this post was submitted on 23 Sep 2023
8 points (90.0% liked)

Lemmy

12568 readers
26 users here now

Everything about Lemmy; bugs, gripes, praises, and advocacy.

For discussion about the lemmy.ml instance, go to !meta@lemmy.ml.

founded 4 years ago
MODERATORS
 

I have created a selfhosted instance from scratch a couple of days ago and everything seems to be working well, however, 3rd party apps (Memmy, Voyager) complain that my profile at "/u/michael@leuker.me" does not exist ...

I tried replicating this in the webinterface and indeed, while "/u/michael" displays the profile as expected, "/u/michael@leuker.me" gives a "couldnt_find_that_username_or_email" error. Perhaps I am missing the obvious (see log and config below), but this seems to be working on other instances (and is expected by the apps mentioned above) and any pointers would be greatly appreciated!

Log output:

Sep 23 09:48:16 lemy lemmy_server[58804]: 2023-09-23T09:48:16.313311Z  WARN Error encountered while processing the incoming HTTP request: lemmy_server::root_span_builder: couldnt_find_that_username_or_email: expected value at line 2 column 5
Sep 23 09:48:16 lemy lemmy_server[58804]:    0: lemmy_apub::fetcher::resolve_actor_identifier
Sep 23 09:48:16 lemy lemmy_server[58804]:              at crates/apub/src/fetcher/mod.rs:21
Sep 23 09:48:16 lemy lemmy_server[58804]:    1: lemmy_apub::api::read_person::read_person
Sep 23 09:48:16 lemy lemmy_server[58804]:            with data=Query(GetPersonDetails { person_id: None, username: Some("michael@leuker.me"), sort: Some(New), page: Some(1), limit: Some(20), community_id: None, saved_only: None, auth: Some(Sensitive) })
Sep 23 09:48:16 lemy lemmy_server[58804]:              at crates/apub/src/api/read_person.rs:17
Sep 23 09:48:16 lemy lemmy_server[58804]:    2: lemmy_server::root_span_builder::HTTP request
Sep 23 09:48:16 lemy lemmy_server[58804]:            with http.method=GET http.scheme="http" http.host=leuker.me http.target=/api/v3/user otel.kind="server" request_id=b95e4f8d-5f30-4549-8e99-e0cd1e036046 http.status_code=400 otel.status_code="OK"
Sep 23 09:48:16 lemy lemmy_server[58804]:              at src/root_span_builder.rs:16
Sep 23 09:48:16 lemy lemmy_server[58804]:    3: tokio::task::runtime.spawn
Sep 23 09:48:16 lemy lemmy_server[58804]:            with kind=local task.name= task.id=4701 loc.file="/home/rust/.cargo/registry/src/index.crates.io-6f17d22bba15001f/actix-server-2.1.1/src/service.rs" loc.line=74 loc.col=17
Sep 23 09:48:16 lemy lemmy_server[58804]:              at /home/rust/.cargo/registry/src/index.crates.io-6f17d22bba15001f/tokio-1.29.1/src/util/trace.rs:16
Sep 23 09:48:16 lemy lemmy_server[58804]:    4: tokio::task::runtime.spawn
Sep 23 09:48:16 lemy lemmy_server[58804]:            with kind=local task.name= task.id=26 loc.file="/home/rust/.cargo/registry/src/index.crates.io-6f17d22bba15001f/actix-server-2.1.1/src/worker.rs" loc.line=367 loc.col=29
Sep 23 09:48:16 lemy lemmy_server[58804]:              at /home/rust/.cargo/registry/src/index.crates.io-6f17d22bba15001f/tokio-1.29.1/src/util/trace.rs:16
Sep 23 09:48:16 lemy lemmy_server[58804]:    5: tokio::task::runtime.spawn
Sep 23 09:48:16 lemy lemmy_server[58804]:            with kind=block_on task.name= task.id=25 loc.file="/home/rust/.cargo/registry/src/index.crates.io-6f17d22bba15001f/actix-server-2.1.1/src/worker.rs" loc.line=402 loc.col=32
