Isso Kommentare

[Pflegecraft]

Hallo, ich bin gerade dabei einen Bludit Blog zu hosten und möchte gerne mit Isso die Kommentare verwalten nun weiß ich leider nicht wie ich Isso mit Keyhelp richtig einstelle

Weiß jemand da vlt mehr?

Lieben Gruß und ein sturmfreies Wochenende
Pflegecraft


[Mod-Edit]
Thread nach Bedienung und Nutzung verschoben.

[Jolinar]

nun weiß ich leider nicht wie ich Isso mit Keyhelp richtig einstelle

Ich hab die Doku jetzt nur kurz überflogen, aber die Einrichtung unter KH sollte ziemlich simpel sein.
Wenn ich das richtig überblicke, läuft isso als Server und lauscht in der Standardkonfiguration auf Port 8080. Also richtest du für isso sinnvollerweise eine eigene Subdomain ein und gibst dieser ein paar zusätzliche Apache-Direktiven mit (ungetestet):

Code: Select all

<IfModule mod_proxy.c>
        ProxyPass /.well-known/acme-challenge !
</IfModule>

Alias /.well-known/acme-challenge /home/keyhelp/www/.well-known/acme-challenge

SSLProxyEngine On
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/

Schau mal, ob dir das weiterhilft.

[Pflegecraft]

Okay danke ich versuche es mal gebe dann bescheid wenn es läuft oder auch nicht

Lieben Gruß
Pflege

[24unix]

Das mit der Ausnahme für LE habe ich bei mir gar nicht.

Das ist die Konfig für Uptime Kuma (https://status.24unix.net/dashboard)

Code: Select all

ProxyPass / http://localhost:3001/
RewriteEngine on
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/?(.*) "ws://localhost:3001/$1" [P,L]

SSL klappt trotzdem.

Also ich denke, den oberen Teil kann man auch weglassen.

[24unix]

Hier noch mal ein Update, falls jemand über die Suche auf den Thread kommt.

Das:

Code: Select all

<IfModule mod_proxy.c>
        ProxyPass /.well-known/acme-challenge !
</IfModule>

Alias /.well-known/acme-challenge /home/keyhelp/www/.well-known/acme-challenge

ist nötig, wenn man die automatische Weiterleitung von http auf https aktiviert hat. Ist ja eigentlich auch logisch, hat mich trotzdem ne Weile beschäftigt.

[Pflegecraft]

Nun bekomme ich immerhin eine 500er Error meldung obwohl ich den Port offen habe in der Firewall und der Service laut Systemctl auch läuft.

[Jolinar]

Was sagen die Logfiles?

[Pflegecraft]

Welche logs brauchst du hier einmal die Error.log:

Code: Select all

[Thu Mar 17 18:07:01.995293 2022] [proxy_fcgi:error] [pid 22766:tid 140268563969792] [client 82.207.222.229:59889] AH01067: Failed to read FastCGI header
[Thu Mar 17 18:07:01.995373 2022] [proxy_fcgi:error] [pid 22766:tid 140268563969792] (104)Connection reset by peer: [client 82.207.222.229:59889] AH01075: Error dispatching request to :

[24unix]

Läuft es, wenn Du es auf Port 8080 aufrufst?

Edit:

Die Firewall (eh nur nen Paketfilter) brauchst Du dafür nicht aufmachen, wenn es einmal sauber läuft, der Proxy auf Port 80/443 übernimmt das ja.

Paketfilter sind zu 90% eh unsinnig. Ausnahme Sachen wie fail2ban.

[Pflegecraft]

Nein bekomme jeweils bei https://isso.pflegecraft.de als auch bei https://isso.pflegecraft.de/admin eine 500er Meldung.

[24unix]

Nein bekomme jeweils bei https://isso.pflegecraft.de als auch bei https://isso.pflegecraft.de/admin eine 500er Meldung.

Dann brauchen wir die Logs von diesem isso.

Habe da mit noch nie gearbeitet, aber 500er sind immer Serverfehler.

