Dendrite matrix server behind Apache returns "Unauthorized" or "Failed to make_join via any server" after accepting invitation on a matrix.org account

Question

Just wondering if anyone already got a Dendrite homeserver running behind an Apache web server instead of the default nginx.

I installed Dendrite using this guide: https://pieterhollander.nl/post/dendrite-matrix-homeserver/ -- only that I opted for sqlite as a database. I want to integrate the homeserver on an existing Nextcloudpi that uses an Apache webserver. How would I translate the nginx config correctly to an Apache config? I got it running good enough so that the federationtester returns success and I got an invitation to my matrix.org account from the server but when I accept the invite on a desktop Element, it only says 'Unauthorized'. On an Android Element app I get 'Failed to make_join via any server'. Here is the Apache config:

<IfModule mod_ssl.c>
<VirtualHost _default_:443>
    DocumentRoot /var/www/nextcloud
    CustomLog /var/log/apache2/nc-access.log combined
    ErrorLog  /var/log/apache2/nc-error.log
    SSLEngine on
    ServerName my.domain.net
    SSLCertificateFile /etc/letsencrypt/live/my.domain.net/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/my.domain.net/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf

    SSLProxyEngine On
    <Location /_matrix>
        ProxyPass http://localhost:8008/_matrix
        ProxyPassReverse http://localhost:8008/_matrix
    </Location>

    <Location /.well-known/matrix/server>
        ErrorDocument 200 '{ "m.server": "my.domain.net:443" }'
        RewriteEngine On
        RewriteRule .* - [R=200]
    </Location>

    <Location /.well-known/matrix/client>
        ErrorDocument 200 '{ "m.homeserver": { "base_url": "https://my.domain.net" } }'
        RewriteEngine On
        RewriteRule .* - [R=200]
    </Location>
</VirtualHost>

<VirtualHost *:8448>
    DocumentRoot /var/www/nextcloud
    CustomLog /var/log/apache2/nc-access.log combined
    ErrorLog  /var/log/apache2/nc-error.log
    SSLEngine on
    ServerName my.domain.net
    SSLCertificateFile /etc/letsencrypt/live/my.domain.net/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/my.domain.net/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf

    AllowEncodedSlashes NoDecode
    SSLProxyEngine On
    <Location /_matrix>
    ProxyPass http://localhost:8008/_matrix
    ProxyPassReverse http://localhost:8008/_matrix
    </Location>
</VirtualHost>

<Directory /var/www/nextcloud/>
    Options +FollowSymlinks
    AllowOverride All
    <IfModule mod_dav.c>
    Dav off
    </IfModule>
    LimitRequestBody 0
    SSLRenegBufferSize 10486000
</Directory>
</IfModule>

Any ideas what's missing or how to debug this?

Update -- access log of local user t on Element web app (Chromium) trying to invite another one, thomas, using Element web app in Firefox (ip addresses and timestamps ommitted):

