search

snikket-im / snikket-server

Image builder for Snikket server
https://snikket.org/service/
Apache License 2.0
271 stars 31 forks source link

Snikkett no obtaining certs on first boot: /etc/cron.daily/certbot: line 18: SNIKKET_CERTBOT_OPTIONS: unbound variable #217

Closed Danrancan closed 8 months ago

Danrancan commented 8 months ago

I am setting up snikket server on Ubuntu 22.04 Server for the first time. I have followed all of the instructions. I can successfully get to the snicket http://chat.example.com "Snikket is starting" page, but it keeps reloading saying

We are currently obtaining SSL/TLS certificates to secure your Snikket service. The login page should appear in a moment. If not, please reload the page.

On the command line 

sudo docker-compose exec snikket_certs cat /var/log/letsencrypt/letsencrypt.log | grep detail

returns nothing.

Running 

cd /etc/snikket
docker-compose exec snikket_certs /etc/cron.daily/certbot

returns

/etc/cron.daily/certbot: line 18: SNIKKET_CERTBOT_OPTIONS: unbound variable

The following command:

docker-compose exec snikket_certs cat /var/log/letsencrypt/letsencrypt.log | grep detail

returns the following:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 700, in urlopen
    httplib_response = self._make_request(
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 395, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python3.10/http/client.py", line 1283, in request
    self._send_request(method, url, body, headers, encode_chunked)
  File "/usr/lib/python3.10/http/client.py", line 1329, in _send_request
    self.endheaders(body, encode_chunked=encode_chunked)
  File "/usr/lib/python3.10/http/client.py", line 1278, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
  File "/usr/lib/python3.10/http/client.py", line 1038, in _send_output
    self.send(msg)
  File "/usr/lib/python3.10/http/client.py", line 976, in send
    self.connect()
  File "/usr/lib/python3/dist-packages/docker/transport/unixconn.py", line 30, in connect
    sock.connect(self.unix_socket)
PermissionError: [Errno 13] Permission denied

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 439, in send
    resp = conn.urlopen(
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 756, in urlopen
    retries = retries.increment(
  File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 532, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/lib/python3/dist-packages/six.py", line 718, in reraise
    raise value.with_traceback(tb)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 700, in urlopen
    httplib_response = self._make_request(
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 395, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python3.10/http/client.py", line 1283, in request
    self._send_request(method, url, body, headers, encode_chunked)
  File "/usr/lib/python3.10/http/client.py", line 1329, in _send_request
    self.endheaders(body, encode_chunked=encode_chunked)
  File "/usr/lib/python3.10/http/client.py", line 1278, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
  File "/usr/lib/python3.10/http/client.py", line 1038, in _send_output
    self.send(msg)
  File "/usr/lib/python3.10/http/client.py", line 976, in send
    self.connect()
  File "/usr/lib/python3/dist-packages/docker/transport/unixconn.py", line 30, in connect
    sock.connect(self.unix_socket)
urllib3.exceptions.ProtocolError: ('Connection aborted.', PermissionError(13, 'Permission denied'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/docker/api/client.py", line 214, in _retrieve_server_version
    return self.version(api_version=False)["ApiVersion"]
  File "/usr/lib/python3/dist-packages/docker/api/daemon.py", line 181, in version
    return self._result(self._get(url), json=True)
  File "/usr/lib/python3/dist-packages/docker/utils/decorators.py", line 46, in inner
    return f(self, *args, **kwargs)
  File "/usr/lib/python3/dist-packages/docker/api/client.py", line 237, in _get
    return self.get(url, **self._set_request_timeout(kwargs))
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 557, in get
    return self.request('GET', url, **kwargs)
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 544, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 657, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 498, in send
    raise ConnectionError(err, request=request)
requests.exceptions.ConnectionError: ('Connection aborted.', PermissionError(13, 'Permission denied'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/bin/docker-compose", line 33, in <module>
    sys.exit(load_entry_point('docker-compose==1.29.2', 'console_scripts', 'docker-compose')())
  File "/usr/lib/python3/dist-packages/compose/cli/main.py", line 81, in main
    command_func()
  File "/usr/lib/python3/dist-packages/compose/cli/main.py", line 200, in perform_command
    project = project_from_options('.', options)
  File "/usr/lib/python3/dist-packages/compose/cli/command.py", line 60, in project_from_options
    return get_project(
  File "/usr/lib/python3/dist-packages/compose/cli/command.py", line 152, in get_project
    client = get_client(
  File "/usr/lib/python3/dist-packages/compose/cli/docker_client.py", line 41, in get_client
    client = docker_client(
  File "/usr/lib/python3/dist-packages/compose/cli/docker_client.py", line 170, in docker_client
    client = APIClient(use_ssh_client=not use_paramiko_ssh, **kwargs)
  File "/usr/lib/python3/dist-packages/docker/api/client.py", line 197, in __init__
    self._version = self._retrieve_server_version()
  File "/usr/lib/python3/dist-packages/docker/api/client.py", line 221, in _retrieve_server_version
    raise DockerException(
docker.errors.DockerException: Error while fetching server API version: ('Connection aborted.', PermissionError(13, 'Permission denied'))

