#dev 2021-05-14

2021-05-14 UTC
[KevinMarks] joined the channel
#
[KevinMarks] CC0 for documentation is common
[tw2113_Slack_] joined the channel
#
[tw2113_Slack_] mmm public domain
sparseMatrix joined the channel
#
sparseMatrix very interesting
alex11 joined the channel
#
sparseMatrix man this is a tough one to describe lol
#
sparseMatrix but I have some subdomains, yes... to set up as vhosts
#
sparseMatrix all but one of them are meant to have nginix sit in front of them, via uwsgi
#
sparseMatrix now that one is a vhost that simply serves static files, and is working
#
sparseMatrix and there is also the default uri/index.html
#
Salt[m] can indieauth be used for activitypub id verification? does it require something special? I was looking to reply to a peertube comment and see they support anything AP-compat...
#
sparseMatrix I have one index.html sitting in the root of the default uri
#
sparseMatrix it shows up where you might expect
#
Salt[m] I see something about microblog.pub having an implementation, but it is unclear whether they are separate
#
sparseMatrix but any attempt to access the uwsgi-associated url fails to operate as designed, and returns an index.html from the installation folders - off in /usr somewhere.
#
sparseMatrix @Salt[m] I wish I knew well enough to say
#
Salt[m] hmm, it appears that aaron has definitely written about it
#
Salt[m] nvm, was confusing comments on a page, anyway, it appears to have been implemented as an official plugin, so perhaps it depends on the instance, https://github.com/Chocobozzz/PeerTube/issues/1316
#
Loqi [unmellow] #1316 OpenID support
gRegorLove joined the channel
#
Salt[m] ah, I think I misread and that plugin is for oid connect (clearly) and a comment was requesting indieauth
#
Salt[m] there is an oauth plugin, hmm, may just have to test it out, any, sorry for the noise
#
jacky that kinda sucks
#
jacky hmm actually it might be in more instances
#
jacky agh I see why multi-tenant services tend to be single-cloud setups
#
jacky is researching how to do site hosting for people to make it easier to onboard people to the IndieWeb using his projects or others provided a template
[fluffy] joined the channel
#
lahacker jacky what is the language composition of your current stack?
#
lahacker sparseMatrix if the attempt to access the uwsgi app is pointing you to the /usr/../index.html then your `server_name`s and location block aren't being registered or aren't being followed..
gRegorLove and gRegorLove_ joined the channel
#
jacky who's that domain name service that's like friendly with the IndieWeb?
#
jacky Name?
#
jacky friendly as in we've seen people come from there and they've (I think) sponsored some stuff
#
jacky oof this is more of a #-meta question
#
KartikPrabhu Go Daddy?
#
jacky ah okay
gRegorLove joined the channel
#
gRegorLove Name.com sponsored one or two Portland IWCs I think
[manton] joined the channel
#
[manton] Name.com being involved at IWC was partly why I chose their API to offer domain registration for Micro.blog customers.
#
jacky ah bet
#
jacky yeah I wanna do the same!
#
jacky I personally _love_ DNSimple (they're so cute, lol) but it looks like Name has a simple API (all I really need is CNAMEing)
[tw2113_Slack_] joined the channel
#
[manton] I’ve also used DNSimple for years and still have several domains there that there’s not much urgency to move. No complaints about them either.
#
[tw2113_Slack_] i just stick with Dreamhost for registrar and a couple tiny hosting sites, and DigitalOcean for the rest for hosting
#
aaronpk jacky: name.com has a new referral program in case that's interesting
#
jacky oh for resellers?
#
jacky should note that he's aiming to hit up these providers as a reseller/provider to help people claim a domain name if they don't have one
[schmarty] joined the channel
#
jacky eh a bit niche but I think linking to both Name and DNSimple as recs is good enough for the v1 - v3
gRegorLove, gRegorLove_, nertzy, jamietanna[m], fredcy_, jeremycherfas, [dianoetic_net], gbmor, tomlarkworthy, alex11, [chee], [KevinMarks] and sparseMatrix joined the channel
#
sparseMatrix aw man I reckon I'm stumped....which means I'll be shuffling around the place in a stupor while I try to work out why my stack isn't working correctly
#
sparseMatrix nginx+uwsgi+python
#
sparseMatrix all the individual bits work independently
#
sparseMatrix python+nginx: no problem
#
sparseMatrix uwsgi+python: no problem'
#
sparseMatrix but I can find no indication that nginx is passing requests to uwsgi
#
sparseMatrix it's as if nginx needs a mod-proxy or something
#
sparseMatrix lahacker and I went through it yesterday over zoom for a few or so hours (the dude is a champ)
#
sparseMatrix but yeah, it's a tough nut, I tell ya what
#
sparseMatrix heh, https://nginx.org/en/docs/http/ngx_http_proxy_module.html
#
sparseMatrix I do not have this module.
