LemmyNet / lemmy

🐀 A link aggregator and forum for the fediverse
https://join-lemmy.org
GNU Affero General Public License v3.0
13.32k stars 883 forks source link

[docs] federation block does not work #1881

Closed ncorder closed 3 years ago

ncorder commented 3 years ago

I believe this might be more of an issue on clarifying Lemmy's documentation however the setup for federation does not download any files when running curl -H 'Accept: application/activity+json' <domain>.


What I have tested:

{
  # for more info about the config, check out the documentation
  # https://join-lemmy.org/docs/en/administration/configuration.html

{
  hostname: <domain>
  federation: {
    enabled: true
  }
  slur_filter:
    '''
    (fag(g|got|tard)?\b|cock\s?sucker(s|ing)?|ni((g{2,}|q)+|[gq]{2,})[e3r]+(s|z)?|mudslime?s?|kikes?|\bspi(c|k)s?\b|\bchinks?|gooks?|bitch(es|ing|y)?|whor(es?|ing)|\btr(a|@)nn?(y|ies?)|\b(b|re|r)tard(ed)?s?)
    '''
}

  setup: {
    # username for the admin user
    admin_username: "lemmy"

[...]

and

{
  # for more info about the config, check out the documentation
  # https://join-lemmy.org/docs/en/administration/configuration.html

  hostname: <domain>
  federation: {
    enabled: true
  }
  slur_filter:
    '''
    (fag(g|got|tard)?\b|cock\s?sucker(s|ing)?|ni((g{2,}|q)+|[gq]{2,})[e3r]+(s|z)?|mudslime?s?|kikes?|\bspi(c|k)s?\b|\bchinks?|gooks?|bitch(es|ing|y)?|whor(es?|ing)|\btr(a|@)nn?(y|ies?)|\b(b|re|r)tard(ed)?s?)
    '''

  setup: {
    # username for the admin user
    admin_username: "lemmy"

[...]

after each change I ran docker-compose up -d and verified it was correct through the webgui.


*Editt:

sorry I ran url -H 'Accept: application/activity+json' https://<domain>/c/announcements and not the command listed above

Nutomic commented 3 years ago

curl -H 'Accept: application/activity+json' <domain>

You need to put the url of a community, user or post, not just the domain. For example, curl -H 'Accept: application/activity+json' https://lemmy.ml/c/announcements

ncorder commented 3 years ago

curl -H 'Accept: application/activity+json' <domain>

You need to put the url of a community, user or post, not just the domain. For example, curl -H 'Accept: application/activity+json' https://lemmy.ml/c/announcements

Sorry I should have clarified, that was the command I executed to check for federation and it did not come back with anything.

Nutomic commented 3 years ago

Then its probably something wrong in your reverse proxy config. You need to make sure that requests with that header are forwarded to the backend, not to lemmy-ui. Our nginx config handles that.

ncorder commented 3 years ago

Then its probably something wrong in your reverse proxy config. You need to make sure that requests with that header are forwarded to the backend, not to lemmy-ui. Our nginx config handles that.

I am using the Lemmy NGINX config with log format changes.

see: https://github.com/LemmyNet/lemmy-ansible/pull/5

ncorder commented 3 years ago

output of cat /etc/nginx/sites-enabled/lemmy.conf.

Note: I replaced my domain replaced with {domain} for the purpose of this log file

limit_req_zone $binary_remote_addr zone=lemmy_ratelimit:10m rate=1r/s;

server {
    listen 80;
    listen [::]:80;
    server_name {domain};
    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }
    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name {domain};

    ssl_certificate /etc/letsencrypt/live/{domain}/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/{domain}/privkey.pem;

    # Various TLS hardening settings
    # https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
    ssl_session_timeout  10m;
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets off;
    ssl_stapling on;
    ssl_stapling_verify on;

    # Hide nginx version
    server_tokens off;

    # Enable compression for JS/CSS/HTML bundle, for improved client load times.
    # It might be nice to compress JSON, but leaving that out to protect against potential
    # compression+encryption information leak attacks like BREACH.
    gzip on;
    gzip_types text/css application/javascript image/svg+xml;
    gzip_vary on;

