[01:47:53]
<wazdra> Salut !
J'ai suivi un peu de loin l'évolution de MinIO (ça fait pas mal de bruit autour de moi, la mort d'un projet open source tout ça tout ça). Je l'utilise sur mon instance, mais je n'ai pas vu trop de discussion ici ou sur le forum, donc je ne sais pas si vous avez eu vent de ce qu'il se passait ? En tout cas, il semblerait que quelqu'un a décidé de fork le code de MinIO et de prendre la responsabilité de maintenance du projet, et ça a l'air relativement sérieux (le lien vers l'annonce: https://blog.vonng.com/en/db/minio-resurrect/). Bien sûr, ce n'est pas tout blanc (un individu, pas une équipe, qui compte sur un LLM pour réduire le temps de travail que représente la recherche de bugfixs), mais je me dis que ça peut valoir le coup de garder un coup d'oeil, en gardant à l'esprit que ça pourrait valoir le coup de changer de source pour minIO dans le futur ?
[04:55:31]
<·☽•Nameless☆•777 · ±> J'avais essayé à l'époque où t'avais des milliers et milliers de caméras avec des mots de passe d'usine inchangés .
[10:45:44]
<Gwên> > <@nam3l33ss:matrix.org> J'avais essayé à l'époque où t'avais des milliers et milliers de caméras avec des mots de passe d'usine inchangés .
Wouaaaaah
[11:30:31]
<Gwên> >Le créateur de ce site a ainsi repéré qu'il était possible de trouver et se connecter à un système informatique gérant un barrage hydroélectrique en France[2]. Dans une vidéo, un Américain a pu de son côté démontrer qu'il était possible d'éteindre à distance une laverie de voitures ou dégivrer une patinoire danoise[4].
[11:30:31]
<Gwên> La vache
[11:30:32]
<Gwên> Remarque pourquoi suis-je surprise, mon serveur a visiblement de meilleures défenses que les systèmes de sécurité du Louvre
[13:37:51]
<Gwên> Au fait pour mon souci de requêtes dns excessives, après discussion avec un ami et [consultation de ce topic sur le forum](https://forum.yunohost.org/t/why-are-ports-53-and-5353-opened-security-context/40902/2), j'ai fermé le port 53 dans l'interface graphique de ynh. J'ai de nouveau dû redémarrer dnsmasq dans la journée (ça pouvait déjà m'arriver) mais par contre je n'ai pas eu de nouveau bombardement de requêtes dns dans les logs.
[13:38:19]
<Chatpitaine Caverne> Merci Gwên vais voir ce que ça donne.
J'ai drop les ports 53 et 5353 IPv4 et IPv6 depuis le WAN sur mon routeur.
J'ai autorisé 5353 IPv4 et IPv6 de LAN à LAN.
Je n'en ai pas autant que ce qui t'arrivait, mais tout de même un peu désagréable.
[14:38:45]
<Jens> > <@tituspijean:matrix.org> I'm not sure it will help, but also try to install it with the PHP version fix (from your logs you are not affected by the bug, but who knows...) :
>
> `sudo yunohost app install https://github.com/YunoHost-Apps/concrete5_ynh/tree/fix-php -f`
I tried this too, but with the same result. I’m using Europe/Stockholm as timezone, and even if I set this in PHP.ini it doesn’t change the message. To me that says I edited the “wrong” place or something else is affecting this.
[14:38:45]
<Jens> > <@tituspijean:matrix.org> Actually YunoHost uses MariaDB as a replacement for MySQL. However it should create symlinks to replace calls to `mysql`.
> What's the output of `which mysql`, `which mariadb`, and if the first command succeeds `ls -l $(which mysql)` ?
Both commands come back empty.
[14:38:46]
<m606> Salut, je ne sais si ça aidera, mais pour info en attendant il y a https://apps.yunohost.org/app/garage
[14:38:47]
<rainer.szs> Hello everyone. I wish to receive mails on my server but the port 25 results inaccessible from the outside according to the diagnosis. By thinking it was closed by my ISP, I contacted an operator and he said that all the mail related ports (25, 110, 143 and others) results opened. So the problem doesn't seem related to port exposure.
I can send mails with my yunohost mail via thunderbird for example, but I can't recieve them.
