docs.mau.fi
Open in
urlscan Pro
2a01:4f9:3a:26a1::
Public Scan
Submitted URL: https://discord-media.mau.dev/
Effective URL: https://docs.mau.fi/bridges/go/discord/direct-media.html
Submission Tags: phishingrod
Submission: On October 18 via api from DE — Scanned from FI
Effective URL: https://docs.mau.fi/bridges/go/discord/direct-media.html
Submission Tags: phishingrod
Submission: On October 18 via api from DE — Scanned from FI
Form analysis 1 forms found in the DOM
<form id="searchbar-outer" class="searchbar-outer">
<input type="search" id="searchbar" name="searchbar" placeholder="Search this book ..." aria-controls="searchresults-outer" aria-describedby="searchresults-header">
</form>Text Content
1. Back to bookshelf
1. 1. Introduction
2.
3. Bridges in general
4. 2. Troubleshooting & FAQ
5. 3. Registering appservices
6. 4. End-to-bridge encryption
7. 5. Double puppeting
8. 6. Relay mode
9. 7. Bridge setup with Docker
10.
11. Python-based bridges
12. 8. Bridge setup
13. 9. Optional dependencies
14. 10. Manhole
15.
16. 11. mautrix-telegram
17. 1. 11.1. Authentication
2. 11.2. Creating and managing chats
3. 11.3. Management commands
4. 11.4. Relay bot
5. 11.5. Provisioning API
6. 11.6. Migrating from Telematrix
7. 11.7. DBMS migration
18. 12. mautrix-facebook
19. 1. 12.1. Authentication
2. 12.2. Upgrading to v0.2.0
20. 13. mautrix-googlechat
21. 1. 13.1. Authentication
22. 14. mautrix-twitter
23. 1. 14.1. Authentication
24. 15. mautrix-signal (legacy)
25. 1. 15.1. Authentication
2. 15.2. Bridge setup with Docker
26. 16. mautrix-instagram
27. 1. 16.1. Authentication
28.
29. Go-based bridges
30. 17. Bridge setup
31.
32. 18. mautrix-whatsapp
33. 1. 18.1. Android VM setup
2. 18.2. Authentication
34. 19. mautrix-discord
35. 1. 19.1. Authentication
2. 19.2. Bridging rooms
3. 19.3. Relaying with webhooks
4. 19.4. Direct media access
36. 20. mautrix-slack
37. 1. 20.1. Authentication
38. 21. mautrix-gmessages
39. 1. 21.1. Authentication
40. 22. mautrix-signal (new)
41. 1. 22.1. Authentication
42. 23. mautrix-imessage
43. 1. 23.1. Bridge setup (macOS)
2. 23.2. Bridge setup (macOS without SIP)
3. 23.3. Bridge setup (iOS)
4. 1. 23.3.1. SMS forwarding
5. 23.4. Bridge setup (Android SMS)
* Light
* Rust
* Coal
* Navy
* Ayu
MAUTRIX-BRIDGES
DIRECT MEDIA ACCESS
New in version 0.4.0
To avoid spamming your homeserver's media repository with all files from
Discord, the bridge has an option to generate fake mxc:// URIs that contain the
Discord media ID. The media repo or your reverse proxy can then handle those
URIs specially to fetch content directly from the Discord CDN.
To enable this mode, set bridge -> media_patterns -> enabled to true in the
bridge config. You can then configure each of the patterns or leave the
defaults.
WAYS TO USE PATTERNS
DEFAULT PATTERN AND MSC3860-COMPATIBLE MEDIA REPO
If your media repo supports MSC3860, you can use the default patterns out of the
box with no modifications. Your media repo will act like discord-media.mau.dev
is a federated Matrix server, so when your client requests Discord media, your
media repo will ask discord-media.mau.dev, which redirects to
cdn.discordapp.com. Your media repo then downloads the media and caches it as
remote media (like it does for all federated media).
As of writing, normal Matrix servers don't support MSC3860 yet, but they likely
will in the future once the MSC passes.