    # Only connect to this site via HTTPS for the two years
    add_header Strict-Transport-Security "max-age=63072000";

    # Various content security headers
    add_header Referrer-Policy "same-origin";
    add_header X-Content-Type-Options "nosniff";
    add_header X-Frame-Options "DENY";
    add_header X-XSS-Protection "1; mode=block";

    # Upload limit for pictrs
    client_max_body_size 20M;

    # frontend
    location / {
      # The default ports:
      # lemmy_ui_port: 1235
      # lemmy_port: 8536

      set $proxpass "http://0.0.0.0:1235";
      if ($http_accept = "application/activity+json") {
        set $proxpass "http://0.0.0.0:8536";
      }
      if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") {
        set $proxpass "http://0.0.0.0:8536";
      }
      if ($request_method = POST) {
        set $proxpass "http://0.0.0.0:8536";
      }
      proxy_pass $proxpass;

      rewrite ^(.+)/+$ $1 permanent;

      # Send actual client IP upstream
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    # backend
    location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known) {
      proxy_pass http://0.0.0.0:8536;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";

      # Rate limit
      limit_req zone=lemmy_ratelimit burst=30 nodelay;

      # Add IP forwarding headers
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    # Redirect pictshare images to pictrs
    location ~ /pictshare/(.*)$ {
      return 301 /pictrs/image/$1;
    }

}

# Anonymize IP addresses
# https://www.supertechcrew.com/anonymizing-logs-nginx-apache/
map $remote_addr $remote_addr_anon {
  ~(?P<ip>\d+\.\d+\.\d+)\.    $ip.0;
  ~(?P<ip>[^:]+:[^:]+):       $ip::;
  127.0.0.1                   $remote_addr;
  ::1                         $remote_addr;
  default                     0.0.0.0;
}
log_format lemmy_main '$remote_addr_anon - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" "$http_user_agent"';
access_log /var/log/nginx/access.log combined;
ncorder commented 3 years ago

Then its probably something wrong in your reverse proxy config. You need to make sure that requests with that header are forwarded to the backend, not to lemmy-ui. Our nginx config handles that.

Are you able to clarify which formatting of the config is correct as well? I added 2 different forms ( both are in my original post's description ) and places of the config that I added the federation block and wanted to make sure that was correct.

Nutomic commented 3 years ago

The second config you posted is correct, the first one isnt. If federation is enabled, that will also be logged. Your nginx config also looks fine, so im not sure what the problem might be.

dessalines commented 3 years ago

What's your nginx version? The fact that you have to have a PR just to get yours to work, tells me your nginx is the problem.