Die sollten übrigens unterschiedlich sein, einmal, dass der proxy das backend nicht erreicht oder es in ein timeout läuft, und einmal das eigentliche Problem ((8080).

Sind sie identisch ist das Problem im frontend (der Proxy Config) zu suchen.

Edit: Ich kann die Domain von hier nicht auflösen. DNS Problem?

[Jolinar]

aber 500er sind immer Serverfehler.

Korrekt, da 5xx Error auf Serverfehler hinweisen, wäre deine Proxy-Config und auch deine isso.cfg tatsächlich mal interessant.

Edit: Ich kann die Domain von hier nicht auflösen. DNS Problem?

dig gibt für pflegecraft.de und isso.pflegecraft.de jeweils einen gültigen A-RR zurück.

[24unix]

dig gibt für pflegecraft.de und isso.pflegecraft.de jeweils einen gültigen A-RR zurück.

Bei mir jetzt auch, sorry, für die Verwirrung, ich bin noch dabei mein LAN neu zu regeln.

[Pflegecraft]

Hier meine Isso.conf

Code: Select all

# Isso configuration file
# vim: set filetype=ini

[general]

# file location to the SQLite3 database, highly recommended to change this
# location to a non-temporary location!
dbpath = /home/isso/comments.db

# required to dispatch multiple websites, not used otherwise.
name =

# Your website(s). If Isso is unable to connect to at least one site, you'll
# get a warning during startup and comments are most likely non-functional.
#
# You'll need at least one host/website to run Isso. This is due to security
# reasons: Isso uses CORS_ to embed comments and to restrict comments only to
# your website, you have to "whitelist" your website(s).
#
# I recommend the first value to be a non-SSL website that is used as fallback
# if Firefox users (and only those) supress their HTTP referer completely:
#
# host =
#     http://example.tld/
#     https://example.tld/
#
host = https://pflegecraft.de

# time range that allows users to edit/remove their own comments.
# It supports years, weeks, days, hours, minutes, seconds.
# 3h45m12s equals to 3 hours, 45 minutes and 12 seconds.
max-age = 15m

# Select notification backend for new comments. Currently, only SMTP is
# available.
# Select notification backend(s) for new comments, separated by comma.
# Available backends:
#
# stdout
#     Log to standard output. Default, if none selected.
# smtp
#     Send notifications via SMTP on new comments with activation (if
#     moderated) and deletion links.
notify = stdout

# Allow users to request E-mail notifications for replies to their post.
# WARNING: It is highly recommended to also turn on moderation when enabling
# this setting, as Isso can otherwise be easily exploited for sending spam.
reply-notifications=false

# Log console messages to file instead of standard output.
log-file =

# adds property "gravatar_image" to json response when true
# will automatically build md5 hash by email and use "gravatar_url" to build
# the url to the gravatar image
gravatar = false

# default url for gravatar. {} is where the hash will be placed
gravatar-url = https://www.gravatar.com/avatar/{}?d=identicon

# enable the "/latest" endpoint, that serves comment for multiple posts (not 
# needing to previously know the posts URIs)
latest-enabled = false

[admin]
enabled = true

# Admin access password
password = XXX

[moderation]
# enable comment moderation queue. This option only affects new comments.
# Comments in modertion queue are not visible to other users until you activate
# them.
enabled = false

# with moderation enabled, automatically approve new comments by an
# author if they've had comments approved within the last 6 months
# Note: No verification is done on the email addresses entered by commenters.
# This means that if someone is able to guess correctly the email address used
# by a previously approved author, they will be able to have their new comment
# auto-approved. For this reason, we recommend that you also activate SMTP
# notification if you activate this option, so that you will see
# auto-approved comments as they get posted.
approve-if-email-previously-approved = false

# remove unprocessed comments in moderation queue after given time.
purge-after = 30d


[server]
# interface to listen on. Isso supports TCP/IP and unix domain sockets: UNIX
# domain socket listen = unix:///tmp/isso.sock TCP/IP listen =
# http:///localhost:1234/
#
# When gevent is available, it is automatically used for http:// Currently,
# gevent can not handle http requests on unix domain socket (see #295 and #299
# for details).  Does not apply for uWSGI.
listen = http://localhost:8080

