[14:27:44]
<Aleks (he/him/il/lui)> pretty sure Yunohost will purge all iptable rules when firewall is reloaded, the proper way is to add a regen conf post firewall reload rule thingy
[14:27:44]
<ctarx> Let me rephrase my question. I currently have Yunohost in a DMZ, and I want to use AdGuard Home as both a DHCP server and DNS server. My router doesn't allow changing DNS settings (only WAN DNS), which is why I want to utilize a DHCP server. I have a similar setup with a Raspberry Pi running Pi-hole, but it's not in the DMZ. I'm unsure if it's a good idea to open ports 67 and 68, which is why I was considering doing it only for the local network. What would be the best approach in this situation?
[14:27:44]
<Aleks (he/him/il/lui)> https://yunohost.org/en/packaging_apps_hooks#post-iptable-rules
[14:27:44]
<orhtej2> Wait what happened to nalla22?
[14:27:45]
<orhtej2> @[Mjolnir Archon] is a bot, right?
[14:27:45]
<orhtej2> > <@titus:pijean.ovh> orhtej2: the bot transcribed the reason for the ban. Carry on. :)
ah. FluffyChat is limited when displaying system events
[14:27:45]
<tituspijean> orhtej2: the bot transcribed the reason for the ban. Carry on. :)
[14:28:19]
<Chatpitaine Caverne> https://aria.im/_matrix/media/v1/download/cirkau.art/ZxIlqFuzhBbrmCYgIVhdJVen
[14:28:20]
<tituspijean> That's not what I meant, I meant that you were looking for 8001 but it should be 8000 by default. Though I am not sure (with a quick glance at Bookwyrm's doc) that you need to open it. That's the job of the reverse proxy to serve it.
[14:28:20]
<Chatpitaine Caverne> Les affaires reprennent :
[14:28:20]
<tituspijean> fabulousfabs: default port for Bookwyrm is 8000. It might be 8001 or 8002, etc. if the port is already in use upon installation though.
[14:28:20]
<Chatpitaine Caverne> https://aria.im/_matrix/media/v1/download/cirkau.art/ASxfUrhQUxkVcFwJThawCFPt
[14:28:21]
<tituspijean> fabulousfabs: check that https://bookwyrm.social/nodeinfo/2.0 outputs more or less the same as your <yourdomain.tld>/nodeinfo/2.0 ?
[14:28:21]
<orhtej2> > <@chatpitaine:cirkau.art> A big, big, big thank you for the Mobilizon job :
I guess it's thanks to you! :)
[14:28:22]
<orhtej2> indeed broke on my end as well
[14:28:22]
<tituspijean> same thing for https://bookwyrm.social/.well-known/nodeinfo
[14:28:22]
<Chatpitaine Caverne> > I guess it's thanks to you! :)
Let's say thanks to the community and the collective strength of cooperation. And #KillCapitalism 😸
[14:28:22]
<orhtej2> > <@chrichri:librem.one> In yunohost web interface:
> Installed snappymail app as main.domain/smail, worked.
> Changed "Memory footprint" from "Low" to "Medium".
> Stoped working: Every request gets redirected to main.domain/yunohost/sso/?r=[string].
> snappymail app deinstalled and reinstalled: works again.
> Changing the "Memory footprint" leads to the same problem.
strange, memory footprint should work as expected as this is v2 packaged app
[14:28:23]
<orhtej2> should work until you regen the file for some reason, be it setting change or update
[14:28:23]
<orhtej2> > <@chrichri:librem.one> ```
> root@main.domain:~#chmod +w /etc/php/8.2/fpm/pool.d/snappymail.conf
> root@main.domain:~#vi /etc/php/8.2/fpm/pool.d/snappymail.conf
> root@main.domain:~#chmod -w /etc/php/8.2/fpm/pool.d/snappymail.conf
> root@main.domain:~#systemctl restart php8.2-fpm.service
> ```
> And this will keep working unless I tamper with the settings again? Will the next snappymail app update fix the issue (do I have to open one on github)? orhtej2
I would recommend opening one, yes
[14:28:23]
<orhtej2> ChriChri: ^
[14:28:23]
<orhtej2> > <@chrichri:librem.one> **Thanks for the help!**
always welcome, thanks for reporting
[14:28:23]
<orhtej2> ok, workaround is to `sudo nano -w /etc/php/8.2/fpm/pool.d/snappymail.conf`, find the line that says `listen = /var/run/php/php7.4-fpm-snappymail.sock` and change it to `listen = /var/run/php/php8.2-fpm-snappymail.sock` (change PHP version from 7.4 to 8.2)
[14:28:23]
<orhtej2> > <@chrichri:librem.one> I'll try, hold on, breaking my snappymail...
