September
Mon	Tue	Wed	Thu	Fri	Sat	Sun
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30

[01:20:15] <Yunohost Git/Infra notifications> App rocketchat goes down from level 8 to 6 in job [#18241](https://ci-apps.yunohost.org/ci/job/18241)
[02:51:47] <Solrac> Hello. Is there a command for copying a conf file over to a directory?
[02:52:56] <Solrac> or is cp just fine?
[03:45:24] <Rosbeef Andino 🐧> i think it should be fine i don't know your use case
[05:21:01] <Solrac> Copy `../conf/motioneye.conf` to `/etc/motioneye/motioneye.conf`

Used ynh_add_config
[05:21:12] <Solrac> ~~~Copy `../conf/motioneye.conf` to `/etc/motioneye/motioneye.conf`~~~

Used ynh\_add\_config
[06:46:42] <lapineige> There the helper add_config for this
[06:47:52] <lapineige> It will also manage the replacement of values like `__APP__`
[11:56:28] <lapineige> > So… the app generator is online 👀

I'll do a little polish tomorrow, then it should be ready for some internal (people from this channel basically) testing 🙂
[14:37:04] <Salamandar> Hey
[14:37:05] <Salamandar> I'm working on packaging jellyfin-vue, and it's really weird
[14:37:06] <Salamandar> login fails with the SSO cookie SSOwAuthExpire
[14:37:06] <Salamandar> "Error processing request.%"
[14:37:06] <Salamandar> Sorry, I should be clearer : this is a request on jellyfin itself
[14:39:34] <Salamandar> Did you ever see something like that ? (people who packaged Jellyfin)
[14:53:33] <Salamandar> Alright, i was not looking at the right place
[14:53:48] <Salamandar> it's another REST header that causes the issue
[15:38:25] <Salamandar> OK i get it, jellyfin-vue uses the `Authorization` header and it looks like SSOWat does weird thing with it
[15:40:09] <Salamandar> indeed: https://github.com/YunoHost/SSOwat/blob/38a6f23f3805a098b4ab757ff002f3a5fb3c377a/helpers.lua#L286
[15:40:09] <Salamandar> help Aleks (he/him/il/lui)
[15:40:38] <Aleks (he/him/il/lui)> you may want to set `auth_header = false` on the corresponding permission
[15:41:23] <Salamandar> hmm
[15:41:29] <Salamandar> you mean jellyfin itself ? 😕
[15:41:35] <Aleks (he/him/il/lui)> not 100% sure that's the fix tho, this stuff is always confusing
[15:41:52] <Aleks (he/him/il/lui)> i mean the permission resource in the manifest.toml (assuming you're in packaging v2)
[15:42:11] <Salamandar> yes but that's actually a request on Jellyfin
[15:42:22] <Salamandar> (jellyfin-vue is just bare file exposed by nginx)
[15:43:31] <Salamandar> *gasp* indeed it fixes things
[15:43:32] <Salamandar> *cloc* noice
[15:43:32] <Salamandar> (auth\_header = false on jellyfin in /etc/ssowat/conf.json)
[15:45:17] <Salamandar> * what does it do exactly ?
* can it break something else ?
* is https://github.com/YunoHost/SSOwat/blob/38a6f23f3805a098b4ab757ff002f3a5fb3c377a/helpers.lua#L286 really the behaviour we want ?
[15:48:27] <Salamandar> Ah yes I get it, SSOwat sets the Authorization Basic header… But Jellyfin expects a lot of other things inside, here i have:

-H 'Authorization: MediaBrowser Client="Jellyfin Web", Device="Firefox", DeviceId="TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjoxMDkuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMTYuMHwxNjkzNjY1MDExMzYz", Version="10.8.10"'

[15:49:04] <Salamandar> not a good usage of the Authorization header, IMHO, but okay
[15:56:00] <Salamandar> Aleks (he/him/il/lui): do you have a trick to update permissions with auth_header=false ?
[15:57:25] <Salamandar> found in the doc o/
[16:21:37] <Salamandar> hop : https://github.com/YunoHost-Apps/jellyfin-vue_ynh
[16:21:37] <Salamandar> it works o/
[17:00:10] <lapineige> Congratulations 😄
[17:43:35] <Rosbeef Andino 🐧> I recognize me in your posts
Salamandar Asking for help give me the power to find the solution by myself 😄.

