Notes from Kbin's Matrix Logs - viiib
nb VERY ROUGH, Non Canonical:
8da. 12/6/2023, 21:50:20 - dannekrose: Sorry.
8db. 12/6/2023, 21:50:38 - ivy: no worries
8dc. 12/6/2023, 21:50:38 - dannekrose: You'll need it to put into your /etc/nginx/sites-available/kbin.conf file
8dd. 12/6/2023, 21:50:51 - dannekrose: I'll send you mine which is heavily borrowed from the pixelfed documentation actually
8de. 12/6/2023, 21:51:19 - dannekrose: ```
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name [just your domain name here once is enough]; # change this to your fqdn
root [REDACTED]; # path to repo/public
ssl_certificate [REDACTED]; # generate your own
ssl_certificate_key [REDACTED]; # or use letsencrypt
ssl_protocols TLSv1.2;
ssl_ciphers EECDH+AESGCM:EECDH+CHACHA20:EECDH+AES;
ssl_prefer_server_ciphers on;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
client_max_body_size 30M; #This is optional.
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location /.well-known/mercure {
proxy_pass http://127.0.0.1:3000$request_uri;
proxy_read_timeout 24h;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
try_files $fastcgi_script_name =404;
# fastcgi_pass unix:/run/php/php-fpm.sock; # make sure this is correct
fastcgi_pass unix:[REDACTED]; # This is important and can be confusing to set up. That's a separate guide
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # or $request_filename
}
location ~ /\.(?!well-known).* {
deny all;
}
}
server { # Redirect http to https
server_name [just your domain name here again is enough]; # change this to your fqdn
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}
server {
server_name media.[your domain name here];
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}
## This below section is essentially the same as the above, but just with "media.<domain name>" configured.
## You'll need a separate Let's Encrypt TLS Cert for this domain so do the same steps, but starting with
## media.[domain.name]
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name media.[domain name of instance]; # change this to your fqdn
root [kbin directory]/public/media; # note that this only differs from the above configuration by adding the /media at the end
ssl_certificate [REDACTED]; # generate your own
ssl_certificate_key [REDACTED]; # or use letsencrypt
ssl_protocols TLSv1.2;
ssl_ciphers EECDH+AESGCM:EECDH+CHACHA20:EECDH+AES;
ssl_prefer_server_ciphers on;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
client_max_body_size 30M;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
}
8df. 12/6/2023, 21:52:29 - ivy: I wonder if I should head over to /var/www/kbin
8dg. 12/6/2023, 21:52:40 - dannekrose: you should be ok for now.
8dh. 12/6/2023, 21:52:55 - dannekrose: To edit your files, what have you been using? vim? nano?
8di. 12/6/2023, 21:53:00 - ivy: nano
8dj. 12/6/2023, 21:53:41 - dannekrose: Ok.
8dk. 12/6/2023, 21:53:52 - dannekrose: sudo nano /etc/nginx/sites-available/kbin.conf
8dl. 12/6/2023, 21:55:07 - dannekrose: Then edit that file I sent to match your set up. Where it says
fastcgi_pass unix:[REDACTED]; # This is important and can be confusing to set up. That's a separate guide
change the [REDACTED] to /run/php-fpm/kbin.sock since that's what you configured just a little bit ago
8dm. 12/6/2023, 21:57:22 - Nick Jones joined the room
8dn. 12/6/2023, 21:58:53 - ivy: here's mine how it was originally set up
```shell
server {
server_name fedi196.gay https://fedi196.gay;
root /var/www/kbin/public;
location / {
# try to serve file directly, fallback to app.php
try_files $uri /index.php$is_args$args;
}
location ~ ^/index\.php(/|$) {
default_type application/x-httpd-php;
fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
# Prevents URIs that include the front controller. This will 404:
# http://domain.tld/index.php/some-path
# Remove the internal directive to allow URIs like this
internal;
}
# return 404 for all other php files not matching the front controller
# this prevents access to other php files you don't want to be accessible.
location ~ \.php$ {
return 404;
}
client_max_body_size 10M;
error_log /var/log/nginx/kbin_error.log;
access_log /var/log/nginx/kbin_access.log;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/fedi196.gay/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/fedi196.gay/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = fedi196.gay) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name fedi196.gay https://fedi196.gay;
listen 80;
return 404; # managed by Certbot
}
```
8do. 12/6/2023, 22:00:29 - ivy: should I change ```fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;``` to ```fastcgi_pass unix:/run/php/php8.2-fpm.sock;```
8dp. 12/6/2023, 22:04:40 - dannekrose: You should change it so that it has the value from above. so /run/php-fpm/kbin.sock
8dq. 12/6/2023, 22:05:13 - dannekrose: That's from the php pool setup you did by looking at the pixelfed documentation link I mentioned.
