nickvergessen
commented
3 years ago Your overwrite.cli.url is invalid. Not sure that's enough to fix it, but it's a start
Closed RobertWi closed 3 years ago
nickvergessen
commented
3 years ago Your overwrite.cli.url is invalid. Not sure that's enough to fix it, but it's a start
RobertWi
commented
3 years ago It reads "overwrite.cli.url": "http:\/\/localhost",
Probably has to set to FQDN then? Need to contact nextcloud SP to align.
nickvergessen
commented
3 years ago yeah, should be mostlikely cus199.nl.tabdigital.eu
RobertWi
commented
3 years ago Had set it too
"overwrite.cli.url": "https:\/\/cus199nl.tabdigital.eu",
and
"overwrite.cli.url": "https:\/\/10.12.35.48",
and the same error messages as initially reported
why 10.12.35.48, this internal ip is logged as dial to tcp address in error message
time="2021-01-18T13:41:28Z" level=info msg="Running version 1.21.0 cf13fff7" prefix=main time="2021-01-18T13:41:28Z" level=info msg="Parsing gateway myGateway" prefix=router time="2021-01-18T13:41:28Z" level=info msg="Starting bridge: nctalk.1 " prefix=router time="2021-01-18T13:41:28Z" level=info msg=Connecting prefix=nctalk time="2021-01-18T13:41:28Z" level=error msg="Cannot Connect" prefix=nctalk time="2021-01-18T13:41:28Z" level=fatal msg="Starting gateway failed: Bridge nctalk.1 failed to start: Get "https://cus199.nl.tabdigital.eu/ocs/v2.php/cloud/capabilities": dial tcp 10.12.35.48:443: connect: connection refused" prefix=main
Not clear how things should work or is designed or how i should read this error message. Need a flow diagram I think to clarify. While starting gw bridging nctalk fails getting server capabilities, which fails for me as well unless I add the "OCS-APIRequest: true" header. then dial tcp to 10.12.35.28:443 resulting in connection refused which can be:
julien-nc
commented
3 years ago @RobertWi Is cus199nl.tabdigital.eu or cus199.nl.tabdigital.eu really the domain where your Nextcloud is accessible? Or did you change it for privacy reasons in this issue? Both names don't resolve on my side.
First supposition, your Nextcloud is not aware of its own address and it writes an incorrect address in Matterbridge config. Make sure overwrite.cli.url is set to the address with which you access your Nextcloud.
The way things work is not very complex. Your Nextcloud server executes Matterbridge binary which acts as a client and connects to all the bridge parts. So, Matterbridge runs on the same system as your webserver and tries to connect (and makes some OCS requests) to your Nextcloud server via its domain name. I guess one possible reason for your problem would be that your server can't contact itself via cus199.nl.tabdigital.eu. You can check that by running
curl -k -H "OCS-APIRequest: true" https://cus199.nl.tabdigital.eu/ocs/v2.php/cloud/capabilitieson your server's system. Maybe that's already what you did, I can't tell where you have run it. If it fails, there is your problem. Your connection loopback might not work or there is some firewall blocking you somewhere.
If this works, then we need to investigate further...
RobertWi
commented
3 years ago Mentioned addresses were obfuscated, and I rather keep it that way, pardon, for the typo while obfuscating.
Also mentioned that
"overwrite.cli.url": "https://cus199.nl.tabdigital.eu",was set and error thrown is reproducible
Curl command output previously reported was not executed on the server as I don't have shell acces on that server but TAB DIGITAL support was willing to execute cmd on the server system and the result was succesfull as well. Received below output. So no routing issue or firewall it seems.
