Chatroom logs for support@conference.yunohost.org (Monday, October 24, 2022)

October
Mon	Tue	Wed	Thu	Fri	Sat	Sun
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30
31

[08:31:57] <thatoo[m]> Au fait, quel est le bon salon? celui-ci ou bien #yunohost:matrix.org indiqué sur cette page du site https://yunohost.org/fr/help?q=%2Fhelp ?
[08:34:46] <DarKou> les 2 ? l'un étant sur matrix, l'autre sur irc o_O
[08:37:20] <thatoo> En effet, je vois que ce sont les mêmes mais j'étais déjà sur Matrix mais sur #yunohost:libera.chat que je vais donc quitter au profit de cette adresse de salon. Je ne sais pas ce que ça change mais c'est plus cohérent.
[09:08:20] <thatoo> rebonjour, je n'ai pas compris ce qui s'est passé, mais j'ai l'impression d'être de retour.
[09:16:14] <c> rebienvenue
[09:17:51] <Thatoo> Du coup, je vais pouvoir reprendre la conversation. Pour info, je découvre qu'il me manquait des réponse quand j'étais sur #yunohost:libera.chat , je n'avais pas les réponses d'Aleks que je découvre maintenant.
[09:22:30] <Thatoo> > <@Alekswag:matrix.org> thatoo[m]: pour les paquets php ça semble moyen ouf, c'est peut-être legit, mais ça pourrait aussi être parce qu'une dépendance virtuelle d'une app (appname-ynh-apps) a été enlevé et du coup apt ne sait plus qu'il faut garder ces dependances installées

legit, ça veut dire quoi?
On va éviter l'autoremove pour l'instant si je comprends bien.
Du coup, si je veux supprimer des kernels, c'est comment déjà.
Il faut que je garde 5.10.0-16-amd64 puisque c'est celui qui tourne en ce moment et 5.10.0-19-amd64 qui est le plus récent c'est ça?
Je devrais redémarrer peut-être pour passer à 5.10.0-19-amd64 après coup, non? Dis donc, j'ai encore un kernel en 4.qqchose on dirait. Ca sert à rien de particulier de garder une version antérieur comme ça, non?
[14:42:19] <Guillaume Bouzige> legit = legitime
[15:04:52] <ponytails> Hi,

My server is running out of storage. I tried deleting the temp files (to make more space for the update), and I followed this article:
https://unix.stackexchange.com/questions/74271/how-to-delete-temp-and-log-files-with-terminal-on-vps

Now, I am unable to access the server from the web. However, I am able to ssh into the server.

Send help!
[15:08:01] <c> systemctl restart yunohost-api ?
[15:08:40] <c> i see message like this every day maybe yunohost need cron job every minute to check API up/down and restart?
[15:10:03] <Aleks (he/him/il/lui)> or maybe people could explain what they actually mean by "i'm unable to access the server from the web"
[15:10:27] <ponytails> > <c> systemctl restart yunohost-api ?

So I should ssh into my server and run this command as sudo?
[15:10:39] <Aleks (he/him/il/lui)> the yunohost-api is not supposed to magically stop for no reason. if it stops then we should identify why and fix the source of the issue instead of trying to brute-force it
[15:10:50] <c> ponytails, you can try :)
[15:10:55] <ponytails> > <@Alekswag:matrix.org> or maybe people could explain what they actually mean by "i'm unable to access the server from the web"

I can not access the admin page. The page which I see when I search the IP address of my server.
[15:11:19] <c> ponytails, or maybe your IP blocked by fail2ban, you can check with "fail2ban-client banned" command
[15:11:59] <Aleks (he/him/il/lui)> why cant you ? what does happen ? There's a million different reasons you could be "not able to" ... is your computer on ? is internet on ? do you see a certificate error ? do you see another error message ? are you trying to acces it using the global ip ? the local ip ? the domain name ?
[15:12:54] <c> Aleks (he/him/il/lui), not supposed but it happens apparently many times... maybe hypothetic cron job can also upload API logs to bug tracker so we can "identify why and fix"?
[15:13:19] <Aleks (he/him/il/lui)> or maybe it has nothing to do with yunohost-api considering we dont know why that person cant access it
[15:13:24] <c> (happened with me some times already)
[15:13:25] <Aleks (he/him/il/lui)> it could be a DNS issue for all we know
[15:13:55] <c> possible but not probable because SSH works they said
[15:14:00] <Aleks (he/him/il/lui)> if it happened many times to you then you could also dig the log ...
[15:14:27] <Aleks (he/him/il/lui)> well it could also be nginx being down
[15:14:29] <c> i will next time :)
[15:14:36] <Aleks (he/him/il/lui)> there's no point trying to speculate on the issue without more details
[15:14:46] <c> (and in my case it was *never* nginx being down)
[15:15:20] <c> (thats good because yunohost didnt break nginx config :D)
[15:30:06] <retiolus> Hi, having issues joining the room
[15:47:03] <ponytails> > <@Alekswag:matrix.org> why cant you ? what does happen ? There's a million different reasons you could be "not able to" ... is your computer on ? is internet on ? do you see a certificate error ? do you see another error message ? are you trying to acces it using the global ip ? the local ip ? the domain name ?