8dr. 12/6/2023, 22:07:05 - dannekrose: Really the important parts you already had. It's more about adding in the lines that have [REDACTED] or [[Enter your domain here] in them.
8ds. 12/6/2023, 22:07:54 - dannekrose: The mercure part though, is another one I muddled my way through.
8dt. 12/6/2023, 22:07:59 - ivy: ```fastcgi_pass unix:/run/php-fpm/kbin.sock```
8du. 12/6/2023, 22:09:52 - ivy: <@dannekrose:matrix.org "The mercure part though, is anot..."> awesome
8dv. 12/6/2023, 22:10:08 - ivy: so what exactly is mercure for?
8dw. 12/6/2023, 22:10:46 - dannekrose: That does the messenger transport and "processing" of requests in and out as best as I can tell.
8dx. 12/6/2023, 22:12:24 - dannekrose: Nginx + php does the UI stuff, but passes stuff off to mercure as best as I can tell, when it comes to request processing. Requests get put into redis (if you're doing the default steps) and then I *think* mercure handles client communications?
8dy. 12/6/2023, 22:12:32 - dannekrose: I'll be honest, I just set it up and prayed for the best.
8dz. 12/6/2023, 22:12:57 - ivy: okok
8ea. 12/6/2023, 22:13:49 - ivy: so if I understand this correctly, once that's set up, docker should be able to run
8eb. 12/6/2023, 22:15:20 - dannekrose: No.
8ec. 12/6/2023, 22:15:26 - dannekrose: You won't need docker at all for this.
8ed. 12/6/2023, 22:15:31 - dannekrose: If you're doing bare metal.
8ee. 12/6/2023, 22:15:38 - dannekrose: I'm not using docker at all
8ef. 12/6/2023, 22:15:43 - ivy: I thought I was doing docker
8eg. 12/6/2023, 22:15:47 - ivy: okok
8eh. 12/6/2023, 22:16:01 - dannekrose: It's confusing for sure. I don't blame you for being confused.
8ei. 12/6/2023, 22:16:06 - ivy: how difficult will this be to update
8ej. 12/6/2023, 22:16:50 - dannekrose: Once set up? You shouldn't have to touch the configuration again. It's just doing git and php commands to update the files from my experience.
8ek. 12/6/2023, 22:17:02 - ivy: ooooh
8el. 12/6/2023, 22:17:04 - ivy: awesome
8em. 12/6/2023, 22:17:11 - ivy: thats amazing
8en. 12/6/2023, 22:18:27 - dannekrose: I say "should" but who knows...
8eo. 12/6/2023, 22:18:42 - ivy: fair loll
8ep. 12/6/2023, 22:22:52 - dannekrose: It should be at /etc/nginx/sites-available/kbin.conf is the location
8eq. 12/6/2023, 22:23:10 - dannekrose: Once you're done editing it, check it for errors:
sudo nginx -t
12/6/2023, 22:23:46 - ivy: ```shell
kbin@ubuntu-4gb-hil-1:~$ sudo nginx -t
nginx: [warn] server name "https://fedi196.gay" has suspicious symbols in /etc/nginx/sites-enabled/kbin.conf:2
nginx: [emerg] invalid number of arguments in "fastcgi_pass" directive in /etc/nginx/sites-enabled/kbin.conf:12
nginx: configuration file /etc/nginx/nginx.conf test failed```
8er. 12/6/2023, 22:24:23 - ivy: not exactly sure why its upset with it
8es. 12/6/2023, 22:25:16 - dannekrose: Double-check against the template. Line endings are important
8et. 12/6/2023, 22:25:29 - ivy: oh no
8eu. 12/6/2023, 22:25:47 - ivy: i forgor the ;
8ev. 12/6/2023, 22:26:44 - ivy: ```shell
kbin@ubuntu-4gb-hil-1:~$ sudo nginx -t
nginx: [warn] server name "https://fedi196.gay" has suspicious symbols in /etc/nginx/sites-enabled/kbin.conf:2
nginx: [warn] server name "https://fedi196.gay" has suspicious symbols in /etc/nginx/sites-enabled/kbin.conf:48
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
```
8ew. 12/6/2023, 22:27:07 - ivy: why is it saying that it has suspicious symbols?
