New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
XMPP http upload #831
XMPP http upload #831
Conversation
What do you think to replace jabber by upload-xmpp ? Is jabber a common name for upload http ? |
Hi all, just here to show my support, I've been using the XMPP & metronome features of my ynh instance, I would have never been able to configure these myself so wanted to say thanks and looking forwards to the possibility of uploads via ynh xmpp too. Cheers ! |
(Flagging as work needed / test needed until you give the green light 😜 ) |
3349ed7
to
2dbbd85
Compare
Status of this PR: Proof of concept validated Some things may need improvement:
|
I'd suggest using mod_http_upload_external instead of mod_http_upload, although configuration extra care in regards of nginx configuration should be adopted since the recent discovering of vulnerabilities in its FastCGI implementation. |
That should remove all the limitations of narrow file sizes, and also meddling too much with forwarding ports as all requests will be handled by nginx directly. |
2dbbd85
to
1e84967
Compare
I've simplified my changes to make this PR easier to review. One important thing I don't know how to handle properly is the renewal of existing letsencrypt certificates. We should find a way to silently drop existing certificates and create a new one including SAN for xmpp-upload.thedomain.net |
@maranda using mod_http_upload_external would need more extra work (implementing a new service handling PUT requests). I have currently no idea how to implement this easily and I don't have enough time to work on this. |
@pitchum you don't have to work on a PUT service because the php script to perform the uploads is already included into Metronome it just has to be configured and it's much less work than messing with forwarding all together. See: https://github.com/maranda/metronome/blob/v3.13.0/plugins/http_upload_external/resources/share.php |
@maranda I still don't see why mod_http_external_upload would be useful here and I won't have time to work on this. I'd like to have http_upload feature working in yunohost ASAP. |
@pitchum all it takes is adding the relative configuration to nginx, replacing paths into the supplied share.php, and adding config into the main config file of metronome... That's a few minutes work, but otherwise whatever suits your boat. |
Hey all, just checking back in to show support. If there is any specific testing a non technically aware person like myself could do, I can spin up a dev RPI for these purposes ? |
@colmoneill I still have to implement a transparent migration of existing certificates. When it's done I'll describe a testing procedure. I hope to have time to work on this tomorrow. |
@colmoneill I did not have time to implement automatic certificate renewal but I've build a DEB package for testing http_upload though. To test it connect to your yunohost using SSH and type this:
Then:
|
Amazing @pitchum thanks so much ! Would you say this is safe to try on my 'production' YNH machine ? Thanks again, looking forwards to trying this ! All the best ! |
No, do not try this on your production YNH, you are the first one to test this (after myself on a testing VM) |
I manage to have it working! \o/ {
"skipped_urls": [
"xmpp-upload.domain.tld"
]
} We should find a clean and permanent rule in SSOwat for that |
Great to hear this progress, sorry I haven't had time to do any tests myself, might wait for your changes to be merged @M5oul ? Thanks all ! |
1e84967
to
0bd717a
Compare
Hey all, thanks for this and the last push to get things together. Will this process of adding a new subdomain work for people using DynDNS systems ? My production setup is using a NoIP domain name which is already a subdomain similar to the trio made available by noho.st etc Just asking as it would be a good prep step for me to get a specific domain if this was going to be a requirement for XMPP file sharing to work. Thanks again ! |
I think this PR is ready to be merged.
Some errors during migrations will appear. Run
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I pushed a couple of commits, hope it's okay, otherwise I can remove them :
- change xmpp-upload folder from
/var/www/xmpp-upload.{domain}/
to/var/xmpp-upload/{domain}
, otherwise that would be likely to create a shitload of folder in/var/www/
(where tech-savy user sometimes wander) - factorize all the ciphers and header stuff in nginx conf into a common security.conf.inc. That's pretty much unrelated to this feature, except that the diff with the new vhost copypasta suggest it to increase readability.
Then I realized that there are probably some tweaks to do, considering that the whole xmpp-upload
thing is only supposed to work for the main domain (c.f. the metronome conf ?). I can take care of the required changes if you don't feel like or don't have time to do those.
Othewise, I haven't really tested the PR in terms of actually trying the feature from an XMPP client, but I trust you folks on that point and that's pretty much good for me 👍.
I followed @alexAubin's suggestions but I haven't tested those changes yet. (I don't understand all the features of github and I don't know what to do with the message "2 reviews requesting changes") |
I was about to test it, but at almost every command, I get this error:
the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me, thanks for taking care of the changes (also sorry about forgetting the security.conf.inc file !)
Anyway, let's try to move forward with this. I'm proposing to merge this on Monday afternoon and it'll still be possible to do more tests and fixes after merge anyway |
I've made some tests on a VM and everything looks fine. I think this PR is ready to be merged right now, but I'm OK to wait monday :) @kay0u the import error is caused by the line "import yunohost.certificate" in domain.py . @alexAubin maybe I'm wrong but it looks like the code concerning certificates in domain.py is dead code and can be removed. |
I just wanted to implement manually this and found this PR. |
Merging naow, congratz everybody!
Eh pretty sure that lines 300-311 are not dead, they are what makes the link between the CLI "yunohost domain cert-status" (and install, renew) and the actual functions ... This was implemented before the subcategory system, otherwise probably would have been directly "yunohost domain certificate status" (though anyway there are still naming/import trickery to do if you want to have the subcategory code in a separate file ...) But you're right about the lazy loading which might improve performances a bit, I'll do a commit after the merge |
The problem
Sharing files with XMPP's http upload mechanism is currently impossible.
This PR is an attempt to address issue #1278
Metronome's configuration is ready for http upload but port 5290 is not reachable.
Solution
http upload requires a dedicated subdomain (I have chosen jabber.thedomain.net instead of upload.thedomain.net to avoid possible conflicts with possible other "upload" things).
This subdomain should be reachable via HTTPS so we need:
PR Status
The PR ready for review.
How to test
Create 2 accounts : alice and bob
Install Dino and configure those accounts.
Happily share pictures between alice and bob.
Validation