jcolag

joined 2 years ago
sorted by: new top controversial old
localhosting: selfhosting to the min in c/selfhosted@lemmy.world
[–] jcolag@lemmy.sdf.org 3 points 2 weeks ago

I buy it.

As it turns out, a couple of months ago when a laptop crapped out at an inopportune time, I needed to retreat to a much older machine with barely enough memory to keep a browser running all day. As I tried to work out a recovery plan for the things that didn't seem properly backed up (they were, just not where I expected them), I remembered that I had a couple of old Raspberry Pi units that I never did much with, and decided that could take the load off of the laptop if I tossed them in the corner.

So far, I have Code Server to substitute for Visual Studio Code, Cryptpad for Libre Office, Forgejo just because I really should have done that a long time ago, Fresh RSS for a rotating list of RSS readers since I dropped my Internet-accessible Tiny Tiny RSS installation, Inf Cloud and Radicale for a calendar/address book, Jellyfin that used to run on the then-in-use old laptop, Snappy Mail for Thunderbird and the bunch of heavy webpages from mail providers, YaCy because I've wanted to use it more for many years, and a few others.

Moving onto a more functional computer, I decided to keep the servers running, because the setup works about as well as the desktop setups that I've run for years, if I use a few pinned tabs. I'm sure that I'll scream about it when something goes wrong, but it does the job...

Setting up 2FAuth; Can't Register in c/selfhosted@lemmy.world
[–] jcolag@lemmy.sdf.org 1 points 3 weeks ago

Yeah, it's on the local network, so I'll need to mess around with aliases again. And they seem to think that it's possible to set this up on a subfolder, with the APP_SUBDIRECTORY variable, but it doesn't exactly give the impression of rigorous deployment testing, so you're right that I should assume that part doesn't work. Thanks!

13
Setting up 2FAuth; Can't Register (lemmy.sdf.org)
 

(Apologies in advance if this is the wrong spot to ask for help, and/or if the length annoys people.)

I'm trying to set up 2FAuth on a local server (old Raspberry Pi, Debian), alongside some other services.

Following the self-hosting directions, I believe that I managed to get the code running, and I can get at the page, but can't register the first/administrative/only account. Presumably, something went wrong in either the configuration or the reverse-proxy, and I've run out of ideas, so could use an extra pair of eyes on it, if somebody has the experience.

The goal is to serve it from http://the-server.local/2fa, where I have a...actually the real name of the server is worse. Currently, the pages (login, security device, about, reset password, register) load, but when I try to register an account, it shows a "Resource not found / 404" ("Item" in the title) page.

Here's the (lightly redacted) .env file, mostly just the defaults.

APP_NAME=2FAuth
APP_ENV=local
APP_TIMEZONE=UTC
APP_DEBUG=false
SITE_OWNER=mail@example.com
APP_KEY=base64:...
APP_URL=http://the-server.local/2fa
APP_SUBDIRECTORY=2fa
IS_DEMO_APP=false
LOG_CHANNEL=daily
LOG_LEVEL=notice
CACHE_DRIVER=file
SESSION_DRIVER=file
DB_CONNECTION=sqlite
DB_DATABASE=/var/www/2fauth/database/database.sqlite
DB_HOST=
DB_PORT=
DB_USERNAME=
DB_PASSWORD=
MYSQL_ATTR_SSL_CA=
MAIL_MAILER=log
MAIL_HOST=my-vps.example
MAIL_PORT=25
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null
MAIL_FROM_NAME=2FAuth
MAIL_FROM_ADDRESS=2fa@my-vps.example
MAIL_VERIFY_SSL_PEER=true
THROTTLE_API=60
LOGIN_THROTTLE=5
AUTHENTICATION_GUARD=web-guard
AUTHENTICATION_LOG_RETENTION=365
AUTH_PROXY_HEADER_FOR_USER=null
AUTH_PROXY_HEADER_FOR_EMAIL=null
PROXY_LOGOUT_URL=null
WEBAUTHN_NAME=2FAuth
WEBAUTHN_ID=null
WEBAUTHN_USER_VERIFICATION=preferred
TRUSTED_PROXIES=null
PROXY_FOR_OUTGOING_REQUESTS=null
CONTENT_SECURITY_POLICY=true
BROADCAST_DRIVER=log
QUEUE_DRIVER=sync
REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379
PUSHER_APP_ID=
PUSHER_APP_KEY=
PUSHER_APP_SECRET=
PUSHER_APP_CLUSTER=mt1
VITE_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
VITE_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
MIX_ENV=local

