Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

NoRouteError('Network unreachable') in PROXY setup #9852

Closed
f1-outsourcing opened this issue Apr 20, 2021 · 3 comments
Closed

NoRouteError('Network unreachable') in PROXY setup #9852

f1-outsourcing opened this issue Apr 20, 2021 · 3 comments

Comments

@f1-outsourcing
Copy link

I am having this configured

export HTTP_PROXY=http://proxy.example.com:535
export HTTPS_PROXY=https://proxy.example.com:535
export NO_PROXY="localhost,.local,127.0.0.1"

But still getting this error

GET-O-7} [matrix.org] Request failed: GET matrix://matrix.org/_matrix/federation/v1/query/directory?room_alias=%23matrix%3Amatrix.org: NoRouteError('Network unreachable')

on synapse 1.31.0
@f1-outsourcing f1-outsourcing mentioned this issue Apr 20, 2021
Closed
4 tasks
@anoadragon453
Copy link
Member

You'll need to omit the http:// and https:// from HTTP_PROXY and HTTPS_PROXY respectively. This is indeed different from the typical definition of HTTP_PROXY and HTTPS_PROXY environment variables. Note that currently the connection from Synapse to the proxy uses HTTP, regardless of whether the request from the proxy to the destination will use TLS.

#9119 does attempt to fix this, but you'll need to omit the protocol specifier until it lands. I'm closing this issue in favour of #9090.

@f1-outsourcing
Copy link
Author

f1-outsourcing commented Apr 20, 2021
edited
Loading

Hi Andrew @anoadragon453

I have changed to

export HTTP_PROXY=proxy.example.com:535
export HTTPS_PROXY=proxy.example.com:535
export NO_PROXY="localhost,.local,127.0.0.1"

But I am still having this:

synapse.http.federation.well_known_resolver - 286 - INFO - GET-18 - Error fetching https://matrix.org/.well-known/matrix/server: No route to host: 101: Network unreachable.

(with the packages 1.31.0)

I can't really make up from your comment if the use of a forward proxy should work currently or not?

(Is there a patch available that I can use to try matrix, or should I just forget about trying to get this to work with the proxy?)

@anoadragon453
Copy link
Member

Aha, I believe I misunderstood the initial problem.

Outbound federation requests, such as resolving well-known pages, do not currently go through the configured proxy. If you have firewalled outbound connections except for those towards the proxy, then federation will currently fail. Support for routing federation traffic through the http proxy is tracked at #8660, and there's currently a PR open to fix it at #9306.

In the meantime, outbound connections directly from Synapse will need to be allowed for federation to function.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@anoadragon453 @f1-outsourcing