So the two remaning options for fixing this are:
"On more complex setups: make sure that no firewall or reverse-proxy is interfering."
and
"You should first try to configure reverse DNS with (my domain).nohost.me in your internet router interface or your hosting provider interface. (Some hosting providers may require you to send them a support ticket for this)."
How can I check if the reverse-proxy or the firewall are interfering? And If I can't change the reverse DNS options is calling an operator the only solution?
Yunopaste here:
```
=================================
Base system (basesystem)
=================================
[INFO] Server hardware architecture is bare-metal amd64
- Server model is HP HP EliteDesk 800 G3 TWR
[INFO] Server is running Linux kernel 6.1.0-42-amd64
[INFO] Server is running Debian bookworm
[INFO] Server is running YunoHost 12.1.39 (stable)
- yunohost version: 12.1.39 (stable)
- yunohost-admin version: 12.1.13 (stable)
- yunohost-portal version: 12.1.2 (stable)
- moulinette version: 12.1.3 (stable)
- ssowat version: 12.1.1 (stable)
=================================
Internet connectivity (ip)
=================================
[SUCCESS] Domain name resolution is working!
[SUCCESS] The server is connected to the Internet through IPv4!
- Global IP: xx.xx.xx.xx
- Local IP: (my local ip)
[WARNING] The server does not have working IPv6.
- IPv6 should usually be automatically configured by the system or your provider if it's available. Otherwise, you might need to configure a few things manually as explained in the documentation here: https://doc.yunohost.org/ipv6.
=================================
DNS records (dnsrecords)
=================================
[SUCCESS] DNS records are correctly configured for domain maindomain.tld (category basic)
[SUCCESS] DNS records are correctly configured for domain maindomain.tld (category mail)
[SUCCESS] DNS records are correctly configured for domain maindomain.tld (category extra)
=================================
Ports exposure (ports)
=================================
[ERROR] Port 25 is not reachable from the outside.
- Exposing this port is needed for email features (service postfix)
- To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://doc.yunohost.org/providers/isp_box_config
[SUCCESS] Port 80 is reachable from the outside.
- Exposing this port is needed for web features (service nginx)
[SUCCESS] Port 443 is reachable from the outside.
- Exposing this port is needed for web features (service nginx)
[SUCCESS] Port 587 is reachable from the outside.
- Exposing this port is needed for email features (service postfix)
[SUCCESS] Port 781 is reachable from the outside.
- Exposing this port is needed for admin features (service ssh)
[SUCCESS] Port 993 is reachable from the outside.
- Exposing this port is needed for email features (service dovecot)
=================================
Web (web)
=================================
[SUCCESS] Domain maindomain.tld is reachable through HTTP from outside the local network.
[SUCCESS] Domain bookstack.maindomain.tld is reachable through HTTP from outside the local network.
[SUCCESS] Domain filebrowser.maindomain.tld is reachable through HTTP from outside the local network.
[SUCCESS] Domain filebrowser-quantum.maindomain.tld is reachable through HTTP from outside the local network.
[SUCCESS] Domain jellyfin.maindomain.tld is reachable through HTTP from outside the local network.
[SUCCESS] Domain owncloud.maindomain.tld is reachable through HTTP from outside the local network.
=================================
Email (mail)
=================================
[SUCCESS] The SMTP mail server is able to send emails (outgoing port 25 is not blocked).
[ERROR] The SMTP mail server is unreachable from the outside on IPv4. It won't be able to receive emails.
- Could not open a connection on port 25 to your server in IPv4. It appears to be unreachable.
1. The most common cause for this issue is that port 25 is not correctly forwarded to your server.
2. You should also make sure that service postfix is running.
3. On more complex setups: make sure that no firewall or reverse-proxy is interfering.
[ERROR] Reverse DNS is not correctly configured for IPv4. Some emails may fail to get delivered or be flagged as spam.
- Current reverse DNS: static-(my public ip).clienti.tiscali.it
Expected value: maindomain.tld
- You should first try to configure reverse DNS with maindomain.tld in your internet router interface or your hosting provider interface. (Some hosting providers may require you to send them a support ticket for this).
- Some providers won't let you configure your reverse DNS (or their feature might be broken…). If you are experiencing issues because of this, consider the following solutions:
- Some ISP provide the alternative of using a mail server relay though it implies that the relay will be able to spy on your email traffic.
