[17:30:03]
<Stella_x86-64> is it ordinary for the system to stop responding after starting a package upgrade on the "configuring nginx" part? if not, what should I do?
[19:13:33]
<asandikci> Hi all
[19:13:56]
<asandikci> I have a forgejo instance in my YunoHost server
[19:15:14]
<asandikci> There is so much crawler send requests and making server busy. But fail2ban is not banning any of them. Not logging anything other than postfix tho (/var/log/fail2ban.log)
[19:16:49]
<asandikci> `fail2ban-client status` outputs some jails contains forgejo but It seems not working
[19:17:40]
<asandikci> (There is thousands of requests in /var/log/nginx/my_forgejo_instance.com-access.log)
[19:18:17]
<asandikci> not specific to forgejo probably, any jail is not working other than postfix
[19:18:21]
<asandikci> What should I do?
[19:25:43]
<Aleks (he/him/il/lui)> ah yes, welcome to the future of the enshitiffied internet thanks to BigCorps™ and AI™ ...
[19:26:45]
<Aleks (he/him/il/lui)> you might be interested to read https://thelibre.news/foss-infrastructure-is-under-attack-by-ai-companies/
[19:26:53]
<asandikci> 😕
[19:27:17]
<Aleks (he/him/il/lui)> it's still a ~new phenomena and there's no straightforward defense, but i guess a ~simple way to mitigate the issue would be to geo-block IPs from China maybe
[19:27:22]
<asandikci> making fail2ban working should at least situation better I hope
[19:28:22]
<Aleks (he/him/il/lui)> fail2ban is typically meant to adress bots failing to autotenticate, not to rate-limit crawlers (especially if the crawlers are in fact spread over multiple IPs etc)
[19:29:15]
<Aleks (he/him/il/lui)> there's some discussion on geo blocking in here https://forum.yunohost.org/t/tuto-bloquer-les-requetes-selon-le-pays/9947
[19:29:27]
<asandikci> is there any way to block a subnet like 66.249.66.xx for example?
[19:33:37]
<asandikci> geo-block won't solve anything I guess since a manually looked up for ips and most of are from america. meta, aws, openai, some random ai websites etc.
[19:33:57]
<asandikci> > is there any way to block a subnet like 66.249.66.xx for example?
It would be very useful if its possible
[19:37:35]
<asandikci> `fail2ban-client set forgejo banip 66.249.66.0/24` does the job!
[19:43:40]
<asandikci> also relaized that I forgot to create a robots.txt file 🤦🏼♂️
[19:44:26]
<asandikci> Now everything is under control. Sorry for inconvenience everybody
[19:45:35]
<Aleks (he/him/il/lui)> (these crawlers tend to wipe their ass with robots.txt)
[20:19:04]
<Marc_> Bonsoir, le service de diagnostic me dit que le certificat de mon domaine principal va expirer dans 14 jours, je l'ai pourtant déjà renouvelé et lorsque j'inspecte mon certificat depuis mon navigateur, celui-ci me dit que le certificat est valide jusqu'en juin.
De même lorsque je vais dans Domaines -> "Mon domaine principal" -> Certificat, ça m'indique "Valable pendant 81 jours"
https://paste.yunohost.org/raw/cevikafize
[21:24:25]
<asandikci> > (these crawlers tend to wipe their ass with robots.txt)
ik, ik. Thats why I've blocked many of them manually too
[22:32:07]
<Facundo> hello. I have a problem to remotely enter my YunoHost server using a ZeroTier network (previously installed these official apps: Zerotier and ZeroUI). I can access the administration panel with my administrator user, but not the user panel. When I enter YunoHost with a standard user without privileges, I cannot access the administration panel (which is expected) or the user panel (which leaves me perplexed). Does anyone know what is happening?
[22:33:47]
<tituspijean> Hello, what do you mean by "I cannot access the user panel"? What is displayed on screen?
[22:35:08]
<tituspijean> (and I have to ask, does it work without going through Zerotier?)
[22:38:23]
<miro5001> > <asandikci> What should I do?
Didn't test it but you can give feedback https://github.com/YunoHost-Apps/anubis_ynh
[22:38:44]
<tituspijean> Non, c'est le domaine lui-même qui va expirer auprès du registrar
[22:39:24]
<tituspijean> (mais cette info est parfois pas tout à fait précise, à vérifier directement auprès de ton registrar)
[22:43:18]
<tituspijean> it's most likely not working yet. The app may install, but there is no configuration to plug it between the apps and NGINX.
[22:49:58]
<Facundo> tituspijean Thanks for answering. When I try to access the user dashboard (virtual-IP-of-the-server/yunohost/sso) from the administration dashboard (virtual-IP-of-the-server/yunohost/admin), it redirects to the administration panel. When I go directly in the browser to the virtual-IP-of-the-server/yunohost/sso (either using HTTP or HTTPS), the browser communicates an error message: "Error code: NS_ERROR_OFLINE".
I suspect that it is a problem related to DNS and the virtual IP addresses of Zerotier.
[22:52:47]
<Facundo> I am trying all this from an Android device. I can't use SSH from here.
[22:53:22]
<tituspijean> User dashboard can only be accessed through the domain name, not the IP address
[22:55:58]
<tituspijean> you can check that by opening `yunohost.local` (mDNS passes through zerotier networks, contrary to other VPN systems)
[23:00:56]
<Facundo> thanks. I will try that.
[23:08:17]
<Facundo> I forgot to say before that I am trying to access a local domain. The same: going to yunohost.local is not working. Is there no another way that any DNS configuration translates Zerotier's virtual addresses to domain names or vice versa? I could use SSH on this Android device as a last resort (I should prepare it for that).
[23:13:28]
<tituspijean> It's sleep time for me. But again, you need to specify what's displayed on screen. Also check that `ping yunohost.local` returns a zerotier IP address
[23:14:08]
<tituspijean> (if not, you might need to restart the yunomdns service, and wait a few minutes)