ejabberd - Среда, 13 сентября 2017

ejabberd

ejabberd@conference.jabber.ru

Среда, 13 сентября 2017< ^ >

Holger установил(а) тему: ejabberd · https://ejabberd.im · https://docs.ejabberd.im

Конфигурация комнаты

Участники комнаты

GMT+3
[00:01:23] focus121 вышел(а) из комнаты: offline
[00:03:29] jere вышел(а) из комнаты: Disconnected: Replaced by new connection
[00:03:40] jere вошёл(а) в комнату
[00:06:49] jodok вышел(а) из комнаты
[00:07:27] <rom1dep> hi, asking again, is there such a thing as JID/user-aliases that would allow users to connect (from a LDAP) with two different but equivalent identities?
[00:07:49] focus121 вошёл(а) в комнату
[00:08:02] <rom1dep> Holger: maybe that's something you are deploying, like student-id@uni.de and student.name@uni.de
[00:08:19] <zinid> there is no aliases in xmpp
[00:08:23] <zinid> because of rosters
[00:09:21] <rom1dep> I don't see how that's a problem?
[00:10:07] Marzanna вышел(а) из комнаты: Bye!
[00:10:17] <rom1dep> you may be addressing to me using either student-id or student.name, as long as it ends-up in the same bin (like a mail alias/redirection) it's fine
[00:10:35] erik вошёл(а) в комнату
[00:10:43] SaltyBones вышел(а) из комнаты: Machine going to sleep
[00:12:47] <zinid> but how to manage subscriptions and presences?
[00:15:34] <rom1dep> indistinctly?
[00:16:05] <zinid> yeah
[00:16:27] <zinid> like you're the first who came to thought about aliases in xmpp in last 17 years :)
[00:17:03] <zinid> on jabber.ru that was the most wanted feature back in the time
[00:17:10] jodok вошёл(а) в комнату
[00:17:35] jannic вышел(а) из комнаты: Replaced by new connection
[00:17:39] <rom1dep> nah, please don't remove from me this deep belief that I'm a special snowflake!
[00:17:49] jannic вошёл(а) в комнату
[00:19:45] <rom1dep> is there at least somewhere a consolidated list of the major show stoppers?
[00:21:29] <zinid> you should add both student-id@uni.de and student.name@uni.de in your roster
[00:21:34] <zinid> what's the point in it?
[00:21:53] <zinid> also, a server should generate somehow presences from both
[00:23:11] <focus121> last thing that I need todo to be done with moving from prosody to ejabberd is to offer websocket.  on prosody im have wss:example.com:5281/xmpp-websocket, how I do this on ejabberd. (sorry dont wanna interrubt you. finish first what you are doing)
[00:23:41] <zinid> never configured websockets
[00:23:53] <rom1dep> my contacts could add either of student-id or student.name, and in the vcard/contacts info/PEP/whatever, I could broadcast my aliases for info, that's not even mandatory
[00:23:53] <focus121> mhm
[00:24:42] <focus121> have one users that I don't wanna lose that uses https://github.com/digicoop/kaiwa
[00:24:55] <focus121> better bosh? or what you think
[00:24:56] <focus121> ?
[00:25:29] <zinid> bosh is buggy and brutally hard to debug
[00:25:34] <zinid> I think wss is better
[00:25:55] <zinid> "Kaiwa is not maintained anymore"
[00:26:06] <Holger> I do use WebSockets.  What's the question?
[00:26:25] <focus121> ‎zinid‎: sone better alternative to kaiwa?
[00:26:48] <focus121> zinid‎: why never use websockets?
[00:27:02] <Holger> focus121: Converse.js/Inverse.js or maybe JSXC.
[00:27:02] <zinid> focus121: dunno about an alternative
[00:27:23] <rom1dep> focus121:
  -
    port: 5280
    ip: "::"
    module: ejabberd_http
    request_handlers:
      "/ws": ejabberd_http_ws
      "/bosh": mod_bosh
then you tell your web server to reverse proxy to it:
ProxyPass /bosh http://localhost:5280/bosh/
ProxyPassReverse /bosh http://localhost:5280/bosh/
ProxyPass /websocket http://tamytro.org:5280/ws/
ProxyPassReverse /websocket http://tamytro.org:5280/ws/
[00:27:28] <zinid> focus121: because I'm not a server admin and had no task to deploy websockets
[00:27:49] <rom1dep> focus121:
  -
    port: 5280
    ip: "::"
    module: ejabberd_http
    request_handlers:
      "/ws": ejabberd_http_ws
      "/bosh": mod_bosh
then you tell your web server to reverse proxy to it:
ProxyPass /bosh http://localhost:5280/bosh/
ProxyPassReverse /bosh http://localhost:5280/bosh/
ProxyPass /websocket http://localhost:5280/ws/
ProxyPassReverse /websocket http://localhost:5280/ws/
[00:28:39] <Holger> rom1dep:
> my contacts could add either of student-id or student.name
So your server then needs to maintain a 'alias => contact' mapping.
[00:29:23] <rom1dep> Holger: yep, I don't see a way around that. Actually this mapping present in the LDAP implicitely to begin with
[00:29:36] <rom1dep> Holger: yep, I don't see a way around that. Actually this mapping is present in the LDAP implicitely to begin with
[00:29:55] <focus121> ‎zinid‎: sorry, I read "never configure websockets"
[00:30:52] <zinid> the excuse is accepted!
[00:31:29] <focus121> rom1dep‎: I want tls so wss
[00:31:41] <focus121> wss:example.com:5281/xmpp-websocket
[00:31:53] <rom1dep> focus121: yep, that's what it is
[00:31:58] fphome вышел(а) из комнаты
[00:32:09] fphome вошёл(а) в комнату
[00:34:16] <rom1dep> with the above conf you can ws:example.com/websocket or wss:example.com/websocket
[00:34:36] <focus121> ‎rom1dep: so ejaaberd dosen't have a a http server like prosody and I ProxyPass it with a webserver (have a nginx running)
[00:35:13] <Holger> It does have one, proxying is optional.
[00:35:17] <focus121> rom1dep: did I get it correct?
[00:35:20] <Holger> (But makes sense usually.)
[00:35:24] JabAlacer вошёл(а) в комнату
[00:35:43] <focus121> ‎Holger‎: to proxy over webserver you mean?
[00:35:47] <rom1dep> it does have a http server, otherwise the whole thing couldn't work, the question is whether you want to put a proxy in front of it in order to not expose your users to :5281
[00:36:46] <focus121> rom1dep‎: okay now I got it. so with the proxing I can offer to the client wss:example.com/xmpp-websocket  instead of wss:example.com:5281/xmpp-websocket?
[00:37:59] <rom1dep> many firewalls would block :5280, and I believe that if you want to expose bosh/ws, it's for building/connecting a web app, so that would make sense to wrap it in 80/443
[00:38:18] <rom1dep> absolutely
[00:38:48] nabeel вошёл(а) в комнату
[00:40:39] <focus121> ‎rom1dep‎: got it thx. makes sense. I will try that tomorrw.
[00:41:25] <focus121> Just makes it than not sense to also wrap http_upload over proxy pass to 443? :S
[00:41:47] <focus121> Its runnning atm on 5443 :S
[00:41:54] <rom1dep> focus121: yep, and also captcha
[00:42:35] <focus121> yep
[00:42:48] <focus121> I will do that all tomorrow
[00:43:18] <rom1dep> if you use apache, I could share some conf with you
[00:43:49] <focus121> have nginx running with nextcloud but thx a lot
[00:44:13] <rom1dep> it's one level deeper on the proxying story, though, because I'm also using sslh
[00:44:59] <focus121> rom1dep‎: using sslh also
[00:45:21] <rom1dep> very similar setup, then
[00:45:44] <rom1dep> except that I'll probably end-up nuking that nextcloud crap
[00:47:20] <Holger> focus121: I'm proxy-ing these things with Nginx as well.
[00:47:35] <focus121> rom1dep‎: that nextcloud "crap" isn't even that important, No fear to nuke that. No important users and I have backups
[00:48:55] <rom1dep> nextcloud/owncloud has proven to be (for me at least) one of the most disappointing software I've used in the past N years
[00:48:56] nabeel вышел(а) из комнаты
[00:49:06] <rom1dep> but yayh, it's absolutely irrelevant ;)
[00:49:35] erik вышел(а) из комнаты: Machine going to sleep
[00:49:43] <focus121> Am I allowed too be boring tomorrow again about that topic? I really passing out now. And I have only 5h to rest.
[00:49:54] <focus121> But really you are awesome here :)
[00:50:07] <focus121> Never got so fast help and support
[00:50:55] <rom1dep> yeah, Holger and zinid are truly amazing :)
[00:51:03] <rom1dep> good night!
[00:51:08] <focus121> g8
[00:51:39] focus121 вышел(а) из комнаты: offline
[00:53:36] debalance вышел(а) из комнаты
[00:54:02] debalance вошёл(а) в комнату
[00:59:40] Tokodomo вышел(а) из комнаты: Connection failed: connection closed
[01:01:14] hlad вышел(а) из комнаты
[01:02:27] hlad вошёл(а) в комнату
[01:04:01] pinky2 вышел(а) из комнаты: Connection failed: connection closed
[01:06:56] Filomena вошёл(а) в комнату
[01:08:43] nabeel вошёл(а) в комнату
[01:10:07] <Filomena> Hello, I got small problem, in Gajim version 0.16.5 menu "action" do not work properly (I assume) because only two options actually do something...
I just cannot connect to a chat room, via "action" menu. Anyone can help me with this issue?