it's already broken :P
[14:28:24]
<orhtej2> also WTF
[14:28:24]
<orhtej2> > <@chrichri:librem.one> Nice - just found https://github.com/YunoHost-Apps/rspamdui_ynh :).
thought that's what you're using
[14:28:24]
<orhtej2> > <@chrichri:librem.one> https://paste.yunohost.org/lupomepove.pas is probably the important part of rspamd.log...
hello `sigsegv` my old friend :/
[14:28:24]
<orhtej2> if you're opening one here's the logfile to attach: https://paste.yunohost.org/raw/mulutujola
[14:28:25]
<hercut> > <@titus:pijean.ovh> Si tu as une sauvegarde de ton ancienne installation, tu peux la restaurer. Elle contient la clé d'enregistrement du domaine.
> Sinon, il y a un sujet sur le forum pour les demandes de suppression. ;)
ok
[14:28:25]
<orhtej2> this thing does not even ship any code, merely exposes webui shipped with rspamd?
[14:28:25]
<hercut> Coucou les gens, y a t'il un admin de dispo ? J'ai refait une installation et donc ca me dit que mon domaine en ynh.fr n'est pas dispo :(
[14:28:25]
<tituspijean> Si tu as une sauvegarde de ton ancienne installation, tu peux la restaurer. Elle contient la clé d'enregistrement du domaine.
Sinon, il y a un sujet sur le forum pour les demandes de suppression. ;)
[14:28:26]
<hercut> merci tituspijean
[14:28:26]
<lapineige> On a server I can send email but not receive them.
What can I check (logs, …) to troubleshoot it ?
Diagnosis is all green ✅ (first time ever ^^)
Thanks 🙂
[14:29:36]
<ChriChri> I'd have another one (less important).
Through ssh port forwarding 11334:127.0.0.1:11334 I can access rspamds webinterface.
If I go to the tab/page "Scan/Learn", fill in the field "Message source:" and hit the "Scan message" button I get the message
```
local > Cannot upload data
Request failed
```
on red background and nothing else happens.
I remember trying it a while ago with some other message and it worked, but I can't get a hold of any difference between a few days ago and now.
[14:29:36]
<ChriChri> Hm, I already suspected that the ssh port forward might get ip packages of a size that doesn't work through the it. But this is not really important. Maybe I'll look into it later.
[14:29:36]
<ChriChri> I'll try, hold on, breaking my snappymail...
[14:29:36]
<ChriChri> ```
root@main.domain:~#chmod +w /etc/php/8.2/fpm/pool.d/snappymail.conf
root@main.domain:~#vi /etc/php/8.2/fpm/pool.d/snappymail.conf
root@main.domain:~#chmod -w /etc/php/8.2/fpm/pool.d/snappymail.conf
root@main.domain:~#systemctl restart php8.2-fpm.service
```
And this will keep working unless I tamper with the settings again? Will the next snappymail app update fix the issue (do I have to open one on github)? orhtej2
[14:30:08]
<ChriChri> > On a server I can send email but not receive them.
> What can I check (logs, …) to troubleshoot it ?
> Diagnosis is all green ✅ (first time ever ^^)
> Thanks 🙂
You mind me trying to send you something? Domain name would be sufficient (if you care you can message me in private).
[14:51:45]
<lapineige> I tried to write to this adress from multiple email, didn't work. My mail client says the adress does not exist.
[14:53:22]
<lapineige> Additional context : it's an email address bought from OVH and bound to the same domain as the Yunohost server.
The server can send mails using that domain. Not receive.
