Comment configurer gemserv?

feng · February 28, 2022, 4:49pm

Mon serveur YunoHost

Matériel: Raspberry Pi 2 à la maison
Version de YunoHost: 4.3.6.2 (stable)
J’ai accès à mon serveur : En SSH | Par la webadmin
Êtes-vous dans un contexte particulier ou avez-vous effectué des modifications particulières sur votre instance ? : oui
Si oui, expliquer:

L’ordi (Raspberry Pi 2) se trouve derrière une Livebox 2 dans une zone DMZ. J’ai augmenté la mémoire d’échange (swap) de celui-ci pour faciliter l’installation du serveur gemini (l’application gemserv disponible dans le catalogue officiel de YunoHost). Si j’ai bien compris, la Livebox devrait laisser ouvert tous les ports. Donc, j’ai bien veillé à n’ouvrir que les ports importants, dans le pare-feu du système d’exploitation (le système YunoHost).

Description du problème

J’aurais voulu installer un serveur Gemini sur mon instance YunoHost. Je n’ai pas de connaissance particulière en administration.

L’installation de gemserv semble s’être déroulée sans problème apparent. Il reste à finaliser la configuration mais je ne vois pas comment procéder. D’autant plus que YunoHost détecte également un problème de redirection de ports.

Redirection des ports (diagnostics)

Le port 1965 n’est pas accessible de l’extérieur.

Rendre ce port accessible est nécessaire pour les fonctionnalités de type [?] (service gemserv)
Pour résoudre ce problème, vous devez probablement configurer la redirection de port sur votre routeur Internet comme décrit dans Configure port-forwarding | Yunohost Documentation

Et pourtant, le port 1965 est « ouvert » dans la Livebox 2 (règle NAT/PAT) en UDP/TCP (redirections sûrement inutiles) et dans le pare-feu de l’instance YunoHost (zone DMZ en UDP/TCP).

Édition

Cette redirection du port 1965 (TCP) était véritablement insensée puisque l’instance YunoHost se trouvait dans une DMZ. En fait, le port était probablement fermé à cause d’une défaillance du processus gemserv (voir post n°3).