Thanks :)
[01:11:57] JabAlacer вышел(а) из комнаты
[01:13:26] Holger вышел(а) из комнаты
[01:14:38] pinky2 вошёл(а) в комнату
[01:15:57] Holger вошёл(а) в комнату
[01:22:50] Holger вышел(а) из комнаты
[01:23:38] Tokodomo вошёл(а) в комнату
[01:24:15] JabAlacer вошёл(а) в комнату
[01:30:16] Filomena вышел(а) из комнаты: offline
[01:34:35] JabAlacer вышел(а) из комнаты
[01:36:59] Holger вошёл(а) в комнату
[01:41:46] ThUnd3r|Gr33n вышел(а) из комнаты: unknown reason
[01:43:30] focus121 вошёл(а) в комнату
[01:44:15] JabAlacer вошёл(а) в комнату
[01:55:19] Holger вышел(а) из комнаты
[01:56:35] Holger вошёл(а) в комнату
[01:58:31] jere вышел(а) из комнаты
[02:00:32] focus121 вышел(а) из комнаты
[02:00:36] focus121 вошёл(а) в комнату
[02:01:14] focus121 вышел(а) из комнаты
[02:01:18] focus121 вошёл(а) в комнату
[02:12:32] debalance вышел(а) из комнаты
[02:12:36] nabeel вышел(а) из комнаты: Replaced by new connection
[02:12:39] nabeel вошёл(а) в комнату
[02:13:12] focus121 вышел(а) из комнаты
[02:17:12] jere вошёл(а) в комнату
[02:18:58] debalance вошёл(а) в комнату
[02:23:14] nabeel вышел(а) из комнаты: Replaced by new connection
[02:23:17] nabeel вошёл(а) в комнату
[02:24:23] zinid вышел(а) из комнаты: Connection failed: connection closed
[02:33:09] jere вышел(а) из комнаты: Disconnected: Replaced by new connection
[02:33:16] jere вошёл(а) в комнату
[02:43:07] sezuan вышел(а) из комнаты: Replaced by new connection
[02:43:11] sezuan вошёл(а) в комнату
[02:49:19] anand вошёл(а) в комнату
[02:50:09] wiktor вышел(а) из комнаты
[02:50:11] wiktor вошёл(а) в комнату
[02:54:05] targ вышел(а) из комнаты: offline
[03:05:50] nabeel вышел(а) из комнаты: Replaced by new connection
[03:05:51] nabeel вошёл(а) в комнату
[03:17:07] nabeel вышел(а) из комнаты: Replaced by new connection
[03:17:09] nabeel вошёл(а) в комнату
[03:22:30] jere вышел(а) из комнаты: Disconnected: Replaced by new connection
[03:22:36] jere вошёл(а) в комнату
[03:33:06] jere вышел(а) из комнаты: Disconnected: Replaced by new connection
[03:33:10] jere вошёл(а) в комнату
[03:36:18] jere вышел(а) из комнаты: Disconnected: Replaced by new connection
[03:36:24] jere вошёл(а) в комнату
[03:49:47] nabeel вышел(а) из комнаты: Replaced by new connection
[03:49:49] nabeel вошёл(а) в комнату
[03:52:41] morad вышел(а) из комнаты
[03:57:20] nabeel вышел(а) из комнаты
[04:01:31] nabeel вошёл(а) в комнату
[04:07:08] mimi89999 вышел(а) из комнаты
[04:07:19] mimi89999 вошёл(а) в комнату
[04:09:00] nabeel вышел(а) из комнаты
[04:11:31] nabeel вошёл(а) в комнату
[04:13:31] JabAlacer вышел(а) из комнаты
[04:19:00] nabeel вышел(а) из комнаты
[04:23:02] nabeel вошёл(а) в комнату
[04:24:16] JabAlacer вошёл(а) в комнату
[04:29:01] hlad вышел(а) из комнаты: Replaced by new connection
[04:29:07] hlad вошёл(а) в комнату
[04:30:31] nabeel вышел(а) из комнаты
[04:36:06] nabeel вошёл(а) в комнату
[04:36:46] JabAlacer вышел(а) из комнаты
[04:43:07] nabeel вышел(а) из комнаты
[04:46:06] nabeel вошёл(а) в комнату
[04:53:35] nabeel вышел(а) из комнаты
[04:59:55] de-facto вышел(а) из комнаты
[05:00:16] stian вышел(а) из комнаты: Stream closed by us: Replaced by new connection (conflict)
[05:00:20] stian вошёл(а) в комнату
[05:02:34] stian вышел(а) из комнаты: Stream closed by us: Replaced by new connection (conflict)
[05:02:40] stian вошёл(а) в комнату
[05:14:16] JabAlacer вошёл(а) в комнату
[05:23:14] anand вышел(а) из комнаты
[05:24:10] JabAlacer вышел(а) из комнаты
[05:24:16] JabAlacer вошёл(а) в комнату
[05:36:08] jere вышел(а) из комнаты: Disconnected: Replaced by new connection
[05:36:12] jere вошёл(а) в комнату
[05:36:26] cippaciong вышел(а) из комнаты
[05:37:02] anand вошёл(а) в комнату
[05:48:23] JabAlacer вышел(а) из комнаты
[05:54:17] JabAlacer вошёл(а) в комнату
[06:04:00] fphome вышел(а) из комнаты
[06:14:11] JabAlacer вышел(а) из комнаты
[06:20:32] pod вошёл(а) в комнату
[06:36:49] jere вышел(а) из комнаты: Disconnected: Replaced by new connection
[06:36:52] jere вошёл(а) в комнату
[06:40:36] debalance вышел(а) из комнаты
[06:41:36] Psi-Jack вышел(а) из комнаты: unknown reason
[06:41:59] debalance вошёл(а) в комнату
[06:44:49] nabeel вошёл(а) в комнату
[06:45:51] jere вышел(а) из комнаты: Disconnected: Replaced by new connection
[06:45:59] jere вошёл(а) в комнату
[06:54:18] JabAlacer вошёл(а) в комнату
[07:14:52] ileh вошёл(а) в комнату
[07:16:46] anand вышел(а) из комнаты
[07:18:40] anand вошёл(а) в комнату
[07:25:29] Psi-Jack вошёл(а) в комнату
[07:26:50] nabeel вышел(а) из комнаты: Replaced by new connection
[07:26:53] nabeel вошёл(а) в комнату
[07:27:03] Psi-Jack вышел(а) из комнаты: unknown reason
[07:27:23] SouL вышел(а) из комнаты
[07:27:31] SouL вошёл(а) в комнату
[07:35:44] JabAlacer вышел(а) из комнаты
[07:42:54] nabeel вышел(а) из комнаты
[07:47:58] nabeel вошёл(а) в комнату
[07:50:23] JabAlacer вошёл(а) в комнату
[07:53:00] jere вышел(а) из комнаты
[07:55:41] Psi-Jack вошёл(а) в комнату
[07:57:29] anand вышел(а) из комнаты
[07:58:30] Psi-Jack вышел(а) из комнаты: unknown reason
[08:02:40] fphome вошёл(а) в комнату
[08:03:08] nabeel вышел(а) из комнаты
[08:05:20] SaltyBones вышел(а) из комнаты: Connection failed: connection closed
[08:05:32] SaltyBones вошёл(а) в комнату
[08:08:19] nabeel вошёл(а) в комнату
[08:09:10] JabAlacer вышел(а) из комнаты
[08:18:16] nabeel вышел(а) из комнаты: Replaced by new connection
[08:18:19] nabeel вошёл(а) в комнату
[08:21:49] cippaciong вошёл(а) в комнату
[08:21:52] SouL вышел(а) из комнаты
[08:21:53] SouL вошёл(а) в комнату
[08:32:23] rom1dep вышел(а) из комнаты
[08:33:17] nabeel вышел(а) из комнаты
[08:34:54] rom1dep вошёл(а) в комнату
[08:37:17] rom1dep вышел(а) из комнаты
[08:37:22] rom1dep вошёл(а) в комнату
[08:39:15] JabAlacer вошёл(а) в комнату
[08:40:14] nabeel вошёл(а) в комнату
[08:41:20] morad вошёл(а) в комнату
[08:47:06] sergio вошёл(а) в комнату
[08:49:01] erik вошёл(а) в комнату
[08:49:10] JabAlacer вышел(а) из комнаты
[08:49:18] JabAlacer вошёл(а) в комнату
[08:49:31] rom1dep вышел(а) из комнаты: Machine going to sleep
[08:53:05] morad вышел(а) из комнаты
[08:53:18] targ вошёл(а) в комнату
[08:55:09] nabeel вышел(а) из комнаты
[08:56:26] Psi-Jack вошёл(а) в комнату
[09:00:32] Psi-Jack вышел(а) из комнаты: unknown reason
[09:01:53] nabeel вошёл(а) в комнату
[09:03:51] cippaciong вышел(а) из комнаты: Replaced by new connection
[09:04:01] cippaciong вошёл(а) в комнату
[09:04:24] stian вышел(а) из комнаты: Stream closed by us: Replaced by new connection (conflict)
[09:04:29] stian вошёл(а) в комнату
[09:06:34] pinky вошёл(а) в комнату
[09:08:06] erik вышел(а) из комнаты: Machine going to sleep
[09:09:24] JabAlacer вышел(а) из комнаты
[09:09:58] stian вышел(а) из комнаты: Connection failed: connection closed
[09:10:04] stian вошёл(а) в комнату
[09:17:38] nabeel вышел(а) из комнаты
[09:18:13] pod вышел(а) из комнаты
[09:19:08] stian вышел(а) из комнаты: Connection failed: connection closed
[09:19:51] pinky вышел(а) из комнаты: Stream reset by peer
[09:20:14] stian вошёл(а) в комнату
[09:23:23] nabeel вошёл(а) в комнату
[09:32:30] zinid вошёл(а) в комнату
[09:32:30] zinid вышел(а) из комнаты
[09:32:40] zinid вошёл(а) в комнату
[09:33:20] nabeel вышел(а) из комнаты: Replaced by new connection
[09:33:23] nabeel вошёл(а) в комнату
[09:34:15] JabAlacer вошёл(а) в комнату
[09:39:04] rom1dep вошёл(а) в комнату
[09:45:12] jodok вышел(а) из комнаты
[09:45:42] erik вышел(а) из комнаты: Connection failed: connection closed
[09:45:49] erik вошёл(а) в комнату
[09:49:03] nabeel вышел(а) из комнаты
[09:51:55] JabAlacer вышел(а) из комнаты
[09:55:12] nabeel вошёл(а) в комнату
[09:58:58] Psi-Jack вошёл(а) в комнату
[09:59:40] stian вышел(а) из комнаты: Connection failed: connection closed
[10:06:01] nabeel вышел(а) из комнаты: Replaced by new connection
[10:06:03] nabeel вошёл(а) в комнату
[10:07:01] Psi-Jack вышел(а) из комнаты: unknown reason
[10:16:31] wiktor вошёл(а) в комнату
[10:16:42] SouL вышел(а) из комнаты
[10:16:42] SouL вышел(а) из комнаты
[10:16:49] nabeel вышел(а) из комнаты: Replaced by new connection
[10:16:52] nabeel вошёл(а) в комнату
[10:24:26] debalance вышел(а) из комнаты
[10:28:00] mimi89999 вышел(а) из комнаты
[10:28:05] mimi89999 вошёл(а) в комнату
[10:31:47] nabeel вышел(а) из комнаты
[10:33:17] badlop вошёл(а) в комнату
[10:36:01] anand вошёл(а) в комнату
[10:36:53] nabeel вошёл(а) в комнату
[10:38:57] debalance вошёл(а) в комнату
[10:40:10] hlad вошёл(а) в комнату
[10:40:55] Tokodomo вышел(а) из комнаты: Connection failed: connection closed
[10:42:01] Tokodomo вошёл(а) в комнату
[10:44:42] SaltyBones вошёл(а) в комнату
[10:45:04] mimi89999 вышел(а) из комнаты
[10:45:10] mimi89999 вошёл(а) в комнату
[10:45:27] hlad вышел(а) из комнаты
[10:46:30] hlad вошёл(а) в комнату
[10:51:50] nabeel вышел(а) из комнаты
[10:58:21] nabeel вошёл(а) в комнату
[10:59:46] anand вышел(а) из комнаты
[11:00:30] Psi-Jack вошёл(а) в комнату
[11:04:16] JabAlacer вошёл(а) в комнату
[11:04:59] Tokodomo вышел(а) из комнаты: Connection failed: connection closed
[11:05:16] Psi-Jack вышел(а) из комнаты: unknown reason
[11:07:38] ThUnD3r|Gr33n вошёл(а) в комнату
[11:08:12] Tokodomo вошёл(а) в комнату
[11:08:23] nabeel вышел(а) из комнаты: Replaced by new connection
[11:08:25] nabeel вошёл(а) в комнату
[11:12:12] JabAlacer вышел(а) из комнаты
[11:14:13] Tokodomo вышел(а) из комнаты: unknown reason
[11:18:23] nabeel вышел(а) из комнаты: Replaced by new connection
[11:18:26] nabeel вошёл(а) в комнату
[11:30:53] SouL вошёл(а) в комнату
[11:31:29] zinid вышел(а) из комнаты: unknown reason
[11:33:18] debalance вошёл(а) в комнату
[11:33:58] nabeel вышел(а) из комнаты
[11:34:03] Tokodomo вошёл(а) в комнату
[11:39:41] nabeel вошёл(а) в комнату
[11:41:29] fphome вышел(а) из комнаты
[11:42:24] fphome вошёл(а) в комнату
[11:43:17] SouL вошёл(а) в комнату
[11:44:05] anand вошёл(а) в комнату
[11:44:29] <debalance> Hey guys, just to make as many people as possible aware of what's happening:
http://git.deb.at/w/pkg/ejabberd.git/blob/c8495b6143a9313753237d6598e11357237df9a0:/debian/NEWS
[11:45:38] <debalance> People should see a debconf screen during the package upgrade with info and instructions, but as so often, people just hit OK without reading.