[14:57:40]
<lapineige> I tried to write to this adress from multiple email, didn't work. My mail client says the adress does not exist. `Recipient address rejected: User unknown in virtual mailbox table`
[14:59:07]
<lapineige> Oh wait, this is not my server and the other person just told me a new information: that person wants to redirect their mails to a Gmail inbox, not the Yunohost one… I didn't understand that 😆
And so… could Yunohost (DNS ?) config be conflicting with it ?
[14:59:19]
<lapineige> Oh wait, this is not my server and the other person just told me a new information: that person wants to redirect their mails to a Gmail inbox, not the Yunohost one… I didn't understand that 😆
And so… could Yunohost (DNS ?) config be conflicting with it ? It's using the automated DNS config.
[15:12:13]
<Tag> lapineige: I'll do french if you're ok with that (my brain is tired, it's vendredi), or we can go private if you want
[15:12:37]
<orhtej2> you need to change [MX DNS record](https://www.cloudflare.com/en-gb/learning/dns/dns-records/dns-mx-record/) I guess?
[15:12:59]
<orhtej2> or follow Tag advice, I'm just guessing :P
[15:14:54]
<lapineige> > you need to change [MX DNS record](https://www.cloudflare.com/en-gb/learning/dns/dns-records/dns-mx-record/) I guess?
It shouldn't point to Yunohost I guess ?
[15:15:31]
<orhtej2> > It shouldn't point to Yunohost I guess ?
you can from webadmin disable incoming mail on domain, then you'll have to figure out how to add MX record pointing to your mail provider.
[15:16:18]
<Tag> Si c'est une adresse email gérée par OVH et que le diagnostique de YunoHost est tout vert (sans rien d'ignoré), il y a peut être un soucis quelque part. Dans la zone DNS, le champ MX (pour la réception des mails) devrait pointer vers OVH.
[15:16:42]
<lapineige> > <@tag:lostpod.me> Si c'est une adresse email gérée par OVH et que le diagnostique de YunoHost est tout vert (sans rien d'ignoré), il y a peut être un soucis quelque part. Dans la zone DNS, le champ MX (pour la réception des mails) devrait pointer vers OVH.
Ok, le MX pointe vers Yunohost, comment je le repasse sur OVH ?
[15:19:21]
<Tag> Là il va falloir passer par le manager OVH et modifier les MX à la main. Tu as la liste des enregistrements à mettre sur cette page https://help.ovhcloud.com/csm/fr-dns-configure-mx-dns-zone?id=kb_article_view&sysparm_article=KB0051707
[15:19:27]
<lapineige> > you can from webadmin disable incoming mail on domain, then you'll have to figure out how to add MX record pointing to your mail provider.
Ok, I disabled incomming emails. Does that make any change except that Yunohost won't listen for incomming emails or something ?
[15:19:31]
<lapineige> > <@tag:lostpod.me> Là il va falloir passer par le manager OVH et modifier les MX à la main. Tu as la liste des enregistrements à mettre sur cette page https://help.ovhcloud.com/csm/fr-dns-configure-mx-dns-zone?id=kb_article_view&sysparm_article=KB0051707
trop merci 🙂
[15:19:39]
<orhtej2> it should tell you on domain->DNS tab what changes need to be made in DNS registrar
[15:20:15]
<orhtej2> again, if Tag knows what they're doing follow their advice :)
[15:21:08]
<lapineige> Indeed, it tells me to remove the MX record pointing to Yunohost. Neat ! 👌
[15:40:26]
<lapineige> But it doesn't remove it for www.thatdomainIamtalking.about 🤔 (that was added by Yunohost)
[15:47:04]
<Tag> Yep, you'll need to disable incoming mail on the subdomains too
[15:51:12]
<orhtej2> > <@tag:lostpod.me> Yep, you'll need to disable incoming mail on the subdomains too
huh, really? Didn't realize that
[15:52:45]
<Tag> Well it doesn't matter for @domain.tld but if you don't need @www.domain.tld it's better to remove it
[15:55:22]
<lapineige> > <@tag:lostpod.me> Yep, you'll need to disable incoming mail on the subdomains too
To clarify, why do I need it ?
(if I'm not going to manage email on the subdomains)
[15:56:01]
<Tag> You don't
[15:56:12]
<Tag> :D
[16:02:41]
<lapineige> ok, cool, then I'll leave it as it is 😂
[16:02:45]
<lapineige> Thanks for the help !
