[10:15:29]
<Nadine> Hi,
I have a question about embedding iFrames. I need to embed an iFrame from a custom web app which runs on subdomain.domain.tld on domain.tld. I found this thread: https://forum.yunohost.org/t/iframe-nginx-setting-solved/10067/4 which is already more than 3 years old. Changing more_set_headers "X-Frame-Options : SAMEORIGIN"; to more_set_headers "X-Frame-Options : ALLOW-FROM https://domain.tld/" and also adding more_set_headers "Content-Security-Policy frame-ancestors : ALLOW-FROM https://domain.tld/" in /etc/nginx/conf.d/scurity.conf.inc works but then this applies to all domains. And I only want to apply the setting to my custom web app. Is there any way to achieve this? Thanks.
[10:16:43]
<Aleks (he/him/il/lui)> yes, putting those in the nginx location block of the app in /etc/nginx/conf.d/yourdomain.tld/yourapp.conf
[13:02:27]
<(⊙_◎)> I've been facing an issue with nextcloud after failed upgrade, backup restore failing because it doesn't have conf folder in the tarball
[13:02:47]
<(⊙_◎)> so I took the conf folder from an old tarball and put it in the current tarball
[13:03:04]
<(⊙_◎)> but now it's complaining the info.json is not existing or incorrect
[13:04:27]
<(⊙_◎)> the json and content seem valid btw
[13:04:56]
<(⊙_◎)> does it keep some sort of tree in the backup which is now mismatching or something?
[13:05:07]
<(⊙_◎)> and anyway why is the conf folder missing is a mystery to me
[13:05:35]
<(⊙_◎)> I've had this sort of failed upgrade issue before and restoring the pre upgrade tarball always worked m
[13:39:20]
<gilou_> hello, I have a yunohost install with 2 domains, no www on none of them. I'm migrating my emails on it for the 2 domains. For the first, no problems append. But for the second, I get the ssl certificate from the first domain if I'm testing the command 'openssl s_client -connect imap.second.tld:993 -showcerts'. Each subdomain have a valid certificate. How can I manage to have the right one ?
[13:42:29]
<Aleks (he/him/il/lui)> i'm not sure you are supposed to use `imap.domain.tld` ... just `domain.tld` should work
[13:44:10]
<gilou_> Hello Aleks, 'openssl s_client -connect second.tld:993 -showcerts' give me also the certificate from the first domain.
[13:45:15]
<gilou_> I've tryed by installed a webapp on the second domain and I can I the right certificate, but not by ssl for email, so I can't connect a client properly.
[13:46:51]
<Aleks (he/him/il/lui)> hmmm and you are running yunohost 11.2.x right ?
[13:48:24]
<gilou_> Yes I'm running yunohost 11.2.7
[13:50:57]
<Aleks (he/him/il/lui)> maybe `yunohost tools regen-conf postfix` can improve the situation but i don't see why you'd have to run it manually
[13:51:19]
<Aleks (he/him/il/lui)> maybe `openssl s_client` doesn't send proper SNI in its request x_X
[13:53:27]
<gilou_> Yes, but thunderbird give me the same result when I create a new account.
[13:53:38]
<gilou_> I'm trying the command
[13:56:43]
<gilou_> That seem to change nothing at this issue.
[14:08:10]
<gilou_> If I'm looking one log from ssl on the server, when I try to add an account with thunderbird, I get a certifcate error :
[14:08:11]
<gilou_> TLS handshaking: SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42
[14:25:03]
<gilou_> I'm trying by using the first domain MX for the secondary domain. I'm waiting DNS propagation.
[14:52:11]
<gilou_> I've no more success with this trick, because the server always reply me with the first domain certificate
[14:53:16]
<Aleks (he/him/il/lui)> no idea what that is, it's supposed to be handled by the sni mapping defined in /etc/postfix/main.cf : https://github.com/YunoHost/yunohost/blob/dev/conf/postfix/main.cf#L30
[14:53:40]
<Aleks (he/him/il/lui)> s/what/why
[14:54:14]
<Aleks (he/him/il/lui)> could it be that your server is behind some sort of reverse proxy that would not propagate the SNI maybe ...
[14:58:36]
<gilou_> Sure, I've no reverse DNS configured actually, and my public IP is provided by a local provider... I'm contacting them !
[14:58:43]
<gilou_> Thank you for your support
[14:59:06]
<Aleks (he/him/il/lui)> that's not related to reverse DNS
[15:08:55]
<gilou_> Ok, so I've looked on the /etc/postfix/sni table and each sub domain seems to have the right certificate.
[15:11:48]
<ChriChri[m]> > <@gilou_:matrix.org> Ok, so I've looked on the /etc/postfix/sni table and each sub domain seems to have the right certificate.
