${URL}/.well-known/host-meta is not reachable

[nupplaphil]

With my current docker-setup, I get an error at the admin overview page because /.well-known/host-meta isn't reachable.

My current docker-compose is:

   app:
    image: friendica/server:rc-fpm-alpine
    command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
    depends_on:
      - db
      - redis
    volumes:
     - friendica-vol-1:/var/www/html
    environment:
      - MYSQL_USERNAME=${DBUSER}
      - MYSQL_PASSWORD=${DBPASS}
      - MYSQL_DATABASE=${DBDATA}
      - MYSQL_HOST=${DBHOST}
      - MYSQL_PORT=${DBPORT}
      - FRIENDICA_ADMIN_MAIL=${MAILNAME}
      - FRIENDICA_TZ=${TZ}
      - FRIENDICA_LANG=${LANGUAGE}
      - FRIENDICA_UPGRADE=true
      - REDIS_HOST=redis
      - FRIENDICA_DATA=true
      - FRIENDICA_DEBUGGING=true
      - SMTP=mail
      - SITENAME=${SITENAME}
    restart: always
    networks:
      default:
        aliases:
          - app
      private:
        aliases:
          - friendica_web
    logging:
      driver: json-file
      options:
        max-size: "10m"
        max-file: "3"

  web:
    build: ./web
    restart: always
    volumes:
      - friendica-vol-1:/var/www/html:ro
    environment:
      - HOSTNAME=${HOSTNAME}
    depends_on:
      - app
    networks:
      - web
      - default
    labels:
      - "traefik.backend=friendica"
      - "traefik.frontend.entryPoints=https"
      - "traefik.frontend.headers.SSLRedirect=true"
      - "traefik.frontend.headers.STSSeconds=15768000"
      - "traefik.frontend.headers.STSIncludeSubdomains=false"
      - "traefik.frontend.headers.forceSTSHeader=true"
      - "traefik.friendica.frontend.rule=Host:${HOSTNAME}"
      - "traefik.friendica.port=80"
      - "traefik.enable=true"
      - "traefik.docker.network=web"
    logging:
      driver: json-file
      options:
        max-size: "10m"
        max-file: "3"

[bttmchnd]

Same here. Docker, Traefik, and reverse proxy with Caddy.

But https://derpy.email/.well-known/host-meta is reachable.

[nupplaphil]

I found a solution for this issue with using extra_hosts:

app:
    image: friendica/server:rc-fpm-alpine
    command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
    depends_on:
      - db
      - redis
    volumes:
     - friendica-vol-1:/var/www/html
    environment:
      - MYSQL_USERNAME=${DBUSER}
      - MYSQL_PASSWORD=${DBPASS}
      - MYSQL_DATABASE=${DBDATA}
      - MYSQL_HOST=${DBHOST}
      - MYSQL_PORT=${DBPORT}
      - FRIENDICA_ADMIN_MAIL=${MAILNAME}
      - FRIENDICA_TZ=${TZ}
      - FRIENDICA_LANG=${LANGUAGE}
      - FRIENDICA_UPGRADE=true
      - REDIS_HOST=redis
      - FRIENDICA_DATA=true
      - FRIENDICA_DEBUGGING=true
      - SMTP=mail
      - SITENAME=${SITENAME}
    restart: always
    extra_hosts:
       - "friendica.philipp.info:172.18.0.2"
       - "opensocial.at:172.18.0.2"

172.18.0.2 is the local IP of the docker gateway. Now a ping of the own hostname will redirect to the gateway and answer inside the local vlan rather than trying to ping ourselfs from the outside.
=> The messages vanished and the Curls to the own hostname now works :)

@commagray can you check it, if this will solve your message too? And if #99 is now working? I've the fear that #99 is not caused by this issue

[bttmchnd]

Uhh. I tried these options (separatly and together):

    extra_hosts:
      - "derpy.email:192.168.96.3"
      - "derpy.email:172.18.0.3"
      - "derpy.email:172.18.0.2"
      - "derpy.email:172.18.0.13"

All of IPs I've seen in docker inspect.