Also post your docker-compose logs

ncorder commented 3 years ago

<domain> = my domain

root@lemmy:/home/user/lemmy# nginx -v
nginx version: nginx/1.18.0
root@lemmy:/home/user/lemmy# docker-compose logs
Attaching to lemmy_lemmy-ui_1, lemmy_lemmy_1, lemmy_postgres_1, lemmy_pictrs_1
lemmy-ui_1  | Inferno is in development mode.
lemmy-ui_1  | Inferno is in development mode.
lemmy-ui_1  | Inferno is in development mode.
lemmy-ui_1  | httpbase: https://lemmy:8536
lemmy-ui_1  | wsUri: wss://lemmy:8536/api/v3/ws
lemmy-ui_1  | isHttps: true
lemmy-ui_1  | No JWT cookie found.
lemmy-ui_1  | http://0.0.0.0:1234
lemmy_1     | warning: invalid logging spec 'info"', ignoring it
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::code_migrations] Running user_updates_2020_04_02
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::code_migrations] 0 person rows updated.
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::code_migrations] Running community_updates_2020_04_02
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::code_migrations] 0 community rows updated.
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::code_migrations] Running post_updates_2020_04_03
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::code_migrations] 0 post rows updated.
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::code_migrations] Running comment_updates_2020_04_03
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::code_migrations] 0 comment rows updated.
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::code_migrations] Running private_message_updates_2020_05_05
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::code_migrations] 0 private message rows updated.
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::code_migrations] Running post_thumbnail_url_updates_2020_07_27
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::code_migrations] 0 Post thumbnail_url rows updated.
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::code_migrations] Running apub_columns_2021_02_02
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::scheduled_tasks] Updating active site and community aggregates ...
lemmy_1     | Starting http server at 0.0.0.0:8536
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::scheduled_tasks] Done.
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::scheduled_tasks] Reindexing table  post_aggregates ...
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::scheduled_tasks] Done.
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::scheduled_tasks] Reindexing table  comment_aggregates ...
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::scheduled_tasks] Done.
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::scheduled_tasks] Reindexing table  community_aggregates ...
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::scheduled_tasks] Done.
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::scheduled_tasks] Clearing old activities...
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::scheduled_tasks] Done.
lemmy_1     | [2021-11-07T21:48:51Z INFO  lemmy_api_crud::site::read] Admin lemmy created
lemmy_1     | [2021-11-07T21:48:51Z INFO  lemmy_api_crud::site::read] Site <domain> created
pictrs_1    | Nov 07 21:44:06.503 ERROR sled::config: cache capacity is limited to the cgroup memory limit: 1023946752 bytes    
pictrs_1    | Nov 07 21:44:06.539  INFO actix_server::builder: Starting 1 workers    
pictrs_1    | Nov 07 21:44:06.539  INFO actix_server::builder: Starting "actix-web-service-0.0.0.0:8080" service on 0.0.0.0:8080    
postgres_1  | The files belonging to this database system will be owned by user "postgres".
postgres_1  | This user must also own the server process.
postgres_1  | 
postgres_1  | The database cluster will be initialized with locale "en_US.utf8".
postgres_1  | The default database encoding has accordingly been set to "UTF8".
postgres_1  | The default text search configuration will be set to "english".
postgres_1  | 
postgres_1  | Data page checksums are disabled.
postgres_1  | 
postgres_1  | fixing permissions on existing directory /var/lib/postgresql/data ... ok
postgres_1  | creating subdirectories ... ok
postgres_1  | selecting dynamic shared memory implementation ... posix
postgres_1  | selecting default max_connections ... 100
postgres_1  | selecting default shared_buffers ... 128MB
postgres_1  | selecting default time zone ... UTC
postgres_1  | creating configuration files ... ok
postgres_1  | running bootstrap script ... ok
postgres_1  | sh: locale: not found
postgres_1  | 2021-11-07 21:44:07.063 UTC [30] WARNING:  no usable system locales were found
postgres_1  | performing post-bootstrap initialization ... ok
postgres_1  | syncing data to disk ... ok
postgres_1  | 
postgres_1  | initdb: warning: enabling "trust" authentication for local connections
postgres_1  | You can change this by editing pg_hba.conf or using the option -A, or
postgres_1  | --auth-local and --auth-host, the next time you run initdb.
postgres_1  | 
postgres_1  | Success. You can now start the database server using:
postgres_1  | 
postgres_1  |     pg_ctl -D /var/lib/postgresql/data -l logfile start
postgres_1  | 
postgres_1  | waiting for server to start....2021-11-07 21:44:07.870 UTC [36] LOG:  starting PostgreSQL 12.8 on x86_64-pc-linux-musl, compiled by gcc (Alpine 10.3.1_git20210424) 10.3.1 20210424, 64-bit
postgres_1  | 2021-11-07 21:44:07.871 UTC [36] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
postgres_1  | 2021-11-07 21:44:07.883 UTC [37] LOG:  database system was shut down at 2021-11-07 21:44:07 UTC
postgres_1  | 2021-11-07 21:44:07.885 UTC [36] LOG:  database system is ready to accept connections
postgres_1  |  done
postgres_1  | server started
postgres_1  | CREATE DATABASE
postgres_1  | 
postgres_1  | 
postgres_1  | /usr/local/bin/docker-entrypoint.sh: ignoring /docker-entrypoint-initdb.d/*
postgres_1  | 
postgres_1  | 2021-11-07 21:44:08.043 UTC [36] LOG:  received fast shutdown request
postgres_1  | waiting for server to shut down...2021-11-07 21:44:08.044 UTC [36] LOG:  aborting any active transactions
postgres_1  | 2021-11-07 21:44:08.045 UTC [36] LOG:  background worker "logical replication launcher" (PID 43) exited with exit code 1
postgres_1  | 2021-11-07 21:44:08.045 UTC [38] LOG:  shutting down
postgres_1  | .2021-11-07 21:44:08.049 UTC [36] LOG:  database system is shut down
postgres_1  |  done
postgres_1  | server stopped
postgres_1  | 
postgres_1  | PostgreSQL init process complete; ready for start up.
postgres_1  | 
postgres_1  | 2021-11-07 21:44:08.155 UTC [1] LOG:  starting PostgreSQL 12.8 on x86_64-pc-linux-musl, compiled by gcc (Alpine 10.3.1_git20210424) 10.3.1 20210424, 64-bit
postgres_1  | 2021-11-07 21:44:08.155 UTC [1] LOG:  listening on IPv4 address "0.0.0.0", port 5432
postgres_1  | 2021-11-07 21:44:08.155 UTC [1] LOG:  listening on IPv6 address "::", port 5432
postgres_1  | 2021-11-07 21:44:08.158 UTC [1] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
postgres_1  | 2021-11-07 21:44:08.169 UTC [50] LOG:  database system was shut down at 2021-11-07 21:44:08 UTC
postgres_1  | 2021-11-07 21:44:08.170 UTC [1] LOG:  database system is ready to accept connections
root@lemmy:/home/user/lemmy# 

