I am still on the old servermanager… old habits don’t die easy… 
found this in /var/log/messages:
Dec 7 20:19:17 ns7 gunicorn: 2019-12-07 19:19:17,540 django.security.DisallowedHost ERROR Invalid HTTP_HOST header: ‘funkwhale.domain.tld’. You may need to add 'funkwhale.domain.tld to ALLOWED_HOSTS.
django is a service used with funkwhale… what did I miss in setting up?
It doesn’t state what cfg file this is set…
Did you do the following?
chmod 755 /srv/funkwhale
yes I did, but when I look at permissions in /srv/funkwhale not every dir and file has 755 (rwe-r.e-r.e) permissions
Any idea where I can find the settings.py file?
Could you please share your /etc/httpd/conf.d/zzz_funkwhale.conf and /srv/funkwhale/config/.env ?
It should work without changing python settings.
See PM…
Now you have “Server Error (500)”, is there another error message in the logfile now?
EDIT:
More logs:
Reverse proxy: /var/log/httpd/*.log
API logs: journalctl -xn -u funkwhale-server
Celery logs: journalctl -xn -u funkwhale-worker
Let me check
a LOT of reecurring entries of this in API logs:
– Logs begin at Sat 2019-12-07 17:16:37 CET, end at Sat 2019-12-07 23:15:39 CET. –
Dec 07 23:14:30 ns7.domain.tld gunicorn[12101]: File “/srv/funkwhale/virtualenv/lib64/python3.6/site-packages/requests/api.py”, line 60, in request
Dec 07 23:14:30 ns7.domain.tld gunicorn[12101]: return session.request(method=method, url=url, **kwargs)
Dec 07 23:14:30 ns7.domain.tld gunicorn[12101]: File “/srv/funkwhale/virtualenv/lib64/python3.6/site-packages/requests/sessions.py”, line 533, in request
Dec 07 23:14:30 ns7.domain.tld gunicorn[12101]: resp = self.send(prep, **send_kwargs)
Dec 07 23:14:30 ns7.domain.tld gunicorn[12101]: File “/srv/funkwhale/virtualenv/lib64/python3.6/site-packages/requests/sessions.py”, line 646, in send
Dec 07 23:14:30 ns7.domain.tld gunicorn[12101]: r = adapter.send(request, **kwargs)
Dec 07 23:14:30 ns7.domain.tld gunicorn[12101]: File “/srv/funkwhale/virtualenv/lib64/python3.6/site-packages/requests/adapters.py”, line 516, in send
Dec 07 23:14:30 ns7.domain.tld gunicorn[12101]: raise ConnectionError(e, request=request)
Dec 07 23:14:30 ns7.domain.tld gunicorn[12101]: requests.exceptions.ConnectionError: HTTPSConnectionPool(host=‘funkwhale.domain.tld’, port=443): Max retries exceeded with url: /front/
Dec 07 23:14:30 ns7.domain.tld gunicorn[12101]: 2019-12-07 22:14:30,362 uvicorn.access INFO 213.127.104.224:0 - “GET /favicon.ico HTTP/1.1” 500
hey, thanks for the guide! could complete all steps without any issues, starting the service throws me an error tough. the thing is i was stubborn and changed the funkwhale version to 1.0. so that is totally on me…will try it again tomorrow with 20.1.
systemctl status funkwhale-\*
● funkwhale-worker.service - Funkwhale celery worker
Loaded: loaded (/etc/systemd/system/funkwhale-worker.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Fri 2020-10-02 00:05:52 CEST; 20s ago
Process: 10984 ExecStart=/srv/funkwhale/virtualenv/bin/celery -A funkwhale_api.taskapp worker -l INFO --concurrency=${CELERYD_CONCURRENCY-0} (code=exited, status=2)
Main PID: 10984 (code=exited, status=2)
Oct 02 00:05:52 xxx systemd[1]: Started Funkwhale celery worker.
