Chat Support Request


(Eric Wright) #1

I know the messenger feature is just beta, but I’d like to ask if someone can help me to get it working? It comes up on my end, and from diasp.org I can see myself, but I can’t see myself from my own node and am unable to communicate. I’ve tried doing this with two accounts on my own server, still no love. I’m pretty sure I followed all the steps properly but I’m still having issues.


(Eric Wright) #2

Hmmm think I may have screwed up my prosody install.

I’m getting this error in the log:

Oct 23 03:11:06 general info Hello and welcome to Prosody version 0.10.0
Oct 23 03:11:06 general info Prosody is using the select backend for connection handling
Oct 23 03:11:06 modulemanager error Error initializing module ‘auth_diaspora’ on ‘diaspsocial.com’: /usr/bin/prosody:185: module ‘DBI’ not found:No LuaRocks module found for DBI
no field package.preload[‘DBI’]
no file ‘/usr/lib/prosody/DBI.lua’
no file ‘/usr/local/share/lua/5.1/DBI.lua’
no file ‘/usr/local/share/lua/5.1/DBI/init.lua’
no file ‘/usr/local/lib/lua/5.1/DBI.lua’
no file ‘/usr/local/lib/lua/5.1/DBI/init.lua’
no file ‘/usr/share/lua/5.1/DBI.lua’
no file ‘/usr/share/lua/5.1/DBI/init.lua’
no file ‘/var/lib/prosody/.luarocks/share/lua/5.1/DBI.lua’
no file ‘/var/lib/prosody/.luarocks/share/lua/5.1/DBI/init.lua’
no file ‘/usr/lib/prosody/DBI.so’


(Eric Wright) #3

Ok, so I’m not having the issue I had above anymore :slight_smile: fixed, that. I guess here’s where I’m confused:

do I need to create an ‘im’ subdomain in my dns settings? so, https://im.diaspsocial.com? If so, does prosody take care of the virtual host setting? not nginx? I’m not sure what I need to do with letsencrypt to get the keys right either, that seems to be the only thing prosody is complaining about at this point when I restart it.


(Eric Wright) #4

Anyone possibly able to help? I got the certs for it, so prosody isn’t throwing anymore errors, but my chat still isn’t working.


(goob) #5

Not all pods have the chat feature installed, and it’s still in a somewhat experimental stage. I hope @zauberstuhl, who was the driving force behind this feature’s development won’t mind me pinging him. Hopefully he can help, or recommend someone else who can if he is currently too busy.


(Eric Wright) #6

Sounds good. In the meantime, I’m following this guide:

https://wiki.diasporafoundation.org/Integration/XMPP/Prosody#Other_recommendations

Specifically the portion near the bottom titled “Add a virtual host for your pod”

Here’s what my vhost looks like, please tell me if I did this correctly? Because I can’t start nginx with the 'authentication = “diaspora” ’ portion.

<VirtualHost>

upstream diaspora_server {
server unix:/home/diaspora/diaspora/tmp/diaspora.sock;
}

server {
if ($host = www.diaspsocial.com) {
return 301 https://$host$request_uri;
} # managed by Certbot

if ($host = diaspsocial.com) {
    return 301 https://$host$request_uri;
} # managed by Certbot

listen 80;
listen [::]:80;
server_name www.diaspsocial.com diaspsocial.com;
return 301 https://diaspsocial.com$request_uri;

access_log /dev/null;
error_log /dev/null;

}

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.diaspsocial.com diaspsocial.com;

if ($host = www.diaspsocial.com) {
return 301 https://diaspsocial.com$request_uri;
}

access_log /var/log/nginx/diaspsocial-access.log;
error_log /var/log/nginx/diaspsocial-error.log;

'# ssl_certificate /etc/nginx/https/fullchain.pem;
'# ssl_certificate_key /etc/nginx/https/key.pem;

ssl_protocols TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES;
ssl_ecdh_curve X25519:P-521:P-384:P-256;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
resolver ‘ipsredacted’ valid=300s;
resolver_timeout 5s;
ssl_session_cache shared:SSL:10m;

root /home/diaspora/diaspora/public;

client_max_body_size 5M;
client_body_buffer_size 256K;

try_files $uri @diaspora;

location /assets/ {
expires max;
add_header Cache-Control public;
}

location @diaspora {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://diaspora_server;
}

ssl_certificate /etc/letsencrypt/live/diaspsocial.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/diaspsocial.com/privkey.pem; # managed by Certbot

}

upstream chat_cluster {
server localhost:5280;
}
server {
location /http-bind {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;

proxy_redirect off;
proxy_connect_timeout 5;
proxy_buffering off;

proxy_read_timeout 70;
keepalive_timeout 70;
send_timeout 70;

authentication = “diaspora”
– Uncomment and adjust username and password for MySQL/MariaDB
–auth_diaspora = { driver = “MySQL”, database = “diaspora_production”, username = “diaspora”, password = “pass”, host = “localhost” }
– Uncomment and adjust username and password for PostgreSQL
auth_diaspora = { driver = “PostgreSQL”, database = “diaspora_production”, username = “usernameredacted”, password = “passwordredacted”, host = “localhost” }

modules_enabled = {
“diaspora_contacts”;
“bosh”; – Enable BOSH clients, aka “Jabber over HTTP”
};

client_max_body_size 4M;
client_body_buffer_size 128K;

proxy_pass http://chat_cluster;
}
}


(goob) #8

I’d recommend a public post in diaspora with tags such as #diaspora #chat #help #prosody

Hopefully someone who runs the chat feature on their pod will see and be able to help. It might just be that the relevant people aren’t looking in here at the right time. Obviously this is the ideal location to request support; but if you’re not getting it in good time for this issue, you could try within d* itself to see if that will get you the help you need.


(Lukas Matt) #9

Hi! Sorry for the late reply, I worked all day.

@shawneric regarding your nginx conf; It fails cause the part you are mentioning belongs into the prosody config file NOT in the nginx file.

The topic " Add a virtual host for your pod" is under the section " Changes in prosody.cfg.lua" :slight_smile:

Checkout https://wiki.diasporafoundation.org/Integration/Chat#Nginx if you want to configure your nginx.
The only thing you have to configure for the web proxy is the /http-bind path


(Eric Wright) #10

Thanks Lukas, would you mind hanging on a for a few minutes for me to work on this in case I have any more questions? I just got home from work myself


(Eric Wright) #12

Ok, found out where that went. I think I should give you all four of my config files. Hang on a minute and let me gather those, this way you can tell me exactly what the heck I’m doing wrong :frowning: It’s still not working.

prosody.cfg.lua
  -- Prosody Example Configuration File
 --
 -- Information on configuring Prosody can be found on our
 -- website at https://prosody.im/doc/configure
 --
 -- Tip: You can check that the syntax of this file is correct
 -- when you have finished by running this command:
 --     prosodyctl check config
 -- If there are any errors, it will let you know what and where
 -- they are, otherwise it will keep quiet.
 --
 -- The only thing left to do is rename this file to remove the .dist ending, and fill in the
 -- blanks. Good luck, and happy Jabbering!
 
