Error when sharing behind Caddy...

[fcwoknhenuxdfiyv]

Hello, I'm trying to get Snikket up and running on a server running other services. I have the portal (invitations, etc) working and I can connect with BeagleIM and the Snikket phone apps.

I cannot add files to any private or group chats. I'll use the Android client as an example.

When uploading, the server log shows:

share.chat.example.net:http_file_share  info      Issuing upload slot to jason@chat.example.net for 929 KiB

On the client, the "delivery failed" error is:

stream was reset: NO_ERROR

The file /snikket/prosody/share%2echat%2eexample%2enet/uploads.list contains

item({
        ["name"] = "request";
        ["key"] = "DIB8mdk08mb5B1wnMMnZf-79";
        ["with"] = "jason@chat.example.net";
        ["attr"] = {
                ["xmlns"] = "urn:xmpp:http:upload:0";
                ["filename"] = "ashim-d\226\128\153silva-WeYaml
e9fDM.jpg";
                ["stamp"] = "2022-12-15T15:15:22Z";
                ["content-type"] = "image/jpeg";
                ["size"] = "951384";
        };
        ["when"] = 1671117322;
});

There are no other files in the share directory.

The way I have Snikket set up is:

caddy-docker-proxy -> snikket-web-proxy -> snikket-portal
                                        -> snikket-server

I realise that the problem is more than likely with the Caddy proxy, I'm just hoping somebody else came across the problem that could lead me in the right direction to fix it.

Many thanks, Jason.

[mwild1]

Hi Jason,

Can you access https://share.example.com/ in your web browser? In the current release you should see a "Snikket is starting" page (we plan to serve something more sensible here in a future release!). If you get an error or anything else, what is that error?

Reverse proxies are probably the main issue people have with setting up Snikket, but often the problem is something simple (e.g. a typo or missing section in the reverse proxy config). Have you seen the reverse proxy guide? It includes an example configuration for Caddy.

Hope this helps!

[fcwoknhenuxdfiyv]

Hi!

Thanks for the quick reply!

My caddy-docker-proxy setup is based on the proxy guide. I get a blank page when I access share.* so I'll use that as a lead and report back.

As an aside, using a plain old Prosody server behind docker isolation, I have no problems with uploads.

Cheers, Jason.

[fcwoknhenuxdfiyv]

I managed to get Snikket working without the snikket-web-proxy component. It didn’t sit right with me that I was proxying a proxy. I had to use an external turn server but the setup feels cleaner than running everything on the host network.

Having everything configured through snikket.conf really helped, so great job on building it that way!

Here is my working setup except the caddy-docker-proxy setup (which also handles the certificates). I didn’t include it as it’s in another project.

I hope this is useful to somebody.

Tweak the certs volume as follows to make all the startup scripts work. This will probably differ as I use a self-written certificate manager for LE:

root@514f67d22639:/etc/prosody/certs# ls -l *example*
lrwxrwxrwx 1 prosody prosody   14 Dec 14 16:37 chat.example.net.crt -> example.net.crt
lrwxrwxrwx 1 prosody prosody   14 Dec 14 16:37 chat.example.net.key -> example.net.key
-rwxr-xr-x 1 prosody prosody 5622 Dec 15 08:53 example.net.crt
-rwxr-xr-x 1 prosody prosody 1675 Dec 15 08:52 example.net.key

chat.example.net:
total 0
lrwxrwxrwx 1 prosody prosody 17 Dec 14 16:02 cert.pem -> ../example.net.crt
lrwxrwxrwx 1 prosody prosody 17 Dec 14 16:00 fullchain.pem -> ../example.net.crt
lrwxrwxrwx 1 prosody prosody 17 Dec 14 16:01 privkey.pem -> ../example.net.key
root@514f67d22639:/etc/prosody/certs#

snikket.conf:

SNIKKET_DOMAIN=chat.example.net
SNIKKET_ADMIN_EMAIL=admin@example.net

SNIKKET_WEB_PROSODY_ENDPOINT='http://snikket_server:5280'
SNIKKET_WEB_DOMAIN='snikket_server'

SNIKKET_TWEAK_INTERNAL_HTTP_HOST=snikket_server
SNIKKET_TWEAK_INTERNAL_HTTP_INTERFACE=0.0.0.0
SNIKKET_TWEAK_INTERNAL_HTTP_PORT=5280

SNIKKET_TWEAK_PORTAL_INTERNAL_HTTP_HOST=snikket_portal
SNIKKET_TWEAK_PORTAL_INTERNAL_HTTP_INTERFACE=0.0.0.0
SNIKKET_TWEAK_PORTAL_INTERNAL_HTTP_PORT=5765

SNIKKET_TWEAK_TURNSERVER=0
SNIKKET_TWEAK_TURNSERVER_DOMAIN=turn.example.net
SNIKKET_TWEAK_TURNSERVER_SECRET=long-turn-server-secret-really-a-bunch-of-random-characters-dont-use-this!

docker-compose.yml:

version: '3'

volumes:
  certs:
    name: proxy_certs
  snikket_data:

networks:
  default: {}
  proxy_default:
    external: true

services:
  coturn:
    image: coturn/coturn
    command: >
      --server-name=turn.example.net 
      --realm=turn.example.net 
      --listening-ip=0.0.0.0 
      --cert=/certs/example.net.crt 
      --pkey=/certs/example.net.key 
      --min-port=49100 
      --max-port=49200 
      --use-auth-secret 
      --static-auth-secret=long-turn-server-secret-really-a-bunch-of-random-characters-dont-use-this!
      --verbose
    restart: unless-stopped
    network_mode: host
    volumes:
      - certs:/certs

  snikket_portal:
    container_name: snikket-portal
    env_file: snikket.conf
    image: snikket/snikket-web-portal:beta
    networks:
      - proxy_default
      - default
    labels:
      caddy_0: chat.example.net
      caddy_0.tls: /certs/example.net.crt /certs/example.net.key
      caddy_0.reverse_proxy: "{{ upstreams 5765 }}"
      caddy_1: groups.chat.example.net
      caddy_1.tls: /certs/example.net.crt /certs/example.net.key
      caddy_1.reverse_proxy: "{{ upstreams 5765 }}"
    restart: "unless-stopped"

  snikket_server:
    container_name: snikket
    env_file: snikket.conf
    image: snikket/snikket-server:beta
    ports:
      - "5000:5000"
      - "5222:5222"
      - "5223:5223"
      - "5269:5269"
    networks:
      - proxy_default
      - default
    labels:
      caddy: share.chat.example.net
      caddy.tls: /certs/example.net.crt /certs/example.net.key
      caddy.reverse_proxy: "{{ upstreams 5280 }}"
    volumes:
      - snikket_data:/snikket
      - certs:/etc/prosody/certs
    restart: "unless-stopped"