[16:44:15]
<lapineige> It worked !
[16:47:05]
<lapineige> Another question, on another server : the diagnosis complains that port 25+587 (postfix/email) and XXX (for galene) are not accessible from outsitde in IPV6… is that a big deal ?
[17:25:27]
<Tag> lapineige: 25+587 : Do you need to receive emails ?
galene : You propably want to fix that, maybe on your router/firewall?
[17:25:31]
<Tag> lapineige: 25+587 : Do you need to receive emails ?
galene : You propably want to fix that, maybe on your router/firewall? (I don't use galene)
[17:57:08]
<lapineige> > 25+587 : Do you need to receive emails ?
It would be cool, but it's not necessary for now
[17:57:08]
<lapineige> Oh, I forgot : it's an hetzner server. So no firewall I guess ?
[20:26:47]
<sebastien> Bonsoir.
Si quelqu'un peut me dire pourquoi je n'arrive pas a utiliser un client wireguard avec un dimaine.dyndns en ynh.fr, je suis preneur.
Merci beaucoup
[20:29:03]
<tufek> salut as-tu créé un sous domaine wireguard.tondomaine.ynh.fr et installé wireguard dessus?
[20:32:36]
<sebastien> > salut as-tu créé un sous domaine wireguard.tondomaine.ynh.fr et installé wireguard dessus?
Non
[20:35:23]
<tufek> wireguard a besoin d'un domaine qui lui est propre, donc ça peut être un début d'explication
[20:36:31]
<sebastien> Je pense que j'ai le bon fichier en. conf (généré par Mulvad). La config se passe bien mais le réseau est coupe c'est donc pour ça ?
Je peux créer un sous domaine, je savais meme pas.... vais essayer ça. Merci
[20:38:17]
<tufek> attends, j'ai du mal comprendre c'est ton serveur yunohost que tu veux paramétrer comme client?
[20:38:32]
<tufek> et mulvad ton serveur vpn?
[20:39:55]
<sebastien> Je veux configurer mon serveur yunohost pour qu'il se connecte sur un serveur vpn Mullvad et pouvoir fermer les ports de ma box...etc....
[20:40:12]
<tufek> dans ce cas oublie ce que je viens de te dire, le sous domaine, c'est pour faire tourner un serveur vpn sur ton domaine
[20:41:08]
<sebastien> Ok !
[20:44:27]
<tufek> du coup il va falloir débuguer ton réseau (disclaimer je ne suis qu'un simple utilisateur XD) que se passe-t-il avec quelle commande?
[20:48:24]
<tituspijean> (Pour info il y a une app wireguard_client. Et en effet, il faut partager ce que tu as tenté sébastien)
[20:48:59]
<sebastien> Oui oui j'ai installé et mal configuré semble t'il
[20:49:10]
<sebastien> Je relance le service
[20:51:19]
<lapineige> > Oh, I forgot : it's an hetzner server. So no firewall I guess ?
I mean I don't understand why a port would not be opened on a VPS 🤔
[21:15:44]
<sebastien> J'arrive.... me suis fichu dehors. ... je connecte en ip locale
[21:15:44]
<sebastien> Je prends des photos? Désolé, impossible de relancer sur mon smartphone. Je comprends pas mais en tout cas plus aucun de mes sercices n'est accessible de l'extérieur
[21:15:45]
<sebastien> Voilà les log de wirguard
[21:15:45]
<sebastien> https://xmpp-upload.lintux.ynh.fr/upload/pkfv9RYgse7U7742/s6rruAV8RQOMh38eTq39hA.jpg
[21:16:00]
<sebastien> =================================
Enregistrements DNS (dnsrecords)
=================================
[ERROR] Certains enregistrements DNS sont manquants ou incorrects pour le domaine maindomain.tld (catégorie basic)
- La configuration DNS de ce domaine devrait être automatiquement gérée par YunoHost. Si ce n'est pas le cas, vous pouvez essayer de forcer une mise à jour en utilisant 'yunohost dyndns update --force'.