[11:46:10] <debalance> So if you get issues on github about this, just close 'em and point to the docs ;)
[11:48:58] SouL вошёл(а) в комнату
[11:49:46] nabeel вышел(а) из комнаты: Replaced by new connection
[11:49:49] nabeel вошёл(а) в комнату
[11:53:29] debalance вышел(а) из комнаты
[11:53:40] stefandxm вышел(а) из комнаты: Connection failed: connection closed
[11:53:57] debalance вошёл(а) в комнату
[12:01:27] nabeel вышел(а) из комнаты: Replaced by new connection
[12:01:30] nabeel вошёл(а) в комнату
[12:03:01] Psi-Jack вошёл(а) в комнату
[12:04:15] JabAlacer вошёл(а) в комнату
[12:05:15] Psi-Jack вышел(а) из комнаты: unknown reason
[12:07:14] Tokodomo вышел(а) из комнаты: Connection failed: connection closed
[12:07:53] Tokodomo вошёл(а) в комнату
[12:11:44] badlop вышел(а) из комнаты
[12:13:31] mimi89999 вышел(а) из комнаты
[12:13:32] mimi89999 вошёл(а) в комнату
[12:13:56] Tokodomo вышел(а) из комнаты: unknown reason
[12:16:25] nabeel вышел(а) из комнаты
[12:17:36] JabAlacer вышел(а) из комнаты
[12:21:36] wiktor вышел(а) из комнаты: Disconnected: Replaced by new connection
[12:21:38] wiktor вошёл(а) в комнату
[12:23:37] nabeel вошёл(а) в комнату
[12:24:15] JabAlacer вошёл(а) в комнату
[12:29:16] hlad вышел(а) из комнаты
[12:31:01] hlad вошёл(а) в комнату
[12:33:37] nabeel вышел(а) из комнаты: Replaced by new connection
[12:33:40] nabeel вошёл(а) в комнату
[12:36:16] zinid вошёл(а) в комнату
[12:39:51] <ThUnD3r|Gr33n> i prefer building from scratch :) but thanks for sharing!
[12:44:52] JabAlacer вышел(а) из комнаты
[12:44:53] <Holger> n:cl
[12:45:02] <Holger> (Sorry.)
[12:45:54] debalance вышел(а) из комнаты
[12:46:42] <zinid> debalance: fine by me :D
[12:48:41] <zinid> debalance: for the record, the new version will require libgd, libpng, libjpeg and libwebp :P
[12:48:51] <zinid> can be disabled though via --disable-graphics
[12:48:57] <debalance> thx for the heads up!
[12:49:15] <debalance> what's it used for?
[12:49:24] <zinid> for avatar convertation
[12:49:28] nabeel вышел(а) из комнаты
[12:49:35] <zinid> so far :)
[12:49:37] <debalance> neat
[12:54:06] debalance вошёл(а) в комнату
[12:54:09] Tokodomo вошёл(а) в комнату
[12:54:14] <zinid> I mean, you will be required to maintain yet another erlang package :P
[12:54:15] JabAlacer вошёл(а) в комнату
[12:54:17] <zinid> eimp
[12:54:33] nabeel вошёл(а) в комнату
[12:55:16] <zinid> https://github.com/processone/eimp
[12:55:44] <zinid> there are no problems with it basically, except that I don't know minimum required versions of those libs
[12:56:44] <debalance> We'll see ;)
[13:00:17] Tokodomo вышел(а) из комнаты: unknown reason
[13:03:31] jodok вошёл(а) в комнату
[13:03:47] Psi-Jack вошёл(а) в комнату
[13:06:41] JabAlacer вышел(а) из комнаты
[13:07:41] Psi-Jack вышел(а) из комнаты: unknown reason
[13:09:17] Tokodomo вошёл(а) в комнату
[13:09:50] Holger вышел(а) из комнаты
[13:12:40] zinid вышел(а) из комнаты: unknown reason
[13:13:17] Holger вошёл(а) в комнату
[13:14:58] jodok вышел(а) из комнаты
[13:15:20] Tokodomo вышел(а) из комнаты: unknown reason
[13:19:27] Holger вышел(а) из комнаты
[13:24:09] Holger вошёл(а) в комнату
[13:24:16] JabAlacer вошёл(а) в комнату
[13:26:26] jere вошёл(а) в комнату
[13:27:40] jere вышел(а) из комнаты: Disconnected: Replaced by new connection
[13:27:47] jere вошёл(а) в комнату
[13:27:49] nabeel вышел(а) из комнаты: Replaced by new connection
[13:27:52] nabeel вошёл(а) в комнату
[13:30:13] JabAlacer вышел(а) из комнаты
[13:37:07] Tokodomo вошёл(а) в комнату
[13:41:37] <debalance> zinid, at eimp "rebar eunit" doesn't find the eimp binary, i have ./priv/bin/eimp but it seems to be looking elsewhere
[13:42:41] <zinid> debalance: `make test`
[13:42:47] nabeel вышел(а) из комнаты
[13:42:58] <zinid> don't call rebar directly
[13:43:37] anand вышел(а) из комнаты
[13:44:17] <debalance> debalance@dex:/debian/new/erlang-p1-eimp$ make test
Makefile:28: *** missing separator (did you mean TAB instead of 8 spaces?).  Schluss.
[13:44:22] <debalance> you're missing a tab there
[13:45:23] <zinid> how that?
[13:45:27] <zinid> I have it working
[13:45:29] <zinid> wtf...
[13:45:53] <zinid> ah, it's xref
[13:46:47] <zinid> fixed
[13:47:25] <zinid> Schluss :D
[13:47:28] <zinid> I like the word
[13:47:31] <debalance> hehe
[13:47:37] Tokodomo вышел(а) из комнаты: unknown reason
[13:47:37] debalance вышел(а) из комнаты
[13:47:52] <debalance> alright, make test is working
[13:48:33] nabeel вошёл(а) в комнату
[13:54:18] JabAlacer вошёл(а) в комнату
[13:56:05] <debalance> zinid, where does eimp.app look for the eimp binary?
[13:56:43] <zinid> it calls code:which(eimp)
[13:56:46] jere вышел(а) из комнаты
[13:57:01] jere вошёл(а) в комнату
[13:57:33] <zinid> thus, it looks for the full path to eimp, e.g. /usr/lib/erlang/eimp-1.0.0/ebin/eimp.beam
[13:57:45] <zinid> then it strips 'ebin' and adds priv/bin
[13:58:23] <debalance> so /usr/lib/erlang/lib/p1_eimp-1.0.0/priv/bin/eimp should work?
[13:58:25] rom1dep вышел(а) из комнаты: unknown reason
[13:58:27] <zinid> yep
[13:58:32] <debalance> alright, thx!
[14:00:38] <zinid> no problems with dependent libs?
[14:00:45] <zinid> like libgd and friends
[14:00:55] <debalance> it appears not
[14:01:08] <zinid> what is the resulted dependencies?
[14:01:09] <debalance> I simply build-depend on libgd-dev, libjpeg-dev, libpng-dev, libwebp-dev
[14:01:29] <zinid> it seems like libgd-dev itself already requires all others
[14:01:36] <zinid> at least looking at its source code
[14:01:43] <debalance> libgd3 (>= 2.1.0~alpha~), libjpeg62-turbo (>= 1.3.1), libpng16-16 (>= 1.6.2-1), libwebp6 (>= 0.5.1)
[14:01:47] <zinid> for example, gd_jpeg.c or gd_png.c
[14:02:01] <debalance> and zlib1g  (>= 1:1.1.4)
[14:02:12] <zinid> yep zlib is also required
[14:02:34] <zinid> then probably libgd3 is fine?
[14:02:48] <zinid> I mean without other files
[14:02:49] erik вошёл(а) в комнату
[14:03:12] <zinid> I'm just not sure about libjpeg-turbo, is it drop-in replacement for libjpeg?
[14:03:28] nabeel вышел(а) из комнаты
[14:03:51] <debalance> AFAIK it is, yes
[14:03:55] debalance вошёл(а) в комнату
[14:04:09] <zinid> ok
[14:04:29] <Holger> Awesome name.
[14:04:33] <Holger> ejabberd-turbo
[14:04:45] <debalance> xD
[14:04:48] <zinid> ninja-turtle-turbo
[14:04:57] <debalance> zinid, on debian libgd-dev pulls in all the rest, yes
[14:05:07] <zinid> debalance: neat
[14:05:16] <debalance> but in the logs I have:
dpkg-shlibdeps: warning: package could avoid a useless dependency if debian/erlang-p1-eimp/usr/lib/erlang/p1_eimp/bin/eimp was not      linked against libz.so.1 (it uses none of the library's symbols)
dpkg-shlibdeps: warning: package could avoid a useless dependency if debian/erlang-p1-eimp/usr/lib/erlang/p1_eimp/bin/eimp was not      linked against libm.so.6 (it uses none of the library's symbols)
[14:05:27] Psi-Jack вошёл(а) в комнату
[14:05:39] <zinid> ah
[14:05:53] <zinid> well, -lz -lm is hardcode in rebar.config, true...
[14:05:58] <zinid> *hardcoded
[14:06:02] <zinid> not sure how to resolve this
[14:06:21] <zinid> probably just removing them?
[14:06:31] <zinid> I think libgd is always built with them, no?
