There have been lots of problems with my GNUsocial instance, starting at the very beginning with Identi.ca and email@example.com (which rendered Identi.ca users unable to subscribe to me). I've learned a lot, but now I feel like I'm stuck between a rock and a hard place.
The golden rule
If there is any single rule to running a GNUsocial instance, it's this: DO NOT EVER CHANGE YOUR URI. All of OStatus is built on your GNUsocial profile URI, and if you change it, everything falls down like a house of cards.
For this reason, when I was able to implement HTTPS, I left it in mixed mode. My web server responded to both types of requests, and things were good. Sort of. More on that later.
Don't touch the database
Another key to keeping GNUsocial working is not messing with the database. I have seen half a dozen instances go down in flames because the database has become corrupt somehow. The last thing I want to do is to mess up the database.
Sometimes, people will request I make a change that requires me to run a command directly on the database, and I ignore them. GNUsocial and OStatus are a web of tables that I don't understand very well, so everyone is better off if I stay away from it.
I have broken this rule twice - and both times I've had multiple backups in place in case I needed to revert.
The reason this has all come undone is due to both GNUsocial and browsers enforcing higher security. Browsers don't allow mixed functionality like they used to, so the realtime plugin no longer works. The meteor server only talks HTTP (as far as I can tell), and I haven't had a chance to look at replacements.
GNUsocial has also removed the "Mixed" setting for HTTPS from its software in a recent update. You now have two choices: completely disable HTTPS, or force it everywhere. Because we have subscriptions registered in both plain HTTP and HTTPS, this causes a problem.
GNUsocial has created a catch-22: it no longer allows instances to respond to both HTTP and HTTPS addresses, but does not have the ability to correct bad OStatus URIs. GNUsocial broke it's own golden rule by changing URIs, and doesn't remove the need for the rule.
By updating to the latest stable branch, FragDev lost a feature it needed and is now broken. I haven't figured out a way of fixing this, and frankly, don't have the time to worry about it. I work three jobs, and babysitting bad software is not my idea of a good way to use my leisure time.
After that diatribe, where does that leave us?
Status of Micro.fragdev.com
- Subscriptions to FragDev users (except for users/subscriptions created after HTTPS was installed) are broken
- The realtime plugin is broken
- Older clients/platforms that don't recognize LetsEncrypt certs are broken
How can I fix it?
If you run an instance, and would like to fix subscriptions to FragDev users, you can run some queries to change the 'HTTP' to 'HTTPS' on those subscriptions. I wouldn't, if I were you. Manual changes like that could destroy your instance.
If you are a FragDev user with an old client or platform, you would have to accept LetsEncrypt as a certificate authority, and make sure HTTPS is enabled.
If you are a FragDev user who likes the web interface, well, you're out of luck for the time being. Realtime keeps you logged in, so you can refresh your timeline manually without having to re-type your password. Chimo has a nice alternative that I'm looking into.
What's the future of GNUsocial at FragDev
I'll keep running it as long as someone gets some use out of it, but the software itself seems to be slowly eating its own tail. I'm not sure if I can advocate it as a FLOSS social network anymore.
On a brighter note, there's every possibility that these types of issues could be addressed in future updates. We'll have to wait and see.
Tags: browsers server gnusocial
php ./scripts/uncache_users.php will purge the user cache. php ./scripts/updateurls.php will update group and user URLs.
Maiyannah Lysander – https://community.highlandarrow.com/maiyannah/all
I'll read this more thoroughly later, but the meteor thing is pretty easy to solve. I do it for stuff like prosody (to put all web tls configs on the webserver) which listens to porta like 5280,5281 all the time: reverse proxy All webservers support it and that means you can setup an aliased subdirectory or something that gets rewritten _and tunnelled through the webserver_. So meteor runs on localhost port whatever and gets a TLS layer of sorts provided by the httpd!
Mikael "MMN-o" Nordfeldth – https://social.umeahackerspace.se/mmn
Thanks for the kind words, Andrew. I don't have any plans to shut down micro.fragdev.com, and will continue running it unless: - GNUsocial start to require more resources than the VPS can provide, or - I'm the only active user If the first does occur, I'll make sure to provide plenty of notice. For now, it doesn't look like that is on the horizon. :)
Windigo – https://fragdev.com/
Thanks for all your efforts. I've very much appreciated being able to use fragdev and will be sad if it goes but could not blame you for a nanosecond if you shut it down. Sounds like a beast to maintain!
Andrew Conway – http://blog.mcnalu.net