Open SFTPgo WebAdmin / How to adjust the link?

michelandre · July 13, 2023, 5:21pm

Debian-11
NS8-beta
Running as a virtual mchine
servername: ns8
domain name: debian.toto-dev.org
servername FQDN: ns8.debian.toto-dev.org
Newly created virtual host domain name: toto-dev.org

Hi all,

I followed the debian man page for the /etc/hosts file: hosts(5) — manpages — Debian stretch — Debian Manpages
I followed the debian man page for the hostname: hostname(1) — hostname — Debian stretch — Debian Manpages and all the options of the command have the right output.
I followed the debian man page for the resolv.conf file: resolv.conf(5) — manpages — Debian stretch — Debian Manpages
At the end of the NS8 installation, the URL for the cluster-admin points to the https://servername-FQDN/cluster-admin. User admin can: login, change his password, create the cluster, install: LDAP, MariaDB/phpmyadmin, Nginx/WebServer, etc…

All is running well with NS8 except the link to Open SFTPgo WebAdmin and also the links Open SFTPgo WebClient for all applications that use this client…

If I click on the link Open SFTPgo WebAdmin:

The link in the displayed page point to the servername (ns8) instead of the servername FQDN.

If I replace the servername (ns8) with the servername FQDN, the right page is displayed

User admin can login:

The same thing happens with a newly created virtual host - the link is pointing to the servername (ns8) instead of the virtual host domain name.
Also, if I replace the servername (ns8) with the virtual host domain name, the right page is displayed “Allo le monde! depuis NS8”

According to different man pages, the servername is all the characters up to the first period “(.)” of the servername FQDN. Also, the servername FQDN must start with, and end with an alphabetic character.

PROBLEM:

NS8 is taking the servername instead of the domain name or the servername FQDN with many applications.

Where I went wrong, or where can I edit the links, or is it a bug, or else … ?

Michel-André

michelandre · July 14, 2023, 3:51pm

Hi all,

On Debian-11, I have to change the hostname with nmtui and now all pointers are now working.

The use of nmtui will change the content of the files: /etc/hostname and /etc/resolv.conf

As seen below, the “hostname” and the “hostname -f” have the same output which is not suppose to be the case.

hostname is the text string before the first dot of the FQDN.
domain name is text string after the first dot of the FQDN.

root@ns8:~# hostname -f     
ns8.debian.toto-dev.org          <============= "FQDN"
root@ns8:~#

root@ns8:~# hostname  
ns8.debian.toto-dev.org          <============= it should be only "ns8"
root@ns8:~#

root@ns8:~# hostname -d 
debian.toto-dev.org              <============= "domain name"
root@ns8:~#

root@ns8:~# dnsdomainname
debian.toto-dev.org
root@ns8:~#

root@ns8:~# cat /etc/hostname
ns8.debian.toto-dev.org     <============= it should be only "ns8"
root@ns8:~#

Conclusion:

I think the way NS8 gets the hostname or domain name is not the proper way to do so.

Michel-André

EDIT:

With the proper hostname, to communicate at he end of the installation it displays:
https://FQDN/cluster-admin

To communicate with SFTPgo, why it uses:
https://hostname/sftpgo…

Why the logic is different ???

danb35 · July 14, 2023, 6:33pm

I think so too:

It’s improved compared to a few months ago, but it looks like there’s still a problem.

stephdl · July 18, 2023, 6:58am

Out of a computer but iirc we rely on the bash command

hostname

Could be interesting to see the output before you changed it

stephdl · July 18, 2023, 7:05am

From what I read I am quite sure that your server debian 11 was misconfigured or something wrong was on the dns side

For example the mail module should be broken too probably

Could you reproduce and detail how you set up your dns name

stephdl · July 18, 2023, 7:09am

We could use it but not sure it has solved your issue

danb35 · July 18, 2023, 8:03am

Between this and the other topic I linked, maybe NS8 should just ask for the desired/intended hostname (perhaps with a caveat that it shouldn’t be the FQDN you intend to serve your main web content from, see NS8: webserver allows to create a virtual host with the same FQDN as the main server FQDN). Because the auto-detecting seems very fragile, and it also seems to come up with inconsistent results. Have it as part of the install script maybe, or perhaps part of the create/join cluster pages.

