-
msavoritias
Is nixnet sever supposed to have maintainance? I get remote server timeout when trying to add a room from their server.
-
Harper
The certificate still hasn't been renewed/deployed
-
Roi
ernst.on.tour, yes, it was down. I upgraded the server os.
-
ernst.on.tour
Roi: Thanks for the information, but in the middle of the day, on weekend, without announcement ? 😕 Some members from openim.de ask me what is going on. First downtime because export of db, second downtime for import of db, third downtime for upgrade os, all without information from your side. Can' t tell them anything. Just a little "Server will go down for upgrade os between 14:00-16:00UTC" in this MUC could help. 😉
-
Roi
ernst.on.tour, I did not imagine that it will take that long. Sorry. I will announce next time. Hopefully not soon, but the next Debian major version is not far...
-
Roi
About openim.de users: I got a lot (really a lot!) log messages about "unsupported protocol". The old openim.de server ran TLS on port 5223. It seems that a lot of clients are set to this configuration. They won't be able to login again.
-
Licaon_Kter
Roi: you don't control SRVs? Old ones were set up differently?
-
Roi
Licaon_Kter, Sure I do. But openim.de is now a vhost of the Hot-Chilli server. I won't run a different instance (on a different IP and so on) just because the old server was not configured the standard way.
-
jonas’
XEP-0368 on 5223 is not *that* uncommon.
-
Licaon_Kter
Well, their clients should use the bestest connection....eventually?
-
Roi
jonas’, we run TLS on 5222 and 80, and SSL on 5223 and 443. 80 and 443 run on the second IP as these would interfere with the webserver.
-
Roi
Licaon_Kter, I thought, too. But it seems that some clients have a static manual setup here.
-
jonas’
SSL? surely you mean direct TLS.
-
jonas’
nobody should be running SSL these days :-)
-
Roi
Anyway, some clients are hammering the server. ;-) From the log activity, some clients a lot or many clients a bit.
-
Roi
jonas’, yes, sorry. We started the server in 2005... It was called SSL then and still in my head. ;-)
-
Licaon_Kter
Startup pressure is a known thing...
-
Roi
Anyway, I will not change the config, or other clients might have the same problem. And openim is in the minority of active users comparing to the rest.
-
Roi
Licaon_Kter, You mean after the server restarts? Yeah. But this is something different. It does not stop or gets less.
-
Licaon_Kter
Odd
-
Licaon_Kter
You can pinpoint which Client does this?
-
Roi
Apr 02 18:57:33 c2s5626fad6d810 info Client disconnected: unsupported protocol Apr 02 18:57:33 c2s5626ee839ef0 info Client disconnected: unsupported protocol Apr 02 18:57:33 c2s562710b5e850 info Client disconnected: unsupported protocol Apr 02 18:57:33 c2s56271189c810 info Client disconnected: unsupported protocol
-
Roi
About 100 per second.
-
Roi
But no, not really. Would need to tcpdump or something like this. And then I have the IP. Then what? ;-)
-
Licaon_Kter
Better drop that IP for 24h or so
-
Roi
I do not have it.
-
Roi
And my guess is that it is not one IP but many.
-
Licaon_Kter
Drop them all, imho that's expected.
-
Menel
The old one had starttls on 5223 and people had to specify that in the client manually ?
-
Menel
Thats sad, and likely they now know not what the problem is, and think the server is down or something .
-
Roi
Menel, yepp that's the problem. Sure, they can check the website and will find the solution. I also mentioned it in the blog.
-
msavoritias
will they know to check the hot-chilli website though? and that the server they were has moved? i hope they have other accounts to check and ask
-
moparisthebest
Roi: you mean starttls on 5223 instead of direct TLS?
-
moparisthebest
You can run both on the same port with sslh or xmpp-proxy