Monday, July 17, 2023
support@conference.yunohost.org
July
Mon Tue Wed Thu Fri Sat Sun
          1
 2
3
 4
 5
 6
 7
 8
 9
10
 11
 12
 13
 14
 15
 16
17
 18
 19
 20
 21
 22
 23
24
 25
 26
 27
 28
 29
 30
31
            

[06:26:18] <jrkb> i have issues inviting new users on my yunohost mastodon instance.
somehow i never receive the confirmation email...
now i am wondering if i either have the smtp part in `/var/www/mastodon/live/.env.production` messed up, or i understand something fundamentally wrong.

do new mastodon users also need a yunohost account on my server?
[08:13:56] <lapineige> > i have issues inviting new users on my yunohost mastodon instance.
> somehow i never receive the confirmation email...
> now i am wondering if i either have the smtp part in `/var/www/mastodon/live/.env.production` messed up, or i understand something fundamentally wrong.
>
> do new mastodon users also need a yunohost account on my server?

can your server send emails ?
[08:15:42] <lapineige> How can we configure the reverse DNS of a VPS for several domains ? (not subdomains)
I configured it for domain A, emails works, and for domain B I don't know what to do, and I can't send any email since a while (blacklisted because of wrong reverse DNS ?)
(it's on Hetzner)
[08:34:24] <tituspijean> > How can we configure the reverse DNS of a VPS for several domains ? (not subdomains)
> I configured it for domain A, emails works, and for domain B I don't know what to do, and I can't send any email since a while (blacklisted because of wrong reverse DNS ?)
> (it's on Hetzner)

I'm not 100% sure (rediscovering the matter), but from what I gathered online in 5 min:
- Get your hostname as seen by postfix: `sudo postconf -d | grep myhostname` (I guess it's your main YunoHost domain)
- This hostname should be the one to which the MX records of all domains point to.
- the reverse DNS should be set to that hostname

If experts are around, please correct me 🙂
[08:34:53] <lapineige> Ok, then it's done like this for now
[08:35:07] <lapineige> (except for IPV6, I don't know what IP to configure…)
[08:35:09] <tituspijean> regarding the MX records, it's highly possible that this is not the recommended configuration as displayed by YunoHost
[08:35:36] <tituspijean> > (except for IPV6, I don't know what IP to configure…)

my guess it's the one returned by DNS servers for the hostname
[08:36:22] <tituspijean> there's a difference between hostnames and FQDNs that I still cannot properly define, though
[08:58:48] <jrkb> > can your server send emails ?

yes! I receive all automatic diagnosis mails, and roundcube works perfectly as well
[09:23:58] <jrkb> > yes! I receive all automatic diagnosis mails, and roundcube works perfectly as well