[14:06:57] <zinid> anyway, one can probably LDFLAGS in the worst case
[14:07:09] <debalance> no idea, I see these warnings in other software/packages all the time, often noboday cares
[14:07:45] <zinid> well, I did some search and it's recommended to always provide -lm for math.h
[14:07:53] <zinid> because of some crappy platforms
[14:08:03] <debalance> lol, that figures
[14:08:39] <zinid> not sure though, I just read it on stackoverflow ;)
[14:08:40] nabeel вошёл(а) в комнату
[14:08:45] Psi-Jack вышел(а) из комнаты
[14:09:07] <debalance> "research" - aha! :P
[14:09:20] <zinid> what, I've spent 3.5 minutes
[14:09:26] <zinid> that's is a research!
[14:13:11] <zinid> I will remove the flags
[14:13:35] <zinid> after all, I include neither math.h nor zlib.h
[14:14:49] anand вошёл(а) в комнату
[14:16:29] Holger вошёл(а) в комнату
[14:16:31] Holger вышел(а) из комнаты
[14:16:32] <zinid> done
[14:20:30] <zinid> > ldd priv/bin/eimp | egrep 'lib[zm]'
        libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f3ae65ec000)
        libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f3ae63d4000)
[14:20:43] <zinid> right, so libgd provides them
[14:22:55] rom1dep вошёл(а) в комнату
[14:24:57] nabeel вышел(а) из комнаты
[14:30:02] nabeel вошёл(а) в комнату
[14:30:39] stian вошёл(а) в комнату
[14:41:31] nabeel вышел(а) из комнаты: Replaced by new connection
[14:41:33] nabeel вошёл(а) в комнату
[14:46:04] rom1dep вошёл(а) в комнату
[14:47:45] SouL вышел(а) из комнаты
[14:47:46] SouL вошёл(а) в комнату
[14:52:18] SouL вышел(а) из комнаты
[14:52:52] SouL вышел(а) из комнаты
[14:52:53] SouL вошёл(а) в комнату
[14:53:50] nabeel вышел(а) из комнаты
[14:56:38] wiktor вышел(а) из комнаты
[14:57:15] rom1dep вышел(а) из комнаты: Machine going to sleep
[14:59:36] wiktor вошёл(а) в комнату
[15:07:48] Psi-Jack вошёл(а) в комнату
[15:08:43] <debalance> https://ftp-master.debian.org/new/erlang-p1-eimp_1.0.0-1.html
[15:11:01] <zinid> that was fast
[15:11:04] <Holger> You heard of the library and then it took you *more than TWO hours* to package and submit it?!
[15:11:06] <Holger> Heh.
[15:11:19] <zinid> thank you very much!
[15:11:47] <zinid> one can never satisfy Holger
[15:11:58] <zinid> :D
[15:12:01] Psi-Jack вышел(а) из комнаты
[15:12:16] rozzin вышел(а) из комнаты: Machine going to sleep
[15:13:43] stian вышел(а) из комнаты: Connection failed: connection closed
[15:14:22] stian вошёл(а) в комнату
[15:15:01] <zinid> I'm almost done on mod_avatar
[15:15:28] <edhelas> zinid, what are you doing ?
[15:15:52] <zinid> again...
[15:15:54] <zinid> :)
[15:16:29] <zinid> edhelas: adding pep <-> vcard avatar exchange and webp <-> png <-> jpeg converter
[15:16:54] <zinid> thanks to great xmpp clients
[15:17:12] <edhelas> wow
[15:17:31] <edhelas> I just implemented WEPB handling in Movim :D
[15:17:47] <zinid> edhelas: +1
[15:17:54] <zinid> edhelas: what I'm doing is a hack
[15:17:57] <Holger> And Daniel just agreed to accept a PNG patch ;-)
[15:18:35] <zinid> which will increase avatars x10
[15:18:36] <edhelas> well it was a hack for me as well
[15:18:54] <zinid> better to produce jpeg, frankly
[15:19:11] <zinid> especially given that avatars are supposed to possess real photos
[15:19:12] <edhelas> the packaged php-imagick lib doesn't handle webp, but php-gd does, so I'm handling them with gd, convert to PNG and then handle wih imagick :D
[15:19:28] <zinid> rude...
[15:19:58] <zinid> anyway, pep <-> vcard is needed
[15:20:23] <edhelas> https://github.com/movim/movim/blob/master/src/Movim/Picture.php#L148
[15:20:58] <zinid> picture.php :D
[15:21:40] <zinid> anyway, seems like a trendy stuff we're doing!
[15:21:55] <rom1dep> > And Daniel just agreed to accept a PNG patch ;-)
What?
[15:22:11] nabeel вошёл(а) в комнату
[15:22:15] <zinid> rom1dep: he said that on the ticket, yes
[15:22:22] edhelas will push BMP
[15:22:35] jere вышел(а) из комнаты
[15:22:36] <zinid> rom1dep: he meant not your patch, though
[15:22:52] <zinid> rom1dep: he meant some patch crushing PNG to reduce size
[15:22:54] debalance вышел(а) из комнаты
[15:23:09] <zinid> which makes no sense in my opinion, they will get -10% decrease
[15:23:53] <rom1dep> try png, if too big, push jpeg, but never crazy webp
[15:24:09] <zinid> how to try?
[15:24:21] <zinid> iq-set => stream-reset => iq-set again?
[15:25:13] <Holger> rom1dep: Everyone bugged him to do PNG which made it way to easy for him to argue against it, I think :-)
[15:25:14] <rom1dep> on the client, it's not worth uploading something that is big
[15:25:38] <rom1dep> Holger :)
[15:25:51] <Holger> rom1dep: If people would've dropped their "the XEP SAYS PNG" whining and bugged him to do JPEG instead, that would've made more sense.
[15:25:53] <Holger> To me.
[15:26:36] <zinid> yeah, instead of coming to XSF and say (one more time) that they are a bunch of retards, they are pressing Daniel
[15:26:51] edhelas is doing JPEG on Movim
[15:27:07] <Holger> edhelas: THE XEP SAYS PNG!
[15:27:37] <rom1dep> XEP says jpg, btw, but not WebP, so it's bullshit all along :)
[15:27:39] edhelas never read the XEPs, I just read the incoming stanza from the socket and write parsers to handle them
[15:27:43] <Holger> rom1dep: Wat
[15:28:11] <Holger> User publishes avatar data for "image/png" content-type to data node and optionally publishes other content-types to HTTP URLs.
[15:28:12] nabeel вышел(а) из комнаты
[15:28:15] <Holger> https://xmpp.org/extensions/xep-0084.html
[15:28:50] <rom1dep> Support for the "image/gif" and "image/jpeg" content types is RECOMMENDED.
[15:28:59] <zinid> so?
[15:29:02] <zinid> png is required
[15:29:09] <rom1dep> it doesn't come out of thin air
[15:29:11] <zinid> you cannot assume someone support jpeg
[15:29:12] <rom1dep> yep
[15:29:32] <rom1dep> anyway, IRL is catching up with me
[15:29:57] <Holger> rom1dep: You MUST publish PNG.  The server will reject it due to size.  Those additional recommendations are completely irrelevant.
[15:30:02] <zinid> who cares about IRL, when the XEP says PNG
[15:30:07] <Holger> !!!
[15:30:30] <zinid> never deal with IRL!!!
[15:31:37] <edhelas> XEP-0666: IRL over XMPP
[15:33:15] <zinid> Holger: well, if you make your avatar 10x10 then it's fine
[15:33:29] <zinid> xmpp should work over 9600 bit after all
[15:34:33] <edhelas> depends of the color dept of those pixels
[15:35:11] edhelas will push LOTR Extended in GIF 10x10 10bits
[15:35:53] <zinid> 10x10x10 still 1000 bits, so it's ok for 9600bps
[15:37:20] JabAlacer вышел(а) из комнаты
[15:39:16] debalance вошёл(а) в комнату
[15:43:23] erik вышел(а) из комнаты: Machine going to sleep
[15:46:07] stian вышел(а) из комнаты: Connection failed: connection closed
[15:47:32] stian вошёл(а) в комнату
[15:49:09] targ вышел(а) из комнаты: Replaced by new connection
[15:49:21] targ вошёл(а) в комнату
[15:50:08] <debalance> Holger, I submitted it half an hour earlier, but it took that long for the page to become available ;)
[15:50:37] <Holger> debalance: Ahh, ok then.
[15:50:58] <zinid> excuse accepted
[15:51:15] jeremy вошёл(а) в комнату
[15:52:16] erik вошёл(а) в комнату
[15:53:40] stian вышел(а) из комнаты: Connection failed: connection closed
[15:53:49] stian вошёл(а) в комнату
[15:54:16] JabAlacer вошёл(а) в комнату
[16:01:05] focus121 вошёл(а) в комнату
[16:02:01] <focus121> hello together
[16:02:19] <focus121> trying mod_http_upload behind nginx reverse proxy
[16:02:21] Psi-Jack вошёл(а) в комнату
[16:02:53] <focus121> and its not working (for bosh I made it)
[16:02:58] <focus121> I also use sslh
[16:03:16] debalance вышел(а) из комнаты
[16:03:45] debalance вошёл(а) в комнату
[16:03:50] <Holger> It's not easy to give a useful comment on "it's not working" :-)
[16:04:14] <focus121>     port: 5443
    ip: "::"
    module: ejabberd_http
    #tls: true
    #certfile: 'CERTFILE'
    request_handlers:
      "upload": mod_http_upload
[...]
mod_http_upload:
    docroot: "/media/raspstick/ejabberd_http_upload"
    put_url: "https://im.@HOST@:4433/upload"
[16:04:25] <focus121> wait I give first all informations
[16:04:29] <focus121> :)
[16:04:42] <zinid> Holger is overreacting :)
[16:04:46] Psi-Jack вышел(а) из комнаты
[16:05:12] <Holger> https://im.@HOST@:4433/
[16:05:19] <Holger> Nginx is listening on that port?
[16:05:23] <focus121> yes
[16:05:26] <Holger> Not 433?  (Maybe a typo?)
[16:05:27] <Holger> Ok.
[16:05:31] <focus121> bc sslh
[16:05:31] <Holger> 443 :-)
[16:05:47] <Holger> Why would sslh not listen on 443?
[16:05:56] <focus121> location /upload {
proxy_pass            http://127.0.0.1:5443/;
proxy_set_header      Host $host;
proxy_buffering       off;
[16:06:02] <Holger> Isn't the point to multiplex everything on 443? :-)
[16:06:12] <Holger> The point of sslh ...
[16:06:30] <focus121> yes
[16:06:35] <focus121> listen:
(
     { host: "0.0.0.0"; port: "443"; }
);
protocols:
(
   { name: "tls"; host: "127.0.0.1"; port: "5223"; alpn_protocols: [ "xmpp-client" ]; log_level: 0;},
   # catch anything else TLS
   { name: "tls"; host: "127.0.0.1"; port: "4433";},
   { name: "xmpp";    host: "127.0.0.1"; port: "5222"; },
   { name: "timeout"; host: "127.0.0.1"; port: "4433";}
);
[16:07:02] JabAlacer вышел(а) из комнаты
[16:07:06] <focus121> nginx listen 4433 ssl http2 default;
[16:07:27] <zinid> http2 has a default port defined?