Oct 02 00:05:52 xxx celery[10984]: usage: celery worker [options]
Oct 02 00:05:52 xxx celery[10984]: celery: error: argument -c/--concurrency: invalid int value: ''
Oct 02 00:05:52 xxx systemd[1]: funkwhale-worker.service: main process exited, code=exited, status=2/INVALIDARGUMENT
Oct 02 00:05:52 xxx systemd[1]: Unit funkwhale-worker.service entered failed state.
Oct 02 00:05:52 xxx systemd[1]: funkwhale-worker.service failed.
● funkwhale-beat.service - Funkwhale celery beat process
Loaded: loaded (/etc/systemd/system/funkwhale-beat.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2020-10-02 00:05:52 CEST; 21s ago
Main PID: 10985 (celery)
CGroup: /system.slice/funkwhale-beat.service
└─10985 /srv/funkwhale/virtualenv/bin/python3 /srv/funkwhale/virtualenv/bin/celery -A funkwhale_api.taskapp beat -l INFO
Oct 02 00:05:52 xxx systemd[1]: Started Funkwhale celery beat process.
Oct 02 00:05:52 xxx celery[10985]: 2020-10-02 00:05:52,736 funkwhale_api.config INFO Loaded env file at /srv/funkwhale/config/.env
Oct 02 00:05:52 xxx celery[10985]: 2020-10-02 00:05:52,737 funkwhale_api.config INFO Running with the following plugins enabled: funkwhale_api.contrib.scrobbler
Oct 02 00:05:54 xxx celery[10985]: [2020-10-01 22:05:54,328: INFO/MainProcess] beat: Starting...
● funkwhale-server.service - Funkwhale application server
Loaded: loaded (/etc/systemd/system/funkwhale-server.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Fri 2020-10-02 00:05:52 CEST; 20s ago
Process: 10982 ExecStart=/srv/funkwhale/virtualenv/bin/gunicorn config.asgi:application -w ${FUNKWHALE_WEB_WORKERS} -k uvicorn.workers.UvicornWorker -b ${FUNKWHALE_API_IP}:${FUNKWHALE_API_PORT} (code=exited, status=3)
Main PID: 10982 (code=exited, status=3)
Oct 02 00:05:52 xxx gunicorn[10982]: File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
Oct 02 00:05:52 xxx gunicorn[10982]: File "/srv/funkwhale/virtualenv/lib64/python3.6/site-packages/uvicorn/loops/uvloop.py", line 3, in <module>
Oct 02 00:05:52 xxx gunicorn[10982]: import uvloop
Oct 02 00:05:52 xxx gunicorn[10982]: ModuleNotFoundError: No module named 'uvloop'
Oct 02 00:05:52 xxx gunicorn[10982]: [2020-10-02 00:05:52 +0200] [10996] [INFO] Worker exiting (pid: 10996)
Oct 02 00:05:52 xxx gunicorn[10982]: [2020-10-02 00:05:52 +0200] [10982] [INFO] Shutting down: Master
Oct 02 00:05:52 xxx gunicorn[10982]: [2020-10-02 00:05:52 +0200] [10982] [INFO] Reason: Worker failed to boot.
Oct 02 00:05:52 xxx systemd[1]: funkwhale-server.service: main process exited, code=exited, status=3/NOTIMPLEMENTED
Oct 02 00:05:52 xxx systemd[1]: Unit funkwhale-server.service entered failed state.
Oct 02 00:05:52 xxx systemd[1]: funkwhale-server.service failed.Thanks for testing, I hope it still works.
You may use postgresql12 (12.0) instead of old postgres94 (9.4) that’s not supported anymore. At the time I wrote the howto there was no nethserver-postgresql12 module.
To install postgresql12:
yum install nethserver-postgresql12
To connect to it for creating the database (uses port 55434):
su - postgres -c 'scl enable rh-postgresql94 -- psql -p 55434'
The database url in /srv/funkwhale/config/.env should look like:
DATABASE_URL=postgresql://funkwhale:SECRET@localhost:55434/funkwhale
su - postgres -c 'scl enable rh-postgresql94 -- psql -p 55432'
psql (9.4.14)
[root@tank ~]# su - postgres -c 'scl enable rh-postgresql12 -- psql -p 55432'
psql (12.1, server 9.4.14)
connecting to the db with rh-postgres94 after i installed 12? dropped and rebuilt the db with rh-postgres12. ran the remaining commands - again without any issues. starting the services give me the same result…
what about that?