tomlarkworthy joined the channel
#
tomlarkworthy I am quite in love with OpenRESTY as more versatile version of nginx:- https://futurice.com/blog/openresty-a-swiss-army-proxy-for-serverless
#
tomlarkworthy https://hub.docker.com/r/floydhub/uwsgi-openresty
#
sparseMatrix @tomlarkworthy that honestly looks fascinating, but all I really need out of it is a simple reverse proxy to a vhost running on the same little raspberry pi4
#
sparseMatrix by all accounts any of several configurations I've put together should have worked
#
tomlarkworthy OpenREST is nginx + LUI, so you can configure it with a normal programming language and not nginx's completely baroque progrommaing model. You can, for instance, print things to the debug log, something which seems impossible with nginx.
#
tomlarkworthy it also has a package manager so you can install common things
#
tomlarkworthy its also reasonably battery included without being heavy
#
tomlarkworthy jsut saying I find OpenRESTY a lot more intuitive than raw nginx
#
petermolnar recompile nginx
#
petermolnar it's not hard at all
#
petermolnar I used to have a rather complicated script to auto-upgrade nginx in 2012 with some custom modules: https://petermolnar.net/article/nginx-version-update-script/index.html
#
petermolnar but proxy really should be in nearly every repository package
#
Loqi [Peter Molnar] My nginx version update script
#
sparseMatrix @petermolnar I actually installed nginx on this 2gb raspi from the raspbian repos, should I back that stuff out?
#
sparseMatrix @tomlarkworthy I don't so much doubt you as myself; I'm so noobish to nginx that I have no confidence in my ability to make good decisions about it
#
sparseMatrix especially after a couple days of jacobian wrestling with it
#
sknebel the proxy module should be part of the nginx package by default, are you sure you dont have it?
#
tomlarkworthy " I can find no indication that nginx is passing requests to uwsgi" its a speculation
#
tomlarkworthy you read the nginx error logs right?
#
tomlarkworthy and turned up logging: error_log logs/error.log warn;
#
tomlarkworthy https://docs.nginx.com/nginx/admin-guide/monitoring/logging/
#
tomlarkworthy https://docs.nginx.com/nginx/admin-guide/monitoring/logging/
#
sparseMatrix @sknebel: if it can be built into the binary, it's certainly possible that it is and I am unaware of it. I can't seem to find any direct evidence that it is there
#
sparseMatrix @tomlarkworthy: the only logging that I've been able to find is the access and error logs
#
tomlarkworthy yeah and you explicitly pumped the error logging becuase it tends not to print much out the box
#
sparseMatrix 'explicitly pumped'? not sure what you mean there
#
tomlarkworthy typo for 'upped'
#
tomlarkworthy you should have an error logging directive in your config
#
sparseMatrix I haven't changed from the default logging settings
#
tomlarkworthy if you are sailing on default you are not seeing much
#
tomlarkworthy well do that then
#
sparseMatrix yeah are in there, but it's only the locations that are configgered
#
Loqi agreed.
#
sparseMatrix one thing of note that I am seeing there
#
tomlarkworthy 'error_log logs/error.log warn;' is global setting
#
sparseMatrix when I attempt to access what should be the proxied service, it is attempting to serve files over http from the installation directory
#
sparseMatrix /usr/share/nginx/html/reader/index.md
#
sparseMatrix the 'reader/index.md' is a route that should be served by my uwsgi/python flask bits
#
sparseMatrix one sec, upping the log level
#
sparseMatrix bizarre... adding that logging directive to the other logging directives in /etc/nginx/nginx.conf, it is now trying to read logs from /usr/share/nginx as well. in spite of the two preceding lines that set logfile locations to /var/log/nginx/*log
#
sparseMatrix ...and erroring out as a result, as the logs it's trying to access in /usr/share do not exist
#
sknebel can you share your config files somewhere?
#
sknebel (or I can upload a sanitized version of mine...)