 
 ---------- Server-wide settings ----------
 -- Settings in this section apply to the whole server and are the default settings
 -- for any virtual hosts
 
 -- This is a (by default, empty) list of accounts that are admins
 -- for the server. Note that you must create the accounts separately
 -- (see https://prosody.im/doc/creating_accounts for info)
 -- Example: admins = { "user1@example.com", "user2@example.net" }
 admins = { "eric@diaspsocial.com" }
 
 -- Enable use of libevent for better performance under high load
 -- For more information see: https://prosody.im/doc/libevent
 --use_libevent = true
 
 -- Prosody will always look in its source directory for modules, but
 -- this option allows you to specify additional locations where Prosody
 -- will look for modules first. For community modules, see https://modules.prosody.im/
 plugin_paths = { "/etc/prosody/modules" }
 
 -- This is the list of modules Prosody will load on startup.
 -- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too.
 -- Documentation for bundled modules can be found at: https://prosody.im/doc/modules
 modules_enabled = {
 
         -- Generally required
                 "roster"; -- Allow users to have a roster. Recommended ;)
                 "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
                 "tls"; -- Add support for secure TLS on c2s/s2s connections
                 "dialback"; -- s2s dialback support
                 "disco"; -- Service discovery
 
         -- Not essential, but recommended
                 "carbons"; -- Keep multiple clients in sync
                 "pep"; -- Enables users to publish their mood, activity, playing music and more
                 "private"; -- Private XML storage (for room bookmarks, etc.)
                 "blocklist"; -- Allow users to block communications with other users
                 "vcard"; -- Allow users to set vCards
 
         -- Nice to have
                 "version"; -- Replies to server version requests
                 "uptime"; -- Report how long server has been running
                 "time"; -- Let others know the time here on this server
                 "ping"; -- Replies to XMPP pings with pongs
                 "register"; -- Allow users to register on this server using a client and change passwords
                 --"mam"; -- Store messages in an archive and allow users to access it
 
         -- Admin interfaces
                 "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
                 --"admin_telnet"; -- Opens telnet console interface on localhost port 5582
 
         -- HTTP modules
                 "bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
                 --"websocket"; -- XMPP over WebSockets
                 --"http_files"; -- Serve static files from a directory over HTTP
 
         -- Other specific functionality
                 "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
                 --"limits"; -- Enable bandwidth limiting for XMPP connections
                 --"groups"; -- Shared roster support
                 --"server_contact_info"; -- Publish contact information for this service
                 --"announce"; -- Send announcement to all online users
                 --"welcome"; -- Welcome users who register accounts
                 --"watchregistrations"; -- Alert admins of registrations
                 --"motd"; -- Send a message to users when they log in
                 --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
                 --"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use
 }
 
 -- These modules are auto-loaded, but should you want
 -- to disable them then uncomment them here:
 modules_disabled = {
         -- "offline"; -- Store offline messages
         -- "c2s"; -- Handle client connections
         -- "s2s"; -- Handle server-to-server connections
 }
 
 -- Disable account creation by default, for security
 -- For more information see https://prosody.im/doc/creating_accounts
 allow_registration = false
 
 -- Debian:
 --   send the server to background.
 --
 daemonize = true;
 
 -- Debian:
 --   Please, don't change this option since /var/run/prosody/
 --   is one of the few directories Prosody is allowed to write to
 --
 pidfile = "/var/run/prosody/prosody.pid";
 
 -- Force clients to use encrypted connections? This option will
 -- prevent clients from authenticating unless they are using encryption.
 
 c2s_require_encryption = true
 
 -- Force servers to use encrypted connections? This option will
 -- prevent servers from authenticating unless they are using encryption.
 -- Note that this is different from authentication
 
 s2s_require_encryption = true
 
 
 -- Force certificate authentication for server-to-server connections?
 -- This provides ideal security, but requires servers you communicate
 -- with to support encryption AND present valid, trusted certificates.
 -- NOTE: Your version of LuaSec must support certificate verification!
 -- For more information see https://prosody.im/doc/s2s#security
 
 s2s_secure_auth = true
 
 -- Some servers have invalid or self-signed certificates. You can list
 -- remote domains here that will not be required to authenticate using
 -- certificates. They will be authenticated using DNS instead, even
 -- when s2s_secure_auth is enabled.
 
 --s2s_insecure_domains = { "insecure.example" }
 
 -- Even if you leave s2s_secure_auth disabled, you can still require valid
 -- certificates for some domains by specifying a list here.
 
 --s2s_secure_domains = { "jabber.org" }
 
 -- Select the authentication backend to use. The 'internal' providers
 -- use Prosody's configured data storage to store the authentication data.
 -- To allow Prosody to offer secure authentication mechanisms to clients, the
 -- default provider stores passwords in plaintext. If you do not trust your
 -- server please see https://prosody.im/doc/modules/mod_auth_internal_hashed
 -- for information about using the hashed backend.
 
 authentication = "internal_hashed"
 
 -- Select the storage backend to use. By default Prosody uses flat files
 -- in its configured data directory, but it also supports more backends
 -- through modules. An "sql" backend is included by default, but requires
 -- additional dependencies. See https://prosody.im/doc/storage for more info.
 
 --storage = "sql" -- Default is "internal" (Debian: "sql" requires one of the
 -- lua-dbi-sqlite3, lua-dbi-mysql or lua-dbi-postgresql packages to work)
 
 -- For the "sql" backend, you can uncomment *one* of the below to configure:
 --sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename.
 --sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
 --sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
 
 
 -- Archiving configuration
 -- If mod_mam is enabled, Prosody will store a copy of every message. This
 -- is used to synchronize conversations between multiple clients, even if
 -- they are offline. This setting controls how long Prosody will keep
 -- messages in the archive before removing them.
 
 archive_expires_after = "1w" -- Remove archived messages after 1 week
 
 -- You can also configure messages to be stored in-memory only. For more
 -- archiving options, see https://prosody.im/doc/modules/mod_mam
 
 -- Logging configuration
 -- For advanced logging see https://prosody.im/doc/logging
 --
 -- Debian:
 --  Logs info and higher to /var/log
 --  Logs errors to syslog also
 log = {
         -- Log files (change 'info' to 'debug' for debug logs):
         info = "/var/log/prosody/prosody.log";
         error = "/var/log/prosody/prosody.err";
         -- Syslog:
         { levels = { "error" }; to = "syslog";  };
 }
 
 -- Uncomment to enable statistics
 -- For more info see https://prosody.im/doc/statistics
 -- statistics = "internal"
 
 -- Certificates
 -- Every virtual host and component needs a certificate so that clients and
 -- servers can securely verify its identity. Prosody will automatically load
 -- certificates/keys from the directory specified here.
 -- For more information, including how to use 'prosodyctl' to auto-import certificates
 -- (from e.g. Let's Encrypt) see https://prosody.im/doc/certificates
 
 -- Location of directory to find certificates in (relative to main config file):
 certificates = "certs"
 ssl = {
         key = "/etc/diaspora/ssl/redacted.pem";
         certificate = "/etc/diaspora/ssl/redacted.pem";
 }
 
 ----------- Virtual hosts -----------
 -- You need to add a VirtualHost entry for each domain you wish Prosody to serve.
 -- Settings under each VirtualHost entry apply *only* to that host.
 
