Monday, January 09, 2023
dev@conference.yunohost.org
January
Mon Tue Wed Thu Fri Sat Sun
            1
2
 3
 4
 5
 6
 7
 8
9
 10
 11
 12
 13
 14
 15
16
 17
 18
 19
 20
 21
 22
23
 24
 25
 26
 27
 28
 29
30
 31
          

[09:25:46] <Yunohost Git/Infra notifications> [issues] @olberger commented on issue #2117 Domains tool broken : Invalid argument domain: Must be a valid domain name: Seems to be fixed after todays upgrade of yunohost-admin to 11.1.2.1. Thanks https://github.com/YunoHost/issues/issues/2117#issuecomment-1375323454
[14:48:15] <Yunohost Git/Infra notifications> @selfhoster1312 forked SSOwat to selfhoster1312/SSOwat: https://github.com/selfhoster1312/SSOwat
[14:50:44] <Yunohost Git/Infra notifications> [SSOwat] @selfhoster1312 opened pull request #209: Authentication headers are ONLY set when user is logged https://github.com/YunoHost/SSOwat/pull/209
[15:24:13] <tituspijean> > <@Alekswag:matrix.org> heuarg my bad the catalog was again like 50 commits behind because of uncommited stuff ~_~

was it because I yoloedited the files when debugging the catalog?
[15:24:39] <Aleks (he/him/il/lui)> ah was it you ? xD
[15:24:41] <Aleks (he/him/il/lui)> idk
[15:24:43] <Aleks (he/him/il/lui)> though it was me
[15:28:41] *tituspijean hides in bush
[15:30:07] <tituspijean> (I had directely tweaked the list_builder.py during the appsatastrophe last weekend)
[15:30:28] <Yunohost Git/Infra notifications> [YunoHost documentation] [🔴 Down] Request failed with status code 500
[15:31:12] <Yunohost Git/Infra notifications> [issues] @selfhoster1312 closed issue #2122: ynh_script_progression does not work in helper script https://github.com/YunoHost/issues/issues/2122
[15:31:13] <Yunohost Git/Infra notifications> [issues] @selfhoster1312 commented on issue #2122 ynh_script_progression does not work in helper script: Closing because the lint got merged https://github.com/YunoHost/issues/issues/2122#issuecomment-1375799867
[15:31:13] <Yunohost Git/Infra notifications> [YunoHost documentation] [✅ Up] 200 - OK
[15:31:22] <Aleks (he/him/il/lui)> tituspijean: shame on you, you are the only person in the world to dev in production :P
[15:32:42] <eric_G> I must be the second one
[15:33:16] <tituspijean> I was like "nah let's try locally first", but then the script was failing and I thought, eh we are already SNAFU, so letz go... 😇
[15:34:20] <Yunohost Git/Infra notifications> [issues] @selfhoster1312 labeled :birthday: feature on issue #2123: SSOWat should prefix auth headers https://github.com/YunoHost/issues/issues/2123
[15:34:26] <Yunohost Git/Infra notifications> [issues] @selfhoster1312 opened issue #2123: SSOWat should prefix auth headers https://github.com/YunoHost/issues/issues/2123
[16:28:52] <Yunohost Git/Infra notifications> [YunoHost demo] [🔴 Down] Request failed with status code 502
[16:33:53] <Yunohost Git/Infra notifications> [YunoHost demo] [✅ Up] 200 - OK
[17:16:04] <Yunohost Git/Infra notifications> [SSOwat] @alexAubin merged pull request #209: Authentication headers are ONLY set when user is logged https://github.com/YunoHost/SSOwat/pull/209
[17:16:04] <Yunohost Git/Infra notifications> [SSOwat] @alexAubin pushed 2 commits to dev: https://github.com/YunoHost/SSOwat/compare/2af882a69d95...e60e95f5b4b8
[17:16:11] <Yunohost Git/Infra notifications> [SSOwat/dev] applications where the auth headers were not cleared... - selfhoster1312
[17:16:13] <Yunohost Git/Infra notifications> [SSOwat/dev] gged... - Alexandre Aubin
[17:18:25] <Aleks (he/him/il/lui)> @room anybody around that runs Yunohost 11.1 (testing) AND uses nextcloud desktop and could test an upcoming ssowat release ?
[17:19:08] <tituspijean> Nope but I can install it.
[17:19:22] <Salamandar> same
[17:21:25] <Aleks (he/him/il/lui)> would be helpful yeah ;P
[17:21:56] <Aleks (he/him/il/lui)> feel free to install it now and check that it's working, the point is to release ssowat and validate that it's still working after the update
[17:25:52] <tituspijean> Installed and syncing. :)
[17:27:19] <tituspijean> Oh nice, they have implemented placeholder files now. ☺️
[17:30:19] <Yunohost Git/Infra notifications> 🏗️ Starting build for ssowat/11.1.2+202301091730 for bullseye/unstable/all ...
[17:31:46] <Yunohost Git/Infra notifications> ✔️ Completed build for ssowat/11.1.2+202301091730 for bullseye/unstable/all.
