"The track cannot be loaded You may have a connectivity issue."

minnixtx

Getting this message when trying to play a track on multi-container install, x86-64 Ubuntu server. Media is stored on another SSD separate from OS drive. Also album art isn't showing up. Just a blank square. My configs:

.env

# check https://docs.funkwhale.audio/configuration.html#configuration-reference

# If you're tweaking this file from the template, ensure you edit at least the
# following variables:
# - DJANGO_SECRET_KEY
# - FUNKWHALE_HOSTNAME
# - EMAIL_CONFIG and DEFAULT_FROM_EMAIL if you plan to send emails)
# On non-docker setup **only**, you'll also have to tweak/uncomment those variables:
# - DATABASE_URL
# - CACHE_URL
#
# You **don't** need to update those variables on pure docker setups.
#
# Additional options you may want to check:
# - MUSIC_DIRECTORY_PATH and MUSIC_DIRECTORY_SERVE_PATH if you plan to use
#   in-place import
#
# Docker only
# -----------

# The tag of the image we should use
# (it will be interpolated in docker-compose file)
# You can comment or ignore this if you're not using docker
FUNKWHALE_VERSION=1.1.4

# End of Docker-only configuration

# General configuration
# ---------------------

# Set this variables to bind the API server to another interface/port
# example: FUNKWHALE_API_IP=0.0.0.0
# example: FUNKWHALE_API_PORT=5678
FUNKWHALE_API_IP=0.0.0.0
FUNKWHALE_API_PORT=5000
# The number of web workers to start in parallel. Higher means you can handle
# more concurrent requests, but also leads to higher CPU/Memory usage
FUNKWHALE_WEB_WORKERS=4
# Replace this by the definitive, public domain you will use for
# your instance. It cannot be changed after initial deployment
# without breaking your instance.
FUNKWHALE_HOSTNAME=allnightlong.minnix.dev
FUNKWHALE_PROTOCOL=https

# Log level (debug, info, warning, error, critical)
LOGLEVEL=error

# Configure e-mail sending using this variale
# By default, funkwhale will output e-mails sent to stdout
# here are a few examples for this setting
# EMAIL_CONFIG=consolemail://         # output emails to console (the default)
# EMAIL_CONFIG=dummymail://          # disable email sending completely
# On a production instance, you'll usually want to use an external SMTP server:
# EMAIL_CONFIG=smtp://user@:password@youremail.host:25
# EMAIL_CONFIG=smtp+ssl://user@:password@youremail.host:465
# EMAIL_CONFIG=smtp+tls://"smtp+tls://myemail@:mypassword@mail.minnix.dev:587

# Make email verification mandatory before using the service
# Doesn't apply to admins.
# ACCOUNT_EMAIL_VERIFICATION_ENFORCE=false

# The email address to use to send system emails.
 DEFAULT_FROM_EMAIL=minnix@minnix.dev

# Depending on the reverse proxy used in front of your funkwhale instance,
# the API will use different kind of headers to serve audio files
# Allowed values: nginx, apache2
REVERSE_PROXY_TYPE=nginx

# API/Django configuration

# Database configuration
# Examples:
#  DATABASE_URL=postgresql://<user>:<password>@<host>:<port>/<database>
#  DATABASE_URL=postgresql://funkwhale:passw0rd@localhost:5432/funkwhale_database
# Use the next one if you followed Debian installation guide
# DATABASE_URL=postgresql://funkwhale@:5432/funkwhale

# Cache configuration
# Examples:
#  CACHE_URL=redis://<host>:<port>/<database>
#  CACHE_URL=redis://localhost:6379/0c
#  With a password:
#  CACHE_URL=redis://:password@localhost:6379/0
#  (the extra semicolon is important)
# Use the next one if you followed Debian installation guide
#
# CACHE_URL=redis://127.0.0.1:6379/0
#
# If you want to use Redis over unix sockets, you'll actually need two variables:
# For the cache part:
#  CACHE_URL=redis:///run/redis/redis.sock?db=0
# For the Celery/asynchronous tasks part:
#  CELERY_BROKER_URL=redis+socket:///run/redis/redis.sock?virtual_host=0