The software on discord-media.mau.dev is just a Caddy instance with the first
example config below, plus a static .well-known file to redirect federation to
443. You can find the raw config at mau.dev/maunium/caddy.
REDIRECT IN REVERSE PROXY
You can also configure your reverse proxy to redirect
mxc://discord-media.mau.dev/* downloads directly to cdn.discordapp.com. This
method doesn't involve your media repo at all, so it already works with most
clients. However, it won't work with servers that don't support MSC3860, as
they'd still try to connect to discord-media.mau.dev, which may be a problem if
you want to use your bridge in federated rooms. Additionally, you may encounter
some CORS issues with this method as cdn.discordapp.com doesn't provide CORS
headers for all files (like webp images and non-inline documents)
Caddy config example
matrix.example.com {
handle /_matrix/media/*/download/discord-media.mau.dev/* {
# The redirect must have CORS headers to let web clients follow it.
header Access-Control-Allow-Origin *
# Need to use a route directive to make the uri mutations apply before redir
route {
# Remove path prefix
uri path_regexp ^/_matrix/media/.+/download/discord-media\.mau\.dev/ /
# The mxc patterns use | instead of /, so replace it first turning the path into attachments/1234/5678/filename.png
uri replace "%7C" /
# Then redirect to cdn.discordapp.com/attachments/1234/5678/filename.png with HTTP 307
redir https://cdn.discordapp.com{uri} 307
}
}
# Special-case stickers because they don't have CORS headers on cdn.discordapp.com for some reason
handle /_matrix/media/*/download/discord-media.mau.dev/stickers|* {
header Access-Control-Allow-Origin *
route {
uri path_regexp ^/_matrix/media/.+/download/discord-media\.mau\.dev/ /
uri replace "%7C" /
redir https://media.discordapp.net{uri} 307
}
}
# Do the same for thumbnails, but redirect to media.discordapp.net (which is Discord's thumbnailing server, and happens to use similar width/height params as Matrix)
# Alternatively, you can point this at cdn.discordapp.com too. Clients shouldn't mind even if they get a bigger image than they asked for.
handle /_matrix/media/*/thumbnail/discord-media.mau.dev/* {
header Access-Control-Allow-Origin *
route {
uri path_regexp ^/_matrix/media/.+/thumbnail/discord-media\.mau\.dev/ /
uri replace "%7C" /
redir https://media.discordapp.net{uri} 307
}
}
# The usual proxying to your homeserver
handle /_matrix/* {
reverse_proxy http://localhost:8008
}
}
Nginx config example
server {
listen 443;
server_name matrix.example.com;
# ... usual /_matrix location block and other stuff ...
# N.B. If you use a regex pattern for the /_matrix block, it must be below these locations
location ~ ^/_matrix/media/(?:v3|r0)/download/discord-media.mau.dev/attachments\|([0-9]+)\|([0-9]+)\|(.+)$ {
add_header Access-Control-Allow-Origin *;
return 307 https://cdn.discordapp.com/attachments/$1/$2/$3;
}
location ~ ^/_matrix/media/(?:v3|r0)/download/discord-media.mau.dev/emojis\|(.+)$ {
add_header Access-Control-Allow-Origin *;
return 307 https://cdn.discordapp.com/emojis/$1;
}
location ~ ^/_matrix/media/(?:v3|r0)/download/discord-media.mau.dev/stickers\|(.+)$ {
add_header Access-Control-Allow-Origin *;
# Stickers don't have CORS headers on cdn.discordapp.com for some reason, so always use media.
return 307 https://media.discordapp.net/stickers/$1;
}
location ~ ^/_matrix/media/(?:v3|r0)/download/discord-media.mau.dev/avatars\|([0-9]+)\|(.+)$ {
add_header Access-Control-Allow-Origin *;
return 307 https://cdn.discordapp.com/avatars/$1/$2;
}
# Thumbnails (optional-ish)
location ~ ^/_matrix/media/(?:v3|r0)/thumbnail/discord-media.mau.dev/attachments\|([0-9]+)\|([0-9]+)\|(.+)$ {
add_header Access-Control-Allow-Origin *;
return 307 https://media.discordapp.net/attachments/$1/$2/$3?$args;
}
location ~ ^/_matrix/media/(?:v3|r0)/thumbnail/discord-media.mau.dev/emojis\|(.+)$ {
add_header Access-Control-Allow-Origin *;
return 307 https://media.discordapp.net/emojis/$1?$args;
}
location ~ ^/_matrix/media/(?:v3|r0)/thumbnail/discord-media.mau.dev/stickers\|(.+)$ {
add_header Access-Control-Allow-Origin *;
return 307 https://media.discordapp.net/stickers/$1?$args;
}
location ~ ^/_matrix/media/(?:v3|r0)/thumbnail/discord-media.mau.dev/avatars\|([0-9]+)\|(.+)$ {
add_header Access-Control-Allow-Origin *;
return 307 https://media.discordapp.net/avatars/$1/$2?$args;
}
}
PROXY IN REVERSE PROXY
If you want bridged media to work over federation without MSC3860, you can
change discord-media.mau.dev to your own server name, and have your reverse
proxy actually proxy the downloads instead of just redirecting to
cdn.discordapp.com. That way it'll work with all existing servers and clients.
