#dev 2021-05-14
2021-05-14 UTC
[KevinMarks] joined the channel
# [KevinMarks] CC0 for documentation is common
[tw2113_Slack_] joined the channel
# [tw2113_Slack_] mmm public domain
sparseMatrix joined the channel
# sparseMatrix very interesting
alex11 joined the channel
# sparseMatrix man this is a tough one to describe lol
# sparseMatrix but I have some subdomains, yes... to set up as vhosts
# sparseMatrix all but one of them are meant to have nginix sit in front of them, via uwsgi
# sparseMatrix now that one is a vhost that simply serves static files, and is working
# sparseMatrix and there is also the default uri/index.html
# sparseMatrix I have one index.html sitting in the root of the default uri
# sparseMatrix it shows up where you might expect
# sparseMatrix @Salt[m] I wish I knew well enough to say
# Salt[m] nvm, was confusing comments on a page, anyway, it appears to have been implemented as an official plugin, so perhaps it depends on the instance, https://github.com/Chocobozzz/PeerTube/issues/1316
gRegorLove joined the channel
[fluffy] joined the channel
# lahacker jacky what is the language composition of your current stack?
# lahacker sparseMatrix if the attempt to access the uwsgi app is pointing you to the /usr/../index.html then your `server_name`s and location block aren't being registered or aren't being followed..
gRegorLove and gRegorLove_ joined the channel
# KartikPrabhu Go Daddy?
gRegorLove joined the channel
# gRegorLove Name.com sponsored one or two Portland IWCs I think
[manton] joined the channel
[tw2113_Slack_] joined the channel
# [tw2113_Slack_] i just stick with Dreamhost for registrar and a couple tiny hosting sites, and DigitalOcean for the rest for hosting
[schmarty] joined the channel
gRegorLove, gRegorLove_, nertzy, jamietanna[m], fredcy_, jeremycherfas, [dianoetic_net], gbmor, tomlarkworthy, alex11, [chee], [KevinMarks] and sparseMatrix joined the channel
# sparseMatrix aw man I reckon I'm stumped....which means I'll be shuffling around the place in a stupor while I try to work out why my stack isn't working correctly
# sparseMatrix nginx+uwsgi+python
# sparseMatrix all the individual bits work independently
# sparseMatrix python+nginx: no problem
# sparseMatrix uwsgi+python: no problem'
# sparseMatrix but I can find no indication that nginx is passing requests to uwsgi
# sparseMatrix it's as if nginx needs a mod-proxy or something
# sparseMatrix lahacker and I went through it yesterday over zoom for a few or so hours (the dude is a champ)
# sparseMatrix but yeah, it's a tough nut, I tell ya what
# sparseMatrix heh, https://nginx.org/en/docs/http/ngx_http_proxy_module.html
# sparseMatrix I do not have this module.
tomlarkworthy joined the channel
# tomlarkworthy I am quite in love with OpenRESTY as more versatile version of nginx:- https://futurice.com/blog/openresty-a-swiss-army-proxy-for-serverless
# tomlarkworthy https://hub.docker.com/r/floydhub/uwsgi-openresty
# sparseMatrix @tomlarkworthy that honestly looks fascinating, but all I really need out of it is a simple reverse proxy to a vhost running on the same little raspberry pi4
# sparseMatrix by all accounts any of several configurations I've put together should have worked
# tomlarkworthy OpenREST is nginx + LUI, so you can configure it with a normal programming language and not nginx's completely baroque progrommaing model. You can, for instance, print things to the debug log, something which seems impossible with nginx.
# tomlarkworthy it also has a package manager so you can install common things
# tomlarkworthy its also reasonably battery included without being heavy
# tomlarkworthy jsut saying I find OpenRESTY a lot more intuitive than raw nginx
# petermolnar recompile nginx
# petermolnar it's not hard at all
# petermolnar I used to have a rather complicated script to auto-upgrade nginx in 2012 with some custom modules: https://petermolnar.net/article/nginx-version-update-script/index.html
# petermolnar but proxy really should be in nearly every repository package
# sparseMatrix @petermolnar I actually installed nginx on this 2gb raspi from the raspbian repos, should I back that stuff out?
# sparseMatrix @tomlarkworthy I don't so much doubt you as myself; I'm so noobish to nginx that I have no confidence in my ability to make good decisions about it