[17:34:23] <Yunohost Git/Infra notifications> [SSOwat] @alexAubin pushed 2 commits to dev: https://github.com/YunoHost/SSOwat/compare/e60e95f5b4b8...8621a1e1a3d9
[17:34:29] <Yunohost Git/Infra notifications> [SSOwat/dev] security: Also check client-provided auth headers to prevent impersonation - Alexandre Aubin
[17:34:29] <Yunohost Git/Infra notifications> [SSOwat/dev] Update changelog for 11.1.2.1 - Alexandre Aubin
[17:34:31] <Yunohost Git/Infra notifications> [SSOwat] @alexAubin created new tag debian/11.1.2.1
[17:36:08] <Yunohost Git/Infra notifications> 🏗️ Starting build for ssowat/11.1.2.1 for bullseye/testing/all ...
[17:37:06] <Yunohost Git/Infra notifications> ✔️ Completed build for ssowat/11.1.2.1 for bullseye/testing/all.
[17:38:14] <tituspijean> Upgrading...
[17:39:30] <Aleks (he/him/il/lui)> wasnt planning on spending 3 hours today thinking about all the existential questions raised by changing 10 lines in ssowat é_è
[17:43:24] <florent> By chance, could that fix this issue? https://github.com/YunoHost-Apps/nextcloud_ynh/issues/478
[17:43:33] <yunohelper> titus: I lost both Dendrite and Nextcloud connections. :'(
[17:43:47] <yunohelper> titus: I lost both Dendrite and Nextcloud connections. :'(
[17:43:56] <Aleks (he/him/il/lui)> wut
[17:44:05] <Aleks (he/him/il/lui)> oopsies
[17:45:14] <Yunohost Git/Infra notifications> 🏗️ Starting build for ssowat/11.1.2.1+202301091745 for bullseye/unstable/all ...
[17:45:32] <Aleks (he/him/il/lui)> even Nextcloud from webbrowser ?
[17:45:37] <florent> (my question might be stupid ^^)
[17:45:53] <Aleks (he/him/il/lui)> > By chance, could that fix this issue? https://github.com/YunoHost-Apps/nextcloud_ynh/issues/478

i'm not sure, sounds like something different
[17:46:20] <Yunohost Git/Infra notifications> ✔️ Completed build for ssowat/11.1.2.1+202301091745 for bullseye/unstable/all.
[17:46:29] <florent> OK, nevermind, I'll see when we'll get the update if by chance that fixes that ^^
[17:50:25] <Aleks (he/him/il/lui)> florent: trying to read more about it feels like it may worsen the issue lol
[17:50:42] <Aleks (he/him/il/lui)> `When I then try to access the public share URL, the SSO credentials are used for the Basic Auth on PROPFIND /public.php/webdav/ ..but Nextcloud expects the share ID here and therefore throws back a 401.` --> meh wut
[17:51:49] <Aleks (he/him/il/lui)> i think the previous commit gonna break it even when being not logged in
[17:52:28] <Aleks (he/him/il/lui)> hmpf
[17:53:25] <Aleks (he/him/il/lui)> is `PROPFIND` the HTTP verb ? o_O
[17:54:43] <Aleks (he/him/il/lui)> hmf i guess we could add an exception for propfind verb but that sounds kinda dirty and not the right way to fix it
[17:58:31] <Aleks (he/him/il/lui)> tituspijean: are you still with us somehow ? 👀
[18:06:29] <tituspijean[m]> soooo libera.chat does not work for me... I see the messages but you don't see mine
[18:06:50] <tituspijean[m]> https://aria.im/_matrix/media/v1/download/matrix.org/mcXwOfMyMjgjFPUwWeOgUpHd
[18:07:37] <tituspijean[m]> web browser works for Nextcloud
[18:10:34] <Aleks (he/him/il/lui)> heaurg
[18:11:24] <Aleks (he/him/il/lui)> sooo can you elaborate what doesnt work ? Element/Synapse doesnt recognize the auth anymore ? Does nextcloud in web works ? Nextcloud desktop ? Any other app ?
[18:13:37] <Aleks (he/him/il/lui)> (on my dev env I'm able to connect to Nextcloud through web as usual)
[18:14:56] <tituspijean[m]> Element/dendrite:
```
M_MISSING_TOKEN: MatrixError: [401] missing access token (https://dendrite.pijean.ovh/_matrix/client/r0/rooms
```
[18:14:57] <tituspijean[m]> Nextcloud web is OK
[18:14:58] <tituspijean[m]> I'm trying to find the logs for Nextcloud desktop. It says bad username/password
[18:16:08] <Aleks (he/him/il/lui)> yeah it's probably hitting the new 401...
[18:16:18] <ljf[m]> should we make an audio ?
