Navigation

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Popular
    • Tags
    • Users
    • Groups
    1. Home
    2. Sfner
    • Profile
    • Following 0
    • Followers 0
    • Topics 2
    • Posts 8
    • Best 4
    • Groups 1

    Sfner

    @Sfner

    GNU/Linux

    4
    Reputation
    361
    Profile views
    8
    Posts
    0
    Followers
    0
    Following
    Joined Last Online
    Location Brazil Age 24

    Sfner Follow
    GNU/Linux

    Best posts made by Sfner

    • RE: v1.6.0 Suspected Nginx Problem

      Browser fails to display pages when I follow a link.

      Sounds like a Socket.IO misconfiguration.

      My nginx configuration is from the docs with SSL.

      I also had problems when I followed the docs. What I had to do was appending a definition the end of my config.json file:

      {
          "url": "https://mydomain.tld",
          "secret": "uuid4 string",
          [...]
          "socket.io": {
              "origins": "http://mydomain.tld:* https://mydomain.tld:*"
          }
      }
      

      That one tells to accept connections coming from that domain.

      If the problem persists, I also did some customizing my NGINX config:

      • /etc/nginx/sites-available/mydomain-tld-http.conf
      # redirect everything to HTTPS
      server {
             listen 80;
             listen [::]:80;
      
             server_name mydomain.tld *.mydomain.tld;
      
             include /etc/nginx/snippets/acme.conf;
      
             return 301 https://mydomain.tld$request_uri;
      }
      
      # remove all subdomains from HTTPS
      server {
             listen 443 ssl http2;
             listen [::]:443 ssl http2;
      
             server_name *.mydomain.tld;
      
             include /etc/nginx/snippets/tlsgzip.conf;
      
             return 301 https://mydomain.tld$request_uri;
      }
      
      # HTTPS forum
      server {
             listen 443 ssl http2;
             listen [::]:443 ssl http2;
      
             server_name mydomain.tld;
      
             root /var/www/html; #just a fallback
      
             location / {
                     proxy_set_header X-Real-IP $remote_addr;
                     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                     proxy_set_header X-Forwarded-Proto $scheme;
                     proxy_set_header Host $http_host;
                     proxy_set_header X-NginX-Proxy true;
      
                     proxy_pass http://127.0.0.1:4567;
                     proxy_redirect off;
      
                     # Socket.IO Support
                     proxy_http_version 1.1;
                     proxy_set_header Upgrade $http_upgrade;
                     proxy_set_header Connection "upgrade";
             }
             include /etc/nginx/snippets/tlsgzip.conf;
      }
      

      As seen, there are some includes:

      • /etc/nginx/snippets/acme.conf
      location ^~ /.well-known/acme-challenge/ {
              default_type "text/plain";
              root         /var/www/html;
      }
      location = /.well-known/acme-challenge/ {
              return 404;
      }
      

      This is just a snippet that makes EFF's CertBot configuration simpler.

      • /etc/nginx/snippets/tlsgzip.conf
      ssl on;
      ssl_certificate /etc/letsencrypt/live/mydomain.tld/fullchain.pem;
      ssl_certificate_key /etc/letsencrypt/live/mydomain.tld/privkey.pem;
      
      ssl_protocols TLSv1.2 TLSv1.1;
      ssl_prefer_server_ciphers on;
      ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-AES256-SHA256:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES128-SHA256:!DES-CBC3-SHA:!aNULL:!eNULL:!ADH:!EXP:!LOW:!DES:!MD5:!PSK:!SRP:!DSS:!RC4:!DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-CAMELLIA256-SHA:!DHE-RSA-AES128-SHA:!DHE-RSA-CAMELLIA128-SHA;
      
      ssl_session_cache shared:TLS:2m;
      
      ssl_stapling on;
      ssl_stapling_verify on;
      resolver 8.8.8.8 8.8.4.4 [2001:4860:4860::8888] [2001:4860:4860::8844];
      
      gzip on;
      gzip_comp_level 9;
      
      add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
      

      This snippet just adds TLS certificates and enables GZIP at maximum compression.

      About the SSL cyphers, that's a huge list I copied from an old tutorial and updated myself in order to keep an A+ grade at SSL Labs.

      Nodebb is running on Ubuntu 14.04

      I'm running it on a Ubuntu 16.04 VPS.

      posted in Technical Support
      Sfner
      Sfner
    • Is Single-Sign-On disassociation possible?

