search

friendica / docker

Docker image for Friendica
https://friendi.ca
GNU Affero General Public License v3.0
44 stars 18 forks source link

${URL}/.well-known/host-meta is not reachable #79

Open nupplaphil opened 4 years ago

nupplaphil commented 4 years ago

With my current docker-setup, I get an error at the admin overview page because /.well-known/host-meta isn't reachable.

Screenshot_2019-09-10 Philipp's Friendica Admin

My current docker-compose is:

   app:
    image: friendica/server:rc-fpm-alpine
    command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
    depends_on:
      - db
      - redis
    volumes:
     - friendica-vol-1:/var/www/html
    environment:
      - MYSQL_USERNAME=${DBUSER}
      - MYSQL_PASSWORD=${DBPASS}
      - MYSQL_DATABASE=${DBDATA}
      - MYSQL_HOST=${DBHOST}
      - MYSQL_PORT=${DBPORT}
      - FRIENDICA_ADMIN_MAIL=${MAILNAME}
      - FRIENDICA_TZ=${TZ}
      - FRIENDICA_LANG=${LANGUAGE}
      - FRIENDICA_UPGRADE=true
      - REDIS_HOST=redis
      - FRIENDICA_DATA=true
      - FRIENDICA_DEBUGGING=true
      - SMTP=mail
      - SITENAME=${SITENAME}
    restart: always
    networks:
      default:
        aliases:
          - app
      private:
        aliases:
          - friendica_web
    logging:
      driver: json-file
      options:
        max-size: "10m"
        max-file: "3"

  web:
    build: ./web
    restart: always
    volumes:
      - friendica-vol-1:/var/www/html:ro
    environment:
      - HOSTNAME=${HOSTNAME}
    depends_on:
      - app
    networks:
      - web
      - default
    labels:
      - "traefik.backend=friendica"
      - "traefik.frontend.entryPoints=https"
      - "traefik.frontend.headers.SSLRedirect=true"
      - "traefik.frontend.headers.STSSeconds=15768000"
      - "traefik.frontend.headers.STSIncludeSubdomains=false"
      - "traefik.frontend.headers.forceSTSHeader=true"
      - "traefik.friendica.frontend.rule=Host:${HOSTNAME}"
      - "traefik.friendica.port=80"
      - "traefik.enable=true"
      - "traefik.docker.network=web"
    logging:
      driver: json-file
      options:
        max-size: "10m"
        max-file: "3"
bttmchnd commented 4 years ago

Same here. Docker, Traefik, and reverse proxy with Caddy.

image

But https://derpy.email/.well-known/host-meta is reachable.

nupplaphil commented 4 years ago

I found a solution for this issue with using extra_hosts:

app:
    image: friendica/server:rc-fpm-alpine
    command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
    depends_on:
      - db
      - redis
    volumes:
     - friendica-vol-1:/var/www/html
    environment:
      - MYSQL_USERNAME=${DBUSER}
      - MYSQL_PASSWORD=${DBPASS}
      - MYSQL_DATABASE=${DBDATA}
      - MYSQL_HOST=${DBHOST}
      - MYSQL_PORT=${DBPORT}
      - FRIENDICA_ADMIN_MAIL=${MAILNAME}
      - FRIENDICA_TZ=${TZ}
      - FRIENDICA_LANG=${LANGUAGE}
      - FRIENDICA_UPGRADE=true
      - REDIS_HOST=redis
      - FRIENDICA_DATA=true
      - FRIENDICA_DEBUGGING=true
      - SMTP=mail
      - SITENAME=${SITENAME}
    restart: always
    extra_hosts:
       - "friendica.philipp.info:172.18.0.2"
       - "opensocial.at:172.18.0.2"

172.18.0.2 is the local IP of the docker gateway. Now a ping of the own hostname will redirect to the gateway and answer inside the local vlan rather than trying to ping ourselfs from the outside. => The messages vanished and the Curls to the own hostname now works :)

@commagray can you check it, if this will solve your message too? And if #99 is now working? I've the fear that #99 is not caused by this issue

bttmchnd commented 4 years ago

Uhh. I tried these options (separatly and together):

    extra_hosts:
      - "derpy.email:192.168.96.3"
      - "derpy.email:172.18.0.3"
      - "derpy.email:172.18.0.2"
      - "derpy.email:172.18.0.13"

All of IPs I've seen in docker inspect.