[18:16:36] <Aleks (he/him/il/lui)> yeah it's quite complex to debug but i'm not at home / no mic :|
[18:16:54] <ljf[m]> ok
[18:17:45] <Aleks (he/him/il/lui)> i'm guessing the nextcloud desktop client sends some Authorization: Basic header which actually have nothing to do with yunohost, just like for the PROPFIND stuff florent was linking to
[18:18:14] <Aleks (he/him/il/lui)> and then we can't easily differentiate between nextcloud basic auth header and an attacker trying to impersonate
[18:18:23] <Aleks (he/him/il/lui)> unless there's a pattern or something
[18:19:08] <Aleks (he/him/il/lui)> maybe checking if the user part of the Auth header is a yunohost username or something
[18:19:37] <Aleks (he/him/il/lui)> but that's shaky
[18:25:00] <tituspijean[m]> The logs from the client are not helpful at first glance, same error with wrong username/password
[18:25:20] <Aleks (he/him/il/lui)> yeah what would be cool would be to be able to dump the request somehow
[18:25:20] <tituspijean[m]> (and it's the right one, I get prompted by Netcloud WEB to grant access)
[18:25:22] <Aleks (he/him/il/lui)> or at least the headers
[18:26:58] <Aleks (he/him/il/lui)> i'm trying to install nextcloud-client to debug it on my side
can you try to rather investiate the thing with element/matrix ? I would be looking for some request in the Network tab of the browser, see if there's an Authorization: Basic <base64stuff> header in the communication with synapse
[18:29:27] <tituspijean[m]> Requests to Dendrite do have a `Authorization Bearer <somekey>`
[18:30:06] <Aleks (he/him/il/lui)> ah ?
[18:30:08] <Aleks (he/him/il/lui)> hmmm
[18:30:31] <Aleks (he/him/il/lui)> thinking intensifies
[18:30:54] <Aleks (he/him/il/lui)> frowning intensifies
[18:33:35] <Aleks (he/him/il/lui)> so definitely we should not drop authorization headers which are not basic, that's probably the issue with synapse/element
[18:33:54] <Aleks (he/him/il/lui)> and this we can easily do
[18:34:20] <Aleks (he/him/il/lui)> for nextcloud i think that the desktop client also seem to use some PROPFIND route so maybe this could be enough to not drop the header when the route has this verb
[18:39:27] <Aleks (he/him/il/lui)> https://botsin.space/@scream
[18:40:32] <Aleks (he/him/il/lui)> hmmmm actually those 2 fixes may render the option --auth_header obsolete ?
[18:40:51] <Aleks (he/him/il/lui)> this is an emotional rollercoster
[18:40:55] <Aleks (he/him/il/lui)> confusedgolumn.gif
[18:46:11] <Aleks (he/him/il/lui)> emeged it wurks
[18:47:56] <Yunohost Git/Infra notifications> [SSOwat] @alexAubin pushed 2 commits to dev: https://github.com/YunoHost/SSOwat/compare/8621a1e1a3d9...d85dc4f999fe
[18:47:56] <Yunohost Git/Infra notifications> [SSOwat] @alexAubin created new tag debian/11.1.2.2
[18:47:59] <Yunohost Git/Infra notifications> [SSOwat/dev] c auth... - Alexandre Aubin
[18:48:03] <Yunohost Git/Infra notifications> [SSOwat/dev] Update changelog for 11.1.2.2 - Alexandre Aubin
[18:48:13] <Yunohost Git/Infra notifications> 🏗️ Starting build for ssowat/11.1.2.2 for bullseye/testing/all ...
[18:49:07] <Yunohost Git/Infra notifications> ✔️ Completed build for ssowat/11.1.2.2 for bullseye/testing/all.
[18:50:24] <Aleks (he/him/il/lui)> tituspijean: feel free to try if this fixes both issues for you 👀
[18:52:15] <tituspijean[m]> Error 500 in Dendrite now, and Nextcloud Desktop failing upon sync
[18:52:24] <tituspijean[m]> "l'hôte requiert une authentification"
[18:54:02] <Aleks (he/him/il/lui)> ugh
[18:54:18] <Aleks (he/him/il/lui)> can you `grep 500` on recent nginx logs ?
[18:54:27] <Aleks (he/him/il/lui)> to see what route exactly is triggering the 500
[18:55:25] <Aleks (he/him/il/lui)> and maybe `tail -n 50 /var/log/nginx/*error.log` or something
[18:56:20] <tituspijean[m]> ```
/var/log/nginx/dendrite.pijean.ovh-access.log:2a01:cb11:9f:3200:f0a8:3390:f990:7fdb - - [09/Jan/2023:19:55:07 +0100] "GET /_matrix/client/r0/pushrules/ HTTP/2.0" 500 170 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0) Gecko/20100101 Firefox/108.0"
```
nothing in error.log
