State of Pump.io about pump.io HOT 16 CLOSED

Hey @prologic, primary maintainer here. As you've noticed I've been relatively inactive in the project, for a variety of reasons - some just have to do with personal life, like my being in college, and it's partly because I've become more involved in different communities (e.g. Qubes OS). I can still guarantee security support for pump.io in accordance with our security policy but beyond that I don't want to make any promises that I may not keep :)

As such I cannot tell if Pump the server and Web UI is in any way currently mature and stable enough to be used (even on a personal basis).

As for this question, my suggestion is that you just set it up yourself and see if it meets your needs. Sounds like you're already trying to do so, which brings me to...

The Web UI insists on redirecting browsers to http://pump.mills.io:31337/ instead of https://pump.mills.io/ despite setting an environment PUMPIO_URLPORT

This is a common issue and is covered in the FAQ: https://pumpio.readthedocs.io/en/latest/sysadmins-faq.html#i-set-urlport-but-my-browser-is-still-sending-me-to-the-wrong-port

from pump.io.

It is my understanding that ActivityPub isn't supported as of yet. See issue #1241

from pump.io.

For the record, following a user on another instance via the web UI has been possible since the beginning of Pump.io, you just need to do the remote login first. I don't personally use the web UI, since I very much prefer to use a desktop client, but the option's there.

ActivityPub support is ongoing (@evanp, ping?), and AFAIK S2S was being worked on first.

from pump.io.

@prologic I have several PR's to improve the UI and I have plans to do more, I think your problem is more related with server config also you can use NGXIN for reverse proxy

from pump.io.

@prologic yeah, I know pump.io has some problems related with the UI/UX and after the next release (6.0.0) I have plans to merge some of those PR, but the web UI require a big refactor.

from pump.io.

@prologic about the config check https://pumpio.readthedocs.io/en/latest/configuration/reference.html in your case without NGINX you should use port: 443 and hostname: https://pump.mills.io and set up the key/cert path.

if I start your server previously with another port that can cause the redirect because it is in the DB, you would have to delete it and start the server again.

Can we merge the UI/UX improvements as they stand now rather than wait for a "Big Refactor" of the UI? That would quickly become scope creep and involve a lot of hard work from those more capable on the UI/UX side (not me!)

as I say before I waiting the 6.0.0 release to merge more things, but you can check it https://github.com/pump-io/pump.io/pulls?q=is%3Aopen+is%3Apr+label%3Awebui

from pump.io.

😲That issue was filed over ~2.5yrs ago. It is unlikely that it will be completed. I looks like the scope was far too large to be implement in any tractional time-frame.

A little disappointing; but that's okay. It just makes Pump.io unsuitable for what I'd like to use it for -- a private decentralized social network where I can also follow/subscribe to other ActivityPub streams.

Looks like writeas/Read.as might be more promising especially when writeas/Read.as#4 and writeas/Read.as#5 are completed.

from pump.io.

@jankusanagi Could you explain how this works from a UI/UX point of view? I couldn't honestly figure this out with the instnace on datamost.com

I'm trying really hard to actually spin up an instance myself but I'm running into a lot of difficulty with running pump.io behind Traefik with TLS termination. The Web UI insists on redirecting browsers to http://pump.mills.io:31337/ instead of https://pump.mills.io/ despite setting an environment PUMPIO_URLPORT :/ Seems sort of related to #1681 but not quite.

from pump.io.

@prologic I hace severals PR's yo improve the UI and I have plans to do more,

Can we get those PRs merged? Improvements to the UI would be very good here; my experience thus far with the Pump UI on a localhost deployment isn't that great -- there are some quirks and UX that could be better.

I think your problem is more related with server config also you can use NGXIN for reverse proxy

No. I do not want to use NGINX. My entire production infra is based on Docker Swarm and Traefik as the primary ingress load balancer and reverse proxy.

The choice of Load Balancer / Reverse Proxy however is not the issue here.

from pump.io.

Hey @prologic, primary maintainer here. As you've noticed I've been relatively inactive in the project, for a variety of reasons - some just have to do with personal life, like my being in college, and it's partly because I've become more involved in different communities (e.g. Qubes OS). I can still guarantee security support for pump.io in accordance with our security policy but beyond that I don't want to make any promises that I may not keep :)

I am sorry to hear that. Life does sometimes get in the way of interesting projects! Believe me I know :D

As such I cannot tell if Pump the server and Web UI is in any way currently mature and stable enough to be used (even on a personal basis).

As for this question, my suggestion is that you just set it up yourself and see if it meets your needs. Sounds like you're already trying to do so, which brings me to...

Yeah I'm doing exactly this and may contribute some fixes that fix some "production" issue I'm facing (see below).

The Web UI insists on redirecting browsers to http://pump.mills.io:31337/ instead of https://pump.mills.io/ despite setting an environment PUMPIO_URLPORT

This is a common issue and is covered in the FAQ: https://pumpio.readthedocs.io/en/latest/sysadmins-faq.html#i-set-urlport-but-my-browser-is-still-sending-me-to-the-wrong-port

Yeah this is not the problem. I've read that FAQ entry. The problem is I cannot convince Pump to NOT redirect the client to http://mydomain:31337/ -- Its not clear to me how the following configuration parameters come in to play:

• hostname
• address
• port
• urlPort

From my early observation there seems to be some rather odd assumptions made about how Pump is deployed. I expect the server to fully request the Host: and Path: headers and correctly redirect to the same origin port and hostname. I do TLS termination at the Load Balancer / Reverse Proxy but Pump insists on redirecting to http:// which is just plain wrong.

