yves
/
debug-XMPP-file-upload
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

initial configuration

master
Y 2018-03-25 18:59:31 +02:00
commit d342857b19
7 changed files with 523 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
README.adoc Normal file
View File

@ -0,0 +1,56 @@
= XMPP file-upload not working.
== Problem
When I want to upload a photo to a group-chat using Gajim, I can see on the server that a directory is created to receive the image, but the image never gets there.
Thus, Gajim reports an empty file (actually a 404 error, according to Nginx).
== Configuration
My PC (XMPP client) runs Gajim on Archlinux.
The PC has IP 192.168.1.99.
The server runs Archlinux too.
Here is the network setup:
[ditaa]
-------
+-----------------------------------------------------------------+
| Server |
| +-----------+ +----------------+ +-------------------------+ |
+----+ | | nftables | | haproxy (tcp) | | nginx : /…/https+.pp | |
| PC +->+->+ :443 dnat +->+ :444 tls_plus +->+ ↓ | |
+--+-+ | | → :444 OK | | → /…/https+.pp | | /---------------------\ | |
| | +-----------+ +----------------+ | | ssowat | | |
| | | | "/x…": pass-through | | |
| | +---------------+ | \---------------------/ | |
| | | prosody | | ↓ | |
\--->+->+ :5222 :5280 +<-----------------+ location /xmpp- { … } | |
| +---------------+ +-------------------------+ |
| |
+-----------------------------------------------------------------+
-------
== Versions
PC::
* Archlinux kernel 4.15.11
* Gajim 1.0.0
* Gajim plugin httpupload 0.4.6
Server::
* Archlinux kernel 4.15.11
* nftables 0.8.3
* haproxy 1.8.4
* nginx 1.13.10
* ssowat-git (my fork)
* prosody 0.10.0
* prosody-mod-auth-external-hg r2944.37ec4c2f319a
* prosody-mod-auto-accept-subscriptions-hg r2944.37ec4c2f319a
* prosody-mod-csi-hg r2944.37ec4c2f319a
* prosody-mod-filter-chatstates-hg r2944.37ec4c2f319a
* prosody-mod-http-upload r2944.37ec4c2f319a
* prosody-mod-mam-adhoc 0.10.0
* prosody-mod-offline-email-hg r2944.37ec4c2f319a
* prosody-mod-smacks 2017.08.27
* prosody-mod-throttle_presence r2944.37ec4c2f319a

36
haproxy.cfg Normal file
View File

@ -0,0 +1,36 @@
global
tune.ssl.default-dh-param 2048
ssl-default-bind-ciphers …
ssl-default-bind-options …
ssl-default-server-ciphers …
ssl-default-server-options …
log /dev/log local0 info
pidfile /run/haproxy.pid
daemon
defaults
mode tcp
timeout connect 5s
timeout client 5m
timeout server 5m
timeout tunnel 1h
timeout client-fin 5s
timeout server-fin 5s
log global
option logasap
option log-separate-errors
log-format "%ci:%cp [%t] %ft %b[%bi:%bp]/%s %Tw/%Tc/%Tt %B %ts %ac/%fc/%bc/%sc/%rc %sq/%bq"
frontend tls
bind :443 ssl crt /etc/haproxy/tls.pem
default_backend https
backend https
server nginx unix@/run/shared_sockets/https.pp send-proxy
frontend tls_plus
bind :444 ssl crt /etc/haproxy/tls.pem
default_backend https_plus
backend https_plus
server nginx unix@/run/shared_sockets/https+.pp send-proxy