 --VirtualHost "diaspsocial.com"
 --      certificate = "/path/to/example.crt"
 
 
 VirtualHost "diaspsocial.com"
   authentication = "diaspora"
   -- Uncomment and adjust username and password for MySQL/MariaDB
   --auth_diaspora = { driver = "MySQL", database = "diaspora_production", username = "diaspora", password = "pass", host = "localhost" }
   -- Uncomment and adjust username and password for PostgreSQL
   auth_diaspora = { driver = "PostgreSQL", database = "redacted", username = "redacted", password = "redacted", host = "localhost" }
 
   modules_enabled = {
     "diaspora_contacts";
     "bosh";
   };
 
 
 
 ------ Components ------
 -- You can specify components to add hosts that provide special services,
 -- like multi-user conferences, and transports.
 -- For more information on components, see https://prosody.im/doc/components
 
 ---Set up a MUC (multi-user chat) room server on conference.example.com:
 --Component "conference.example.com" "muc"
 
 ---Set up an external component (default component port is 5347)
 --
 -- External components allow adding various services, such as gateways/
 -- transports to other networks like ICQ, MSN and Yahoo. For more info
 -- see: https://prosody.im/doc/components#adding_an_external_component
 --
 --Component "gateway.example.com"
 --      component_secret = "password"
 
 ------ Additional config files ------
 -- For organizational purposes you may prefer to add VirtualHost and
 -- Component definitions in their own config files. This line includes
 -- all config files in /etc/prosody/conf.d/
 
 Include "conf.d/*.cfg.lua"
nginx.conf
 user www-data;
 worker_processes auto;
 pid /run/nginx.pid;
 include /etc/nginx/modules-enabled/*.conf;
 
 events {
         worker_connections 768;
         # multi_accept on;
 }
 
 http {
 
         ##
         # Basic Settings
         ##
 
         sendfile on;
         tcp_nopush on;
         tcp_nodelay on;
         keepalive_timeout 65;
         types_hash_max_size 2048;
         # server_tokens off;
 
         # server_names_hash_bucket_size 64;
         # server_name_in_redirect off;
 
         include /etc/nginx/mime.types;
         default_type application/octet-stream;
 
         ##
         # SSL Settings
         ##
 
         ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
         ssl_prefer_server_ciphers on;
 
         ##
         # Logging Settings
         ##
 
         access_log /var/log/nginx/access.log;
         error_log /var/log/nginx/error.log;
 
         ##
         # Gzip Settings
         ##
 
         gzip on;
 
         # gzip_vary on;
         # gzip_proxied any;
         # gzip_comp_level 6;
         # gzip_buffers 16 8k;
         # gzip_http_version 1.1;
         # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
 
         ##
         # Virtual Host Configs
         ##
 
         include /etc/nginx/conf.d/*.conf;
         include /etc/nginx/sites-enabled/*;
 }
 
 
 #mail {
 #       # See sample authentication script at:
 #       # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
 #
 #       # auth_http localhost/auth.php;
 #       # pop3_capabilities "TOP" "USER";
 #       # imap_capabilities "IMAP4rev1" "UIDPLUS";
 #
 #       server {
 #               listen     localhost:110;
 #               protocol   pop3;
 #               proxy      on;
 #       }
 #
 #       server {
 #               listen     localhost:143;
 #               protocol   imap;
 #               proxy      on;
 #       }
 #}
diaspsocial.com.conf
 upstream diaspora_server {
   server unix:/home/diaspora/diaspora/tmp/diaspora.sock;
 }
 
 server {
     if ($host = www.diaspsocial.com) {
         return 301 https://$host$request_uri;
     } # managed by Certbot
 
 
     if ($host = diaspsocial.com) {
         return 301 https://$host$request_uri;
     } # managed by Certbot
 
 
   listen 80;
   listen [::]:80;
   server_name www.diaspsocial.com diaspsocial.com;
   return 301 https://diaspsocial.com$request_uri;
 
   access_log  /dev/null;
   error_log /dev/null;
 
 
 
 
 }
 
 server {
   listen 443 ssl http2;
   listen [::]:443 ssl http2;
   server_name www.diaspsocial.com diaspsocial.com;
 
   if ($host = www.diaspsocial.com) {
     return 301 https://diaspsocial.com$request_uri;
   }
 
   access_log /var/log/nginx/diaspsocial-access.log;
   error_log /var/log/nginx/diaspsocial-error.log;
 
  # ssl_certificate     /etc/nginx/https/redacted.pem;
  # ssl_certificate_key /etc/nginx/https/redacted.pem;
 
   ssl_protocols TLSv1.2;
   ssl_ciphers EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES;
   ssl_ecdh_curve X25519:P-521:P-384:P-256;
   ssl_prefer_server_ciphers on;
   ssl_stapling on;
   ssl_stapling_verify on;
   resolver 80.67.169.40 80.67.169.12 valid=300s;
   resolver_timeout 5s;
   ssl_session_cache shared:SSL:10m;
 
   root /home/diaspora/diaspora/public;
 
   client_max_body_size 5M;
   client_body_buffer_size 256K;
 
   try_files $uri @diaspora;
 
   location /assets/ {
     expires max;
     add_header Cache-Control public;
   }
 
   location @diaspora {
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto https;
     proxy_set_header Host $http_host;
     proxy_redirect off;
     proxy_pass http://diaspora_server;
   }
 
     ssl_certificate /etc/letsencrypt/live/diaspsocial.com/redacted.pem; # managed by Certbot
     ssl_certificate_key /etc/letsencrypt/live/diaspsocial.com/redacted.pem; # managed by Certbot
 
 }
 
 
 upstream chat_cluster {
   server localhost:5280;
 }
 server {
 location /http-bind {
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   proxy_set_header Host $http_host;
   proxy_set_header X-Forwarded-Proto https;
 
   proxy_redirect off;
   proxy_connect_timeout 5;
   proxy_buffering       off;
 
   proxy_read_timeout    70;
   keepalive_timeout     70;
   send_timeout          70;
 
 
   client_max_body_size 4M;
   client_body_buffer_size 128K;
 
   proxy_pass http://chat_cluster;
 }
 }

(Eric Wright) #13

And here’s my diaspora.yml config:

diaspora.yml
 ## Some notes about this file:
 ## - All comments start with a double #
 ## - All settings are commented out with a single #
 ##   To change the default settings, you need both to uncomment the lines
 ##   AND, in most cases, to change the value that is given.
 ## - Take care to keep proper indentation, that is by simply deleting
 ##   the original #, with no additional space before the setting's name.
 ## - Take care to keep proper quoting. All ' must have a matching ' at
 ##   the end of the same line. The same goes for "
 ## - Lines containing "## Section" are section headings. Do not edit them!
 ## - Lists need the space after the -
 ## - The values true, false and numbers should have no quote marks.
 ##   Single words don't need quote marks, but it doesn't do any harm to have them.
 ##
 ## You can set and/or override all these settings through environment variables
 ## with the following conversion rules:
 ## - Strip the top level namespace (configuration, production, etc.)
 ## - Build the path to the setting, for example environment.s3.enable
 ## - Replace the dots with underscores: environment_s3_enable
 ## - Convert to upper case: ENVIRONMENT_S3_ENABLE
 ## - Specify lists/arrays as comma-separated values
 ##
 ## - For example, on Heroku:
 ##   heroku config:set SERVICES_FACEBOOK_APP_ID=yourappid SERVICES_FACEBOOK_SECRET=yourappsecret
 
 configuration: ## Section
 
   ## You need to change or at least review the settings in this section
   ## in order for your pod to work.
   environment: ## Section
 