I went ahead and wiped the server and reinstalled as well.

then I edited the file:

root@lemmy:/home/user/lemmy# nano lemmy.hjson
root@lemmy:/home/user/lemmy# docker-compose up -d
lemmy_postgres_1 is up-to-date
lemmy_pictrs_1 is up-to-date
lemmy_lemmy_1 is up-to-date
lemmy_lemmy-ui_1 is up-to-date
root@lemmy:/home/user/lemmy# 

And checked federation:

root@lemmy:/home/user/lemmy# 
root@lemmy:/home/user/lemmy# curl -H 'Accept: application/activity+json' https://<domain>/c/announcements
root@lemmy:/home/user/lemmy# 
ncorder commented 3 years ago

I replace my domain with <domain> for privacy.


Other information:

root@lemmy:/home/user/lemmy# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux 11 (bullseye)
Release:    11
Codename:   bullseye
root@lemmy:/home/user/lemmy# cat *.hjson
{
  # for more info about the config, check out the documentation
  # https://join-lemmy.org/docs/en/administration/configuration.html

  hostname: <domain>
  federation: {
    enabled: true
  }
  slur_filter:
    '''
    (fag(g|got|tard)?\b|cock\s?sucker(s|ing)?|ni((g{2,}|q)+|[gq]{2,})[e3r]+(s|z)?|mudslime?s?|kikes?|\bspi(c|k)s?\b|\bchinks?|gooks?|bitch(es|ing|y)?|whor(es?|ing)|\btr(a|@)nn?(y|ies?)|\b(b|re|r)tard(ed)?s?)
    '''

  setup: {
    # username for the admin user

[...]

The file continues, it just includes the admin user password and database password so I cut it off.

ncorder commented 3 years ago

Additional:

root@lemmy:/home/user/lemmy# docker-compose logs
Attaching to lemmy_lemmy-ui_1, lemmy_lemmy_1, lemmy_postgres_1, lemmy_pictrs_1
lemmy-ui_1  | Inferno is in development mode.
lemmy-ui_1  | Inferno is in development mode.
lemmy-ui_1  | Inferno is in development mode.
lemmy-ui_1  | httpbase: https://lemmy:8536
lemmy-ui_1  | wsUri: wss://lemmy:8536/api/v3/ws
lemmy-ui_1  | isHttps: true
lemmy-ui_1  | No JWT cookie found.
lemmy-ui_1  | http://0.0.0.0:1234
lemmy_1     | warning: invalid logging spec 'info"', ignoring it
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::code_migrations] Running user_updates_2020_04_02
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::code_migrations] 0 person rows updated.
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::code_migrations] Running community_updates_2020_04_02
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::code_migrations] 0 community rows updated.
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::code_migrations] Running post_updates_2020_04_03
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::code_migrations] 0 post rows updated.
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::code_migrations] Running comment_updates_2020_04_03
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::code_migrations] 0 comment rows updated.
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::code_migrations] Running private_message_updates_2020_05_05
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::code_migrations] 0 private message rows updated.
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::code_migrations] Running post_thumbnail_url_updates_2020_07_27
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::code_migrations] 0 Post thumbnail_url rows updated.
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::code_migrations] Running apub_columns_2021_02_02
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::scheduled_tasks] Updating active site and community aggregates ...
lemmy_1     | Starting http server at 0.0.0.0:8536
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::scheduled_tasks] Done.
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::scheduled_tasks] Reindexing table  post_aggregates ...
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::scheduled_tasks] Done.
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::scheduled_tasks] Reindexing table  comment_aggregates ...
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::scheduled_tasks] Done.
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::scheduled_tasks] Reindexing table  community_aggregates ...
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::scheduled_tasks] Done.
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::scheduled_tasks] Clearing old activities...
lemmy_1     | [2021-11-07T21:44:10Z INFO  lemmy_server::scheduled_tasks] Done.
lemmy_1     | [2021-11-07T21:48:51Z INFO  lemmy_api_crud::site::read] Admin lemmy created
lemmy_1     | [2021-11-07T21:48:51Z INFO  lemmy_api_crud::site::read] Site <domain> created
pictrs_1    | Nov 07 21:44:06.503 ERROR sled::config: cache capacity is limited to the cgroup memory limit: 1023946752 bytes    
pictrs_1    | Nov 07 21:44:06.539  INFO actix_server::builder: Starting 1 workers    
pictrs_1    | Nov 07 21:44:06.539  INFO actix_server::builder: Starting "actix-web-service-0.0.0.0:8080" service on 0.0.0.0:8080    
postgres_1  | The files belonging to this database system will be owned by user "postgres".
postgres_1  | This user must also own the server process.
postgres_1  | 
postgres_1  | The database cluster will be initialized with locale "en_US.utf8".
postgres_1  | The default database encoding has accordingly been set to "UTF8".
postgres_1  | The default text search configuration will be set to "english".
postgres_1  | 
postgres_1  | Data page checksums are disabled.
postgres_1  | 
postgres_1  | fixing permissions on existing directory /var/lib/postgresql/data ... ok
postgres_1  | creating subdirectories ... ok
postgres_1  | selecting dynamic shared memory implementation ... posix
postgres_1  | selecting default max_connections ... 100
postgres_1  | selecting default shared_buffers ... 128MB
postgres_1  | selecting default time zone ... UTC
postgres_1  | creating configuration files ... ok
postgres_1  | running bootstrap script ... ok
postgres_1  | sh: locale: not found
postgres_1  | 2021-11-07 21:44:07.063 UTC [30] WARNING:  no usable system locales were found
postgres_1  | performing post-bootstrap initialization ... ok
postgres_1  | syncing data to disk ... ok
postgres_1  | 
postgres_1  | initdb: warning: enabling "trust" authentication for local connections
postgres_1  | You can change this by editing pg_hba.conf or using the option -A, or
postgres_1  | --auth-local and --auth-host, the next time you run initdb.
postgres_1  | 
postgres_1  | Success. You can now start the database server using:
postgres_1  | 
postgres_1  |     pg_ctl -D /var/lib/postgresql/data -l logfile start
postgres_1  | 
postgres_1  | waiting for server to start....2021-11-07 21:44:07.870 UTC [36] LOG:  starting PostgreSQL 12.8 on x86_64-pc-linux-musl, compiled by gcc (Alpine 10.3.1_git20210424) 10.3.1 20210424, 64-bit
postgres_1  | 2021-11-07 21:44:07.871 UTC [36] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
postgres_1  | 2021-11-07 21:44:07.883 UTC [37] LOG:  database system was shut down at 2021-11-07 21:44:07 UTC
postgres_1  | 2021-11-07 21:44:07.885 UTC [36] LOG:  database system is ready to accept connections
postgres_1  |  done
postgres_1  | server started
postgres_1  | CREATE DATABASE
postgres_1  | 
postgres_1  | 
postgres_1  | /usr/local/bin/docker-entrypoint.sh: ignoring /docker-entrypoint-initdb.d/*
postgres_1  | 
postgres_1  | 2021-11-07 21:44:08.043 UTC [36] LOG:  received fast shutdown request
postgres_1  | waiting for server to shut down...2021-11-07 21:44:08.044 UTC [36] LOG:  aborting any active transactions
postgres_1  | 2021-11-07 21:44:08.045 UTC [36] LOG:  background worker "logical replication launcher" (PID 43) exited with exit code 1
postgres_1  | 2021-11-07 21:44:08.045 UTC [38] LOG:  shutting down
postgres_1  | .2021-11-07 21:44:08.049 UTC [36] LOG:  database system is shut down
postgres_1  |  done
postgres_1  | server stopped
postgres_1  | 
postgres_1  | PostgreSQL init process complete; ready for start up.
postgres_1  | 
postgres_1  | 2021-11-07 21:44:08.155 UTC [1] LOG:  starting PostgreSQL 12.8 on x86_64-pc-linux-musl, compiled by gcc (Alpine 10.3.1_git20210424) 10.3.1 20210424, 64-bit
postgres_1  | 2021-11-07 21:44:08.155 UTC [1] LOG:  listening on IPv4 address "0.0.0.0", port 5432
postgres_1  | 2021-11-07 21:44:08.155 UTC [1] LOG:  listening on IPv6 address "::", port 5432
postgres_1  | 2021-11-07 21:44:08.158 UTC [1] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
postgres_1  | 2021-11-07 21:44:08.169 UTC [50] LOG:  database system was shut down at 2021-11-07 21:44:08 UTC
postgres_1  | 2021-11-07 21:44:08.170 UTC [1] LOG:  database system is ready to accept connections
root@lemmy:/home/user/lemmy# 
ncorder commented 3 years ago

