[08:43:30]
<leandro> https://www.caffescienza.it/
[08:43:30]
<orhtej2> > <@yvanq:matrix.org> so strange slowdown from the WG installed on Yunohost
100mbps is what I would expect, can you confirm with `top` that one cpu core uses 100%? Encryption is pretty much always cpu-bound
[08:44:49]
<leandro> Sorry, wrong stanza
[14:28:43]
<Canada Goose> Is there a way to make some manual changes to an app's config file without them getting overwritten when the app is updated?
[14:30:10]
<Mateusz Szymański> > <@ngill:nortel.cloud> Is there a way to make some manual changes to an app's config file without them getting overwritten when the app is updated?
short answer: no
long answer: if these are sensible perhaps try upstreaming them/adding `config_panel.toml` to app?
[14:31:03]
<Aleks (he/him/il/lui)> (also it helps if you can explain which app and what kind of settings)
[14:35:07]
<Canada Goose> I was looking for a general answer since it would be useful to me for a few apps, but the two I would like to use it for in particular are Synapse and Forgejo. In Synapse's config I just need to disable it listening on ipv6 because my server has ipv6 disabled entirely (hack solution for another issue) and in Forgejo I'd like to enable registration via oauth.
[14:35:29]
<Mateusz Szymański> > <@Alekswag:matrix.org> (also it helps if you can explain which app and what kind of settings)
also that given some apps read additional configs that are intentionally preserved during update
[14:36:39]
<Mateusz Szymański> > <@ngill:nortel.cloud> I was looking for a general answer since it would be useful to me for a few apps, but the two I would like to use it for in particular are Synapse and Forgejo. In Synapse's config I just need to disable it listening on ipv6 because my server has ipv6 disabled entirely (hack solution for another issue) and in Forgejo I'd like to enable registration via oauth.
what needs updating here? https://github.com/YunoHost-Apps/forgejo_ynh/blob/47521860bd0be5b6cf7f29acf0498461f23fbafe/conf/app.ini#L89
[14:37:18]
<Mateusz Szymański> as for Synapse I'd look at their packaging v2 attempt to see if this fits
[14:39:32]
<Canada Goose> > <@orhtej2:matrix.org> what needs updating here? https://github.com/YunoHost-Apps/forgejo_ynh/blob/47521860bd0be5b6cf7f29acf0498461f23fbafe/conf/app.ini#L89
I assumed adding authentication sources to Forgejo was a config edit, but that actually doesn't seem to be the case. Might not need to edit anything there then.
[14:42:02]
<Canada Goose> actually nevermind, since I want registration enabled oauth2_client.ENABLE_AUTO_REGISTRATION needs to be set to true https://forgejo.org/docs/latest/admin/config-cheat-sheet/#oauth2-client-oauth2_client
[16:49:32]
<Mateusz Szymański> > <@yvanq:matrix.org> hello, any way to enhance rate of wireguard server on yunohost ? My server has itself 111mbs trough the vpn installed on my ionos VPS and it falls down to 11mbs trough yunohost wireguard server ?Thanks
> Second question , as I block on a configuration of WGvpn, I would like to ask help to a developper (I will pay of course).
> Sincerely
is the wireguard process utilizing 100% of one cpu core when streaming at 11mbps?
[16:50:56]
<yvanq> how can I know that ?
[16:51:38]
<Mateusz Szymański> ssh to server and run `sudo top` or even better `sudo htop` to see CPU utilization
[16:51:44]
<Mateusz Szymański> while speed testing ofc
[16:51:51]
<yvanq> hello, any way to enhance rate of wireguard server on yunohost ? My server has itself 111mbs trough the vpn installed on my ionos VPS and rate falls down to 11mbs trough yunohost wireguard server ?Thanks
Second question , as I block on a configuration of WGvpn, I would like to ask help to a developper (I will pay of course).
Sincerely
[16:56:01]
<yvanq> htop doesn't work
and top gives
```
480901 postgres 20 0 218364 106276 101668 S 2,7 1,3 0:00.08 postgres
312567 peertube 20 0 21,8g 356084 18480 S 2,3 4,4 10:59.59 peertube
532 redis 20 0 83176 20540 7660 S 0,7 0,3 7:24.92 redis-server
280608 root 20 0 2346328 36052 8564 S 0,7 0,4 9:53.11 fail2ban-server
480786 root 20 0 10332 3984 3160 R 0,7 0,0 0:00.25 top
1427 postgres 20 0 69384 5616 4480 S 0,3 0,1 0:21.69 postgres
2187 pgadmin 20 0 360480 10800 8516 S 0,3 0,1 10:02.51 uwsgi
93639 list 20 0 81924 33924 11724 S 0,3 0,4 0:14.19 python3
93643 list 20 0 87888 56164 12148 S 0,3 0,7 0:15.14 python3
220410 rabbitmq 20 0 3228160 72820 6524 S 0,3 0,9 2:10.28 beam.smp
322396 etherpa+ 20 0 1456764 129536 18420 S 0,3 1,6 1:13.08 node
328608 www-data 20 0 577880 43084 16772 S 0,3 0,5 4:05.17 nginx
1 root 20 0 167744 10048 6656 S 0,0 0,1 0:57.25 systemd
```
[16:56:55]
<yvanq> htop doesn'work and top gives
```
PID UTIL. PR NI VIRT RES SHR S %CPU %MEM TEMPS+ COM.
