#dev 2021-05-14

2021-05-14 UTC
[KevinMarks] joined the channel
#
[KevinMarks]
CC0 for documentation is common
[tw2113_Slack_] joined the channel
#
[tw2113_Slack_]
mmm public domain
sparseMatrix joined the channel
#
sparseMatrix
very interesting
alex11 joined the channel
#
sparseMatrix
man this is a tough one to describe lol
#
sparseMatrix
but I have some subdomains, yes... to set up as vhosts
#
sparseMatrix
all but one of them are meant to have nginix sit in front of them, via uwsgi
#
sparseMatrix
now that one is a vhost that simply serves static files, and is working
#
sparseMatrix
and there is also the default uri/index.html
#
Salt[m]
can indieauth be used for activitypub id verification? does it require something special? I was looking to reply to a peertube comment and see they support anything AP-compat...
#
sparseMatrix
I have one index.html sitting in the root of the default uri
#
sparseMatrix
it shows up where you might expect
#
Salt[m]
I see something about microblog.pub having an implementation, but it is unclear whether they are separate
#
sparseMatrix
but any attempt to access the uwsgi-associated url fails to operate as designed, and returns an index.html from the installation folders - off in /usr somewhere.
#
sparseMatrix
@Salt[m] I wish I knew well enough to say
#
Salt[m]
hmm, it appears that aaron has definitely written about it
#
Salt[m]
nvm, was confusing comments on a page, anyway, it appears to have been implemented as an official plugin, so perhaps it depends on the instance, https://github.com/Chocobozzz/PeerTube/issues/1316
#
Loqi
[unmellow] #1316 OpenID support
gRegorLove joined the channel
#
Salt[m]
ah, I think I misread and that plugin is for oid connect (clearly) and a comment was requesting indieauth
#
Salt[m]
there is an oauth plugin, hmm, may just have to test it out, any, sorry for the noise
#
jacky
that kinda sucks
#
jacky
hmm actually it might be in more instances
#
jacky
agh I see why multi-tenant services tend to be single-cloud setups
#
jacky
is researching how to do site hosting for people to make it easier to onboard people to the IndieWeb using his projects or others provided a template
[fluffy] joined the channel
#
lahacker
jacky what is the language composition of your current stack?
#
lahacker
sparseMatrix if the attempt to access the uwsgi app is pointing you to the /usr/../index.html then your `server_name`s and location block aren't being registered or aren't being followed..
gRegorLove and gRegorLove_ joined the channel
#
jacky
who's that domain name service that's like friendly with the IndieWeb?
#
jacky
Name?
#
jacky
friendly as in we've seen people come from there and they've (I think) sponsored some stuff
#
jacky
oof this is more of a #-meta question
#
KartikPrabhu
Go Daddy?
#
jacky
ah okay
gRegorLove joined the channel
#
gRegorLove
Name.com sponsored one or two Portland IWCs I think
[manton] joined the channel
#
[manton]
Name.com being involved at IWC was partly why I chose their API to offer domain registration for Micro.blog customers.
#
jacky
ah bet
#
jacky
yeah I wanna do the same!
#
jacky
I personally _love_ DNSimple (they're so cute, lol) but it looks like Name has a simple API (all I really need is CNAMEing)
[tw2113_Slack_] joined the channel
#
[manton]
I’ve also used DNSimple for years and still have several domains there that there’s not much urgency to move. No complaints about them either.
#
[tw2113_Slack_]
i just stick with Dreamhost for registrar and a couple tiny hosting sites, and DigitalOcean for the rest for hosting
#
aaronpk
jacky: name.com has a new referral program in case that's interesting
#
jacky
oh for resellers?
#
jacky
should note that he's aiming to hit up these providers as a reseller/provider to help people claim a domain name if they don't have one
[schmarty] joined the channel
#
jacky
eh a bit niche but I think linking to both Name and DNSimple as recs is good enough for the v1 - v3
gRegorLove, gRegorLove_, nertzy, jamietanna[m], fredcy_, jeremycherfas, [dianoetic_net], gbmor, tomlarkworthy, alex11, [chee], [KevinMarks] and sparseMatrix joined the channel
#
sparseMatrix
aw man I reckon I'm stumped....which means I'll be shuffling around the place in a stupor while I try to work out why my stack isn't working correctly
#
sparseMatrix
nginx+uwsgi+python
#
sparseMatrix
all the individual bits work independently
#
sparseMatrix
python+nginx: no problem
#
sparseMatrix
uwsgi+python: no problem'
#
sparseMatrix
but I can find no indication that nginx is passing requests to uwsgi
#
sparseMatrix
it's as if nginx needs a mod-proxy or something
#
sparseMatrix
lahacker and I went through it yesterday over zoom for a few or so hours (the dude is a champ)
#
sparseMatrix
but yeah, it's a tough nut, I tell ya what
#
sparseMatrix
I do not have this module.
