search

nextcloud / social

🎉 Social can be used for work, or to connect to the fediverse!
https://apps.nextcloud.com/apps/social
GNU Affero General Public License v3.0
490 stars 59 forks source link

.well-known/webfinger isn't properly set up! #294

Open dabbill opened 5 years ago

dabbill commented 5 years ago

Describe the bug Error ".well-known/webfinger isn't properly set up!" is showing up when I open the social app. The error was showing under settings --> overview, but since I added the rewrite rules to Nextcloud config it has went away on the overview section. It still remains when I open the Social app. I also attempted to create a test post. I am not able to see the post. When I click on "Profile" it says no posts found. Just above that is says 1 post right next to my username.

Expected behavior No error should be shown if rewrites are setup correctly, also should be able to see posts that are made.

Client details:

Server details **Social app version:** 0.1.1 **Operating system**: Fedora 28 LXC **Web server:** Nginx **Database:** mysql **PHP version:** 7.2.13 **Nextcloud version:** (see Nextcloud admin page) 15.0.0.10
juliusknorr commented 5 years ago

Is your configured url the social app uses reachable from within the lxc container?

@daita How do you think about getting rid of the very prominent message in the social app, since we have a setup check in the general settings for that anyway? Since our check is done from the Nextcloud server causes more issues than it helps with.

ArtificialOwl commented 5 years ago

We need to provide more details when displaying that error, like the full address used as base by the Social app. This could be the issue here:

./occ config:app:get social address

Please check if the returned address have the .well-known configured.

dabbill commented 5 years ago

When I run the occ command, I get https://nextcloud.domain.com That is the correct URL to reach my nextcloud instance.

ArtificialOwl commented 5 years ago

let's assume your account is dabbill, what do you have when opening

https://nextcloud.domain.com/.well-known/webfinger?resource=acct:dabbill@nextcloud.domain.com

ArtificialOwl commented 5 years ago

Also, as you're using nginx, you might need to apply some configuration:

https://github.com/nextcloud/documentation/pull/877/files

dabbill commented 5 years ago

Here is the raw output. {"subject":"acct:dabbill@nextcloud.domain.com","links":[{"rel":"self","type":"application\/activity+json","href":"https:\/\/nextcloud.domain.com\/apps\/social\/@dabbill\/"}]}

Here is snip from my Nginx Nextcloud config. ` # The following 2 rules are only needed for the user_webfinger app.

Uncomment it if you're planning to use this app.

rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

# The following rule is only needed for the Social app.
# Uncomment it if you're planning to use this app.
rewrite ^/.well-known/webfinger /public.php?service=webfinger last;

`

ArtificialOwl commented 5 years ago

can you execute a curl request from command line:

curl -H "Accept: application/ld+json" -X GET https://nextcloud.domain.com/apps/social/@dabbill/

or, for better visibility, if you have jq installed:

curl -H "Accept: application/ld+json" -X GET https://nextcloud.domain.com/apps/social/@dabbill/ | jq
ArtificialOwl commented 5 years ago

Thinking about it, could be related to https://github.com/nextcloud/social/pull/281

dabbill commented 5 years ago

{ "@context": [ "https://www.w3.org/ns/activitystreams" ], "id": "https://nextcloud.domain.com/apps/social/@dabbill", "type": "Person", "url": "https://nextcloud.domain.com/apps/social/@dabbill", "local": true, "aliases": [ "@dabbill", "users/dabbill" ], "preferredUsername": "dabbill", "name": "", "inbox": "https://nextcloud.domain.com/apps/social/@dabbill/inbox", "outbox": "https://nextcloud.domain.com/apps/social/@dabbill/outbox", "account": "dabbill@nextcloud.domain.com", "following": "https://nextcloud.domain.com/apps/social/@dabbill/following", "followers": "https://nextcloud.domain.com/apps/social/@dabbill/followers", "endpoints": { "sharedInbox": "https://nextcloud.domain.com/apps/social/inbox" }, "publicKey": { "id": "https://nextcloud.domain.com/apps/social/@dabbill#main-key", "owner": "https://nextcloud.domain.com/apps/social/@dabbill", "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxcVrddZQICdycKDcMWR5\n/gzuQll8mvXXjdd5iq376ekWz/7FI71Dzt0N7DYQ0dW66FliS88xSsEFwtC16kXq\nDPH044M4nAx9VB2mlsubsUPRc5myCM5qMpXP/b02WtSkQhbAiCx2nHE0ZOmiPn+t\nJs7TBRKP/VIlLeEMXPISwmpNtXvwuSNLeqrMxVc4YfQfdYMPUBM9CXXXRR3HkBc2\nwZrRyDTu4yILdIdKOmUF+n0gpmcS6SnFBsE/APav2U/lqPcrwcMQrpbbibF6gyDd\nC+epIMvS/DpzlVPUqDY9+CljPjRQyu2YhK0nilyEh0G5E/8VdI2eMa9XlsBRJJEo\n9wIDAQAB\n-----END PUBLIC KEY-----\n" } }