     ## Set the hostname of the machine you're running Diaspora on, as seen
     ## from the internet. This should be the URL you want to use to
     ## access the pod. So if you plan to use a reverse proxy, it should be
     ## the URL the proxy listens on. DO NOT CHANGE THIS AFTER INITIAL SETUP!
     ## However changing http to https is okay and has no consequences.
     ## If you do change the URL, you will have to start again as the URL
     ## will be hardcoded into the database.
     url: "https://diaspsocial.com/"
 
     ## Set the bundle of certificate authorities (CA) certificates.
     ## This is specific to your operating system.
     ## Examples (uncomment the relevant one or add your own):
     ## For Debian, Ubuntu, Archlinux, Gentoo (package ca-certificates):
     certificate_authorities: '/etc/ssl/certs/ca-certificates.crt'
     ## For CentOS, Fedora:
     #certificate_authorities: '/etc/pki/tls/certs/ca-bundle.crt'
     ## URL for a remote Redis (default=localhost).
     ## Don't forget to restrict IP access if you uncomment these!
     #redis: 'redis://example_host'
     #redis: 'redis://username:password@host:6379/0'
     #redis: 'unix:///tmp/redis.sock'
 
     ## Require SSL (default=true).
     ## When set, your pod will force the use of HTTPS in production mode.
     ## Since OAuth2 requires SSL, Diaspora's future API might not work if
     ## you're not using SSL. Also there is no guarantee that posting to
     ## services will be possible if SSL is disabled.
     ## Do not change this default unless you are sure!
     #require_ssl: true
 
     ## Single-process mode (default=false).
     ## If set to true, Diaspora will work with just the appserver (Unicorn by
     ## default) running. However, this makes it quite slow as intensive jobs
     ## must be run all the time inside the request cycle. We strongly
     ## recommended you leave this disabled for production setups.
     ## Set to true to enable.
     #single_process_mode: false
 
     ## Sidekiq - background processing
     sidekiq: ## Section
 
       ## Number of parallel threads Sidekiq uses (default=5).
       ## If you touch this, please set the pool setting in your database.yml
       ## to a value that's at minimum close to this! You can safely increase
       ## it to 25 and more on a medium-sized pod. This applies per started
       ## Sidekiq worker, so if you set it to 25 and start two workers, you'll
       ## process up to 50 jobs in parallel.
       #concurrency: 5
 
       ## Number of times a job is retried (default=10).
       ## There's an exponential effect to this: if you set this too high you
       ## might get too many jobs building up in the queue.
       ## Set it to 0 to disable it completely.
       #retry: 10
 
       ## Lines of backtrace that are stored on failure (default=15).
       ## Set n to the required value. Set this to false to reduce Redis memory
       ## usage (and log size) if you're not interested in this data.
       #backtrace: 15
 
       ## Number of jobs to keep in the dead queue (default=5000).
       ## Jobs get into the dead queue after they failed and exhausted all retries.
       ## Increasing this setting will increase the memory usage of Redis.
       ## Once gone from the dead queue, a failed job is permanently lost and
       ## cannot be retried manually.
       # dead_jobs_limit: 1000
 
       ## Number of seconds a job remains in the dead queue (default=3628800 (six weeks)).
       ## Jobs get into the dead queue after they failed and exhausted all retries.
       ## Increasing this setting will increase the memory usage of Redis.
       ## Once gone from the dead queue, a failed job is permanently lost and
       ## cannot be retried manually.
       # dead_jobs_timeout: 15552000 # 6 months
 
       ## Log file for Sidekiq (default="log/sidekiq.log")
       #log: "log/sidekiq.log"
 
     ## Use Amazon S3 instead of your local filesystem
     ## to handle uploaded pictures (disabled by default).
     s3: ## Section
 
       #enable: true
       #key: 'change_me'
       #secret: 'change_me'
       #bucket: 'my_photos'
       #region: 'us-east-1'
 
       ## Use max-age header on Amazon S3 resources (default=true).
       ## When true, this allows locally cached images to be served for up to
       ## one year. This can improve load speed and save requests to the image
       ## host. Set to false to revert to browser defaults (usually less than
       ## one year).
       #cache : true
 
     ## Set redirect URL for an external image host (Amazon S3 or other).
     ## If hosting images for your pod on an external server (even your own),
     ## add its URL here. All requests made to images under /uploads/images
     ## will be redirected to https://yourhost.tld/uploads/images/
     #image_redirect_url: 'https://images.example.org'
 
     assets: ## Section
 
       ## Serve static assets via the appserver (default=false).
       ## This is highly discouraged for production use. Let your reverse
       ## proxy/webserver do it by serving the files under public/ directly.
       #serve: false
 
       ## Upload your assets to S3 (default=false).
       #upload: false
 
       ## Specify an asset host. Ensure it does not have a trailing slash (/).
       #host: http://cdn.example.org/diaspora
 
     ## Pubsub server (default='https://pubsubhubbub.appspot.com/').
     ## Diaspora is only tested against the default pubsub server.
     ## You probably don't want to uncomment or change this.
     #pubsub_server: 'https://pubsubhubbub.appspot.com/'
 
     ## Logger configuration
     logging: ## Section
 
       logrotate: ## Section
 
         ## Roll the application log on a daily basis (default=true).
         #enable: true
 
         ## The number of days to keep (default=7)
         #days: 7
 
       ## Debug logging
       debug: ## Section
 
         ## Enables the debug-logging for SQL (default=false)
         ## This logs every SQL-statement!
         #sql: true
 
         ## Enables the federation-debug-log (default=false)
         ## This logs all XMLs that are used for the federation
         #federation: true
 
   ## Settings affecting how ./script/server behaves.
   server: ## Section
     ## Where the appserver should listen to (default=unix:tmp/diaspora.sock)
     #listen: 'unix:tmp/diaspora.sock'
     #listen: 'unix:/run/diaspora/diaspora.sock'
     #listen: '127.0.0.1:3000'
 
     ## Set the path for the PID file of the unicorn master process (default=tmp/pids/web.pid)
     #pid: 'tmp/pids/web.pid'
 
     ## Rails environment (default='development').
     ## The environment in which the server should be started by default.
     ## Change this to 'production' if you wish to run a production environment.
     rails_environment: 'production'
 
     ## Write unicorn stderr and stdout log.
     #stderr_log: '/usr/local/app/diaspora/log/unicorn-stderr.log'
     #stdout_log: '/usr/local/app/diaspora/log/unicorn-stdout.log'
 
     ## Number of Unicorn worker processes (default=2).
     ## Increase this if you have many users.
     #unicorn_worker: 2
 
     ## Number of seconds before a request is aborted (default=90).
     ## Increase if you get empty responses, or if large image uploads fail.
     ## Decrease if you're under heavy load and don't care if some
     ## requests fail.
     #unicorn_timeout: 90
 
     ## Embed a Sidekiq worker inside the unicorn process (default=false).
     ## Useful for minimal Heroku setups.
     #embed_sidekiq_worker: false
 
     ## Number of Sidekiq worker processes (default=1).
     ## In most cases it is better to
     ## increase environment.sidekiq.concurrency instead!
     #sidekiq_workers: 1
 
