.ldt/_synapse/admin

I am redirected to the sso login page of Yunohost.

It must be something with the ngnix configuration. They are a lot of config files and I don’t know where to look for.

I just discovered this: GitHub - Awesome-Technologies/synapse-admin: https://hub.docker.com/r/awesometechnologies/synapse-admin

I thought synapse admin UI was built-in synapse, but in fact it’s another software ? :thinking:

Hmm interesting! I would be very interested in having this be available to yunohost. Is it possible for it to be available??
I would do it but my knowledge is not that extensive…

Actually the problem is very simple. Both the GUI or the API needs to have access to the endpoints: www.domain.ldt/_synapse/admin
So the answer is in the configuration files of ngnix. I went deep dive in the ngnix documentation, but I am still struggling.

But you did install that other software, right ? It’s not built-in synapse ?

Yes I installed the WEB GUI but It’s only an interface to avoid to send requests with the API.

That’s why both are not working. I need to make accessible the end point /_synapse/admin.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Hi all !
I can’t seem to find any clear info on the topic : is there a way (and what is it) to get an admin GUI for Synapse ? By that i mean GUI to view registered users, quantity and size of hosted medias, and such directly from Yunohost user interface.


Yo !
Je n’arrive pas à trouver d’info claire et compréhensible sur le sujet : existe t-il (et comment y avoir accès à) une interface graphique d’admin Synapse ? Genre visualisation des utilisateurs enregistrés, des salons, des autorisations, des medias hébergés et compagnie, accessible directement depuis l’interface utilisateur yunohost…

:arrow_right: Matrix synapse admin GUI or admin API

Since you are asking this question, I remembered I had struggled with the documentation on how to set a user (me of course…) as admin. I suppose I have not done so yet as I am not able to delete rooms etc. According the documentation we are suppose to run:

su --command="psql matrix_synapse" postgres <<< "UPDATE users SET admin = 1 WHERE name = '@user_to_be_admin:domain.tld'"

I wish an example was included. Are we supposed to add our email address as admin? and in a way a like @admin:yunohost.org ?

su --command=“psql matrix_synapse” postgres <<< “UPDATE users SET admin = 1 WHERE name = ‘@admin:yunohost.org’”

I tried it and the result was

could not change directory to "/root": Permission denied
UPDATE 0

Same result when I wrote the email address in the common way admin@yunohost.org

Maybe @Josue knows that ?