juliusknorr commented 5 years ago

@dabbill Can you check if the same curl requests work fine from within your lxc container?

dabbill commented 5 years ago

From the instance it self, I get curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

juliusknorr commented 5 years ago

Related issue https://github.com/nextcloud/social/issues/267

zachdecook commented 5 years ago

@daita When I run ./occ config:app:get social address, it gives me the http version (I use https).

Can this be fixed somehow?

ArtificialOwl commented 5 years ago

./occ social:reset

aliceinwire commented 5 years ago

./occ social:reset didn't work for me but the previously mentioned curl command is giving good output 

curl -H "Accept: application/ld+json" -X GET https://example.org/apps/social/@Username
curl https://example.org/.well-known/webfinger?resource=acct:Username@example.org

and social works correctly. But I still have the ".well-known/webfinger isn't properly set up!" banner on the social app

ArtificialOwl commented 5 years ago

@aliceinwire do you still have an issue on the last release of Social ? If so, can you confirm that everything is working, but the only issue if that glitch/banner that stays displayed ?

Can you send me the address of your cloud (maxence@nextcloud.com) so I can check the setup of your webfinger ?

dabbill commented 5 years ago

@daita I am still getting the ".well-known/webfinger isn't properly set up!" banner on the social app. All apps are showing up to date. I have tried to run the occ social:reset as well. Still get the same banner.

curl -H "Accept: application/ld+json" -X GET https://nextcloud.dabbill.com/apps/social/@dabbill

{"@context":["https:\/\/www.w3.org\/ns\/activitystreams","https:\/\/w3id.org\/security\/v1"],"id":"https:\/\/nextcloud.dabbill.com\/apps\/social\/@dabbill","type":"Person","url":"https:\/\/nextcloud.dabbill.com\/apps\/social\/@dabbill","icon":{"id":"https:\/\/nextcloud.dabbill.com\/documents\/avatar\/8bb1840d-a630-47a6-a185-0f3561d22157","type":"Image","url":"https:\/\/nextcloud.dabbill.com\/avatar\/dabbill\/128","mediaType":"","mimeType":"","localCopy":"avatar","resizedCopy":""},"local":true,"aliases":["@dabbill","users\/dabbill"],"preferredUsername":"dabbill","name":"","inbox":"https:\/\/nextcloud.dabbill.com\/apps\/social\/@dabbill\/inbox","outbox":"https:\/\/nextcloud.dabbill.com\/apps\/social\/@dabbill\/outbox","account":"dabbill@nextcloud.dabbill.com","following":"https:\/\/nextcloud.dabbill.com\/apps\/social\/@dabbill\/following","followers":"https:\/\/nextcloud.dabbill.com\/apps\/social\/@dabbill\/followers","endpoints":{"sharedInbox":"https:\/\/nextcloud.dabbill.com\/apps\/social\/inbox"},"publicKey":{"id":"https:\/\/nextcloud.dabbill.com\/apps\/social\/@dabbill#main-key","owner":"https:\/\/nextcloud.dabbill.com\/apps\/social\/@dabbill","publicKeyPem":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3lg5\/MAmKBvwqxv+uVbN\nAYzI94zA5ulMbDcOdmxU2I5MPgait+XvxCeMYwwnBDqJGjMCZHeCock85VIPtjVH\nKPA0PS\/6b\/OEu7r10id16fuyRcQfV84vqVXRp3R9Frx\/5GRtC1udFuDwfVFl4hlE\n\/q8qWA52t38xP0zLkh2YplV5Z4imZFIE5YosZTVI1QJsazGCYlPC2Y7qqKCD5KBl\nKVz+3mBxK09LOKQTUcvOF\/e3BW5BiaS7Ta0vmh3xCe+vlPHGGSIjcsn82GlMT7Fl\n0Nbdian06fkGqWXlnPBXz0aDA4ZcGwy\/6aLQVADlKhA5OxxrIqC1PkFGQw77kqlS\njQIDAQAB\n-----END PUBLIC KEY-----\n"}}%

curl https://nextcloud.dabbill.com/.well-known/webfinger\?resource\=acct:dabbill@nextcloud.dabbill.com