There is little debugging information about Snikket so I don't know what to do next or how to fix this. Could someone please help?

mwild1 commented 8 months ago

Hi Dan, thanks for the report!

You're right, this is a bug in a release we rolled out a couple of days ago. I'm working on a fix, hang tight!

mwild1 commented 8 months ago

Hi Dan,

A new version is published. Try the following commands:

docker-compose pull
docker-compose up -d

Let me know how it goes!

Danrancan commented 8 months ago

Hi Dan,

A new version is published. Try the following commands:

docker-compose pull
docker-compose up -d

Let me know how it goes!

Thank you! This helped me get my certs and find the invite page. However, when opening the invite on iOS 17.3.1 snikket app, I get the following error:

Registering account
Do you wish to register a new account at chat.example.com?

Yes

Registration failure
Server returned an error: remote server timeout (remote-server-timeout)

Snikket error on iOS IMG_3611

Any suggestions or advice? I have set everything up exactly as the instructions say from a vanilla Ubuntu 22.04 server. Could it be another snikket bug or is this an error on my server? LET ME KNOW. Thanks a ton!

mwild1 commented 8 months ago

Due to the issues you had during setup, try restarting everything with:

docker-compose down
docker-compose up -d

If that doesn't fix it, double-check your firewall allows the necessary ports (the firewall could be on your server, e.g. ufw, or sometimes in a dashboard provided by your hosting provider): https://snikket.org/service/help/advanced/firewall/

You can test your domain works using the tool at https://connect.xmpp.net/ - if everything is set up correctly you should get "Connected" in the "StartTLS" column (the "Direct TLS" column will say "Failed", this is normal).

If you have further problems, join our community chat: https://snikket.org/contact/

Good luck!

Danrancan commented 8 months ago

Due to the issues you had during setup, try restarting everything with:

docker-compose down
docker-compose up -d

If that doesn't fix it, double-check your firewall allows the necessary ports (the firewall could be on your server, e.g. ufw, or sometimes in a dashboard provided by your hosting provider): https://snikket.org/service/help/advanced/firewall/

You can test your domain works using the tool at https://connect.xmpp.net/ - if everything is set up correctly you should get "Connected" in the "StartTLS" column (the "Direct TLS" column will say "Failed", this is normal).

If you have further problems, join our community chat: https://snikket.org/contact/

Good luck!

Thank you for all of this info, but I overlooked something very simple and fixed it. Turns out, when I clicked on the snikket invite link on my iphone, it automatically opened up the iOS app "Siskin IM" instead of "Snikket". Seems like somehow that link prioritizes a non-snikket app as the default app over snikket itself. To fix the behavior, I just deleted the "Siskin IM" app from my iPhone, and then the link automatically opened up snikket and registered me. You might want to look into why it chose to open up "Siskin IM" instead of snikket though.

Anyways, let me know if you figure out the problem with that to satisfy my curiosity. Thanks for the development and help!

Dan

mwild1 commented 8 months ago

Glad you solved it!

Unfortunately iOS does indeed have that limitation, and it does not let the user select which app should open the link. It just picks one of them. Siskin and Snikket both handle XMPP links. There isn't anything we can do about it on our side unfortunately, unless Apple decides to improve this behaviour in iOS (for comparison, in the same situation Android does let you select which app to open if there are multiple possibilities).

Danrancan commented 8 months ago

Glad you solved it!

Unfortunately iOS does indeed have that limitation, and it does not let the user select which app should open the link. It just picks one of them. Siskin and Snikket both handle XMPP links. There isn't anything we can do about it on our side unfortunately, unless Apple decides to improve this behaviour in iOS (for comparison, in the same situation Android does let you select which app to open if there are multiple possibilities).

Thank you very much for the knowledge and background info. Seems like iOS is slacking. Cm'on Apple! get it together! Thanks again for developing this and helping out with the original problem!