Perhaps you could help clarify some of the configuration options and point me in the right direction? Like I said above -- I would be happy to contribute some small fixes that address the "production" issues I am facing.

from pump.io.

@prologic yeah, I know pump.io has some problems related with the UI/UX and after the next release (6.0.0) I have plans to merge some of those PR, but the web UI require a big refactor.

Can we merge the UI/UX improvements as they stand now rather than wait for a "Big Refactor" of the UI? That would quickly become scope creep and involve a lot of hard work from those more capable on the UI/UX side (not me!)

from pump.io.

@prologic about the config check https://pumpio.readthedocs.io/en/latest/configuration/reference.html in your case without NGINX you should use port: 443 and hostname: https://pump.mills.io and set up the key/cert path.

Okay. Thanks! I can try this tonight. I'll report back here if that works and put up a PR that shows a production level configuration and deployment in Docker Swarm + Traefik.

Can we merge the UI/UX improvements as they stand now rather than wait for a "Big Refactor" of the UI? That would quickly become scope creep and involve a lot of hard work from those more capable on the UI/UX side (not me!)

as I say before I waiting the 6.0.0 release to merge more things, but you can check it https://github.com/pump-io/pump.io/pulls?q=is%3Aopen+is%3Apr+label%3Awebui

Fair enough :)

from pump.io.

@vxcamiloxv Sorry to report but your suggested config does not work.

Setting hostname to https://... is wrong. It adds https://http:// to the Redirect URI sent to the client.

e.g: https://https//pump.mills.io:31337/

I'm really finding this redirect behavior to be quite broken and if I have enough energy tonight I may just fix the code.

To be honest I'm not even sure why it has to redirect on the first route/page in the first place :/

from pump.io.

@prologic sorry, my mistake, hostname should be your IP (127.0.0.1 should works) and address your domain without protocol, an example of configuration tests on my server.

{
    "driver":  "memory", // no_for_production
    "noweb":  false,
    "site":  "pump",
    "owner":  "Your Project",
    "ownerURL":  "http://distopico.info/",
    "port":  443,
    "hostname":  "127.0.0.1",
    "address":  "activity.distopico.info",
    "secret":  "-----------",
    "cert": "----/fullchain.pem",
    "key": "----/privkey.pem",
    "nologger":  false,
    "logLevel": "debug",
    "datadir": "/var/local/pump",
    "enableUploads": true,
    "debugClient": false,
    "disableRegistration": true,
    "firehose": "ofirehose.com"
}

from pump.io.

I've been looking through the code in lib/app.js and I'm a little sad to see some of this. #1239 is somewhat related here in that blatant assumptions are being made in the application about TLS. It looks like the only thing Pump's server code understands is useHTTPS which is inferred from a non-null config.key which in turn sets up a HTTPS backend.

Unfortunately the Dockerfile upstream sets up a UID/GID < 1024 meaning that you can't bind the Pump server to port 443 anyway.

Worse if you could you'd not only need a set of certs for your Load Balancer / Reverse Proxy (which in my case is Traeifk + ACME/LetaEncrypt) but also for the backend (which sadly you'd have to do by hand).

I'm not sure at this point whether fixing this broken behavior is easy or not... It looks like all the ExpressJS .redirect(...) calls are harmless. It s the explicit 301 being done early on in lib/app.js that seems to be problematic -- which I still haven't figured out why it even does this.

from pump.io.

Sorry but you are wrong again :)

I got it working finally.

This is my working pump.yml Docker Stackfile:

version: "3.7"

services:
  pumpio:
    image: r.mills.io/prologic/pumpio
    environment:
      - NODE_ENVIRONMENT=production
      - PUMPIO_SECRET=CKknDicMCF5jV1xflycPGMDUE93MlhwS
      - PUMPIO_HOSTNAME=pump.mills.io
      - PUMPIO_PORT=443
      - PUMPIO_ADDRESS=0.0.0.0
      - PUMPIO_DATADIR=/data
      - PUMPIO_ENABLE_UPLOADS=true
      - PUMPIO_DRIVER=mongodb
      - PUMPIO_PARAMS__HOST=mongodb
      - PUMPIO_PARAMS__DBNAME=pumpio
    networks:
      - pump
      - traefik
    volumes:
      - pumpdata:/data
    deploy:
      replicas: 1
      placement:
        constraints:
          - "node.hostname == dm3.mills.io"
      labels:
        - "traefik.enable=true"
        - "traefik.port=443"
        - "traefik.backend=pump"
        - "traefik.docker.network=traefik"
        - "traefik.frontend.rule=Host:pump.mills.io"

  mongodb:
    image: mongo:latest
    networks:
      - pump
    volumes:
      - mongodata:/data/db
    deploy:
      replicas: 1
      placement:
        constraints:
          - "node.hostname == dm3.mills.io"

networks:
  pump:
    driver: overlay
  traefik:
    external: true

volumes:
  pumpdata:
    driver: local
  mongodata:
    driver: local

Deployed with:

$ docker stack deploy pump.yml

I had to rebuild the Docker image with this diff to get this to work correctly:

diff --git a/Dockerfile b/Dockerfile
index 0942c8a4..bca4d7d1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -31,6 +31,6 @@ RUN apk add --no-cache graphicsmagick openssl nodejs npm python make g++ git \
 VOLUME "${PUMP_DATADIR}"
 
 WORKDIR "${PUMP_LOCATION}"
-EXPOSE 80
-USER pumpio
+EXPOSE 80 443
+
 CMD ["pump"]

Like I said the whole redirection and configuration is a little strange to say the last but this configuration works behind a Traefik Reverse Proxy the TLS termination on the LB.

from pump.io.