Journaux systèmes

LOGFILE: journalctl
-- Logs begin at Mon 2022-02-28 14:04:06 GMT, end at Mon 2022-02-28 16:26:42 GMT. --
Feb 28 16:03:52 systemd[1]: Started gemserv.
Feb 28 16:03:53 systemd[1]: gemserv.service: Main process exited, code=exited, status=101/n/a
Feb 28 16:03:53 systemd[1]: gemserv.service: Failed with result 'exit-code'.
Feb 28 16:03:58 systemd[1]: gemserv.service: Service RestartSec=5s expired, scheduling restart.
Feb 28 16:03:58 systemd[1]: gemserv.service: Scheduled restart job, restart counter is at 735.
Feb 28 16:03:58 systemd[1]: Stopped gemserv.
Feb 28 16:03:58 systemd[1]: Starting gemserv...
Feb 28 16:03:58 systemd[1]: Started gemserv.
Feb 28 16:03:58 systemd[1]: gemserv.service: Main process exited, code=exited, status=101/n/a
Feb 28 16:03:58 systemd[1]: gemserv.service: Failed with result 'exit-code'.
Feb 28 16:04:03 systemd[1]: gemserv.service: Service RestartSec=5s expired, scheduling restart.
Feb 28 16:04:03 systemd[1]: gemserv.service: Scheduled restart job, restart counter is at 736.
Feb 28 16:04:03 systemd[1]: Stopped gemserv.
Feb 28 16:04:03 systemd[1]: Starting gemserv...
Feb 28 16:04:04 systemd[1]: Started gemserv.
Feb 28 16:04:04 systemd[1]: gemserv.service: Main process exited, code=exited, status=101/n/a
Feb 28 16:04:04 systemd[1]: gemserv.service: Failed with result 'exit-code'.
Feb 28 16:04:09 systemd[1]: gemserv.service: Service RestartSec=5s expired, scheduling restart.
Feb 28 16:04:09 systemd[1]: gemserv.service: Scheduled restart job, restart counter is at 737.
Feb 28 16:04:09 systemd[1]: Stopped gemserv.
Feb 28 16:04:09 systemd[1]: Starting gemserv...
Feb 28 16:04:10 systemd[1]: Started gemserv.
Feb 28 16:04:10 systemd[1]: gemserv.service: Main process exited, code=exited, status=101/n/a
Feb 28 16:04:10 systemd[1]: gemserv.service: Failed with result 'exit-code'.
Feb 28 16:04:15 systemd[1]: gemserv.service: Service RestartSec=5s expired, scheduling restart.
Feb 28 16:04:15 systemd[1]: gemserv.service: Scheduled restart job, restart counter is at 738.
Feb 28 16:04:15 systemd[1]: Stopped gemserv.
Feb 28 16:04:15 systemd[1]: Starting gemserv...
Feb 28 16:04:15 systemd[1]: Started gemserv.
Feb 28 16:04:16 systemd[1]: gemserv.service: Main process exited, code=exited, status=101/n/a
Feb 28 16:04:16 systemd[1]: gemserv.service: Failed with result 'exit-code'.
Feb 28 16:04:21 systemd[1]: gemserv.service: Service RestartSec=5s expired, scheduling restart.
Feb 28 16:04:21 systemd[1]: gemserv.service: Scheduled restart job, restart counter is at 739.
Feb 28 16:04:21 systemd[1]: Stopped gemserv.
Feb 28 16:04:21 systemd[1]: Starting gemserv...
Feb 28 16:04:21 systemd[1]: Started gemserv.
Feb 28 16:04:21 systemd[1]: gemserv.service: Main process exited, code=exited, status=101/n/a
Feb 28 16:04:21 systemd[1]: gemserv.service: Failed with result 'exit-code'.
Feb 28 16:04:26 systemd[1]: gemserv.service: Service RestartSec=5s expired, scheduling restart.
Feb 28 16:04:26 systemd[1]: gemserv.service: Scheduled restart job, restart counter is at 740.
Feb 28 16:04:26 systemd[1]: Stopped gemserv.
Feb 28 16:04:26 systemd[1]: Starting gemserv...
Feb 28 16:04:27 systemd[1]: Started gemserv.
Feb 28 16:04:27 systemd[1]: gemserv.service: Main process exited, code=exited, status=101/n/a
Feb 28 16:04:27 systemd[1]: gemserv.service: Failed with result 'exit-code'.
Feb 28 16:04:29 systemd[1]: Stopped gemserv.
Feb 28 16:26:42 systemd[1]: Starting gemserv...
Feb 28 16:26:42 systemd[1]: Started gemserv.
Feb 28 16:26:42 systemd[1]: gemserv.service: Main process exited, code=exited, status=101/n/a
Feb 28 16:26:42 systemd[1]: gemserv.service: Failed with result 'exit-code'.