- Cet enregistrement DNS ne semble pas correspondre à la configuration recommandée :
Type : A
Nom : @
La valeur actuelle est : xx.xxx.xx.xxx (mon IP publique je pense - masquée)
La valeur attendue est : xx.xx.xx.xx
- Cet enregistrement DNS ne semble pas correspondre à la configuration recommandée :
Type : AAAA
Nom : @
La valeur actuelle est : 2a01:cb18:84e4:fd00:208:9bff:fee6:301c
La valeur attendue est : xx:xx:xx:xx:xx:xx
[SUCCESS] Les enregistrements DNS sont correctement configurés pour le domaine maindomain.tld (catégorie mail)
[SUCCESS] Les enregistrements DNS sont correctement configurés pour le domaine maindomain.tld (catégorie xmpp)
[WARNING] Certains enregistrements DNS sont manquants ou incorrects pour le domaine maindomain.tld (catégorie extra)
- La configuration DNS de ce domaine devrait être automatiquement gérée par YunoHost. Si ce n'est pas le cas, vous pouvez essayer de forcer une mise à jour en utilisant 'yunohost dyndns update --force'.
- Cet enregistrement DNS ne semble pas correspondre à la configuration recommandée :
Type : A
Nom : *
La valeur actuelle est : xx.xxx.xx.xxx
La valeur attendue est : xx.xx.xx.xx
- Cet enregistrement DNS ne semble pas correspondre à la configuration recommandée :
Type : AAAA
Nom : *
La valeur actuelle est : 2a01:cb18:84e4:fd00:208:9bff:fee6:301c
La valeur attendue est : xx:xx:xx:xx:xx:xx
[21:17:05]
<sebastien> En relançant wireguard adieu xmpp😅
[21:17:49]
<sebastien> D'autres log réseau quand le wireguard_client est lancé
[21:18:08]
<sebastien> LOGFILE: journalctl
-- Journal begins at Sun 2023-06-04 08:03:23 CEST, ends at Fri 2023-09-08 23:11:48 CEST. --
août 25 10:11:57 wg-quick[1216]: [#] resolvconf -a tun.Mullvad -m 0 -x
août 25 10:11:58 wg-quick[1044]: [#] wg set Mullvad fwmark 51820
août 25 10:11:58 wg-quick[1044]: [#] ip -6 route add ::/0 dev Mullvad table 51820
août 25 10:11:58 wg-quick[1044]: [#] ip -6 rule add not fwmark 51820 table 51820
août 25 10:11:58 wg-quick[1044]: [#] ip -6 rule add table main suppress_prefixlength 0
août 25 10:11:58 wg-quick[1044]: [#] nft -f /dev/fd/63
août 25 10:11:58 wg-quick[1044]: [#] ip -4 route add 0.0.0.0/0 dev Mullvad table 51820
août 25 10:11:58 wg-quick[1044]: [#] ip -4 rule add not fwmark 51820 table 51820
août 25 10:11:58 wg-quick[1044]: [#] ip -4 rule add table main suppress_prefixlength 0
août 25 10:11:58 wg-quick[1044]: [#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
août 25 10:11:58 wg-quick[1044]: [#] nft -f /dev/fd/63
août 25 10:11:58 systemd[1]: Finished WireGuard Client on Mullvad.
août 25 10:13:18 systemd[1]: Stopping WireGuard Client on Mullvad...
août 25 10:13:18 wg-quick[1933]: [#] ip -4 rule delete table 51820
août 25 10:13:18 wg-quick[1933]: [#] ip -4 rule delete table main suppress_prefixlength 0
août 25 10:13:18 wg-quick[1933]: [#] ip -6 rule delete table 51820
août 25 10:13:18 wg-quick[1933]: [#] ip -6 rule delete table main suppress_prefixlength 0
août 25 10:13:18 wg-quick[1933]: [#] ip link delete dev Mullvad
août 25 10:13:18 wg-quick[1933]: [#] resolvconf -d tun.Mullvad -f
août 25 10:13:19 wg-quick[1933]: [#] nft -f /dev/fd/63
août 25 10:13:19 systemd[1]: wireguard_client@Mullvad.service: Succeeded.
août 25 10:13:19 systemd[1]: Stopped WireGuard Client on Mullvad.
