Monday, August 18, 2025
support@conference.yunohost.org
August
Mon Tue Wed Thu Fri Sat Sun
        1
 2
 3
4
 5 6
 7
 8
 9
 10
11
 12
 13
 14
 15
 16
 17
18
 19
 20
 21
 22 23
 24
25
 26 27 28
 29 30
 31
             

[10:11:41] <niklas> it seems Yunohost 21.1.* has been out for over a week yet it does not show up in my apt upgrades. Is this normal?
[10:23:30] <Tagada> > <@niklas:freiburg.social> it seems Yunohost 21.1.* has been out for over a week yet it does not show up in my apt upgrades. Is this normal?

👋 it's in testing for now https://forum.yunohost.org/t/yunohost-12-1-testing/35630
[10:25:44] <niklas> Thank you! Some nice new stuff in there. Can't wait for it to hit stable!
[17:43:30] <fjox.win 🇩🇪⚡> Headscale wont start because it cant connect to OIDC server because of a invalid certificate
https://paste.yunohost.org/evenigaheh
[17:52:21] <fjox.win 🇩🇪⚡> i removed the oidc part and i still get
```
headscale@appmgr:~$ ./headscale apikeys create
2025-08-18T19:50:17+02:00 FTL ../../../home/runner/work/headscale/headscale/cmd/headscale/cli/utils.go:124 > Could not connect: context deadline exceeded error="context deadline exceeded"
```
[17:52:43] <fjox.win 🇩🇪⚡> and this time headscale is running
[17:53:08] <fjox.win 🇩🇪⚡> nvm it just stopped again
[17:53:41] <fjox.win 🇩🇪⚡> https://paste.yunohost.org/cequvawoko
[18:07:10] <Stella_x86-64> Has anyone found success on using automatic DNS registers with a porkbun domain?
[18:07:46] <Stella_x86-64> I am aware this is extremely experimental, but I wish to know if there is any development done so far.
[18:08:36] <fjox.win 🇩🇪⚡> doesnt it say its for cloudflare only?
[18:09:44] <Stella_x86-64> It doesn't directly say that on the admin page, just that it's not supported. Is there a way I can contribute to this feature?
[18:11:41] <fjox.win 🇩🇪⚡> id asume it would be in here https://github.com/YunoHost/yunohost
[18:14:15] <Stella_x86-64> I'm looking through and it seems like I have the wrong keys? I may have confused API keys for auth keys? I'll check further..
[18:23:12] <Stella_x86-64> No, it seems like the API keys are the only ones, and the api just poops out the 403 error, and I have double checked the keys.
[18:36:49] <Stella_x86-64> OK, further research implies that the Lexicon build is out of date, as its trying to access a deprecated URL (porkbun.com/api instead of api.porkbun.com/api)
[18:37:26] <Stella_x86-64> Is there anything that can be done? Attempting a system upgrade does not show the program under the updates...
[18:40:46] <Stella_x86-64> (and yeah, I checked dns-lexicon itself, it uses the correct one. They did migrate repos though.)
[18:51:35] <tituspijean[m]> @witchy_stella_zephyr:transgirl.cafe we've indeed noticed that the Lexicon version we use is not up to date: https://github.com/YunoHost/issues/issues/2623
[18:53:03] <Stella_x86-64> I saw through digging around the repo, apologies... is there any way I could contribute to it's implementation?
[18:53:15] <tituspijean[m]> @fjox_de:matrix.orgare you not able to generate the certificates? (or they are generated and headscale is still not happy about it?)
[18:54:10] <fjox.win 🇩🇪⚡> well i cant generate kets encrypt certificates
[18:54:24] <fjox.win 🇩🇪⚡> but im behind a proxy anyways and that has the proper certificate
[18:54:42] <fjox.win 🇩🇪⚡> and then again behind cloudflare
[18:54:53] <tituspijean[m]> @witchy_stella_zephyr:transgirl.cafeit's more on the contributors having access to our infrastructure to do so unfortunately. (I can have a look, but I'd be very slow and no promise of success)
[18:56:00] <fjox.win 🇩🇪⚡> THe nginx config for proxying yunohost
```
location / {
proxy_pass http://10.81.0.4;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
}
```
[18:56:38] <tituspijean[m]> that's not quite self-hosting :p (that's a bit of a joke, I can understand the use case leading to cloudflare)
[18:56:43] <Stella_x86-64> Understood, thanks anyway! Will be working manually in the meanwhile.
[18:58:24] <tituspijean[m]> I discovered more or less the same thing when I tried to have a sort of Intranet with Headscale: the domain serving Headscale needs to be publicly accessible, with proper certificates.
However, let me check, I think I saw some bits of configuration where one could give self-signed certificates
[18:59:13] <fjox.win 🇩🇪⚡> could flare only protoects the services from attacks. in my opinion that still counts as selfhosting. (i get the joke)
[18:59:51] <fjox.win 🇩🇪⚡> well all my stuff facing outside has proper certificates and is public
[19:06:31] <tituspijean[m]> @fjox_de:matrix.org, OK so, let's try this (untested).
