Unable to set up secret storage in Docker

[Gitoffomalawn]

Steps to reproduce

1. Run matrix-web in a Docker container, following the instructions here.
2. Login, go to Settings: Security & Privacy
3. Under Encryption > Secure Backup click the Set Up button, follow the prompts on the screen.

Outcome

What did you expect?

Expected secret storage to be set up, and from there further E2E setup.

What happened instead?

This error was produced (almost immediately):

Retry doesn't seem to do anything. The Docker container logs do not show any helpful messages for troubleshooting (only GET requests). Similarly, the documentation regarding the Docker image seems limited, not helping with troubleshooting much either.

The issue appears whether running the container as the Docker user, or as root.

Operating system

Arch Linux (Docker)

Browser information

Firefox 130.0, Chromium 127.0.6533.119

URL for webapp

vectorim/element-web

Application version

1.11.77

Homeserver

matrix.org

Will you send logs?

No

[t3chguy]

Will you send logs?
No

Without logs there is nothing to look at here

The Docker container logs do not show any helpful messages for troubleshooting (only GET requests)

Yeah because Element Web is a client-side application, the Docker container is just nginx. Element is end to end encrypted so the server does none of the communication for you, its all in the browser, so the browser logs are where you'd need to look.

[Gitoffomalawn]

Will you send logs?
No

Without logs there is nothing to look at here

Sending logs is dependant on using the application, which seems to not be possible without completing the step that fails (I don't have anywhere to type the /rageshake command). So I can't really send anything. However, the steps to reproduce should be easy enough to follow (and if you can't reproduce, that's in itself a finding).

The Docker container logs do not show any helpful messages for troubleshooting (only GET requests)

Yeah because Element Web is a client-side application, the Docker container is just nginx. Element is end to end encrypted so the server does none of the communication for you, its all in the browser, so the browser logs are where you'd need to look.

I'll take a look here to see if I can find anything useful to share.

[Gitoffomalawn]

OK, I checked again. There simply is no way for me to send logs using /rageshake as the message input area in my home isn't there (presumably because I haven't completed setup, which I cant, since setting up the secure storage is one of the steps). I made a room specifically in order to use the command, but rooms don't seem to recognize /rageshake. Trying to find other methods of sending these logs I came across some instructions which were hopelessly out of date and refer to non-existent buttons and menus.

If I'm doing something wrong here, please let me know what, and which steps I should follow. The documentation is sadly of no help.

I also went back and looked at the browser logs, as suggested. There, I came across this error message:

Error bootstrapping secret storage TypeError: globalThis.crypto.subtle is undefined
    a aes.ts:111
    i aes.ts:59
    c aes.ts:158
    addKey secret-storage.ts:402
    addSecretStorageKeyToSecretStorage rust-crypto.ts:816
    bootstrapSecretStorage rust-crypto.ts:767
    U CreateSecretStorageDialog.tsx:381
    U CreateSecretStorageDialog.tsx:442
    React 11
        Ve
        Ge
        Cr
        Cr
        Ar
        Pr
        Me
        Pr
        Pr
        Zt
        Qt
    unstable_runWithPriority scheduler.production.min.js:18
    React 3
        Ko
        Oe
        Jt
rageshake.ts:77:16
    t rageshake.ts:77
    <anonymous> logger.ts:97
    U CreateSecretStorageDialog.tsx:407
    U CreateSecretStorageDialog.tsx:442
    React 11
    unstable_runWithPriority scheduler.production.min.js:18
    React 3

This pointed me in the direction of TLS. As I was setting this up as a test, I hadn't yet put the server behind a proxy. Having done so, I was finally able to complete the secret storage setup. The prerequisite for TLS was, once again, not mentioned in the documentation.

As of now, my issue seems solved. However, the documentation should probably be made more accessible. As it is now there is too much missing information in there.

[t3chguy]

That's unfortunately a requirement some web browsers impose, you can read more about it at https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts

[Gitoffomalawn]

That's unfortunately a requirement some web browsers impose, you can read more about it at https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts

Thanks for the info. This should probably be incorporated into Element documentation as well.