tomlarkworthy joined the channel
#
tomlarkworthy
I am quite in love with OpenRESTY as more versatile version of nginx:- https://futurice.com/blog/openresty-a-swiss-army-proxy-for-serverless
#
sparseMatrix
@tomlarkworthy that honestly looks fascinating, but all I really need out of it is a simple reverse proxy to a vhost running on the same little raspberry pi4
#
sparseMatrix
by all accounts any of several configurations I've put together should have worked
#
tomlarkworthy
OpenREST is nginx + LUI, so you can configure it with a normal programming language and not nginx's completely baroque progrommaing model. You can, for instance, print things to the debug log, something which seems impossible with nginx.
#
tomlarkworthy
it also has a package manager so you can install common things
#
tomlarkworthy
its also reasonably battery included without being heavy
#
tomlarkworthy
jsut saying I find OpenRESTY a lot more intuitive than raw nginx
#
petermolnar
recompile nginx
#
petermolnar
it's not hard at all
#
petermolnar
I used to have a rather complicated script to auto-upgrade nginx in 2012 with some custom modules: https://petermolnar.net/article/nginx-version-update-script/index.html
#
petermolnar
but proxy really should be in nearly every repository package
#
Loqi
[Peter Molnar] My nginx version update script
#
sparseMatrix
@petermolnar I actually installed nginx on this 2gb raspi from the raspbian repos, should I back that stuff out?
#
sparseMatrix
@tomlarkworthy I don't so much doubt you as myself; I'm so noobish to nginx that I have no confidence in my ability to make good decisions about it
#
sparseMatrix
especially after a couple days of jacobian wrestling with it
#
sknebel
the proxy module should be part of the nginx package by default, are you sure you dont have it?
#
tomlarkworthy
" I can find no indication that nginx is passing requests to uwsgi" its a speculation
#
tomlarkworthy
you read the nginx error logs right?
#
tomlarkworthy
and turned up logging: error_log logs/error.log warn;
#
sparseMatrix
@sknebel: if it can be built into the binary, it's certainly possible that it is and I am unaware of it. I can't seem to find any direct evidence that it is there
#
sparseMatrix
@tomlarkworthy: the only logging that I've been able to find is the access and error logs
#
tomlarkworthy
yeah and you explicitly pumped the error logging becuase it tends not to print much out the box
#
sparseMatrix
'explicitly pumped'? not sure what you mean there
#
tomlarkworthy
typo for 'upped'
#
tomlarkworthy
you should have an error logging directive in your config
#
sparseMatrix
I haven't changed from the default logging settings
#
tomlarkworthy
if you are sailing on default you are not seeing much
#
tomlarkworthy
well do that then
#
sparseMatrix
yeah are in there, but it's only the locations that are configgered
#
Loqi
agreed.
#
sparseMatrix
one thing of note that I am seeing there
#
tomlarkworthy
'error_log logs/error.log warn;' is global setting
#
sparseMatrix
when I attempt to access what should be the proxied service, it is attempting to serve files over http from the installation directory
#
sparseMatrix
the 'reader/index.md' is a route that should be served by my uwsgi/python flask bits
#
sparseMatrix
one sec, upping the log level
#
sparseMatrix
bizarre... adding that logging directive to the other logging directives in /etc/nginx/nginx.conf, it is now trying to read logs from /usr/share/nginx as well. in spite of the two preceding lines that set logfile locations to /var/log/nginx/*log
#
sparseMatrix
...and erroring out as a result, as the logs it's trying to access in /usr/share do not exist
#
sknebel
can you share your config files somewhere?
#
sknebel
(or I can upload a sanitized version of mine...)