First, I followed the article which I shared earlier to remove temp files.

The ssh commands I used are :
cd /
rm -rfv tmp
mkdir tmp
cd var
rm -rfv log
mkdir log
rm -rfv tmp
mkdir tmp

Second, my computer is on, it is not a certificate error. I see "Unable to connects" error.

"An error occurred during a connection to IP ADDRESS"

[15:47:52] <ponytails> > <c> ponytails, you can try :)

"Failed to restart yunohost-api.service: Access denied"
"See system logs and 'systemctl status yunohost-api.service' for details."
[15:48:08] <c> ponytails, you need root! su or sudo :)
[15:48:49] <c> but before you can check if thats problem with systemctl status yunohost-api (or nginx) see if the program is alive
[15:48:50] <ponytails> yunohost-api.service is active (running)
[15:50:04] <Aleks (he/him/il/lui)> ponytails: then let's check `sudo yunohost diagnosis run` and `sudo yunohost diagnosis show --share --human-readable`
[15:53:00] <ponytails> > <@Alekswag:matrix.org> ponytails: then let's check `sudo yunohost diagnosis run` and `sudo yunohost diagnosis show --share --human-readable`

https://paste.yunohost.org/raw/zozaciyico
[15:53:29] <c> > [ERROR] Port 443 is not reachable from the outside.
[15:53:53] <c> open port on your router? :)
[15:54:30] <ponytails> I'm using Hetzner VPS
[15:54:35] <c> > [ERROR] Service fail2ban is failed :(
> [ERROR] Service nginx is failed :(
[15:55:11] <Aleks (he/him/il/lui)> Let's check `sudo nginx -t` ...
[15:56:13] <ponytails> > <@Alekswag:matrix.org> Let's check `sudo nginx -t` ...

nginx: [alert] could not open error log file: open() "/var/log/nginx/error.log" failed (2: No such file or directory)
2022/10/24 17:55:43 [info] 4296#4296: Using 131072KiB of shared memory for nchan in /etc/nginx/nginx.conf:61
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
2022/10/24 17:55:43 [emerg] 4296#4296: open() "/var/log/nginx/access.log" failed (2: No such file or directory)
nginx: configuration file /etc/nginx/nginx.conf test failed

[15:56:50] <Aleks (he/him/il/lui)> sounds like maybe you savagely deleted the `/var/log/nginx/` folder ...
[15:56:53] <c> maybe you removed /var/log/nginx dir ?
[15:57:47] <c> (sorry for blame yunohost-api :D)
[15:58:48] <ponytails> > <@Alekswag:matrix.org> sounds like maybe you savagely deleted the `/var/log/nginx/` folder ...

cd var
rm -rfv log

You are right :(
[16:00:00] <Aleks (he/him/il/lui)> really, you deleted the entire `/var/log` ? ogod ...
[16:00:03] <ponytails> backups cache lib local lock log mail opt run spool tmp www xmpp-upload

I have only these folders in /var
[16:00:19] <Aleks (he/him/il/lui)> 😐️
[16:00:20] <ponytails> cd log
[16:00:44] <pti-jean> Comment s'utilise la commande yunopaste ?
[16:01:02] <Aleks (he/him/il/lui)> elle est à moitié pétée donc elle ne s'utilise pas
[16:01:21] <pti-jean> ok
[16:01:21] <ponytails> > <@Alekswag:matrix.org> really, you deleted the entire `/var/log` ? ogod ...

