I have setup a selfhosted WriteFreely instance (v012.0) but I’m having some problem with Federation.
Some settings:
$ grep -E '(federation|single_user|private)' config.ini
single_user = true
federation = true
private = false
API works:
$ # curl -s https://theo-andreou.org/api/nodeinfo | python -m json.tool
{
"metadata": {
"invites": false,
"maxBlogs": 1,
"nodeDescription": "A Weblog about Cyprus, Free Software and the space between (by Theodotos Andreou)",
"nodeName": "Mouflons and Penguins",
"publicReader": false,
"software": {
"follow": "https://writing.exchange/@write_as",
"github": "https://github.com/writeas/writefreely",
"homepage": "https://writefreely.org"
}
},
"openRegistrations": false,
"protocols": [
"activitypub"
],
"services": {
"inbound": [],
"outbound": [
"rss2.0"
]
},
"software": {
"name": "writefreely",
"version": "0.12.0"
},
"usage": {
"localPosts": 3,
"users": {
"activeHalfyear": 1,
"total": 1
}
},
"version": "2.0"
}
But I get this in the logs when trying to follow the site from Mastodon:
192.241.206.104 - - [08/Aug/2020:16:03:49 +0300] "GET /.well-known/webfinger?resource=acct:theo@theo-andreou.org HTTP/1.1" 404 0 "-" "http.rb/4.3.0 (Mastodon/3.1.1; +http
s://social.librem.one/)"
192.241.206.104 - - [08/Aug/2020:16:03:50 +0300] "GET /.well-known/host-meta HTTP/1.1" 200 222 "-" "http.rb/4.3.0 (Mastodon/3.1.1; +https://social.librem.one/)"
192.241.206.104 - - [08/Aug/2020:16:03:50 +0300] "GET /.well-known/webfinger?resource=acct:theo@theo-andreou.org HTTP/1.1" 404 0 "-" "http.rb/4.3.0 (Mastodon/3.1.1; +http
s://social.librem.one/)"
Any idea?
References:
Federation Troubleshooting
matt
August 11, 2020, 8:16pm
2
Username and everything seems correct based on the data returned when running this:
curl -H 'Accept: application/activity+json' https://theo-andreou.org/ | python -m json.tool
Could you run writefreely with the --debug flag and see if anything else appears in the logs?
Otherwise, are you running the compiled application, or building from source? If from source, it’d be great to add some additional logging in the FindUser() func
It’s getting more clear now. I got this in the Nginx logs:
192.241.206.104 - - [12/Aug/2020:08:10:54 +0300] "GET /.well-known/webfinger?resource=acct:theo@theo-andreou.org HTTP/1.1" 502 173 "-" "http.rb/4.3.0 (Mastodon/3.1.1; +https://social.librem.one/)"
192.241.206.104 - - [12/Aug/2020:08:10:55 +0300] "GET /.well-known/host-meta HTTP/1.1" 502 173 "-" "http.rb/4.3.0 (Mastodon/3.1.1; +https://social.librem.one/)"
… but nothing on the writefreely debug output. So I guess this may have something to do with the Nginx config:
server {
server_name theo-andreou.org www.theo-andreou.org;
add_header Referrer-Policy origin always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
add_header X-Frame-Options "SAMEORIGIN";
add_header 'Referrer-Policy' 'same-origin';
gzip on;
gzip_types
application/javascript
application/x-javascript
application/json
application/rss+xml
application/xml
image/svg+xml
image/x-icon
application/vnd.ms-fontobject
application/font-sfnt
text/css
text/plain;
gzip_min_length 256;
gzip_comp_level 5;
gzip_http_version 1.1;
gzip_vary on;
location ~ ^/.well-known/(webfinger|nodeinfo|host-meta) {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://127.0.0.1:8080;
proxy_redirect off;
}
location ~ ^/(css|img|js|fonts)/ {
root /srv/writefreely/freely.theo-andreou.org/static;
# Optionally cache these files in the browser:
# expires 12M;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://127.0.0.1:8081;
proxy_redirect off;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theo-andreou.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theo-andreou.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.theo-andreou.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = theo-andreou.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name theo-andreou.org www.theo-andreou.org;
listen 80;
return 404; # managed by Certbot
}
It turns out I was using the wrong port on the (webfinger|nodeinfo|host-meta) location block.
Thanks @matt . And sorry for the noise.
matt
August 12, 2020, 11:21am
5
No problem at all, @theodotos . Glad you got it fixed, and thanks for sharing the solution with us!