Conversation

Notices

1. Embed this notice
   rick (rick@a.n0id.space)'s status on Sunday, 17-Sep-2023 18:17:21 JST rick
   Sometimes nginx is rly strange.. i've set in every server directive a listen and a server_name setting.. why am i routed to the wrong vhost :blobcatnotlike:
   
   for n0id.space i'm always ending up on my akko instance.. via https.. via http it works fine :baa:
   • Embed this notice
     :blobcathug: (jain@blob.cat)'s status on Sunday, 17-Sep-2023 18:17:20 JST :blobcathug:

     in reply to
     @rick i guess you have to post your config
   • Embed this notice
     :blobcathug: (jain@blob.cat)'s status on Sunday, 17-Sep-2023 18:21:45 JST :blobcathug:

     in reply to
     @rick do it
   • Embed this notice
     rick (rick@a.n0id.space)'s status on Sunday, 17-Sep-2023 18:21:46 JST rick

     in reply to

     • :blobcathug:
     @Jain if you want to, i can upload them somewhere.. been staring at it for over an hour ^^v
   • Embed this notice
     Stanford (tfunken@social.as200950.com)'s status on Sunday, 17-Sep-2023 20:39:07 JST Stanford

     in reply to

     • :blobcathug:

     @rick @Jain

     ╭─tfunken@Toms-MacBook-Air.local ~
     ╰─➤ curl https://n0id.space -v -I
     * Trying [2a01:4f8:c012:d394::1]:443...
     * Connected to n0id.space (2a01:4f8:c012:d394::1) port 443 (#0)
     * ALPN: offers h2,http/1.1
     * (304) (OUT), TLS handshake, Client hello (1):
     * CAfile: /etc/ssl/cert.pem
     * CApath: none
     * (304) (IN), TLS handshake, Server hello (2):
     * (304) (IN), TLS handshake, Unknown (8):
     * (304) (IN), TLS handshake, Certificate (11):
     * (304) (IN), TLS handshake, CERT verify (15):
     * (304) (IN), TLS handshake, Finished (20):
     * (304) (OUT), TLS handshake, Finished (20):
     * SSL connection using TLSv1.3 / AEAD-AES256-GCM-SHA384
     * ALPN: server accepted h2
     * Server certificate:
     * subject: CN=n0id.space
     * start date: Aug 11 20:39:09 2023 GMT
     * expire date: Nov 9 20:39:08 2023 GMT
     * subjectAltName: host "n0id.space" matched cert's "n0id.space"
     * issuer: C=US; O=Let's Encrypt; CN=R3
     * SSL certificate verify ok.
     * using HTTP/2
     * h2 [:method: HEAD]
     * h2 [:scheme: https]
     * h2 [:authority: n0id.space]
     * h2 [:path: /]
     * h2 [user-agent: curl/8.1.2]
     * h2 [accept: */*]
     * Using Stream ID: 1 (easy handle 0x14b812e00)
     > HEAD / HTTP/2
     > Host: n0id.space
     > User-Agent: curl/8.1.2
     > Accept: */*
     >
     < HTTP/2 200
     HTTP/2 200
     < server: nginx/1.22.1
     server: nginx/1.22.1
     < date: Sun, 17 Sep 2023 09:34:34 GMT
     date: Sun, 17 Sep 2023 09:34:34 GMT
     < content-type: text/html
     content-type: text/html
     < content-length: 2882
     content-length: 2882
     < last-modified: Fri, 11 Aug 2023 20:42:27 GMT
     last-modified: Fri, 11 Aug 2023 20:42:27 GMT
     < etag: "64d69d33-b42"
     etag: "64d69d33-b42"
     < accept-ranges: bytes
     accept-ranges: bytes
     
     <
     * Connection #0 to host n0id.space left intact
     ╭─tfunken@Toms-MacBook-Air.local ~
     ╰─➤ curl https://n0id.space -v -I -4
     * Trying 157.90.148.53:443...
     * Connected to n0id.space (157.90.148.53) port 443 (#0)
     * ALPN: offers h2,http/1.1
     * (304) (OUT), TLS handshake, Client hello (1):
     * CAfile: /etc/ssl/cert.pem
     * CApath: none
     * (304) (IN), TLS handshake, Server hello (2):
     * (304) (IN), TLS handshake, Unknown (8):
     * (304) (IN), TLS handshake, Certificate (11):
     * (304) (IN), TLS handshake, CERT verify (15):
     * (304) (IN), TLS handshake, Finished (20):
     * (304) (OUT), TLS handshake, Finished (20):
     * SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256
     * ALPN: server accepted h2
     * Server certificate:
     * subject: CN=a.n0id.space
     * start date: Aug 11 18:31:52 2023 GMT
     * expire date: Nov 9 18:31:51 2023 GMT
     * subjectAltName does not match n0id.space
     * SSL: no alternative certificate subject name matches target host name 'n0id.space'
     * Closing connection 0
     curl: (60) SSL: no alternative certificate subject name matches target host name 'n0id.space'
     More details here: https://curl.se/docs/sslcerts.html
     
     curl failed to verify the legitimacy of the server and therefore could not
     establish a secure connection to it. To learn more about this situation and
     how to fix it, please visit the web page mentioned above.
     
   • Embed this notice
     Stanford (tfunken@social.as200950.com)'s status on Sunday, 17-Sep-2023 20:39:07 JST Stanford

     in reply to

     • :blobcathug:

     @rick @Jain it's definitely just happens via IPv4.

     But I can't see an issue with your config either :neocat_sad:

     :blobcathug: likes this.
   • Embed this notice
     rick (rick@a.n0id.space)'s status on Sunday, 17-Sep-2023 20:39:09 JST rick

     in reply to

     • :blobcathug:
     • Stanford
     @Jain @tfunken for me it looks like (via curl and ff) that as soon as i call n0id.space via https the akkoma server_block is used
   • Embed this notice
     rick (rick@a.n0id.space)'s status on Sunday, 17-Sep-2023 20:39:10 JST rick

     in reply to

     • :blobcathug:
     • Stanford
     @Jain @tfunken i even tried to set the default_server option in my static site.. thats why this is still in there
   • Embed this notice
     rick (rick@a.n0id.space)'s status on Sunday, 17-Sep-2023 20:39:11 JST rick

     in reply to

     • :blobcathug:
     • Stanford
     @Jain my static site: https://0x0.st/HOAF.conf
     my akkoma: https://0x0.st/HOAC.conf
     
     according to @tfunken it works fine via ipv6... sadly i can't test it from where i'm rn
   • Embed this notice
     :blobcathug: (jain@blob.cat)'s status on Sunday, 17-Sep-2023 21:33:55 JST :blobcathug:

     in reply to

     • Stanford
     @rick @tfunken i cant see issues too