      SSOs are nice, but some users abandon or even deletes an account (let me say: Facebook account) to create a fresh one.

      The problem is that they can't disassociate from the old account to then reassociate into the new account by themselves, neither the admin can do such thing if not by deleting the database record via database shell.

      Is there somewhere I am missing in version 1.6.0 that can do what I want? If not, please move this to feature requests, as deleteUserData is already implemented on SSOs and it would be an additional button in the <Git root>/build/public/templates/account/edit.tpl template that reuses the same permission checking as for creating associations.

      posted in General Discussion
      Sfner
      Sfner
    • [nodebb-plugin-groups-autoassigncategory] A category for each group

      My problem

      Users wanted to be able to create their own groups; with a single toggle in the admin dashboard, the problem got temporarily solved.

      Then users wanted that each group had its own discussion space, a private category to host their topics that are in the grey zone between out of the general interest and out of the scope of the community. This plugin has been written for this scenario.

      What this plugin does

      For each group, a category is created and kept synced. The categories will share the same name, description, icon, background colour and background image, where the presence of an icon discards the background image. Deleting a group disables its associated category. The permissions of each category also are automatically managed.

      Installation

      npm install nodebb-plugin-groups-autoassigncategory

      posted in NodeBB Plugins
      Sfner
      Sfner
    • RE: Is Single-Sign-On disassociation possible?

      Nothing to disassociate inside "Edit":

      0_1506998780342_Screenshot_2017-10-02_23-45-53.png

      ...or "Settings":

      0_1506998853300_Screenshot_2017-10-02_23-44-52.png

      posted in General Discussion
      Sfner
      Sfner

    Latest posts made by Sfner

    • RE: NodeBB won't restart

      I've got the same problem a while ago. Deactivating the broken plug-ins isn't enough: you have to uninstall (npm un <package-name>) the right one from your installation.

      They usually show up in the logs from template building (node nodebb build) as errors or warns and in the dev console (node nodebb dev) as errors.

      Good luck!

      posted in Technical Support
      Sfner
      Sfner
    • [nodebb-plugin-groups-autoassigncategory] A category for each group

      My problem

      Users wanted to be able to create their own groups; with a single toggle in the admin dashboard, the problem got temporarily solved.

      Then users wanted that each group had its own discussion space, a private category to host their topics that are in the grey zone between out of the general interest and out of the scope of the community. This plugin has been written for this scenario.

      What this plugin does

      For each group, a category is created and kept synced. The categories will share the same name, description, icon, background colour and background image, where the presence of an icon discards the background image. Deleting a group disables its associated category. The permissions of each category also are automatically managed.

      Installation

      npm install nodebb-plugin-groups-autoassigncategory

      posted in NodeBB Plugins
      Sfner
      Sfner
    • RE: v1.6.0 Suspected Nginx Problem

      @unterm said in v1.6.0 Suspected Nginx Problem:

      If I bypass Nginx and access port 4567 directly in the browser, the forum displays correctly. This leads me to believe the problem is todo with Nginx.

      I simply skipped this. Sorry.

      Try adding the NGINX's stable PPA and then upgrading the packages from your system:

      posted in Technical Support
      Sfner
      Sfner
    • RE: v1.6.0 Suspected Nginx Problem

      As a last random shot, the tutorial instructs you installing the 6.x version of NodeJS, but I ignored that and installed the 8.x one.

      curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash -
      sudo apt-get install -y nodejs
      

      Installing Node.js via package manager

      (I did the same thing for MongoDB (installing the latest version, ignoring the installing instructions), but as the database is working for you, I wouldn't touch it for now)

      posted in Technical Support
      Sfner
      Sfner
    • RE: Is Single-Sign-On disassociation possible?

      Nothing to disassociate inside "Edit":

      0_1506998780342_Screenshot_2017-10-02_23-45-53.png

      ...or "Settings":

      0_1506998853300_Screenshot_2017-10-02_23-44-52.png

      posted in General Discussion
      Sfner
      Sfner
    • RE: Is Single-Sign-On disassociation possible?

      Sorry if I am an awful searcher, but I failed to find such mentioned disassociation option under "Settings", "Edit", "Account Info" and "Profile" in both this instance and in my installation (v1.6.0). Could you be more detailed on where I should have been looking at?

      posted in General Discussion
      Sfner
      Sfner
    • Is Single-Sign-On disassociation possible?

