search

lnbits / nostrrelay

One click nostr relay
MIT License
35 stars 7 forks source link

403 error when connect to relay #10

Closed Perlover closed 1 year ago

Perlover commented 1 year ago

Hello!

I created the relay from my own LNBits instance

But after connecting to it, I get 403 Forbidden. What am I doing wrong? My configuration: nginx as frontend with configured support for web sockets.

journalctl -f -u lnbits.service:

Apr 19 18:42:46 host poetry[2147615]: 2023-04-19 18:42:46.82 | INFO | ('XX.XX.XX.XX', 0) - "WebSocket /nostrrelay/WWXjY7Jy" 403
Apr 19 18:42:46 host poetry[2147615]: 2023-04-19 18:42:46.82 | INFO | connection failed (403 Forbidden)
Apr 19 18:42:46 host poetry[2147615]: 2023-04-19 18:42:46.82 | INFO | connection closed

And Firefox inspector shows to me same error for browser

Relay was created as free relay, not paid and it's active

motorina0 commented 1 year ago
Perlover commented 1 year ago

My ID is valid and active (I attach here the screenshots)

https://nostr.build/p/nb5860.png

And test at websocketking.com/ shows to me 403 error in Firefox inspector (also here is screenshot):

https://nostr.build/p/nb5859.png

And the nginx conf file exactly is:

map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
}

server {
        index  index.php index.html index.htm;
        server_name lnbits.fuckedbitcoin.com;

        error_log /var/log/nginx/lnbits.fuckedbitcoin.com_error.log;
        access_log /var/log/nginx/lnbits.fuckedbitcoin.com_access.log;

        location / {
                proxy_pass "http://localhost:5000/";
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection $connection_upgrade;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $host;
                proxy_http_version 1.1; # Ensures that replies are re-written to lnbits.yourdomain.com (as opposed to the private IP or .onion) 
        }

        location ~ /\.ht {
            deny all;
        }

    listen [::]:443 ssl; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/lnbits.fuckedbitcoin.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/lnbits.fuckedbitcoin.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = lnbits.fuckedbitcoin.com) {
        return 308 https://$host$request_uri;
    } # managed by Certbot

        server_name lnbits.fuckedbitcoin.com;

        listen 80;
        listen [::]:80;
    return 404; # managed by Certbot

}
motorina0 commented 1 year ago

LNbits also has a generic websocket. We can use that one to check if the problem is the websocket nginx config or something in the nostrrelay extension.

Must replace legend.lnbits.com with lnbits.fuckedbitcoin.com.

Perlover commented 1 year ago

LNbits also has a generic websocket. We can use that one to check if the problem is the websocket nginx config or something in the nostrrelay extension.

* go to https://websocketking.com/ and connect to:

  * `wss://legend.lnbits.com/api/v1/ws/Perlover`

legend.lnbits.com - 101 HTTP Response - everything works! lnbits.fuckedbitcoin.com - 101 HTTP Response - the same!

* do an HTTP get for https://legend.lnbits.com/api/v1/ws/Perlover/hellllo

  * just paste it in the browser

Must replace legend.lnbits.com with lnbits.fuckedbitcoin.com.

Both sites (legends & f*ckedbitcoin :)) shows a same data:

{"sent":true,"data":"hellllo"}

But when I tested the first option, I found that LNBits on my server fell (for another reason - I will create a new issue). Perhaps because I use the main branch, which is constantly in development. Nevertheless, the tests on the websocket passed.

Perlover commented 1 year ago

Right now I have left the address of the wss://lnbits.fuckedbitcoin.com/nostrrelay/WWXjY7Jy on the service https://websocketking.com/ and it has connected (101 HTTP Response).

I haven't figured out yet what happened and why everything worked. Now I'm trying to figure it out

Perlover commented 1 year ago

I still haven't been able to figure out what has changed. The only thing I did was restart the LNBits service (but not nginx!) due to another error. Maybe it had something to do with it. I'll probably close the ticket for now.

Perlover commented 1 year ago

Or maybe it is necessary to overload the LNBits server in order for the relay identifier to take effect? Maybe it's a bug?

Perlover commented 1 year ago

I just did:

  1. I created a second relay and the websocket worked without restarting
  2. I deleted both relays and created a new one - it works without rebooting

The only thing that comes to my mind is that when we activate the extension for the first time and create a relay for the first time, there may be an error when creating a relay for the first time (without rebooting after that).

Perlover commented 1 year ago

I just uninstalled the extension, restarted LNBits, then installed and restarted it again. But it seems that this is not a pure experiment, since I immediately got the old settings of Nostr Relay again. Perhaps the error appears when during the first installation, when there are no extension's SQL tables in the database yet.

That is, the relay IDs are considered not to exist, although they are created, until LNBits is restarted after Nostr Relay installing.

Can this happen?

motorina0 commented 1 year ago

Can this happen?

  • no, it should not happen. Please let me know if you find a reproducible scenario. Closing this issue.