Nope, I still have the message.

image

And I still affected by #99.

bttmchnd commented 4 years ago

Some logs?

2020-01-05 23:32:01 index [WARNING]: error: https://derpy.email/.well-known/host-meta: 0 - Failed to connect to derpy.email port 443: Connection refused [] - {"file":"CurlResult.php","line":150,"function":"checkSuccess","uid":"26e8ae","process_id":22956}
2020-01-05 23:32:53 index [WARNING]: error: https://derpy.email/.well-known/host-meta: 0 - Failed to connect to derpy.email port 443: Connection refused [] - {"file":"CurlResult.php","line":150,"function":"checkSuccess","uid":"84aa99","process_id":22882}
2020-01-05 23:34:18 index [WARNING]: error: https://derpy.email/.well-known/host-meta: 0 - Failed to connect to derpy.email port 443: Connection refused [] - {"file":"CurlResult.php","line":150,"function":"checkSuccess","uid":"80c32e","process_id":22952}
2020-01-05 23:35:40 index [WARNING]: API call - not implemented {"module":"api","action":"call","query":"api\/v1\/custom_emojis"} - {"file":"api.php","line":369,"function":"api_call","uid":"149226","process_id":22951}
2020-01-05 23:38:44 index [WARNING]: error: https://derpy.email/.well-known/host-meta: 0 - Failed to connect to derpy.email port 443: Connection refused [] - {"file":"CurlResult.php","line":150,"function":"checkSuccess","uid":"064762","process_id":22956}
2020-01-05 23:38:58 index [NOTICE]: Addon rendertime: install {"action":"install","addon":"rendertime"} - {"file":"Addon.php","line":175,"function":"install","uid":"bfd6a1","process_id":22951}
2020-01-05 23:41:17 worker [WARNING]: error: https://derpy.email/images/person-300.jpg: 0 - Failed to connect to derpy.email port 443: Connection refused {"worker_id":"86271e0","worker_cmd":"UpdateContact"} - {"file":"CurlResult.php","line":150,"function":"checkSuccess","uid":"3c7c6b","process_id":24233}
2020-01-05 23:41:34 index [NOTICE]: no data for session {"session_id":"49102274e35ba780041aedd6dd44da5a","uri":"\/robots.txt"} - {"file":"CacheSessionHandler.php","line":35,"function":"read","uid":"00e394","process_id":22956}
2020-01-05 23:49:01 index [WARNING]: error: https://mastodon.social/users/jacquespoilu: 410 -  [] - {"file":"CurlResult.php","line":150,"function":"checkSuccess","uid":"0851f5","process_id":22884}
2020-01-05 23:49:01 index [WARNING]: error: https://mastodon.social/users/jacquespoilu: 410 -  [] - {"file":"CurlResult.php","line":150,"function":"checkSuccess","uid":"0851f5","process_id":22884}
2020-01-05 23:49:01 index [WARNING]: Invalid HTTP signature, message will be discarded. [] - {"file":"Receiver.php","line":68,"function":"processInbox","uid":"0851f5","process_id":22884}
2020-01-05 23:49:31 index [WARNING]: error: https://derpy.email/.well-known/host-meta: 0 - Failed to connect to derpy.email port 443: Connection refused [] - {"file":"CurlResult.php","line":150,"function":"checkSuccess","uid":"639c36","process_id":22958}

Yup, I can't curl https://derpy.email inside the container, but can curl http://derpy.email.

bttmchnd commented 4 years ago

Okay, so my solution was absolutely vice versa, lol.

