Crash and burn

Night before last was the heights of ecstasy, the depths of despair, and this morning I need to start cleaning up after the party/riot. Digitally speaking, it looks like a disaster area. All the pis are shut down; what exists is running on the back-up hardware.

By TozZ, via Commons.Wikimedia.Org

For weeks, now, I have been trying to get [O] running behind the [O] reverse-proxy.

YunoHost is a hosting administration tool. It automates the installation and maintenance of a range web services and applications, including single-sign-on across many of them. It even includes a fully-functioning e-mail server stack, and server, by default. And all of it at best-practices security.

Which would make the life of a lowly amateur sysadmin very much easier, if it could be convinced to play nice in the sandbox with the already-existing collection of web applications and services.

But, most importantly of all, YunoHost successfully (although it takes a loooooong time) installs Mastodon on the Raspberry Pi. This is not a trivial accomplishment. After manually installing Mastodon successfully once, I was unable to actually connect to it with a browser to test. And this has become a major goal: to get a service online as part of the family of web sites.

So, with all these motivators, I was super pleased when I was finally able to connect to a new installation of YunoHost. I thought I had it transiting the reverse proxy without installing additional security certificates. The SSO page was fine, the first application (a webmail app) worked fine.

When I went to log in to Mastodon for the first time, browser blocked the site for a security error.

And it blocked every other site, even those utterly uninvolved in the YunoHost installation.

The only point in common was the Nginx reverse-proxy. Making direct connection to the previous server, which has been operating flawlessly behind the reverse-proxy, did not result in the browser block. So, as it was late at night and I was questioning my decision-making, I decided to fall back on the old server, and shut everything else down.

A few quick configuration file changes, and it was done. The old hardware was back in its rôle as sole device. The other machines were manually powered off. And I went to bed.

Now I have a wee bit of work ahead of me.