- A privacy-friendly alternative is to use a VPN *with a dedicated public IP* to bypass this kind of limits. See https://doc.yunohost.org/vpn_advantage
- Or it's possible to switch to a different provider
[SUCCESS] The IPs and domains used by this server do not appear to be blocklisted
[SUCCESS] 0 pending emails in the mail queues
=================================
Services status check (services)
=================================
[SUCCESS] Service bookstack is running!
[SUCCESS] Service dnsmasq is running!
[SUCCESS] Service dovecot is running!
[SUCCESS] Service fail2ban is running!
[SUCCESS] Service jellyfin is running!
[SUCCESS] Service mysql is running!
[SUCCESS] Service nftables is running!
[SUCCESS] Service nginx is running!
[SUCCESS] Service opendkim is running!
[SUCCESS] Service owncloud is running!
[SUCCESS] Service php8.4-fpm is running!
[SUCCESS] Service postfix is running!
[SUCCESS] Service redis-server is running!
[SUCCESS] Service slapd is running!
[SUCCESS] Service ssh is running!
[SUCCESS] Service yunohost-api is running!
[SUCCESS] Service yunohost-portal-api is running!
[SUCCESS] Service yunomdns is running!
=================================
System resources (systemresources)
=================================
[SUCCESS] The system still has 6.3 GiB (82%) RAM available out of 7.6 GiB.
[SUCCESS] The system has 3.7 GiB of swap!
- Please be careful and aware that if the server is hosting swap on an SD card or SSD storage, it may drastically reduce the life expectancy of the device.
[SUCCESS] Storage / (on device /dev/sda3) still has 11 GiB (47%) space left (out of 24 GiB)!
[SUCCESS] Storage /boot/efi (on device /dev/sda1) still has 1.0 GiB (98.5%) space left (out of 1.0 GiB)!
[SUCCESS] Storage /mnt/MEDIA_165_GB (on device /dev/sda4) still has 90 GiB (59%) space left (out of 153 GiB)!
=================================
System configurations (regenconf)
=================================
[SUCCESS] All configuration files are in line with the recommended configuration!
=================================
Applications (apps)
=================================
[SUCCESS] All installed apps respect basic packaging practices
```
[14:38:52]
<m606> Salut, je ne sais si pas ça conviendra pour ton usage, mais pour info en attendant il y a https://apps.yunohost.org/app/garage
[14:41:48]
<Gwên> Hiya!
If you have access to your Interner box settings, you can try searching for firewall, ipv4 and ipv6 sections. Some providers' firewall blocks ipv4/ipv6 when activated.
If nothing works you can use a VPN to dodge the closed port 25 problem.
[14:46:50]
<Gwên> Hiya!
If you have access to your Internet box settings, you can try searching for firewall, ipv4 and ipv6 sections. Some providers' firewall blocks ipv4/ipv6 when activated.
If nothing works you can use a VPN to dodge the closed port 25 problem.
[14:55:38]
<rainer.szs> Like for example proton vpn?
[14:57:06]
<Gwên> Yes
[14:57:39]
<Gwên> I think so
[14:57:44]
<Gwên> Check that page: https://doc.yunohost.org/en/admin/get_started/providers/vpn/
[15:00:26]
<rainer.szs> There's also a filter criteria section
[15:01:27]
<rainer.szs> https://aria.im/_bifrost/v1/media/download/AW4-XvsEeGVoknjA96cTSrG4OZHDlGdaByShXTB3Ken3H0gJmDuaH_0p5o0VHBOEejSB9SRYe9ZXE2aoPoMPol5CecrxGF7QAG1hdHJpeC5vcmcvVkdJWlZvY0hUcGFWTURFcWNmWGhneHR5
[15:02:47]
<rainer.szs> https://aria.im/_bifrost/v1/media/download/AaKB6c2YL52p-dIwYn9L-_NfdBN0HyzDSl-dkGw0xF0zzA8CkQ9v_1ttp9WaL3A0OYqjH12vG_1Tt9WnvBvlEOxCecrxK_hwAG1hdHJpeC5vcmcvcnhDbVJvUU5za2tvY0ZNVGRQc2p3b1Vi
[15:04:20]
<rainer.szs> The firewall section shows 2 options:
- firewall level (high, middle, low) set to middle
- anti-portscan (enabled, threshold: 100)
[15:04:58]
<Gwên> > <@rainer.szs:matrix.org> The firewall section shows 3 options:
> - firewall level (high, middle, low) set to middle
> - anti-portscan (enabled, threshold: 100)
What's your provider?