these are my settings in `/var/www/mastodon/live/.env.production`:
```
SMTP_SERVER=localhost
SMTP_PORT=587
SMTP_LOGIN=noreply@my.domain
SMTP_PASSWORD=thepassword
SMTP_FROM_ADDRESS=noreply@my.domain
SMTP_DELIVERY_METHOD=smtp
SMTP_AUTH_METHOD=plain
SMTP_OPENSSL_VERIFY_MODE=none
SMTP_ENABLE_STARTTLS_AUTO=true
```
[09:26:05] <jrkb> this is the relevant `dovecot` service ` /var/log/mail.log`:
```
Jul 17 08:00:16 other postfix/submission/smtpd[317823]: connect from localhost[::1]
Jul 17 08:00:16 other postfix/submission/smtpd[317823]: TLS SNI localhost from localhost[::1] not matched, using default chain
Jul 17 08:00:17 other postfix/submission/smtpd[317823]: Anonymous TLS connection established from localhost[::1]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (3072 bits) server-digest SHA256
Jul 17 08:00:19 other postfix/submission/smtpd[317823]: warning: localhost[::1]: SASL PLAIN authentication failed:
Jul 17 08:00:19 other postfix/submission/smtpd[317823]: lost connection after AUTH from localhost[::1]
Jul 17 08:00:19 other postfix/submission/smtpd[317823]: disconnect from localhost[::1] ehlo=2 starttls=1 auth=0/1 commands=3/4
```
[09:27:47] <jrkb> so, something goes wrong with the plain authentification
[09:31:22] <tituspijean> `SMTP_LOGIN=noreply@my.domain` seems weird. Try `root` and its password, maybe?
[09:32:53] <tituspijean> or is "thepassword" a password generated for mastodon specifically? if so, try `mastodon`
[09:33:17] <tituspijean> (I've just realized putting the root password in there is not great 😅)
[09:33:23] <jrkb> i setup a user specifically for sending emails, as i hesitate to put root login and password in a plain textfile. btw, this is a yunohost user and the yunohost password
[09:33:52] <jrkb> "thepassword" is the yunohost user password
[09:34:40] <tituspijean> then put the dedicated user's username, not email address
[09:35:28] <jrkb> oh, okay! good one, i'll try that. so if my domain is "my.domain", the email address is "noreply@my.domain" i'll just put "noreply"
[09:36:00] <tituspijean> nope:
```
SMTP_LOGIN=theusername
SMTP_PASSWORD=thepassword
SMTP_FROM_ADDRESS=noreply@my.domain
```
[09:39:30] <jrkb> a `sudo systemctl restart mastodon-sidekiq.service && sudo systemctl restart mastodon-web.service` should reload the new settings and immediately work, right?
[09:43:09] <jrkb> hmmm now i have this in `dovecot`:
```
Jul 17 11:40:24 other dovecot: imap-login: Login: user=<jrkb>, method=PLAIN, rip=::1, lip=::1, mpid=343852, secured, session=<975+lqsAAOkAAAAAAAAAAAAAAAAAAAAB>
Jul 17 11:40:24 other dovecot: imap(jrkb)<343852><975+lqsAAOkAAAAAAAAAAAAAAAAAAAAB>: Logged out in=91 out=994 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
Jul 17 11:40:25 other dovecot: imap-login: Login: user=<noreply>, method=PLAIN, rip=::1, lip=::1, mpid=343866, secured, session=<nVWIlqsABOkAAAAAAAAAAAAAAAAAAAAB>
Jul 17 11:40:25 other dovecot: imap(noreply)<343866><nVWIlqsABOkAAAAAAAAAAAAAAAAAAAAB>: Logged out in=90 out=957 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
Jul 17 11:40:29 other postfix/submission/smtpd[343294]: connect from localhost[::1]
Jul 17 11:40:29 other postfix/submission/smtpd[343294]: TLS SNI localhost from localhost[::1] not matched, using default chain
Jul 17 11:40:29 other postfix/submission/smtpd[343294]: Anonymous TLS connection established from localhost[::1]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (3072 bits) server-digest SHA256
Jul 17 11:40:31 other postfix/submission/smtpd[343294]: warning: localhost[::1]: SASL PLAIN authentication failed:
Jul 17 11:40:31 other postfix/submission/smtpd[343294]: lost connection after AUTH from localhost[::1]
Jul 17 11:40:31 other postfix/submission/smtpd[343294]: disconnect from localhost[::1] ehlo=2 starttls=1 auth=0/1 commands=3/4
```
[09:49:21] <orhtej2> alternatively try using `sendmail` with empty credentials, like so:

```
SMTP_LOGIN=
SMTP_PASSWORD=
SMTP_DELIVERY_METHOD=sendmail
```
[09:53:49] <jrkb> alright, tried it. so far no email, but this is the `dovecot` log:
```
Jul 17 11:52:25 other dovecot: imap-login: Login: user=<noreply>, method=PLAIN, rip=::1, lip=::1, mpid=345486, secured, session=<5MRywasA4poAAAAAAAAAAAAAAAAAAAAB>
Jul 17 11:52:25 other dovecot: imap(noreply)<345486><5MRywasA4poAAAAAAAAAAAAAAAAAAAAB>: Logged out in=90 out=957 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
Jul 17 11:52:28 other dovecot: imap-login: Login: user=<jrkb>, method=PLAIN, rip=::1, lip=::1, mpid=345506, secured, session=<ZTqmwasA8JoAAAAAAAAAAAAAAAAAAAAB>
Jul 17 11:52:28 other dovecot: imap(jrkb)<345506><ZTqmwasA8JoAAAAAAAAAAAAAAAAAAAAB>: Logged out in=91 out=994 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
```

does that look better?
[09:56:40] <jrkb> to me, it doesn't really look as if there was something sent though
[09:57:11] <orhtej2> > to me, it doesn't really look as if there was something sent though