    environment:
      - MYSQL_HOST=db
      - MYSQL_USER=[REDACTED]
      - MYSQL_PASSWORD=[REDACTED]
      - MYSQL_DATABASE=[REDACTED]
      - FRIENDICA_ADMIN_MAIL=[REDACTED]
+     - FRIENDICA_UPGRADE=false
+     - FRIENDICA_SITENAME=derpy.email
+     - SITENAME=derpy.email
-   hostname: derpy.email
+   #hostname: derpy.email
    depends_on:
      - db
    networks:
      - internal
      - proxy
    labels:
      - traefik.enable=true
      - traefik.backend=derpapp
      - traefik.docker.network=proxy
      - traefik.port=80
      - traefik.frontend.rule=Host:derpy.email
      - com.centurylinklabs.watchtower.enable=true
-   extra_hosts:
-     - "derpy.email:192.168.96.3"
-     - "derpy.email:172.18.0.3"
-     - "derpy.email:172.18.0.2"
-     - "derpy.email:172.18.0.13"
+   #extra_hosts:
+   #  - "derpy.email:192.168.96.3"
+   #  - "derpy.email:172.18.0.3"
+   #  - "derpy.email:172.18.0.2"
+   #  - "derpy.email:172.18.0.13"

Seems fixed the message. Still, I need to test my federation with #99.

nupplaphil commented 4 years ago

Hmm... Are mails still working with this setup? I guess not.. Hostname is used for the smtp setup. So you deleted the Hostname parameter and now the instance doesn't know anymore that derpy.email is your local container and tries to ping it "again" from the outside..

But maybe that's a valid solution.. Maybe I "just" have to use another env for the mail host.. Thx for the tests!!

bttmchnd commented 4 years ago

I use the “PHP Mailer SMTP” addon, so no issues in my setup.

But, yeah, with turned off addon emails seem not working.

nupplaphil commented 4 years ago

Hmkay.. I think I'll remove the hostname usage, this should fix this issue

bttmchnd commented 4 years ago

Now it happens again.

image

root@f267927c8e73:/var/www/html# curl http://localhost/.well-known/host-meta
<html>
        <head>
                <title>Service Unavailable</title>
        </head>
        <body>
                <h1>Service Unavailable</h1>
                <p></p>
        </body>
</html>

But if you give it some time it'll be fine again. The worker seems not working?

MrPetovan commented 4 years ago

"Service unavailable" means that your server load average has reached the limit Friendica uses to cut any call short. This limit can be configured in the admin panel or via command line.

nupplaphil commented 4 years ago

This didn't work as well .. I still have Timeouts when pinging my own node .. 

2020-03-04T22:31:52Z index [WARNING]: error: https://friendica.philipp.info/.well-known/host-meta: 0 - Connection timed out after 20000 milliseconds [] - {"file":"CurlResult.php","line":169,"function":"checkSuccess","uid":"3d09f3","process_id":225}
iannuzzelli commented 4 years ago

I was having the same issue, and it was solved by adding the extra_hosts section, mind that the gateway IP may change depending on your docker setup (in my case is 172.17.0.1)

nupplaphil commented 4 years ago

This is really not a good solution :-/

Maybe I can have a look for the root cause and fix it ..

nupplaphil commented 3 years ago

I think that this issue isn't "solvable" within the docker image code. It's a general problem with curl/fetching inside the docker network environment .. But I don't have any good idea for a better solution than mapping the gateway IP to the local node hostnames ... So if somebody has a better idea, I will add it to the ".examples" directory as best practice .. meanwhile this issue will stay open until found :-)

elrido commented 3 years ago

Not a better idea, but a little extra information nugget: As the internal gateway IP can change, I've instead mapped the sites hostname to the external static IP of the gateway service. This adds a little latency, but won't change without my intervention.

I've got to be honest - I had noticed this message ever since I switched my former installation to this container image. Had ignored it, assuming it was just an internal check. Since the upgrade to 2021.07 I didn't get any ActivityPub updates any more - I suspect this setting is now necessary due to https://github.com/friendica/friendica/pull/10257

scifijunk commented 1 year ago

Well, I just hit this problem today. The only thing I changed was updating Nginx Proxy Manager to v2.10.3. It appears that my node still seems to see other nodes and I'm able to follow contacts. I'm also seeing the Message queues going up and down like normal. I'm not sure if people can follow me or see me on their nodes.

I'm kinda at a loss for what to do since on the one hand it looks like it's working as normal and on the other hand I have this error that says it's not.

Update: I think I fixed the problem on my end. It seems it did not like the SSL I set up in Nginx Proxy Manager so I redid it. When I did that the error went away. So maybe check your SSL and make sure it's set right.