Cant create new account

petitminion

could you provide the logs when you try to register ? api-1 | 2023-11-27 20:36:34,783 django.request WARNING Unauthorized: /api/v1/users/me/ is a normal warning. There should be an error raised, something timeout in the server side or maybe there is something in nginx error logs

gcrk

There is a 504 Gateway timeout visible in the warning, so its clearly a reverse proxy config issue. Please share your browsers network tab after loading a page and your reverse proxy config.

petitminion

gcrk Maybe the backend did not raise some error, get stuck and this endup in an timeout..

gcrk

petitminion Indeed possible.

@RNGIllSkillz I see your instance has a user, I guess your created this using the CLI?

RNGIllSkillz

[upl-image-preview url=https://forum.funkwhale.audio/assets/files/2023-12-02/1701515652-598216-image.png]
main nginx.conf

  GNU nano 3.2                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            nginx.conf                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      

# run nginx in foreground
daemon off;
pid /run/nginx/nginx.pid;
user npm;

# Set number of worker processes automatically based on number of CPU cores.
worker_processes auto;

# Enables the use of JIT for regular expressions to speed-up their processing.
pcre_jit on;

error_log /data/logs/fallback_error.log warn;

# Includes files with directives to load dynamic modules.
include /etc/nginx/modules/*.conf;

events {
        include /data/nginx/custom/events[.]conf;
}

http {
        include                       /etc/nginx/mime.types;
        default_type                  application/octet-stream;
        sendfile                      on;
        server_tokens                 off;
        tcp_nopush                    on;
        tcp_nodelay                   on;
        client_body_temp_path         /tmp/nginx/body 1 2;
        keepalive_timeout             90s;
        proxy_connect_timeout         90s;
        proxy_send_timeout            90s;
        proxy_read_timeout            90s;
        ssl_prefer_server_ciphers     on;
        gzip                          on;
        proxy_ignore_client_abort     off;
        client_max_body_size          2000m;
        server_names_hash_bucket_size 1024;
        proxy_http_version            1.1;
        proxy_set_header              X-Forwarded-Scheme $scheme;
        proxy_set_header              X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header              Accept-Encoding "";
        proxy_cache                   off;
        proxy_cache_path              /var/lib/nginx/cache/public  levels=1:2 keys_zone=public-cache:30m max_size=192m;
        proxy_cache_path              /var/lib/nginx/cache/private levels=1:2 keys_zone=private-cache:5m max_size=1024m;

        log_format proxy '[$time_local] $upstream_cache_status $upstream_status $status - $request_method $scheme $host "$request_uri" [Client $remote_addr] [Length $body_bytes_sent] [Gzip $gzip_ratio] [Sent-to $server] "$http_user_agent" "$http_referer"';
        log_format standard '[$time_local] $status - $request_method $scheme $host "$request_uri" [Client $remote_addr] [Length $body_bytes_sent] [Gzip $gzip_ratio] "$http_user_agent" "$http_referer"';

        access_log /data/logs/fallback_access.log proxy;

        # Dynamically generated resolvers file
        include /etc/nginx/conf.d/include/resolvers.conf;

        # Default upstream scheme
        map $host $forward_scheme {
                default http;
        }

        # Real IP Determination

        # Local subnets:
        set_real_ip_from 10.0.0.0/8;
        set_real_ip_from 172.16.0.0/12; # Includes Docker subnet
        set_real_ip_from 192.168.0.0/16;
        # NPM generated CDN ip ranges:
        include conf.d/include/ip_ranges.conf;
        # always put the following 2 lines after ip subnets:
        real_ip_header X-Real-IP;
        real_ip_recursive on;

        # Custom
        include /data/nginx/custom/http_top[.]conf;

        # Files generated by NPM
        include /etc/nginx/conf.d/*.conf;
        include /data/nginx/default_host/*.conf;
        include /data/nginx/proxy_host/*.conf;
        include /data/nginx/redirection_host/*.conf;
        include /data/nginx/dead_host/*.conf;
        include /data/nginx/temp/*.conf;

        # Custom
        include /data/nginx/custom/http[.]conf;
}

stream {
        # Files generated by NPM
        include /data/nginx/stream/*.conf;

        # Custom
        include /data/nginx/custom/stream[.]conf;
}

# Custom
include /data/nginx/custom/root[.]conf;

http.conf

map $http_upgrade $connection_upgrade {  
    default upgrade;
    ''      close;
}
include /data/nginx/custom/funkwhale.conf;

funkwhale.conf

upstream funkwhale-api {
    server 192.168.255.61:5000;
}

# Required for websocket support.
map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

server {
    listen      80;
    listen [::]:80;
    server_name spot.illskillz.pro;
    charset     utf-8;
    server_name _;

    add_header Content-Security-Policy "default-src 'self'; connect-src https: wss: http: ws: 'self' 'unsafe-eval'; script-src 'self' 'wasm-unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; media-src https: http: 'self' data:; object-src 'none'";
    add_header Referrer-Policy "strict-origin-when-cross-origin";
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header Service-Worker-Allowed "/";

    root /usr/share/nginx/html;