@dessalines hey i did notice in the documentation it says LEMMY_HTTPS=false does Lemmy not work with HTTPS?


I went ahead and set it to false in case federation only works with HTTP but when I re-ran docker-compose up -d there was no change in the curl response so I changed it back to true.

Let me know if this is something I need to change as well. - Thanks


Edit:

My understanding is that I am running the most up to date version of NGINX for Debian but I will see if I can add the NGINX repository and get back.

dessalines commented 3 years ago

curl -H 'Accept: application/activity+json' https:///c/announcements

Is that the name of your main community? it would likely be /c/main

dessalines commented 3 years ago

hey i did notice in the documentation it says LEMMY_HTTPS=false does Lemmy not work with HTTPS?

You can set that to true.

ncorder commented 3 years ago
root@lemmy:/home/user/lemmy# curl -H 'Accept: application/activity+json' https://<domain>/c/announcements
curl: (7) Failed to connect to <domain> port 443: Connection refused

I verified I had the NGINX file under /etc/nginx/sites-enabled/lemmy.conf


Edit: I just followed Linodes repository guide for NGINX and changed it from stretch to bullyseye

https://www.linode.com/docs/guides/install-nginx-debian/

ncorder commented 3 years ago

curl -H 'Accept: application/activity+json' https:///c/announcements

Is that the name of your main community? it would likely be /c/main

Oh ok that makes sense! That might have been the issue, I am not entirely certain why updating NGINX broke it, but I can try and wipe and reinstall lemmy as well.

dessalines commented 3 years ago

I recommend using lemmy-ansible to install, its the preferred way and should make deploys pretty automatic.

ncorder commented 3 years ago

I recommend using lemmy-ansible to install, its the preferred way and should make deploys pretty automatic.

Ok, I get errors with that installation setup too:


fatal: [user@<ip>]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added '<ip>' (ED25519) to the list of known hosts.\r\nuser@<ip>: Permission denied (publickey,password).", 
"unreachable": true}

i assume there is a segment I should add the user password?


I think I may have improperly configured my ssh for the user, I'll be back and see if that fixes it.

dessalines commented 3 years ago

Correct, you need to be able to ssh to that server

ncorder commented 3 years ago

Correct, you need to be able to ssh to that server

Yes, it was configured correctly and I can SSH into that login. It also has sudo access.

root@lemmy:/home/user/lemmy/lemmy-ansible# ansible-playbook -i inventory/hosts lemmy.yml --become

PLAY [all] *************************************************************************************************************************************************************

TASK [check lemmy_base_dir] ********************************************************************************************************************************************
skipping: [user@<domain>]

TASK [install python for Ansible] **************************************************************************************************************************************
fatal: [user@<domain>.io]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: user@<domain>: Permission denied (publickey,password).", "unreachable": true}

PLAY RECAP *************************************************************************************************************************************************************
user@<domain>              : ok=0    changed=0    unreachable=1    failed=0    skipped=1    rescued=0    ignored=0   

@dessalines should I open an issue on the ansible issue tracker?