# Number of worker processes to execute. Defaults to 0, in which case it uses your number of CPUs
# Celery workers handle background tasks (such file imports or federation
# messaging). The more processes a worker gets, the more tasks
# can be processed in parallel. However, more processes also means
# a bigger memory footprint.
# CELERYD_CONCURRENCY=0

# Where media files (such as album covers or audio tracks) should be stored
# on your system?
# (Ensure this directory actually exists)
MEDIA_ROOT=/media/musico

# Where static files (such as API css or icons) should be compiled
# on your system?
# (Ensure this directory actually exists)
STATIC_ROOT=/srv/funkwhale/data/static

# which settings module should django use?
# You don't have to touch this unless you really know what you're doing
DJANGO_SETTINGS_MODULE=config.settings.production

# Generate one using "openssl rand -base64 45", for example
DJANGO_SECRET_KEY=<secretkey>

# You don't have to edit this, but you can put the admin on another URL if you
# want to
# DJANGO_ADMIN_URL=^api/admin/

# Sentry/Raven error reporting (server side)
# Enable Raven if you want to help improve funkwhale by
# automatically sending error reports our Sentry instance.
# This will help us detect and correct bugs
RAVEN_ENABLED=false
RAVEN_DSN=https://44332e9fdd3d42879c7d35bf8562c6a4:0062dc16a22b41679cd5765e5342f716@sentry.eliotberriot.com/5

# In-place import settings
# You can safely leave those settings uncommented if you don't plan to use
# in place imports.
# Typical docker setup:
#   MUSIC_DIRECTORY_PATH=/music  # docker-only
#   MUSIC_DIRECTORY_SERVE_PATH=/srv/funkwhale/data/music
# Typical non-docker setup:
#   MUSIC_DIRECTORY_PATH=/srv/funkwhale/data/music
#   # MUSIC_DIRECTORY_SERVE_PATH= # stays commented, not needed

MUSIC_DIRECTORY_PATH=/srv/funkwhale/data/music
MUSIC_DIRECTORY_SERVE_PATH=/srv/funkwhale/data/music

# LDAP settings
# Use the following options to allow authentication on your Funkwhale instance
# using a LDAP directory.
# Have a look at https://docs.funkwhale.audio/installation/ldap.html for
# detailed instructions.

# LDAP_ENABLED=False
# LDAP_SERVER_URI=ldap://your.server:389
# LDAP_BIND_DN=cn=admin,dc=domain,dc=com
# LDAP_BIND_PASSWORD=bindpassword
# LDAP_SEARCH_FILTER=(|(cn={0})(mail={0}))
# LDAP_START_TLS=False
# LDAP_ROOT_DN=dc=domain,dc=com

FUNKWHALE_FRONTEND_PATH=/srv/funkwhale/front/dist

# Nginx related configuration
NGINX_MAX_BODY_SIZE=100M

## External storages configuration
# Funkwhale can store uploaded files on Amazon S3 and S3-compatible storages (such as Minio)
# Uncomment and fill the variables below

AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
AWS_STORAGE_BUCKET_NAME=
# An optional bucket subdirectory were you want to store the files. This is especially useful
# if you plan to use share the bucket with other services
# AWS_LOCATION=

# If you use a S3-compatible storage such as minio, set the following variable
# the full URL to the storage server. Example:
#   AWS_S3_ENDPOINT_URL=https://minio.mydomain.com
# AWS_S3_ENDPOINT_URL=

# If you want to serve media directly from your S3 bucket rather than through a proxy,
# set this to true
# PROXY_MEDIA=false

# If you are using Amazon S3 to serve media directly, you will need to specify your region
# name in order to access files. Example:
#   AWS_S3_REGION_NAME=eu-west-2
# AWS_S3_REGION_NAME=

# If you are using Amazon S3, use this setting to configure how long generated URLs should stay
# valid. The default value is 3600 (60 minutes). The maximum accepted value is 604800 (7 days)

# AWS_QUERYSTRING_EXPIRE=

nginx config:

