Other instances can't fetch my toot


#1

Hello. I’m one of the admin of https://knzk.me.

The other day, my instance stopped by high load. There was a problem when restarting.

My instance is using ae3d2f4 ( GitHub - KnzkDev/mastodon: Your self-hosted, globally interconnected microblogging community )

I didn’t find any problematic errors in nginx and mastodon-web logs.

Sidekiq seems worked, My instance request was sent to other instance, but it returned 401.

Should I check other logs?

Thank you.


#2

What does happend if you add a relay?
Can you try https://relay.linux.pizza/inbox as a relay?


#3

Thank you for replying.

I added this relay server, but it can’t be approved…


#4

Did you add it around 8:26 AM GMT+1 today?
Or what time did you add it? I am trying to see if your instance even sent a request to me


#5

Yes. Thank you for helping.


#6

I did get requests actually that time, + I have created a test-account on your instance (testpizza) and successfully send messages to my instances.

Do you still have issues?


#7

it can send to knzk.me from other instances but it can’t send to other instances from knzk.me
However, there seems to be a time to succeed.

I tried it now:
image


#8

image


#9

I checked nextcloud social can be fetched knzk.me’s toot.
(Because I understand PHP, I thought it was a nice way.)

Then, “signature can not be checked” was recorded in the log of nextcloud social.

Do you think this relates to other mastodon instances that return 401?


#10

I am trying to figure out where the problem is. I can fetch from knzk and I can deliver to knzk inbox. So the thing not working is knzk delivering outside, right? A bit difficult to test…


#11

I am also able to resolve accounts and public keys from knzk.me, which could have been the reason for 401s if that wasn’t working.


#12

@yuzulabo This is a wild guess at this point, but try to edit app/controllers/concerns/signature_verification.rb and replace:

    account_stoplight = Stoplight("source:#{request.ip}") { account_from_key_id(signature_params['keyId']) }
      .with_fallback { nil }
      .with_threshold(1)
      .with_cool_off_time(5.minutes.seconds)
    account = account_stoplight.run

with:

account = account_from_key_id(signature_params['keyId'])

I don’t know if this would help, and it undoes a security-related fix, but if something is wrong with your IP configuration, it could maybe be related.