# public URL that Isso is accessed from by end users. Should always be a
# http:// or https:// absolute address. If left blank, automatic detection is
# attempted.
public-endpoint = http://isso.pflegecraft.de

# reload application, when the source code has changed. Useful for development.
# Only works with the internal webserver.
reload = off

# show 10 most time consuming function in Isso after each request. Do not use
# in production.
profile = off

# an optional list of reverse proxies IPs behind which you have deployed
# your Isso web service (e.g. `127.0.0.1`).
# This allow for proper remote address resolution based on a
# `X-Forwarded-For` HTTP header, which is important for the mechanism
# forbiding several comment votes coming from the same subnet.
trusted-proxies =

# Override Set-Cookie header SameSite value.
# Needed for setups where isso is not hosted on the same domain, e.g. called
# from example.org and hosted under comments.example.org.
# By default, isso will set SameSite=None when served over https and
# SameSite=Lax when served over http.
# See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
# and https://github.com/posativ/isso/issues/682
# Accepted values: None, Lax, Strict
samesite =


[smtp]
# Isso can notify you on new comments via SMTP. In the email notification, you
# also can moderate (=activate or delete) comments.

# self-explanatory, optional
username =

# self-explanatory (yes, plain text, create a dedicated account for
# notifications), optional.
password =

# SMTP server
host = localhost

# SMTP port
port = 587

# use a secure connection to the server, possible values: none, starttls or
# ssl. Note, that there is no easy way for Python 2.7 and 3.3 to implement
# certification validation and thus the connection is vulnerable to
# Man-in-the-Middle attacks. You should definitely use a dedicated SMTP account
# for Isso in that case.
security = starttls

# recipient address, e.g. your email address
to =

# sender address, e.g. "Foo Bar" <isso@example.tld>
from =

# specify a timeout in seconds for blocking operations like the
# connection attempt.
timeout = 10


[guard]
# Enable basic spam protection features, e.g. rate-limit per IP address (/24
# for IPv4, /48 for IPv6).

# enable guard, recommended in production. Not useful for debugging purposes.
enabled = true

# limit to N new comments per minute.
ratelimit = 2

# how many comments directly to the thread (prevent a simple while true; do
# curl ...; done.
direct-reply = 3

# allow commenters to reply to their own comments when they could still edit
# the comment. After the editing timeframe is gone, commenters can reply to
# their own comments anyways. Do not forget to configure the client.
reply-to-self = false

# force commenters to enter a value into the author field. No validation is
# performed on the provided value.  Do not forget to configure the client
# accordingly.
require-author = false

# require the commenter to enter an email address (note: no validation is
# done on the provided address). Do not forget to configure the client.
require-email = false


[markup]
# Customize markup and sanitized HTML. Currently, only Markdown (via Misaka) is
# supported, but new languages are relatively easy to add.

# Misaka-specific Markdown extensions, all extensions can be used here,
# separated by comma, either by their name or by EXT_<extension>.
# Careful: Misaka 1.0 used "snake_case", but 2.0 needs "dashed-case"!
options = strikethrough, superscript, autolink, fenced-code

# Misaka-specific HTML rendering flags, all html rendering flags can be used
# here, separated by comma, either by their name or as HTML_<flag>.
# Per Misaka's defaults, no flags are set.
flags =

# Additional HTML tags to allow in the generated output, comma-separated. By
# default, only a, blockquote, br, code, del, em, h1, h2, h3, h4, h5, h6, hr,
# ins, li, ol, p, pre, strong, table, tbody, td, th, thead and ul are allowed.
allowed-elements =

# Additional HTML attributes (independent from elements) to allow in the
# generated output, comma-separated. By default, only align and href are
# allowed.
allowed-attributes =


[hash]
# Customize used hash functions to hide the actual email addresses from
# commenters but still be able to generate an identicon.