8ex. 12/6/2023, 22:27:34 - ivy: ```
server {
server_name fedi196.gay https://fedi196.gay;
root /var/www/kbin/public;
location / {
# try to serve file directly, fallback to app.php
try_files $uri /index.php$is_args$args;
}
```
8ey. 12/6/2023, 22:27:49 - ivy: does it just need to be the one?
8ez. 12/6/2023, 22:27:53 - dannekrose: You don't need the https://
For the server name, you can just use:
server_name fedi196.gay;
8fa. 12/6/2023, 22:27:59 - ivy: ooooooh
8fb. 12/6/2023, 22:28:05 - ivy: awesome
8fc. 12/6/2023, 22:29:24 - ivy: ```
kbin@ubuntu-4gb-hil-1:~$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
```
8fd. 12/6/2023, 22:29:28 - ivy: all better
8fe. 12/6/2023, 22:30:27 - dannekrose: Now try the site in your browser, just to see if it shows anything.
12/6/2023, 22:30:40 - ivy: https://fedi196.gay/
8ff. 12/6/2023, 22:20:25 - dannekrose: Is the kbin.conf file looking good?
8fg. 12/6/2023, 22:30:46 - dannekrose: (assuming your linux machine is reachable from the internet)
8fh. 12/6/2023, 22:31:00 - ivy: it shows the page but gives a 500 service error
8fi. 12/6/2023, 22:31:12 - dannekrose: It's progress!
8fj. 12/6/2023, 22:31:21 - ivy: image.png (File Attached)
8fk. 12/6/2023, 22:31:25 - dannekrose: Yup
8fl. 12/6/2023, 22:31:27 - Kris changed their display name to poVoq
8fm. 12/6/2023, 22:31:40 - dannekrose: Did you set up redis already?
8fn. 12/6/2023, 22:32:08 - ivy: I think so
8fo. 12/6/2023, 22:33:01 - ivy: ```
kbin@ubuntu-4gb-hil-1:~$ redis-cli ping
(error) NOAUTH Authentication required.
```
12/6/2023, 22:34:01 - dannekrose: Ok.
12/6/2023, 22:34:07 - dannekrose: Sounds like you got that set up ok.
12/6/2023, 22:34:32 - dannekrose: What shows up when you do this?
sudo ps aux | grep mercure
12/6/2023, 22:34:55 - ivy: ```
kbin@ubuntu-4gb-hil-1:~$ sudo ps aux | grep mercure
kbin 992613 0.0 0.0 6432 656 pts/0 S+ 20:34 0:00 grep --color=auto mercure
```
8fp. 12/6/2023, 22:35:28 - dannekrose: Ok. This part I'm also muddy on so I'll just walk you through what I did.
8fq. 12/6/2023, 22:36:39 - dannekrose: The next part is more preference, but let's just use one standard I've seen.
8fr. 12/6/2023, 22:37:43 - dannekrose: sudo mkdir -p /usr/shared/webapps/mercure
8fs. 12/6/2023, 22:37:58 - dannekrose: Then,
cd /usr/shared/webapps/mercure
8ft. 12/6/2023, 22:38:17 - dannekrose: In there,
curl -O https://github.com/dunglas/mercure/releases/download/v0.14.10/mercure_0.14.10_Linux_x86_64.tar.gz
8fu. 12/6/2023, 22:38:56 - dannekrose: That's a capital letter "o"
8fv. 12/6/2023, 22:39:41 - ivy: ```
kbin@ubuntu-4gb-hil-1:/usr/shared/webapps/mercure$ sudo curl -O https://github.com/dunglas/mercure/releases/download/v0.14.10/mercure_0.14.10_Linux_x86_64.tar.gz
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
```
8fw. 12/6/2023, 22:39:56 - ivy: 👍️
8fx. 12/6/2023, 22:41:26 - dannekrose: Hmm. It should have downloaded a file.