    # depending on your setup, you may want to update this
    server localhost:5000;
}
map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

server {
    listen 80;
    listen [::]:80;
    server_name allnightlong.minnix.dev;
    location / { return 301 https://$host$request_uri; }
}
server {
#    listen      443 ssl http2;
#    listen [::]:443 ssl http2;
#    server_name allnightlong.minnix.dev;

    # TLS
    ssl_protocols TLSv1.2;
    ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
#    ssl_certificate     /etc/letsencrypt/live/allnightlong.minnix.dev/fullchain.pem;
#    ssl_certificate_key /etc/letsencrypt/live/allnightlong.minnix.dev/privkey.pem;

    # HSTS
    add_header Strict-Transport-Security "max-age=31536000";

    # Security related headers

    # If you are using S3 to host your files, remember to add your S3 URL to the
    # media-src and img-src headers (e.g. img-src 'self' https://<your-S3-URL> data:)

    add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:";

    # compression settings
    gzip on;
    gzip_comp_level    5;
    gzip_min_length    256;
    gzip_proxied       any;
    gzip_vary          on;

    gzip_types
        application/javascript
        application/vnd.geo+json
        application/vnd.ms-fontobject
        application/x-font-ttf
        application/x-web-app-manifest+json
        font/opentype
        image/bmp
        image/svg+xml
        image/x-icon
        text/cache-manifest
        text/css
        text/plain
        text/vcard
        text/vnd.rim.location.xloc
        text/vtt
        text/x-component
        text/x-cross-domain-policy;

    location / {
        include /etc/nginx/funkwhale_proxy.conf;
        client_max_body_size 100M;
        proxy_pass   http://fw/;
    }
}

My reverse proxy is on its own server and SSL is terminated there.

Reverse proxy config:

        server_name allnightlong.minnix.dev;

        keepalive_timeout    70;
        sendfile             on;
        client_max_body_size 80m;

        location / {

            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header Proxy "";
            proxy_pass http://192.168.57.144:5000;
            }



    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/allnightlong.minnix.dev/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/allnightlong.minnix.dev/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot




}
server {
    if ($host = allnightlong.minnix.dev) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        server_name allnightlong.minnix.dev;
    listen 80;
    return 404; # managed by Certbot