"OPTIONS /_matrix/client/r0/sync?filter=1&timeout=30000&since=s26_6_14_3_3_18.dl-0-6 HTTP/2.0" 200 29 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0"
"OPTIONS /_matrix/client/r0/sync?filter=1&timeout=30000&since=s26_6_14_3_3_18.dl-0-6 HTTP/2.0" 200 29 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0"
"GET /_matrix/client/r0/sync?filter=2&timeout=30000&since=s25_4_14_3_3_16.dl-0-6 HTTP/2.0" 200 223 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"OPTIONS /_matrix/client/r0/keys/upload HTTP/2.0" 200 29 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"OPTIONS /_matrix/client/r0/sync?filter=2&timeout=30000&since=s25_4_14_3_3_16.dl-0-6 HTTP/2.0" 200 29 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"POST /_matrix/client/r0/keys/upload HTTP/2.0" 200 57 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"POST /_matrix/client/r0/keys/upload HTTP/2.0" 200 80 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"OPTIONS /_matrix/client/r0/createRoom HTTP/2.0" 200 52 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"GET /_matrix/client/r0/sync?filter=2&timeout=30000&since=s25_4_14_3_3_16.dl-0-6 HTTP/2.0" 200 943 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"OPTIONS /_matrix/client/r0/keys/query HTTP/2.0" 200 29 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"OPTIONS /_matrix/client/r0/sync?filter=2&timeout=30000&since=s28_6_14_3_3_18.dl-0-6 HTTP/2.0" 200 29 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"OPTIONS /_matrix/client/r0/thirdparty/user/im.vector.protocol.sip_native HTTP/2.0" 404 90 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"POST /_matrix/client/r0/keys/query HTTP/2.0" 200 581 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"OPTIONS /_matrix/client/r0/profile/%40t%3Amy.domain.net HTTP/2.0" 200 33 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"GET /_matrix/client/r0/profile/%40t%3Amy.domain.net HTTP/2.0" 200 67 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"GET /_matrix/client/r0/sync?filter=2&timeout=30000&since=s28_6_14_3_3_18.dl-0-6 HTTP/2.0" 200 1740 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"OPTIONS /_matrix/client/r0/sync?filter=2&timeout=30000&since=s29_6_14_3_3_18.dl-0-6 HTTP/2.0" 200 29 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"GET /_matrix/client/r0/sync?filter=2&timeout=30000&since=s29_6_14_3_3_18.dl-0-6 HTTP/2.0" 200 2400 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"OPTIONS /_matrix/client/r0/sync?filter=2&timeout=30000&since=s30_6_14_3_3_18.dl-0-6 HTTP/2.0" 200 29 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"GET /_matrix/client/r0/sync?filter=2&timeout=30000&since=s30_6_14_3_3_18.dl-0-6 HTTP/2.0" 200 2753 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"OPTIONS /_matrix/client/r0/sync?filter=2&timeout=30000&since=s31_6_14_3_3_18.dl-0-6 HTTP/2.0" 200 29 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"GET /_matrix/client/r0/sync?filter=2&timeout=30000&since=s31_6_14_3_3_18.dl-0-6 HTTP/2.0" 200 3142 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"OPTIONS /_matrix/client/r0/sync?filter=2&timeout=30000&since=s32_6_14_3_3_18.dl-0-6 HTTP/2.0" 200 29 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"GET /_matrix/client/r0/sync?filter=1&timeout=30000&since=s26_6_14_3_3_18.dl-0-6 HTTP/2.0" 200 223 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0"
"GET /_matrix/client/r0/sync?filter=1&timeout=30000&since=s26_6_14_3_3_18.dl-0-6 HTTP/2.0" 200 200 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0"
"OPTIONS /_matrix/client/r0/keys/upload HTTP/2.0" 200 29 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0"
"OPTIONS /_matrix/client/r0/sync?filter=1&timeout=30000&since=s26_6_14_3_3_18.dl-0-6 HTTP/2.0" 200 29 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0"
"OPTIONS /_matrix/client/r0/keys/upload HTTP/2.0" 200 29 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0"
"OPTIONS /_matrix/client/r0/sync?filter=1&timeout=30000&since=s26_6_14_3_3_18.dl-0-6 HTTP/2.0" 200 29 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0"
"POST /_matrix/client/r0/keys/upload HTTP/2.0" 200 57 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0"