In `/var/www/headscale/config.yaml`, you have two lines about tls certificates. Alter them accordingly by replacing the `main.vpn.internal` by your headscale domain:
```
tls_cert_path: "/etc/yunohost/certs/main.vpn.internal/crt.pem"
tls_key_path: "/etc/yunohost/certs/main.vpn.internal/key.pem"
```
Allow headscale to read the certificates: `usermod -a -G ssl-cert headscale`
Restart the headscale service.
🤞
[19:21:10] <tituspijean[m]> mmmh I've tested it myself and I'm getting a lot of `http: TLS handshake error from 127.0.0.1:36160: client sent an HTTP request to an HTTPS server` in the headscale logs. Same for you?
[19:21:33] <tituspijean[m]> mmmh I've tested it myself and I'm getting a lot of `http: TLS handshake error from 127.0.0.1:<random port>: client sent an HTTP request to an HTTPS server` in the headscale logs. Same for you?
[19:28:43] <tituspijean[m]> @fjox_de:matrix.orgthis could be the solution actually: https://github.com/juanfont/headscale/blob/474ea236d0c6d393dbcf7baa98da240ad20c1b66/docs/ref/remote-cli.md?plain=1#L104
[19:38:40] <fjox.win 🇩🇪⚡> i cant seem to find no "cli.insecure"
[19:39:26] <fjox.win 🇩🇪⚡> i asume its grpc_allow_insecure
[19:48:01] <tituspijean[m]> maybe
```
cli:
insecure: true
```
but that documentation page is about remote cli, which is not quite the case here
[19:54:14] <fjox.win 🇩🇪⚡> nope
[19:54:56] <tituspijean[m]> mmmh... I have just tested on my test server (with a `.vpn.internal` domain, so no valid cert), and it works :/
[19:55:28] <tituspijean[m]> I had to comment the OIDC part too, and then I put the two lines at the two of the config.yaml
[19:55:40] <tituspijean[m]> stupid question: did you restart the service?
[19:55:47] <fjox.win 🇩🇪⚡> yes
[19:56:04] <fjox.win 🇩🇪⚡> i dont think we are on the same page
[19:56:13] <fjox.win 🇩🇪⚡> i though we where doing the oidc thingy
[19:56:38] <tituspijean[m]> no, the cli thingy :p
[19:57:07] <tituspijean[m]> for the OIDC, they won't support it: https://github.com/juanfont/headscale/issues/339 :/
[19:57:18] <fjox.win 🇩🇪⚡> honestly i have no idea anymore
[19:57:29] <fjox.win 🇩🇪⚡> also im using cloudflare cert because im behind cloiudflare
[19:57:47] <fjox.win 🇩🇪⚡> at this point id wouldve been easier to just make a new vm lol
[19:58:11] <fjox.win 🇩🇪⚡> also there " only_start_if_oidc_is_available" in the oidc section
[19:59:02] <tituspijean[m]> you only have to comment it out
[19:59:27] <tituspijean[m]> I cannot provide support on this unfortunately
[19:59:39] <fjox.win 🇩🇪⚡> ```
2025-08-18T21:58:46+02:00 ERR Could not load DERP map from path error="Get \"https://controlplane.tailscale.com/derpmap/default\": context deadline exceeded" func=GetDERPMap url=https://controlplane.tailscale.com/derpmap/default
2025-08-18T21:58:46+02:00 FTL ../../../home/runner/work/headscale/headscale/cmd/headscale/cli/serve.go:29 > Headscale ran into an error and had to shut down. error="initial DERPMap is empty, Headscale requires at least one entry"
```
[19:59:51] <fjox.win 🇩🇪⚡> now its this
[20:00:26] <tituspijean[m]> can you manually `curl https://controlplane.tailscale.com/derpmap/default` and get the content of that file?
[20:07:43] <tituspijean[m]> (I mean, can you server actually connect to that URL?)
[20:37:50] <fjox.win 🇩🇪⚡> nope
[20:37:59] <fjox.win 🇩🇪⚡> does 192.200.0.111 look liek a valid ip
[20:38:36] <fjox.win 🇩🇪⚡> it first tries to connect that then just starts ratteling off ipv6 addresses
[20:40:37] <fjox.win 🇩🇪⚡> also sorry for late response
[20:45:05] <fjox.win 🇩🇪⚡> ```
headscale@appmgr:~$ curl -v https://controlplane.tailscale.com/derpmap/default
* Trying 192.200.0.114:443...
* Trying [2606:b740:49::105]:443...
* Immediate connect fail for 2606:b740:49::105: Network is unreachable
* Trying [2606:b740:49::106]:443...
* Immediate connect fail for 2606:b740:49::106: Network is unreachable
* Trying [2606:b740:49::107]:443...
* Immediate connect fail for 2606:b740:49::107: Network is unreachable
* Trying [2606:b740:49::113]:443...
* Immediate connect fail for 2606:b740:49::113: Network is unreachable
* Trying [2606:b740:49::104]:443...
* Immediate connect fail for 2606:b740:49::104: Network is unreachable
* Trying [2606:b740:49::110]:443...
* Immediate connect fail for 2606:b740:49::110: Network is unreachable
* Trying [2606:b740:49::112]:443...