[18:57:33] <Aleks (he/him/il/lui)> yes the `*` was important ;P
[18:57:51] <tituspijean[m]> I did not see your message actually xD
[18:57:59] <Aleks (he/him/il/lui)> wut :D
[18:58:10] <tituspijean[m]> looking at the grep \* now
[18:58:32] <Aleks (he/him/il/lui)> probably a stupid typo in ssowat code /o\
[18:59:07] <tituspijean[m]> ```
==> /var/log/nginx/pijean.ovh-error.log <==
2023/01/09 03:38:23 [error] 4072550#4072550: *70974 "/usr/share/nginx/html/yunohost/sso/index.html" is not found (2: No such file or directory), client: 34.221.225.55, server: pijean.ovh, request: "HEAD /yunohost/sso/?r=aHR0cHM6Ly9zaWduYWwucGlqZWFuLm92aC8= HTTP/2.0", host: "pijean.ovh", referrer: "https://signal.pijean.ovh/"
2023/01/09 11:21:34 [error] 4107039#4107039: *73189 open() "/var/www/element/config.pijean.ovh.json" failed (2: No such file or directory), client: 165.225.204.149, server: pijean.ovh, request: "GET /element/config.pijean.ovh.json?cachebuster=1673259691831 HTTP/1.1", host: "pijean.ovh"
2023/01/09 14:49:39 [error] 4158738#4158738: *80360 "/usr/share/nginx/html/yunohost/sso/index.html" is not found (2: No such file or directory), client: 34.221.76.12, server: pijean.ovh, request: "HEAD /yunohost/sso/?r=aHR0cHM6Ly9zeW5hZG0ucGlqZWFuLm92aC8= HTTP/2.0", host: "pijean.ovh", referrer: "https://synadm.pijean.ovh/"
2023/01/09 18:23:35 [error] 4170658#4170658: *87482 open() "/var/www/element/config.pijean.ovh.json" failed (2: No such file or directory), client: 2a01:cb11:9f:3200:f0a8:3390:f990:7fdb, server: pijean.ovh, request: "GET /element/config.pijean.ovh.json?cachebuster=1673284979249 HTTP/2.0", host: "pijean.ovh"
2023/01/09 18:38:53 [error] 4182883#4182883: *12 [lua] helpers.lua:380: authenticate(): Connection failed for: titus, client: 2a01:cb11:9f:3200:f0a8:3390:f990:7fdb, server: pijean.ovh, request: "PROPFIND /nextcloud/remote.php/dav/files/titus/ HTTP/1.1", host: "pijean.ovh"
2023/01/09 18:40:38 [error] 4182883#4182883: *214 connect() failed (111: Connection refused) while connecting to upstream, client: 2a01:cb11:9f:3200:f0a8:3390:f990:7fdb, server: pijean.ovh, request: "GET /nodered/ HTTP/2.0", upstream: "http://[::1]:1880/", host: "pijean.ovh", referrer: "https://pijean.ovh/yunohost/sso/?r=aHR0cHM6Ly9waWplYW4ub3ZoL25vZGVyZWQv"
2023/01/09 18:40:49 [error] 4182883#4182883: *214 connect() failed (111: Connection refused) while connecting to upstream, client: 2a01:cb11:9f:3200:f0a8:3390:f990:7fdb, server: pijean.ovh, request: "GET /nodered/admin/red/tours/welcome.js HTTP/2.0", upstream: "http://[::1]:1880/admin/red/tours/welcome.js", host: "pijean.ovh", referrer: "https://pijean.ovh/nodered/admin/red/red.min.js?v=3.0.2"
2023/01/09 18:41:57 [error] 4182883#4182883: *214 connect() failed (111: Connection refused) while connecting to upstream, client: 2a01:cb11:9f:3200:f0a8:3390:f990:7fdb, server: pijean.ovh, request: "GET /nodered/admin/red/images/typedInput/az.svg HTTP/2.0", upstream: "http://[::1]:1880/admin/red/images/typedInput/az.svg", host: "pijean.ovh", referrer: "https://pijean.ovh/nodered/admin/"
2023/01/09 18:42:48 [error] 4182883#4182883: *214 connect() failed (111: Connection refused) while connecting to upstream, client: 2a01:cb11:9f:3200:f0a8:3390:f990:7fdb, server: pijean.ovh, request: "POST /nodered/admin/inject/bb9a52eed60a976c HTTP/2.0", upstream: "http://[::1]:1880/admin/inject/bb9a52eed60a976c", host: "pijean.ovh", referrer: "https://pijean.ovh/nodered/admin/"
2023/01/09 18:43:43 [error] 4182883#4182883: *214 connect() failed (111: Connection refused) while connecting to upstream, client: 2a01:cb11:9f:3200:f0a8:3390:f990:7fdb, server: pijean.ovh, request: "POST /nodered/admin/flows HTTP/2.0", upstream: "http://[::1]:1880/admin/flows", host: "pijean.ovh", referrer: "https://pijean.ovh/nodered/admin/"
2023/01/09 18:51:53 [error] 4182883#4182883: *739 open() "/var/www/element/config.pijean.ovh.json" failed (2: No such file or directory), client: 2a01:cb11:9f:3200:f0a8:3390:f990:7fdb, server: pijean.ovh, request: "GET /element/config.pijean.ovh.json?cachebuster=1673286677042 HTTP/2.0", host: "pijean.ovh"
