Open
Description
Describe the bug
MAS doesn't accept connections on the unix socket. Pointing nginx at it gives a 502 Bad Gateway error, and trying to connect with curl gives this:
% curl --unix-socket /run/matrix-authentication-service/matrix-authentication-service.sock http://localhost/
curl: (56) Recv failure: Connection reset by peer
(the same command works for connecting to synapse's unix socket)
It does listen on the socket:
% ss -lpxtn
Netid State Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
u_str LISTEN 0 4096 /run/matrix-authentication-service/matrix-authentication-service.sock 125163415 * 0 users:(("mas-cli",pid=1126120,fd=12))
tcp LISTEN 0 128 [::1]:41112 [::]:* users:(("mas-cli",pid=1126120,fd=11))
http config:
http:
issuer: https://matrix-auth.knifepoint.net/
listeners:
- binds:
- host: ::1
port: 41112
- socket: /run/matrix-authentication-service/matrix-authentication-service.sock
name: web
proxy_protocol: false
resources:
- name: discovery
path: ''
- name: human
path: ''
- name: oauth
path: ''
- name: compat
path: ''
- name: graphql
path: ''
- name: assets
path: /nix/store/hl7ijxnzgchj3nlql459hqhl7335i5cy-matrix-authentication-service-0.14.1/share/matrix-authentication-service/assets
public_base: https://matrix-auth.knifepoint.net/
trusted_proxies:
- ::1/128To Reproduce
Steps to reproduce the behavior:
- Configure matrix-authentication-service to listen on an unix socket
- Connect to unix socket
Expected behavior
Server accepts connections on unix socket
Desktop (please complete the following information):
- OS: NixOS 24.11
- matrix-authentication-service 0.14.1
Additional context
Service log:
Apr 03 04:40:25 spike systemd[1]: Starting matrix-authentication-service.service...
Apr 03 04:40:25 spike 6m0xv1yhny8gph5lkm52pgxhs9m1y3r2-matrix-authentication-service-check-config[1123078]: 2025-04-03T02:40:25.561290Z INFO cli.config.check: mas_cli::commands::config: crates/cli/src/commands/config.rs:88: Configuration file looks good
Apr 03 04:40:25 spike systemd[1]: Started matrix-authentication-service.service.
Apr 03 04:40:25 spike mas-cli[1123099]: 2025-04-03T02:40:25.703683Z INFO cli.run.init: mas_cli::commands::server: crates/cli/src/commands/server.rs:63: Starting up version="VERGEN_IDEMPOTENT_OUTPUT"
Apr 03 04:40:25 spike mas-cli[1123099]: 2025-04-03T02:40:25.703733Z INFO cli.run.init: mas_cli::commands::server: crates/cli/src/commands/server.rs:70: Connecting to the database
Apr 03 04:40:25 spike mas-cli[1123099]: 2025-04-03T02:40:25.715661Z INFO cli.run.init: mas_cli::commands::server: crates/cli/src/commands/server.rs:84: Running pending database migrations
Apr 03 04:40:25 spike mas-cli[1123099]: 2025-04-03T02:40:25.716624Z INFO cli.run.init:db.migrate: sqlx::postgres::notice: /build/matrix-authentication-service-0.14.1-vendor.tar.gz/sqlx-postgres/src/connection/stream.rs:185: relation "_sqlx_migrations" already exists, skipping
Apr 03 04:40:25 spike mas-cli[1123099]: 2025-04-03T02:40:25.729344Z INFO cli.run.init:config.sync: mas_cli::sync: crates/cli/src/sync.rs:79: Acquiring configuration lock
Apr 03 04:40:25 spike mas-cli[1123099]: 2025-04-03T02:40:25.729829Z INFO cli.run.init:config.sync: mas_cli::sync: crates/cli/src/sync.rs:86: Syncing providers and clients defined in config to database prune=false dry_run=false
Apr 03 04:40:25 spike mas-cli[1123099]: 2025-04-03T02:40:25.731242Z INFO cli.run.init:config.sync:provider{provider.id=00000000000000000000000KAN}: mas_cli::sync: crates/cli/src/sync.rs:171: Updating provider
Apr 03 04:40:25 spike mas-cli[1123099]: 2025-04-03T02:40:25.733593Z INFO cli.run.init:config.sync:client{client.id=0000000000000000000SYNAPSE}: mas_cli::sync: crates/cli/src/sync.rs:330: Updating client
Apr 03 04:40:25 spike mas-cli[1123099]: 2025-04-03T02:40:25.741407Z INFO cli.run.init: mas_cli::commands::server: crates/cli/src/commands/server.rs:125: Loading and compiling the policy module
Apr 03 04:40:25 spike mas-cli[1123099]: 2025-04-03T02:40:25.985830Z INFO cli.run.init:templates.load{path=/nix/store/hl7ijxnzgchj3nlql459hqhl7335i5cy-matrix-authentication-service-0.14.1/share/matrix-authentication-service/templates/}: mas_templates: crates/templates/src/lib.rs:205: Loading templates from filesystem root=/nix/store/hl7ijxnzgchj3nlql459hqhl7335i5cy-matrix-authentication-service-0.14.1/share/matrix-authentication-service/templates
Apr 03 04:40:25 spike mas-cli[1123099]: 2025-04-03T02:40:25.988698Z INFO cli.run.init: mas_cli::commands::server: crates/cli/src/commands/server.rs:163: Starting task worker
Apr 03 04:40:25 spike mas-cli[1123099]: 2025-04-03T02:40:25.991380Z INFO cli.run.init:worker.init{worker.id=01JQWRAVC5H02SYWFR82MEXNP9}: mas_tasks::new_queue: crates/tasks/src/new_queue.rs:254: Registered worker
Apr 03 04:40:25 spike mas-cli[1123099]: 2025-04-03T02:40:25.994373Z INFO cli.run.init: mas_cli::commands::server: crates/cli/src/commands/server.rs:288: Listening on http://[::1]:41112, http://"/run/matrix-authentication-service/matrix-authentication-service.sock" (pathname) with resources [Discovery, Human, OAuth, Compat, GraphQL { playground: false, undocumented_oauth2_access: false }, Assets { path: "/nix/store/hl7ijxnzgchj3nlql459hqhl7335i5cy-matrix-authentication-service-0.14.1/share/matrix-authentication-service/assets" }]
Apr 03 04:40:26 spike mas-cli[1123099]: 2025-04-03T02:40:26.948101Z INFO worker.run_loop:worker.tick{worker.id=01JQWRAVC5H02SYWFR82MEXNP9}: mas_tasks::new_queue: crates/tasks/src/new_queue.rs:576: I'm the leader now
Apr 03 04:41:25 spike mas-cli[1123099]: 2025-04-03T02:41:25.993228Z INFO activity_tracker.flush: mas_handlers::activity_tracker::worker: crates/handlers/src/activity_tracker/worker.rs:228: Flushing 1 activity records to the database
Apr 03 04:41:26 spike mas-cli[1123099]: 2025-04-03T02:41:26.392091Z INFO worker.run_loop:worker.tick{worker.id=01JQWRAVC5H02SYWFR82MEXNP9}: mas_tasks::new_queue: crates/tasks/src/new_queue.rs:503: Sending heartbeat
Metadata
Metadata
Assignees
Labels
No labels