-- Boot a764b4a00fae45cb860b72d9ee8b869a --
sept. 08 22:50:19 systemd[1]: Starting WireGuard Client on Mullvad...
sept. 08 22:50:19 wg-quick[135718]: [#] ip link add Mullvad type wireguard
sept. 08 22:50:20 wg-quick[135718]: [#] wg setconf Mullvad /dev/fd/63
sept. 08 22:50:20 wg-quick[135718]: [#] ip -4 address add 10.68.34.211/32 dev Mullvad
sept. 08 22:50:20 wg-quick[135718]: [#] ip -6 address add fc00:bbbb:bbbb:bb01::5:22d2/128 dev Mullvad
sept. 08 22:50:20 wg-quick[135718]: [#] ip link set mtu 1420 up dev Mullvad
sept. 08 22:50:20 wg-quick[135749]: [#] resolvconf -a tun.Mullvad -m 0 -x
sept. 08 22:50:20 wg-quick[135718]: [#] wg set Mullvad fwmark 51820
sept. 08 22:50:20 wg-quick[135718]: [#] ip -6 route add ::/0 dev Mullvad table 51820
sept. 08 22:50:20 wg-quick[135718]: [#] ip -6 rule add not fwmark 51820 table 51820
sept. 08 22:50:20 wg-quick[135718]: [#] ip -6 rule add table main suppress_prefixlength 0
sept. 08 22:50:20 wg-quick[135718]: [#] nft -f /dev/fd/63
sept. 08 22:50:20 wg-quick[135718]: [#] ip -4 route add 0.0.0.0/0 dev Mullvad table 51820
sept. 08 22:50:20 wg-quick[135718]: [#] ip -4 rule add not fwmark 51820 table 51820
sept. 08 22:50:20 wg-quick[135718]: [#] ip -4 rule add table main suppress_prefixlength 0
sept. 08 22:50:20 wg-quick[135718]: [#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
sept. 08 22:50:20 wg-quick[135718]: [#] nft -f /dev/fd/63
sept. 08 22:50:20 systemd[1]: Finished WireGuard Client on Mullvad.
sept. 08 23:11:48 systemd[1]: Stopping WireGuard Client on Mullvad...
sept. 08 23:11:48 wg-quick[140321]: [#] ip -4 rule delete table 51820
sept. 08 23:11:48 wg-quick[140321]: [#] ip -4 rule delete table main suppress_prefixlength 0
sept. 08 23:11:48 wg-quick[140321]: [#] ip -6 rule delete table 51820
sept. 08 23:11:48 wg-quick[140321]: [#] ip -6 rule delete table main suppress_prefixlength 0
sept. 08 23:11:48 wg-quick[140321]: [#] ip link delete dev Mullvad
sept. 08 23:11:48 wg-quick[140321]: [#] resolvconf -d tun.Mullvad -f
sept. 08 23:11:48 wg-quick[140321]: [#] nft -f /dev/fd/63
sept. 08 23:11:48 systemd[1]: wireguard_client@Mullvad.service: Succeeded.
sept. 08 23:11:48 systemd[1]: Stopped WireGuard Client on Mullvad.
[21:18:52]
<sebastien> Et au cas ou, ma config et les version installées
=================================
Système de base (basesystem)
=================================
[INFO] L'architecture du serveur est bare-metal amd64
- Le modèle/architecture du serveur est To be filled by O.E.M. To be filled by O.E.M.
[INFO] Le serveur utilise le noyau Linux 5.10.0-25-amd64
[INFO] Le serveur utilise Debian 11.7
[INFO] Le serveur utilise YunoHost 11.2.4 (stable)
- yunohost version : 11.2.4 (stable)
- yunohost-admin version : 11.2.2 (stable)
- moulinette version : 11.2 (stable)
- ssowat version : 11.2 (stable)
[21:36:13]
<tufek> tu as installé l'app wireguard_client, et il se lance automatiquement au boot? tu le relances manuellement via le GUI?
[21:42:02]
<sebastien> J'ai installé wireguard_client. J'ai désactivé le fait qu'il se relance au boot car sinon rien ne fonctionne je l'ai relancé tout a l'heure via le GUI (dans Services)
[21:43:44]
<sebastien> Sur la photo quand je l'active on voit bien que l'appli est lancée et pointe bien vers un IP du VPN
[21:43:58]
<sebastien> Status running