[16:07:39] <zinid> I though IANA is strongly against default ports
[16:08:06] <Holger> http2?
[16:08:18] <Holger> That's used here?
[16:08:58] <Holger> focus121: Anyway, so your clients are supposed to talk to port 443, right?
[16:08:58] <focus121> sorry that was from the nextcloud conf
[16:09:05] <Holger> Oh sorry.
[16:09:11] <Holger> ... zinid.
[16:09:13] <focus121> nginx listen 4433 ssl default;
[16:09:15] <Holger> Overlooked that line :-)
[16:09:31] <Holger> put_url: "https://im.@HOST@/upload"
[16:09:57] <focus121> Holger‎:  let me try
[16:10:10] <Holger> But yes 4433 might make sense for testing ;-)
[16:10:15] <Holger> I.e. to test without involving sslh.
[16:10:37] Tokodomo вошёл(а) в комнату
[16:12:50] <Holger> focus121: This is my Nginx config, BTW: https://raw.githubusercontent.com/processone/ejabberd-contrib/e2939a035/mod_http_upload/examples/nginx-upload.conf
[16:13:07] <Holger> focus121: Lets Nginx handle GET requests directly (without involving ejabberd).
[16:13:27] debalance вышел(а) из комнаты
[16:13:35] stian вышел(а) из комнаты: Stream closed by us: Replaced by new connection (conflict)
[16:13:36] <Holger> focus121: But I don't see an error in your snippet, except that you might stumble over client_max_body_size (see my snippet).
[16:13:39] stian вошёл(а) в комнату
[16:13:45] debalance вошёл(а) в комнату
[16:14:19] <Holger> The default limit is 1 MB I think.
[16:14:26] nabeel вошёл(а) в комнату
[16:14:40] <focus121> thank you, I will check
[16:15:16] pinky вошёл(а) в комнату
[16:20:05] pinky вышел(а) из комнаты: Stream closed by us: Replaced by new connection (conflict)
[16:20:08] pinky вошёл(а) в комнату
[16:20:26] nabeel вышел(а) из комнаты
[16:23:28] <focus121> I added "client_max_body_size", turned off sslh, chenged nginx to listen on 443. and put_url: "https://im.@HOST@/upload"
[16:23:45] <focus121> conversations: http upload failed because response code was 404
[16:24:07] <focus121> btw a ejabberdctl reload_config is enough?
[16:24:23] fphome вышел(а) из комнаты
[16:24:30] <focus121> or do I need to reboot ejabberd for that
[16:24:35] nabeel вошёл(а) в комнату
[16:24:42] fphome вошёл(а) в комнату
[16:29:28] Tokodomo вышел(а) из комнаты: unknown reason
[16:30:33] Tokodomo вошёл(а) в комнату
[16:30:39] nabeel вышел(а) из комнаты
[16:32:39] <ThUnD3r|Gr33n> restart ejabberd
[16:33:54] <Holger> focus121: grep upload ejabberd.log
[16:35:35] Tokodomo вышел(а) из комнаты: Connection failed: connection closed
[16:37:45] pinky вышел(а) из комнаты: Connection failed: connection closed
[16:38:44] <focus121> 2017-09-13 15:37:57.914 [info] <0.5429.0>@mod_http_upload:create_slot:552 Got HTTP upload slot for
bla@bla.com/98
[16:39:25] Alberto+ вошёл(а) в комнату
[16:40:16] SaltyBones вышел(а) из комнаты: Stream closed by us: Replaced by new connection (conflict)
[16:40:18] SaltyBones вошёл(а) в комнату
[16:40:32] <Holger> And then nothing?
[16:40:57] <focus121> nginx access log:
[16:41:00] <focus121> "PUT /upload/670b9b49538e2c3de5f3050e3fd41943049f73ba/JQKSOFfpaMule4ZgeLr4dLAfqPCM5HjMvj0BKjVh/kZzUUPnyQe6EtYnt9fuJCw.jpg HTTP/1.1" 404 278 "-" "Conversations 1.20.1" "-
[16:41:31] <Holger> Anything in Nginx' error log?
[16:42:37] <focus121> [warn] 23292#23292: *10 a client request body is buffered to a temporary file /var/lib/nginx/client-body/0000000002, client: 127.0.0.1, server: im.evolizzy.de, request: "PUT /upload/670b9b49538e2c3de5f3050e3fd41
[16:42:42] <focus121> looks okay I think
[16:44:10] <Holger> If there's no firewall in between, can you access the ejabberd listener directly from a browser?
[16:44:19] JabAlacer вошёл(а) в комнату
[16:44:26] <Holger> I mean http://im.evolizzy.de:5443/upload/ or something?
[16:44:47] <Holger> (Later I would specify ip: "127.0.0.1" for the listener.)
[16:45:44] Psi-Jack вошёл(а) в комнату
[16:46:21] <focus121> Ino firewall is on
[16:46:34] <focus121> but I cant access the listener
[16:46:40] <focus121> from browser
[16:47:18] <focus121> I donÄt understand. With bosh it works and with http_upload not
[16:47:31] <Holger> What happens if you try?
[16:48:31] <focus121> from other machine in LAN http://192.168.2.218:5443/upload i get "Not found."
[16:48:34] <Holger> Does "lynx http://localhost:5443/upload/" work on the ejabberd server (where "work" means it should return 404 Not found")?
[16:48:45] <Holger> Why are you using an IP address there?
[16:49:02] <Holger> It doesn't work with im.evolizzy.de:5443?
[16:49:18] <focus121> This site can’t be reached
[16:49:29] <Holger> So some networking foo ...
[16:51:12] zinid вошёл(а) в комнату
[16:51:55] <focus121> links http://localhost:5443/upload => "Not found.
[16:52:08] <focus121> on ejabberd server
[16:53:05] <Holger> And "links http://im.evolizzy.de:5443/upload/"?  Exactly the same?
[16:54:03] <focus121> yes
[16:54:37] <Holger> If you perform these requests with links, do you see corresponding ejabberd.log entries?
[16:54:58] <focus121> just to be sure what should I have now as put_url?
[16:55:01] <focus121> in ejabberd.yaml
[16:55:37] <Holger> Well depends on whether you want to test the final setup with sslh + Nginx in between or not.
[16:55:46] <Holger> put_url: "https://im.@HOST@/upload"
[16:55:54] <Holger> ... if you want to test the final setup.
[17:02:13] <focus121> Just so weird. It was working before i started with http://im.evolizzy.de:5443/upload/. So I could send files. Than I tried it with the nginx proxy pass and now I changed back to old settings and http://im.evolizzy.de:5443/upload/ dosent work anymore. Whats that for black magic
[17:06:35] nabeel вошёл(а) в комнату
[17:07:21] pod вошёл(а) в комнату
[17:08:21] Psi-Jack вышел(а) из комнаты: unknown reason
[17:08:22] Alberto+ вышел(а) из комнаты
[17:10:46] Psi-Jack вошёл(а) в комнату
[17:13:17] Psi-Jack вышел(а) из комнаты: unknown reason
[17:13:31] <focus121> Okay ist works again without proxy pass
[17:14:10] debalance вышел(а) из комнаты
[17:14:14] nabeel вышел(а) из комнаты
[17:14:18] <focus121> can sends files and they have the URL http://im.evolizzy.de:5443/upload/***
[17:15:03] <zinid> do xmpp clients even support multiple <info/> elements inside <metadata/> as described in https://xmpp.org/extensions/xep-0084.html#examples-multiple ?
[17:15:19] stian вышел(а) из комнаты: Stream closed by us: Replaced by new connection (conflict)
[17:15:24] <zinid> edhelas, Holger: ?
[17:15:27] stian вошёл(а) в комнату
[17:15:38] <focus121> like I said my sslh.conf looks like that and nginx listens on 4433:
[17:15:43] <focus121> listen:
(
     { host: "0.0.0.0"; port: "443"; }
);
protocols:
(
   { name: "tls"; host: "127.0.0.1"; port: "5223"; alpn_protocols: [ "xmpp-client" ]; log_level: 0;},
   # catch anything else TLS
   { name: "tls"; host: "127.0.0.1"; port: "4433";},
   { name: "xmpp";    host: "127.0.0.1"; port: "5222"; },
   { name: "timeout"; host: "127.0.0.1"; port: "4433";}
);
[17:15:52] <focus121> Is that fine like that?
[17:16:53] <Holger> zinid: I dunno.  edhelas?
[17:17:13] <Holger> focus121: Well maybe test with http://im.evolizzy.de:4433/ first, to track the issue down step by step?
[17:17:56] hlad вышел(а) из комнаты: Replaced by new connection
[17:18:03] hlad вошёл(а) в комнату
[17:18:10] Tokodomo вошёл(а) в комнату
[17:18:50] <Holger> focus121: sslh, Nginx and ejabberd should all log your HTTP accesses, and you can try them with browsers locally and remotely as shown above.  This should allow you to pinpoint the issue.  Suggesting each of these debugging steps from here is a bit of a PITA ;-)
[17:20:06] <focus121> ‎Holger‎: sure :)
[17:24:15] Tokodomo вышел(а) из комнаты: unknown reason
[17:28:31] Tokodomo вошёл(а) в комнату
[17:28:58] JabAlacer вышел(а) из комнаты
[17:29:00] Psi-Jack вошёл(а) в комнату
[17:31:29] <focus121> ‎Holger‎: Just to one qesteion about sslh. Usualy I should set it too tls 443 and not 4433? And than how should nginx listen on 443 too. I don't understand that
[17:32:34] <Holger> Well would work if they use different interfaces (sslh only the external one and Nginx only localhost, for example).
[17:32:40] <Holger> Otherwise no, it won't work :-)
[17:33:07] <Holger> Your setup makes sense.  Once things work I'd just change both ejabberd and Nginx to only listen on localhost.
[17:33:11] <focus121> you mean nginx listen  on 127.0.0.1:443 exept on 4433?
[17:33:23] <Holger> Er wat?
[17:33:41] <Holger> Only a single process can listen on a given address:port combination.
[17:34:08] <Holger> Ah or you mean my last comment?
[17:34:18] <focus121> yes
[17:34:40] <Holger> If only sslh is supposed to talk to Nginx on port 4433, change Nginx to listen on localhost:4433 rather than 0.0.0.0:4433.
[17:34:52] <Holger> Same for ejabberd_http.  Set ip: "127.0.0.1".
[17:35:17] <Holger> No point in making it accessible from remote hosts if all requests are supposed to be proxied.
[17:36:30] <Holger> Nginx has TLS on 4433 enabled, BTW?
[17:37:42] <focus121> Holger‎: How I can check that?
[17:38:03] <Holger> Looking at the Nginx config or trying https://...:4433/ in the browser?