#
tomlarkworthy yeah I have openresty ones here, its jsut the lui_blocks which are unique to openRERSTY, the highler level lcoations and proxy_pass are nginx https://github.com/futurice/terraform-examples/blob/master/google_cloud/openresty-beyondcorp/files/default.template.conf
#
sparseMatrix sure, one sec :D
#
petermolnar sparseMatrix: ah! that might explain it. On ubuntu/debian, there are multiple nginx -es in the repo: you want "nginx-full" or "nginx-extras"
#
sknebel petermolnar: proxy is in nginx-light too
#
petermolnar huh
#
petermolnar that makes sense though, proxy_ is quite a basic thing in nginx
#
sparseMatrix exhaustive configuration: https://pastebin.com/MkHff19x
#
sparseMatrix weired, 'full' conflicts with 'extras'.
#
sknebel does the socket file get created?
#
sparseMatrix yes but not the specified uid/pid
#
sparseMatrix it makes it owned by pi:pi
#
sparseMatrix installs of both 'full' and 'extras' fail because the error log cannot be found at /usr/share/nginx/logs/error.log
#
sknebel you cant have multiple installed at the same time
#
sparseMatrix right, but neither works
#
sparseMatrix both fail with the same emer concern
#
sknebel then undo that line that added the error log
#
sparseMatrix lol additionally. 'warn' is an unknown log format
#
sparseMatrix ok scrubbing that completely makes it run again.
alex11 joined the channel
#
sknebel oh duh
#
sknebel you have two sections for reader.code4peeps.life
#
sparseMatrix I kinda think I should, one for http and one for https?
#
sknebel but you have two for http
#
sparseMatrix woops
#
sparseMatrix lemme take a close(r) look
#
sknebel and thus it takes the first one, and ignores the one you added for python completely
#
sparseMatrix it's a head scratcher, grep only returns a single mention of reader in the codeforlife.peeps.conf file
#
sparseMatrix I actually thought I had two in there (though not both for http)
#
sparseMatrix it's moderately possible I screwed up pasting the configs too, I have someone here pestering the hell out of me
#
sknebel the other is in reader-proxy
#
sparseMatrix ok
#
sparseMatrix I will delete the one from code4peeps
#
sparseMatrix shrugs
#
sparseMatrix it seems to have had exactly no effect
#
sknebel I think its loading a different file now ;)
#
sparseMatrix I still get a 404 from this url: https://reader.code4peeps.life/reader/index.md
#
sknebel and the file name for /etc/nginx/conf.d/reader-proxy needs to end in .conf to be included by the include rule
#
sparseMatrix oooh, that makes a huge difference
#
sparseMatrix or should
#
sparseMatrix :/
#
sparseMatrix man, I had high hopes for that one
#
sknebel well, now it tries to talk to python at least
#
sknebel "502 bad gateway"
#
sparseMatrix intersting, why am I not getting that I wonder
#
sknebel http://reader.code4peeps.life/reader/index.md
#
sknebel *not* https
#
sknebel because you didn't configure https on the python section
#
sparseMatrix ahh
#
sparseMatrix ok
#
sparseMatrix yeah curl gives me the bad gateway.... chrome (or something browserish) 'promotes' the http to https in the browser
#
sparseMatrix I wonder if I have something now in the uwsgi log (I have been unable to leave a mark there so far)
#
sparseMatrix indeed I do.
#
sparseMatrix https://pastebin.com/pPB1Zp3W
#
sparseMatrix the last several lines of logging from uwsgi
#
sparseMatrix now the odd thing about that last line... iaerodromeost is almost gibberish
#
sparseMatrix but aerodrome is the local network hostname of the 'server'
#
sparseMatrix so the 'i' and the 'ost' are mysterious
#
sparseMatrix as are the multiple reads of index.md
#
sparseMatrix there should be one 'preparing' and one 'reading'
#
sparseMatrix (that is debug logging from the python app)
#
sparseMatrix that string, 'iaerodromeost' does not exist in my app source
#
sparseMatrix nor in the nginx config
#
sknebel anything in the nginx logs?
#
sparseMatrix ah yes, a permissions problem on unix:///tmp/reader.sock -- who'd a thunk it?
#
sparseMatrix I'm going to try manually setting ownership and perms on that socket, whattya think?
#
sknebel yeah
#
sknebel or stop both services, delete it and restart them
#
sknebel if you ever for testing ran one of them as your normal user it might just have created it then with the wrong perms
#
sparseMatrix it's set to vaccum, it should tear it down and rebuild it everrytime
#
sparseMatrix but I'm game for a full restart, one sec
#
sparseMatrix ok all restarted
#
sparseMatrix still a perms problem, uwsgi createdthe socket as pi/pi again
#
sknebel but it's being started as root?
