Installing riot in subdomain

[eauchat]

In the ReadMe, it's said it's not recommended to install riot in the same domain as synapse.
Is this also true for subdomains or not?
For example, if matrix is running under mydomain.tld, is it safe to run riot under riot.mydomain.tld?

[Josue-T]

Well,

I'm not 100% about that but I think that is ok if you install riot in a subdomain. It's what I did on my server.

If you want to be more sure about that I think you should ask the matrix community.

[eauchat]

Ok, thanks.
I asked a bit more details in the riot repo issue mentioned in the readme, and when I get feedback, I'll post the details here, or as PR to the readme.

[HyperCriSiS]

I installed it to a subdomain and I have no issues so far.

[hieronymousch]

works like a charm with subdomain, I think this topic could be closed

[eauchat]

@HyperCriSiS and @hieronymousch I don't really understand what you mean by having no issues.
The question I was asking, is about security issues. So it's not something that affects the functioning of riot. It's about having your riot/matrix install vulnerable to XSS or other attacks.

I asked about this in a riot repository, but didn't really got satisfactory answers, that's why I didn't get back about it here.

Since the issue is not related to yunohost version or riot, this issue could be closed. However, if someone has an opportunity some day to investigate the question further it would be nice to be able to inform yunohost users when they are installing riot in a subdomain, if there is a security risk related to their use case.

[supermamie]

I have no specific memory on how I did this on my server, but here is what it looks like :

• element.myserver.ldt : Element web interface
• synapse.myserver.ldt : Matrix Server
• @Mamie:myserver.ldt : Address format

So Element and Synapse are on 2 different domains, and I still have a simple notation format for addresses.

This still do not explain the "why", but it was my solution to avoid it.