Sep 23 09:48:16 lemy lemmy_server[58804]:              at /home/rust/.cargo/registry/src/index.crates.io-6f17d22bba15001f/tokio-1.29.1/src/util/trace.rs:16
Sep 23 09:48:16 lemy lemmy_server[58804]: LemmyError { message: Some("couldnt_find_that_username_or_email"), inner: expected value at line 2 column 5, context: SpanTrace [{ target: "lemmy_apub::fetcher", name: "resolve_actor_identifier", file: "crates/apub/src/fetcher/mod.rs", line: 21 }, { target: "lemmy_apub::api::read_person", name: "read_person", fields: "\u{1b}[3mdata\u{1b}[0m\u{1b}[2m=\u{1b}[0mQuery(GetPersonDetails { person_id: None, username: Some(\"michael@leuker.me\"), sort: Some(New), page: Some(1), limit: Some(20), community_id: None, saved_only: None, auth: Some(Sensitive) })", file: "crates/apub/src/api/read_person.rs", line: 17 }, { target: "lemmy_server::root_span_builder", name: "HTTP request", fields: "\u{1b}[3mhttp.method\u{1b}[0m\u{1b}[2m=\u{1b}[0mGET \u{1b}[3mhttp.scheme\u{1b}[0m\u{1b}[2m=\u{1b}[0m\"http\" \u{1b}[3mhttp.host\u{1b}[0m\u{1b}[2m=\u{1b}[0mleuker.me \u{1b}[3mhttp.target\u{1b}[0m\u{1b}[2m=\u{1b}[0m/api/v3/user \u{1b}[3motel.kind\u{1b}[0m\u{1b}[2m=\u{1b}[0m\"server\" \u{1b}[3mrequest_id\u{1b}[0m\u{1b}[2m=\u{1b}[0mb95e4f8d-5f30-4549-8e99-e0cd1e036046 \u{1b}[3mhttp.status_code\u{1b}[0m\u{1b}[2m=\u{1b}[0m400 \u{1b}[3motel.status_code\u{1b}[0m\u{1b}[2m=\u{1b}[0m\"OK\"", file: "src/root_span_builder.rs", line: 16 }, { target: "tokio::task", name: "runtime.spawn", fields: "kind=local task.name= task.id=4701 loc.file=\"/home/rust/.cargo/registry/src/index.crates.io-6f17d22bba15001f/actix-server-2.1.1/src/service.rs\" loc.line=74 loc.col=17", file: "/home/rust/.cargo/registry/src/index.crates.io-6f17d22bba15001f/tokio-1.29.1/src/util/trace.rs", line: 16 }, { target: "tokio::task", name: "runtime.spawn", fields: "kind=local task.name= task.id=26 loc.file=\"/home/rust/.cargo/registry/src/index.crates.io-6f17d22bba15001f/actix-server-2.1.1/src/worker.rs\" loc.line=367 loc.col=29", file: "/home/rust/.cargo/registry/src/index.crates.io-6f17d22bba15001f/tokio-1.29.1/src/util/trace.rs", line: 16 }, { target: "tokio::task", name: "runtime.spawn", fields: "kind=block_on task.name= task.id=25 loc.file=\"/home/rust/.cargo/registry/src/index.crates.io-6f17d22bba15001f/actix-server-2.1.1/src/worker.rs\" loc.line=402 loc.col=32", file: "/home/rust/.cargo/registry/src/index.crates.io-6f17d22bba15001f/tokio-1.29.1/src/util/trace.rs", line: 16 }] }
Sep 23 09:48:16 lemy lemmy_server[58804]: 2023-09-23T09:48:16.313380Z  INFO actix_web::middleware::logger: 10.200.106.2 'GET /api/v3/user?username=michael%40leuker.me&sort=New&page=1&limit=20&auth=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOjIsImlzcyI6ImxldWtlci5tZSIsImlhdCI6MTY5NTQ2MTU2NX0.dgg4VoY7rhG2JivMv3JxVKOHESKj_ELeXfAQS3R8ce4 HTTP/1.1' 400 47 '-' 'node-fetch/1.0 (+https://github.com/bitinn/node-fetch)' 0.042611
Sep 23 09:48:16 lemy lemmy_server[58804]: 2023-09-23T09:48:16.547471Z  INFO actix_web::middleware::logger: 10.200.106.2 'GET /api/v3/user/unread_count?auth=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOjIsImlzcyI6ImxldWtlci5tZSIsImlhdCI6MTY5NTQ2MTU2NX0.dgg4VoY7rhG2JivMv3JxVKOHESKj_ELeXfAQS3R8ce4 HTTP/1.1' 200 47 'https://leuker.me/u/michael@leuker.me' 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36' 0.003553
Sep 23 09:48:16 lemy lemmy_server[58804]: 2023-09-23T09:48:16.595166Z  INFO actix_web::middleware::logger: 10.200.106.2 'GET /api/v3/site HTTP/1.1' 200 10527 '-' 'node-fetch/1.0 (+https://github.com/bitinn/node-fetch)' 0.011685