can you try sending mail to local e-mail address?
[09:57:29] <orhtej2> i.e. GMail is known to reject self-hosted e-mails 90% of the time
[09:57:57] <jrkb> right, i use mailbox.org, and receive there other mails from yunohost (diagnostics, etc)
[09:58:09] <jrkb> also mails sent from roundcube i can receive there
[09:58:57] <jrkb> i'll try anyways though :)
[10:21:59] <Zay> j'ai conscience qu'il va falloir libérer de l'espace dans home/boot/ mais comment faire sans tout casser ?
[12:05:28] <Zay> Sur le forum, je ne trouve pas de réponse qui règle le problème. quelqu'un a une idée ?
[12:22:54] <@err404:matrix.org> Zay, tu veux dire /boot?
[13:06:20] <Zay> désolé, j'étais au téléphone
[13:07:49] <@err404:matrix.org> pas de sousis, ma question est encore d'actualité 😛
[13:09:10] <Zay> https://paste.yunohost.org/raw/atedisoban
[13:09:43] <Zay> il me semble qu'il manque d'espace
[13:10:46] <Chatpitaine Caverne> Zay: Peut-être des pistes ici : https://www.tecmint.com/remove-old-kernel-in-debian-and-ubuntu/
[13:12:30] <Zay> Je vais essayer mais comment savoir laquelle à ne pas enlever ?
[13:13:24] <Chatpitaine Caverne> Avec un `uname -a` tu sauras quel est le noyau qui tourne.
[13:14:16] <Zay> ok j'essaye...
[13:19:27] <lapineige> > <@titus:pijean.ovh> regarding the MX records, it's highly possible that this is not the recommended configuration as displayed by YunoHost

I checked, reverse DNS seems good for IPV6 now, it was good for IPV4 (in both cases redirecting to default domain, not domain B), but sending emails from domain B (Nextcloud) still seems to fail 🤔
[14:20:48] <Chatpitaine Caverne> compare à ton uname -a qui doit être linux-image-4.19.0-18-amd64 à priori et tu vires les 2 autres.
[14:20:48] <Chatpitaine Caverne> > <@Zay:libera.chat> y'a tout ça

Bonne nouvelle, tu vas pouvoir faire de la place
[14:20:49] <Chatpitaine Caverne> Perso d'un bras un peu tremblant, je couperai le 16 et le 17 et je verrai si ça suffit à libérer l'espace nécessaire.
[14:22:24] <@err404:matrix.org> tu peux utiliser n'importe quel terminal, et ensuite tu devra passer en root pour pouvoir executer les commandes de gestion des paquets
[14:23:20] <@err404:matrix.org> pour passer en root: sudo /bin/su -
[14:24:02] <tituspijean> (`sudo su` devrait suffire sur YunoHost)
[14:28:13] <radagast> hello, finally I've been able to open adguard, but I try with the username of the user authorized and with the password used in Yunohost, but invalid username or password; error 403
[14:28:14] <radagast> https://xmpp-upload.radagast.noho.st/upload/0vndWfzE6Ev4091/81ed46b2-92e7-4985-bfe0-4301a525616e.png
[14:30:26] <radagast> https://xmpp-upload.radagast.noho.st/upload/LaVzgpnW7LS4223/4be0ee17-de9b-49a3-b042-dd14214ed99b.png
[14:33:31] <radagast> also I tried with the guide https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration#password-reset but
[14:34:01] <radagast> > hello, finally I've been able to open adguard, but I try with the username of the user authorized and with the password used in Yunohost, but invalid username or password; error 403
before I wasn't able to complete the installation
[14:41:39] <@err404:matrix.org> moi j'utilise `aptitude` pour gérer les paquets, je ne sais pas ce que recommande yunohost
[14:41:51] <Chatpitaine Caverne> Zay:
```
sudo apt remove --purge linux-image-4.19.0-16-amd64
sudo apt remove --purge linux-image-4.19.0-17-amd64
sudo update-grub2
redémarrage sudo
```
[14:42:02] <Chatpitaine Caverne> > <@Zay:libera.chat> J'ai mon dos qui su '=(

Sous root, on est toujours pas plus mal à suer qu'à faire le malin.
[14:42:24] <Lamecarlate> Salut Aleks (he/him/il/lui) tu avais répondu à mon appel à l'aide plus haut (pour la custom webapp et l'accès base de données), as-tu vu ma réponse ?
[14:45:01] <radagast> solved: reinstalled
[14:46:25] <fch> > solved: reinstalled
très bien, monsieur radagast
[15:00:23] <Lamecarlate> > <@Alekswag:matrix.org> jeséplu 😬

😄 Je disais :

Il n'y a pas cette ligne dans le fichier ☹️ (c'est une vieille custom webapp)