I'd assume I would need to add the password for the instance somewhere, is there a variable I must set within Ansible?

ncorder commented 3 years ago

Correct, you need to be able to ssh to that server

root@lemmy:/home/user/lemmy/lemmy-ansible# cat inventory/hosts
[lemmy]
# to get started, copy this file to `inventory` and adjust the values below.
# - `myuser@example.com`: replace with the destination you use to connect to your server via ssh
# - `domain=example.com`: replace `example.com` with your lemmy domain
# - `letsencrypt_contact_email=your@email.com` replace `your@email.com` with your email address,
#                                              to get notifications if your ssl cert expires
# - `lemmy_base_dir=/srv/lemmy`: the location on the server where lemmy can be installed, can be any folder
#                                if you are upgrading from a previous version, set this to `/lemmy`
# - `lemmy_version`: <Optional> The back end version.
# - `lemmy_ui_version`: <Optional> overrides the front end version.
user@<domain>  domain=<domain>  letsencrypt_contact_email=<my-email>  lemmy_base_dir=/home/user/lemmy

[all:vars]
ansible_connection=ssh
ansible_user=user
ansible_ssh_pass=<ssh password>

[privilege_escalation]
become = True
become_method = sudo
become_user = root
root@lemmy:/home/user/lemmy/lemmy-ansible# ansible-playbook -i inventory/hosts lemmy.yml --become
[WARNING]:  * Failed to parse /home/user/lemmy/lemmy-ansible/inventory/hosts with yaml plugin: We were unable to read either as JSON nor YAML, these are the errors we
got from each: JSON: Expecting value: line 1 column 2 (char 1)  Syntax Error while loading YAML.   did not find expected <document start>  The error appears to be in
'/home/user/lemmy/lemmy-ansible/inventory/hosts': line 11, column 1, but may be elsewhere in the file depending on the exact syntax problem.  The offending line
appears to be:  # - `lemmy_ui_version`: <Optional> overrides the front end version. user@<domain>  domain=<domain>  letsencrypt_contact_email=<my-email>
lemmy_base_dir=/home/user/lemmy ^ here
[WARNING]:  * Failed to parse /home/user/lemmy/lemmy-ansible/inventory/hosts with ini plugin: /home/user/lemmy/lemmy-ansible/inventory/hosts:19: Expected key=value
host variable assignment, got: True
[WARNING]: Unable to parse /home/user/lemmy/lemmy-ansible/inventory/hosts as an inventory source
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'

PLAY [all] *************************************************************************************************************************************************************
skipping: no hosts matched

PLAY RECAP *************************************************************************************************************************************************************

root@lemmy:/home/user/lemmy/lemmy-ansible# 

I think I may have figured out what the variable settings are?

Nutomic commented 3 years ago

You seem to run into a lot of weird issues. Are you using a strange distro, or old ansible version? Anyway i have no idea about that error, your hosts file looks correct to me. You might have more luck asking the ansible community. Or install manually.

https://www.ansible.com/community

dessalines commented 3 years ago

Add your ssh key to that server via ssh-copy-id. Don't use a password. And that user needs sudo as well.

ncorder commented 3 years ago

Add your ssh key to that server via ssh-copy-id. Don't use a password.

alright, that makes way more sense.

And that user needs sudo as well.

Wouldn't they need the user password for sudo?

Or someform of become password ( -K )


edit: Just to make sure I am doing this right, is the ansible segment on the server or on a local PC that can SSH into it?

ncorder commented 3 years ago

You seem to run into a lot of weird issues. Are you using a strange distro, or old ansible version? Anyway i have no idea about that error, your hosts file looks correct to me. You might have more luck asking the ansible community. Or install manually.

https://www.ansible.com/community

I am running a fully updated version of Debian Bullseye on a remote VPS

dessalines commented 3 years ago

Wouldn't they need the user password for sudo?

https://www.tecmint.com/run-sudo-command-without-password-linux/

Or you can look in the ansible docs for how to do that.