# sparseMatrix especially after a couple days of jacobian wrestling with it
# tomlarkworthy " I can find no indication that nginx is passing requests to uwsgi" its a speculation
# tomlarkworthy you read the nginx error logs right?
# tomlarkworthy and turned up logging: error_log logs/error.log warn;
# sparseMatrix @sknebel: if it can be built into the binary, it's certainly possible that it is and I am unaware of it. I can't seem to find any direct evidence that it is there
# sparseMatrix @tomlarkworthy: the only logging that I've been able to find is the access and error logs
# tomlarkworthy yeah and you explicitly pumped the error logging becuase it tends not to print much out the box
# sparseMatrix 'explicitly pumped'? not sure what you mean there
# tomlarkworthy typo for 'upped'
# tomlarkworthy you should have an error logging directive in your config
# sparseMatrix I haven't changed from the default logging settings
# tomlarkworthy if you are sailing on default you are not seeing much
# tomlarkworthy well do that then
# sparseMatrix yeah are in there, but it's only the locations that are configgered
# sparseMatrix one thing of note that I am seeing there
# tomlarkworthy 'error_log logs/error.log warn;' is global setting
# sparseMatrix when I attempt to access what should be the proxied service, it is attempting to serve files over http from the installation directory
# sparseMatrix /usr/share/nginx/html/reader/index.md
# sparseMatrix the 'reader/index.md' is a route that should be served by my uwsgi/python flask bits
# sparseMatrix one sec, upping the log level
# sparseMatrix bizarre... adding that logging directive to the other logging directives in /etc/nginx/nginx.conf, it is now trying to read logs from /usr/share/nginx as well. in spite of the two preceding lines that set logfile locations to /var/log/nginx/*log
# sparseMatrix ...and erroring out as a result, as the logs it's trying to access in /usr/share do not exist
# tomlarkworthy yeah I have openresty ones here, its jsut the lui_blocks which are unique to openRERSTY, the highler level lcoations and proxy_pass are nginx https://github.com/futurice/terraform-examples/blob/master/google_cloud/openresty-beyondcorp/files/default.template.conf
# sparseMatrix sure, one sec :D
# petermolnar sparseMatrix: ah! that might explain it. On ubuntu/debian, there are multiple nginx -es in the repo: you want "nginx-full" or "nginx-extras"
# petermolnar huh
# petermolnar that makes sense though, proxy_ is quite a basic thing in nginx
# sparseMatrix exhaustive configuration: https://pastebin.com/MkHff19x
# sparseMatrix weired, 'full' conflicts with 'extras'.
# sparseMatrix yes but not the specified uid/pid
# sparseMatrix it makes it owned by pi:pi
# sparseMatrix installs of both 'full' and 'extras' fail because the error log cannot be found at /usr/share/nginx/logs/error.log
# sparseMatrix right, but neither works
# sparseMatrix both fail with the same emer concern
# sparseMatrix lol additionally. 'warn' is an unknown log format
# sparseMatrix ok scrubbing that completely makes it run again.
alex11 joined the channel
# sparseMatrix I kinda think I should, one for http and one for https?
# sparseMatrix woops
# sparseMatrix lemme take a close(r) look
# sparseMatrix it's a head scratcher, grep only returns a single mention of reader in the codeforlife.peeps.conf file
# sparseMatrix I actually thought I had two in there (though not both for http)
# sparseMatrix it's moderately possible I screwed up pasting the configs too, I have someone here pestering the hell out of me
# sparseMatrix ok
# sparseMatrix I will delete the one from code4peeps
# sparseMatrix shrugs
# sparseMatrix it seems to have had exactly no effect
# sparseMatrix I still get a 404 from this url: https://reader.code4peeps.life/reader/index.md
# sknebel and the file name for /etc/nginx/conf.d/reader-proxy needs to end in .conf to be included by the include rule
# sparseMatrix oooh, that makes a huge difference
# sparseMatrix or should
# sparseMatrix :/
# sparseMatrix man, I had high hopes for that one
# sparseMatrix intersting, why am I not getting that I wonder
# sparseMatrix ahh
# sparseMatrix ok
# sparseMatrix yeah curl gives me the bad gateway.... chrome (or something browserish) 'promotes' the http to https in the browser
# sparseMatrix I wonder if I have something now in the uwsgi log (I have been unable to leave a mark there so far)
# sparseMatrix indeed I do.
# sparseMatrix https://pastebin.com/pPB1Zp3W
# sparseMatrix the last several lines of logging from uwsgi
# sparseMatrix now the odd thing about that last line... iaerodromeost is almost gibberish
# sparseMatrix but aerodrome is the local network hostname of the 'server'
# sparseMatrix so the 'i' and the 'ost' are mysterious
# sparseMatrix as are the multiple reads of index.md
# sparseMatrix there should be one 'preparing' and one 'reading'
# sparseMatrix (that is debug logging from the python app)
# sparseMatrix that string, 'iaerodromeost' does not exist in my app source
# sparseMatrix nor in the nginx config
# sparseMatrix ah yes, a permissions problem on unix:///tmp/reader.sock -- who'd a thunk it?
# sparseMatrix I'm going to try manually setting ownership and perms on that socket, whattya think?
# sparseMatrix it's set to vaccum, it should tear it down and rebuild it everrytime
# sparseMatrix but I'm game for a full restart, one sec
# sparseMatrix ok all restarted
# sparseMatrix still a perms problem, uwsgi createdthe socket as pi/pi again
# sparseMatrix no, actually, am I 'sposed to run as root (heh.)
# sparseMatrix heh.
# sparseMatrix lemme do stuff, brb.
# sparseMatrix yes, that makes plenty of good sense. BUT... I have wsgi installed in my user's python virtualenv
# sparseMatrix so when I sudo, it cant find uwsgi
# sparseMatrix I'm sure I can figure out how to make it run as root, but it starts to seem like I'm forcing the issue, if you will...
