I’m sure this is a easy fix but, I’m running a diaspora inctence on centos 8 and I can not get it to work. I’m useing the zevenet loadblancer. when I try to get to the website I get.
2021/07/12 11:59:17 [error] 85111#0: *1 directory index of "/home/diaspora/diaspora/" is forbidden, client: 172.16.52.200, server: mywebsite.com, request: "GET / HTTP/1.1", host: "mywebsite.com" with a 403 error where 172.16.52.200 is the loadblancer using backend https. I also have a wildcard cert on the loadbalancer witch I would like to use but I can’t at the moment. This is also to mention that I follow the instructions entirety.
What software is this log from? I have no idea about “zevenet loadbalancer”, are you targeting diaspora’s appserver directly from it or did you put something (apache, nginx, …) inbetween?
zevenet loadblancer is just a normal loadblancer (simplified), and the logs are from /var/nginx/error.log. I’m sure the problem lies in the error message more then the logs because this is the first time I’v seen this.
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
# This is not a complete Nginx configuration! It only shows the relevant parts for integrating Diaspora.
# [...]
http {
# Your standard server configuration goes here
# [...]
gzip_static on;
# [...]
# This vhost just redirects to HTTPS
server {
# If your host is not IPv6 ready use listen 80; here.
# Add ipv6only=off to your listen directive that has default_server.
# Or this one if this is your only vhost. Do not add it to both!
listen 80;
server_name diaspora.mywebsite.com www.diaspora.mywebsite.com;
location / {
return 301 https://$server_name$request_uri;
}
}
server {
listen 443 ssl http2;
server_name diaspora.mywebsite.com;
root /home/diaspora/diaspora/public/;
# Configure maximum picture size
# Note that Diaspora has a client side check set at 4M
client_max_body_size 5M;
client_body_buffer_size 256K;
# SSL setup
# This file should also include any necessary intermediate certificates.
# For example for StartSSL that would be https://www.startssl.com/certs/class1/sha2/pem/sub.class1.server.sha2.ca.pem
# For Let's Encrypt use /etc/letsencrypt/live/diaspora.example.org/fullchain.pem
# and /etc/letsencrypt/diaspora.example.org/privkey.pem
ssl_certificate /etc/letsencrypt/live/diaspora.mywebsite.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/diaspora.mywebsite.com/privkey.pem;
# Taken from https://wiki.mozilla.org/Security/Server_Side_TLS
# You might want to make these global
# generate with openssl dhparam 2048 > /path/to/dhparam.pem
# ssl_dhparam /etc/nginx/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4';
ssl_prefer_server_ciphers off;
ssl_session_timeout 1d;
ssl_session_tickets off;
ssl_session_cache shared:SSL:50m;
# Proxy if requested file not found
try_files $uri @diaspora;
location /assets/ {
expires max;
add_header Cache-Control public;
}
# Camo support
#location /camo/ {
# proxy_redirect off;
# proxy_pass http://camo/;
# break;
#}
location @diaspora {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_redirect off;
# proxy_pass http://diaspora_server;
}
}
# Proxy destination
# Add as many server directives as you want
# Also takes a socket, like unix:/path/to/some/socket.sock
#upstream diaspora_server {
# server unix:/home/diaspora/diaspora/tmp/diaspora.sock;
#}
# Camo support
#upstream camo {
# server 127.0.0.1:8081;
#}
}
# [...]
I’m now seeing these errors when I try to go to my website and I run the script for the server
E, [2021-07-15T03:42:11.147817 #119090] ERROR -- : [diaspora:web] execution failed with #<Timeout::Error: execution expired>; try increasing the start_timeout value(the current value of 15s seems too short)
E, [2021-07-15T03:42:11.147939 #119090] ERROR -- : [diaspora:web] process <> failed to start ("#<Timeout::Error: execution expired>")