480901 postgres 20 0 218364 106276 101668 S 2,7 1,3 0:00.08 postgres
312567 peertube 20 0 21,8g 356084 18480 S 2,3 4,4 10:59.59 peertube
532 redis 20 0 83176 20540 7660 S 0,7 0,3 7:24.92 redis-server
280608 root 20 0 2346328 36052 8564 S 0,7 0,4 9:53.11 fail2ban-server
480786 root 20 0 10332 3984 3160 R 0,7 0,0 0:00.25 top
1427 postgres 20 0 69384 5616 4480 S 0,3 0,1 0:21.69 postgres
2187 pgadmin 20 0 360480 10800 8516 S 0,3 0,1 10:02.51 uwsgi
93639 list 20 0 81924 33924 11724 S 0,3 0,4 0:14.19 python3
93643 list 20 0 87888 56164 12148 S 0,3 0,7 0:15.14 python3
220410 rabbitmq 20 0 3228160 72820 6524 S 0,3 0,9 2:10.28 beam.smp
322396 etherpa+ 20 0 1456764 129536 18420 S 0,3 1,6 1:13.08 node
328608 www-data 20 0 577880 43084 16772 S 0,3 0,5 4:05.17 nginx
1 root 20 0 167744 10048 6656 S 0,0 0,1 0:57.25 systemd
```
[16:58:35]
<selfhoster1312> did you install htop? :)
`sudo apt install htop`
[17:22:39]
<Mateusz Szymański> > <@yvanq:matrix.org> htop doesn'work and top gives
>
> ```
> PID UTIL. PR NI VIRT RES SHR S %CPU %MEM TEMPS+ COM.
> 480901 postgres 20 0 218364 106276 101668 S 2,7 1,3 0:00.08 postgres
> 312567 peertube 20 0 21,8g 356084 18480 S 2,3 4,4 10:59.59 peertube
> 532 redis 20 0 83176 20540 7660 S 0,7 0,3 7:24.92 redis-server
> 280608 root 20 0 2346328 36052 8564 S 0,7 0,4 9:53.11 fail2ban-server
> 480786 root 20 0 10332 3984 3160 R 0,7 0,0 0:00.25 top
> 1427 postgres 20 0 69384 5616 4480 S 0,3 0,1 0:21.69 postgres
> 2187 pgadmin 20 0 360480 10800 8516 S 0,3 0,1 10:02.51 uwsgi
> 93639 list 20 0 81924 33924 11724 S 0,3 0,4 0:14.19 python3
> 93643 list 20 0 87888 56164 12148 S 0,3 0,7 0:15.14 python3
> 220410 rabbitmq 20 0 3228160 72820 6524 S 0,3 0,9 2:10.28 beam.smp
> 322396 etherpa+ 20 0 1456764 129536 18420 S 0,3 1,6 1:13.08 node
> 328608 www-data 20 0 577880 43084 16772 S 0,3 0,5 4:05.17 nginx
> 1 root 20 0 167744 10048 6656 S 0,0 0,1 0:57.25 systemd
> ```
this is on server that hosts wireguard while you're running speedtest?
[17:42:36]
<yvanq> Oups speedtest on pc or yunohost?
[17:45:44]
<Mateusz Szymański> > <@yvanq:matrix.org> Oups speedtest on pc or yunohost?