2023/01/09 18:58:41 [error] 4182883#4182883: *1482 [lua] helpers.lua:380: authenticate(): Connection failed for: titus, client: 2a01:cb11:9f:3200:f0a8:3390:f990:7fdb, server: pijean.ovh, request: "GET /nextcloud/status.php HTTP/1.1", host: "pijean.ovh"
2023/01/09 19:00:27 [error] 4182883#4182883: *1557 [lua] helpers.lua:380: authenticate(): Connection failed for: titus, client: 2a01:cb11:9f:3200:f0a8:3390:f990:7fdb, server: pijean.ovh, request: "GET /nextcloud/status.php HTTP/1.1", host: "pijean.ovh"
2023/01/09 19:03:33 [error] 4182883#4182883: *1705 [lua] helpers.lua:380: authenticate(): Connection failed for: titus, client: 2a01:cb11:9f:3200:f0a8:3390:f990:7fdb, server: pijean.ovh, request: "GET /nextcloud/status.php HTTP/1.1", host: "pijean.ovh"
2023/01/09 19:07:41 [error] 4182883#4182883: *1924 [lua] helpers.lua:380: authenticate(): Connection failed for: titus, client: 2a01:cb11:9f:3200:f0a8:3390:f990:7fdb, server: pijean.ovh, request: "GET /nextcloud/status.php HTTP/1.1", host: "pijean.ovh"
2023/01/09 19:12:51 [error] 4182883#4182883: *2283 [lua] helpers.lua:380: authenticate(): Connection failed for: titus, client: 83.112.72.207, server: pijean.ovh, request: "GET /nextcloud/status.php HTTP/1.1", host: "pijean.ovh"
2023/01/09 19:13:39 [error] 4182883#4182883: *739 open() "/var/www/element/config.pijean.ovh.json" failed (2: No such file or directory), client: 2a01:cb11:9f:3200:f0a8:3390:f990:7fdb, server: pijean.ovh, request: "GET /element/config.pijean.ovh.json?cachebuster=1673287982744 HTTP/2.0", host: "pijean.ovh"
2023/01/09 19:15:33 [error] 4182883#4182883: *739 connect() failed (111: Connection refused) while connecting to upstream, client: 2a01:cb11:9f:3200:f0a8:3390:f990:7fdb, server: pijean.ovh, request: "GET /nodered/admin/ HTTP/2.0", upstream: "http://[::1]:1880/admin/", host: "pijean.ovh"
2023/01/09 19:19:03 [error] 4182883#4182883: *2744 [lua] helpers.lua:380: authenticate(): Connection failed for: titus, client: 2a01:cb11:9f:3200:f0a8:3390:f990:7fdb, server: pijean.ovh, request: "GET /nextcloud/status.php HTTP/1.1", host: "pijean.ovh"
2023/01/09 19:19:44 [error] 4182883#4182883: *2777 [lua] helpers.lua:380: authenticate(): Connection failed for: titus, client: 2a01:cb11:9f:3200:f0a8:3390:f990:7fdb, server: pijean.ovh, request: "GET /nextcloud/status.php HTTP/1.1", host: "pijean.ovh"
2023/01/09 19:20:59 [error] 4182883#4182883: *2777 [lua] helpers.lua:380: authenticate(): Connection failed for: titus, client: 2a01:cb11:9f:3200:f0a8:3390:f990:7fdb, server: pijean.ovh, request: "GET /nextcloud/remote.php/dav/files/titus/partages_nas/SSH/SIRENE%20SSH.pdf HTTP/1.1", host: "pijean.ovh"
2023/01/09 19:24:06 [error] 4182883#4182883: *3017 [lua] helpers.lua:380: authenticate(): Connection failed for: titus, client: 2a01:cb11:9f:3200:f0a8:3390:f990:7fdb, server: pijean.ovh, request: "GET /nextcloud/ocs/v1.php/cloud/user?format=json HTTP/1.1", host: "pijean.ovh"
2023/01/09 19:24:06 [error] 4182883#4182883: *3017 [lua] helpers.lua:380: authenticate(): Connection failed for: titus, client: 2a01:cb11:9f:3200:f0a8:3390:f990:7fdb, server: pijean.ovh, request: "PROPFIND /nextcloud/remote.php/dav/files/titus/ HTTP/1.1", host: "pijean.ovh"
2023/01/09 19:50:17 [error] 3437#3437: *62 [lua] helpers.lua:382: authenticate(): Connection failed for: titus, client: 2a01:cb11:9f:3200:f0a8:3390:f990:7fdb, server: pijean.ovh, request: "GET /nextcloud/ocs/v1.php/cloud/user?format=json HTTP/1.1", host: "pijean.ovh"
2023/01/09 19:50:17 [error] 3437#3437: *62 [lua] helpers.lua:382: authenticate(): Connection failed for: titus, client: 2a01:cb11:9f:3200:f0a8:3390:f990:7fdb, server: pijean.ovh, request: "GET /nextcloud/remote.php/dav/avatars/titus/32.png HTTP/1.1", host: "pijean.ovh"
2023/01/09 19:50:22 [error] 3437#3437: *65 [lua] helpers.lua:382: authenticate(): Connection failed for: titus, client: 2a01:cb11:9f:3200:f0a8:3390:f990:7fdb, server: pijean.ovh, request: "HEAD /nextcloud/remote.php/dav/files/titus/ HTTP/1.1", host: "pijean.ovh"