#
tomlarkworthy
yeah I have openresty ones here, its jsut the lui_blocks which are unique to openRERSTY, the highler level lcoations and proxy_pass are nginx https://github.com/futurice/terraform-examples/blob/master/google_cloud/openresty-beyondcorp/files/default.template.conf
#
sparseMatrix
sure, one sec :D
#
petermolnar
sparseMatrix: ah! that might explain it. On ubuntu/debian, there are multiple nginx -es in the repo: you want "nginx-full" or "nginx-extras"
#
sknebel
petermolnar: proxy is in nginx-light too
#
petermolnar
that makes sense though, proxy_ is quite a basic thing in nginx
#
sparseMatrix
exhaustive configuration: https://pastebin.com/MkHff19x
#
sparseMatrix
weired, 'full' conflicts with 'extras'.
#
sknebel
does the socket file get created?
#
sparseMatrix
yes but not the specified uid/pid
#
sparseMatrix
it makes it owned by pi:pi
#
sparseMatrix
installs of both 'full' and 'extras' fail because the error log cannot be found at /usr/share/nginx/logs/error.log
#
sknebel
you cant have multiple installed at the same time
#
sparseMatrix
right, but neither works
#
sparseMatrix
both fail with the same emer concern
#
sknebel
then undo that line that added the error log
#
sparseMatrix
lol additionally. 'warn' is an unknown log format
#
sparseMatrix
ok scrubbing that completely makes it run again.
alex11 joined the channel
#
sknebel
oh duh
#
sknebel
you have two sections for reader.code4peeps.life
#
sparseMatrix
I kinda think I should, one for http and one for https?
#
sknebel
but you have two for http
#
sparseMatrix
woops
#
sparseMatrix
lemme take a close(r) look
#
sknebel
and thus it takes the first one, and ignores the one you added for python completely
#
sparseMatrix
it's a head scratcher, grep only returns a single mention of reader in the codeforlife.peeps.conf file
#
sparseMatrix
I actually thought I had two in there (though not both for http)
#
sparseMatrix
it's moderately possible I screwed up pasting the configs too, I have someone here pestering the hell out of me
#
sknebel
the other is in reader-proxy
#
sparseMatrix
ok
#
sparseMatrix
I will delete the one from code4peeps
#
sparseMatrix
shrugs
#
sparseMatrix
it seems to have had exactly no effect
#
sknebel
I think its loading a different file now ;)
#
sparseMatrix
I still get a 404 from this url: https://reader.code4peeps.life/reader/index.md
#
sknebel
and the file name for /etc/nginx/conf.d/reader-proxy needs to end in .conf to be included by the include rule
#
sparseMatrix
oooh, that makes a huge difference
#
sparseMatrix
or should
#
sparseMatrix
:/
#
sparseMatrix
man, I had high hopes for that one
#
sknebel
well, now it tries to talk to python at least
#
sknebel
"502 bad gateway"
#
sparseMatrix
intersting, why am I not getting that I wonder
#
sknebel
*not* https
#
sknebel
because you didn't configure https on the python section
#
sparseMatrix
ahh
#
sparseMatrix
ok
#
sparseMatrix
yeah curl gives me the bad gateway.... chrome (or something browserish) 'promotes' the http to https in the browser
#
sparseMatrix
I wonder if I have something now in the uwsgi log (I have been unable to leave a mark there so far)
#
sparseMatrix
indeed I do.
#
sparseMatrix
the last several lines of logging from uwsgi
#
sparseMatrix
now the odd thing about that last line... iaerodromeost is almost gibberish
#
sparseMatrix
but aerodrome is the local network hostname of the 'server'
#
sparseMatrix
so the 'i' and the 'ost' are mysterious
#
sparseMatrix
as are the multiple reads of index.md
#
sparseMatrix
there should be one 'preparing' and one 'reading'
#
sparseMatrix
(that is debug logging from the python app)
#
sparseMatrix
that string, 'iaerodromeost' does not exist in my app source
#
sparseMatrix
nor in the nginx config
#
sknebel
anything in the nginx logs?
#
sparseMatrix
ah yes, a permissions problem on unix:///tmp/reader.sock -- who'd a thunk it?
#
sparseMatrix
I'm going to try manually setting ownership and perms on that socket, whattya think?
#
sknebel
or stop both services, delete it and restart them
#
sknebel
if you ever for testing ran one of them as your normal user it might just have created it then with the wrong perms
#
sparseMatrix
it's set to vaccum, it should tear it down and rebuild it everrytime
#
sparseMatrix
but I'm game for a full restart, one sec
#
sparseMatrix
ok all restarted
#
sparseMatrix
still a perms problem, uwsgi createdthe socket as pi/pi again
#
sknebel
but it's being started as root?