LOGFILE: /var/log/gemserv/gemserv.log
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Os { code: 2, kind: NotFound, message: "No such file or directory" }', src/config.rs:70:46
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
chown: changing ownership of '/etc/gemserv/config.d/server.toml': Read-only file system
chown: changing ownership of '/etc/gemserv/config.d': Read-only file system
chown: changing ownership of '/etc/gemserv/': Read-only file system
/bin/bash: /etc/gemserv/config.toml: Read-only file system
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Os { code: 2, kind: NotFound, message: "No such file or directory" }', src/config.rs:70:46
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
chown: changing ownership of '/etc/gemserv/config.d/server.toml': Read-only file system
chown: changing ownership of '/etc/gemserv/config.d': Read-only file system
chown: changing ownership of '/etc/gemserv/': Read-only file system
/bin/bash: /etc/gemserv/config.toml: Read-only file system
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Os { code: 2, kind: NotFound, message: "No such file or directory" }', src/config.rs:70:46
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
chown: changing ownership of '/etc/gemserv/config.d/server.toml': Read-only file system
chown: changing ownership of '/etc/gemserv/config.d': Read-only file system
chown: changing ownership of '/etc/gemserv/': Read-only file system
/bin/bash: /etc/gemserv/config.toml: Read-only file system
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Os { code: 2, kind: NotFound, message: "No such file or directory" }', src/config.rs:70:46
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
chown: changing ownership of '/etc/gemserv/config.d/server.toml': Read-only file system
chown: changing ownership of '/etc/gemserv/config.d': Read-only file system
chown: changing ownership of '/etc/gemserv/': Read-only file system
/bin/bash: /etc/gemserv/config.toml: Read-only file system
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Os { code: 2, kind: NotFound, message: "No such file or directory" }', src/config.rs:70:46
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
chown: changing ownership of '/etc/gemserv/config.d/server.toml': Read-only file system
chown: changing ownership of '/etc/gemserv/config.d': Read-only file system
chown: changing ownership of '/etc/gemserv/': Read-only file system
/bin/bash: /etc/gemserv/config.toml: Read-only file system
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Os { code: 2, kind: NotFound, message: "No such file or directory" }', src/config.rs:70:46
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
chown: changing ownership of '/etc/gemserv/config.d/server.toml': Read-only file system
chown: changing ownership of '/etc/gemserv/config.d': Read-only file system
chown: changing ownership of '/etc/gemserv/': Read-only file system
/bin/bash: /etc/gemserv/config.toml: Read-only file system
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Os { code: 2, kind: NotFound, message: "No such file or directory" }', src/config.rs:70:46
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
chown: changing ownership of '/etc/gemserv/config.d/server.toml': Read-only file system
chown: changing ownership of '/etc/gemserv/config.d': Read-only file system
chown: changing ownership of '/etc/gemserv/': Read-only file system
/bin/bash: /etc/gemserv/config.toml: Read-only file system
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Os { code: 2, kind: NotFound, message: "No such file or directory" }', src/config.rs:70:46
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
chown: changing ownership of '/etc/gemserv/config.d/server.toml': Read-only file system
chown: changing ownership of '/etc/gemserv/config.d': Read-only file system
chown: changing ownership of '/etc/gemserv/': Read-only file system
/bin/bash: /etc/gemserv/config.toml: Read-only file system
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Os { code: 2, kind: NotFound, message: "No such file or directory" }', src/config.rs:70:46
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Fichier de configuration : /etc/gemserv/config.d/server.toml

port = 1965
# use "::" for ipv6 and ipv4 or "0.0.0.0" for ipv4 only
host = "::"
# log is optional and server wide. It defaults to info if not set. Other levels
# are error, warn, and info. If error is set it will only show error. If warn
# is set it will show error and warn. Info shows all three.
log = "info"

[[server]]
hostname = "domain.tld"
dir = "/path/to/serv/"
key = "/etc/yunohost/certs/domain.tld/key.pem"
cert = "/etc/yunohost/certs/domain.tld/crt.pem"

Dans la configuration, je ne parviens pas à déterminer à quoi correspond le paramètre dir = /path/to/serv.

Le système de fichier racine est monté en lecture/écriture (rw). D’ailleurs, je parviens à modifier le fichier /etc/gemserv/config.d/server.toml en ligne de commande.

Remarque : L’instance YunoHost est toute récente.

Un petit coup de main serait vraiment bienvenu !

feng · February 28, 2022, 6:42pm

L’extrait suivant indique peut-être l’existence d’un bogue dans le logiciel, non ?

thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Os { code: 2, kind: NotFound, message: "No such file or directory" }', src/config.rs:70:46

Édition

Il se pourrait que l’erreur ne soit pas traitée par le source du programme, afin éventuellement, d’être résolue par l’utilisateur au moment de l’exécution du processus.

feng · March 1, 2022, 9:08am

Le port 1965 était probablement fermé sur le serveur à cause de la défaillance du processus gemserv.

Le fichier /etc/systemd/system/gemserv.service semble erroné.