[17:41:44] <focus121> Holger‎: yes its enabled
[17:44:22] anand вышел(а) из комнаты
[17:45:06] <zinid> damn, xep-0084 is retarded
[17:48:07] <zinid> <iq type='set' from='juliet@capulet.lit/chamber' id='publish2'>
  <pubsub xmlns='http://jabber.org/protocol/pubsub'>
    <publish node='urn:xmpp:avatar:metadata'>
      <item id='111f4b3c50d7b0df729d299bc6f8e9ef9066971f'>
        <metadata xmlns='urn:xmpp:avatar:metadata'>
          <info bytes='23456'
                height='64'
                id='357a8123a30844a3aa99861b6349264ba67a5694'
                type='image/gif'
                url='http://avatars.example.org/happy.gif'
                width='64'/>
        </metadata>
      </item>
    </publish>
  </pubsub>
</iq>
[17:48:10] <zinid> wtf?
[17:48:43] <zinid> item id should point to PNG always, but there is no png <info/> element in <metadata/>
[17:50:09] <edhelas> eheh
[17:51:14] jodok вошёл(а) в комнату
[17:51:24] <zinid> how to interpret this?
[17:51:57] <zinid> let's assume there is avatar:data by that item id, but why the fuck it's not included in the <metadata/>?
[17:53:00] <zinid> I will just ignore this shit
[17:53:24] <Holger> Why is what not included?
[17:54:19] debalance вошёл(а) в комнату
[17:54:33] JabAlacer вошёл(а) в комнату
[17:59:51] pod вышел(а) из комнаты
[18:01:43] <zinid> <info type='image/png' ... /> is not included
[18:03:02] <focus121> - So I upload a pic with conversations.
- in nginx access.log I get:
[18:03:10] <focus121> "127.0.0.1 - - [13/Sep/2017:16:58:15 +0200] "GET
/upload/670b9b49538e2c3de5f3050e3fd41943049f73ba/guxpuvr4kCMO2KVM1RopFyqrQJgJUMZqnebtlrkJ/e1kXPwt7Qy6mGpfmJ9YpaQ.j$
HTTP/2.0" 502 568 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/61.0.3163.79 Safari/537.36" "-"
[18:03:16] <focus121> - I open on my Browser:
[18:03:25] <focus121> https://im.evolizzy.de/upload/670b9b49538e2c3de5f3050e3fd41943049f73ba/guxpuvr4kCMO2KVM1RopFyqrQJgJUMZqnebtlrkJ/e1...
[18:03:37] <focus121> - and get:
[18:03:43] <focus121> "502 Bad Gateway"
[18:03:49] <focus121> - and get in nginx error log:
[18:03:55] <focus121> 2017/09/13 16:58:15 [error] 15120#15120: *3 upstream prematurely closed connection while reading response
header from upstream, client: 127.0.0.1, server: im.evolizzy.de, request: "GET
/upload/670b9b49538e2c3de5f3050e3fd41943049f73ba/guxpuvr4kCMO2KVM1RopFyqrQJgJUMZqnebtlrkJ/e1kXPwt7Qy6mGpfmJ9YpaQ.j$
HTTP/2.0", upstream:
"http://127.0.0.1:5443/upload/670b9b49538e2c3de5f3050e3fd41943049f73ba/guxpuvr4kCMO2KVM1RopFyqrQJgJUMZqnebtlrkJ/e1$
host: "im.evolizzy.de"
[18:04:15] <focus121> "sorry URL got cut off a bit"
[18:04:38] <focus121> Does someone has a clue what that could be with upstream prematurely closed connection while reading response header from upstream, client
[18:05:36] rozzin вошёл(а) в комнату
[18:06:44] JabAlacer вышел(а) из комнаты
[18:07:06] <Holger> HTTP/2.0?
[18:07:37] JabAlacer вошёл(а) в комнату
[18:07:43] debalance вышел(а) из комнаты
[18:08:18] <Holger> zinid: But it is?  I'm confused.
[18:08:30] <Holger> https://xmpp.org/extensions/xep-0084.html#process-pubmeta
[18:08:42] <Holger> <metadata><info/></metadata>, no?
[18:08:49] <zinid> where?
[18:08:55] <zinid> type='image/gif'
[18:08:58] <Holger> Ah.
[18:09:37] <Holger> zinid: Example 10?
[18:10:08] <Holger> Sorry I'm probably not paying enough attention.
[18:10:14] <focus121> Holger‎: Wtf, how I make nginx talk http/1.1
[18:10:19] <zinid> Holger: forget about it :)
[18:10:34] <Holger> zinid: Ok :-)
[18:10:41] <Holger> But <zinid> I will just ignore this shit
[18:10:58] <Holger> If something not gonna work I'd be interested in understanding it :-)
[18:11:27] <Holger> edhelas: The whole :metadata thing is basically just a workaround for the spam issue you mentioned isn't it.
[18:11:55] <Holger> edhelas: If we made sure you only receive last PEP data if it *changed*, we could just send the :data directly.
[18:15:10] hlad вышел(а) из комнаты
[18:15:34] <edhelas> I really have the feeling that if we want to break a couple of small things, we could considerably cleanup and simplify all those XEPs
[18:16:25] <edhelas> but because we want to keep existing clients, that will never evolve, compatible with old XEPs that are totally broken now… well we are struggling with sh** like this
[18:16:38] <focus121> ‎Holger‎: CHnged it: "‎upstream prematurely closed connection while reading response header from upstream, client: 127.0.0.1, server: im.evolizzy.de, request: "GET /upload/670b9b49538e2c3de5f3050e3fd41943049f73ba/x0I8kXYwfjmjNjPKGfzwmNqWQygTipEF7kKL4nXr/qN9vNApITdKSxpfctJ6S7w.jpg HTTP/1.1"
[18:16:42] <focus121> still the same
[18:17:25] sezuan вышел(а) из комнаты
[18:19:24] pinky вошёл(а) в комнату
[18:21:27] JabAlacer вышел(а) из комнаты
[18:21:42] Tokodomo вышел(а) из комнаты: Connection failed: connection closed
[18:21:48] Tokodomo вошёл(а) в комнату
[18:24:32] debalance вошёл(а) в комнату
[18:24:42] <Holger> focus121: When accessing http://im.evolizzy.de:5443/ I'm redirected to https:// from here, and then I get an "Internal server error" from your mod_http_upload.  You must've configured things in weird ways :-)
[18:25:23] jeremy вышел(а) из комнаты: Machine going to sleep
[18:25:44] <Holger> focus121: The "Internal server error" should be logged in ejabberd.log.
[18:26:07] <Holger> focus121: But the redirect is weird either way (or isn't it?) ...
[18:26:45] <focus121> Holger‎:  put_url http or https?
[18:26:57] <Holger> https
[18:27:11] <Holger> The put_url is communicated to the client.
[18:27:18] <Holger> I.e. it's the URL the client should use.
[18:27:36] <focus121> Holger‎: ok
[18:27:38] <Holger> But you're setting up three pieces of software at once.
[18:27:44] <Holger> And you're running into trouble.
[18:27:53] Tokodomo вышел(а) из комнаты: unknown reason
[18:27:55] <Holger> So I'd debug this step by step.
[18:28:15] <Holger> First step is making sure the ejabberd part works without involving Nginx or sslh.
[18:28:49] <Holger> And when looking at the ejabberd part from the outside, by querying http://im.evolizzy.de:5443/, weird stuff happens.
[18:28:55] <Holger> Two weird things actually.
[18:29:16] <Holger> So I'd try to understand those before continuing with also understand Nginx (and sslh) at the same time.
[18:31:56] jeremy вошёл(а) в комнату
[18:32:36] jeremy вышел(а) из комнаты: Machine going to sleep
[18:32:46] <Holger> 16:13 <== <focus121> Okay ist works again without proxy pass
16:14 <== <focus121> can sends files and they have the URL http://im.evolizzy.de:5443/upload/***
[18:32:49] <Holger> Is this still true?
[18:33:26] <focus121> Holger‎: yes, just changed in ejabberd  put_url: "https://im.@HOST@:5443/upload"
[18:33:38] <focus121> now it works like before
[18:33:40] <Holger> And that works?!
[18:33:44] <focus121> yes
[18:34:06] <Holger> Why?  Did you now enable HTTPS for your ejabberd_http listener?
[18:34:35] <focus121> yes, I changed it back like I had it before
[18:34:36] <Holger> proxy_pass            http://127.0.0.1:5443/;
[18:34:45] <Holger> Then this can't work of course.
[18:34:51] <Holger> No https:// there.
[18:35:31] <focus121> ‎Holger‎: No i changed it like I had it before
[18:35:47] <Holger> I have no idea what you had before and what after :-)
[18:35:58] <Holger> I'm working with the config snippets you showed us above.
[18:36:18] <Holger> If you change those without mentioning it I'm lost.
[18:36:21] <focus121> :D sorry
[18:36:31] <focus121> no i did't
[18:36:49] <focus121> so just before I tried the thing with proxying
[18:36:57] <Holger> Well up there you have TLS commented out.
[18:37:04] <Holger> I don't think it's commented out now.
[18:37:09] <focus121> I had:
[18:37:28] <focus121>     port: 5443
    ip: "::"
    module: ejabberd_http
    tls: true
    certfile: 'CERTFILE'
    request_handlers:
      "upload": mod_http_upload
[18:37:41] <focus121> so with tls
[18:37:58] <focus121> and put_url: "https://im.@HOST@:5443/upload"
[18:38:06] <focus121> that is working
[18:38:15] <focus121> than I want to do the proxy thing
[18:38:59] <focus121> so I commented tls and certfile
[18:39:14] <focus121>     port: 5443
    ip: "::"
    module: ejabberd_http
##    tls: true
##    certfile: 'CERTFILE'
    request_handlers:
      "upload": mod_http_upload
[18:40:05] <Holger> From the outside it looks like you now (1) DO have "tls: true" and (2) mod_http_upload has an unrelated problem which should be in your ejabberd.log.
[18:40:59] <Holger> You clearly to TLS on port 5443 right now.
[18:41:05] <Holger> You clearly do.
[18:42:27] <Holger> I must run, good luck!