}

"sudo docker-compose logs -f --tail=50 api" gives me

api_1           | [2021-12-22 06:48:03 +0000] [10] [INFO] Listening at: http://0.0.0.0:5000 (10)
api_1           | [2021-12-22 06:48:03 +0000] [10] [INFO] Using worker: uvicorn.workers.UvicornWorker
api_1           | [2021-12-22 06:48:03 +0000] [12] [INFO] Booting worker with pid: 12
api_1           | [2021-12-22 06:48:03 +0000] [13] [INFO] Booting worker with pid: 13
api_1           | [2021-12-22 06:48:04 +0000] [14] [INFO] Booting worker with pid: 14
api_1           | [2021-12-22 06:48:04 +0000] [15] [INFO] Booting worker with pid: 15
api_1           | [2021-12-22 06:48:05 +0000] [13] [INFO] Started server process [13]
api_1           | [2021-12-22 06:48:05 +0000] [13] [INFO] Waiting for application startup.
api_1           | [2021-12-22 06:48:05 +0000] [13] [INFO] ASGI 'lifespan' protocol appears unsupported.
api_1           | [2021-12-22 06:48:05 +0000] [13] [INFO] Application startup complete.
api_1           | [2021-12-22 06:48:05 +0000] [14] [INFO] Started server process [14]
api_1           | [2021-12-22 06:48:05 +0000] [14] [INFO] Waiting for application startup.
api_1           | [2021-12-22 06:48:05 +0000] [14] [INFO] ASGI 'lifespan' protocol appears unsupported.
api_1           | [2021-12-22 06:48:05 +0000] [14] [INFO] Application startup complete.
api_1           | [2021-12-22 06:48:05 +0000] [12] [INFO] Started server process [12]
api_1           | [2021-12-22 06:48:05 +0000] [12] [INFO] Waiting for application startup.
api_1           | [2021-12-22 06:48:05 +0000] [12] [INFO] ASGI 'lifespan' protocol appears unsupported.
api_1           | [2021-12-22 06:48:05 +0000] [12] [INFO] Application startup complete.
api_1           | [2021-12-22 06:48:05 +0000] [15] [INFO] Started server process [15]
api_1           | [2021-12-22 06:48:05 +0000] [15] [INFO] Waiting for application startup.
api_1           | [2021-12-22 06:48:05 +0000] [15] [INFO] ASGI 'lifespan' protocol appears unsupported.
api_1           | [2021-12-22 06:48:05 +0000] [15] [INFO] Application startup complete.
api_1           | + python /app/manage.py collectstatic --noinput
api_1           | 
api_1           | 0 static files copied to '/srv/funkwhale/data/static', 169 unmodified.
api_1           | + gunicorn config.asgi:application -w 4 -k uvicorn.workers.UvicornWorker -b 0.0.0.0:5000
api_1           | [2021-12-22 06:58:31 +0000] [12] [INFO] Starting gunicorn 20.0.4
api_1           | [2021-12-22 06:58:31 +0000] [12] [INFO] Listening at: http://0.0.0.0:5000 (12)
api_1           | [2021-12-22 06:58:31 +0000] [12] [INFO] Using worker: uvicorn.workers.UvicornWorker
api_1           | [2021-12-22 06:58:31 +0000] [14] [INFO] Booting worker with pid: 14
api_1           | [2021-12-22 06:58:31 +0000] [15] [INFO] Booting worker with pid: 15
api_1           | [2021-12-22 06:58:31 +0000] [16] [INFO] Booting worker with pid: 16
api_1           | [2021-12-22 06:58:31 +0000] [17] [INFO] Booting worker with pid: 17
api_1           | [2021-12-22 06:58:32 +0000] [15] [INFO] Started server process [15]
api_1           | [2021-12-22 06:58:32 +0000] [15] [INFO] Waiting for application startup.
api_1           | [2021-12-22 06:58:32 +0000] [15] [INFO] ASGI 'lifespan' protocol appears unsupported.
api_1           | [2021-12-22 06:58:32 +0000] [14] [INFO] Started server process [14]
api_1           | [2021-12-22 06:58:32 +0000] [14] [INFO] Waiting for application startup.
api_1           | [2021-12-22 06:58:32 +0000] [15] [INFO] Application startup complete.
api_1           | [2021-12-22 06:58:32 +0000] [14] [INFO] ASGI 'lifespan' protocol appears unsupported.
api_1           | [2021-12-22 06:58:32 +0000] [14] [INFO] Application startup complete.
api_1           | [2021-12-22 06:58:33 +0000] [16] [INFO] Started server process [16]
api_1           | [2021-12-22 06:58:33 +0000] [16] [INFO] Waiting for application startup.
api_1           | [2021-12-22 06:58:33 +0000] [16] [INFO] ASGI 'lifespan' protocol appears unsupported.
api_1           | [2021-12-22 06:58:33 +0000] [16] [INFO] Application startup complete.
api_1           | [2021-12-22 06:58:33 +0000] [17] [INFO] Started server process [17]
api_1           | [2021-12-22 06:58:33 +0000] [17] [INFO] Waiting for application startup.
api_1           | [2021-12-22 06:58:33 +0000] [17] [INFO] ASGI 'lifespan' protocol appears unsupported.
api_1           | [2021-12-22 06:58:33 +0000] [17] [INFO] Application startup complete.
api_1           | 2021-12-22 08:07:50,892 django.request WARNING  Not Found: /api/v1/listen/2440a17f-8d8f-4803-9200-8e040b721cab/

Importing my music via the web interface. When I look inside the music drive I can see my tracks in there and the tracks show up in the web interface. My instance is at allnightlong.minnix.dev. Any other info you need let me know

AMoonRabbit

Could you share your docker-compose file please?
Also, if you look at the browser console, what happens when trying to play a track?
Finally, if you right click and open in new tab on a album art that's missing, does it load http or https?