Otherwise, the docs need to specify exactly how the hostname is to be set for NS8 purposes (and it needs to be something that can be done post-install, because folks who will be running this in a VPS environment won’t be able to set it at install time), because the information in several online guides wasn’t enough to get it done when I was working on it earlier.

stephdl · July 18, 2023, 8:31am

something was broken in the configuration side of miche-andre

Wrong

We need the full qualified domain name in this file, probably if ns8 was written first we found the key of the issue

Dns are configurable as you want after the installation but after the cluster creation I am less sure

As I said dns matters a lot with ns8 and if you misconfigure it it won’t work. We need to practice and learn how to use it

michelandre · July 18, 2023, 12:50pm

Hi @stephdl

You are right, it is wrong but this is the only way that SFTPgo will work.

That is why i wrote: <============= it should be only “ns8”
It is suppose to contain: (only a single label, i.e. without any dots) see below…

That is also why I wrote: I think the way NS8 gets the hostname or domain name is not the proper way to do so.

/etc/hostname
hostname(5) - Linux manual page.

The file should contain a single newline-terminated hostname
string. Comments (lines starting with a “#”) are ignored. The
hostname should be composed of up to 64 7-bit ASCII lower-case
alphanumeric characters or hyphens forming a valid DNS domain
name. It is recommended that this name contains only a single
label, i.e. without any dots. Invalid characters will be filtered
out in an attempt to make the name valid, but obviously it is
recommended to use a valid name and not rely on this filtering.

HISTORY
The simple configuration file format of /etc/hostname originates
from Debian GNU/Linux.

Can you explain the logic below ?

Michel-André

EDIT:
In /etc/hostname, if I insert only the server name i.e. ns8 (as it should be), SFTPgo will want to go to ns8/sftpgo/web/admin/login.

michelandre · July 18, 2023, 1:21pm

Hi @stephdl

When I was using Rocky, for sure it was broken as the certificate(s) I received is quite wrong and I think they are left over from somewhere:

“Unable to connect to server. The configuration, username or password are probably incorrect.”

With Debian-11, I also receive a funny "Personnes" certificate

This is also a bug.

That is why I am waiting for Beta-2 to test email.

Michel-André

michelandre · July 18, 2023, 1:35pm

Hi @stephdl

I am testing on a virtual machine on the LOCAL LAN, I am sure I am not the only one.

That is why I do not comment on how to obtain a certificate in such an environment.
I obtain a Let’s Encrypt certificate on my main NethServer and I upload it to NS8.

I looks that it is not interesting for NS8 !!!

Michel-André

stephdl · July 18, 2023, 1:42pm

We need to retrieve the hostname of the server, we relie on hostname cli command. We could either use hostnamectl but it reflects too what is written in /etc/hosts bad or good

Just on my cell I can be wrong

michelandre · July 18, 2023, 2:05pm

Hi @stephdl

For the time been, I would say to use
hostname -f.

If you look at the man pages for hostname, it also gives C functions to get the hostname.
hostname(1) — hostname — Debian stretch — Debian Manpages.

GET NAME

When called without any arguments, the program displays the current names:

hostname will print the name of the system as returned by the gethostname(2) function.
domainname will print the NIS domainname of the system. domainname uses the gethostname(2) function, while ypdomainname and nisdomainname use the getdomainname(2).
dnsdomainname will print the domain part of the FQDN (Fully Qualified Domain Name). The complete FQDN of the system is returned with hostname --fqdn (but see the warnings in section THE FQDN below).
…

Technically: The FQDN is the name getaddrinfo(3) returns for the host name returned by gethostname(2). The DNS domain name is the part after the first dot.

Therefore it depends on the configuration of the resolver (usually in /etc/host.conf) how you can change it. Usually the hosts file is parsed before DNS or NIS, so it is most common to change the FQDN in /etc/hosts.

If a machine has multiple network interfaces/addresses or is used in a mobile environment, then it may either have multiple FQDNs/domain names or none at all. Therefore avoid using hostname --fqdn, hostname --domain and dnsdomainname. hostname --ip-address is subject to the same limitations so it should be avoided as well.
…
-f, --fqdn, --long

Display the FQDN (Fully Qualified Domain Name). A FQDN consists of a short host name and the DNS domain name. Unless you are using bind or NIS for host lookups you can change the FQDN and the DNS domain name (which is part of the FQDN) in the /etc/hosts file. See the warnings in section THE FQDN above and use hostname --all-fqdns instead wherever possible.