#
sparseMatrix
no, actually, am I 'sposed to run as root (heh.)
#
sparseMatrix
heh.
#
sparseMatrix
lemme do stuff, brb.
#
sknebel
then it creates the socket as root and drops down to the www-data user/group
#
sparseMatrix
yes, that makes plenty of good sense. BUT... I have wsgi installed in my user's python virtualenv
#
sparseMatrix
so when I sudo, it cant find uwsgi
#
sparseMatrix
I'm sure I can figure out how to make it run as root, but it starts to seem like I'm forcing the issue, if you will...
#
sknebel
then change the socket-chmod to 666 for now
#
sparseMatrix
that notion really sets off the ol' unix spidey senses. but a cooler head asks, 'what, actually, are the exposures?"
#
sparseMatrix
none really that wouldn't require prexisting access to escalate.
#
sknebel
I think right now it makes sense for you to get it working somehow, and then improve it
#
sparseMatrix
yeah
#
sparseMatrix
speaking of which, something we did stopped the python app logging to uwsgi stdout
#
sparseMatrix
opening up the socket doesn't seemed to have helped though
#
sknebel
still permission problem?
#
sknebel
what's the exact error?
#
sparseMatrix
2021/05/14 09:46:25 [crit] 4671#4671: *1 connect() to unix:///tmp/reader.sock failed (13: Permission denied) while connecting to upstream, client: 98.39.246.186, server: reader.code4peeps.life, request: "GET /reader/index.md HTTP/1.1", upstream: "uwsgi://unix:///tmp/reader.sock:", host: "reader.code4peeps.life" 2021/05/14 09:59:43 [error] 4671#4671: *3 upstream prematurely closed connection while reading response header from upstream, client:
#
sparseMatrix
98.39.246.186, server: reader.code4peeps.life, request: "GET /reader/index.md HTTP/1.1", upstream: "uwsgi://unix:///tmp/reader.sock:", host: "reader.code4peeps.life"
#
sknebel
but the socket now has good permissions?
#
sparseMatrix
srw-rw-rw- 1 pi pi 0 May 14 10:00 reader.sock
#
sknebel
oh wait, does your system have tmp mapped differently for different users? do you see the socket from a root shell at all?
#
sparseMatrix
good question
#
sparseMatrix
yes, and it's the same /tmp
#
sparseMatrix
socket file is present for root
#
sparseMatrix
sudo, at least
#
sparseMatrix
it's the only way I access root interactively...
#
sparseMatrix
as an aside: I get a lot of things done without much direct help, or at least, I like to think I do.
#
sparseMatrix
but this is an ass kicker
#
sknebel
(afk for a bit, will check back later)
#
sparseMatrix
hey thanks for all your help Sknebel :D
[aciccarello], gRegorLove, gRegorLove_, [KevinMarks], wes, chee and [schmarty] joined the channel
#
[KevinMarks]
Do we have a micropub to ftp mapping tool?
[girrodocus] and [snarfed] joined the channel
#
[snarfed]
jamietanna just fyi you may want to look at your wm sending code. you currently resend each of your bridgy publish wms hundreds of times, every 5m or so for 24h+ after the initial publish
#
[snarfed]
looks like that started a few days ago
#
sknebel
note to self: get a "WMs sent" graph somewhere
#
sknebel
this appears to be a thing people do regularly :D
#
aaronpk
makes a note to add some more monitoring tools to telegraph since that's what is actually sending them
[dianoetic_net] joined the channel
#
jamietanna[m]
Snarfed sorry yes there's a bug with my DB writes but I thought I put a workaround in - will check on it tonight, sorry!
[chrisaldrich] joined the channel
#
Salt[m]
hmm, back to poking at indieauth, the AP-compat login request wants the form of USER@instance, would this be like DOMAIN@indielogin.com ?
#
Salt[m]
I'm asking these in -dev because I think it is an implementation question, but if I'm wrong about the place, please redirect!
#
aaronpk
what is asking this?
#
Loqi
It looks like we don't have a page for "asking this" yet. Would you like to create it? (Or just say "asking this is ____", a sentence describing the term)
#
jacky
Salt[m]: is this like in a client AP-esque app? Like Tusky?
#
Salt[m]
it's in PeerTube
#
aaronpk
respond?
