Getting camo workin

yoursql719 · April 2, 2018, 9:09am

Hi,

I´ve installed my own pod on Debian 9 yesterday and it works fine! But I´m struggling with camo implementation. The nginx vhost / implementation is working, but I get 404 errors at every remote picture, which I would like to post.

I tried to activate camo debug log, but no log is written so far. My camo app.json looks like:

  "env": {
    "CAMO_HOSTNAME": {
      "description": "The hostname for the camo server.",
      "required": false
    },
    "CAMO_KEY": {
      "description": "The fully qualified domain name for camo to run on.",
      "generator": "xyz..."
    },
    "CAMO_LENGTH_LIMIT": {
      "description": "The maximum Content-Length that camo will proxy in bytes",
      "value": "18485760"
    },
    "CAMO_LOGGING_ENABLED": {
      "description": "Toggle whether or not to log verbosely('debug' or disabled').",
      "required": debug
    },
    "CAMO_MAX_REDIRECTS": {
      "description": "The number of redirects that camo should follow",
      "value": "4"
    },
    "CAMO_SOCKET_TIMEOUT": {
      "description": "The number of seconds to wait for socket connection errors",
      "value": "10"
    },
    "NODE_TLS_REJECT_UNAUTHORIZED": {
      "description": "reject unauth",
      "required": 0
    },
    "CAMO_HEADER_VIA": {
      "description": "header string",
      "value": "Camo Asset Proxy at https://mypod.xy"
    }

Can anyone please give me hint? I´ve also activated camo support at diaspora.yml and placed the same key like in app.json. Also camo is running (via screen).

denschub · April 2, 2018, 9:29am

I have no idea what this app.json is about and where it’s used, but if you have enabled camo’s debug logging via CAMO_LOGGING_ENABLED and it’s not showing anything at all, it’s likely that your nginx config is wrong, and no requests get forwarded to camo. Do you mind sharing your nginx config?

yoursql719 · April 2, 2018, 9:38am

Thanks for your fast answer. Where do I confgure the camo options? I thought at camo/app.json - it´s not really clear at your wiki.

My nginx config is:

  gzip_static on;

  server {
    listen 80;
    listen [::]:80;
    server_name xy.eu www.xy.eu;
    
    location / {
      return 301 https://xy.eu$request_uri;
    }
  }

  server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2; # Same rules as for listen [::]:80 apply.
    server_name xy.eu;
    root /home/diaspora/diaspora/public;

    client_max_body_size 5M;
    client_body_buffer_size 256K;

        ssl_certificate /etc/letsencrypt/live/xy.eu/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/xy.eu/privkey.pem;

    # generate with openssl dhparam 2048 > /path/to/dhparam.pem
    ssl_dhparam /etc/nginx/ssl/dhparam.pem;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:AES:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK';
    ssl_session_timeout 5m;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:50m;

    # Proxy if requested file not found
    try_files $uri @diaspora;

    location /assets/ {
      expires max;
      add_header Cache-Control public;
    }

    # Camo support
    location /camo/ {
      proxy_redirect off;
      proxy_pass http://camo/;
      break;
    }

    location @diaspora {
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto https;
      proxy_set_header Host $http_host;
      proxy_redirect off;

      proxy_pass http://diaspora_server;
    }

location /http-bind {
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header Host $http_host;
  proxy_set_header X-Forwarded-Proto https;

  proxy_redirect off;
  proxy_connect_timeout 5;
  proxy_buffering       off;

  proxy_read_timeout    70;
  keepalive_timeout     70;
  send_timeout          70;

  client_max_body_size 4M;
  client_body_buffer_size 128K;

  proxy_pass http://chat_cluster;
 }
}

upstream diaspora_server {
    server unix:/home/diaspora/diaspora/tmp/diaspora.sock;
  }

 # Camo support
upstream camo {
  server localhost:8081;
}

upstream chat_cluster {
  server localhost:5280;
}

denschub · April 2, 2018, 9:49am

Oh, that…! That’s just the config for using camo on heroku, and not related to the configuration. Camo is configured via environmental variables, just like the wiki says, There are multiple ways for defining these, but the most generic way is to simply adding them in front of the binary path, just like the RAILS_ENV variable for diaspora.

So if you start camo with node server.js, you can set variables like CAMO_KEY="..." CAMO_LOGGING_ENABLED="debug" node server.js and so on.

On a first glance, your nginx config looks fine, and judging by your message, I assume that the issue was a missing/invalid CAMO_KEY.

yoursql719 · April 2, 2018, 9:53am

Thanks - I´m not really firm with env variables. So a .env in the camo folder should fix it?

denschub · April 2, 2018, 10:22am

No. You don’t need to create additional files. Please read again what I just wrote:

Environment variables get prepended to the application call itself.

yoursql719 · April 2, 2018, 10:31am

Thanks, can you please provide an example how to start camo with screen and environment variables or is there any other better way to start camo (except docker)?

yoursql719 · April 2, 2018, 11:38am

I´ve got it running by https://social.gibberfish.org/posts/205