Michel-André

stephdl · July 19, 2023, 5:23pm

on rocky

[root@R1 ~]# cat /etc/hostname 
R1.rocky9.org
[root@R1 ~]# cat /etc/hosts 
127.0.0.1   R1.rocky9.org localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         R1.rocky9.org localhost localhost.localdomain localhost6 localhost6.localdomain6


[root@R1 ~]# hostname
R1.rocky9.org
[root@R1 ~]# hostname -f
R1.rocky9.org

we change the hostname

[root@R1 ~]# hostnamectl set-hostname rocky.toto.com


[root@R1 ~]# cat /etc/hostname 
rocky.toto.com
[root@R1 ~]# hostname -f
rocky.toto.com.red
[root@R1 ~]# hostname 
rocky.toto.com

@michelandre is the winner I started a laptop

@giacomo we have no resource in the ns8 installation page on how to set the hostname dns name I think, I bet it needs something

stephdl · July 20, 2023, 8:52am

https://github.com/search?q=org%3ANethServer%20socket.gethostname()&type=code

I use a python command to retrieve the fqdn

github.com

NethServer/ns8-mariadb/blob/52f10805e322b9c85b71b9a547d4b80b3c7c9786/imageroot/actions/get-configuration/20read#L45


      
          
          
# Read current configuration from Redis
          env = f'module/{os.environ["MODULE_ID"]}/environment'
          rdb = agent.redis_connect()
          config["mariadb_tcp_port"] = rdb.hget(env, "MARIADB_TCP_PORT");
          config["path"] =  rdb.hget(env, "TRAEFIK_PATH");
          config["http2https"] =  rdb.hget(env, "TRAEFIK_HTTP2HTTPS") == "True";
          # config["lets_encrypt"] =  rdb.hget(env, "TRAEFIK_LETS_ENCRYPT") == "True";
          
          
# Find the hostname of the node
          config["hostname"] = socket.gethostname()
          
          
# Dump the configuratio to stdou
          json.dump(config, fp=sys.stdout)

github.com

NethServer/ns8-webserver/blob/83e21ec24579127eca97bc64f008c3cfa6557618/imageroot/actions/get-configuration/20read#L64


      
          
          
configuration['virtualhost'] = vhosts
          # read Netxfpmport
          with open("databases/NextFpmPort", "r") as fp:
              NextFpmPort = int(fp.read() or "9000") + 1
          fp.close()
          
          
configuration['NextFpmPort'] = NextFpmPort
          
          
# Find the hosname of the node
          configuration["hostname"] = socket.gethostname()
          
          
# Read current configuration
          configuration["sftp_tcp_port"] = int(os.environ.get("SFTP_TCP_PORT",3092))
          configuration["path"] =   os.environ.get("TRAEFIK_PATH",'/sftpgo')
          configuration["http2https"] =  os.environ.get("TRAEFIK_HTTP2HTTPS","False") == "True"
          # test if sftpgo port is externally enabled
          configuration["sftpgo_service"] = os.environ.get('SFTPGO_SERVICE', False) == "True"
          
          
#test if sftpgo is running 
          sftpgo = subprocess.call(["systemctl", "is-active","--user", "--quiet", "sftpgo.service"])

no bash command, it is something we use, need to think on it

stephdl · July 20, 2023, 8:53am

or use a bash command in try except

github.com

NethServer/ns8-mail/blob/main/imageroot/actions/get-defaults/10get_defaults#L14


      
          # Copyright (C) 2023 Nethesis S.r.l.
          # SPDX-License-Identifier: GPL-3.0-or-later
          #
          
          
import json
          import sys
          import mail
          import subprocess
          import agent
          
          
try:
              hostname = subprocess.run(['hostname', '-f'], text=True, capture_output=True, check=True).stdout.strip()
              mail_domain = hostname[hostname.index(".") + 1:]
          except ValueError:
              hostname = "myserver.example.org"
              mail_domain = "example.org"
          
          
json.dump({
              'hostname': hostname,
              "mail_domain": mail_domain,
              "user_domains": mail.get_user_domains(agent.redis_connect()),

stephdl · July 20, 2023, 8:58am

or better use

socket.getfqdn()

stephdl · July 20, 2023, 9:08am

socket.getfqdn() vs socket.gethostname()

python - what's the difference between gethostname and getfqdn? - Stack Overflow.

stephdl · July 20, 2023, 9:12am

stephdl · July 20, 2023, 9:13am