curl -k -H "OCS-APIRequest: true" https://cus199.nl.tabdigital.eu/ocs/v2.php/cloud/capabilities
?xml version="1.0"?>
<ocs>
<meta>
<status>ok</status>
<statuscode>200</statuscode>
<message>OK</message>
</meta>
<data>
<version>
<major>20</major>
<minor>0</minor>
<micro>5</micro>
<string>20.0.5</string>
<edition></edition>
<extendedSupport></extendedSupport>
</version>
<capabilities>
<bruteforce>
<delay>0</delay>
</bruteforce>
<spreed>
<features>
<element>audio</element>
<element>video</element>
<element>chat-v2</element>
<element>conversation-v2</element>
<element>guest-signaling</element>
<element>empty-group-room</element>
<element>guest-display-names</element>
<element>multi-room-users</element>
<element>favorites</element>
<element>last-room-activity</element>
<element>no-ping</element>
<element>system-messages</element>
<element>mention-flag</element>
<element>in-call-flags</element>
<element>notification-levels</element>
<element>invite-groups-and-mails</element>
<element>locked-one-to-one-rooms</element>
<element>read-only-rooms</element>
<element>chat-read-marker</element>
<element>webinary-lobby</element>
<element>start-call-flag</element>
<element>chat-replies</element>
<element>circles-support</element>
<element>force-mute</element>
<element>chat-reference-id</element>
</features>
<config>
<attachments>
<allowed></allowed>
</attachments>
<chat>
<max-length>32000</max-length>
</chat>
<conversations>
<can-create></can-create>
</conversations>
</config>
</spreed>
<theming>
<name>Nextcloud</name>
<url>https://nextcloud.com</url>
<slogan>a safe home for all your data</slogan>
<color>#0082c9</color>
<color-text>#ffffff</color-text>
<color-element>#0082c9</color-element>
<color-element-bright>#0082c9</color-element-bright>
<color-element-dark>#0082c9</color-element-dark>
<logo>https://cus199.nl.tabdigital.eu/core/img/logo/logo.svg?v=0</logo>
<background>https://cus199.nl.tabdigital.eu/core/img/background.png?v=0</background>
<background-plain></background-plain>
<background-default>1</background-default>
<logoheader>https://cus199.nl.tabdigital.eu/core/img/logo/logo.svg?v=0</logoheader>
<favicon>https://cus199.nl.tabdigital.eu/core/img/logo/logo.svg?v=0</favicon>
</theming>
</capabilities>
</data>
</ocs> Let's sum up what happens.
Now the only difference between the CURL request and the one done by Matterbridge could be the Unix user doing it. Maybe the server's firewall is restricting what the webserver user can do and the support person is calling CURL as a user without restrictions...
I can't think of another reason right now.
RobertWi
commented
3 years ago It works now! SP tab digital changed two things so don't know what really fixed it. I've set one of my own domains the A record to their public ip adress hosting my nextcloud instance.
1) They have set trusted domain to my domain. 2) They configured have set High Performance Backend signaling server for my domain
Nevertheless it works, sorry for the interrupt. Please go on with writing an maintaining beautiful code with added value. Much appreciated.
Steps to reproduce
Talk
Talk app version: 10.0.5 on Nextcloud 20.0.5
Custom Signaling server configured: no
Custom TURN server configured: yes
Custom STUN server configured: yes
Browser
Microphone available: yes
Camera available: no
Operating system: Ubuntu 2004
Browser name: Firefox
Browser version: 84.0.2
Expected behaviour
Successful start of gateway
adress obfuscated
accessing with browser https://cus199.nl.tabdigital.eu/ocs/v2.php/cloud/capabilities led to Access forbidden / CSRF check failed
reference: (https://docs.nextcloud.com/server/latest/developer_manual/client_apis/OCS/ocs-share-api.html)
Actual behaviour
in " show matterbridge log" connect: connection refused on https://cus199.nl.tabdigital.eu/ocs/v2.php/cloud/capabilities
Server configuration detail
Operating system: Linux 4.15.0-20-generic #21-Ubuntu SMP Tue Apr 24 06:16:15 UTC 2018 x86_64
