Follower requests never complete - ModSecurity off

[edent]

I've successfully set up @blog@shkspr.mobi - it appears on the Fediverse. But people can't follow it.

ModSecurity is set to "off" in my cPanel. As per #341 and https://blog.rac.me.uk/2022/11/10/activitypub-for-wordpress-how-to-fix-modsecurity-to-make-it-work/#adding-the-new-mod-security-rule that should fix it. But it doesn't.

Are there any tests I can run to see what the problem is?

Site Health shows:

Author URL is not accessible ActivityPub
Your author URL https://shkspr.mobi/blog/author/admin/ does not return valid JSON for application/activity+json. Please check if your hosting supports alternate Accept headers.

However, I am not using admin as the author; I've disabled the author in the settings and have a generic blog profile ID.

[pfefferle]

Yes, it seems to return only HTML!

You can check it with

## Request (23)
curl "https://shkspr.mobi/blog/author/admin/" \
     -H 'Accept: application/activity+json'

Have you enabled caching? Maybe the cache does not support content negotiation?

[edent]

Interesting. If I do curl "https://shkspr.mobi/blog/@qwerty" I get

{"code":"activitypub_user_not_found","message":"User not found","data":{"status":404}}

But if I do curl "https://shkspr.mobi/blog/@blog" (which is the username) I get a 301 redirect to my blog's front page.

I had this as the setup:

I've excluded /author/ from the cache. And re-enabled the author profile type. But follow requests still aren't processed.

[pfefferle]

yes, it redirects if you do not add the application/activity+json Accept header. It is the blog user so you see all its posts on the main page :)

Have you also excluded the API and the @-urls? Because the blog-user has no author URL, it is a simple rewrite rule to an API endpoint.

[edent]

OK, I think I've done all that - but I still can't accept followers.

@admin@shkspr.mobi appears on Mastodon.social and I can see the last few blog posts.

@blog@shkspr.mobi appears on Mastodon.social but there are no posts.

Following either of them doesn't work.

I've excluded the following URls from cacheing.

/.well-known/*
/wp-json/*
/author/*
/@blog

Are there any others which should be excluded?

[pfefferle]

shouldn't it be /blog/...?

[pfefferle]

can you try to disable caching completely to run some tests? can you give me a ping when disabled?

[edent]

I've disabled caching for tonight.

[jarbochov]

Okay, I'm a novice, but I can find my user account for my blog. The JSON for the account is listing:

{"@context":["https:\/\/www.w3.org\/ns\/activitystreams","https:\/\/w3id.org\/security\/v1",{"manuallyApprovesFollowers":"as:manuallyApprovesFollowers","PropertyValue":"schema:PropertyValue","schema":"http:\/\/schema.org#","pt":"https:\/\/joinpeertube.org\/ns#","toot":"http:\/\/joinmastodon.org\/ns#","webfinger":"https:\/\/webfinger.net\/#","litepub":"http:\/\/litepub.social\/ns#","value":"schema:value","Hashtag":"as:Hashtag","featured":{"@id":"toot:featured","@type":"@id"},"featuredTags":{"@id":"toot:featuredTags","@type":"@id"},"alsoKnownAs":{"@id":"as:alsoKnownAs","@type":"@id"},"discoverable":"toot:discoverable","sensitive":"as:sensitive","resource":"webfinger:resource"}],"id":"https:\/\/wyomingjarbo.com\/blog\/wp-json\/activitypub\/1.0\/users\/0\/inbox","generator":"http:\/\/wordpress.org\/?v=6.3.1","type":"OrderedCollectionPage","partOf":"https:\/\/wyomingjarbo.com\/blog\/wp-json\/activitypub\/1.0\/users\/0\/inbox","totalItems":0,"orderedItems":[],"first":"https:\/\/wyomingjarbo.com\/blog\/wp-json\/activitypub\/1.0\/users\/0\/inbox"}

How is "manuallyApprovesFollowers":"as:manuallyApprovesFollowers", being populated?

[blindi0815]

my blog is https://endeavr.de
my blog user is @endeavr.de@endeavr.de
I can find the user on Mastodon. If I follow I encounter the same issue as per above.
if I do curl I get no result back:

$ curl "https://endeavr.de/@endeavr.de"
$

blog host is based on Yunohost/ nginx

[pfefferle]

@blindi0815 works for me

[pfefferle]

@jarbochov I assume that there is an issue somewhere, that is caused by WordPress installations in sub-pathes. Currently I am checking if there is an issue with signature verification, because of a wrong generated URL/URI.

[blindi0815]

@pfefferle
Doesn't from my instance marctodon.marci.one - it is a plain mastodon instance hosted by myself. Is there anything that the instance must support?

[pfefferle]

@blindi0815 sorry, I have no idea! I have no experience in hosting a Mastodon instance!

[blindi0815]

Might be an issue with the Mastodon instance version. Mine is running on 4.1.7, yours and @jarbochov is running on 4.2.0 nightly build. I can see the access in the nginx logs and they all look the same. Just that my instance doesn't like the response. Oh well. Thank you anyways

[pfefferle]

Can you (the ones who run WordPress in a subdirectory) tell me the value of your home_url & site_url? I think I found the issue!