2023/01/09 19:50:33 [error] 3437#3437: *65 [lua] helpers.lua:382: authenticate(): Connection failed for: titus, client: 2a01:cb11:9f:3200:f0a8:3390:f990:7fdb, server: pijean.ovh, request: "HEAD /nextcloud/remote.php/dav/files/titus/ HTTP/1.1", host: "pijean.ovh"
2023/01/09 19:50:47 [error] 3437#3437: *4 open() "/var/www/element/config.pijean.ovh.json" failed (2: No such file or directory), client: 2a01:cb11:9f:3200:f0a8:3390:f990:7fdb, server: pijean.ovh, request: "GET /element/config.pijean.ovh.json?cachebuster=1673290211041 HTTP/2.0", host: "pijean.ovh"
2023/01/09 19:50:53 [error] 3437#3437: *104 connect() failed (111: Connection refused) while connecting to upstream, client: 2a01:cb11:9f:3200:f0a8:3390:f990:7fdb, server: pijean.ovh, request: "GET /nodered/admin/comms HTTP/1.1", upstream: "http://[::1]:1880/admin/comms", host: "pijean.ovh"
2023/01/09 19:50:55 [error] 3437#3437: *4 open() "/var/www/element/config.pijean.ovh.json" failed (2: No such file or directory), client: 2a01:cb11:9f:3200:f0a8:3390:f990:7fdb, server: pijean.ovh, request: "GET /element/config.pijean.ovh.json?cachebuster=1673290218943 HTTP/2.0", host: "pijean.ovh"
2023/01/09 19:51:26 [error] 3437#3437: *134 connect() failed (111: Connection refused) while connecting to upstream, client: 2a01:cb11:9f:3200:f0a8:3390:f990:7fdb, server: pijean.ovh, request: "GET /nodered/admin/vendor/font-awesome/css/font-awesome.min.css?v=3.0.2 HTTP/2.0", upstream: "http://[::1]:1880/admin/vendor/font-awesome/css/font-awesome.min.css?v=3.0.2", host: "pijean.ovh", referrer: "https://pijean.ovh/nodered/admin/"
2023/01/09 19:51:30 [error] 3437#3437: *134 open() "/var/www/element/config.pijean.ovh.json" failed (2: No such file or directory), client: 2a01:cb11:9f:3200:f0a8:3390:f990:7fdb, server: pijean.ovh, request: "GET /element/config.pijean.ovh.json?cachebuster=1673290254095 HTTP/2.0", host: "pijean.ovh"
2023/01/09 19:52:42 [error] 3437#3437: *242 [lua] helpers.lua:382: authenticate(): Connection failed for: titus, client: 2a01:cb11:9f:3200:f0a8:3390:f990:7fdb, server: pijean.ovh, request: "HEAD /nextcloud/remote.php/dav/files/titus/ HTTP/1.1", host: "pijean.ovh"
2023/01/09 19:52:43 [error] 3437#3437: *242 [lua] helpers.lua:382: authenticate(): Connection failed for: titus, client: 2a01:cb11:9f:3200:f0a8:3390:f990:7fdb, server: pijean.ovh, request: "HEAD /nextcloud/remote.php/dav/files/titus/ HTTP/1.1", host: "pijean.ovh"
2023/01/09 19:53:09 [error] 3437#3437: *134 open() "/var/www/element/config.pijean.ovh.json" failed (2: No such file or directory), client: 2a01:cb11:9f:3200:f0a8:3390:f990:7fdb, server: pijean.ovh, request: "GET /element/config.pijean.ovh.json?cachebuster=1673290352647 HTTP/2.0", host: "pijean.ovh"
2023/01/09 19:54:02 [error] 4736#4736: *295 open() "/var/www/element/config.pijean.ovh.json" failed (2: No such file or directory), client: 2a01:cb11:9f:3200:f0a8:3390:f990:7fdb, server: pijean.ovh, request: "GET /element/config.pijean.ovh.json?cachebuster=1673290405585 HTTP/2.0", host: "pijean.ovh"
```
[18:59:18] <ljf[m]> helpers.lua:380: authenticate(): Connection failed for: ljf, client: 192.168.0.26, server:
[18:59:39] <Aleks (he/him/il/lui)> 🤔
[19:00:01] <Aleks (he/him/il/lui)> zgrmbl
[19:00:20] <Yunohost Git/Infra notifications> [YunoHost documentation] [🔴 Down] Request failed with status code 500
[19:00:21] <Yunohost Git/Infra notifications> 🏗️ Starting build for ssowat/11.1.2.2+202301091900 for bullseye/unstable/all ...
[19:01:20] <Yunohost Git/Infra notifications> [YunoHost documentation] [✅ Up] 200 - OK
[19:01:36] <Yunohost Git/Infra notifications> ✔️ Completed build for ssowat/11.1.2.2+202301091900 for bullseye/unstable/all.
[19:04:08] <tituspijean[m]> !gogogadgetotesting 🙃
[19:12:09] <Aleks (he/him/il/lui)> tituspijean: anything in `/var/log/nginx/dendrite.pijean.ovh-error.log` related to the 500 error ?
[19:12:32] <Aleks (he/him/il/lui)> (I probably forgot a `~= nil` in the code ..)
[19:12:54] <tituspijean[m]> nothing
[19:13:32] <Aleks (he/him/il/lui)> @_@
[19:13:32] <Aleks (he/him/il/lui)> hmmm
[19:13:49] <Aleks (he/him/il/lui)> any other file with recent error stuff ? @_@ `ls -thor /var/log/nginx | grep error | tail -n 5` ?