"POST /_matrix/client/r0/keys/upload HTTP/2.0" 200 57 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0"
"GET /_matrix/client/r0/sync?filter=2&timeout=30000&since=s32_6_14_3_3_18.dl-0-6 HTTP/2.0" 200 3488 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"OPTIONS /_matrix/client/r0/sync?filter=2&timeout=30000&since=s33_6_14_3_3_18.dl-0-6 HTTP/2.0" 200 29 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"POST /_matrix/client/r0/createRoom HTTP/2.0" 200 79 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"OPTIONS /_matrix/client/r0/user/%40t%3Amy.domain.net/account_data/im.vector.setting.breadcrumbs HTTP/2.0" 200 29 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"OPTIONS /_matrix/client/r0/rooms/!YRn08BdBHS9M0eBG%3Amy.domain.net/read_markers HTTP/2.0" 200 52 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"OPTIONS /_matrix/client/r0/rooms/!YRn08BdBHS9M0eBG%3Amy.domain.net/members?not_membership=leave&at=s33_6_14_3_3_18.dl-0-6 HTTP/2.0" 200 29 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"OPTIONS /_matrix/client/r0/rooms/!YRn08BdBHS9M0eBG%3Amy.domain.net/messages?from=t1_27&limit=20&dir=b&filter=%7B%22lazy_load_members%22%3Atrue%7D HTTP/2.0" 200 29 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"GET /_matrix/client/r0/rooms/!YRn08BdBHS9M0eBG%3Amy.domain.net/members?not_membership=leave&at=s33_6_14_3_3_18.dl-0-6 HTTP/2.0" 200 321 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"PUT /_matrix/client/r0/user/%40t%3Amy.domain.net/account_data/im.vector.setting.breadcrumbs HTTP/2.0" 200 32 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"GET /_matrix/client/r0/rooms/!YRn08BdBHS9M0eBG%3Amy.domain.net/messages?from=t1_27&limit=20&dir=b&filter=%7B%22lazy_load_members%22%3Atrue%7D HTTP/2.0" 200 343 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"POST /_matrix/client/r0/rooms/!YRn08BdBHS9M0eBG%3Amy.domain.net/read_markers HTTP/2.0" 200 32 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"OPTIONS /_matrix/client/r0/rooms/!YRn08BdBHS9M0eBG%3Amy.domain.net/messages?from=t0_0&limit=20&dir=b&filter=%7B%22lazy_load_members%22%3Atrue%7D HTTP/2.0" 200 29 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"GET /_matrix/client/r0/rooms/!YRn08BdBHS9M0eBG%3Amy.domain.net/messages?from=t0_0&limit=20&dir=b&filter=%7B%22lazy_load_members%22%3Atrue%7D HTTP/2.0" 200 71 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"GET /_matrix/client/r0/sync?filter=2&timeout=30000&since=s33_6_14_3_3_18.dl-0-6 HTTP/2.0" 200 3852 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"OPTIONS /_matrix/client/r0/sync?filter=2&timeout=30000&since=s34_6_14_3_3_18.dl-0-6 HTTP/2.0" 200 29 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"GET /_matrix/client/r0/sync?filter=2&timeout=30000&since=s34_6_14_3_3_18.dl-0-6 HTTP/2.0" 200 658 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"OPTIONS /_matrix/client/r0/sync?filter=2&timeout=30000&since=s34_6_14_3_3_20.dl-0-6 HTTP/2.0" 200 29 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"POST /_matrix/client/r0/keys/upload HTTP/2.0" 200 105 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0"
"POST /_matrix/client/r0/keys/upload HTTP/2.0" 200 82 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0"
"POST /_matrix/client/r0/rooms/!YRn08BdBHS9M0eBG%3Amy.domain.net/read_markers HTTP/2.0" 200 55 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"GET /_matrix/client/r0/sync?filter=2&timeout=30000&since=s34_6_14_3_3_20.dl-0-6 HTTP/2.0" 200 504 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"OPTIONS /_matrix/client/r0/sync?filter=2&timeout=30000&since=s34_6_14_3_3_21.dl-0-6 HTTP/2.0" 200 29 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"OPTIONS /_matrix/client/r0/profile/%40thomas%3Amy.domain.net HTTP/2.0" 200 53 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"GET /_matrix/client/r0/profile/%40thomas%3Amy.domain.net HTTP/2.0" 200 72 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"OPTIONS /_matrix/client/r0/rooms/!YRn08BdBHS9M0eBG%3Amy.domain.net/invite HTTP/2.0" 200 29 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"POST /_matrix/client/r0/rooms/!YRn08BdBHS9M0eBG%3Amy.domain.net/invite HTTP/2.0" 200 32 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"GET /_matrix/client/r0/sync?filter=2&timeout=30000&since=s34_6_14_3_3_21.dl-0-6 HTTP/2.0" 200 1487 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"OPTIONS /_matrix/client/r0/sync?filter=2&timeout=30000&since=s35_6_14_3_4_21.dl-0-6 HTTP/2.0" 200 29 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"GET /_matrix/client/r0/sync?filter=1&timeout=30000&since=s26_6_14_3_3_18.dl-0-6 HTTP/2.0" 200 1365 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0"