    # compression settings
    gzip on;
    gzip_comp_level    5;
    gzip_min_length    256;
    gzip_proxied       any;
    gzip_vary          on;

    gzip_types
        application/javascript
        application/vnd.geo+json
        application/vnd.ms-fontobject
        application/x-font-ttf
        application/x-web-app-manifest+json
        font/opentype
        image/bmp
        image/svg+xml
        image/x-icon
        text/cache-manifest
        text/css
        text/plain
        text/vcard
        text/vnd.rim.location.xloc
        text/vtt
        text/x-component
        text/x-cross-domain-policy;
    # end of compression settings

    location /api/ {
        include /data/nginx/custom/funkwhale_proxy.conf;
        # This is needed if you have file import via upload enabled.
        client_max_body_size 100M;
        proxy_pass   http://funkwhale-api;
    }

    location / {
        alias /usr/share/nginx/html/;
        expires 1d;
        try_files $uri $uri/ /index.html;
    }

    location ~ "/(front/)?embed.html" {
        add_header Content-Security-Policy "connect-src https: http: 'self'; default-src 'self'; script-src 'self' unpkg.com 'unsafe-inline' 'unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; object-src 'none'; media-src https: http: 'self' data:";
        add_header Referrer-Policy "strict-origin-when-cross-origin";

        alias /usr/share/nginx/html/embed.html;
        expires 1d;
    }

    location /federation/ {
        include /data/nginx/custom/funkwhale_proxy.conf;
        proxy_pass   http://funkwhale-api;
    }

    # You can comment this if you do not plan to use the Subsonic API.
    location /rest/ {
        include /data/nginx/custom/funkwhale_proxy.conf;
        proxy_pass http://funkwhale-api/api/subsonic/rest/;
    }

    location /.well-known/ {
        include /data/nginx/custom/funkwhale_proxy.conf;
        proxy_pass   http://funkwhale-api;
    }

    # Allow direct access to only specific subdirectories in /media
    location /media/__sized__/ {
        alias /srv/funkwhale/data/media/__sized__/; 
        add_header Access-Control-Allow-Origin '*';
    }

    # Allow direct access to only specific subdirectories in /media
    location /media/attachments/ {
        alias /srv/funkwhale/data/media/attachments/;
        add_header Access-Control-Allow-Origin '*';
    }

    # Allow direct access to only specific subdirectories in /media
    location /media/dynamic_preferences/ {
        alias /srv/funkwhale/data/media/dynamic_preferences/;
        add_header Access-Control-Allow-Origin '*';
    }

    # This is an internal location that is used to serve
    # media (uploaded) files once correct permission / authentication
    # has been checked on API side.
    # Comment the "NON-S3" commented lines and uncomment "S3" commented lines
    # if you're storing media files in a S3 bucket.
    location ~ /_protected/media/(.+) {
        internal;
        alias   /srv/funkwhale/data/media/$1;                                           # NON-S3
        # Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932.
#       proxy_set_header Authorization "";                                  # S3
#       proxy_pass $1;                                                      # S3
        add_header Access-Control-Allow-Origin '*';
    }

    location /_protected/music/ {
        # This is an internal location that is used to serve
        # local music files once correct permission / authentication
        # has been checked on API side.
        # Set this to the same value as your MUSIC_DIRECTORY_PATH setting.
        internal;
	# $MUSIC_DIRECTORY_PATH -> /srv/funkwhale/data/music 
        alias   /srv/funkwhale/data/music/;
        add_header Access-Control-Allow-Origin '*';
    }

    location /manifest.json {
        # If the reverse proxy is terminating SSL, nginx gets confused and redirects to http, hence the full URL
        return 302 https://spot.illskillz.pro/api/v1/instance/spa-manifest.json;
    }
}

funkwhale_proxy.conf

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header X-Forwarded-Host $http_x_forwarded_host;
proxy_set_header X-Forwarded-Port $http_x_forwarded_port;
proxy_redirect off;

# websocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;

Location /srv/funkwhale/data/music is mounten into nginx server and as far as i can tell theres no errors in my funkwhale instance but user registration

RNGIllSkillz

Yes, its a superuser I have created with cli

gcrk

@RNGIllSkillz This all is super confusing to me, sorry I cannot really provide any actual help. But lets see if we can get closer. As far as I am aware the main difference between creating a user with CLI to a registration is that the registration tries to send E-Mails. Did your instance ever send an mail to you? Is this working?