{"subject":"acct:dabbill@nextcloud.dabbill.com","links":[{"rel":"self","type":"application\/activity+json","href":"https:\/\/nextcloud.dabbill.com\/apps\/social\/@dabbill"},{"rel":"http:\/\/ostatus.org\/schema\/1.0\/subscribe","template":"https:\/\/nextcloud.dabbill.com\/apps\/social\/ostatus\/follow\/{uri}"}]}%

JOduMonT commented 5 years ago

Also, as you're using nginx, you might need to apply some configuration:

https://github.com/nextcloud/documentation/pull/877/files

thank @dabbill this line resolve, at least my situation :)

aliceinwire commented 5 years ago

@JOduMonT I have same line uncommented but it doesn't solve anything in my situation.

dabbill commented 5 years ago

Also, as you're using nginx, you might need to apply some configuration: https://github.com/nextcloud/documentation/pull/877/files

thank @dabbill this line resolve, at least my situation :)

@JOduMonT I have that line un-commented. Still have the same error in Social.

Mecallie commented 4 years ago

Is there any progress on this issue?

I have been using NC since version 9 or something and my nginx.conf does not even contain any webfinger line. I added rewrite ^/.well-known/webfinger /public.php?service=webfinger last; to my nginx.conf and did an nginx -t : no errors, so I guess I put it in correctly... But I am not sure the webfinger is even in the well-known config :?

I do not get an address when I do the command get social address (empty)

social:check:install gives:

- 0 invalid followers removed
- 0 invalid notes removed
- Your current configuration: 
{
    "cloud_url": "https:\/\/my.domain.com",
    "social_url": "https:\/\/my.domain.com\/apps\/social\/",
    "social_address": "",
    "service": 1,
    "max_size": 10,
    "access_type": "all_but",
    "access_list": "[]"
}

Why are the \\ for the urls noted as \/ ?!

Any help getting social to work is appreciated. It would be awesome to have this in my NC!

dabbill commented 4 years ago

As of Nextcloud 20, I am still getting this error.

alexanderharm commented 3 years ago

Me too, just wasted hours to fix this... Running Nextcloud in a container behind Traefik.

Mecallie commented 3 years ago

I finally got rid of it after hours of getting my config file just right. Still don't know what was wrong with it before (followed the NC install instructions to a tee). This one works for me (nginx):

`location ^~ /.well-known/acme-challenge { proxy_pass http://127.0.0.1:81; proxy_set_header Host $host; }

location / {

return 301 https://$host$request_uri;

}

location ^~ /.well-known/webfinger { rewrite ^/.well-known/webfinger /public.php?service=webfinger last; }

location = /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; }

location = /.well-known/caldav { return 301 $scheme://$host/remote.php/dav; }

client_max_bodysize 10240M; location / { rewrite ^ /index.php; } location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { deny all; } location ~ ^/(?:.|autotest|occ|issue|indie|db|console) { deny all; } location ~ .(?:flv|mp4|mov|m4a)$ { mp4; mp4_buffer_size 100m; mp4_max_buffer_size 1024m; fastcgi_split_path_info ^(.+.php)(/.)$; try_files $fastcgi_script_name =404; include fastcgi_params; include php_optimization.conf; fastcgi_pass php-handler; fastcgi_param HTTPS on; } location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+).php(?:$|/) { fastcgi_split_path_info ^(.+.php)(/.)$; include fastcgi_params; include php_optimization.conf; fastcgi_pass php-handler; fastcgi_param HTTPS on; } location ~ ^/(?:updater|ocs-provider)(?:$|/) { try_files $uri/ =404; index index.php; } location ~ .(?:css|js|woff|svg|gif|png|html|ttf|ico|jpg|jpeg)$ { try_files $uri /index.php$uri$is_args$args;`

Megachip commented 3 years ago

The following rules seems provided by Nextcloud (v21)

image

So, what is missing to get social working?

dabbill commented 3 years ago

I have nextcloud listening on 443, but have HAProxy in front doing the SSL work.