À noter que dans une custom webapp fraîchement installée, j'ai bien cette ligne, mais la valeur est complètement différente de celle dans la table "user" de la base "mysql"… (dans la base ça semble être de l'hexadécimal).
[15:03:11] <Aleks (he/him/il/lui)> c'est sans doute parce que le password est hashé dans la table et en clair dans le fichier de setting
[15:03:23] <Aleks (he/him/il/lui)> mais bon du coup je checkerais si y'a pas un setting similaire avec un autre nom
[16:47:06] <radagast> https://paste.yunohost.org/raw/gopavibabo pihole failed
[17:46:39] <Daniel Rodríguez Rivero> Hello. Sorry for the dumb question, but can someone explain me the advantage of hosting apps that are already available for free like draws.io?
[17:46:56] <Daniel Rodríguez Rivero> or static site generators?
[17:56:41] <Aleks (he/him/il/lui)> dunno about static site generators, you'd have to be more specific which one ... I can see one advantage which would be working as a team, you have a common interface to maybe edit the "static" site (assuming that's relevant for that generator)
[17:57:57] <Aleks (he/him/il/lui)> and hosting stuff like draws.io which may be available publicly is ... well 1. you don't send your data/metadata to the app ; 2. you don't rely on a third party which may be down ; 3. some features may be pay-only ; 4. centralizing everything on publicly available app is part of the internet centralization issue, even if the app doesn't have a surveillance capitalism business
[17:58:43] <Aleks (he/him/il/lui)> 5. maybe draws.io is hosted on the US and you want to use GDRP-compliant services
[18:01:21] <Daniel Rodríguez Rivero> eleventlly is the one I was thinking
[18:02:32] <Daniel Rodríguez Rivero> There are also a lot of services that look like static html pages, which could be just hosted on github pages. Or maybe they require a backend and they make me think they are simple SPAs. Basiccally all that are "p2p/formatters/url shorters" stuff
[18:03:18] <Aleks (he/him/il/lui)> ¯\_(ツ)_/¯
[18:04:11] <Aleks (he/him/il/lui)> same stuff than before, you could ask why rely on a third party for hosting your private~ish tool if it's "so simple" that it doesn't cost much resource to host it yourself
[18:04:38] <Aleks (he/him/il/lui)> like the third party could stop providing the service anytime
[18:05:13] <Aleks (he/him/il/lui)> and why share data/metadata with that unknown 3rd party
[18:05:35] <Aleks (he/him/il/lui)> doesn't mean that you should host everything yourself though ofc
[18:09:30] <Daniel Rodríguez Rivero> I see. So it is a loot about philosophy
[18:11:32] <Aleks (he/him/il/lui)> or, like, security
[18:11:35] <Aleks (he/him/il/lui)> a touchy company may very much care about who it sends its data/metadata to ...
[18:11:35] <Aleks (he/him/il/lui)> economical espionnage is a real thing
[18:12:06] <Aleks (he/him/il/lui)> and so is GDPR-compliance
[18:12:44] <Aleks (he/him/il/lui)> i mean, otherwise YunoHost is purely a "philosophical" project ... why care about self-hosting when you can just use all the GAFAM services for free anyway
[18:40:02] <Daniel Rodríguez Rivero> because not all of them are free, many are designed to be hosted
[18:40:25] <Daniel Rodríguez Rivero> But I was curious about things that looked like a simple html file
[23:50:46] <user79> salut, une https://paste.yunohost.org/raw/quxiluzexoMAJ de nextcloud s'est mal passé : voilà le yunopast :
[23:50:56] <user79> * https://paste.yunohost.org/raw/quxiluzexo
[23:51:15] <user79> une MAJ s'est mal passée
[23:53:14] <Aleks (he/him/il/lui)> mokay le log s'arrête brutalement sur un chown récursif ... qu'est-ce qui s'est mal passé exactement ? La machine a crash ? T'as attendu milles ans et reboot ? Autre chose ?
[23:53:51] <Aleks (he/him/il/lui)> le vrai message d'erreur qui a fait planté la maj est : `App "Mail" cannot be installed because it is not compatible with this version of the server.`
[23:54:14] <user79> alors je t'explique : J'ai lancée une MAJ pour plusieurs application et puis il y a eu un freeze
[23:54:24] <user79> donc j'ai du fermé
[23:54:46] <user79> j'ai rebooter
[23:56:35] <user79> Ah oui je viens de passer faire une migration en 11.x
[23:56:53] <user79> juste avant
[23:58:59] <user79> dois-je restaurer une ancienne version ?