   ## Diaspora has an internal XMPP web-client. If you want to enable the chat
   ## functionality or want to use a custom XMPP server, then you should edit
   ## the following configuration.
   chat: ## Section
 
     ## Enable the chat service and all its components.
     ##
     ## Please make sure that you followed the Installation-Instructions first:
     ## https://wiki.diasporafoundation.org/Integration/Chat#Installation.2FUpdate
     enabled: true
 
     ## Custom XMPP server configuration goes here.
     server: ## Section
 
       ## Use the configuration bridge to prosody (default=true).
       ## In case you want to run your own server or want to configure
       ## prosody on your own, you should disable it.
       enabled: true
 
       ## Set the directory in which to look for virtual hosts TLS certificates.
       certs: 'config/certs'
 
       ## XEP-0124 BOSH requests
       ## The easiest way of avoiding certificate and mixed-content issues
       ## is to use a proxy, e.g.:
       ##
       ## Apache: https://wiki.diasporafoundation.org/Integration/Chat#Apache2
       ## Nginx: https://wiki.diasporafoundation.org/Integration/Chat#Nginx
       ##
       ## If you configured your proxy correctly,
       ## you should set the proxy option to 'true'
       bosh: ## Section
 
         ## If you'd like to use a proxy, you should set the proxy
         ## option to true, otherwise jsxc always tries to
         ## connect directly to the port specified below.
         proxy: true
 
         ## Configure the protocol used to access the BOSH endpoint
         proto: http
 
         ## Configure the address that prosody should listen on.
         address: '0.0.0.0'
 
         ## Configure the BOSH port.
         port: 5280
 
         ## Configure the bind endpoint.
         bind: '/http-bind'
 
       ## Specify log behaviour here.
       log: ## Section
 
         ## Log file location.
         #info: 'log/prosody.log'
 
         ## Error log file location.
         #error: 'log/prosody.err'
 
         ## The debug level logs all XML sent and received by the server.
         #debug: false
 
   ## Displays the location of a post in a map. Per default we are using the map
   ## tiles of the Heidelberg University (http://giscience.uni-hd.de).
   ## You also have the possibility to use the map tiles of https://www.mapbox.com
   ## which is probably more reliable. There you have to create an account to get
   ## an access token which is limited. If you want to get an unlimited account
   ## you can write an email to team@diasporafoundation.org.
   ## Please enable mapbox and fill out your access_token.
   map: ##Section
 
     mapbox:
       #enabled: false
       #access_token: "youraccesstoken"
       #style: "mapbox/streets-v9"
 
   ## Settings potentially affecting the privacy of your users.
   privacy: ## Section
 
     ## Include jQuery from jquery.com's CDN (default=false).
     ## Enabling this can reduce traffic and speed up load time since most
     ## clients already have this one cached. When set to false (the default),
     ## the jQuery library will be loaded from your pod's own resources.
     #jquery_cdn: false
 
     ## Google Analytics (disabled by default).
     ## Provide a key to enable tracking by Google Analytics.
     #google_analytics_key: UA-redacted
 
     ## Piwik Tracking (disabled by default).
     ## Provide a site ID and the host piwik is running on to enable
     ## tracking through Piwik.
     piwik: ## Section
 
       enable: true
       host: 'redacted'
       site_id: redacted
 
     ## Statistics
     ## Your pod will report its name, software version and whether
     ## or not registrations are open via /statistics.json.
     ## Uncomment the options below to enable more statistics.
     statistics: ## Section
 
       ## Local user total and 6 month active counts.
       user_counts: true
 
       ## Local post total count.
       #post_counts: true
       comment_counts: true
 
     ## Use Camo to proxy embedded remote images.
     ## Do not enable this setting unless you have a working Camo setup. Using
     ## camo to proxy embedded images will improve the privacy and security of
     ## your pod's frontend, but it will increase the traffic on your server.
     ## Check out https://wiki.diasporafoundation.org/Installation/Camo for
     ## more details and installation instructions.
     camo: ## Section
 
       ## Proxy images embedded via markdown (default=false).
       ## Embedded images are quite often from non-SSL sites and may cause a
       ## partial content warning, so this is recommended.
       #proxy_markdown_images: true
 
       ## Proxy Open Graph thumbnails (default=false).
       ## Open Graph thumbnails may or may not be encrypted and loaded from
       ## servers outside the network. Recommended.
       #proxy_opengraph_thumbnails: true
 
       ## Proxy remote pod's images (default=false).
       ## Profile pictures and photos from other pods usually are encrypted,
       ## so enabling this is only useful if you want to avoid HTTP requests to
       ## third-party servers. This will create a lot of traffic on your camo
       ## instance. You have been warned.
       #proxy_remote_pod_images: true
 
       ## Root of your Camo installation
       #root: "https://example.com/camo/"
 
       ## Shared key of your Camo installation
       #key: "example123example456example!"
 
   ## General settings
   settings: ## Section
 
     ## Pod name (default="diaspora*")
     ## The pod name displayed in various locations, including the header.
     pod_name: "DiaspSocial"
 
     ## Allow registrations (default=true)
     ## Set this to false to prevent people from signing up to your pod
     ## without an invitation. Note that this needs to be set to true
     ## (or commented out) to enable the first registration (you).
     #enable_registrations: true
 
     ## Auto-follow on sign-up (default=true)
     ## Users will automatically follow a specified account on creation.
     ## Set this to false if you don't want your users to automatically
     ## follow an account upon creation.
     autofollow_on_join: true
 
     ## Auto-follow account (default='hq@pod.diaspora.software')
     ## The diaspora* HQ account keeps users up to date with news about Diaspora.
     ## If you set another auto-follow account (for example your podmin account),
     ## please consider resharing diaspora* HQ's posts for your pod's users!
     autofollow_on_join_user: 'erwright@diaspsocial.com'
 
     ## Welcome Message settings
     welcome_message: ##Section
 
       ## Welcome Message on registration (default=false)
       ## Send a message to new users after registration
       ## to tell them about your pod and how things
       ## are handled on it.
       enabled: false
 
       ## Welcome Message subject (default='Welcome Message')
       ## The subject of the conversation that is started
       ## by your welcome message.
       subject: "Welcome Message"
 
       ## Welcome Message text (default='Hello %{username}, welcome to diaspora.')
       ## The content of your welcome message.
       ## The placeholder "%{username}" will be replaced by the username
       ## of the new user.
       text: "Hello %{username}, welcome to diaspora! Please be sure to also follow hq@pod.diaspora.software so you can get regular updates on Diaspora software!! Please make sure you make a #newhere post as well. Thanks for joining!! -P$
 
     ## Invitation settings
     invitations: ## Section
 
       ## Enable invitations (default=true)
       ## Set this to false if you don't want users to be able to send invites.
       #open: true
 
       ## Number of invitations per invite link (default=25)
       ## Every user will see such a link if you have enabled
       ## invitations on your pod.
       #count: 25
 
     ## Paypal donations (disabled by default)
     ## You can set details for a Paypal button here to allow donations
     ## towards running the pod.
     ## First, enable the function, then set the currency in which you
     ## wish to receive donations, and **either** a hosted button id
     ## **or** an encrypted key for an unhosted button.
     paypal_donations: ## Section
       enable: true
 