nginx config:

server {                                                                                                                                                                                                        
    listen 443      ssl http2;                                                                                                                                                                                  
    listen [::]:443 ssl http2;                                                                                                                                                                                  
    server_name leuker.me;                                                                                                                                                                                      
                                                                                                                                                                                                                
    ssl_certificate /etc/ssl/letsencrypt/lemy.leuker.me/fullchain.pem;                                                                                                                                          
    ssl_certificate_key /etc/ssl/letsencrypt/lemy.leuker.me/key.pem;                                                                                                                                            
    ssl_dhparam /etc/ssl/dhparams.pem;                                                                                                                                                                          
                                                                                                                                                                                                                
    ssl_protocols TLSv1.2 TLSv1.3;                                                                                                                                                                              
    ssl_prefer_server_ciphers on;                                                                                                                                                                               
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';                                                                                                                            
    ssl_session_timeout  10m;                                                                                                                                                                                   
    ssl_session_cache shared:SSL:10m;                                                                                                                                                                           
    ssl_session_tickets on;                                                                                                                                                                                     
    ssl_stapling on;                                                                                                                                                                                            
    ssl_stapling_verify on;                                                                                                                                                                                     
                                                                                                                                                                                                                
    # Upload limit, relevant for pictrs                                                                                                                                                                         
    client_max_body_size 20M;                                                                                                                                                                                   
                                                                                                                                                                                                                
    # Enable compression for JS/CSS/HTML bundle, for improved client load times.                                                                                                                                
    # It might be nice to compress JSON, but leaving that out to protect against potential                                                                                                                      
    # compression+encryption information leak attacks like BREACH.                                                                                                                                              
    gzip on;                                                                                                                                                                                                    
    gzip_types text/css application/javascript image/svg+xml;                                                                                                                                                   
    gzip_vary on;                                                                                                                                                                                               
                                                                                                                                                                                                                
    # Various content security headers                                                                                                                                                                          
    add_header Referrer-Policy "same-origin";                                                                                                                                                                   
    add_header X-Content-Type-Options "nosniff";                                                                                                                                                                
    add_header X-Frame-Options "DENY";                                                                                                                                                                          
    add_header X-XSS-Protection "1; mode=block";

    ## Frontend                                                                                                                                                                                                 
    location / {                                                                                                                                                                                                
        set $proxpass "http://127.0.0.1:1234";                                                                                                                                                                  
                                                                                                                                                                                                                
        if ($http_accept = "application/activity+json") {                                                                                                                                                       
          set $proxpass "http://127.0.0.1:8536";                                                                                                                                                                
        }                                                                                                                                                                                                       
        if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") {                                                                                                          
          set $proxpass "http://127.0.0.1:8536";                                                                                                                                                                
        }                                                                                                                                                                                                       
        if ($request_method = POST) {                                                                                                                                                                           
          set $proxpass "http://127.0.0.1:8536";                                                                                                                                                                
        }                                                                                                                                                                                                       
        proxy_pass $proxpass;                                                                                                                                                                                   
                                                                                                                                                                                                                
        rewrite ^(.+)/+$ $1 permanent;                                                                                                                                                                          
                                                                                                                                                                                                                
        # Send actual client IP upstream                                                                                                                                                                        
        proxy_set_header X-Real-IP $remote_addr;                                                                                                                                                                
        proxy_set_header Host $host;                                                                                                                                                                            
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;                                                                                                                                            
    }                                                                                                                                                                                                           
                                                                                                                                                                                                                
    ## Backend                                                                                                                                                                                                  
    location ~ ^/(api|pictrs|feeds|nodeinfo) {                                                                                                                                                                  
      proxy_pass http://127.0.0.1:8536;                                                                                                                                                                         
      proxy_http_version 1.1;                                                                                                                                                                                   
      proxy_set_header Upgrade $http_upgrade;                                                                                                                                                                   
      proxy_set_header Connection "upgrade";                                                                                                                                                                    
                                                                                                                                                                                                                
      # Send actual client IP upstream                                                                                                                                                                          
      proxy_set_header X-Real-IP $remote_addr;                                                                                                                                                                  
      proxy_set_header Host $host;                                                                                                                                                                              
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;                                                                                                                                              
    }
}

lemmy config:

{                                                                                                                                                                                                                                                                                                                                                                                                                       
database: {                                                                                                                                                                                                     
    user: "user"                                                                                                                                                                                                
    password: "password"                                                                                                                                                        
    host: "host"                                                                                                                                                                                        
    port: 5432                                                                                                                                                                                              
    database: "database"                                                                                                                                                                                            
  }                                                                                                                                                                                                             
                                                                                                                                                                                                                
  pictrs: {                                                                                                                                                                                                     
    url: "http://127.0.0.1:8080/"                                                                                                                                                                               
  }                                                                                                                                                                                                             
                                                                                                                                                                                                                
  email: {                                                                                                                                                                                                      
    smtp_server: "10.200.111.2:25"                                                                                                                                                                              
    smtp_from_address: "lemmy@leuker.me"                                                                                                                                                                        
    tls_type: "none"                                                                                                                                                                                            
  }                                                                                                                                                                                                             
                                                                                                                                                                                                                
  hostname: "leuker.me"                                                                                                                                                                                         
  bind: "127.0.0.1"                                                                                                                                                                                             
  port: 8536                                                                                                                                                                                                    
  tls_enabled: true                                                                                                                                                                                                                                                                                                                                                                                                       
} 
top 1 comments
sorted by: hot top controversial new old
[–] michael@leuker.me 2 points 1 year ago* (last edited 1 year ago)

Solved: It was an oversight on my part: I didn't include the ".well-known" part in the backend block. When changed as follows (compare above), it works as expected -

    ## Backend                                                                                                                                                                                                  
    location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known) {                                                                                                                                                                  
      proxy_pass http://127.0.0.1:8536;                                                                                                                                                                         
      proxy_http_version 1.1;                                                                                                                                                                                   
      proxy_set_header Upgrade $http_upgrade;                                                                                                                                                                   
      proxy_set_header Connection "upgrade";