[19:14:34] <tituspijean[m]> ```
-rw-r----- 1 www-data 809 Jan 9 17:59 xmpp-upload.pijean.ovh-error.log
-rw-r----- 1 www-data 4.3K Jan 9 18:24 doc.pijean.ovh-error.log
-rw-r----- 1 www-data 34K Jan 9 19:54 error.log
-rw-r----- 1 www-data 11K Jan 9 20:13 pijean.ovh-error.log
-rw-r----- 1 www-data 274K Jan 9 20:14 dendrite.pijean.ovh-error.log
```
[19:14:55] <tituspijean[m]> (I had grep'd 500 sorry ^^)
[19:15:12] <tituspijean[m]> `2023/01/09 20:15:03 [error] 4736#4736: *291 lua entry thread aborted: runtime error: /usr/share/ssowat/helpers.lua:426: bad argument #1 to 'find' (string expected, got nil)`
[19:15:27] <tituspijean[m]> (that's in dendrite.pijean...)
[19:15:52] <tituspijean[m]> Aleks (he/him/il/lui): ^
[19:19:46] <Aleks (he/him/il/lui)> Brb
[19:39:24] <ljf[m]> sorry Aleks i don't succeed to get more debug info.
[19:39:56] <ljf[m]> It's "logging": "debug" in ssowat persistent file or i miss something ?
[19:43:40] <Aleks (he/him/il/lui)> yup
[19:43:51] <Aleks (he/him/il/lui)> and the /var/log/nginx/ssowat.log
[19:52:02] <Yunohost Git/Infra notifications> [SSOwat] @alexAubin created new tag debian/11.1.2.3
[19:52:02] <Yunohost Git/Infra notifications> [SSOwat] @alexAubin pushed 2 commits to dev: https://github.com/YunoHost/SSOwat/compare/d85dc4f999fe...6cb732768870
[19:52:06] <Yunohost Git/Infra notifications> [SSOwat/dev] Stupid typo - Alexandre Aubin
[19:52:11] <Yunohost Git/Infra notifications> [SSOwat/dev] Update changelog for 11.1.2.3 - Alexandre Aubin
[19:52:12] <Aleks (he/him/il/lui)> tituspijean: maybe this fix the synapse issue
[19:54:42] <Yunohost Git/Infra notifications> 🏗️ Starting build for ssowat/11.1.2.3 for bullseye/testing/all ...
[19:56:00] <Yunohost Git/Infra notifications> ✔️ Completed build for ssowat/11.1.2.3 for bullseye/testing/all.
[19:56:39] <Aleks (he/him/il/lui)> and then for Nextcloud I think we could rely on the fact that the route has auth_header=false enabled
[19:58:15] <Aleks (he/him/il/lui)> yes that's base64
[19:58:35] <ljf[m]> i have

```
Basic XXXXX==
Authentication failure for user ljf from 192.168.X.Y
```
[19:58:38] <Aleks (he/him/il/lui)> and for nextcloud it's e.g. `johndoe:some_super_long_token`
[19:58:50] <Aleks (he/him/il/lui)> (in base64)
[19:58:55] <ljf[m]> i have that for nextcloud desktop auth
[19:59:04] <tituspijean> I'm back b*tches \\o/
[19:59:12] <Aleks (he/him/il/lui)> hell yeah
[19:59:21] <tituspijean> but Nextcloud is still failing
[20:00:02] *ljf[m] following chatons meeting in the same time that debugging this ssowat nightmare
[20:00:09] *tituspijean tesr
[20:00:46] <Yunohost Git/Infra notifications> 🏗️ Starting build for ssowat/11.1.2.3+202301092000 for bullseye/unstable/all ...
[20:01:27] <Yunohost Git/Infra notifications> ✔️ Completed build for ssowat/11.1.2.3+202301092000 for bullseye/unstable/all.
[20:02:25] <Aleks (he/him/il/lui)> ugh actually there's no `auth_header=false` for nextcloud @_@ (only for the well-known route)
[20:02:39] <Aleks (he/him/il/lui)> :|
[20:03:28] <Aleks (he/him/il/lui)> shall we just hardcode a list of apps :|
[20:03:44] *tituspijean can only be a guinea pig, getting a turbo headache right now
[20:04:23] <tituspijean> > <@Alekswag:matrix.org> shall we just hardcode a list of apps :|

sounds like a bad idea 😛
[20:06:20] <Aleks (he/him/il/lui)> ooooor grep remote_user in the app code 🤔
[20:07:04] <Maranda> > <@titus:pijean.ovh> can only be a guinea pig, getting a turbo headache right now

Sounds like myself yesterday 🌚
[20:10:29] <ljf[m]> ynh_permission_update doesn't allow to set --auth-header=false ...
[20:10:38] <Aleks (he/him/il/lui)> wut
[20:11:18] <Aleks (he/him/il/lui)> #appv2willfixthis
[20:11:41] <ljf[m]> i will try to do this with yunohost tools shell -c
[20:11:46] <Aleks (he/him/il/lui)> anyway the thing with auth-header is not the right approach, the main route of nextcloud is not expected to have this flag otherwise this would break the single sign on (even though once logged nextcloud has its own cookies)
[20:12:23] <Aleks (he/him/il/lui)> imho we can really create a list of apps to fix locally (in app_ssowatconf) by grepping `remote_user` in the app package
[20:14:18] <tituspijean> as in, it detects if the app relies on this header? what about apps running from a binary?