       ## Currency used (USD, EUR...)
       currency: USD
 
       ## hosted Paypal button id
       paypal_hosted_button_id: "redacted"
       ## OR encrypted key of unhosted button
       #paypal_unhosted_button_encrypted: "-----BEGIN PKCS7-----"
 
     ## Liberapay.com is a free platform which allow donations like patreon
     ## Set your username to include your liberapay button
     # liberapay_username: "change_me"
 
     ## Bitcoin donations
     ## You can provide a bitcoin address here to allow your users to provide
     ## donations towards the running of their pod.
     bitcoin_address: "redacted"
 
     ## Community spotlight (disabled by default)
     ## The community spotlight shows new users public posts from people you
     ## think are interesting in Diaspora's community. To add an account
     ## to the community spotlight add the 'spotlight' role to it.
     community_spotlight: ## Section
 
       #enable: true
 
       ## E-mail address to which users can make suggestions about who
       ## should be in the community spotlight (optional).
       #suggest_email: 'admin@example.org'
 
     ## CURL debug (default=false)
     ## Turn on extra verbose output when sending stuff. Note: you
     ## don't need to touch this unless explicitly told to.
     #typhoeus_verbose: false
 
     ## Maximum number of parallel HTTP requests made to other pods (default=20)
     ## Be careful, raising this setting will heavily increase the memory usage
     ## of your Sidekiq workers.
     #typhoeus_concurrency: 20
 
     ## Maximum number of parallel user data export jobs (default=1)
     ## Be careful, exports of big/old profiles can use a lot of memory, running
     ## many of them in parallel can be a problem for small servers.
     #export_concurrency: 1
 
     ## Captcha settings
     captcha: ## Section
 
       ## Enable captcha (default=true)
       ## Set this to false if you don't want to use captcha for signup process.
       enable: false
 
       ## Captcha image size (default='120x20')
       #image_size: '120x20'
 
       ## Length of captcha text (default=5)(max=12)
       #captcha_length: 5
 
       ## Captcha image style (default='simply_green')
       ## Available options for captcha image styles are: 'simply_blue',
       ## 'simply_red' 'simply_green', 'charcoal_grey', 'embossed_silver',
       ## 'all_black', 'distorted_black', 'almost_invisible', 'random'.
       #image_style: 'simply_green'
 
       ## Captcha image distortion (default='low')
       ## Sets the level of image distortion used in the captcha.
       ## Available options are: 'low', 'medium', 'high', 'random'.
       #distortion: 'low'
 
     ## Terms of Service
     ## Show a default or customized terms of service for users.
     ## You can create a custom Terms of Service by placing a template
     ## as app/views/terms/terms.haml or app/views/terms/terms.erb
     ## The default terms of service that can be extended is
     ## at app/views/terms/default.haml
     ## NOTE! The default terms have not been checked over by a lawyer and
     ## thus are unlikely to provide full legal protection for all situations
     ## for a podmin using them. They are also not specific to all countries
     ## and jurisdictions. If you are unsure, please check with a lawyer.
     ## We provide these for podmins as some basic rules that podmins
     ## can communicate to users easily via the diaspora* server software.
     ## Uncomment to enable this feature.
     terms: ## Section
 
       ## First enable it by uncommenting below.
       enable: true
       ## Important! If you enable the terms, you should always
       ## set a location under which laws any disputes are governed
       ## under. For example, country or state/country, depending
       ## on the country in question.
       ## If this is not set, the whole paragraph about governing
       ## laws *is not shown* in the terms page.
       #jurisdiction: ""
 
       ## Age limit for signups.
       ## Set a number to activate this setting. This age limit is shown
       ## in the default ToS document.
       minimum_age: 13
 
     ## Maintenance
     ## Various pod maintenance related settings are controlled from here.
     maintenance: ## Section
 
       ## Removing old inactive users can be done automatically by background
       ## processing. The amount of inactivity is set by `after_days`. A warning
       ## email will be sent to the user and after an additional `warn_days`, the
       ## account will be automatically closed.
       ## This maintenance is not enabled by default.
       remove_old_users: ## Section
         #enable: true
         #after_days: 730
         #warn_days: 30
 
         ## Limit queuing for removal per day.
         #limit_removals_to_per_day: 100
 
     ## Source code URL
     ## URL to the source code your pod is currently running.
     ## If not set your pod will provide a downloadable archive.
     #source_url: 'https://example.org/username/diaspora'
 
     ## Changelog URL
     ## URL to the changelog of the diaspora-version your pod is currently running.
     ## If not set an auto-generated url to github is used.
     changelog_url: "https://github.com/diaspora/diaspora/blob/master/Changelog.md"
 
     ## Default color theme
     ## You can change which color theme is displayed when a user is not signed in
     ## or has not selected any color theme from the available ones. You simply have
     ## to enter the name of the theme's folder in "app/assets/stylesheets/color_themes/".
     ## ("original" for the theme in "app/assets/stylesheets/color_themes/original/", for
     ## example).
     #default_color_theme: "original"
 
     ## Default meta tags
     ## You can change here the default meta tags content included on the pages of your pod.
     ## Title will be used for the opengraph og:site_name property while description will be used
     ## for description and og:description.
     default_metas:
       #title: 'diaspora* social network'
       #description: 'diaspora* is the online social world where you are in control.'
 
     ## CSP (Content Security Policy) header
     ## CSP allows limiting origins from where resources are allowed to be loaded. This
     ## improves security, since it helps to detect and mitigate cross-site scripting
     ## and data injection attacks. The default policy of diaspora* allows all third
     ## party domains from services that are included in diaspora*, like OEmbed
     ## scripts, so you can safely activate it by setting `report_only` to false. If
     ## you customized diaspora* (edited templates or added own JS), additional work
     ## may be required. You can test the policy with the `report_uri`. Our default CSP
     ## does not work with Google analytics or Piwik, because they inject JS code that
     ## is blocked by CSP.
     csp:
 
       ## Report-Only header (default=true)
       ## By default diaspora* adds only a "Content-Security-Policy-Report-Only" header. If you set
       ## this to false, the "Content-Security-Policy" header is added instead.
       #report_only: false
 
       ## CSP report URI (default=)
       ## You can set an URI here, where the user agent reports violations as JSON document via a POST request.
       #report_uri: "/csp_violation_reports"
 
   ## Posting from Diaspora to external services (all are disabled by default).
   services: ## Section
 
     ## OAuth credentials for Facebook
     facebook: ## Section
 
       enable: false
       app_id: 'redacted'
       secret: 'redacted'
 
       ## This setting is required to define whether the Facebook app has permissions to post
       ##   false == No permissions (default)
       ##   true == Permissions for all users to post. App MUST have 'publish_actions' approved by Facebook!
       ##   "username" == Set to local username to allow a single user to cross-post. The person who has created
       ##                 the Facebook app will always be able to cross-post, even without 'publish_actions'.
       authorized: true
 
     ## OAuth credentials for Twitter
     twitter: ## Section
 
       enable: true
       key: 'redacted'
       secret: 'redacted'
 
     ## OAuth credentials for Tumblr
     tumblr: ## Section
 
       enable: true
       key: 'redacted'
       secret: 'redacted'
 
     ## OAuth credentials for Wordpress
     wordpress: ## Section
 
       enable: true
       client_id: 'redacted'
       secret: 'redacted'
 