* Immediate connect fail for 2606:b740:49::112: Network is unreachable
* Trying [2606:b740:49::114]:443...
* Immediate connect fail for 2606:b740:49::114: Network is unreachable
* Trying [2606:b740:49::116]:443...
* Immediate connect fail for 2606:b740:49::116: Network is unreachable
* Trying [2606:b740:49::103]:443...
* Immediate connect fail for 2606:b740:49::103: Network is unreachable
* Trying [2606:b740:49::111]:443...
* Immediate connect fail for 2606:b740:49::111: Network is unreachable
* Trying [2606:b740:49::102]:443...
* Immediate connect fail for 2606:b740:49::102: Network is unreachable
* Trying [2606:b740:49::108]:443...
* Immediate connect fail for 2606:b740:49::108: Network is unreachable
* Trying [2606:b740:49::101]:443...
* Immediate connect fail for 2606:b740:49::101: Network is unreachable
* Trying [2606:b740:49::115]:443...
* Immediate connect fail for 2606:b740:49::115: Network is unreachable
* Trying [2606:b740:49::109]:443...
* Immediate connect fail for 2606:b740:49::109: Network is unreachable
* connect to 192.200.0.114 port 443 failed: Connection timed out
* Trying 192.200.0.107:443...
* ipv4 connect timeout after 84496ms, move on!
* Trying 192.200.0.101:443...
* ipv4 connect timeout after 42247ms, move on!
* Trying 192.200.0.102:443...
* ipv4 connect timeout after 21123ms, move on!
* Trying 192.200.0.111:443...
* ipv4 connect timeout after 10561ms, move on!
* Trying 192.200.0.110:443...
* ipv4 connect timeout after 5281ms, move on!
* Trying 192.200.0.113:443...
* ipv4 connect timeout after 2639ms, move on!
* Trying 192.200.0.106:443...
* ipv4 connect timeout after 1320ms, move on!
* Trying 192.200.0.109:443...
* ipv4 connect timeout after 659ms, move on!
* Trying 192.200.0.116:443...
* ipv4 connect timeout after 330ms, move on!
* Trying 192.200.0.108:443...
* ipv4 connect timeout after 164ms, move on!
* Trying 192.200.0.103:443...
* ipv4 connect timeout after 82ms, move on!
* Trying 192.200.0.105:443...
* ipv4 connect timeout after 40ms, move on!
* Trying 192.200.0.112:443...
* ipv4 connect timeout after 20ms, move on!
* Trying 192.200.0.104:443...
* ipv4 connect timeout after 10ms, move on!
* Trying 192.200.0.115:443...
* ipv4 connect timeout after 10ms, move on!
* Failed to connect to controlplane.tailscale.com port 443 after 300991 ms: Timeout was reached
* Closing connection 0
curl: (28) Failed to connect to controlplane.tailscale.com port 443 after 300991 ms: Timeout was reached
```
[20:45:26] <fjox.win 🇩🇪⚡> ima try to proxy https://controlplane.tailscale.com/derpmap/default
[20:56:32] <fjox.win 🇩🇪⚡> didnt work
[20:56:38] <fjox.win 🇩🇪⚡> i just copied it into https://fjox.win/tailspoof.json
[20:56:48] <tituspijean[m]> yes.
It also seems you do not have IPv6, but that's OK.
[20:57:20] <tituspijean[m]> that's indeed a workaround, but that can be an indication of connectivity issues. Are other URLs reachable?
[20:57:27] <fjox.win 🇩🇪⚡> doesnt work
[20:57:36] <fjox.win 🇩🇪⚡> headscale hates cloudflare
[20:58:37] <fjox.win 🇩🇪⚡> im gonna see where i can dump the json in thats on a local ip
[20:59:39] <tituspijean[m]> It can also be safe to assume that a software handling networking, a not-so-trivial feat, cannot take into account all use cases.
[21:00:36] <fjox.win 🇩🇪⚡> my domains are all reachable
[21:00:38] <tituspijean[m]> bear that in mind, it's very weird your server cannot reach that URL these IPs.
[21:01:39] <tituspijean[m]> I meant the IPs serving controlpane.tailscale.com
[21:02:09] <tituspijean[m]> That's all for me tonight, good night ;)
[21:02:20] <fjox.win 🇩🇪⚡> good night
[21:02:38] <fjox.win 🇩🇪⚡> well i send the entire curl log and nothing
[21:03:15] <fjox.win 🇩🇪⚡> anyways having it on a local ip made it run
[21:05:04] <fjox.win 🇩🇪⚡> and now headplane wont accept the apikey
[21:05:43] <fjox.win 🇩🇪⚡> i guess yunohost apps dont like cloudflare ssl certificates
[21:10:51] <fjox.win 🇩🇪⚡> i love it how none of my apps work properly
[21:12:17] <fjox.win 🇩🇪⚡> i just realised how old this program is
[23:23:43] <Atticus> Failed to authenticate on registrar's API. Most probably the credentials are incorrect? (Error: 400 Client Error: Bad Request for url: https://api.cloudflare.com/client/v4/zones/669d8ab31876ea0b96d885976d954193)