The good of that, I think it can help peoples who read to understand how work the head of a debugger/dev. And give tips how to become one.😎
[17:46:52] <Salamandar> > <@rosbeefandino:3cmr.fr> I recognize me in your posts
> Salamandar Asking for help give me the power to find the solution by myself 😄.
>
> The good of that, I think it can help peoples who read to understand how work the head of a debugger/dev. And give tips how to become one.😎

haha 😄 yeah and in the meantime i read the source code of SSOwat + jellyfin + jellyfin-vue, and i hate javascript 😄
[17:47:16] <Yunohost Git/Infra notifications> [apps] @alexAubin pushed 1 commit to app-store: appstore: implement star logic, at least on catalog ([37330d3d](https://github.com/YunoHost/apps/commit/37330d3d07c58c93701606c4c67682a0779126da))
[17:53:05] <lapineige> > <@Salamandar:matrix.org> haha 😄 yeah and in the meantime i read the source code of SSOwat + jellyfin + jellyfin-vue, and i hate javascript 😄

Yeah I know that (last) feeling 😂
[17:54:28] <Rosbeef Andino 🐧> It's the same for me with sed 🤮
[18:05:35] <lapineige> yeah, same kind of stuff 😁
[18:07:22] <Yunohost Git/Infra notifications> [apps] @alexAubin edited [pull request #1717](https://github.com/YunoHost/apps/pull/1717): New app store
[18:07:45] <Yunohost Git/Infra notifications> [apps] @alexAubin edited [pull request #1717](https://github.com/YunoHost/apps/pull/1717): New app store
[18:08:38] <Salamandar> > <@rosbeefandino:3cmr.fr> It's the same for me with sed 🤮

well once you understand sed, you kinda accept it
[18:08:40] <Salamandar> but awk…
[19:08:53] <lapineige> is very awkward yeah
[19:23:21] <selfhoster1312> what's the web server configuration?
[19:23:55] <lapineige> you mean Nginx config file ?
[19:24:00] <selfhoster1312> yes, the location block
[19:24:11] <selfhoster1312> probably something like `try_files $uri $uri/ =404` ? :P
[19:24:23] <selfhoster1312> with a misconfigured alias/root directive so it's can't find the CSS? ^^"
[19:25:35] <lapineige> Well, I don't understand any Nginx, so I can't tell 😅
[19:25:35] <lapineige> Should be this, using the proper /path : https://github.com/lapineige/flask_ynh/blob/rewrite/conf/nginx.conf
[19:25:48] <lapineige> *(I really love Yunohost exist, understanding Nginx configs alone would have gave me nightmares…)*
[19:25:52] <lapineige> _(I really love Yunohost exists, understanding Nginx configs alone would have gave me nightmares…)_
[19:26:13] <selfhoster1312> haha maybe you would love caddy server, it's a lot easier/better than nginx in some ways :)
[19:26:51] <selfhoster1312> errr so the assets are served from flask? oO
[19:27:05] <selfhoster1312> what's your flask app config?
[19:28:57] <selfhoster1312> (really nginx should serve the files directly it's a lot more efficient, but that works better when you know a static route for assets or for dynamic stuff like /assets or /api so you don't have to use weird heuristics to determine whether to look for a file or pass to the backend... or you can do `try_files $uri $uri/ @backend` but then you need to make sure your assets folder doesn't have a file/folder with the name of a route you want to use xD)
[19:30:46] <lapineige> > <selfhoster1312> what's your flask app config?