"GET /_matrix/client/r0/sync?filter=1&timeout=30000&since=s26_6_14_3_3_18.dl-0-6 HTTP/2.0" 200 1342 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0"
"OPTIONS /_matrix/client/r0/sync?filter=1&timeout=30000&since=s34_6_14_3_4_21.dl-0-6 HTTP/2.0" 200 29 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0"
"OPTIONS /_matrix/client/r0/thirdparty/user/im.vector.protocol.sip_native HTTP/2.0" 404 90 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0"
"OPTIONS /_matrix/client/r0/sync?filter=1&timeout=30000&since=s34_6_14_3_4_21.dl-0-6 HTTP/2.0" 200 29 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0"
"OPTIONS /_matrix/client/r0/thirdparty/user/im.vector.protocol.sip_native HTTP/2.0" 404 48 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0"
"GET /_matrix/client/r0/sync?filter=1&timeout=30000&since=s34_6_14_3_4_21.dl-0-6 HTTP/2.0" 200 279 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0"
"GET /_matrix/client/r0/sync?filter=1&timeout=30000&since=s34_6_14_3_4_21.dl-0-6 HTTP/2.0" 200 256 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0"
"OPTIONS /_matrix/client/r0/sync?filter=1&timeout=30000&since=s35_6_14_3_4_21.dl-0-6 HTTP/2.0" 200 29 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0"
"OPTIONS /_matrix/client/r0/sync?filter=1&timeout=30000&since=s35_6_14_3_4_21.dl-0-6 HTTP/2.0" 200 29 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0"
"OPTIONS /_matrix/client/r0/presence/%40thomas%3Amy.domain.net/status HTTP/2.0" 200 52 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0"
"PUT /_matrix/client/r0/presence/%40thomas%3Amy.domain.net/status HTTP/2.0" 200 32 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0"
"GET /_matrix/client/r0/sync?filter=2&timeout=30000&since=s35_6_14_3_4_21.dl-0-6 HTTP/2.0" 200 223 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"OPTIONS /_matrix/client/r0/sync?filter=2&timeout=30000&since=s35_6_14_3_4_21.dl-0-6 HTTP/2.0" 200 29 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"GET /_matrix/client/r0/sync?filter=1&timeout=30000&since=s35_6_14_3_4_21.dl-0-6 HTTP/2.0" 200 223 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0"
"GET /_matrix/client/r0/sync?filter=1&timeout=30000&since=s35_6_14_3_4_21.dl-0-6 HTTP/2.0" 200 200 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0"
"OPTIONS /_matrix/client/r0/sync?filter=1&timeout=30000&since=s35_6_14_3_4_21.dl-0-6 HTTP/2.0" 200 29 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0"
"OPTIONS /_matrix/client/r0/sync?filter=1&timeout=30000&since=s35_6_14_3_4_21.dl-0-6 HTTP/2.0" 200 29 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0"
"GET /_matrix/client/r0/sync?filter=2&timeout=30000&since=s35_6_14_3_4_21.dl-0-6 HTTP/2.0" 200 223 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"OPTIONS /_matrix/client/r0/sync?filter=2&timeout=30000&since=s35_6_14_3_4_21.dl-0-6 HTTP/2.0" 200 0 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"
"GET /_matrix/client/r0/sync?filter=1&timeout=30000&since=s35_6_14_3_4_21.dl-0-6 HTTP/2.0" 200 223 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0"
"GET /_matrix/client/r0/sync?filter=1&timeout=30000&since=s35_6_14_3_4_21.dl-0-6 HTTP/2.0" 200 200 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0"
"OPTIONS /_matrix/client/r0/sync?filter=1&timeout=30000&since=s35_6_14_3_4_21.dl-0-6 HTTP/2.0" 200 0 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0"
"OPTIONS /_matrix/client/r0/sync?filter=1&timeout=30000&since=s35_6_14_3_4_21.dl-0-6 HTTP/2.0" 200 29 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0"