no nginx folder in /var/log
[16:01:38] <ponytails> > <@ponytails:matrix.org> no nginx folder in /var/log

sholud I just create one?
[16:01:39] <Aleks (he/him/il/lui)> yes of course no nginx folder in /var/log if you deleted the entire log folder ...
[16:02:22] <Aleks (he/him/il/lui)> not "just", it's not just about creating the folder, there's a whole bunch of files and sub-folders that are supposed to exist, each of these with a delicate set of permission/ownership
[16:02:50] <Aleks (he/him/il/lui)> and if the permissions/ownerships are not right, this is going to fuck stuff up
[16:03:04] <ponytails> These folders exists in /var/log

alternatives.log btmp daemon.log kern.log mail.log php7.4-fpm.log private user.log
apt cloud-init.log debug lastlog mail.warn php8.0-fpm.log syslog wtmp
auth.log cloud-init-output.log dpkg.log mail.info messages postgresql unattended-upgrades yunohost

[16:03:45] <Aleks (he/him/il/lui)> then when exactly did you run `rm -rfv log` and what happened since then ..
[16:04:55] <ponytails> I ran these commands, in exactly this order.
[16:04:56] <ponytails> cd /
rm -rfv tmp
mkdir tmp
cd var
rm -rfv log
mkdir log
rm -rfv tmp
mkdir tmp
[16:09:53] <Aleks (he/him/il/lui)> and when was that
[16:10:04] <ponytails> Update: I created the nginx folder, turned off the server, turned it on. Now everything works.
[16:10:11] <Aleks (he/him/il/lui)> ogod you deleted tmp and recreated manually
[16:10:22] <ponytails> > <@Alekswag:matrix.org> and when was that

an hour ago.
[16:10:33] <Aleks (he/him/il/lui)> i don't think you realize that the tmp folder has some special permissions set to it and you cant just "mkdir" it yourself ...
[16:10:53] <ponytails> > <@Alekswag:matrix.org> ogod you deleted tmp and recreated manually

yes
[16:10:56] <Aleks (he/him/il/lui)> same goes for /var/log ...
[16:12:15] <Aleks (he/him/il/lui)> it may work for some folder, but some specific program may expect specific permissions to be able to write to their own log file, *and/or* you are implicitly lowering the security of the system by implicitly allowing any user to have read access to files they are not supposed to be able to read
[16:13:22] <ponytails> ah :(
[16:16:19] <ponytails> I was trying to make space on my system. I do not understand why I have only 2 Gb approx left? Compared to a fresh install of YUNO Host, which has around 12 Gb

I have installed Ghost, Cryptpad, and Nextcloud. Are they taking that much space or it is something else?
[16:24:31] <Aleks (he/him/il/lui)> dunno, but certainly yolo-rming a bunch of critical system folders is not the right way to go
[16:24:44] <Aleks (he/him/il/lui)> there are tools to analyze what takes space, such as `ncdu`
[16:31:03] <ponytails> > <@Alekswag:matrix.org> dunno, but certainly yolo-rming a bunch of critical system folders is not the right way to go

I will be careful from next time.
[16:32:51] <ponytails> fail2ban is not running 🙈
[16:34:00] <ponytails> Thank you both of you for your help! c Aleks (he/him/il/lui)
[20:46:09] <Mario> > if you say more about your threat model we can give precise info
My fear is that if xmpp grows a lot with many people self-hosting, some ISP starts to block ports 5222 and 5269
[20:47:18] <Mario> Is that too much paranoia?
[20:47:48] <Aleks (he/him/il/lui)> lol
[20:47:51] <Aleks (he/him/il/lui)> "XMPP growing"
[20:47:54] <Aleks (he/him/il/lui)> (sorry ...)
[21:37:27] <tituspijean> ponytails: yes.
```
sudo mkdir /var/log/nginx
sudo chown root:adm /var/log/nginx
```
and restart nginx
[21:59:05] <Guest65> well, to try again... hello, have a previously-installed "pure" debian bullseye in an amd64 machine hd's /boot, swap, and /(root) partitions. How straightforward is it to install Yunohost with its Expert install into its own /(root) on a separate logical partitiion while re-using the pre-existing /boot and swap partitions from the former (and not
[21:59:05] <Guest65> wiping out the original bullseye install in its own / ??
[22:51:50] <Aleks (he/him/il/lui)> Guest65: idk ... why not just run the usual `curl | bash` as explained in the doc ?
[22:52:27] <Aleks (he/him/il/lui)> https://yunohost.org/en/install/hardware:vps_debian#run-the-install-script