how do I know that ?
[19:30:46] <lapineige> (I changed no setting, it's all default's)
[19:32:26] <selfhoster1312> lapineige, if it can help: https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#proxy-everything
[19:32:35] <selfhoster1312> it's just you're using an alias instead of root, but it's the same principle
[19:32:53] <selfhoster1312> ah no wait you mean you use an existing package that you don't "control"? you're not packaging something?
[19:33:03] <selfhoster1312> if so i have no idea how that package works but i can take a look
[19:33:21] <lapineige> I'm unsure I want to touch Nginx config if it's possible to leave it as in the flask\_ynh app. (and if I can avoid doing dark magic… 🙈)
[19:33:43] <selfhoster1312> so the flask_ynh app hasn't been updated in three years, not sure if good news or bad news :P
[19:34:46] <selfhoster1312> for example my_webapp_ynh uses `alias __INSTALL_DIR__/www/;` not `__FINALPATH__` so maybe it has been renamed?
[19:34:55] <lapineige> yes and no.
I'm trying the app generator on the flask\_ynh app, as it's a flask-built website.
That might lead to flask\_ynk app improvements, and/or one day to a "yunohost\_app\_generator\_ynh" thing (probably unrelevant, but if it's one way to automate it's deployment, I'd be happy to build thirs)
[19:34:58] <lapineige> yes and no.
I'm trying the app generator on the flask\_ynh app, as it's a flask-built website.
That might lead to flask\_ynk app improvements, and/or one day to a "yunohost\_app\_generator\_ynh" thing (probably unrelevant, but if it's one way to automate it's deployment, I'd be happy to build this)
[19:35:19] <selfhoster1312> https://yunohost.org/en/packaging_v2
> to get rid of funky historical, not-super-semantic stuff such as __FINALPATH__ being replaced by $final_path (with underscore), or __PATH__ being replaced by $path_url, etc.
[19:35:24] <selfhoster1312> not sure if that means it's actually been deprecated
[19:35:36] <selfhoster1312> lapineige, where's the CSS file on your disk?
[19:35:40] <selfhoster1312> (the absolute path)
[19:35:58] <lapineige> Well technically I've done it yesterday 😂
Someone made a rewrite in 2021, it's working, even if it's likely to have outdated config (non state-of-the-art I mean)
[19:37:17] <lapineige> `/var/www/flask/static/stuff.css`. Flask file is in `/var/www/flask/main.py`. HTML in `/var/www/flask/templates/index.html`
[19:37:17] <lapineige> `/var/www/flask/static/stuff.css`
[19:37:18] <selfhoster1312> and what does the alias look like in the actual config file in /etc/nginx/conf.d/DOMAIN.TLD/flask.conf ? (can you copy the whole file to a pastebin)
[19:37:23] <lapineige> > <selfhoster1312> not sure if that means it's actually been deprecated

the path is good, no worries here. And packaging v1 is still a thing, yes 🙂
[19:37:51] <selfhoster1312> ok, can you post your nginx config (the actual one?)
[19:38:08] <lapineige> ```
rewrite ^/yunohost-app-generator$ /yunohost-app-generator/ permanent;
location /yunohost-app-generator/ {

# Path to source
alias /var/www/flask/ ;

# Force usage of https
if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent;
}

# Prevent useless logs
location = /yunohost-app-generator/favicon.ico {
log_not_found off;
access_log off;
}
location = /yunohost-app-generator/robots.txt {
allow all;
log_not_found off;
access_log off;
}

proxy_pass http://localhost:8098;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Port $server_port;

proxy_buffering off;

# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";