RNGIllSkillz

No it never send anything. I believe I configure smtp correctly. I disabled forced email confirmation, but i have same error. I dont think that email is relevant since it never get passed 504 error. Theres two things that confuses me: 1: At user registration form there is no password confirmation, is it by design? And 2: When I was tinkering at django admin panel I noticed that at Email addresses menu theres 0 email addresses even tho my superuser account have email address attached to it.

AMoonRabbit

I see your reverse proxy is set to point to an actual IP:5000 instead of local. Is you reverse proxy not hosted on the same host as Funkwhale? Can you also share the docker-compose.yml setup, mainly the configuration of the ports for the front section (at the end of the config)

RNGIllSkillz

Reverse proxy is on another host.

version: "3"

services:
  postgres:
    restart: unless-stopped
    env_file: .env
    environment:
      - "POSTGRES_HOST_AUTH_METHOD=trust"
    image: postgres:15-alpine
    volumes:
      - ./data/postgres:/var/lib/postgresql/data

  redis:
    restart: unless-stopped
    env_file: .env
    image: redis:7-alpine
    volumes:
      - ./data/redis:/data

  celeryworker:
    restart: unless-stopped
    image: funkwhale/api:${FUNKWHALE_VERSION:-latest}
    depends_on:
      - postgres
      - redis
    env_file: .env
    # Celery workers handle background tasks (such file imports or federation
    # messaging). The more processes a worker gets, the more tasks
    # can be processed in parallel. However, more processes also means
    # a bigger memory footprint.
    # By default, a worker will span a number of process equal to your number
    # of CPUs. You can adjust this, by explicitly setting the --concurrency
    # flag:
    #   celery -A funkwhale_api.taskapp worker -l INFO --concurrency=4
    command:
      - celery
      - --app=funkwhale_api.taskapp
      - worker
      - --loglevel=INFO
      - --concurrency=${CELERYD_CONCURRENCY-0}
    environment:
      - C_FORCE_ROOT=true
    volumes:
      - "${MUSIC_DIRECTORY_SERVE_PATH-/srv/funkwhale/data/music}:${MUSIC_DIRECTORY_PATH-/music}:ro"
      - "${MEDIA_ROOT}:${MEDIA_ROOT}"

  celerybeat:
    restart: unless-stopped
    image: funkwhale/api:${FUNKWHALE_VERSION:-latest}
    command:
      - celery
      - --app=funkwhale_api.taskapp
      - beat
      - --loglevel=INFO
    depends_on:
      - postgres
      - redis
    env_file: .env

  api:
    restart: unless-stopped
    image: funkwhale/api:${FUNKWHALE_VERSION:-latest}
    depends_on:
      - postgres
      - redis
    env_file: .env
    volumes:
      - "${MUSIC_DIRECTORY_SERVE_PATH-/srv/funkwhale/data/music}:${MUSIC_DIRECTORY_PATH-/music}:ro"
      - "${MEDIA_ROOT}:${MEDIA_ROOT}"
      - "${STATIC_ROOT}:${STATIC_ROOT}"

  front:
    restart: unless-stopped
    image: funkwhale/front:${FUNKWHALE_VERSION:-latest}
    depends_on:
      - api
    env_file:
      - .env
    environment:
      # Override those variables in your .env file if needed
      - "NGINX_MAX_BODY_SIZE=${NGINX_MAX_BODY_SIZE-100M}"
    volumes:
      # Uncomment if you want to use your previous nginx config, please let us
      # know what special configuration you need, so we can support it with out
      # upstream nginx configuration!
      #- "./nginx/funkwhale.template:/etc/nginx/templates/default.conf.template:ro"
      #- "./nginx/funkwhale_proxy.conf:/etc/nginx/funkwhale_proxy.conf:ro"

      - "${MUSIC_DIRECTORY_SERVE_PATH-/srv/funkwhale/data/music}:${MUSIC_DIRECTORY_PATH-/music}:ro"
      - "${MEDIA_ROOT}:${MEDIA_ROOT}:ro"
      - "${STATIC_ROOT}:/usr/share/nginx/html/staticfiles:ro"
    ports:
      # override those variables in your .env file if needed
      - "${FUNKWHALE_API_IP}:${FUNKWHALE_API_PORT}:80"

FUNKWHALE_API_IP is set to 0.0.0.0 in .env file

RNGIllSkillz

I have a new setup with api and from images is installed seperatelly and im haveng the same issue when i can create new accounts. Now I can see api error

[error] 37#37: *381 upstream timed out (110: Operation timed out) while reading response header from upstream, client: 192.168.255.1, server: _, request: "POST /api/v1/auth/registration/ HTTP/1.1", upstream: "http://192.168.254.252:5000/api/v1/auth/registration/", host: "192.168.255.70", referrer: "http://192.168.255.70/signup"

api ip is 192.168.254.252, front ip 192.168.255.70
Im using default nginx config that is located inside front image at /etc/nginx/conf.d/default.conf

gcrk

RNGIllSkillz Considering your other thread, this is most likely caused by the API not being able to connect to redis, or did you solved this issue already?

