Error when sharing behind Caddy...
fcwoknhenuxdfiyv opened this issue · 3 comments
Hello, I'm trying to get Snikket up and running on a server running other services. I have the portal (invitations, etc) working and I can connect with BeagleIM and the Snikket phone apps.
I cannot add files to any private or group chats. I'll use the Android client as an example.
When uploading, the server log shows:
share.chat.example.net:http_file_share info Issuing upload slot to jason@chat.example.net for 929 KiB
On the client, the "delivery failed" error is:
stream was reset: NO_ERROR
The file /snikket/prosody/share%2echat%2eexample%2enet/uploads.list
contains
item({
["name"] = "request";
["key"] = "DIB8mdk08mb5B1wnMMnZf-79";
["with"] = "jason@chat.example.net";
["attr"] = {
["xmlns"] = "urn:xmpp:http:upload:0";
["filename"] = "ashim-d\226\128\153silva-WeYaml
e9fDM.jpg";
["stamp"] = "2022-12-15T15:15:22Z";
["content-type"] = "image/jpeg";
["size"] = "951384";
};
["when"] = 1671117322;
});
There are no other files in the share directory.
The way I have Snikket set up is:
caddy-docker-proxy -> snikket-web-proxy -> snikket-portal
-> snikket-server
I realise that the problem is more than likely with the Caddy proxy, I'm just hoping somebody else came across the problem that could lead me in the right direction to fix it.
Many thanks,
Jason.
Hi Jason,
Can you access https://share.example.com/ in your web browser? In the current release you should see a "Snikket is starting" page (we plan to serve something more sensible here in a future release!). If you get an error or anything else, what is that error?
Reverse proxies are probably the main issue people have with setting up Snikket, but often the problem is something simple (e.g. a typo or missing section in the reverse proxy config). Have you seen the reverse proxy guide? It includes an example configuration for Caddy.
Hope this helps!
Hi!
Thanks for the quick reply!
My caddy-docker-proxy setup is based on the proxy guide. I get a blank page when I access share.* so I'll use that as a lead and report back.
As an aside, using a plain old Prosody server behind docker isolation, I have no problems with uploads.
Cheers,
Jason.
I managed to get Snikket working without the snikket-web-proxy
component. It didn’t sit right with me that I was proxying a proxy. I had to use an external turn server but the setup feels cleaner than running everything on the host network.
Having everything configured through snikket.conf
really helped, so great job on building it that way!
Here is my working setup except the caddy-docker-proxy setup (which also handles the certificates). I didn’t include it as it’s in another project.
I hope this is useful to somebody.
Tweak the certs
volume as follows to make all the startup scripts work. This will probably differ as I use a self-written certificate manager for LE:
root@514f67d22639:/etc/prosody/certs# ls -l *example*
lrwxrwxrwx 1 prosody prosody 14 Dec 14 16:37 chat.example.net.crt -> example.net.crt
lrwxrwxrwx 1 prosody prosody 14 Dec 14 16:37 chat.example.net.key -> example.net.key
-rwxr-xr-x 1 prosody prosody 5622 Dec 15 08:53 example.net.crt
-rwxr-xr-x 1 prosody prosody 1675 Dec 15 08:52 example.net.key
chat.example.net:
total 0
lrwxrwxrwx 1 prosody prosody 17 Dec 14 16:02 cert.pem -> ../example.net.crt
lrwxrwxrwx 1 prosody prosody 17 Dec 14 16:00 fullchain.pem -> ../example.net.crt
lrwxrwxrwx 1 prosody prosody 17 Dec 14 16:01 privkey.pem -> ../example.net.key
root@514f67d22639:/etc/prosody/certs#
snikket.conf:
SNIKKET_DOMAIN=chat.example.net
SNIKKET_ADMIN_EMAIL=admin@example.net
SNIKKET_WEB_PROSODY_ENDPOINT='http://snikket_server:5280'
SNIKKET_WEB_DOMAIN='snikket_server'
SNIKKET_TWEAK_INTERNAL_HTTP_HOST=snikket_server
SNIKKET_TWEAK_INTERNAL_HTTP_INTERFACE=0.0.0.0
SNIKKET_TWEAK_INTERNAL_HTTP_PORT=5280
SNIKKET_TWEAK_PORTAL_INTERNAL_HTTP_HOST=snikket_portal
SNIKKET_TWEAK_PORTAL_INTERNAL_HTTP_INTERFACE=0.0.0.0
SNIKKET_TWEAK_PORTAL_INTERNAL_HTTP_PORT=5765
SNIKKET_TWEAK_TURNSERVER=0
SNIKKET_TWEAK_TURNSERVER_DOMAIN=turn.example.net
SNIKKET_TWEAK_TURNSERVER_SECRET=long-turn-server-secret-really-a-bunch-of-random-characters-dont-use-this!
docker-compose.yml:
version: '3'
volumes:
certs:
name: proxy_certs
snikket_data:
networks:
default: {}
proxy_default:
external: true
services:
coturn:
image: coturn/coturn
command: >
--server-name=turn.example.net
--realm=turn.example.net
--listening-ip=0.0.0.0
--cert=/certs/example.net.crt
--pkey=/certs/example.net.key
--min-port=49100
--max-port=49200
--use-auth-secret
--static-auth-secret=long-turn-server-secret-really-a-bunch-of-random-characters-dont-use-this!
--verbose
restart: unless-stopped
network_mode: host
volumes:
- certs:/certs
snikket_portal:
container_name: snikket-portal
env_file: snikket.conf
image: snikket/snikket-web-portal:beta
networks:
- proxy_default
- default
labels:
caddy_0: chat.example.net
caddy_0.tls: /certs/example.net.crt /certs/example.net.key
caddy_0.reverse_proxy: "{{ upstreams 5765 }}"
caddy_1: groups.chat.example.net
caddy_1.tls: /certs/example.net.crt /certs/example.net.key
caddy_1.reverse_proxy: "{{ upstreams 5765 }}"
restart: "unless-stopped"
snikket_server:
container_name: snikket
env_file: snikket.conf
image: snikket/snikket-server:beta
ports:
- "5000:5000"
- "5222:5222"
- "5223:5223"
- "5269:5269"
networks:
- proxy_default
- default
labels:
caddy: share.chat.example.net
caddy.tls: /certs/example.net.crt /certs/example.net.key
caddy.reverse_proxy: "{{ upstreams 5280 }}"
volumes:
- snikket_data:/snikket
- certs:/etc/prosody/certs
restart: "unless-stopped"