--- a/gemserv.service   2022-03-01 08:31:13.765526602 +0000
+++ b/gemserv.service   2022-03-01 08:30:46.435409736 +0000
@@ -7,8 +7,8 @@
 User=gemserv
 Group=gemserv
 WorkingDirectory=/opt/yunohost/gemserv/
-ExecStartPre=-/bin/bash -c 'chown -R gemserv:gemserv /etc/gemserv/'
-ExecStartPre=-/bin/bash -c 'cat /etc/gemserv/config.d/*.toml > /etc/gemserv/config.toml'
+#ExecStartPre=-/bin/bash -c 'chown -R gemserv:gemserv /etc/gemserv/'
+#ExecStartPre=-/bin/bash -c 'cat /etc/gemserv/config.d/*.toml > /etc/gemserv/config.toml'
 ExecStart=/opt/yunohost/gemserv/live/gemserv /etc/gemserv/config.toml
 StandardOutput=append:/var/log/gemserv/gemserv.log
 StandardError=inherit

Après avoir appliqué mon correctif (patch), puis créé le fichier /etc/gemserv/config.toml auparavant inexistant (avec comme propriétaire et groupe propriétaire gemserv) , le serveur gemserv parvient à démarrer sans erreur.

Au niveau de la configuration, le paramètre dir = /path/to/serv/ correspond au répertoire où l’on place les fichiers au format gemini. Par défaut, le serveur recherche le fichier index.gemini dans ce répertoire. Voici un exemple de configuration (fichier de configuration officiel) :

> /etc/gemserv/config.toml

port = 1965
# use "::" for ipv6 and ipv4 or "0.0.0.0" for ipv4 only
host = "::"
# log is optional and server wide. It defaults to info if not set. Other levels
# are error, warn, and info. If error is set it will only show error. If warn
# is set it will show error and warn. Info shows all three.
log = "info"

[[server]]
hostname = "example.com"
dir = "/opt/yunohost/gemserv/gemini/"
key = "/etc/yunohost/certs/example.com/key.pem"
cert = "/etc/yunohost/certs/example.com/crt.pem"

Dans la configuration originale, l’application a été installé dans le répertoire /opt/yunohost/gemserv/. J’ai ensuite créé le sous-répertoire gemini par convenance, puis placé un fichier index.gemini que j’ai récupéré dans le dépôt de code de l’application my_capsule afin de pouvoir visualiser une page dans un client gemini.

Édition

On peut ajouter le paramètre index = "index.gmi" dans le fichier de configuration pour que le serveur affiche aussi les fichiers en .gmi

> index.gemini

# Custom Gemini capsule
# It works!
Congratulation, you have just installed your Custom Gemini capsule.

## Edit this site
First way to edit this site is by putting your files in __FINALPATH__/www using SSH/SCP.

Alternatively you can achieve the same thing using SFTP. To do so, you can use a client application such as
=> https://filezilla-project.org/download.php?type=client Filezilla

Here are the SFTP connection details:
Domain :
* __DOMAIN__
Port :
* 22 (or the port you defined if you changed the ssh port)
User :
* __APP__
Password :
* the one you set at installation

Conclusion

Cela n’a pas été évident parce que la documentation manque de clarté : il a fallu deviner en faisant des tests. De plus, le fichier /etc/systemd/system/gemserv.service est erroné ce qui provoque un dysfonctionnement lors du démarrage du service gemserv.

feng · March 5, 2022, 11:47am

Une analyse approfondie révèle que c’est la directive systemd ProtectSystem=full qui déclenche le problème.

ProtectSystem=

Takes a boolean argument or the special values "full " or "strict ". If true, mounts the /usr/ and the boot loader directories (/boot and /efi ) read-only for processes invoked by this unit. If set to "full ", the /etc/ directory is mounted read-only, too.

Donc, les deux directives ExecStartPre ne sont pas applicables : le serveur gemserv ne peut pas démarrer parce que le fichier de configuration /etc/gemserv/config.toml n’existe pas initialement.

system · March 20, 2022, 11:48am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.