165
journal.log Normal file
View File

@ -0,0 +1,165 @@
mars 25 16:59:13 seuil3 prosody[68]: c2s15782d0: Handled 63 incoming stanzas
mars 25 16:59:13 seuil3 prosody[68]: c2s15782d0: Received[c2s]: <iq id='baadadc6-daa3-4b68-b885-094a1118293a' type='get' to='yalis.fr' from='yves@yalis.fr/Gajim'>
mars 25 16:59:13 seuil3 prosody[68]: c2s15782d0: Given upload slot "O-_77OOdwpLXIh5P/IMG_20180127_094908.jpg"
mars 25 16:59:13 seuil3 prosody[68]: c2s15782d0: #queue = 1
mars 25 16:59:13 seuil3 prosody[68]: c2s15782d0: Queuing <r> (in a moment)
mars 25 16:59:13 seuil3 prosody[68]: c2s15782d0: Received[c2s]: <r xmlns='urn:xmpp:sm:3'>
mars 25 16:59:13 seuil3 prosody[68]: yalis.fr:smacks: Received ack request, acking for 63
mars 25 16:59:13 seuil3 prosody[68]: c2s15782d0: Sending <r> (inside timer, before send)
mars 25 16:59:13 seuil3 prosody[68]: c2s15782d0: Sending <r> (inside timer, after send)
mars 25 16:59:13 seuil3 prosody[68]: c2s15782d0: Received[c2s]: <a xmlns='urn:xmpp:sm:3' h='83'>
mars 25 16:59:13 seuil3 prosody[68]: c2s15782d0: #queue = 0
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: epoll: fd:8 ev:0001 d:00007FDEB23F31F0
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: accept on unix:/run/shared_sockets/https+.pp, ready: 0
mars 25 16:59:13 seuil3 haproxy[78]: 192.168.1.99:58576 [25/Mar/2018:16:59:13.458] tls_plus~ https_plus[unix:0]/nginx 61/1/+61 +0 -- 8/3/3/3/0 0/0
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: posix_memalign: 0000559D717FB940:512 @16
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 accept: unix: fd:23
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 event timer add: 23: 60000:102301826
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 reusable connection: 1
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 epoll add event: fd:23 op:1 ev:80002001
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: timer delta: 205
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: worker cycle
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: epoll timer: 23235
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: epoll: fd:23 ev:0001 d:00007FDEB23F35B0
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 posix_memalign: 0000559D71A67000:4096 @16
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http process request header line
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: shmtx lock
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: shmtx unlock
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 post access phase: 13
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 generic phase: 14
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 generic phase: 15
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http request body content length filter
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 malloc: 0000559D71809030:8192
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http read client request body
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 recv: eof:0, avail:0
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http request count:2 blk:0
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 recv: fd:23 8192 of 8192
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 temp fd:25
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [warn] 1898#1898: *34 a client request body is buffered to a temporary file /var/lib/nginx/client-body/0000000001, client: 192.168.1.99, server: , request: "PUT /xmpp-upload/O-_77OOdwpLXIh5P/IMG_20180127_094908.jpg HTTP/1.1", host: "yalis.fr"
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 write: 25, 0000559D71809030, 8192, 0
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 recv: eof:0, avail:1
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 recv: fd:23 8192 of 8192
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http client request body recv 8192
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http body new buf t:1 f:0 0000559D71809030, pos 0000559D71809030, size: 8192 file: 0, size: 0
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http write client request body, bufs 0000559D719FAD28
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 write: 25, 0000559D71809030, 8192, 8192
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 recv: eof:0, avail:1
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 recv: fd:23 8192 of 8192
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http client request body recv 8192
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http body new buf t:1 f:0 0000559D71809030, pos 0000559D71809030, size: 8192 file: 0, size: 0
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 recv: eof:0, avail:1
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 write: 25, 0000559D71809030, 8192, 24576
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http write client request body, bufs 0000559D719FAD28
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 recv: fd:23 8192 of 8192
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 recv: eof:0, avail:1
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 recv: eof:0, avail:1