#
aaronpk
oh it asks you to log in
#
aaronpk
I don't know what that is, i don't think it's doing indieauth
#
jacky
yeah not at all
#
jacky
you'd have to do it all via AP
#
jacky
IIRC PeerTube doesn't support Webmentions either
#
Salt[m]
no, it isn't, but it is doing a few different auth types by the look of it
#
aaronpk
yeah it's taking you over to your own mastodon instance to reply from there
#
aaronpk
no auth
#
Salt[m]
so there should be a standardized way for an indieauth implementation to access it, no?
#
aaronpk
it's saying go post a reply from your own account
#
jacky
you wouldn't need to use indieauth here
#
Salt[m]
oh strange
#
aaronpk
if your site supports activitypub you can reply to those videos by replying to the video URL like it was an AP post
#
aaronpk
looks like using the inline comment form there requires a local account on that instance
#
Salt[m]
gotcha, thanks!
#
Salt[m]
can't wait for this quarter to be over, taking the summer off and have a bunch of indieweb changes to make (got a new shiny domain...)
sparseMatrix joined the channel
#
sparseMatrix
dag, I think my #1 current obstacle is that when I run uwsgi out of userspace, it cannot create the socket with specified perms - always creates it pi:pi
#
sparseMatrix
dang, even
#
sknebel
yeah, you'd usually run it as root and it then drops privs
#
sknebel
did telling it to load the venv not work?
#
sparseMatrix
@sknebel: ironically, that is how I originally installed it - built binaries myself from source
#
sknebel
debian/raspbian should have a package for it
#
sparseMatrix
then yesterday afternoon lahacker and I installed it for use in userspace]
#
sparseMatrix
the installation instructions at the uwsgi site suggest the best way to install is self build
#
sparseMatrix
I am very comfortable with building software from source, so that's how I initially undertook to install it
#
sknebel
yeah, should also work of course
#
sknebel
Pi is just a bit slow ;)
#
sparseMatrix
it's a Pi4B
#
sknebel
I dont think I had any issues on my server with just telling it the venv and python interpreter
#
sparseMatrix
it's faster than my interwebs, I sure ; )
#
sparseMatrix
it's doesn't 'feel' slow
#
sparseMatrix
unlike the 3 series
#
sparseMatrix
I'll keep screwing with it until I get it to work; I'm really kind of hard headed that way
#
sparseMatrix
I mean, there are several other linux variations I can run there, and that may make a big difference
#
sparseMatrix
arch will run fine there, and there's alpine at the other end of the spectrum
#
sknebel
did it give you any useful error when you told it to use the venv?
#
sparseMatrix
no
#
sparseMatrix
it used it
#
sparseMatrix
in fact uwsgi works fine
#
sparseMatrix
if I set a tcp socekt on it in additon to the unix one, I can curl the content from within the lan
#
sknebel
I meant when you tried the running-as-root one
#
sparseMatrix
oh dang lol
#
sparseMatrix
my friend, a LOT of water has passed beneath the bridge, since then
#
sparseMatrix
...and I have slept as well.
#
sknebel
(you can always just use a socket over localhost instead of the unix socket of course too. I think that's how my setup does it, for no particular reason)
#
sparseMatrix
my understanding is that a unix socket is far more secure. that's my goal wrt to using the socket anyway
#
sparseMatrix
the unix socket, that is
#
sparseMatrix
we actually had the python stout appearing in the uwsgi logs at one point, when we were banging on it earlier
#
sparseMatrix
much of what I've been doing since has been trying to recall what change we made that stopped that
#
sparseMatrix
ahh well, time to start cooking, I'm doing chili con carne from scratch tonight : )
#
sparseMatrix
I'll drop in later or something
#
jamietanna[m]
Snarfed kinda resolved for new ones (so they won't retry) but still got some fixes to do this weekend - thanks for the nudge!
#
[snarfed]
welcome!
[fluffy] joined the channel
#
[fluffy]
@sparseMatrix UNIX sockets are slightly more secure (in that you can’t accidentally expose them to the world) and also theoretically more performant (since it doesn’t have to go through the networking layer), and also they can be a lot easier to manage because you don’t need to keep track of who allocates which port, you only direct the fronting service to a file path.
#
[fluffy]
That last reason is why I most strongly prefer them.
#
[fluffy]
The security and performance aspects are pretty minor, but the reverse proxy/endpoint management aspect alone is a great reason to use them.
KartikPrabhu joined the channel