Then, there's the hard-won progress on the NGINX configuration.

server {
    listen 80;
    server_name the-server.local;
# Other services
    location /2fa/ {
        alias /var/www/2fauth/public/;
        index index.php;
        try_files $uri $uri/ /index.php?$query_string;
    }
    location ~ ^/2fa/(.+?\.php)(/.*)?$ {
        alias /var/www/2fauth/public/;
        fastcgi_pass unix:/var/run/php/php8.3-fpm.sock;
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        set $path_info $fastcgi_path_info;
        fastcgi_param PATH_INFO $path_info;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root/$1;
        include fastcgi_params;
    }
# ...and so on

I have tried dozens of variations, here, especially in the fastcgi_param lines, almost all of which either don't impact the situation or give me a 403 or 404 error for the entire app. This version at least shows login/register/about pages.

While I would've loved to do so, I can't work with the documentation's example, unfortunately, because (a) it presumes that I only want to run the one service on the machine, and (b) doesn't seem to work if transposed to a location. They do have the Custom Base URL option, but it doesn't work. That just gives me a 403 error (directory index of "/var/www/2fauth/public/" is forbidden, client: 192.168.1.xxx, server: the-server.local, request: "GET /2fa/ HTTP/1.1", host: "the-server.local", and again I emphasize that the permissions are set correctly) for the entire app, making me think that maybe nobody on the team uses NGINX.

Setting both NGINX and 2FAuth for debugging output, the debug log for NGINX gives me this, of the parts that look relevant.

*70 try files handler
*70 http script var: "/2fa/user"
*70 trying to use file: "user" "/var/www/2fauth/public/user"
*70 http script var: "/2fa/user"
*70 trying to use dir: "user" "/var/www/2fauth/public/user"
*70 http script copy: "/index.php?"
*70 trying to use file: "/index.php?" "/var/www/2fauth/public//index.php?"
*70 internal redirect: "/index.php?"

And the Laravel log is empty, so it's not getting that far.

Permissions and ownership of 2FAuth seem fine. No, there's no /var/www/2fauth/public/user, which seems to make sense, since that's almost certainly an API endpoint and none of the other "pages" have files by those names.

I have theories on what the application needs (probably the path as an argument of some sort), but (a) I'm not in the mood to slog through a PHP application that I don't intend to make changes to, and (b) I don't have nearly the experience with NGINX to know how to make that happen.

It seems impossible that I'm the first one doing this, but this also feels like a small enough problem (especially with a working desktop authenticator app) that it's not worth filing a GitHub issue, especially when their existing NGINX examples are so...worryingly off. So, if anybody can help, I'd appreciate it.

Decentralized Search Engine in c/selfhosted@lemmy.world
[–] jcolag@lemmy.sdf.org 27 points 6 months ago

I've been using different versions of SearX for a long while (sometimes on my server, sometimes through a provider like Disroot) as my standard search engine, since I've never had great luck with the big names, and it's decent, but between upstream provider quota limits, and just the fact that it relies on corporate search APIs at all, sometimes the quality craters.

While I haven't had the energy to run YaCy on my own, and public instances tend to not have a long life, I don't have nearly as much experience with it, but when I have gotten to try it out, the search itself looked great, but generally didn't have as broad or current an index. Long-term, though, it (and its protocol) is probably going to be the way to go, if only because a company can't randomly tank it like they can with the meta-search systems or their own interfaces.

Looking at Presearch for the first time now, the search results look almost surprisingly good if poorly sorted, but the fact that I now know orders of magnitude more about their finances and their cryptocurrency token than what and how the thing actually searches makes me worry a bit about its future.

What’s the newest way of watching YouTube? in c/selfhosted@lemmy.world
[–] jcolag@lemmy.sdf.org 15 points 8 months ago (2 children)

I believe that YouTube supports RSS. I haven't used it in years, but gPodder allowed subscribing to channels.

Ah, yeah. From this post:

  • Go to the YouTube channel page.
  • Click more for the About box.
  • Scroll down to click Share channel. Choose Copy channel ID.
  • Get the feed from https://www.youtube.com/feeds/videos.xml?channel_id= plus that channel ID from the previous step.

From there, something (like a podcast client) needs to grab the video.

