Other instances can't fetch my toot

Hello. I’m one of the admin of https://knzk.me.

The other day, my instance stopped by high load. There was a problem when restarting.

My instance is using ae3d2f4 ( GitHub - KnzkDev/mastodon: Your self-hosted, globally interconnected microblogging community )

I didn’t find any problematic errors in nginx and mastodon-web logs.

Sidekiq seems worked, My instance request was sent to other instance, but it returned 401.

Should I check other logs?

Thank you.

What does happend if you add a relay?
Can you try https://relay.linux.pizza/inbox as a relay?

Thank you for replying.

I added this relay server, but it can’t be approved…

Did you add it around 8:26 AM GMT+1 today?
Or what time did you add it? I am trying to see if your instance even sent a request to me

Yes. Thank you for helping.

I did get requests actually that time, + I have created a test-account on your instance (testpizza) and successfully send messages to my instances.

Do you still have issues?

it can send to knzk.me from other instances but it can’t send to other instances from knzk.me
However, there seems to be a time to succeed.

I tried it now:
image

image

I checked nextcloud social can be fetched knzk.me’s toot.
(Because I understand PHP, I thought it was a nice way.)

Then, “signature can not be checked” was recorded in the log of nextcloud social.

Do you think this relates to other mastodon instances that return 401?

I am trying to figure out where the problem is. I can fetch from knzk and I can deliver to knzk inbox. So the thing not working is knzk delivering outside, right? A bit difficult to test…

I am also able to resolve accounts and public keys from knzk.me, which could have been the reason for 401s if that wasn’t working.

@yuzulabo This is a wild guess at this point, but try to edit app/controllers/concerns/signature_verification.rb and replace:

    account_stoplight = Stoplight("source:#{request.ip}") { account_from_key_id(signature_params['keyId']) }
      .with_fallback { nil }
      .with_threshold(1)
      .with_cool_off_time(5.minutes.seconds)
    account = account_stoplight.run

with:

account = account_from_key_id(signature_params['keyId'])

I don’t know if this would help, and it undoes a security-related fix, but if something is wrong with your IP configuration, it could maybe be related.