Oct 02 00:05:52 xxx gunicorn[10982]: import uvloop
Oct 02 00:05:52 xxx gunicorn[10982]: ModuleNotFoundError: No module named ‘uvloop’
maybe i can find something else… if not… then ill try 0.20.1
ps: dunno if its related, had a error msg on the cert page requesting the funkhale cert
{
“pid”: 3304,
“status”: “failed”,
“event”: “certificate-update”
}
but the cert got added to the list…
added uvloop and httptools to the pip install command. now the server is starting up. celery worker is still refusing… dont see anything meaningful at the moment…
ok… modifications for funkwhale-server
pip install wheel service_identity uvloop httptools
funkwhale-worker
https://dev.funkwhale.audio/funkwhale/funkwhale/-/issues/1160
uncomment CELERYD_CONCURRENCY in .env
remove the “-1” from ${CELERYD_CONCURRENCY} in funkwhale.target
all services are starting up now, webpage throws me “server error (500)”… so i guess that cert error is an issue… ^^
I need to recheck, from the howto it should work as .well-known/acme-challenge is excluded for letsencrypt in the virtualhost.
To workaround the cert issue you may move away /etc/httpd/conf.d/zzz_funkwhale.conf, reload httpd and request the cert, then move the conf file back and reload httpd.
did that. requesting the cert worked without a error. still get the server error tough. its taking the default cert. is that on purpose that you are adding another virtualhost 80 and leaving the orig one? thats what mine looks like after the sed command
<VirtualHost *:80>
ServerName ${funkwhale-sn}
RedirectMatch 301 ^(?!/.well-known/acme-challenge/).* https://${funkwhale-sn}
</VirtualHost>
# HTTP requests redirected to HTTPS
<VirtualHost *:80>
ServerName ${funkwhale-sn}
# Default is to force https
RewriteEngine on
RewriteCond %{SERVER_NAME} =${funkwhale-sn}
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
<Location "/.well-known/acme-challenge/">
Options None
Require all granted
</Location>
</VirtualHost>
The funkwhale-sn definition is missing on top:
Define funkwhale-sn example.com
No, I think they updated/adapted the apache config, you may try to comment out the first virtualhost 80.
that was just a portion of the file. thats the entire content
# Following variables MUST be modified according to your setup
Define funkwhale-sn amp.domain.org
# Following variables should be modified according to your setup and if you
# use different configuration than what is described in our installation guide.
Define funkwhale-api http://localhost:5000
Define funkwhale-api-ws ws://localhost:5000
Define FUNKWHALE_ROOT_PATH /srv/funkwhale
Define MUSIC_DIRECTORY_PATH ${FUNKWHALE_ROOT_PATH}/data/music
Define MEDIA_DIRECTORY_PATH ${FUNKWHALE_ROOT_PATH}/data/media
<VirtualHost *:80>
ServerName ${funkwhale-sn}
RedirectMatch 301 ^(?!/.well-known/acme-challenge/).* https://${funkwhale-sn}
</VirtualHost>
# HTTP requests redirected to HTTPS
<VirtualHost *:80>
ServerName ${funkwhale-sn}
# Default is to force https
RewriteEngine on
RewriteCond %{SERVER_NAME} =${funkwhale-sn}
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
<Location "/.well-known/acme-challenge/">
Options None
Require all granted
</Location>
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName ${funkwhale-sn}
# Path to ErrorLog and access log
# ErrorLog ${APACHE_LOG_DIR}/funkwhale/error.log
# CustomLog ${APACHE_LOG_DIR}/funkwhale/access.log combined
# TLS
# Feel free to use your own configuration for SSL here or simply remove the
# lines and move the configuration to the previous server block if you
# don't want to run funkwhale behind https (this is not recommended)
# have a look here for let's encrypt configuration:
# https://certbot.eff.org/lets-encrypt/debianstretch-apache.html
SSLEngine on
SSLProxyEngine On
# SSLCertificateFile /etc/letsencrypt/live/${funkwhale-sn}/fullchain.pem
# SSLCertificateKeyFile /etc/letsencrypt/live/${funkwhale-sn}/privkey.pem
# Include /etc/letsencrypt/options-ssl-apache.conf
# Tell the api that the client is using https
RequestHeader set X-Forwarded-Proto "https"