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 write: 25, 0000559D71809030, 8192, 57344
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http body new buf t:1 f:0 0000559D71809030, pos 0000559D71809030, size: 8192 file: 0, size: 0
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 recv: eof:0, avail:1
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http body new buf t:1 f:0 0000559D71809030, pos 0000559D71809030, size: 8192 file: 0, size: 0
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 recv: eof:0, avail:1
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 recv: eof:0, avail:1
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http body new buf t:1 f:0 0000559D71809030, pos 0000559D71809030, size: 8192 file: 0, size: 0
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http body new buf t:1 f:0 0000559D71809030, pos 0000559D71809030, size: 8192 file: 0, size: 0
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 recv: fd:23 8192 of 8192
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 recv: eof:0, avail:1
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 recv: eof:0, avail:1
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http write client request body, bufs 0000559D719FAD28
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http body new buf t:1 f:0 0000559D71809030, pos 0000559D71809030, size: 8192 file: 0, size: 0
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 recv: fd:23 8192 of 8192
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 recv: eof:0, avail:1
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 write: 25, 0000559D71809030, 8192, 147456
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http client request body recv 8192
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 recv: fd:23 8192 of 8192
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 recv: eof:0, avail:1
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http client request body recv 8192
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 recv: eof:0, avail:1
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 recv: eof:0, avail:1
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 recv: eof:0, avail:1
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http write client request body, bufs 0000559D719FAD28
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 write: 25, 0000559D71809030, 8192, 548864
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 recv: eof:0, avail:1
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 recv: fd:23 8192 of 8192
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http client request body recv 8192
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http body new buf t:1 f:0 0000559D71809030, pos 0000559D71809030, size: 8192 file: 0, size: 0
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http write client request body, bufs 0000559D719FAD28
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 write: 25, 0000559D71809030, 8192, 557056
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 recv: eof:0, avail:1
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 recv: fd:23 8192 of 8192
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http client request body recv 8192
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http body new buf t:1 f:0 0000559D71809030, pos 0000559D71809030, size: 8192 file: 0, size: 0
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 recv: fd:23 8192 of 8192
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http client request body recv 8192
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http body new buf t:1 f:0 0000559D71809030, pos 0000559D71809030, size: 8192 file: 0, size: 0
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http write client request body, bufs 0000559D719FAD28
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 write: 25, 0000559D71809030, 8192, 614400
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 recv: eof:0, avail:1
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 recv: fd:23 8192 of 8192
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http client request body recv 8192
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http body new buf t:1 f:0 0000559D71809030, pos 0000559D71809030, size: 8192 file: 0, size: 0
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http write client request body, bufs 0000559D719FAD28
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 write: 25, 0000559D71809030, 8192, 622592
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 write: 25, 0000559D71809030, 8192, 671744
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 recv: eof:0, avail:1
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 recv: fd:23 8192 of 8192
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http client request body recv 8192
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http body new buf t:1 f:0 0000559D71809030, pos 0000559D71809030, size: 8192 file: 0, size: 0
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http write client request body, bufs 0000559D719FAD28
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 write: 25, 0000559D71809030, 8192, 679936