Where is this error message coming from? Your reverse proxy or from the frontend container?

RNGIllSkillz

yes, i resolved redis issue. The message is coming from container. im not using reverse proxy, im connecting directly to container ip

RNGIllSkillz

At this point I really have no idea whats wrong
api is working

2023-12-11T21:34:49.603210604+03:00 [2023-12-11 18:34:49 +0000] [12] [INFO] Waiting for application startup.
2023-12-11T21:34:49.603219096+03:00 [2023-12-11 18:34:49 +0000] [12] [INFO] ASGI 'lifespan' protocol appears unsupported.
2023-12-11T21:34:49.603238317+03:00 [2023-12-11 18:34:49 +0000] [12] [INFO] Application startup complete.
2023-12-11T21:36:42.170360276+03:00 2023-12-11 18:36:42,169 django.request WARNING  Unauthorized: /api/v1/users/me/
2023-12-11T21:36:42.184147904+03:00 2023-12-11 18:36:42,183 django.request WARNING  Unauthorized: /api/v1/users/me/
2023-12-11T21:36:48.818519541+03:00 [2023-12-11 18:36:48 +0000] [12] [INFO] ('192.168.255.70', 36332) - "WebSocket /api/v1/activity" [accepted]
2023-12-11T21:36:48.818869884+03:00 [2023-12-11 18:36:48 +0000] [12] [INFO] connection open
2023-12-11T21:36:49.020901696+03:00 /venv/lib/python3.10/site-packages/rest_framework/pagination.py:200: UnorderedObjectListWarning: Pagination may yield inconsistent results with an unordered object_list: <class 'funkwhale_api.playlists.models.Playlist'> PlaylistQuerySet.
2023-12-11T21:36:49.020930301+03:00   paginator = self.django_paginator_class(queryset, page_size)
2023-12-11T21:36:49.035186086+03:00 /venv/lib/python3.10/site-packages/rest_framework/pagination.py:200: UnorderedObjectListWarning: Pagination may yield inconsistent results with an unordered object_list: <class 'funkwhale_api.playlists.models.Playlist'> PlaylistQuerySet.
2023-12-11T21:36:49.035226599+03:00   paginator = self.django_paginator_class(queryset, page_size)
2023-12-11T21:37:34.461228943+03:00 [2023-12-11 18:37:34 +0000] [12] [INFO] connection closed

front is successfully sending post requests

[11/Dec/2023:19:56:32 +0000] "POST /api/v1/users/login HTTP/1.1" 200 0 "https://spot.illskillz.pro/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" "192.168.255.1"
[11/Dec/2023:19:56:32 +0000] "GET /api/v1/users/me/ HTTP/1.1" 200 783 "https://spot.illskillz.pro/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" "192.168.255.1"

the only issue i have with the api/v1/auth/registration/ endpoint and i dont think its an api, front or proxy issue because api is counting the requests and I can get rate limited on that endpoint

RNGIllSkillz

I have only 2 errors on my funkwhale setup but im sure those are not related.

At api container startup it throws an error saying that destination to host is unreachable. I think its because its trying to connect to postgres server before kubernetes set up routes. After I refresh connection to container log, its already established connection to the database.
When Im accessing /api/admin panel, theres an error nav_sidebar.js:1 Uncaught SyntaxError: Unexpected token '<' visually panel is messed up, but is working

RNGIllSkillz

same issue on 1.4.0 ._.

gcrk

@RNGIllSkillz The information I have isn't sufficient to do any more debug. You could try the following:

Enable Debug Mode to get more detailed logs. In your .env file, just set DEBUG=true
Make sure the address you use to connect to funkwhale aligns with the configured hostname: https://docs.funkwhale.audio/administrator/configuration/env-file.html#config.settings.common.FUNKWHALE_HOSTNAME
Verify outgoing emails are configured correctly (you could try to reset your password for the existing account)

AMoonRabbit

Do you have a dead.letter files in the folder for Funkwhale on the host? These may include useful errors.

RNGIllSkillz

api startup log
front startup log
---
api logs after crating a user
front logs after creating a user
p.s. please note that im not using .env file. im setting up variables directly in to containers.

api env
front env

AMoonRabbit what folder you are referring to ?

AMoonRabbit

RNGIllSkillz dead.letter files are usually generated in the root of the funkwhale folder for me.

As you are not using the .env file, can you verify that your variables are being used in the containers at all?