Nope, I still have the message.

And I still affected by #99.

[bttmchnd]

Some logs?

2020-01-05 23:32:01 index [WARNING]: error: https://derpy.email/.well-known/host-meta: 0 - Failed to connect to derpy.email port 443: Connection refused [] - {"file":"CurlResult.php","line":150,"function":"checkSuccess","uid":"26e8ae","process_id":22956}
2020-01-05 23:32:53 index [WARNING]: error: https://derpy.email/.well-known/host-meta: 0 - Failed to connect to derpy.email port 443: Connection refused [] - {"file":"CurlResult.php","line":150,"function":"checkSuccess","uid":"84aa99","process_id":22882}
2020-01-05 23:34:18 index [WARNING]: error: https://derpy.email/.well-known/host-meta: 0 - Failed to connect to derpy.email port 443: Connection refused [] - {"file":"CurlResult.php","line":150,"function":"checkSuccess","uid":"80c32e","process_id":22952}
2020-01-05 23:35:40 index [WARNING]: API call - not implemented {"module":"api","action":"call","query":"api\/v1\/custom_emojis"} - {"file":"api.php","line":369,"function":"api_call","uid":"149226","process_id":22951}
2020-01-05 23:38:44 index [WARNING]: error: https://derpy.email/.well-known/host-meta: 0 - Failed to connect to derpy.email port 443: Connection refused [] - {"file":"CurlResult.php","line":150,"function":"checkSuccess","uid":"064762","process_id":22956}
2020-01-05 23:38:58 index [NOTICE]: Addon rendertime: install {"action":"install","addon":"rendertime"} - {"file":"Addon.php","line":175,"function":"install","uid":"bfd6a1","process_id":22951}
2020-01-05 23:41:17 worker [WARNING]: error: https://derpy.email/images/person-300.jpg: 0 - Failed to connect to derpy.email port 443: Connection refused {"worker_id":"86271e0","worker_cmd":"UpdateContact"} - {"file":"CurlResult.php","line":150,"function":"checkSuccess","uid":"3c7c6b","process_id":24233}
2020-01-05 23:41:34 index [NOTICE]: no data for session {"session_id":"49102274e35ba780041aedd6dd44da5a","uri":"\/robots.txt"} - {"file":"CacheSessionHandler.php","line":35,"function":"read","uid":"00e394","process_id":22956}
2020-01-05 23:49:01 index [WARNING]: error: https://mastodon.social/users/jacquespoilu: 410 -  [] - {"file":"CurlResult.php","line":150,"function":"checkSuccess","uid":"0851f5","process_id":22884}
2020-01-05 23:49:01 index [WARNING]: error: https://mastodon.social/users/jacquespoilu: 410 -  [] - {"file":"CurlResult.php","line":150,"function":"checkSuccess","uid":"0851f5","process_id":22884}
2020-01-05 23:49:01 index [WARNING]: Invalid HTTP signature, message will be discarded. [] - {"file":"Receiver.php","line":68,"function":"processInbox","uid":"0851f5","process_id":22884}
2020-01-05 23:49:31 index [WARNING]: error: https://derpy.email/.well-known/host-meta: 0 - Failed to connect to derpy.email port 443: Connection refused [] - {"file":"CurlResult.php","line":150,"function":"checkSuccess","uid":"639c36","process_id":22958}

Yup, I can't curl https://derpy.email inside the container, but can curl http://derpy.email.