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 recv: eof:0, avail:1
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 recv: fd:23 7284 of 7284
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http client request body recv 7284
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http body new buf t:1 f:0 0000559D71809030, pos 0000559D71809030, size: 7284 file: 0, size: 0
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 epoll add connection: fd:26 ev:80002005
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 connect to 127.0.0.1:5280, fd:26 #35
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http upstream connect: -2
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 posix_memalign: 0000559D719D07E0:128 @16
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 event timer add: 26: 60000:102301829
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 sendfile: 695412 of 695412 @0
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 chain writer out: 0000000000000000
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 event timer del: 26: 102301829
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 event timer add: 26: 60000:102301877
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: timer delta: 48
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: worker cycle
mars 25 16:59:13 seuil3 prosody[68]: socket: accepted incoming client connection from: 127.0.0.1 45972 to 5280
mars 25 16:59:13 seuil3 prosody[68]: http.server: Firing event: PUT yalis.fr/xmpp-upload/O-_77OOdwpLXIh5P/IMG_20180127_094908.jpg
mars 25 16:59:13 seuil3 prosody[68]: socket: try to close client connection with id: 1111f80
mars 25 16:59:13 seuil3 prosody[68]: socket: closing delayed until writebuffer is empty
mars 25 16:59:13 seuil3 prosody[68]: socket: closing client after writing
mars 25 16:59:13 seuil3 prosody[68]: socket: closing client with id: 1111f80 client to close
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: epoll: fd:26 ev:2005 d:00007FDEB23F3880
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http upstream request: "/xmpp-upload/O-_77OOdwpLXIh5P/IMG_20180127_094908.jpg?"
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http upstream process header
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 malloc: 0000559D719F3C40:4096
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 recv: eof:1, avail:1
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 recv: fd:26 470 of 4096
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http proxy status 404 "404 Not Found"
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http proxy header: "Connection: close"
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http proxy header: "Content-Length: 367"
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http proxy header: "Date: Sun, 25 Mar 2018 14:59:13 GMT"
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http proxy header done
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 add cleanup: 0000559D71A15288
mars 25 16:59:13 seuil3 nginx[1898]: [310B blob data]
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http write filter: l:0 f:0 s:271
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http proxy filter init s:404 h:0 c:0 l:367
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http upstream process non buffered downstream
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http output filter "/xmpp-upload/O-_77OOdwpLXIh5P/IMG_20180127_094908.jpg?"
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http copy filter: "/xmpp-upload/O-_77OOdwpLXIh5P/IMG_20180127_094908.jpg?"
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http write filter: l:0 f:1 s:638
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http output filter "/xmpp-upload/O-_77OOdwpLXIh5P/IMG_20180127_094908.jpg?"
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http lingering close handler
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: epoll: fd:23 ev:2015 d:00007FDEB23F35B0
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: epoll_wait() error on fd:23 ev:2015
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http lingering close handler
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 recv: eof:1, avail:1
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 recv: fd:23 0 of 4096
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 lingering read: 0
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http request count:1 blk:0
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http close request
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 http log handler
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 run cleanup: 0000559D71A15288
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 run cleanup: 0000559D71A67F90
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 free: 0000559D719F3C40
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 free: 0000559D71A67000, unused: 0
mars 25 16:59:13 seuil3 nginx[1898]: 2018/03/25 16:59:13 [debug] 1898#1898: *34 free: 0000559D717FB940, unused: 16
mars 25 16:59:14 seuil3 nginx[1898]: 2018/03/25 16:59:14 [debug] 1898#1898: epoll: fd:22 ev:0005 d:00007FDEB23F36A1