Webserver: nginx/1.14.0 (fpm-fcgi)
Database: mysql 5.7.31
PHP version:
7.3.22-1+ubuntu18.04.1+deb.sury.org+1 Modules loaded: Core, date, libxml, openssl, pcre, zlib, filter, hash, Reflection, SPL, sodium, session, standard, cgi-fcgi, mysqlnd, PDO, xml, apcu, bcmath, calendar, ctype, curl, dom, mbstring, fileinfo, ftp, gd, gettext, gmp, iconv, imagick, intl, json, exif, mysqli, pdo_mysql, apc, posix, readline, shmop, SimpleXML, soap, sockets, sysvmsg, sysvsem, sysvshm, tokenizer, wddx, xmlreader, xmlwriter, xsl, zip, Phar, Zend OPcache
Nextcloud version: 20.0.5 - 20.0.5.2
Updated from an older Nextcloud/ownCloud or fresh install:
Where did you install Nextcloud from: unknown
List of activated apps
``` Enabled: - accessibility: 1.6.0 - activity: 2.13.4 - admin_audit: 1.10.0 - apporder: 0.11.0 - audioplayer: 2.13.1 - bookmarks: 3.4.9 - breezedark: 20.0.2 - calendar: 2.1.3 - cloud_federation_api: 1.3.0 - comments: 1.10.0 - contacts: 3.4.3 - contactsinteraction: 1.1.0 - dashboard: 7.0.0 - dav: 1.16.2 - deck: 1.2.3 - drawio: 0.9.8 - encryption: 2.8.1 - federatedfilesharing: 1.10.2 - federation: 1.10.1 - files: 1.15.0 - files_external: 1.11.1 - files_markdown: 2.3.1 - files_pdfviewer: 2.0.1 - files_rightclick: 0.17.0 - files_sharing: 1.12.2 - files_trashbin: 1.10.1 - files_versions: 1.13.0 - files_videoplayer: 1.9.0 - firstrunwizard: 2.9.0 - gpxmotion: 0.1.0 - gpxpod: 4.2.4 - groupfolders: 8.2.0 - issuetemplate: 0.7.0 - logreader: 2.5.0 - lookup_server_connector: 1.8.0 - mail: 1.4.2 - metadata: 0.12.0 - nextcloud_announcements: 1.9.0 - notes: 3.6.4 - notifications: 2.8.0 - oauth2: 1.8.0 - occweb: 0.0.7 - onlyoffice: 6.2.0 - password_policy: 1.10.1 - photos: 1.2.3 - podcast: 0.0.1 - privacy: 1.4.0 - provisioning_api: 1.10.0 - radio: 1.0.1 - recommendations: 0.8.0 - serverinfo: 1.10.0 - settings: 1.2.0 - sharebymail: 1.10.0 - spreed: 10.0.5 - support: 1.3.0 - survey_client: 1.8.0 - systemtags: 1.10.0 - talk_matterbridge: 1.21.0 - tasks: 0.13.6 - text: 3.1.0 - theming: 1.11.0 - twofactor_backupcodes: 1.9.0 - twofactor_totp: 5.0.0 - updatenotification: 1.10.0 - user_status: 1.0.1 - viewer: 1.4.0 - weather_status: 1.0.0 - workflowengine: 2.2.0 Disabled: - circles - gpxedit - user_ldap ```Configuration (config/config.php)
``` { "passwordsalt": "***REMOVED SENSITIVE VALUE***", "secret": "***REMOVED SENSITIVE VALUE***", "trusted_domains": [ "cus199.nl.tabdigital.eu" ], "datadirectory": "***REMOVED SENSITIVE VALUE***", "dbtype": "mysql", "version": "20.0.5.2", "overwrite.cli.url": "http:\/\/localhost", "dbname": "***REMOVED SENSITIVE VALUE***", "dbhost": "***REMOVED SENSITIVE VALUE***", "dbport": "", "dbtableprefix": "oc_", "mysql.utf8mb4": true, "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "installed": true, "instanceid": "***REMOVED SENSITIVE VALUE***", "trusted_proxies": "***REMOVED SENSITIVE VALUE***", "onlyoffice": { "verify_peer_off": true, "DocumentServerUrl": "https:\/\/office.tabdigital.eu" }, "memcache.local": "\\OC\\Memcache\\APCu", "mail_smtpmode": "smtp", "mail_smtpsecure": "ssl", "mail_sendmailmode": "smtp", "mail_from_address": "***REMOVED SENSITIVE VALUE***", "mail_domain": "***REMOVED SENSITIVE VALUE***", "mail_smtpauthtype": "LOGIN", "mail_smtpauth": "1", "mail_smtphost": "***REMOVED SENSITIVE VALUE***", "mail_smtpport": "465", "mail_smtpname": "***REMOVED SENSITIVE VALUE***", "mail_smtppassword": "***REMOVED SENSITIVE VALUE***", "overwriteprotocol": "https", "maintenance": false, "theme": "", "loglevel": 1, "app_install_overwrite": [ "occweb", "audioplayer" ], "encryption.legacy_format_support": true, "encryption.key_storage_migrated": false } ```Are you using external storage, if yes which one: local/nextcloud/S3
Are you using encryption: 1
Client configuration
Browser: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:84.0) Gecko/20100101 Firefox/84.0
Operating system: unbuntu 20.04