minnixtx

AMoonRabbit here is my docker-compose.yaml


services:
  postgres:
    restart: unless-stopped
    networks:
      - default
    env_file: .env
    environment:
      - "POSTGRES_HOST_AUTH_METHOD=trust"
    image: postgres:11
    volumes:
      - ./data/postgres:/var/lib/postgresql/data

  redis:
    restart: unless-stopped
    networks:
      - default
    env_file: .env
    image: redis:5
    volumes:
      - ./data/redis:/data

  celeryworker:
    restart: unless-stopped
    image: funkwhale/funkwhale:${FUNKWHALE_VERSION:-latest}
    networks:
      - default
    depends_on:
      - postgres
      - redis
    env_file: .env
    # Celery workers handle background tasks (such file imports or federation
    # messaging). The more processes a worker gets, the more tasks
    # can be processed in parallel. However, more processes also means
    # a bigger memory footprint.
    # By default, a worker will span a number of process equal to your number
    # of CPUs. You can adjust this, by explicitly setting the --concurrency
    # flag:
    #   celery -A funkwhale_api.taskapp worker -l INFO --concurrency=4
    command: celery -A funkwhale_api.taskapp worker -l INFO --concurrency=${CELERYD_CONCURRENCY-0}
    environment:
      - C_FORCE_ROOT=true
    volumes:
      - "${MUSIC_DIRECTORY_SERVE_PATH-/srv/funkwhale/data/music}:${MUSIC_DIRECTORY_PATH-/music}:ro"
      - "${MEDIA_ROOT}:${MEDIA_ROOT}"

  celerybeat:
    restart: unless-stopped
    image: funkwhale/funkwhale:${FUNKWHALE_VERSION:-latest}
    networks:
      - default
    depends_on:
      - postgres
      - redis
    env_file: .env
    command: celery -A funkwhale_api.taskapp beat --pidfile= -l INFO

  api:
    restart: unless-stopped
    image: funkwhale/funkwhale:${FUNKWHALE_VERSION:-latest}
    networks:
      - default
    depends_on:
      - postgres
      - redis
    env_file: .env
    volumes:
      - "${MUSIC_DIRECTORY_SERVE_PATH-/srv/funkwhale/data/music}:${MUSIC_DIRECTORY_PATH-/music}:ro"
      - "${MEDIA_ROOT}:${MEDIA_ROOT}"
      - "${STATIC_ROOT}:${STATIC_ROOT}"
      - "${FUNKWHALE_FRONTEND_PATH}:/frontend"
    ports:
      - "5000"

  nginx:
    restart: unless-stopped
    image: nginx
    networks:
      - default
    depends_on:
      - api
    env_file:
      - .env
    environment:
      # Override those variables in your .env file if needed
      - "NGINX_MAX_BODY_SIZE=${NGINX_MAX_BODY_SIZE-100M}"
    volumes:
      - "./nginx/funkwhale.template:/etc/nginx/conf.d/funkwhale.template:ro"
      - "./nginx/funkwhale_proxy.conf:/etc/nginx/funkwhale_proxy.conf:ro"
      - "${MUSIC_DIRECTORY_SERVE_PATH-/srv/funkwhale/data/music}:${MUSIC_DIRECTORY_PATH-/music}:ro"
      - "${MEDIA_ROOT}:${MEDIA_ROOT}:ro"
      - "${STATIC_ROOT}:${STATIC_ROOT}:ro"
      - "${FUNKWHALE_FRONTEND_PATH}:/frontend:ro"
    ports:
      # override those variables in your .env file if needed
      - "${FUNKWHALE_API_IP}:${FUNKWHALE_API_PORT}:80"
    command: >
        sh -c "envsubst \"`env | awk -F = '{printf \" $$%s\", $$1}'`\"
        < /etc/nginx/conf.d/funkwhale.template
        > /etc/nginx/conf.d/default.conf
        && cat /etc/nginx/conf.d/default.conf
        && nginx -g 'daemon off;'"

networks:
  default:

browser console:

WebExtensions: reset-default-search: has already ran once and saw panel, exit. api.js:210
BackgroundUpdate: _reasonsToNotScheduleUpdates: Failed to check for Maintenance Service Registry Key: [Exception... "Component returned failure code: 0x80004001 (NS_ERROR_NOT_IMPLEMENTED) [nsIUpdateProcessor.getServiceRegKeyExists]"  nsresult: "0x80004001 (NS_ERROR_NOT_IMPLEMENTED)"  location: "JS frame :: resource://gre/modules/BackgroundUpdate.jsm :: _reasonsToNotScheduleUpdates :: line 243"  data: no] BackgroundUpdate.jsm:245
The Web Console logging API (console.log, console.info, console.warn, console.error) has been disabled by a script on this page.
GETwss://allnightlong.minnix.dev/api/v1/activity?token=null
[HTTP/1.1 200 OK 69ms]

GETwss://allnightlong.minnix.dev/api/v1/activity?token=null
[HTTP/1.1 200 OK 73ms]

XHRGEThttps://allnightlong.minnix.dev/media/__sized__/attachments/95/8f/1f/attachment_cover-7f19946a-ceac-4c4c-af5b-f4560ecb56fb-crop-c0-5__0-5-200x200-95.jpg
[HTTP/2 403 Forbidden 8ms]

GEThttps://allnightlong.minnix.dev/media/__sized__/attachments/95/8f/1f/attachment_cover-7f19946a-ceac-4c4c-af5b-f4560ecb56fb-crop-c0-5__0-5-200x200-95.jpg
[HTTP/1.1 403 Forbidden 0ms]

XHRGEThttps://allnightlong.minnix.dev/media/__sized__/attachments/95/8f/1f/attachment_cover-7f19946a-ceac-4c4c-af5b-f4560ecb56fb-crop-c0-5__0-5-200x200-95.jpg
[HTTP/2 403 Forbidden 8ms]

GEThttps://allnightlong.minnix.dev/media/__sized__/attachments/95/8f/1f/attachment_cover-7f19946a-ceac-4c4c-af5b-f4560ecb56fb-crop-c0-5__0-5-200x200-95.jpg
[HTTP/1.1 403 Forbidden 0ms]

GEThttps://allnightlong.minnix.dev/api/v1/listen/1e5d0c3c-e359-466c-ab28-23290fc08b77/?upload=bbfb2c6f-67c9-487d-89bf-198d850eb832&token=eyJ1c2VyX2lkIjoxLCJ1c2VyX3NlY3JldCI6IjQ4MDNhMzBkLWExOWQtNGIxZC1iNWQ3LWRiNzliMTQ0ZDU0ZCIsInNjb3BlcyI6WyJyZWFkOmxpYnJhcmllcyJdfQ:1n07ap:UHi1tegNxEW3kVCAV_IzzUpg5fk
[HTTP/2 403 Forbidden 47ms]

GETwss://allnightlong.minnix.dev/api/v1/activity?token=null
[HTTP/1.1 200 OK 75ms]

GEThttps://nextcloud.minnix.dev/ocs/v2.php/apps/notifications/api/v2/notifications

GETwss://allnightlong.minnix.dev/api/v1/activity?token=null
[HTTP/1.1 200 OK 70ms]

XHRGEThttps://allnightlong.minnix.dev/media/__sized__/attachments/95/8f/1f/attachment_cover-7f19946a-ceac-4c4c-af5b-f4560ecb56fb-crop-c0-5__0-5-200x200-95.jpg
[HTTP/2 403 Forbidden 8ms]

GEThttps://allnightlong.minnix.dev/media/__sized__/attachments/95/8f/1f/attachment_cover-7f19946a-ceac-4c4c-af5b-f4560ecb56fb-crop-c0-5__0-5-200x200-95.jpg
[HTTP/1.1 403 Forbidden 0ms]