# Include SSOWAT user panel.
include conf.d/yunohost_panel.conf.inc;
}

```
[19:38:35] <lapineige> yes, there is a space in the first line, I don't know if it's an issue
[19:38:58] <selfhoster1312> nah nginx is not space-afraid :D
[19:39:35] <selfhoster1312> but the alias goes to /var/www/flask/ (without /static/) so that's a first problem, then we can add a new location block for the flask app
[19:41:36] <lapineige> oh so it doesn't include all subdirectories ?
[19:42:01] <lapineige> what are these webservers made for ? 😁
[19:42:28] <selfhoster1312> yes it does if you go to https://domain.tld/yunohost-app-generator/static/style.css
[19:42:50] <selfhoster1312> but you said it's looking for /yunohost-app-generator/stylesheet.css
[19:43:03] <selfhoster1312> can you save your config file somewhere and try this one plz?
https://0x0.st/HpJD.conf
[19:43:39] <selfhoster1312> it should first look for a file in static/ and if not found, pass the request to flask
[19:46:09] <lapineige> For some reason, I can't load the CSS file…
`The resource from “https://verysecretdomain.tld/yunohost-app-generator/static/stylesheet.css” was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff).`
If I try to load the page `https://verysecretdomain.tld/yunohost-app-generator/static/stylesheet.css`, indeed, I have an html file with a 404.
I don't get it.
Any idea ? 😅
[19:46:23] <lapineige> oh yeah sorry it's in static ! I forgot to cancel my last test
[19:46:45] <selfhoster1312> still, change the nginx config to have it serve the files, can't hurt :)
[19:46:48] <lapineige> and by default the flask app installed by the app using static/css/file.css
[19:48:17] <selfhoster1312> (then you can patch the flask_ynh app to do this! everybody wins! :))
[19:50:16] <lapineige> > <selfhoster1312> still, change the nginx config to have it serve the files, can't hurt :)

Am I supposed to replace mine with yours ?
[19:50:23] <selfhoster1312> sure, at least for trying :)
[19:51:38] <lapineige> `[emerg] named location "@appgenerator" can be on the server level only`
[19:52:54] <selfhoster1312> ah oui pardon lui faut le mettre un niveau au dessus :)
[19:53:31] <selfhoster1312> https://0x0.st/HpJh.conf
[19:58:47] <lapineige> Oh, I've spotted a funky warning when trying it:
`[warn] could not build optimal proxy_headers_hash, you should increase either proxy_headers_hash_max_size: 512 or proxy_headers_hash_bucket_size: 64; ignoring proxy_headers_hash_bucket_size`
[19:59:16] <selfhoster1312> yeah that's not a huge problem :)
[19:59:22] <selfhoster1312> does it work ?
[20:00:41] <selfhoster1312> (i should have said, to reload nginx config, `nginx -s reload` or `systemctl restart nginx`)
[20:00:47] <lapineige> … 403 Forbiden 😅
[20:00:48] <selfhoster1312> (the former will not stop existing connections to your server which is GREAT)
[20:00:55] <selfhoster1312> hahaha nice
[20:01:00] <selfhoster1312> what's the permissions on the file ?
[20:01:11] <selfhoster1312> ls -alh /...
[20:01:41] <lapineige> 777
[20:03:31] <selfhoster1312> and the parent folders? do they all have the x permission for nginx to read the directory?
[20:05:45] <selfhoster1312> (but 777 is strange permission for a file on a shared server :P)
[20:06:09] <selfhoster1312> as long as www-data can have x permission on /var/www/flask... and r permission on the files it should work :)
[20:11:19] <Aleks (he/him/il/lui)> `namei -l` is your friend, becayse one of the hardest aspect of unix permission system is that effective access doesnt depend just on the file permission, it also depends on every directory in the file path
[20:15:51] <lapineige> I did a chmod 777 -R on the whole `/var/www/flask`
[20:16:00] <lapineige> (but yeah, this command is really handy)
[20:16:20] <Aleks (he/him/il/lui)> @_@
[20:16:48] <lapineige> I don't really care, it's a testing server. I made things as simple as possible
[20:17:36] <lapineige> (also, using ftp I didn't have the right to log as root, admin couldn't edit those files, and the flask app creates no sftp access for flask user, so I kept things simple)
[20:28:34] <lapineige> So I don't know what to do, the original nginx while works with no CSS, yours selfhoster1312 is promising but prefers 403 errors to real content 😅
[20:28:54] <lapineige> (for my tests for now I copy-pasted the CSS file content into the html)
[20:29:40] <lapineige> selfhoster1312: In particular I don't understand the `location @appgenerator {` part. What is this supposed to correspond to ?
[20:35:16] <lapineige> Couldn't there be a simple line to tell Nginx to serve any file from /subfolder ?
[20:52:42] <Aleks (he/him/il/lui)> https://github.com/YunoHost/apps/blob/app-store/store/nginx.conf.example#L5
[21:40:55] <selfhoster1312> sry i was afk :)
[21:43:15] <selfhoster1312> lapineige, how can nginx do 403 with 777? oO
[21:43:51] <selfhoster1312> TIL: `namei -l` thanks Aleks (he/him/il/lui) for sharing :)
[21:45:00] <selfhoster1312> maybe check /var/log/nginx/DOMAIN-error.log, /var/log/nginx/ssowat.log ... ?
[21:45:49] <selfhoster1312> if you share output of `namei -l /var/www/flask/assets/stylesheet.cs` maybe we can spot something obvious we missed :)
[21:53:38] <lapineige> > <selfhoster1312> sry i was afk :)

there is no deadline 🙂
[22:06:47] <lapineige> > <selfhoster1312> if you share output of `namei -l /var/www/flask/assets/stylesheet.cs` maybe we can spot something obvious we missed :)

```
/var/www/flask/static/stylesheet.css
drwxr-xr-x root root /
drwxr-xr-x root root var
drwxr-xr-x root root www
drwxrwxrwx flask www-data flask
drwxrwxrwx flask www-data static
-rwxrwxrwx flask www-data stylesheet.css
```
[22:07:42] <lapineige> (Aleks : take a deep breath, yes, ignore those 777, you don't see them, keep breathing, keep going, going… 😄)
[22:10:50] <selfhoster1312> et dans le error log du domaine lapineige ça dit quoi ? c'est bien le fichier que tu cherchais à atteindre ?
[22:11:16] <selfhoster1312> ça doit dire un truc comme:
> 2023/09/02 22:10:17 [error] 23253#23253: *78938 open() "/var/www/my_webapp/www/forbidden.html" failed (13: Permission denied), client: 127.0.0.1, server: domain.tld, request: "GET /login/forbidden.html HTTP/2.0", host: "domain.tld"
[23:04:58] <Yunohost Git/Infra notifications> App rspamdui stays at level 1 in job [#18258](https://ci-apps.yunohost.org/ci/job/18258)