   ## Allow your pod to send emails for notifications, password recovery
   ## and other purposes (disabled by default).
   mail: ## Section
     ## First you need to enable it.
     enable: true
 
     ## Sender address used in mail sent by Diaspora.
     sender_address: 'redacted'
 
     ## This selects which mailer should be used. Use 'smtp' for a smtp
     ## connection or 'sendmail' to use the sendmail binary.
     method: 'smtp'
 
     ## Ignore if method isn't 'smtp'.
     smtp: ## Section
 
       ## Host and port of the smtp server handling outgoing mail.
       ## This should match the common name of the certificate sent by
       ## the SMTP server, if it sends one. (default port=587)
       host: 'redacted'
       port: 587
 
       ## Authentication required to send mail (default='plain').
       ## Use one of 'plain', 'login' or 'cram_md5'. Use 'none'
       ## if server does not support authentication.
       authentication: 'plain'
       ## Credentials to log in to the SMTP server.
       ## May be necessary if authentication is not 'none'.
       username: 'redacted'
       password: 'redacted'
 
       ## Automatically enable TLS (default=true).
       ## Leave this commented out if authentication is set to 'none'.
       starttls_auto: true
 
       ## The domain for the HELO command, if needed.
       #domain: 'smtp.example.org'
 
       ## OpenSSL verify mode used when connecting to a SMTP server with TLS.
       ## Set this to 'none' if you have a self-signed certificate. Possible
       ## values: 'none', 'peer'.
       #openssl_verify_mode: 'none'
 
     ## Ignore if method isn't 'sendmail'
     sendmail: ## Section
 
       ## The path to the sendmail binary (default='/usr/sbin/sendmail')
       #location: '/usr/sbin/sendmail'
 
       ## Use exim and sendmail (default=false)
       #exim_fix: false
 
   ## Administrator settings
   admins: ## Section
 
     ## Set the admin account.
     ## This doesn't make the user an admin but is used when a generic
     ## admin contact is needed, much like the postmaster role in mail
     ## systems. Set only the username, NOT the full ID.
     account: "erwright"
 
     ## E-mail address to contact the administrator.
     podmin_email: 'shawneric@diaspsocial.com'
 
   ## Settings related to relays
   relay: ## Section
 
     ## Relays are applications that exist to push public posts around to
     ## pods which want to subscribe to them but would not otherwise
     ## receive them due to not having direct contact with the remote pods.
     ##
     ## See more regarding relays: https://wiki.diasporafoundation.org/Relay_servers_for_public_posts
 
     outbound: ## Section
       ## Enable this setting to send out public posts from this pod to a relay
       send: true
       ## Change default remote relay url used for sending out here
       url: 'https://relay.iliketoast.net/receive/public'
 
     inbound: ## Section
       ## Enable this to receive public posts from relays
       subscribe: true
 
       ## Scope is either 'all' or 'tags' (default).
       ## - 'all', means this pod wants to receive all public posts from a relay
       ## - 'tags', means this pod wants only posts tagged with certain tags
       scope: all
 
       ## If scope is 'tags', should we include tags that users on this pod follow?
       ## These are added in addition to 'pod_tags', if set.
       #include_user_tags: false
 
       ## If scope is 'tags', a comma separated list of tags here can be set.
       ## For example "linux,diaspora", to receive posts related to these tags
       #pod_tags:
 
 ## Here you can override settings defined above if you need
 ## to have them different in different environments.
 production: ## Section
   environment: ## Section
     #redis: 'redis://production.example.org:6379'
 
 development: ## Section
   environment: ## Section
     #redis: 'redis://production.example.org:6379'

If anyone has any suggestions about some changes I need to make in any of these files, please let me know that as well. :slight_smile:


(Eric Wright) #14

Still there @zauberstuhl?? :slight_smile:

Edit: Thanks @denschub for that tidbit about source blocks, that helps a lot :slight_smile:


(Dennis Schubert) #15

Discourse is not an instant messaging platform. Please post your questions and wait until someone responds.

Also, source blocks are formatted like this:

```
code here
```

(Eric Wright) #16

Ok, so I think the problem is in my diaspsocial.com.conf nginx file in sites-enabled. When I was talking with a friend, they said the upstream chat block was in the wrong place. When I go to my site, it says that the http-bind path isn’t a valid path (you can see it by going to my site diaspsocial.com and trying to open the chat with the inspect/console window open).

image

Can someone please take a look at my code up above there and let me know how to fix it? (I’m not savvy with this at all, if it’s at all possible, could you write it for me this one time?)


(Eric Wright) #17

Every time I try to do my .conf like this, nginx comes back with this response:

nginx: [emerg] “upstream” directive is not allowed here in /etc/nginx/sites-enabled/diaspsocial.com.conf

diaspsocial.com.conf
upstream diaspora_server {
  server unix:/home/diaspora/diaspora/tmp/diaspora.sock;
}

server {
    if ($host = www.diaspsocial.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = diaspsocial.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


  listen 80;
  listen [::]:80;
  server_name www.diaspsocial.com diaspsocial.com;
  return 301 https://diaspsocial.com$request_uri;

  access_log  /dev/null;
  error_log /dev/null;




}


upstream chat_cluster {
    server localhost:5280;
}

Server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name www.diaspsocial.com diaspsocial.com;

  if ($host = www.diaspsocial.com) {
  return 301 https://diaspsocial.com$request_uri;


  access_log /var/log/nginx/diaspsocial-access.log;
  error_log /var/log/nginx/diaspsocial-error.log;

 # ssl_certificate     /etc/nginx/https/fullchain.pem;
 # ssl_certificate_key /etc/nginx/https/key.pem;

  ssl_protocols TLSv1.2;
  ssl_ciphers EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES;
  ssl_ecdh_curve X25519:P-521:P-384:P-256;
 ssl_prefer_server_ciphers on;
  ssl_stapling on;
  ssl_stapling_verify on;
  resolver 80.67.169.40 80.67.169.12 valid=300s;
  resolver_timeout 5s;
  ssl_session_cache shared:SSL:10m;

  root /home/diaspora/diaspora/public;

  client_max_body_size 5M;
  client_body_buffer_size 256K;
  try_files $uri @diaspora;

  location /assets/ {
    expires max;
    add_header Cache-Control public;
  }

  location @diaspora {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header Host $http_host;
    proxy_redirect off;
    proxy_pass http://diaspora_server;
  }

    ssl_certificate /etc/letsencrypt/live/diaspsocial.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/diaspsocial.com/privkey.pem; # managed by Certbot

  location /http-bind {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-Proto https;

    proxy_redirect off;
    proxy_connect_timeout 5;
    proxy_buffering       off;

    proxy_read_timeout    70;
    keepalive_timeout     70;
    send_timeout          70;


    client_max_body_size 4M;
    client_body_buffer_size 128K;

    proxy_pass http://chat_cluster;
    }
}

SMH, I’m totally freaking lost here, and lol there’s no one online to help. I’m just gonna go to bed and deal with this stuff tomorrow, sigh.


(Lukas Matt) #18

@shawneric patience :wink: looks like we are not in the same time-zone !

First of all, have you validated your nginx config?
/usr/nginx/sbin/nginx -t -c /usr/nginx/conf/nginx.conf

Also I am no nginx expert. But is it possible that you have to add the location /http-bind part before the location @diaspora ?


