Closed oschettler closed 4 months ago
However, Firefox complains that the connection is not encrypted. Maybe I have messed up the Letsencrypt certificates?
Maybe something wrong with your Firefox, because it works fine with mine (browser shows an "open gemini:// URL with ..." dialog).
I can access the Gemini interface and follow some people. However, I never receive any posts by them. I am not sure if the two problems are related.
Probably not, gemini://schettler.net/stats says:
## Failed Outgoing Post Deliveries Per Day
2024-02-06 00:00 ████████ 21
You'll need to look at the logs to find the errors, maybe something like:
journalctl -u tootik -S '24 hours ago' | cut -f 4- -d : | grep '^ {' | grep \"error\": | jq .error | sort | uniq -c | sort -n
Make sure you wait some time after installation if this is a new server, because maybe DNS records haven't propagated yet so other servers can't initiate outgoing requests to your server, and can't validate your server's outgoing requests (they fail to fetch your user's key).
If you're unsure, follow the setup guide (https://github.com/dimkr/tootik/wiki/Quick-setup-guide) step by step: get federation to work in both directions, then proceed to persistent installation of tootik.
What would be a recommended setup to run tootik alongside an existing HTTPS server?
Two options:
-addr 8080 -plain
and make your existing web server reverse proxy requests to this subdomain to 127.0.0.1:8080, or-addr
and make tootik listen on a port other than the one used by your existing web serverIt should work just fine but in general - I wouldn't recommend putting tootik on the same machine as something else, just in case fedi spam causes unexpected load or your server's IP becomes blacklisted due to spam and offensive posts that reach your instance.
Forgot to mention: if you run tootik with -port 8443
and that's the port other servers use to talk to your instance (i.e. you don't have a reverse proxy from 443 to 8443), you must also pass -domain schettler.net:8443
instead of -domain schettler.net
.
@oschettler ping
Hi & thank you for your detailed answer. I have since completely removed the database and set up a subdomain social.schettler.net with the following command line in /etc/systemd/system/tootik.service :
ExecStart=/usr/local/bin/tootik -domain social.schettler.net -addr :9876 -plain -gemaddr :1965 -gopheraddr :70 -fingeraddr :79 -blocklist /opt/tootik/etc/gardenfence-mastodon.csv -closed -cert /opt/tootik/etc/https-cert.pem -key /opt/tootik/etc/https-key.pem -gemcert /opt/tootik/etc/gemini-cert.pem -gemkey /opt/tootik/etc/gemini-key.pem -db /opt/tootik/data/db.sqlite3
In addition, I have configured a virtual server in NGINX to proxy from https://social.schettler.net to localhost:9876
Unfortunately, although I have followed several users, "My radio" remains empty.
I don't want to bother you with my particular setup. I understand that it may not be a good idea to run tootik alongside other services. However, I haven't made up my mind to acquire a separate server yet.
@oschettler The stats page looks much better now. Can you share the logs?
@oschettler The stats page looks much better now. Can you share the logs?
Thank you for your persistence :) Here is the unfiltered log. There are some entries with "msg":"Failed to receive request","error":"EOF"
Log looks good, no errors but I also see very little activity (very few incoming requests). Are you sure that users you follow posted anything after you started following them?
In addition, check if your server is able to send outgoing requests, because I'm getting 401s from https://social.schettler.net/inbox/olav. ~It probably~ Maybe it fails to fetch https://hd.206267.xyz/user/dimkr to verify my key, then denies incoming requests.
This can also happen if your proxy is not configured to pass headers to tootik, specifically the Signature header.
There are some entries with "msg":"Failed to receive request","error":"EOF"
This is harmless and normal, this is usually the result of port scanning of public IPv4 addresses.
@oschettler Please check if your proxy passes Signature to tootik.
Hi, I have set up tootik on my home server. However, there already is an NGINX running on port 443. I have tried to set up tootik with
-addr 8443
.curl -v https://schettler.net:8443
returns plausible communication with a "location: gemini://schettler.net" in the end. However, Firefox complains that the connection is not encrypted. Maybe I have messed up the Letsencrypt certificates?I can access the Gemini interface and follow some people. However, I never receive any posts by them. I am not sure if the two problems are related.
What would be a recommended setup to run tootik alongside an existing HTTPS server?