Closed matlag closed 1 year ago
Expected behavior
I don't have a good answer here. Now that we're here, I'm wondering how my setup has been working until now...
I would say ideally, "private" should prevent access to the main page but not redirect server to server communication, if that's possible.
For now, private instance is made to not federarate at all with other instances... What would be the goal to have an instance able to federate with other instances but where no one can go on it to see available videos ?
I'm probably a particular case because as of today, I use Peertube only as a "consumer" of content, not a producer. So I don't see any benefit in letting people connect to my instance. But there is no real drawback either. I see it more like an additional "entrance" in my system: the more login pages, the more security risk (I'm not saying this is a legitimate concern, I'm not qualified to answer that). So, I have no strong feeling about how it's made.
I identify this as a bug because it used to work and then it didn't with the same settings. Again, I don't think it's wrong to have it this way (private=non federated) but if there was a warning about the change, I missed it, and I may not be the only one to miss it. I don't know how to "fix" this. Maybe this thread itself is sufficient documentation.
As far as I see the code of peertube_ynh, it's like that (private=non federated) since the beginning
Describe the bug
If the application is set to "private", input request from other instances gets redirected to the Yunohost's login page, and so peertube does not receive messages from other instances.
Context
Steps to reproduce
I lost track of when this started. But initially, it was subscribed channels not updating. I tried many things to get them to work (unsubscribe/resubscribe, search updated videos, etc.). Eventually, I attempted to delete instances I was following and try to follow them again. That's when I figured that they all ended as pending, no follow request was accepted. I checked DNS requests, and "something" was being sent out (I didn't get to the details of the content, but I assume that was ok).
So since I have a second instance, I attempted to follow my second instance, configured on auto-accept. Instance1 showed it as pending. I checked the log on Instance2, and that's where I found the issue (servers names replaced by instance1.tld as the one with the issue, attempting to follow instance2.tld, the logs are from instance2):
I converted the app to "public" using the following
as found in the install script.
Then I deleted the instances I was attempting to follow (on Instance1, of course), and re-added them, and most request got instantly approved according to auto-accept policies of the remote instances.
Expected behavior
I don't have a good answer here. Now that we're here, I'm wondering how my setup has been working until now...
I would say ideally, "private" should prevent access to the main page but not redirect server to server communication, if that's possible.
Logs
See above. There was no error message at any time on Instance1 (because it wouldn't get any answer, I guess...)