(Result in this case is that thomas doesn't get any invitation.)

Update 2.1 -- application log (/var/log/dendrite) with user @a:my.domain.net trying to chat with user @thomiel:matríx.org who gets an 'Unauthorized' error message when trying to allow:

time="2021-03-12T15:36:37.840538570Z" level=info msg="Producing to topic 'DendriteOutputClientData'" func="github.com/matrix-org/dendrite/clientapi/producers.(*SyncAPIProducer).SendData" file="github.com/matrix-org/dendrite/clientapi/producers/syncapi.go:51" data_type=m.fully_read room_id="!zgF4scldfFsA7AGM:my.domain.net" user_id="@t:my.domain.net"
time="2021-03-12T15:36:37.860445777Z" level=info msg="received data from client API server" func="github.com/matrix-org/dendrite/syncapi/consumers.(*OutputClientDataConsumer).onMessage" file="github.com/matrix-org/dendrite/syncapi/consumers/clientapi.go:87" room_id="!zgF4scldfFsA7AGM:my.domain.net" type=m.fully_read
time="2021-03-12T15:37:22.582788411Z" level=warning msg="Outgoing request failed" func="github.com/matrix-org/gomatrixserverlib.(*Client).DoHTTPRequest" file="github.com/matrix-org/gomatrixserverlib@v0.0.0-20210216163908-bab1f2be20d0/client.go:495" error="Get \"matrix:///_matrix/federation/v1/query/profile?user_id=%40thomiel%3A\": Invalid server name" out.req.ID=Qt8hIZAv7lTz out.req.method=GET out.req.uri="matrix:///_matrix/federation/v1/query/profile?user_id=%40thomiel%3A" req.id=JsCILPjJTfk9 req.method=GET req.path="/_matrix/client/r0/profile/@thomiel:"
time="2021-03-12T15:37:22.583677269Z" level=error msg="getProfile failed" func=github.com/matrix-org/dendrite/clientapi/routing.GetProfile file="github.com/matrix-org/dendrite/clientapi/routing/profile.go:53" error="Get \"matrix:///_matrix/federation/v1/query/profile?user_id=%40thomiel%3A\": Invalid server name" req.id=JsCILPjJTfk9 req.method=GET req.path="/_matrix/client/r0/profile/@thomiel:"
time="2021-03-12T15:37:26.555107474Z" level=warning msg="Error sending request to https://mat:8448/_matrix/federation/v1/query/profile?user_id=%40thomiel%3Amat: dial tcp: lookup mat on 192.168.178.1:53: no such host" func="github.com/matrix-org/gomatrixserverlib.(*federationTripper).RoundTrip" file="github.com/matrix-org/gomatrixserverlib@v0.0.0-20210216163908-bab1f2be20d0/client.go:215" out.req.ID=CdP1f2Tsi6n9 out.req.method=GET out.req.uri="matrix://mat/_matrix/federation/v1/query/profile?user_id=%40thomiel%3Amat" req.id=IEjvHZmikkJs req.method=GET req.path="/_matrix/client/r0/profile/@thomiel:mat"
time="2021-03-12T15:37:26.563326409Z" level=warning msg="Error sending request to https://mat:8448/_matrix/federation/v1/query/profile?user_id=%40thomiel%3Amat: dial tcp: lookup mat on 192.168.178.1:53: no such host" func="github.com/matrix-org/gomatrixserverlib.(*federationTripper).RoundTrip" file="github.com/matrix-org/gomatrixserverlib@v0.0.0-20210216163908-bab1f2be20d0/client.go:215" out.req.ID=CdP1f2Tsi6n9 out.req.method=GET out.req.uri="matrix://mat/_matrix/federation/v1/query/profile?user_id=%40thomiel%3Amat" req.id=IEjvHZmikkJs req.method=GET req.path="/_matrix/client/r0/profile/@thomiel:mat"
time="2021-03-12T15:37:26.564176777Z" level=warning msg="Outgoing request failed" func="github.com/matrix-org/gomatrixserverlib.(*Client).DoHTTPRequest" file="github.com/matrix-org/gomatrixserverlib@v0.0.0-20210216163908-bab1f2be20d0/client.go:495" error="Get \"matrix://mat/_matrix/federation/v1/query/profile?user_id=%40thomiel%3Amat\": dial tcp: lookup mat on 192.168.178.1:53: no such host" out.req.ID=CdP1f2Tsi6n9 out.req.method=GET out.req.uri="matrix://mat/_matrix/federation/v1/query/profile?user_id=%40thomiel%3Amat" req.id=IEjvHZmikkJs req.method=GET req.path="/_matrix/client/r0/profile/@thomiel:mat"
time="2021-03-12T15:37:26.564959071Z" level=error msg="getProfile failed" func=github.com/matrix-org/dendrite/clientapi/routing.GetProfile file="github.com/matrix-org/dendrite/clientapi/routing/profile.go:53" error="Get \"matrix://mat/_matrix/federation/v1/query/profile?user_id=%40thomiel%3Amat\": dial tcp: lookup mat on 192.168.178.1:53: no such host" req.id=IEjvHZmikkJs req.method=GET req.path="/_matrix/client/r0/profile/@thomiel:mat"