[18:42:43] <focus121> Holger‎: okay thx. nice run
[18:44:17] JabAlacer вошёл(а) в комнату
[18:47:25] focus121 вышел(а) из комнаты: offline
[18:48:27] marek.w вышел(а) из комнаты: unknown reason
[18:49:16] stian вышел(а) из комнаты: Stream closed by us: Replaced by new connection (conflict)
[18:49:21] stian вошёл(а) в комнату
[18:50:38] marek.w вошёл(а) в комнату
[18:51:14] Holger вышел(а) из комнаты
[18:51:18] Holger вошёл(а) в комнату
[18:54:24] JabAlacer вышел(а) из комнаты
[18:54:49] Tokodomo вошёл(а) в комнату
[18:56:03] SaltyBones вышел(а) из комнаты: Connection failed: timeout
[19:00:50] Tokodomo вышел(а) из комнаты: unknown reason
[19:02:58] jeremy вошёл(а) в комнату
[19:04:00] jeremy вышел(а) из комнаты: Machine going to sleep
[19:06:33] stefandxm вошёл(а) в комнату
[19:09:55] Tokodomo вошёл(а) в комнату
[19:12:37] wiktor вышел(а) из комнаты
[19:13:58] edhelas вошёл(а) в комнату
[19:15:58] Tokodomo вышел(а) из комнаты: unknown reason
[19:16:28] edhelas вышел(а) из комнаты: Connection failed: connection closed
[19:16:54] edhelas вошёл(а) в комнату
[19:17:31] rom1dep вышел(а) из комнаты: unknown reason
[19:21:38] edhelas вышел(а) из комнаты: Stream reset by peer
[19:21:47] SaltyBones вышел(а) из комнаты: Stream closed by us: Replaced by new connection (conflict)
[19:21:49] SaltyBones вошёл(а) в комнату
[19:27:14] hlad вошёл(а) в комнату
[19:30:07] de-facto вошёл(а) в комнату
[19:30:28] <edhelas> does a pubsub node should return <feature var='http://jabber.org/protocol/pubsub#publish'/> if the JID cannot publish an item in that node (applies for all the other stuff in the disco#info)
[19:35:22] rom1dep вышел(а) из комнаты: unknown reason
[19:36:40] sergio вошёл(а) в комнату
[19:37:05] morad вошёл(а) в комнату
[19:42:08] stian вышел(а) из комнаты: Connection failed: connection closed
[19:42:37] stian вошёл(а) в комнату
[19:47:52] Tokodomo вошёл(а) в комнату
[19:53:56] Tokodomo вышел(а) из комнаты: unknown reason
[19:54:17] JabAlacer вошёл(а) в комнату
[20:01:10] hlad вышел(а) из комнаты: Replaced by new connection
[20:01:18] hlad вошёл(а) в комнату
[20:02:37] Tokodomo вошёл(а) в комнату
[20:04:11] JabAlacer вышел(а) из комнаты
[20:05:08] raidwas вошёл(а) в комнату
[20:08:03] Tokodomo вышел(а) из комнаты: Connection failed: connection closed
[20:10:54] erik вышел(а) из комнаты: Machine going to sleep
[20:11:21] <raidwas> I recently updated to 17.08 (from binary) on my server (ubuntu 16.04) and all ciphers containing ECDHE are not available anymore. I already found this (https://github.com/processone/ejabberd/issues/1947) saying that atleast openssl 1.0.2 is needed for ecdhe support. The old openssl version installed was already 1.0.2-f, but considering that this was not the most recent version of 1.0.2 I updated to 1.1.0f (from source) but this did not help, any ideas what is missing or do I have to compile ejabberd from source to make this work?
[20:15:02] rom1dep вошёл(а) в комнату
[20:18:59] <Holger> raidwas: You installed using the binary installer from ProcessOne?
[20:19:10] <raidwas> Holger, yes, exactly
[20:20:03] <Holger> Maybe it's shipping an old OpenSSL 😐
[20:20:14] <Holger> Can't check right now.
[20:24:17] JabAlacer вошёл(а) в комнату
[20:34:24] erik вошёл(а) в комнату
[20:39:13] Tokodomo вошёл(а) в комнату
[20:43:02] nabeel вошёл(а) в комнату
[20:44:06] focus121 вошёл(а) в комнату
[20:44:11] JabAlacer вышел(а) из комнаты
[20:45:30] Tokodomo вышел(а) из комнаты: unknown reason
[20:48:20] cippaciong вышел(а) из комнаты
[20:48:57] <focus121> Holger: Just for info. I started from beginning step by step. It works now. Thx for your help.
[20:49:03] nabeel вышел(а) из комнаты
[20:50:29] cippaciong вошёл(а) в комнату
[20:53:00] <Holger> focus121: Good ☺️
[20:53:01] raidwas вышел(а) из комнаты
[20:53:15] focus121 вышел(а) из комнаты
[20:54:15] JabAlacer вошёл(а) в комнату
[21:04:26] nabeel вошёл(а) в комнату
[21:05:14] wiktor вошёл(а) в комнату
[21:06:53] wiktor вышел(а) из комнаты
[21:08:46] wiktor вошёл(а) в комнату
[21:10:27] nabeel вышел(а) из комнаты
[21:10:53] Tokodomo вошёл(а) в комнату
[21:13:19] anand вошёл(а) в комнату
[21:14:10] JabAlacer вышел(а) из комнаты
[21:14:19] JabAlacer вошёл(а) в комнату
[21:16:54] Tokodomo вышел(а) из комнаты: unknown reason
[21:17:05] raidwas вошёл(а) в комнату
[21:17:51] raidwas вышел(а) из комнаты: Stream closed by us: system-shutdown
[21:18:28] raidwas вошёл(а) в комнату
[21:21:04] rom1dep вошёл(а) в комнату
[21:21:39] Tokodomo вошёл(а) в комнату
[21:30:38] ileh вышел(а) из комнаты: unknown reason
[21:31:32] ileh вошёл(а) в комнату
[21:31:33] ileh вышел(а) из комнаты
[21:32:39] ileh вошёл(а) в комнату
[21:33:37] stefandxm вышел(а) из комнаты: Connection failed: connection closed
[21:34:11] JabAlacer вышел(а) из комнаты
[21:39:56] stefandxm вошёл(а) в комнату
[21:40:16] Tokodomo вышел(а) из комнаты: unknown reason
[21:40:50] JabAlacer вошёл(а) в комнату
[21:47:54] stian вышел(а) из комнаты: Connection failed: connection closed
[21:48:01] stian вошёл(а) в комнату
[21:48:34] Tokodomo вошёл(а) в комнату
[21:54:11] JabAlacer вышел(а) из комнаты
[21:56:26] stefandxm вышел(а) из комнаты: Connection failed: connection closed
[21:57:17] raidwas вышел(а) из комнаты
[21:57:35] raidwas вошёл(а) в комнату
[21:57:52] stefandxm вошёл(а) в комнату
[21:58:01] Neustradamus вышел(а) из комнаты
[21:59:13] Tokodomo вышел(а) из комнаты: Connection failed: ping_timeout
[21:59:59] debalance вышел(а) из комнаты
[22:01:35] Neustradamus вошёл(а) в комнату
[22:02:01] Neustradamus вышел(а) из комнаты
[22:03:33] raidwas вошёл(а) в комнату
[22:04:28] jeremy вошёл(а) в комнату
[22:04:38] Neustradamus вошёл(а) в комнату
[22:05:55] Tokodomo вошёл(а) в комнату
[22:11:58] Tokodomo вышел(а) из комнаты: unknown reason
[22:14:54] jeremy вышел(а) из комнаты
[22:15:08] anand вышел(а) из комнаты
[22:19:09] nabeel вошёл(а) в комнату
[22:20:01] <Holger> raidwas: I checked now, the OpenSSL version is too old indeed :-/  You could open an issue on GitHub: https://github.com/processone/ejabberd/issues/new
[22:20:01] raidwas вышел(а) из комнаты
[22:20:02] andrey.g вышел(а) из комнаты
[22:21:37] <raidwas> holger, compiled it myself already ^^ Now got the problem that it wont connect to the server of a friend of mine that uses a self signed certificate (similar as the problem here: https://stackoverflow.com/questions/46125311/how-to-enable-self-signed-certificates-on-ejabberd-s2s-connections). Seems that something regarding acceptance of self signed certificates changed from 16.x to 17.08?
[22:22:07] <Holger> raidwas: Add 'mod_s2s_dialback: {}' to the list of modules:.
[22:22:17] cippaciong вышел(а) из комнаты
[22:22:23] jeremy вошёл(а) в комнату
[22:22:29] <raidwas> holger: is already there
[22:22:43] <Holger> raidwas: And while at it, 'mod_stream_mgmt: {}', 'mod_push: {}', and 'mod_push_keepalive: {}'.
[22:22:45] <Holger> Hm.
[22:22:52] Tokodomo вошёл(а) в комнату
[22:23:04] <Holger> What do you get in the logs?
[22:25:37] <raidwas> Holger:
2017-09-13 18:52:31.898 [info] <0.440.0>@ejabberd_s2s_out:init:279 Outbound s2s connection started: auch.dnshome.de -> <other server>.eu
2017-09-13 18:52:32.354 [info] <0.440.0>@ejabberd_s2s_out:handle_auth_success:218 (tls|<0.447.0>) Accepted outbound s2s EXTERNAL authentication auch.dnshome.de -> <other server>.eu (91.121.67.111)
2017-09-13 18:52:32.719 [info] <0.458.0>@ejabberd_s2s_in:handle_auth_failure:206 (tls|<0.457.0>) Failed inbound s2s EXTERNAL authentication <other server>.eu -> auch.dnshome.de (::FFFF:91.121.67.111): self signed certificate
2017-09-13 18:52:33.496 [info] <0.482.0>@ejabberd_s2s_out:init:279 Outbound s2s connection started: auch.dnshome.de -> conference.<other server>.eu
2017-09-13 18:52:33.936 [info] <0.482.0>@ejabberd_s2s_out:handle_auth_success:218 (tls|<0.487.0>) Accepted outbound s2s EXTERNAL authentication auch.dnshome.de -> conference.<other server>.eu (91.121.67.111)
2017-09-13 18:52:34.288 [info] <0.490.0>@ejabberd_s2s_in:handle_auth_failure:206 (tls|<0.489.0>) Failed inbound s2s EXTERNAL authentication conference.<other server>.eu -> auch.dnshome.de (::FFFF:91.121.67.111): self signed certificate
2017-09-13 18:52:34.570 [info] <0.492.0>@ejabberd_s2s_in:handle_auth_failure:206 (tls|<0.491.0>) Failed inbound s2s EXTERNAL authentication conference.<other server>.eu -> auch.dnshome.de (::FFFF:91.121.67.111): self signed certificate
2017-09-13 18:53:07.216 [info] <0.508.0>@ejabberd_s2s_in:handle_auth_failure:206 (tls|<0.507.0>) Failed inbound s2s EXTERNAL authentication <other server>.eu -> auch.dnshome.de (::FFFF:91.121.67.111): self signed certificate
2017-09-13 18:53:07.276 [info] <0.510.0>@ejabberd_s2s_in:handle_auth_failure:206 (tls|<0.509.0>) Failed inbound s2s EXTERNAL authentication conference.<other server>.eu -> auch.dnshome.de (::FFFF:91.121.67.111): self signed certificate
[22:26:31] <raidwas> After this it just repeats the same messages a few times. Woops could have removed the lines for the conference as well sry
[22:27:30] <Holger> And it doesn't work?
[22:27:41] nabeel вышел(а) из комнаты
[22:28:06] <Holger> The messages you quoted are just informational, ejabberd should fall back to Dialback auth if you enabled that module.
[22:28:53] Tokodomo вышел(а) из комнаты: unknown reason
[22:29:56] <raidwas> exactly, it does not work (He did not change any of his settings and according to openssl we share 1 cipher). dialback is working for sure, as another connection to another server is using dialback according to the logs
[22:32:11] <Holger> And the remote server supports Dialback?
