From 4cd4445e6537767097eb635baa74739f4830280a Mon Sep 17 00:00:00 2001 From: Manav Rathi Date: Thu, 10 Apr 2025 08:04:43 +0530 Subject: [PATCH 1/2] doc csp --- .../docs/self-hosting/troubleshooting/misc.md | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 docs/docs/self-hosting/troubleshooting/misc.md diff --git a/docs/docs/self-hosting/troubleshooting/misc.md b/docs/docs/self-hosting/troubleshooting/misc.md new file mode 100644 index 0000000000..65c1e7ffd1 --- /dev/null +++ b/docs/docs/self-hosting/troubleshooting/misc.md @@ -0,0 +1,35 @@ +--- +title: General troubleshooting cases +description: Fixing various errors when trying to self host Ente +--- + +## Functionality not working on self hosted + +If some specific functionality (e.g. album listing, video playback) does not +work on your self hosted instance, it is possible that you have set _some_, but +not _all_ needed CSP headers (by default, CSP is not enabled). + +To expand on it - by default, currently the generated build does not enable CSP +headers. The generated build includes a _headers file that Cloudflare will use +to set HTTP response headers, but even these do not enable CSP, it is set to a +report only mode. + +However, your web server might be setting some CSP policy. If so, then you will +need to ensure that all necessary CSP headers are set. + +You can see the current +[_headers](https://github.com/ente-io/ente/blob/main/web/apps/photos/public/_headers) +file contents to use a template for your CSP policy. The +`Content-Security-Policy-Report-Only` value will show you the CSP headers in +"dry run" report-only mode we're setting - you can use that as a template, +tweaking it as per your setup. + +How do you know if this is the problem you're facing? The browser console +_might_ be giving you errors when you try to open the page and perform the +corresponding function. + +> Refused to load https://subdomain.example.org/... because it does not appear +> in the script-src directive of the Content Security Policy. + +This is not guaranteed, each browsers handles CSP errors differently, and some +may silently swallow it. From e8e407a249d743a306b232251b2d9d5db7301016 Mon Sep 17 00:00:00 2001 From: Manav Rathi Date: Thu, 10 Apr 2025 08:14:59 +0530 Subject: [PATCH 2/2] pg --- .../self-hosting/troubleshooting/docker.md | 58 +++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/docs/docs/self-hosting/troubleshooting/docker.md b/docs/docs/self-hosting/troubleshooting/docker.md index 905ac709e4..49e616da56 100644 --- a/docs/docs/self-hosting/troubleshooting/docker.md +++ b/docs/docs/self-hosting/troubleshooting/docker.md @@ -70,3 +70,61 @@ services.postgres.healthcheck Additional property start_interval is not allowed You will need to upgrade your Docker compose version to a newer version that supports the `start_interval` property on the health check. + +## Postgres authentication failed + +If you're getting Postgres password authentication failures when starting your +cluster, then you might be using a stale Docker volume. + +In more detail, if you're getting an error of the following form (pasting a full +example for easier greppability): + +``` +museum-1 | panic: pq: password authentication failed for user "pguser" +museum-1 | +museum-1 | goroutine 1 [running]: +museum-1 | main.setupDatabase() +museum-1 | /etc/ente/cmd/museum/main.go:846 +0x338 +museum-1 | main.main() +museum-1 | /etc/ente/cmd/museum/main.go:124 +0x44c +museum-1 exited with code 2 +``` + +Then the issue is that the password you're using is not the password postgres is +expecting (duh), and a potential scenario where that can happen is something +like this: + +1. On a machine, you create a new cluster with `quickstart.sh`. + +2. Later you delete that folder, but then create another cluster with + `quickstart.sh`. Each time `quickstart.sh` runs, it creates new credentials, + and then when it tries to spin up the docker compose cluster, use them to + connect to the postgres running within. + +3. However, you would already have a docker volume from the first run of + `quickstart.sh`. Since the folder name is the same in both cases `my-ente`, + Docker will reuse the existing volumes. So your postgres is running off the + old credentials, and you're trying to connect to it using the new ones, and + the error arises. + +The solution is to delete the stale docker volume. **Be careful**, this will +delete all data in those volumes (any thing you uploaded etc), so first +understand if this is the exact problem you are facing before deleting those +volumes. + +If you're sure of what you're doing, the volumes can be deleted by + +``` +docker volume ls +``` + +to list them, and then delete the ones that begin with `my-ente` using `docker +volume rm`. You can delete all stale volumes by using `docker system prune` with +the `--volumes` flag, but be _really_ careful, that'll delete all volumes (Ente +or otherwise) on your machine that are not currently in use by a running docker +container. + +If you're unsure about removing volumes, another alternative is to rename your +`my-ente` folder. Docker uses the folder name to determine the volume name +prefix, so giving it a different name will cause Docker to create a volume +afresh for it.