... ...

time="2021-03-12T15:37:48.274943370Z" level=info msg=Responding func=github.com/matrix-org/dendrite/syncapi/routing.OnIncomingMessagesRequest file="github.com/matrix-org/dendrite/syncapi/routing/messages.go:198" backwards=true from=t1_73 limit=20 req.id=zV6MT6rqWrmQ req.method=GET req.path="/_matrix/client/r0/rooms/!LunTPWkeobaHy3AU:my.domain.net/messages" return_end=t0_0 return_start=t1_73 to=t0_0 user_id="@a:my.domain.net"
time="2021-03-12T15:37:48.312782568Z" level=info msg="Producing to topic 'DendriteOutputClientData'" func="github.com/matrix-org/dendrite/clientapi/producers.(*SyncAPIProducer).SendData" file="github.com/matrix-org/dendrite/clientapi/producers/syncapi.go:51" data_type=im.vector.setting.breadcrumbs room_id="" user_id="@a:my.domain.net"
time="2021-03-12T15:37:48.337201666Z" level=info msg="Producing to topic 'DendriteOutputClientData'" func="github.com/matrix-org/dendrite/clientapi/producers.(*SyncAPIProducer).SendData" file="github.com/matrix-org/dendrite/clientapi/producers/syncapi.go:51" data_type=m.fully_read room_id="!LunTPWkeobaHy3AU:my.domain.net" user_id="@a:my.domain.net"
time="2021-03-12T15:37:48.337304844Z" level=info msg="received data from client API server" func="github.com/matrix-org/dendrite/syncapi/consumers.(*OutputClientDataConsumer).onMessage" file="github.com/matrix-org/dendrite/syncapi/consumers/clientapi.go:87" room_id="" type=im.vector.setting.breadcrumbs
time="2021-03-12T15:37:48.397000891Z" level=info msg="received data from client API server" func="github.com/matrix-org/dendrite/syncapi/consumers.(*OutputClientDataConsumer).onMessage" file="github.com/matrix-org/dendrite/syncapi/consumers/clientapi.go:87" room_id="!LunTPWkeobaHy3AU:my.domain.net" type=m.fully_read
time="2021-03-12T15:37:48.469433547Z" level=info msg="Fetched 0 events locally" func="github.com/matrix-org/dendrite/syncapi/routing.(*messagesReq).retrieveEvents" file="github.com/matrix-org/dendrite/syncapi/routing/messages.go:259" end=t0_0 req.id=7kQynzHEMUXd req.method=GET req.path="/_matrix/client/r0/rooms/!LunTPWkeobaHy3AU:my.domain.net/messages" start=t0_0 user_id="@a:my.domain.net"
time="2021-03-12T15:37:48.472270380Z" level=info msg=Responding func=github.com/matrix-org/dendrite/syncapi/routing.OnIncomingMessagesRequest file="github.com/matrix-org/dendrite/syncapi/routing/messages.go:198" backwards=true from=t0_0 limit=20 req.id=7kQynzHEMUXd req.method=GET req.path="/_matrix/client/r0/rooms/!LunTPWkeobaHy3AU:my.domain.net/messages" return_end=t0_0 return_start=t0_0 to=t0_0 user_id="@a:my.domain.net"