#
sparseMatrix no, actually, am I 'sposed to run as root (heh.)
#
sknebel yeah
#
sparseMatrix heh.
#
sparseMatrix lemme do stuff, brb.
#
sknebel then it creates the socket as root and drops down to the www-data user/group
#
sparseMatrix yes, that makes plenty of good sense. BUT... I have wsgi installed in my user's python virtualenv
#
sparseMatrix so when I sudo, it cant find uwsgi
#
sparseMatrix I'm sure I can figure out how to make it run as root, but it starts to seem like I'm forcing the issue, if you will...
#
sknebel then change the socket-chmod to 666 for now
#
sparseMatrix that notion really sets off the ol' unix spidey senses. but a cooler head asks, 'what, actually, are the exposures?"
#
sparseMatrix none really that wouldn't require prexisting access to escalate.
#
sknebel I think right now it makes sense for you to get it working somehow, and then improve it
#
sparseMatrix yeah
#
sparseMatrix speaking of which, something we did stopped the python app logging to uwsgi stdout
#
sparseMatrix opening up the socket doesn't seemed to have helped though
#
sknebel still permission problem?
#
sknebel what's the exact error?
#
sparseMatrix 2021/05/14 09:46:25 [crit] 4671#4671: *1 connect() to unix:///tmp/reader.sock failed (13: Permission denied) while connecting to upstream, client: 98.39.246.186, server: reader.code4peeps.life, request: "GET /reader/index.md HTTP/1.1", upstream: "uwsgi://unix:///tmp/reader.sock:", host: "reader.code4peeps.life" 2021/05/14 09:59:43 [error] 4671#4671: *3 upstream prematurely closed connection while reading response header from upstream, client:
#
sparseMatrix 98.39.246.186, server: reader.code4peeps.life, request: "GET /reader/index.md HTTP/1.1", upstream: "uwsgi://unix:///tmp/reader.sock:", host: "reader.code4peeps.life"
#
sknebel but the socket now has good permissions?
#
sparseMatrix srw-rw-rw- 1 pi pi 0 May 14 10:00 reader.sock
#
sknebel oh wait, does your system have tmp mapped differently for different users? do you see the socket from a root shell at all?
#
sparseMatrix good question
#
sparseMatrix yes, and it's the same /tmp
#
sparseMatrix socket file is present for root
#
sparseMatrix sudo, at least
#
sparseMatrix it's the only way I access root interactively...
#
sparseMatrix as an aside: I get a lot of things done without much direct help, or at least, I like to think I do.
#
sparseMatrix but this is an ass kicker
#
sknebel (afk for a bit, will check back later)
#
sparseMatrix hey thanks for all your help Sknebel :D
[aciccarello], gRegorLove, gRegorLove_, [KevinMarks], wes, chee and [schmarty] joined the channel
#
[KevinMarks] Do we have a micropub to ftp mapping tool?
[girrodocus] and [snarfed] joined the channel
#
[snarfed] 🤔
#
[snarfed] jamietanna just fyi you may want to look at your wm sending code. you currently resend each of your bridgy publish wms hundreds of times, every 5m or so for 24h+ after the initial publish
#
[snarfed] looks like that started a few days ago
#
sknebel note to self: get a "WMs sent" graph somewhere
#
sknebel this appears to be a thing people do regularly :D
#
aaronpk makes a note to add some more monitoring tools to telegraph since that's what is actually sending them
[dianoetic_net] joined the channel
#
jamietanna[m] Snarfed sorry yes there's a bug with my DB writes but I thought I put a workaround in - will check on it tonight, sorry!
[chrisaldrich] joined the channel
#
Salt[m] hmm, back to poking at indieauth, the AP-compat login request wants the form of USER@instance, would this be like DOMAIN@indielogin.com ?
#
Salt[m] I'm asking these in -dev because I think it is an implementation question, but if I'm wrong about the place, please redirect!
#
jacky :P
#
aaronpk what is asking this?
#
Loqi It looks like we don't have a page for "asking this" yet. Would you like to create it? (Or just say "asking this is ____", a sentence describing the term)
#
aaronpk oops
#
jacky Salt[m]: is this like in a client AP-esque app? Like Tusky?
#
Salt[m] it's in PeerTube
#
[snarfed] sknebel: obligatory, https://snarfed.org/2020-06-27_bridgy-stats-update-5#apace 😁
#
Salt[m] specifically, trying to respond to this :P https://framatube.org/videos/watch/505407b5-35b8-468c-87f5-a144e793231f
#
jacky ahhh
#
aaronpk respond?