# A salt is used to protect against rainbow tables. Isso does not make use of
# pepper (yet). The default value has been in use since the release of Isso and
# generates the same identicons for same addresses across installations.
salt = Eech7co8Ohloopo9Ol6baimi

# Hash algorithm to use -- either from Python's hashlib or PBKDF2 (a
# computational expensive hash function).
#
# The actual identifier for PBKDF2 is pbkdf2:1000:6:sha1, which means 1000
# iterations, 6 bytes to generate and SHA1 as pseudo-random family used for key
# strengthening. Arguments have to be in that order, but can be reduced to
# pbkdf2:4096 for example to override the iterations only.
algorithm = pbkdf2


[rss]
# Provide an Atom feed for each comment thread for users to subscribe to.

# The base URL of pages is needed to build the Atom feed. By appending
# the URI, we should get the complete URL to use to access the page
# with the comments. When empty, Atom feeds are disabled.
base =

# Limit the number of elements to return for each thread.
limit = 100

[Pflegecraft]

und wegen dem Zeichenlimit hier nochmal meine Isso.log

Code: Select all

unable to connect to SMTP server
Traceback (most recent call last):
  File "/home/isso/.local/lib/python3.6/site-packages/isso/__init__.py", line 270, in main
    from gevent.pywsgi import WSGIServer
ModuleNotFoundError: No module named 'gevent'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/isso/.local/lib/python3.6/site-packages/isso/ext/notifications.py", line 65, in __init__
    with SMTPConnection(self.conf):
  File "/home/isso/.local/lib/python3.6/site-packages/isso/ext/notifications.py", line 40, in __enter__
    self.client.starttls(context=ssl.create_default_context())
  File "/usr/lib/python3.6/smtplib.py", line 749, in starttls
    self.ehlo_or_helo_if_needed()
  File "/usr/lib/python3.6/smtplib.py", line 600, in ehlo_or_helo_if_needed
    if not (200 <= self.ehlo()[0] <= 299):
  File "/usr/lib/python3.6/smtplib.py", line 440, in ehlo
    self.putcmd(self.ehlo_msg, name or self.local_hostname)
  File "/usr/lib/python3.6/smtplib.py", line 367, in putcmd
    self.send(str)
  File "/usr/lib/python3.6/smtplib.py", line 359, in send
    raise SMTPServerDisconnected('please run connect() first')
smtplib.SMTPServerDisconnected: please run connect() first
connected to https://pflegecraft.de
unable to connect to SMTP server
Traceback (most recent call last):
  File "/home/isso/.local/lib/python3.6/site-packages/isso/__init__.py", line 270, in main
    from gevent.pywsgi import WSGIServer
ModuleNotFoundError: No module named 'gevent'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/isso/.local/lib/python3.6/site-packages/isso/ext/notifications.py", line 65, in __init__
    with SMTPConnection(self.conf):
  File "/home/isso/.local/lib/python3.6/site-packages/isso/ext/notifications.py", line 40, in __enter__
    self.client.starttls(context=ssl.create_default_context())
  File "/usr/lib/python3.6/smtplib.py", line 749, in starttls
    self.ehlo_or_helo_if_needed()
  File "/usr/lib/python3.6/smtplib.py", line 600, in ehlo_or_helo_if_needed
    if not (200 <= self.ehlo()[0] <= 299):
  File "/usr/lib/python3.6/smtplib.py", line 440, in ehlo
    self.putcmd(self.ehlo_msg, name or self.local_hostname)
  File "/usr/lib/python3.6/smtplib.py", line 367, in putcmd
    self.send(str)
  File "/usr/lib/python3.6/smtplib.py", line 359, in send
    raise SMTPServerDisconnected('please run connect() first')
smtplib.SMTPServerDisconnected: please run connect() first
connected to https://pflegecraft.de

Ich möchte das mit dem SMTP nicht nutzen deshalb wohl die Fehlermeldung denke ich.