you claim low connection speed when testing with speedtest somewhere. Run top on server then the speedtest that's slow
[17:46:23]
<Mateusz Szymański> and observe CPU utilization
100% would mean CPU bottleneck that cannot be fixed in any way other than upscaling VPS with better (not more!) cores
[17:48:18]
<yvanq> The results are while speedtest on my pc with vpn client on
[18:03:48]
<Mateusz Szymański> > <@yvanq:matrix.org> The results are while speedtest on my pc with vpn client on
¯\_(ツ)_/¯ then it's constrained elsewhere given no wg process is even on the lis
[18:22:24]
<yvanq> https://aria.im/_matrix/media/v1/download/matrix.org/VlIQmFsiFsjTDmmdKbniUQBW
[18:23:04]
<Mateusz Szymański> so I was running some tests and `htop` show userspace CPU utilization while wg is apparently running in kernel mode
[18:34:46]
<Mateusz Szymański> ok, run `sudo htop`, press f2->display options->untick 'hide kernel threads' which yields
[18:34:49]
<Mateusz Szymański> https://aria.im/_matrix/media/v1/download/matrix.org/HBOlLwgWCIsOMkVTvJtNqizo
[18:35:11]
<Mateusz Szymański> and my wg is pretty much matching my VPS bandwidth allowance
[18:35:23]
<Mateusz Szymański> (also, what's your VPS bandwidth allowance?)
[18:38:31]
<shadowstorm1> Hello, I have two dedicated servers with yunohost installed, my goal is to protect the network of the first server with that of the 2nd using a VPN server installed on the 2nd dedicated server. My site will be hosted on dedicated server #1, but I don't want the IP address of dedicated server #1 to be publicly visible, I want to use the networks of the second dedicated server to hide the IP address of the first server , But I do not know how. What is the best solution I should use?
[18:45:18]
<lapineige> Just in case: do you consider making it a TOR-only website ? Or is it out of scope ?
[18:45:19]
<LPS_trashserver> Hi, I've been struggling to install a Nextcloud update from version 22 to 25 through the system update. However I am also prompted to do the update through Nextcloud itself. Is it safe to try that route? Or do those updates need to happen through Yunohost only?
[18:45:51]
<lapineige> Don't do that. Yunohost only updates.
Where does it fails ?
[18:45:52]
<Mateusz Szymański> > <LPS_trashserver> Hi, I've been struggling to install a Nextcloud update from version 22 to 25 through the system update. However I am also prompted to do the update through Nextcloud itself. Is it safe to try that route? Or do those updates need to happen through Yunohost only?
I would recommend going YNH route through intermediate versions although only 26 is tagged (?)
[18:46:20]
<LPS_trashserver> thanks, I will avoid the internal update
[18:46:45]
<shadowstorm1> > Just in case: do you consider making it a TOR-only website ? Or is it out of scope ?
No, I don't plan to use Tor, and I would like to have a good download and especially upload connection despite the VPN that I will install
[18:46:56]
<lapineige> Don't do that. Yunohost only updates. Internal updates can't account for YNH specific config
Where does it fails ?
[18:47:05]
<LPS_trashserver> Mateusz Szymański, I've run into this before and disabled Mail which was a culprit ... I've now also insured that all apps are updated ... trying again.
[18:47:21]
<LPS_trashserver> https://upload.trashserver.net/upload/8a850a7ef52e8f29a096654bf1bd037c24c83d81/W3AKyQUKajY4DUGKcrZDT0SjdpN07l9bopH3Rjky/cb9ace5a-4812-4786-a8c6-da839ece1826.png
[18:47:23]
<lapineige> Just in case: did you consider making it a TOR-only website ? Or is it out of scope ?
[18:47:55]
<LPS_trashserver> Mateusz Szymański, all system files are up to date as well
[18:47:58]
<Mateusz Szymański> > <LPS_trashserver> sent an image.
upgrade to tagged 26, there are some db migrations to run
[18:48:12]
<lapineige> Then I would go for a vpn\_server on server 2, and vpn\_client on server 1, but I'm unsure if these apps are working well 🤔
And then the first server should redirect to the second one, but not with a classical redirect app
[18:48:42]
<LPS_trashserver> Mateusz Szymański, will I find that in another tool than system update? I'm using the Web Admin
[18:48:55]
<Mateusz Szymański> > <@orhtej2:matrix.org> upgrade to tagged 26, there are some db migrations to run
`sudo yunohost app upgrade nextcloud -u https://github.com/YunoHost-Apps/nextcloud_ynh/tree/oldstable`, only then upgrade via web admin
[18:49:07]
<Mateusz Szymański> (that needs to be run from ssh)
[18:49:27]
<LPS_trashserver> Mateusz Szymański, amazing! I'll try that:)
[18:49:52]
<LPS_trashserver> only this correct ------ sudo yunohost app upgrade nextcloud -u
[18:50:23]
<Mateusz Szymański> with full url after `-u`
[18:50:45]
<shadowstorm1> > Then I would go for a vpn\_server on server 2, and vpn\_client on server 1, but I'm unsure if these apps are working well 🤔
> And then the first server should redirect to the second one, but not with a classical redirect app
Do I need to install headscale, wireguard, openvpn...? Can the VPN solution be used directly from yunohost?