The downside of this method is the higher bandwidth use compared to redirecting,
and theoretical abuse vectors for spamming the Discord CDN through your server.
When using this example, change discord-media.mau.dev/ in the patterns to
example.com/discord_ (replacing example.com with your own domain). The discord_
prefix is there so that other media on your domain will still work normally.
Caddy config example
matrix.example.com {
handle /_matrix/media/*/download/example.com/discord_* {
header Access-Control-Allow-Origin *
# Remove path prefix
uri path_regexp ^/_matrix/media/.+/download/example\.com/discord_ /
# The mxc patterns use | instead of /, so replace it first turning it into attachments/1234/5678/filename.png
uri replace "%7C" /
reverse_proxy {
# reverse_proxy automatically includes the uri, so no {uri} at the end
to https://cdn.discordapp.com
# Caddy doesn't set the Host header automatically when reverse proxying
# (because usually reverse proxies are local and don't care about Host headers)
header_up Host cdn.discordapp.com
}
}
# Do the same for thumbnails, but redirect to media.discordapp.net (which is Discord's thumbnailing server, and happens to use similar width/height params as Matrix)
# Alternatively, you can point this at cdn.discordapp.com too. Clients shouldn't mind even if they get a bigger image than they asked for.
handle /_matrix/media/*/thumbnail/example.com/discord_* {
header Access-Control-Allow-Origin *
uri path_regexp ^/_matrix/media/.+/thumbnail/example\.com/discord_ /
uri replace "%7C" /
reverse_proxy {
to https://media.discordapp.net
header_up Host media.discordapp.net
}
}
handle /_matrix/* {
reverse_proxy http://localhost:8008
}
}
Nginx config example
server {
listen 443;
server_name matrix.example.com;
# ... usual /_matrix location block and other stuff ...
# N.B. If you use a regex pattern for the /_matrix block, it must be below these locations
# You may need to configure a resolver for nginx to be able to resolve cdn.discordapp.com
#resolver 8.8.8.8;
location ~ ^/_matrix/media/(?:v3|r0)/download/example.com/discord_attachments\|([0-9]+)\|([0-9]+)\|(.+)$ {
add_header Access-Control-Allow-Origin *;
proxy_set_header Host cdn.discordapp.com;
proxy_pass https://cdn.discordapp.com/attachments/$1/$2/$3;
}
location ~ ^/_matrix/media/(?:v3|r0)/download/example.com/discord_emojis\|(.+)$ {
add_header Access-Control-Allow-Origin *;
proxy_set_header Host cdn.discordapp.com;
proxy_pass https://cdn.discordapp.com/emojis/$1;
}
location ~ ^/_matrix/media/(?:v3|r0)/download/example.com/discord_stickers\|(.+)$ {
add_header Access-Control-Allow-Origin *;
proxy_set_header Host cdn.discordapp.com;
proxy_pass https://cdn.discordapp.com/stickers/$1;
}
location ~ ^/_matrix/media/(?:v3|r0)/download/example.com/discord_avatars\|([0-9]+)\|(.+)$ {
add_header Access-Control-Allow-Origin *;
proxy_set_header Host cdn.discordapp.com;
proxy_pass https://cdn.discordapp.com/avatars/$1/$2;
}
# Thumbnails (optional-ish)
location ~ ^/_matrix/media/(?:v3|r0)/thumbnail/example.com/discord_attachments\|([0-9]+)\|([0-9]+)\|(.+)$ {
add_header Access-Control-Allow-Origin *;
proxy_set_header Host media.discordapp.net;
proxy_pass https://media.discordapp.net/attachments/$1/$2/$3?$args;
}
location ~ ^/_matrix/media/(?:v3|r0)/thumbnail/example.com/discord_emojis\|(.+)$ {
add_header Access-Control-Allow-Origin *;
proxy_set_header Host media.discordapp.net;
proxy_pass https://media.discordapp.net/emojis/$1?$args;
}
location ~ ^/_matrix/media/(?:v3|r0)/thumbnail/example.com/discord_stickers\|(.+)$ {
add_header Access-Control-Allow-Origin *;
proxy_set_header Host media.discordapp.net;
proxy_pass https://media.discordapp.net/stickers/$1?$args;
}
location ~ ^/_matrix/media/(?:v3|r0)/thumbnail/example.com/discord_avatars\|([0-9]+)\|(.+)$ {
add_header Access-Control-Allow-Origin *;
proxy_set_header Host media.discordapp.net;
proxy_pass https://media.discordapp.net/avatars/$1/$2?$args;
}
}