# Configure Proxy settings
# ProxyPreserveHost pass the original Host header to the backend server
ProxyVia On
ProxyPreserveHost On
<IfModule mod_remoteip.c>
RemoteIPHeader X-Forwarded-For
</IfModule>
# Turning ProxyRequests on and allowing proxying from all may allow
# spammers to use your proxy to send email.
ProxyRequests Off
<Proxy *>
AddDefaultCharset off
Order Allow,Deny
Allow from all
</Proxy>
<Location "/">
# similar to nginx 'client_max_body_size 100M;'
LimitRequestBody 104857600
ProxyPass ${funkwhale-api}/
ProxyPassReverse ${funkwhale-api}/
</Location>
<Location "/federation">
ProxyPass ${funkwhale-api}/federation
ProxyPassReverse ${funkwhale-api}/federation
</Location>
# You can comment this if you don't plan to use the Subsonic API
<Location "/rest">
ProxyPass ${funkwhale-api}/api/subsonic/rest
ProxyPassReverse ${funkwhale-api}/api/subsonic/rest
</Location>
<Location "/.well-known/">
ProxyPass ${funkwhale-api}/.well-known/
ProxyPassReverse ${funkwhale-api}/.well-known/
</Location>
<Location "/front">
ProxyPass "!"
</Location>
Alias /front ${FUNKWHALE_ROOT_PATH}/front/dist
<Location "/media">
ProxyPass "!"
</Location>
Alias /media ${MEDIA_DIRECTORY_PATH}
<Location "/staticfiles">
ProxyPass "!"
</Location>
Alias /staticfiles ${FUNKWHALE_ROOT_PATH}/data/static
# Activating WebSockets
<Location "/api/v1/activity">
ProxyPass ${funkwhale-api-ws}/api/v1/activity
</Location>
# Setting appropriate access levels to serve frontend
<Directory "${FUNKWHALE_ROOT_PATH}/data/static">
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<Directory "${FUNKWHALE_ROOT_PATH}/front/dist">
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<Directory "${MEDIA_DIRECTORY_PATH}">
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
# XSendFile is serving audio files
# WARNING : permissions on paths specified below overrides previous definition,
# everything under those paths is potentially exposed.
# Following directive may be needed to ensure xsendfile is loaded
#LoadModule xsendfile_module modules/mod_xsendfile.so
<IfModule mod_xsendfile.c>
XSendFile On
XSendFilePath ${MEDIA_DIRECTORY_PATH}
XSendFilePath ${MUSIC_DIRECTORY_PATH}
SetEnv MOD_X_SENDFILE_ENABLED 1
</IfModule>
</VirtualHost>
</IfModule>
No, I think they updated/adapted the apache config, you may try to comment out the first virtualhost 80.
mhh…too bad. that didnt work
This seems to be an older issue, I’m going to check that asap.
You may check the logs to find out more:
https://docs.funkwhale.audio/admin/troubleshooting.html
Thanks for your work, I’ll add it to the howto as soon as it’s working.
ok cool. thank you!
thats what i get from journalctl -xn -u funkwhale-server
requests.exceptions.SSLError: HTTPSConnectionPool(host='amp.domain.org', port=443): Max retries exceeded with url: /front/index.html (Caused by SSLError(CertificateError("hostname 'amp.domain.org' doesn't match 'next.domain.org'",),))
OK, you only have the domain next.domain.org in the letsencrypt cert. You need to request the LE cert again with the additional domain amp.domain.org.
but i have all two listed in the cert page… next as default plus the amp one