64
nftables.conf Normal file
View File

@ -0,0 +1,64 @@
#!/usr/bin/env nft -f
flush ruleset
table ip Inet4 {
chain NAT_in {
type nat hook prerouting priority -100
# Trusted hosts
tcp dport 443 ip saddr 192.168.1.96/29 redirect to 444
}
chain NAT_out {
type nat hook postrouting priority 100
ct status dnat masquerade
}
chain FilterIn {
type filter hook input priority 0
policy drop
# allow established/related connections
ct state {established, related} accept
# early drop of invalid connections
ct state invalid drop
# allow from loopback
meta iif lo accept
# allow icmp
ip protocol icmp accept
# trusted https
ct status dnat accept
# https
tcp dport 443 accept
# xmpp client
tcp dport 5222 accept
# xmpp server
tcp dport 5269 accept
# xmpp components
tcp dport 5347 accept
}
chain FilterOut {
type filter hook output priority 0
policy drop
ct state {established, related} accept
meta oif lo accept
# DNS
ip daddr 80.67.169.12 accept
ip daddr 80.67.169.40 accept
ip daddr 87.98.175.85 accept
ip daddr 5.135.183.146 accept
ip daddr 8.8.8.8 accept
meta skuid prosody accept
}
}

71
nginx.conf Normal file
View File

@ -0,0 +1,71 @@
load_module /usr/lib/nginx/modules/ndk_http_module.so;
load_module /usr/lib/nginx/modules/ngx_http_lua_module.so;
worker_processes auto;
error_log syslog:server=unix:/dev/log,nohostname debug;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
# SSO
lua_shared_dict cache 10m;
init_by_lua_file /etc/ssowat/init.lua;
# Global configuration
client_max_body_size 10000M;
gzip on;
gzip_comp_level 6;
gzip_proxied any;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/javascript text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy text/xml;
index index.php index.html;
log_format proxy_log '…';
reset_timedout_connection on;
server_tokens off;
root /srv/http;
# server for regular HTTPS contents
server {
listen unix:/run/shared_sockets/https.pp proxy_protocol;
}
# server for privileged HTTPS contents
server {
listen unix:/run/shared_sockets/https+.pp proxy_protocol;
access_log /var/log/nginx/https_access.log proxy_log;
set_real_ip_from unix:;
real_ip_header proxy_protocol;
access_by_lua_file /etc/ssowat/access.lua;
header_filter_by_lua_file /etc/ssowat/headers.lua;
location /xmpp- {
proxy_pass http://localhost:5280;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_buffering off;
tcp_nodelay on;
}
location /xmpp-websocket {
proxy_pass http://localhost:5280;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 30m;
proxy_buffering off;
tcp_nodelay on;
}
}
}

121
prosody.cfg.lua Normal file
View File

@ -0,0 +1,121 @@
daemonize = true
pidfile = "/run/prosody/prosody.pid"
admins = { }
use_libevent = true;
modules_enabled = {
-- Additional modules
"auto_accept_subscriptions"; -- friends automatically accepted
"csi"; -- filter activity depending on mobile state
"filter_chatstates"; -- csi: filter chat states when inactive
"http_upload"; -- share files in MUCs
"lastactivity"; -- query users idle time
"mam_adhoc"; -- manage mam from the client
"offline_email"; -- get missed messages by email
"pubsub"; -- publish-suscribe / lien social
"smacks"; -- ignore temporary disconnects
"throttle_presence"; -- csi: limit presence updates when inactive
-- Generally required
"roster";
"saslauth";
"tls";
"dialback";
"disco";
-- Not essential, but recommended
"carbons";
"pep";
"private";
"blocklist";
"vcard";
-- Nice to have
"version";
"uptime";
"time";
"ping";
"register";
"mam";
-- Admin interfaces
"admin_adhoc";
-- HTTP modules
"bosh";
"websocket";
"http_files";
"groups";
}
modules_disabled = {
}
allow_registration = false
c2s_require_encryption = true
s2s_require_encryption = true
s2s_secure_auth = false
authentication = "external"
storage = "sql"
sql = { }
archive_expires_after = "1w" -- Remove archived messages after 1 week
log = {
"*syslog"; -- Uncomment this for logging to syslog
}
certificates = "certs"
-- configure bash authentication
external_auth_command = "/etc/prosody/external_auth.sh"
-- hide OS type from mod_version output
hide_os_type = true
-- limit registration
allow_registration = true
whitelist_registration_only = true
registration_whitelist = { '127.0.0.1' }
-- configure HTTP
http_files_dir = "/var/lib/prosody/httpd"
http_paths = {
websocket = "/xmpp-websocket";
bosh = "/xmpp-bind";
files = "/xmpp-shared";
}
http_default_host = "yalis.fr"
http_external_url = "https://yalis.fr/xmpp-"
-- configure uploads
http_upload_file_size_limit = 5 * 1024 * 1024 -- 5MB in bytes
-- configure websockets (ws:localhost:5280/websocket)
cross_domain_websocket = true
consider_websocket_secure = true
-- configure BOSH (http://localhost:5280/bind)
cross_domain_bosh = true
consider_bosh_secure = true
-- configure MAM
default_archive_policy = "roster"
archive_expires_after = "1m"
archive_cleanup_interval = 24 * 60 * 60 -- once a day
muc_log_by_default = true
max_history_messages = 500
-- configure email sending
smtp_from = "xmpp-offline-do-not-reply@yalis.fr"
-- setup the virtual host
VirtualHost "yalis.fr"
-- declare publish-suscribe
Component "jabps.yalis.fr" "pubsub"
-- declare Multi-User Chat
Component "www.yalis.fr" "muc"
VirtualHost "localhost"

10
ssowat.json Normal file
View File

@ -0,0 +1,10 @@
{
"portal_scheme": "https",
"portal_domain": "yalis.fr",
"skipped_regex": [
"^/x",
],
}