Otherwise, I've been using Tartube to download to my media server, which is not great but fine, except for needing to delete the lock file when it (or the computer) crashes, and the fact that the media server hasn't the foggiest idea of how to organize the "episodes."

Out of curiosity is there a FOSS (add-free) short form video type social media? in c/foss@beehaw.org
[–] jcolag@lemmy.sdf.org 4 points 1 year ago

I can't vouch for anything about it, since I've never done more than look and bookmark the page, but Vidzy at least exists and has an instance that plays one short video...

Using copyleft without heavily restricting what platforms to share on in c/libre_culture@lemmy.ml
[–] jcolag@lemmy.sdf.org 3 points 1 year ago

I'd say to ignore the platform licensing and just make sure that the license appears in the media itself (which it should, anyway, in case anybody finds it randomly) and marked in descriptions.

YouTube seems interesting, because there's so much garbage listed as CC-BY that almost certainly doesn't have any legitimate permission for it, and I've never found actual Creative Commons content through that route, so that probably informs my "just ignore it" thinking...

POSSE Method: Publish (on your) Own Site, Syndicate Elsewhere in c/selfhosted@lemmy.world
[–] jcolag@lemmy.sdf.org 2 points 1 year ago

The Indie Web website up there actually has protocols to do most of what people do for social media, in exactly that structure. It's enough of a pain to set up that I don't see it becoming normal, but the amount that I've set up for my website at least works...

I created a simple Creative Commons sites index with high hopes. in c/libre_culture@lemmy.ml
[–] jcolag@lemmy.sdf.org 3 points 1 year ago

Likewise, feel free to reach out if you need a hand. I don't always have time, but I do my share of weird programming.

I created a simple Creative Commons sites index with high hopes. in c/libre_culture@lemmy.ml
[–] jcolag@lemmy.sdf.org 6 points 1 year ago* (last edited 1 year ago) (2 children)

Always good to see more effort to surface these things. A couple of possible enhancements come to mind.

  • Pepper & Carrot probably belongs under comics, and/or comics belongs as a subset of fiction.
  • It'd be great to filter by license, maybe similar to what Openverse (which you already have listed) does. I know that Creative Commons doesn't see a problem with incompatible licenses, but I feel like people in the space have strong feelings about how "free/libre" it is to say that something can't be used commercially (whatever that means) or can't be altered.
  • If you want a pile of fiction of various sorts, at the risk of self-promoting, I spotlight (and ideally have discussions around) Free Culture works on Saturdays. https://john.colagioia.net/blog/tag/bookclub/ (And a bunch of the links actually lead to collections.)
  • Another pile, you'll need to figure out how to sift through on your own (I haven't had the time to figure out how to parse it), but Chris "Sanglorian" Sakkas posted the (I imagine) final backup of his Free and Open Works wiki, sort of your predecessor project. (Edit: I stupidly forgot the link https://archive.org/details/freeand-open-works-20200811084450)
  • Too much manual labor, I realize, especially as the list expands, but ideally, it'd be nice to have some idea of what lives at the other end of a link beyond the format. The videos especially could plausibly be anything...

Thanks for getting this rolling!

Is there is creative commons licensed news sources for the middle east? in c/libre_culture@lemmy.ml
[–] jcolag@lemmy.sdf.org 1 points 1 year ago

The only dedicated site that I know of is the Iranian Tasnim News, though Global Voices has some writers in the general area, too.

Is the SFC the Future of the Free Software Movement? in c/freesoftware@lemmy.zip
[–] jcolag@lemmy.sdf.org 1 points 2 years ago

Yep. You can't take a direct request to stop harassing me. Blocking, like I should have done when I first spotted that you had nothing to say.

Is the SFC the Future of the Free Software Movement? in c/freesoftware@lemmy.zip
[–] jcolag@lemmy.sdf.org 1 points 2 years ago (2 children)

For clarity, your first interaction with me was to accuse me of lying. I have twice asked you to leave me out of your fantasies. And yet, you're still here telling me that I've done something dishonest by looking at the FSF and having an opinion. I've been polite. I have not attacked you. You've been insulting and taken everything personally.

Stop projecting your immaturity onto me. Stop imagining that you're going to win my approval or respect. Stop imagining that my insistence that you stop bothering me is an attempt to have a conversation with you. And above all, go away, as I've requested three times.

view more: next ›