(Eric Wright) #19

I think you’re right, we must be on opposite sides of dah world :stuck_out_tongue: I’m no nginx expert either, so I really don’t know :frowning:


My apologies everyone. I didn’t realize people were being notified every time I made a post. I’ll try and use the edit function more often and cut down on the number of posts I make. <3


(Eric Wright) #20

I was able to get my nginx config fixed, so no more errors, but it’s still not connecting properly. Can’t get any of my contacts to load. Is there someone perhaps in my time zone who can assist me further please?

It appears I can get BOSH to work, but not XMPP. I can’t connect via any kind of jabber or pidgin client, and according to the instructions here: https://wiki.diasporafoundation.org/wiki/index.php?title=Integration/Chat When I run the following command rails runner config/initializers/prosody.rb I get the following response:

diaspora@localhost:~/diaspora$ rails runner config/initializers/prosody.rb
Traceback (most recent call last):
        38: from bin/rails:9:in `<main>'
        37: from bin/rails:9:in `require'
        36: from /home/diaspora/diaspora/vendor/bundle/ruby/2.5.0/gems/railties-5.1.6/lib/rails/commands.rb:16:in `<top (required)>'
        35: from /home/diaspora/diaspora/vendor/bundle/ruby/2.5.0/gems/railties-5.1.6/lib/rails/command.rb:44:in `invoke'
        34: from /home/diaspora/diaspora/vendor/bundle/ruby/2.5.0/gems/railties-5.1.6/lib/rails/command/base.rb:63:in `perform'
        33: from /home/diaspora/diaspora/vendor/bundle/ruby/2.5.0/gems/thor-0.19.4/lib/thor.rb:369:in `dispatch'
        32: from /home/diaspora/diaspora/vendor/bundle/ruby/2.5.0/gems/thor-0.19.4/lib/thor/invocation.rb:126:in `invoke_command'
        31: from /home/diaspora/diaspora/vendor/bundle/ruby/2.5.0/gems/thor-0.19.4/lib/thor/command.rb:27:in `run'
        30: from /home/diaspora/diaspora/vendor/bundle/ruby/2.5.0/gems/railties-5.1.6/lib/rails/commands/runner/runner_command.rb:27:in `perform'
        29: from /home/diaspora/diaspora/vendor/bundle/ruby/2.5.0/gems/railties-5.1.6/lib/rails/command/actions.rb:16:in `require_application_and_environment!'
        28: from /home/diaspora/diaspora/vendor/bundle/ruby/2.5.0/gems/railties-5.1.6/lib/rails/application.rb:329:in `require_environment!'
        27: from /home/diaspora/diaspora/config/environment.rb:7:in `<top (required)>'
        26: from /home/diaspora/diaspora/vendor/bundle/ruby/2.5.0/gems/railties-5.1.6/lib/rails/application.rb:353:in `initialize!'
        25: from /home/diaspora/diaspora/vendor/bundle/ruby/2.5.0/gems/railties-5.1.6/lib/rails/initializable.rb:58:in `run_initializers'
        24: from /usr/lib/ruby/2.5.0/tsort.rb:205:in `tsort_each'
        23: from /usr/lib/ruby/2.5.0/tsort.rb:226:in `tsort_each'
        22: from /usr/lib/ruby/2.5.0/tsort.rb:347:in `each_strongly_connected_component'
        21: from /usr/lib/ruby/2.5.0/tsort.rb:347:in `call'
        20: from /usr/lib/ruby/2.5.0/tsort.rb:347:in `each'
        19: from /usr/lib/ruby/2.5.0/tsort.rb:349:in `block in each_strongly_connected_component'
        18: from /usr/lib/ruby/2.5.0/tsort.rb:415:in `each_strongly_connected_component_from'
        17: from /usr/lib/ruby/2.5.0/tsort.rb:415:in `call'
        16: from /home/diaspora/diaspora/vendor/bundle/ruby/2.5.0/gems/railties-5.1.6/lib/rails/initializable.rb:48:in `tsort_each_child'
        15: from /home/diaspora/diaspora/vendor/bundle/ruby/2.5.0/gems/railties-5.1.6/lib/rails/initializable.rb:48:in `each'
        14: from /usr/lib/ruby/2.5.0/tsort.rb:421:in `block in each_strongly_connected_component_from'
        13: from /usr/lib/ruby/2.5.0/tsort.rb:431:in `each_strongly_connected_component_from'
        12: from /usr/lib/ruby/2.5.0/tsort.rb:422:in `block (2 levels) in each_strongly_connected_component_from'
        11: from /usr/lib/ruby/2.5.0/tsort.rb:350:in `block (2 levels) in each_strongly_connected_component'
        10: from /usr/lib/ruby/2.5.0/tsort.rb:228:in `block in tsort_each'
         9: from /home/diaspora/diaspora/vendor/bundle/ruby/2.5.0/gems/railties-5.1.6/lib/rails/initializable.rb:59:in `block in run_initializers'
         8: from /home/diaspora/diaspora/vendor/bundle/ruby/2.5.0/gems/railties-5.1.6/lib/rails/initializable.rb:30:in `run'
         7: from /home/diaspora/diaspora/vendor/bundle/ruby/2.5.0/gems/railties-5.1.6/lib/rails/initializable.rb:30:in `instance_exec'
         6: from /home/diaspora/diaspora/vendor/bundle/ruby/2.5.0/gems/railties-5.1.6/lib/rails/engine.rb:599:in `block in <class:Engine>'
         5: from /home/diaspora/diaspora/vendor/bundle/ruby/2.5.0/gems/railties-5.1.6/lib/rails/engine.rb:599:in `each'
         4: from /home/diaspora/diaspora/vendor/bundle/ruby/2.5.0/gems/railties-5.1.6/lib/rails/engine.rb:600:in `block (2 levels) in <class:Engine>'
         3: from /home/diaspora/diaspora/config/environments/development.rb:3:in `<top (required)>'
         2: from /home/diaspora/diaspora/vendor/bundle/ruby/2.5.0/gems/railties-5.1.6/lib/rails/railtie.rb:211:in `configure'
         1: from /home/diaspora/diaspora/vendor/bundle/ruby/2.5.0/gems/railties-5.1.6/lib/rails/railtie.rb:211:in `instance_eval'
/home/diaspora/diaspora/config/environments/development.rb:64:in `block in <top (required)>': uninitialized constant TurboDevAssets (NameError)
diaspora@localhost:~/diaspora$ exit

(Eric Wright) #21

Wanted to let everyone know that my chat situation has been RESOLVED!!! Whew that was a massive headache, unfortunately part of the solution was that I had to take my server away from cloudflare :’( which I don’t want. If anyone knows how to fix THAT issue, I’d be grateful. BOSH works fine with cloudflare, but s2s doesn’t.

Anyway my issue was two fold:

  1. diaspora_contacts module was broken, I had to delete and re-download it.
  2. I didn’t have any certs in ~/diaspora/config/certs

Now my chat seems to work perfectly :slight_smile: Although, I’d like to be able to chat seamlessly with encryption via the browser?? Can I do that without having to do a lot of insane configs? I’d also like to be able to send files and attachments to folks via chat.

EDIT:

@vi_coactus I saw you had a post about this and you’re also behind cloudflare, mind telling me what you did to get it to work?