time="2021-03-12T15:37:51.289533510Z" level=info msg="Producing to topic 'DendriteOutputClientData'" func="github.com/matrix-org/dendrite/clientapi/producers.(*SyncAPIProducer).SendData" file="github.com/matrix-org/dendrite/clientapi/producers/syncapi.go:51" data_type=m.fully_read room_id="!LunTPWkeobaHy3AU:my.domain.net" user_id="@a:my.domain.net"
time="2021-03-12T15:37:51.309391237Z" level=info msg="received data from client API server" func="github.com/matrix-org/dendrite/syncapi/consumers.(*OutputClientDataConsumer).onMessage" file="github.com/matrix-org/dendrite/syncapi/consumers/clientapi.go:87" room_id="!LunTPWkeobaHy3AU:my.domain.net" type=m.fully_read
time="2021-03-12T15:38:13.489337025Z" level=info msg=PerformDeviceDeletion func="github.com/matrix-org/dendrite/userapi/internal.(*UserInternalAPI).PerformDeviceDeletion" file="github.com/matrix-org/dendrite/userapi/internal/api.go:127" devices="[qnTWgh6Y]" req.id=KnzjQXxBfK3h req.method=POST req.path=/_matrix/client/r0/logout user_id="@t:my.domain.net"
time="2021-03-12T15:38:13.558120970Z" level=info msg="Sending device list update message to [\"my.domain.net\"]" func="github.com/matrix-org/dendrite/federationsender/consumers.(*KeyChangeConsumer).onMessage" file="github.com/matrix-org/dendrite/federationsender/consumers/keychange.go:132"
time="2021-03-12T15:38:13.582578974Z" level=info msg="Produced to key change topic 'DendriteOutputKeyChangeEvent'" func="github.com/matrix-org/dendrite/keyserver/producers.(*KeyChange).ProduceKeyChanges" file="github.com/matrix-org/dendrite/keyserver/producers/keychange.go:72" num_key_changes=1 user_id="@t:my.domain.net"
time="2021-03-12T15:40:22.339661581Z" level=info msg="Fetching 1 key(s)" func="github.com/matrix-org/dendrite/signingkeyserver/internal.(*ServerKeyAPI).handleFetcherKeys" file="github.com/matrix-org/dendrite/signingkeyserver/internal/api.go:208" fetcher_name="perspective server matrix.org"
time="2021-03-12T15:40:22.536747076Z" level=info msg="Updated 2 of 2 key(s) in database (0 keys remaining)" func="github.com/matrix-org/dendrite/signingkeyserver/internal.(*ServerKeyAPI).handleFetcherKeys" file="github.com/matrix-org/dendrite/signingkeyserver/internal/api.go:262" fetcher_name="perspective server matrix.org"
time="2021-03-12T15:40:22.553190363Z" level=info msg="Invalid request signature" func=github.com/matrix-org/gomatrixserverlib.VerifyHTTPRequest file="github.com/matrix-org/gomatrixserverlib@v0.0.0-20210216163908-bab1f2be20d0/request.go:239" error="Bad signature from \"matrix.org\" with ID \"ed25519:a_RXGa\"" req.id=n2iqmJBtoe2x req.method=GET req.path="/_matrix/federation/v1/make_join/!LunTPWkeobaHy3AU:my.domain.net/@thomiel:matrix.org"

Two types of messages seem to be relevant here: The last entry with "Invalid request signature" and 2 x "Invalid server name" @ time="2021-03-12T15:37:22" that maybe occured during auto-complete.

