Social.bbc is unreachable (new BBC instance)

axbom · 1 August 2023 06:49

At least three separate Akkoma instances are unable to identify and follow anyone on the new social.bbc instance.

Trying to figure out if this is an Akkoma bug or a setup by BBC that limits federation to Mastodon instances. Or a bug in local setups…

Anyone in the know?

tnhh · 1 August 2023 07:33

At least four instances: I also have the same problem. I can’t find any social.bbc users when I search on akkoma, but I can curl the webfinger endpoint from my server.

snott · 1 August 2023 08:25

hmm. Likewise can’t find.

Aug 01 08:23:45 teabag pleroma[392]: 08:23:45.534 [warning] Can't find LRDD template in "https://social.bbc/.well-known/host-meta": {:ok, %Tesla.Env{method: :get, url: "https://social.bbc/.well-known/host-meta", query: [], headers: [{"server", "awselb/2.0"}, {"date", "Tue, 01 Aug 2023 08:23:45 GMT"}, {"content-type", "text/html"}, {"content-length", "122"}, {"connection", "close"}], body: "<html>\r\n<head><title>400 Bad Request</title></head>\r\n<body>\r\n<center><h1>400 Bad Request</h1></center>\r\n</body>\r\n</html>\r\n", status: 400, opts: [adapter: [receive_timeout: 15000, pool_timeout: 5000, name: MyFinch]], __module__: Tesla, __client__: %Tesla.Client{fun: nil, pre: [{Tesla.Middleware.FollowRedirects, :call, [[]]}, {Tesla.Middleware.Telemetry, :call, [[]]}], post: [], adapter: nil}}}

going to assume that means it’s their end.

FloatingGhost · 1 August 2023 09:45

lucky for you lot i can ask them directly

i’ve asked the person who’s name is on the blog post to see if there’s anything weird with their setup, i can replicate this and i do not know why

 mix pleroma.diagnostics http https://social.bbc/.well-known/host-meta
[
  body: "",
  headers: [{"user-agent", "blahblahblah"}],
  method: :get,
  opts: [adapter: [receive_timeout: 5000, pool_timeout: 5000, name: MyFinch]],
  query: [],
  url: "https://social.bbc/.well-known/host-meta"
]
{:ok,
 %Tesla.Env{
   method: :get,
   url: "https://social.bbc/.well-known/host-meta",
   query: [],
   headers: [
     {"server", "awselb/2.0"},
     {"date", "Tue, 01 Aug 2023 09:38:26 GMT"},
     {"content-type", "text/html"},
     {"content-length", "122"},
     {"connection", "close"}
   ],
   body: "<html>\r\n<head><title>400 Bad Request</title></head>\r\n<body>\r\n<center><h1>400 Bad Request</h1></center>\r\n</body>\r\n</html>\r\n",
   status: 400,
   opts: [adapter: [receive_timeout: 5000, pool_timeout: 5000, name: MyFinch]],
   __module__: Tesla,
   __client__: %Tesla.Client{
     fun: nil,
     pre: [
       {Tesla.Middleware.FollowRedirects, :call, [[]]},
       {Tesla.Middleware.Telemetry, :call, [[]]}
     ],
     post: [],
     adapter: nil
   }
 }}

but cURL:

curl "https://social.bbc/.well-known/host-meta" --header 'user-agent: "blahblahblah"' -vvv --http1.1
*   Trying 34.255.221.16:443...
* Connected to social.bbc (34.255.221.16) port 443 (#0)
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: C=GB; ST=London; L=London; O=BRITISH BROADCASTING CORPORATION; CN=social.bbc
*  start date: Jul  8 07:46:02 2023 GMT
*  expire date: Aug  8 07:46:01 2024 GMT
*  subjectAltName: host "social.bbc" matched cert's "social.bbc"
*  issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign RSA OV SSL CA 2018
*  SSL certificate verify ok.
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET /.well-known/host-meta HTTP/1.1
> Host: social.bbc
> Accept: */*
> user-agent: "http.rb/3.3.0 (Mastodon/3.2.0)"
>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Tue, 01 Aug 2023 09:38:16 GMT
< Content-Type: application/xrd+xml; charset=utf-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Set-Cookie: AWSALB=0CJt+30GKoeL7d+OoKoHKnoFJrz4e/Y8Z2PODyWtenrR9gigYy/WUR2lmcyXpgaa8zbam/TCjFVOYXUb+T+06D0kLqwTvrjSoFXIVNbATo4irttTjwr3e1WmvHc7; Expires=Tue, 08 Aug 2023 09:38:16 GMT; Path=/
< Set-Cookie: AWSALBCORS=0CJt+30GKoeL7d+OoKoHKnoFJrz4e/Y8Z2PODyWtenrR9gigYy/WUR2lmcyXpgaa8zbam/TCjFVOYXUb+T+06D0kLqwTvrjSoFXIVNbATo4irttTjwr3e1WmvHc7; Expires=Tue, 08 Aug 2023 09:38:16 GMT; Path=/; SameSite=None; Secure
< Server: nginx/1.23.3
< X-Frame-Options: DENY
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 0
< Permissions-Policy: interest-cohort=()
< Referrer-Policy: same-origin
< Vary: Accept, Origin
< Cache-Control: max-age=259200, public
< ETag: W/"87789a902732e12dcd7aba95c4c1de5a"
< Content-Security-Policy: base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://social.bbc; img-src 'self' https: data: blob: https://social.bbc; style-src 'self' https://social.bbc 'nonce-Fz1wYwSWMw+d8hCCa9m4NQ=='; media-src 'self' https: data: https://social.bbc; frame-src 'self' https:; manifest-src 'self' https://social.bbc; form-action 'self'; connect-src 'self' data: blob: https://social.bbc https://files.social.bbc wss://social.bbc; script-src 'self' https://social.bbc 'wasm-unsafe-eval'; child-src 'self' blob: https://social.bbc; worker-src 'self' blob: https://social.bbc
< X-Request-Id: 92355780-590d-4661-b3d9-fe12be9bd68b
< X-Runtime: 0.003880
< Strict-Transport-Security: max-age=63072000; includeSubDomains
<
<?xml version="1.0" encoding="UTF-8"?>
<XRD xmlns="http://docs.oasis-open.org/ns/xri/xrd-1.0">
  <Link rel="lrdd" template="https://social.bbc/.well-known/webfinger?resource={uri}"/>
</XRD>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Connection #0 to host social.bbc left intact

this is… the same request

why on earth does one fail

FloatingGhost · 1 August 2023 09:59

i think it’s their ELB

the curl request goes through to an nginx server, but the finch request gets bounced at the ELB

hah? why it do

amazon explain

FloatingGhost · 1 August 2023 10:23

FOUND IT!

their ELB is really strict and won’t allow a content-length: 0 header with a GET request, and will bounce us at the door

mitigating now

FloatingGhost · 1 August 2023 13:04

fixed, you should be able to find them now

shove @BBCRD@social.bbc in thy search bar and it should just work ™

tnhh · 1 August 2023 14:27

Thanks (to you and the Beeb)