      SSOs are nice, but some users abandon or even deletes an account (let me say: Facebook account) to create a fresh one.

      The problem is that they can't disassociate from the old account to then reassociate into the new account by themselves, neither the admin can do such thing if not by deleting the database record via database shell.

      Is there somewhere I am missing in version 1.6.0 that can do what I want? If not, please move this to feature requests, as deleteUserData is already implemented on SSOs and it would be an additional button in the <Git root>/build/public/templates/account/edit.tpl template that reuses the same permission checking as for creating associations.

      posted in General Discussion
      Sfner
      Sfner
    • RE: v1.6.0 Suspected Nginx Problem

      Browser fails to display pages when I follow a link.

      Sounds like a Socket.IO misconfiguration.

      My nginx configuration is from the docs with SSL.

      I also had problems when I followed the docs. What I had to do was appending a definition the end of my config.json file:

      {
          "url": "https://mydomain.tld",
          "secret": "uuid4 string",
          [...]
          "socket.io": {
              "origins": "http://mydomain.tld:* https://mydomain.tld:*"
          }
      }
      

      That one tells to accept connections coming from that domain.

      If the problem persists, I also did some customizing my NGINX config:

      • /etc/nginx/sites-available/mydomain-tld-http.conf
      # redirect everything to HTTPS
      server {
             listen 80;
             listen [::]:80;
      
             server_name mydomain.tld *.mydomain.tld;
      
             include /etc/nginx/snippets/acme.conf;
      
             return 301 https://mydomain.tld$request_uri;
      }
      
      # remove all subdomains from HTTPS
      server {
             listen 443 ssl http2;
             listen [::]:443 ssl http2;
      
             server_name *.mydomain.tld;
      
             include /etc/nginx/snippets/tlsgzip.conf;
      
             return 301 https://mydomain.tld$request_uri;
      }
      
      # HTTPS forum
      server {
             listen 443 ssl http2;
             listen [::]:443 ssl http2;
      
             server_name mydomain.tld;
      
             root /var/www/html; #just a fallback
      
             location / {
                     proxy_set_header X-Real-IP $remote_addr;
                     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                     proxy_set_header X-Forwarded-Proto $scheme;
                     proxy_set_header Host $http_host;
                     proxy_set_header X-NginX-Proxy true;
      
                     proxy_pass http://127.0.0.1:4567;
                     proxy_redirect off;
      
                     # Socket.IO Support
                     proxy_http_version 1.1;
                     proxy_set_header Upgrade $http_upgrade;
                     proxy_set_header Connection "upgrade";
             }
             include /etc/nginx/snippets/tlsgzip.conf;
      }
      

      As seen, there are some includes:

      • /etc/nginx/snippets/acme.conf
      location ^~ /.well-known/acme-challenge/ {
              default_type "text/plain";
              root         /var/www/html;
      }
      location = /.well-known/acme-challenge/ {
              return 404;
      }
      

      This is just a snippet that makes EFF's CertBot configuration simpler.

      • /etc/nginx/snippets/tlsgzip.conf
      ssl on;
      ssl_certificate /etc/letsencrypt/live/mydomain.tld/fullchain.pem;
      ssl_certificate_key /etc/letsencrypt/live/mydomain.tld/privkey.pem;
      
      ssl_protocols TLSv1.2 TLSv1.1;
      ssl_prefer_server_ciphers on;
      ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-AES256-SHA256:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES128-SHA256:!DES-CBC3-SHA:!aNULL:!eNULL:!ADH:!EXP:!LOW:!DES:!MD5:!PSK:!SRP:!DSS:!RC4:!DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-CAMELLIA256-SHA:!DHE-RSA-AES128-SHA:!DHE-RSA-CAMELLIA128-SHA;
      
      ssl_session_cache shared:TLS:2m;
      
      ssl_stapling on;
      ssl_stapling_verify on;
      resolver 8.8.8.8 8.8.4.4 [2001:4860:4860::8888] [2001:4860:4860::8844];
      
      gzip on;
      gzip_comp_level 9;
      
      add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
      

      This snippet just adds TLS certificates and enables GZIP at maximum compression.

      About the SSL cyphers, that's a huge list I copied from an old tutorial and updated myself in order to keep an A+ grade at SSL Labs.

      Nodebb is running on Ubuntu 14.04

      I'm running it on a Ubuntu 16.04 VPS.

      posted in Technical Support
      Sfner
      Sfner