I plan to point the domain name to the IP address of server 2 which will cover the network of server 1. I also want a kill switch for the network of server 1 to never be exposed in wan
[18:50:49]
<LPS_trashserver> oh thanks!
[18:55:25]
<LPS_trashserver> Mateusz Szymański, is that mode included by default of something I need to enable?
[18:55:47]
<Mateusz Szymański> > <LPS_trashserver> Mateusz Szymański, is that mode included by default of something I need to enable?
while you install the app you get to select what to proxy where
[18:56:34]
<Mateusz Szymański> https://aria.im/_matrix/media/v1/download/matrix.org/ruFBliRNzuPFGpIFctLxrXII
[18:57:30]
<LPS_trashserver> Mateusz Szymański, thanks!
[18:57:34]
<Mateusz Szymański> (not sure how well it handles HTTPS traffic on destination so better serve plan HTTP on server 1)
[18:57:45]
<Mateusz Szymański> (not sure how well it handles HTTPS traffic on destination so better serve plain HTTP on server 1)
[18:58:32]
<LPS_trashserver> Mateusz Szymański, it seems to be upgrading now🤞️ The first time I missed the "_" in the URL "https://github.com/YunoHost-Apps/nextcloud_ynh/tree/oldstable"
[19:39:31]
<lps_snikket> Mateusz Szymański, THANK YOU SO MUCH!!!! YOU SAVED ME HOURS OF GRIEF:)
[19:40:15]
<Mateusz Szymański> you have 27.x working now?
[19:41:29]
<Mateusz Szymański> I was thinking now that I recommended redirect_ynh to the wrong person, your nextcloud is working, right?
[19:41:52]
<Mateusz Szymański> <del>isn't that a job for https://github.com/YunoHost-Apps/redirect\_ynh in 'invisible redirect' mode?</del>
[19:42:32]
<Mateusz Szymański> > <@shadowstorm1:matrix.org> Hello, I have two dedicated servers with yunohost installed, my goal is to protect the network of the first server with that of the 2nd using a VPN server installed on the 2nd dedicated server. My site will be hosted on dedicated server #1, but I don't want the IP address of dedicated server #1 to be publicly visible, I want to use the networks of the second dedicated server to hide the IP address of the first server , But I do not know how. What is the best solution I should use?
isn't that a job for https://github.com/YunoHost-Apps/redirect_ynh in 'invisible redirect' mode? <-- this is the post that this answer was intended for :P
[19:49:15]
<shadowstorm1> > <@orhtej2:matrix.org> isn't that a job for https://github.com/YunoHost-Apps/redirect_ynh in 'invisible redirect' mode? <-- this is the post that this answer was intended for :P
Sorry I didn't know this response was intended for me.
[19:49:19]
<shadowstorm1> Using 'invisible redirect' mode will it be impossible to go back to the real server hosting the data and know the real IP address of server 1?
[19:50:03]
<Mateusz Szymański> > <@shadowstorm1:matrix.org> Using 'invisible redirect' mode will it be impossible to go back to the real server hosting the data and know the real IP address of server 1?
from caller's point of view all the traffic will originate from server #2 and HTTPS cert will mention server #2 as well
[19:50:11]
<Mateusz Szymański> > <@shadowstorm1:matrix.org> Sorry I didn't know this response was intended for me.
yeah my bad :(
[19:54:28]
<shadowstorm1> > <@orhtej2:matrix.org> from caller's point of view all the traffic will originate from server #2 and HTTPS cert will mention server #2 as well
Despite security audits, the IP address of server 1 will never be revealed? Is there a risk of port conflicts between yunohost of server 2 and yunohost of server 1 during redirections?
[19:54:35]
<shadowstorm1> I would like to redirect several applications "Grav, synapse, mail server..."
[19:55:57]
<Mateusz Szymański> > <@shadowstorm1:matrix.org> Despite security audits, the IP address of server 1 will never be revealed? Is there a risk of port conflicts between yunohost of server 2 and yunohost of server 1 during redirections?
honestly I don't know, there are more skilled people to answer these questions. On it's face value `redirect_ynh` is as secure as it's (default) nginx config as it's nothing more than nginx hackery
[19:56:27]
<Mateusz Szymański> should work with multiple redirects no problem
[19:56:55]
<Mateusz Szymański> try in some staging environment first perhaps?
[19:59:17]
<shadowstorm1> Yes I will do several tests, but I know that yunohost installs a mail server by default, but I would like to use the mail server of server 1 with the domain name which points to the network of server 2, I do not know if both mail server will conflict or not
[20:38:20]
<lps_snikket> Mateusz Szymański, sorry for the delayed response... yes working great!!!!