[bttmchnd]

Okay, so my solution was absolutely vice versa, lol.

    environment:
      - MYSQL_HOST=db
      - MYSQL_USER=[REDACTED]
      - MYSQL_PASSWORD=[REDACTED]
      - MYSQL_DATABASE=[REDACTED]
      - FRIENDICA_ADMIN_MAIL=[REDACTED]
+     - FRIENDICA_UPGRADE=false
+     - FRIENDICA_SITENAME=derpy.email
+     - SITENAME=derpy.email
-   hostname: derpy.email
+   #hostname: derpy.email
    depends_on:
      - db
    networks:
      - internal
      - proxy
    labels:
      - traefik.enable=true
      - traefik.backend=derpapp
      - traefik.docker.network=proxy
      - traefik.port=80
      - traefik.frontend.rule=Host:derpy.email
      - com.centurylinklabs.watchtower.enable=true
-   extra_hosts:
-     - "derpy.email:192.168.96.3"
-     - "derpy.email:172.18.0.3"
-     - "derpy.email:172.18.0.2"
-     - "derpy.email:172.18.0.13"
+   #extra_hosts:
+   #  - "derpy.email:192.168.96.3"
+   #  - "derpy.email:172.18.0.3"
+   #  - "derpy.email:172.18.0.2"
+   #  - "derpy.email:172.18.0.13"

Seems fixed the message. Still, I need to test my federation with #99.

[nupplaphil]

Hmm... Are mails still working with this setup? I guess not.. Hostname is used for the smtp setup. So you deleted the Hostname parameter and now the instance doesn't know anymore that derpy.email is your local container and tries to ping it "again" from the outside..

But maybe that's a valid solution.. Maybe I "just" have to use another env for the mail host.. Thx for the tests!!

[bttmchnd]

I use the “PHP Mailer SMTP” addon, so no issues in my setup.

But, yeah, with turned off addon emails seem not working.

[nupplaphil]

Hmkay.. I think I'll remove the hostname usage, this should fix this issue

[bttmchnd]

Now it happens again.

root@f267927c8e73:/var/www/html# curl http://localhost/.well-known/host-meta
<html>
        <head>
                <title>Service Unavailable</title>
        </head>
        <body>
                <h1>Service Unavailable</h1>
                <p></p>
        </body>
</html>

But if you give it some time it'll be fine again. The worker seems not working?

[MrPetovan]

"Service unavailable" means that your server load average has reached the limit Friendica uses to cut any call short. This limit can be configured in the admin panel or via command line.

[nupplaphil]

This didn't work as well .. I still have Timeouts when pinging my own node ..

2020-03-04T22:31:52Z index [WARNING]: error: https://friendica.philipp.info/.well-known/host-meta: 0 - Connection timed out after 20000 milliseconds [] - {"file":"CurlResult.php","line":169,"function":"checkSuccess","uid":"3d09f3","process_id":225}

[iannuzzelli]

I was having the same issue, and it was solved by adding the extra_hosts section, mind that the gateway IP may change depending on your docker setup (in my case is 172.17.0.1)

[nupplaphil]

This is really not a good solution :-/

Maybe I can have a look for the root cause and fix it ..

[nupplaphil]

I think that this issue isn't "solvable" within the docker image code. It's a general problem with curl/fetching inside the docker network environment .. But I don't have any good idea for a better solution than mapping the gateway IP to the local node hostnames ... So if somebody has a better idea, I will add it to the ".examples" directory as best practice .. meanwhile this issue will stay open until found :-)

[elrido]

Not a better idea, but a little extra information nugget: As the internal gateway IP can change, I've instead mapped the sites hostname to the external static IP of the gateway service. This adds a little latency, but won't change without my intervention.

I've got to be honest - I had noticed this message ever since I switched my former installation to this container image. Had ignored it, assuming it was just an internal check. Since the upgrade to 2021.07 I didn't get any ActivityPub updates any more - I suspect this setting is now necessary due to friendica/friendica#10257

[scifijunk]

Well, I just hit this problem today. The only thing I changed was updating Nginx Proxy Manager to v2.10.3. It appears that my node still seems to see other nodes and I'm able to follow contacts. I'm also seeing the Message queues going up and down like normal. I'm not sure if people can follow me or see me on their nodes.

I'm kinda at a loss for what to do since on the one hand it looks like it's working as normal and on the other hand I have this error that says it's not.

Update: I think I fixed the problem on my end. It seems it did not like the SSL I set up in Nginx Proxy Manager so I redid it. When I did that the error went away. So maybe check your SSL and make sure it's set right.