Shouldn't IMAP be handled by dovecot (not postfix)?
[15:16:49]
<Aleks (he/him/il/lui)> aah
[15:16:53]
<Aleks (he/him/il/lui)> hmm indeed
[15:17:42]
<Aleks (he/him/il/lui)> there should be a similar mechanism in /etc/dovecot/dovecot.conf : https://github.com/YunoHost/yunohost/blob/dev/conf/dovecot/dovecot.conf#L25
[15:19:19]
<gilou_> Yes, so, that seems to reply with the right reply.
[15:24:50]
<gilou_> ok so in my /etc/dovecot/dovecot.conf I've only the first domain and sub-domain. The is nothing on the second one.
[15:25:06]
<Aleks (he/him/il/lui)> then let's try `yunohost tools regen-conf dovecot`
[15:26:01]
<Aleks (he/him/il/lui)> or maybe outgoing/incoming email (one of these) was disabled for some reason in the domain conf ? In the webadmin > Domains > seconddomain.tld > 'Features'
[15:26:12]
<gilou_> Ok, now, I've entries for the second one.
[15:26:43]
<Aleks (he/him/il/lui)> not sure why you had to run this manually tho
[15:27:57]
<gilou_> Maybe the conf is not regen when adding a second domain who is not a main subdomain...
[15:28:41]
<gilou_> But, thanks to you, ChriChri and Aleks !
[15:29:13]
<gilou_> Now, openssl give me the right one.
[15:29:46]
<Aleks (he/him/il/lui)> ah actually indeed ... https://github.com/YunoHost/yunohost/blob/dev/src/domain.py#L308
[15:30:58]
<Aleks (he/him/il/lui)> fixed by https://github.com/YunoHost/yunohost/commit/59875cae23084e6d9f35ab70031e5cc2e2e4491f to be included in 11.2.8
[15:32:16]
<gilou_> Ok, happy to help to find a bug !
[15:34:56]
<gilou_> I've learned a lot on email management today, I'm an electronics developer, so emails are not my daily tasks.
[16:00:13]
<beedee> I’d like to move my synapse to yunohost synapse but unsure how to do this since the account structure will be totally different.
[16:05:26]
<ChriChri[m]> BTW - just asked myself why there isn't a yunohost xmpp room if xmpp is supported by default? Is there already and if not, why?
[16:08:03]
<Aleks (he/him/il/lui)> https://yunohost.org/fr/chat_rooms ?
[16:23:49]
<charlesp> And it's even bridged to Matrix 🙃
[16:26:10]
<orhtej2> > <@chrichri:librem.one> BTW - just asked myself why there isn't a yunohost xmpp room if xmpp is supported by default? Is there already and if not, why?
Room size limit probably?
[16:26:11]
<Charles P.> Uh, renaming on XMPP creates another puppet 👀
[16:30:25]
<Charles P.> > <@beedee:matrix.org> I’d like to move my synapse to yunohost synapse but unsure how to do this since the account structure will be totally different.
I did move from LemonLDAP's OIDC to OIDC provided by Dex on Yunohost (Synapse's hosted on another server and I wasn't quite sure on how to expose LDAP securely), wasn't that complex, just needed tinkering a little bit with provider id table.
I dont know how bad it is to migrate from local accounts to LDAP-managed ones though
[17:57:59]
<beedee> > <@charlesp:stratus.family> I did move from LemonLDAP's OIDC to OIDC provided by Dex on Yunohost (Synapse's hosted on another server and I wasn't quite sure on how to expose LDAP securely), wasn't that complex, just needed tinkering a little bit with provider id table.
> I dont know how bad it is to migrate from local accounts to LDAP-managed ones though
tbh i don't even care about recreating the accounts i just don't want to lose the chat logs
[17:58:13]
<beedee> does this make it easier to do?
[18:23:14]
<Charles P.> migrating the database should be enough then
[18:29:04]
<ChriChri[m]> > <@Alekswag:matrix.org> https://yunohost.org/fr/chat_rooms ?
Ahhh...! But I can't join: "Remote server not found". Should it be bridged to matrix?
[18:30:04]
<Aleks (he/him/il/lui)> idk, some people seem to be using it fine
[18:30:35]
<Aleks (he/him/il/lui)> or maybe i'm mistaking idk
[20:31:06]
<Charles P.> > <@chrichri:librem.one> Ahhh...! But I can't join: "Remote server not found". Should it be bridged to matrix?
Are you copy-pasting it ?
[20:31:33]
<Charles P.> Be sure to remove xmpp:// at the beginning and ?join=1 at the end then
[20:31:58]
<Charles P.> just support@conference.yunohost.org