[20:14:42] <tituspijean> (I really don't know if we have such an app though)
[20:15:59] <Aleks (he/him/il/lui)> app's binaries are not supposed to make assumptions about which header to use
[20:16:15] <Aleks (he/him/il/lui)> this is really expected to be handled by some sort of configuration
[20:16:20] <Aleks (he/him/il/lui)> (typically the webserver)
[20:16:27] <tituspijean> fair point 🙂
[20:19:37] <ljf[m]> sso is not often working on nextcloud...
[20:19:57] <Aleks (he/him/il/lui)> maybe but that's a bug and not a feature
[20:20:06] <ljf[m]> but you are right use a list of apps could be a quick fix
[22:48:47] <Aleks (he/him/il/lui)> tituspijean: if you're still up i have an upcoming implementation for the fix i was discussing
[23:00:41] <Yunohost Git/Infra notifications> [yunohost] @alexAubin pushed 2 commits to dev: https://github.com/YunoHost/yunohost/compare/b9be18c781c3...37b424e96806
[23:00:41] <Yunohost Git/Infra notifications> [yunohost] @alexAubin created new tag debian/11.1.2.1
[23:00:49] <Yunohost Git/Infra notifications> [yunohost/dev] ssowat: add use_remote_user_var_in_nginx_conf flag on permission - Alexandre Aubin
[23:00:50] <Yunohost Git/Infra notifications> [yunohost/dev] Update changelog for 11.1.2.1 - Alexandre Aubin
[23:04:18] <Yunohost Git/Infra notifications> [SSOwat] @alexAubin created new tag debian/11.1.2.4
[23:04:19] <Yunohost Git/Infra notifications> [SSOwat] @alexAubin pushed 2 commits to dev: https://github.com/YunoHost/SSOwat/compare/6cb732768870...46b58d369548
[23:04:20] <Yunohost Git/Infra notifications> [SSOwat/dev] 1.1.2... - Alexandre Aubin
[23:04:24] <Yunohost Git/Infra notifications> [SSOwat/dev] Update changelog for 11.1.2.4 - Alexandre Aubin
[23:04:41] <Yunohost Git/Infra notifications> 🏗️ Starting build for ssowat/11.1.2.4 for bullseye/testing/all ...
[23:05:36] <Yunohost Git/Infra notifications> ✔️ Completed build for ssowat/11.1.2.4 for bullseye/testing/all.
[23:06:26] <Yunohost Git/Infra notifications> 🏗️ Starting build for yunohost/11.1.2.1 for bullseye/testing/all ...
[23:07:49] <Yunohost Git/Infra notifications> ✔️ Completed build for yunohost/11.1.2.1 for bullseye/testing/all.
[23:15:21] <Yunohost Git/Infra notifications> 🏗️ Starting build for ssowat/11.1.2.4+202301092315 for bullseye/unstable/all ...
[23:16:24] <Yunohost Git/Infra notifications> ✔️ Completed build for ssowat/11.1.2.4+202301092315 for bullseye/unstable/all.
[23:16:31] <Yunohost Git/Infra notifications> 🏗️ Starting build for yunohost/11.1.2.1+202301092315 for bullseye/unstable/all ...
[23:17:45] <Yunohost Git/Infra notifications> ✔️ Completed build for yunohost/11.1.2.1+202301092315 for bullseye/unstable/all.
[23:18:39] <Yunohost Git/Infra notifications> [yunohost] @alexAubin pushed 1 commit to dev: Fix boring issues in tools_upgrade https://github.com/YunoHost/yunohost/commit/b37d4baf64ad043b4e7c53fb20d3fb9e3b5ecbb8
[23:18:55] <Yunohost Git/Infra notifications> [yunohost] Pipeline canceled on GitLab https://gitlab.com/yunohost/yunohost/-/pipelines/742432795 on commit https://github.com/YunoHost/yunohost/commit/37b424e9680668564c8393c4d56352fbe4747599 "Update changelog for 11.1.2.1" by @Alexandre Aubin on branches dev
[23:30:21] <Yunohost Git/Infra notifications> 🏗️ Starting build for yunohost/11.1.2.1+202301092330 for bullseye/unstable/all ...
[23:32:16] <Yunohost Git/Infra notifications> ✔️ Completed build for yunohost/11.1.2.1+202301092330 for bullseye/unstable/all.
[23:49:06] <Yunohost Git/Infra notifications> [yunohost] @alexAubin pushed 3 commits to dev: https://github.com/YunoHost/yunohost/compare/b37d4baf64ad...25c10166cfc0
[23:49:07] <Yunohost Git/Infra notifications> [yunohost/dev] configpanel: key type may not exist? - Alexandre Aubin
[23:49:22] <Yunohost Git/Infra notifications> [yunohost/dev] h the new app info view ...... - Alexandre Aubin
[23:49:22] <Yunohost Git/Infra notifications> [yunohost/dev] apps: fix trick to find the default branch from git repo @_@ - Alexandre Aubin
[23:51:58] <Yunohost Git/Infra notifications> [yunohost] Pipeline canceled on GitLab https://gitlab.com/yunohost/yunohost/-/pipelines/742442802 on commit https://github.com/YunoHost/yunohost/commit/b37d4baf64ad043b4e7c53fb20d3fb9e3b5ecbb8 "Fix boring issues in tools_upgrade" by @Alexandre Aubin on branches dev