[15:06:11]
<rainer.szs> tiscali
[15:06:18]
<djangz> Quelqu’un a des idées pour ajouter un alias root?
[15:06:37]
<Gwên> I'm searching on Italian forums to see if someone had the problem before. I don't think anti-portscan should have an impact. Firewall may have, but I don't want you to deactivate your firewall since it could expose your network. I tell you if I find anything.
[15:07:02]
<rainer.szs> Alright, thank you
[15:07:38]
<Gwên> Can you open a terminal, enter telnet yourdomain.tld 25 and show the result?
[15:07:56]
<rainer.szs> yes, one moment please
[15:07:57]
<rainer.szs> 220 domain.tld service ready
[15:08:11]
<Gwên> Mh sorry my bad
[15:08:36]
<Gwên> Try per ample telnet mx.google.com 25
[15:08:45]
<rainer.szs> ```
rainer@Nitro-AN715-51:~$ telnet mx.google.com 25
Trying (public ip)
Connected to mx.google.com.
Escape character is '^]'.
220 domain.tld Service ready
```
[16:02:56]
<Chatpitaine Caverne> Is the section Port forwarding fullfilled with the ports used by Yunohost ?
[16:35:50]
<Gwên> Try per example telnet mx.google.com 25
[16:35:52]
<Gwên> Looks like your port isn't blocked, which is a good news
[16:35:54]
<Gwên> And did you follow this guide? Everything's been done? https://doc.yunohost.org/en/admin/get_started/post_install/port_forwarding/
[16:36:02]
<Gwên> When I did it it took a little time to catch up
[16:36:06]
<Gwên> I guess yes, but If yes, how long ago?
[16:36:15]
<Gwên> The only thing I can think of could be changing firewall to low and see if that changes anything after some time. If it doesn't, put it back to medium and then I'd say try with a vpn. But maybe other people in this room will know better than me.
[16:36:20]
<rainer.szs> Yes
[16:36:24]
<rainer.szs> Yes I forwarded all the ports and everything else works correctly
[16:36:29]
<rainer.szs> Late december/early january
[18:58:45]
<gl> Need some help please.
I just updated Freshrss on my yunohost and now when trying to go on the page, I get this error :
>Error 403 - Forbidden
>
>Vous n’avez pas le droit d’accéder à cette page ! [HTTP Remote-User= ; Remote IP address=*some IP address*]
>
>Connexion
This problem appears only with freshrss, whatever the computer/smartphone I use. Even in private browsing and thru tor.
Any idea ?
[19:17:01]
<Solrac> Hello... Anyone know how to maybe fix the issue with SparkyFitness? -- Brand new YNH Install and get the same problem. Reported the issue to the Github repo for ynh a few weeks ago, and the app had 2 updates, but this issue persists...
https://paste.yunohost.org/nimetafuru
[19:17:14]
<Solrac> So Im left wondering if its an issue thats just for me
[19:17:23]
<Solrac> on my setup*
[19:22:14]
<rainer.szs> I set firewall strenght to low, rebooted the server and sent myself an email with gmail and unfortunately it didn't work. So i think the only solution is to use a vpn
[19:29:21]
<Django> Have you tested sending from servers other than gmail?
> In my experience, having reject_rbl_client cbl.abuseat.org, meant anything from Gmail was blocked.
[19:29:53]
<rainer.szs> nope, should I try with proton?
[19:30:38]
<Django> It’s worth a shot
[19:30:44]
<rainer.szs> alright
[19:39:14]
<DJ Chase (fae/faer)> any idea why i get a generic "error" when trying to log in to navidrome?
https://paste.yunohost.org/goxejopifo
for context:
- this is a fresh install (previously removed with `-p`)
- admin user can log in
[19:43:10]
<Chatpitaine Caverne> Found that, a bit old, but maybe it could help you. https://forum.yunohost.org/t/freshrss-not-able-to-login-after-update/37352
[19:43:51]
<Chatpitaine Caverne> This also, other solution ; https://github.com/YunoHost-Apps/freshrss_ynh/issues/140
[20:50:58]
<gl> Thanks Chatpitaine Caverne