8fy. 12/6/2023, 22:41:52 - dannekrose: Ah
8fz. 12/6/2023, 22:41:57 - dannekrose: Sorry
8ga. 12/6/2023, 22:41:59 - dannekrose: curl -O -L https://github.com/dunglas/mercure/releases/download/v0.14.10/mercure_0.14.10_Linux_x86_64.tar.gz
8gb. 12/6/2023, 22:43:57 - ivy: ```shell
kbin@ubuntu-4gb-hil-1:/usr/shared/webapps/mercure$ sudo curl -O -L https://github.com/dunglas/mercure/releases/download/v0.14.10/mercure_0.14.10_Linux_x86_64.tar.gz
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 14.6M 100 14.6M 0 0 19.5M 0 --:--:-- --:--:-- --:--:-- 19.5M
kbin@ubuntu-4gb-hil-1:/usr/shared/webapps/mercure$ ls
mercure_0.14.10_Linux_x86_64.tar.gz
```
8gc. 12/6/2023, 22:44:03 - dannekrose: That's better
8gd. 12/6/2023, 22:44:56 - dannekrose: Next is:
sudo tar -zxvf mercure_0.14.10_Linux_x86_64.tar.gz
8ge. 12/6/2023, 22:45:55 - ivy: ```
kbin@ubuntu-4gb-hil-1:/usr/shared/webapps/mercure$ sudo tar -zxvf mercure_0.14.10_Linux_x86_64.tar.gz
COPYRIGHT
Caddyfile
Caddyfile.dev
LICENSE
README.md
mercure
```
8gf. 12/6/2023, 22:47:01 - dannekrose: And yet one more piece of software to install related.
8gg. 12/6/2023, 22:49:23 - dannekrose: This one should be a bit easier to install
8gh. 12/6/2023, 22:49:37 - dannekrose: Mercure uses something called bolt.
8gi. 12/6/2023, 22:49:49 - dannekrose: To install:
sudo apt install golang
8gj. 12/6/2023, 22:49:56 - dannekrose: That installs Go.
8gk. 12/6/2023, 22:50:01 - dannekrose: Which is needed to install Bolt
8gl. 12/6/2023, 22:50:31 - dannekrose: For sure.
8gm. 12/6/2023, 22:50:43 - ivy: go is installed
8gn. 12/6/2023, 22:50:50 - ivy: 😁
8go. 12/6/2023, 22:50:53 - dannekrose: Awesome. Next:
go get go.etcd.io/bbolt@latest
8gp. 12/6/2023, 22:51:25 - ivy: ```
kbin@ubuntu-4gb-hil-1:/usr/shared/webapps/mercure$ go get go.etcd.io/bbolt@latest
go: cannot use path@version syntax in GOPATH mode
```
8gq. 12/6/2023, 22:52:14 - dannekrose: go install go.etcd.io/bbolt/cmd/bbolt@latest
8gr. 12/6/2023, 22:52:39 - ivy: ```
kbin@ubuntu-4gb-hil-1:/usr/shared/webapps/mercure$ go install go.etcd.io/bbolt/cmd/bbolt@latest
can't load package: package go.etcd.io/bbolt/cmd/bbolt@latest: cannot use path@version syntax in GOPATH mode
```
8gs. 12/6/2023, 22:51:25 - ivy: ```
kbin@ubuntu-4gb-hil-1:/usr/shared/webapps/mercure$ go get go.etcd.io/bbolt@latest
go: cannot use path@version syntax in GOPATH mode
```
12/6/2023, 22:52:14 - dannekrose: go install go.etcd.io/bbolt/cmd/bbolt@latest
12/6/2023, 22:52:39 - ivy: ```
kbin@ubuntu-4gb-hil-1:/usr/shared/webapps/mercure$ go install go.etcd.io/bbolt/cmd/bbolt@latest
can't load package: package go.etcd.io/bbolt/cmd/bbolt@latest: cannot use path@version syntax in GOPATH mode
```
8gt. 12/6/2023, 22:58:20 - dannekrose: sudo chown kbin:kbin /usr/shared/webapps/mercure -R
12/6/2023, 22:58:45 - ivy: I'll give it a *go* 🤣
12/6/2023, 22:59:22 - dannekrose: And then close your SSH session and open a new one to reload your path. (That's the cheap and easy way I do it)
Add comment