[22:32:14] raidwas вышел(а) из комнаты
[22:34:39] nabeel вошёл(а) в комнату
[22:44:18] JabAlacer вошёл(а) в комнату
[22:46:39] raidwas вошёл(а) в комнату
[22:47:21] <raidwas> Holger: Trying to find out exactly that right now.
[22:49:48] <raidwas> Holger: another realy disturbing thing is that the im observatory does not show "Still in progress" for the ciphers under s2s and never finishes, but the c2s finishes and shows corresponding ciphers, any idea what could cause this (https://check.messaging.one/result.php?domain=auch.dnshome.de&type=server)? (obviously the server supports _some_ ciphers due to being able to connect to other server that I know require it)
[22:52:08] sergio вышел(а) из комнаты
[22:52:11] <Holger> raidwas: What server software / version is the remote server running?
[22:52:30] <raidwas> Holger: Prosody hg:39188851811c trying to figure out which version it is right now..
[22:53:21] nabeel вышел(а) из комнаты
[22:53:50] <Holger> May be an incompatibility between recent Prosody and recent ejabberd then.
[22:54:31] <Holger> Prosody fails to fall back to Dialback after certificate auth failed.
[22:54:44] <Holger> Prosody >= 0.10.x IIRC.
[22:55:04] <raidwas> dont think so, he is kind of the.. it works dont touch it again mentality
[22:55:21] <Holger> What don't you think?
[22:55:30] <raidwas> that its a  recent prosody
[22:56:00] <Holger> https://hg.prosody.im/0.10/rev/89c42aff8510
[22:56:24] <Holger> If his commit includes this one, he's affected.
[22:56:27] <wiktor> If only EC ciphers are enabled then the connection fails between Prosody and ejabberd (curve mismatch). But that's only if one configures ciphers manually. Defaults work OK.
[22:57:23] <Holger> wiktor: Certain versions and configurations yes.  Won't happen with the most recent ejabberd code.  Either way that's not the issue here.
[22:57:51] raidwas вышел(а) из комнаты: Stream closed by us: system-shutdown
[22:57:59] <wiktor> Holger: so you mean ejabberd will now support P-256?
[22:58:06] raidwas вошёл(а) в комнату
[22:58:11] <wiktor> Because that's the only curve supported by Prosody
[22:58:28] ileh вышел(а) из комнаты: unknown reason
[22:58:46] <Holger> wiktor: Yes.  It will let OpenSSL negotiate the curve.
[22:59:04] <Holger> Requires OpenSSL > 1.0.2 though.
[22:59:31] <raidwas> 1.1.0 installed from source yesterday, so that should be more than up to date
[22:59:34] <Holger> wiktor: Either way ejabberd wouldn't get to the point of checking the certificate if this was the issue.
[22:59:43] <wiktor> Great! That was a problem for me when I wanted to use paranoid security settings before, I hope people upgrade their ejabberds
[23:00:02] <Holger> wiktor: Maybe just don't use paranoid settings? :-)
[23:01:20] <wiktor> Holger: thanks for the warning dad :-)
[23:03:02] <Holger> Would be too easy I guess :-)
[23:04:46] <Holger> raidwas: Seems 39188851811c is 3 months old and affected indeed.
[23:05:08] <raidwas> jup, he updated, but the problem persists
[23:06:24] <Holger> raidwas: https://prosody.im/pastebin/09a978a1-13e5-4744-a44c-9288e31b4a53 would fix it on his side.
[23:07:19] andrey.g вошёл(а) в комнату
[23:08:09] Tokodomo вошёл(а) в комнату
[23:08:36] focus121 вошёл(а) в комнату
[23:11:30] <raidwas> Judging from this line dialback is enabled (and working):
2017-09-13 20:02:54.979 [info] <0.485.0>@ejabberd_s2s_in:handle_auth_success:188 (tls|<0.484.0>) Accepted inbound s2s dialback authentication conference.jabber.ru -> auch.dnshome.de (::FFFF:95.108.194.209)
But judging from these lines somehow it fails to get into dialback mode?:
2017-09-13 20:02:50.495 [debug] <0.431.0>@ejabberd_s2s:start_connection:394 Finding connection for {<<"auch.dnshome.de">>,<<"mynery.eu">>}
2017-09-13 20:02:50.495 [info] <0.433.0>@ejabberd_s2s_out:init:279 Outbound s2s connection started: auch.dnshome.de -> mynery.eu
2017-09-13 20:02:51.120 [debug] <0.453.0>@ejabberd_receiver:process_data:284 Received XML on stream = <<"<?xml version='1.0'?><stream:stream xmlns:db='jabber:server:dialback' xmlns:stream='http://etherx.jabber.org/streams' xml:lang='en' from='mynery.eu' to='auch.dnshome.de' version='1.0' xmlns='jabber:server'>">>
[23:12:51] sergio вышел(а) из комнаты
[23:13:04] <Holger> raidwas: I think we tracked the issue down already.  You doubt it? :-)
[23:13:07] hlad вышел(а) из комнаты
[23:13:38] <raidwas> Well, he updated and it still is there so, no, or am i missing something?
[23:13:49] <Holger> Recent Prosody doesn't fix the issue.
[23:14:12] <Holger> Recent Prosody fails to negotiate Dialback against recent ejabberd.
[23:14:21] morad вышел(а) из комнаты
[23:14:38] <raidwas> ah, lol ok. so now he went from too old to too new?
[23:15:09] <Holger> He want from quite recent to even more recent, both versions include the bad change.
[23:15:32] <Holger> We refuse to change our behavior.  You might have more luck convincing them :-)
[23:15:55] <Holger> Especially as Prosody dev Zash already suggested the fix I referenced above.
[23:16:03] <Holger> Dunno why they didn't apply it.
[23:16:11] <Holger> https://prosody.im/pastebin/09a978a1-13e5-4744-a44c-9288e31b4a53
[23:16:24] <raidwas> ah ok, now i get it thanks
[23:17:01] <Holger> (I'm not aware of an issue in the Prosody tracker, maybe would make sense to create one.)
[23:18:44] <raidwas> Holger: thank you a lot, will tell him to include that patch and see if it fixes it
[23:19:09] <Holger> raidwas: Yes I'd be interested whether it does.
[23:19:14] hlad вышел(а) из комнаты: Replaced by new connection
[23:19:21] hlad вошёл(а) в комнату
[23:19:21] <rom1dep> Holger: so now you also patch prosody? The entire and complex XMPP multiverse depends on…
[23:19:30] <rom1dep> Holger: so now you also patch prosody? The entire and complex XMPP multiverse depends on you now…
[23:20:24] <raidwas> Well, atleast he knows all the fixes in the XMPP multiverse
[23:20:25] <Holger> rom1dep: Haha this patch was from Zash.
[23:20:47] <rom1dep> ^^ ok
[23:22:01] <Holger> I bugged him with this issue, he somewhat agreed, but not enough to apply his patch it seems.
[23:23:53] SaltyBones вошёл(а) в комнату
[23:24:27] <rom1dep> it's not so important, there are only one and a half users of prosody after all
[23:26:49] <Holger> And everyone wants paranoid TLS settings anyway these days, so if Dialback fails that's a security feature.
[23:27:39] jodok вышел(а) из комнаты: Replaced by new connection
[23:27:42] jodok вошёл(а) в комнату
[23:28:56] pinky вышел(а) из комнаты: Connection failed: connection closed
[23:29:27] pinky вошёл(а) в комнату
[23:29:46] <raidwas> just to be sure on my end: do any setting in ejabberd.yml prevent transition of dialback on my end?
[23:30:54] debalance вошёл(а) в комнату
[23:32:39] <Holger> raidwas: No, as you said Dialback would then also fail for (all) other remote serves.
[23:33:23] raidwas вошёл(а) в комнату
[23:35:07] Holger вышел(а) из комнаты: Replaced by new connection
[23:35:09] Holger вошёл(а) в комнату
[23:35:20] debalance вышел(а) из комнаты
[23:39:41] edhelas вышел(а) из комнаты: Stream reset by peer
[23:39:45] <zinid> wiktor: don't you guys understand that with paranoid settings you just piss off newcomers from jabber
[23:39:45] raidwas вышел(а) из комнаты
[23:40:06] edhelas вошёл(а) в комнату
[23:40:40] <wiktor> zinid: what do my server settings have to do with jabber newcomers?
[23:41:55] <wiktor> zinid: I assure you that they care as much about my settings as they do about whatever what's app uses
[23:43:04] <rom1dep> they are paranoid, new comers are generally easily intimidated by barking dogs, people wearing ping flip flops in winter, and paranoid settings.
[23:43:15] <zinid> they don't care indeed, the setup a server, see that nothing works and say "screw this jabber shit"
[23:43:21] <zinid> good job, cryptobitches
[23:47:25] <wiktor> Newcomers use conversations.im
[23:47:59] <wiktor> My server doesn't even have registration enabled
[23:48:01] <zinid> only wealthy ones :D
[23:48:19] <zinid> I mean new server admins
[23:49:05] Tokodomo вышел(а) из комнаты: unknown reason
[23:49:20] <wiktor> Well, I'm not promoting my server settings to anyone so what is exactly the problem? That people can enable paranoid settings?
[23:49:43] <wiktor> If choice is what ruins xmpp then it is indeed doomed
[23:49:47] <zinid> am I not clear already?
[23:49:51] <zinid> should I repeat 10 times?
[23:50:17] <zinid> choice, my ass
[23:50:36] <rom1dep> zinid: new server admins have more chance to be scared of erland than by cryptic crypto errors
[23:51:31] <wiktor> Especially that the tls crypto settings are exactly the same as with any http server
[23:52:59] <zinid> rom1dep: most of admins don't give a fuck, only old farts are farting
[23:55:18] JabAlacer вышел(а) из комнаты
[23:56:20] jannic вышел(а) из комнаты: Replaced by new connection
[23:56:43] jannic вошёл(а) в комнату
[23:57:14] <raidwas> I don't think paranoid settings are any problem in this case, as: paranoid settings on someons own server shouldn't pose a problem communicating with it, as most non-paranoid - paranoid server constelations work. The constellations that typically dont work are paranoid - paranoid, but in this the owners of the servers might not just give up, as they seem to know at least a bit about technology (why would they have set up a paranoid xmpp server if not) so they should be able to figure it out
[23:57:18] Tokodomo вошёл(а) в комнату
[23:58:36] <zinid> raidwas: ever administrated huge xmpp server with thousands of s2s?
[23:58:50] <zinid> when you receive complains from users that this server doesn't work
[23:59:05] <zinid> when you start digging - 99% retarded paranoid settings is the reason
[23:59:07] <Holger> raidwas: I can't count the number of users asking why they can't talk to their remote contacts during the past few months.
[23:59:14] <Holger> raidwas: ... due to that curve issue.
[23:59:48] <Holger> raidwas: Some server admins are aware of the issue and refuse to adjust their config, others aren't aware, whatever.

Powered by ejabberd - robust, scalable and extensible XMPP server