# sparseMatrix that notion really sets off the ol' unix spidey senses. but a cooler head asks, 'what, actually, are the exposures?"
# sparseMatrix none really that wouldn't require prexisting access to escalate.
# sparseMatrix yeah
# sparseMatrix speaking of which, something we did stopped the python app logging to uwsgi stdout
# sparseMatrix opening up the socket doesn't seemed to have helped though
# sparseMatrix 2021/05/14 09:46:25 [crit] 4671#4671: *1 connect() to unix:///tmp/reader.sock failed (13: Permission denied) while connecting to upstream, client: 98.39.246.186, server: reader.code4peeps.life, request: "GET /reader/index.md HTTP/1.1", upstream: "uwsgi://unix:///tmp/reader.sock:", host: "reader.code4peeps.life" 2021/05/14 09:59:43 [error] 4671#4671: *3 upstream prematurely closed connection while reading response header from upstream, client:
# sparseMatrix 98.39.246.186, server: reader.code4peeps.life, request: "GET /reader/index.md HTTP/1.1", upstream: "uwsgi://unix:///tmp/reader.sock:", host: "reader.code4peeps.life"
# sparseMatrix srw-rw-rw- 1 pi pi 0 May 14 10:00 reader.sock
# sparseMatrix good question
# sparseMatrix socket file is present for root
# sparseMatrix sudo, at least
# sparseMatrix it's the only way I access root interactively...
# sparseMatrix as an aside: I get a lot of things done without much direct help, or at least, I like to think I do.
# sparseMatrix but this is an ass kicker
# sparseMatrix hey thanks for all your help Sknebel :D
[aciccarello], gRegorLove, gRegorLove_, [KevinMarks], wes, chee and [schmarty] joined the channel
# [KevinMarks] Do we have a micropub to ftp mapping tool?
[girrodocus] and [snarfed] joined the channel
[dianoetic_net] joined the channel
# jamietanna[m] Snarfed sorry yes there's a bug with my DB writes but I thought I put a workaround in - will check on it tonight, sorry!
[chrisaldrich] joined the channel
# Loqi It looks like we don't have a page for "asking this" yet. Would you like to create it? (Or just say "asking this is ____", a sentence describing the term)
# [snarfed] sknebel: obligatory, https://snarfed.org/2020-06-27_bridgy-stats-update-5#apace 😁
# Salt[m] specifically, trying to respond to this :P https://framatube.org/videos/watch/505407b5-35b8-468c-87f5-a144e793231f
sparseMatrix joined the channel
# sparseMatrix dag, I think my #1 current obstacle is that when I run uwsgi out of userspace, it cannot create the socket with specified perms - always creates it pi:pi
# sparseMatrix dang, even
# sparseMatrix @sknebel: ironically, that is how I originally installed it - built binaries myself from source
# sparseMatrix then yesterday afternoon lahacker and I installed it for use in userspace]
# sparseMatrix the installation instructions at the uwsgi site suggest the best way to install is self build
# sparseMatrix I am very comfortable with building software from source, so that's how I initially undertook to install it
# sparseMatrix it's a Pi4B
# sparseMatrix it's faster than my interwebs, I sure ; )
# sparseMatrix it's doesn't 'feel' slow
# sparseMatrix unlike the 3 series
# sparseMatrix I'll keep screwing with it until I get it to work; I'm really kind of hard headed that way
# sparseMatrix I mean, there are several other linux variations I can run there, and that may make a big difference
# sparseMatrix arch will run fine there, and there's alpine at the other end of the spectrum
# sparseMatrix no
# sparseMatrix it used it
# sparseMatrix in fact uwsgi works fine
# sparseMatrix if I set a tcp socekt on it in additon to the unix one, I can curl the content from within the lan
# sparseMatrix oh dang lol
# sparseMatrix my friend, a LOT of water has passed beneath the bridge, since then
# sparseMatrix ...and I have slept as well.
# sparseMatrix my understanding is that a unix socket is far more secure. that's my goal wrt to using the socket anyway
# sparseMatrix the unix socket, that is
# sparseMatrix we actually had the python stout appearing in the uwsgi logs at one point, when we were banging on it earlier
# sparseMatrix much of what I've been doing since has been trying to recall what change we made that stopped that
# sparseMatrix ahh well, time to start cooking, I'm doing chili con carne from scratch tonight : )
# sparseMatrix I'll drop in later or something
# jamietanna[m] Snarfed kinda resolved for new ones (so they won't retry) but still got some fixes to do this weekend - thanks for the nudge!
[fluffy] joined the channel
# [fluffy] @sparseMatrix UNIX sockets are slightly more secure (in that you can’t accidentally expose them to the world) and also theoretically more performant (since it doesn’t have to go through the networking layer), and also they can be a lot easier to manage because you don’t need to keep track of who allocates which port, you only direct the fronting service to a file path.
KartikPrabhu joined the channel