#
aaronpk oh it asks you to log in
#
aaronpk I don't know what that is, i don't think it's doing indieauth
#
jacky yeah not at all
#
jacky you'd have to do it all via AP
#
jacky IIRC PeerTube doesn't support Webmentions either
#
Salt[m] no, it isn't, but it is doing a few different auth types by the look of it
#
aaronpk yeah it's taking you over to your own mastodon instance to reply from there
#
aaronpk no auth
#
Salt[m] so there should be a standardized way for an indieauth implementation to access it, no?
#
aaronpk it's saying go post a reply from your own account
#
jacky you wouldn't need to use indieauth here
#
Salt[m] oh strange
#
aaronpk if your site supports activitypub you can reply to those videos by replying to the video URL like it was an AP post
#
aaronpk looks like using the inline comment form there requires a local account on that instance
#
Salt[m] gotcha, thanks!
#
Salt[m] can't wait for this quarter to be over, taking the summer off and have a bunch of indieweb changes to make (got a new shiny domain...)
sparseMatrix joined the channel
#
sparseMatrix dag, I think my #1 current obstacle is that when I run uwsgi out of userspace, it cannot create the socket with specified perms - always creates it pi:pi
#
sparseMatrix dang, even
#
sknebel yeah, you'd usually run it as root and it then drops privs
#
sknebel did telling it to load the venv not work?
#
sparseMatrix @sknebel: ironically, that is how I originally installed it - built binaries myself from source
#
sknebel debian/raspbian should have a package for it
#
sparseMatrix then yesterday afternoon lahacker and I installed it for use in userspace]
#
sparseMatrix the installation instructions at the uwsgi site suggest the best way to install is self build
#
sparseMatrix I am very comfortable with building software from source, so that's how I initially undertook to install it
#
sknebel yeah, should also work of course
#
sknebel Pi is just a bit slow ;)
#
sparseMatrix it's a Pi4B
#
sknebel I dont think I had any issues on my server with just telling it the venv and python interpreter
#
sparseMatrix it's faster than my interwebs, I sure ; )
#
sparseMatrix it's doesn't 'feel' slow
#
sparseMatrix unlike the 3 series
#
sparseMatrix I'll keep screwing with it until I get it to work; I'm really kind of hard headed that way
#
sparseMatrix I mean, there are several other linux variations I can run there, and that may make a big difference
#
sparseMatrix arch will run fine there, and there's alpine at the other end of the spectrum
#
sknebel did it give you any useful error when you told it to use the venv?
#
sparseMatrix no
#
sparseMatrix it used it
#
sparseMatrix in fact uwsgi works fine
#
sparseMatrix if I set a tcp socekt on it in additon to the unix one, I can curl the content from within the lan
#
sknebel I meant when you tried the running-as-root one
#
sparseMatrix oh dang lol
#
sparseMatrix my friend, a LOT of water has passed beneath the bridge, since then
#
sparseMatrix ...and I have slept as well.
#
sknebel (you can always just use a socket over localhost instead of the unix socket of course too. I think that's how my setup does it, for no particular reason)
#
sparseMatrix my understanding is that a unix socket is far more secure. that's my goal wrt to using the socket anyway
#
sparseMatrix the unix socket, that is
#
sparseMatrix we actually had the python stout appearing in the uwsgi logs at one point, when we were banging on it earlier
#
sparseMatrix much of what I've been doing since has been trying to recall what change we made that stopped that
#
sparseMatrix ahh well, time to start cooking, I'm doing chili con carne from scratch tonight : )
#
sparseMatrix I'll drop in later or something
#
jacky wtf
#
jamietanna[m] Snarfed kinda resolved for new ones (so they won't retry) but still got some fixes to do this weekend - thanks for the nudge!
#
[snarfed] welcome!
[fluffy] joined the channel
#
[fluffy] @sparseMatrix UNIX sockets are slightly more secure (in that you can’t accidentally expose them to the world) and also theoretically more performant (since it doesn’t have to go through the networking layer), and also they can be a lot easier to manage because you don’t need to keep track of who allocates which port, you only direct the fronting service to a file path.
#
[fluffy] That last reason is why I most strongly prefer them.
#
[fluffy] The security and performance aspects are pretty minor, but the reverse proxy/endpoint management aspect alone is a great reason to use them.
KartikPrabhu joined the channel