GEThttps://allnightlong.minnix.dev/api/v1/listen/c8db1331-c73f-459d-b66f-b3973a5d882b/?upload=da1af075-82bd-41ec-b809-caf399f7a79b&token=eyJ1c2VyX2lkIjoxLCJ1c2VyX3NlY3JldCI6IjQ4MDNhMzBkLWExOWQtNGIxZC1iNWQ3LWRiNzliMTQ0ZDU0ZCIsInNjb3BlcyI6WyJyZWFkOmxpYnJhcmllcyJdfQ:1n07ap:UHi1tegNxEW3kVCAV_IzzUpg5fk
[HTTP/2 403 Forbidden 45ms]

GETwss://allnightlong.minnix.dev/api/v1/activity?token=null
[HTTP/1.1 200 OK 70ms]

This is what I get if I right click to view the missing artwork image

"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7"

And if I click to open album in a new tab

"https://allnightlong.minnix.dev/library/albums/4/"

AMoonRabbit

Okay, I have a feeling that this may be certificate related. I compared your setup to mine again, and I note that you're using HTTPS but you nginx config has the ssl_certificate_key lines commented out, so the path to the certificate is not in use? You used certbot to generate the certificates or did you do it another way?

If you were to right click where the album art should be, but not on the broken image icon itself, it should try to take you to the url of the album art at least.

minnixtx

AMoonRabbit I commented that out because I am terminating SSL on my proxy server. I have about 10 different servers on my network so I need a proxy server to handle ssl (the router can only forward port 443 to one machine). My reverse proxy config on my proxy server is below:

        server_name allnightlong.minnix.dev;

        keepalive_timeout    70;
        sendfile             on;
        client_max_body_size 80m;

        location / {

            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header Proxy "";
            proxy_pass http://192.168.57.144:5000;
            }



    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/allnightlong.minnix.dev/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/allnightlong.minnix.dev/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot




}
server {
    if ($host = allnightlong.minnix.dev) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        server_name allnightlong.minnix.dev;
    listen 80;
    return 404; # managed by Certbot


}

I've attached sreenshots of both views[upl-image-preview url=https://forum.funkwhale.audio/assets/files/2021-12-22/1640212239-627232-screen-shot-2021-12-22-at-42934-pm.png]
[upl-image-preview url=https://forum.funkwhale.audio/assets/files/2021-12-22/1640212240-35790-screen-shot-2021-12-22-at-43003-pm.png]

AMoonRabbit

minnixtx http://192.168.57.144:5000

Do things look okay if you visit the server via IP instead or do you still get 403?

AMoonRabbit

Oh, apologies, you included it in the original information post. Okay, so SSL certs out of the way, to me, and you will have to forgive my lack of knowledge on nginx proxy configs, it looks like you're handing 443 off to the next config, but that's not listening to 443 as it's commented out? What if you uncommented the listen lines for 443, does that change anything? (hopefully it won't cause errors with nginx)

minnixtx

AMoonRabbit if I uncomment 443 so that I have:

server {
    listen      443 ssl http2;
    listen [::]:443 ssl http2;
    server_name allnightlong.minnix.dev;

then nginx -t gives me:

nginx: [emerg] no "ssl_certificate" is defined for the "listen ... ssl" directive in /etc/nginx/sites-enabled/funkwhale.conf:21
nginx: configuration file /etc/nginx/nginx.conf test failed

and nginx won't start

minnixtx

AMoonRabbit issue is resolved. too many nginx's . if your proxy server is on a separate machine than the host, you do not need to install nginx on the host machine since it's already installed via docker. just use the funkwhale proxy template on the proxy server for your sites-available and run certbot to get your certs.

minnixtx

I think the main problem is that in total 3 installations of nginx are running: 1 container and 1 native install on the funkwhale host, and 1 on the proxy server. I think I should only have the nginx container proxied by the proxy server and skip the native install on the funkwhale server

minnixtx

I can get to the web interface but get permission denied when trying to login if I go to the local ip

gcrk

minnixtx Sorry for the issues here, I am glad you got this solve. We really need to clean up the deployment here and its on my hidden todo-list. If you want to help in this area by providing your inputs, I'd really appreciate this! 🙂 Have nice holidays!

AMoonRabbit

minnixtx Funnily enough I was going to say about having too many in the chain of nginx but then doubted myself. Glad you got it sorted out.