There is nothing of interest in the _access_log_. You also need to check the Apache _error_log_, as well as the logs of your application. — Michael Hampton, Mar 09 '21 at 01:55
@Michael Hampton I added the application log to the question. The Apache error log is empty. — thomiel, Mar 09 '21 at 02:19
There doesn't seem to be any attempt to join the server reflected in that log excerpt. You should go back and look for _relevant_ log entries. — Michael Hampton, Mar 09 '21 at 02:23
Thanks, maybe it's too late for me and I lose my concentration. I will clear the logs tomorrow and start over. — thomiel, Mar 09 '21 at 02:30
@Michael Hampton I added new and hopefully relevant parts of the application log. — thomiel, Mar 12 '21 at 16:14

score 0 · Accepted Answer · answered Mar 13 '21 at 17:35

This is the config that finally made it work:

<IfModule mod_ssl.c>
<VirtualHost _default_:443>
    DocumentRoot /var/www/nextcloud
    CustomLog /var/log/apache2/nc-access.log combined
    ErrorLog  /var/log/apache2/nc-error.log
    SSLEngine on
    ServerName      my.domain.net
    SSLCertificateFile /etc/letsencrypt/live/my.domain.net/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/my.domain.net/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf

    SSLProxyEngine On
    ProxyPreserveHost On
    RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
    AllowEncodedSlashes NoDecode
    <Location /_matrix>
    ProxyPass http://127.0.0.1:8008/_matrix retry=0 timeout=600 nocanon
    ProxyPassReverse http://127.0.0.1:8008/_matrix
    </Location>

    <Location /.well-known/matrix/server>
    ErrorDocument 200 '{ "m.server": "my.domain.net:443" }'
    RewriteEngine On
    RewriteRule .* - [R=200]
    </Location>

    <Location /.well-known/matrix/client>
    ErrorDocument 200 '{ "m.homeserver": { "base_url": "https://my.domain.net" } }'
    RewriteEngine On
    RewriteRule .* - [R=200]
    </Location>

</VirtualHost>

<VirtualHost *:8448>
    DocumentRoot /var/www/nextcloud
    CustomLog /var/log/apache2/nc-access.log combined
    ErrorLog  /var/log/apache2/nc-error.log
    SSLEngine on
    ServerName my.domain.net
    SSLCertificateFile /etc/letsencrypt/live/my.domain.net/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/my.domain.net/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf

    AllowEncodedSlashes NoDecode
    RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
    ProxyPreserveHost On
    SSLProxyEngine On
    <Location /_matrix>
    ProxyPass http://127.0.0.1:8008/_matrix retry=0 timeout=600 nocanon
    ProxyPassReverse http://127.0.0.1:8008/_matrix
    </Location>
</VirtualHost>

<Directory /var/www/nextcloud/>
    Options +FollowSymlinks
    AllowOverride All
    <IfModule mod_dav.c>
    Dav off
    </IfModule>
    LimitRequestBody 0
    SSLRenegBufferSize 10486000
</Directory>
</IfModule>

Most notable the nocanon option for ProxyPass and RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}. I also had to delete the whole database (*.db) because Dendrite at some point became paranoid and rejected all incoming requests as coming from imposters due to prior misconfiguration. Community support at #dendrite:matrix.org and other chatrooms helped me alot narrowing down the problem.

I was finally pointed to https://github.com/matrix-org/synapse/blob/develop/docs/reverse_proxy.md#apache as the Synapse webserver configuration is very similar to Dendrite.

Dendrite matrix server behind Apache returns "Unauthorized" or "Failed to make_join via any server" after accepting invitation on a matrix.org account

1 Answers1