Trying again with Peertube and iDrive e2, something to do with CORS and hostname/IP not matching

scooke

I have Peertube installed, but I really haven't bother using it since I've actually never been able to get the S3 or Minio or iDrive storage option working (despite posting that I did at one point). So I am giving it one more go before deleting it off of my Cloudron. The latest error from the logs show (after I tried running 'gosu cloudron:cloudron npm run create-move-video-storage-job -- --to-object-storage --all-videos'):

Jan 06 19:18:09[peertube.lenote.eu:443] 2024-01-06 18:18:09.082 info: Moving video fde5b15e-998b-4b8e-808f-8eec4c8127cc to object storage in job 42.
Jan 06 19:18:09[peertube.lenote.eu:443] 2024-01-06 18:18:09.245 error: Cannot move video https://peertube.lenote.eu/videos/watch/fde5b15e-998b-4b8e-808f-8eec4c8127cc storage. {
Jan 06 19:18:09"err": {
Jan 06 19:18:09"stack": "Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: Host: web-videos.share.b1n5.fra.idrivee2-10.com. is not in the cert's altnames: DNS:*.a3o6.fra.idrivee2-10.com, DNS:*.a6r8.fra.idrivee2-10.com, DNS:*.b1n5.fra.idrivee2-10.com, DNS:*.d0w2.fra.idrivee2-10.com, DNS:*.d2x2.fra.idrivee2-10.com, DNS:*.e1g5.fra.idrivee2-10.com, DNS:*.e3y3.fra.idrivee2-10.com, DNS:*.e4n0.fra.idrivee2-10.com, DNS:*.e4p6.fra.idrivee2-10.com, DNS:*.f5r3.fra.idrivee2-10.com, DNS:*.fra.idrivee2-10.com, DNS:*.g2c7.fra.idrivee2-10.com, DNS:*.g7n6.fra.idrivee2-10.com, DNS:*.h3g4.fra.idrivee2-10.com, DNS:*.h3s8.fra.idrivee2-10.com, DNS:*.h4d3.fra.idrivee2-10.com, DNS:*.h6k4.fra.idrivee2-10.com, DNS:*.h8l2.fra.idrivee2-10.com, DNS:*.i1l1.fra.idrivee2-10.com, DNS:*.i6o1.fra.idrivee2-10.com, DNS:*.i6s7.fra.idrivee2-10.com, DNS:*.i6t7.fra.idrivee2-10.com, DNS:*.j5n7.fra.idrivee2-10.com, DNS:*.k2b5.fra.idrivee2-10.com, DNS:*.k2u3.fra.idrivee2-10.com, DNS:*.k7o1.fra.idrivee2-10.com, DNS:*.l0w7.fra.idrivee2-10.com, DNS:*.l2o0.fra.idrivee2-10.com, DNS:*.m0h4.fra.idrivee2-10.com, DNS:*.n1l8.fra.idrivee2-10.com, DNS:*.n2v3.fra.idrivee2-10.com, DNS:*.q4t0.fra.idrivee2-10.com, DNS:*.r2b6.fra.idrivee2-10.com, DNS:*.s4r4.fra.idrivee2-10.com, DNS:*.s7j4.fra.idrivee2-10.com, DNS:*.u2a1.fra.idrivee2-10.com, DNS:*.u3p7.fra.idrivee2-10.com, DNS:*.v1d2.fra.idrivee2-10.com, DNS:*.v6g3.fra.idrivee2-10.com, DNS:*.w5l1.fra.idrivee2-10.com, DNS:*.w6v5.fra.idrivee2-10.com\n at new NodeError (node:internal/errors:405:5)\n at Object.checkServerIdentity (node:tls:337:12)\n at TLSSocket.onConnectSecure (node:_tls_wrap:1610:27)\n at TLSSocket.emit (node:events:517:28)\n at TLSSocket._finishInit (node:_tls_wrap:1017:8)\n at ssl.onhandshakedone (node:_tls_wrap:803:12)",
Jan 06 19:18:09"reason": "Host: web-videos.share.b1n5.fra.idrivee2-10.com. is not in the cert's altnames: DNS:*.a3o6.fra.idrivee2-10.com, DNS:*.a6r8.fra.idrivee2-10.com, DNS:*.b1n5.fra.idrivee2-10.com, DNS:*.d0w2.fra.idrivee2-10.com, DNS:*.d2x2.fra.idrivee2-10.com, DNS:*.e1g5.fra.idrivee2-10.com, DNS:*.e3y3.fra.idrivee2-10.com, DNS:*.e4n0.fra.idrivee2-10.com, DNS:*.e4p6.fra.idrivee2-10.com, DNS:*.f5r3.fra.idrivee2-10.com, DNS:*.fra.idrivee2-10.com, DNS:*.g2c7.fra.idrivee2-10.com, DNS:*.g7n6.fra.idrivee2-10.com, DNS:*.h3g4.fra.idrivee2-10.com, DNS:*.h3s8.fra.idrivee2-10.com, DNS:*.h4d3.fra.idrivee2-10.com, DNS:*.h6k4.fra.idrivee2-10.com, DNS:*.h8l2.fra.idrivee2-10.com, DNS:*.i1l1.fra.idrivee2-10.com, DNS:*.i6o1.fra.idrivee2-10.com, DNS:*.i6s7.fra.idrivee2-10.com, DNS:*.i6t7.fra.idrivee2-10.com, DNS:*.j5n7.fra.idrivee2-10.com, DNS:*.k2b5.fra.idrivee2-10.com, DNS:*.k2u3.fra.idrivee2-10.com, DNS:*.k7o1.fra.idrivee2-10.com, DNS:*.l0w7.fra.idrivee2-10.com, DNS:*.l2o0.fra.idrivee2-10.com, DNS:*.m0h4.fra.idrivee2-10.com, DNS:*.n1l8.fra.idrivee2-10.com, DNS:*.n2v3.fra.idrivee2-10.com, DNS:*.q4t0.fra.idrivee2-10.com, DNS:*.r2b6.fra.idrivee2-10.com, DNS:*.s4r4.fra.idrivee2-10.com, DNS:*.s7j4.fra.idrivee2-10.com, DNS:*.u2a1.fra.idrivee2-10.com, DNS:*.u3p7.fra.idrivee2-10.com, DNS:*.v1d2.fra.idrivee2-10.com, DNS:*.v6g3.fra.idrivee2-10.com, DNS:*.w5l1.fra.idrivee2-10.com, DNS:*.w6v5.fra.idrivee2-10.com",
Jan 06 19:18:09"host": "web-videos.share.b1n5.fra.idrivee2-10.com",
Jan 06 19:18:09"cert": "Replaced by the logger to avoid large log message",
Jan 06 19:18:09"message": "Hostname/IP does not match certificate's altnames: Host: web-videos.share.b1n5.fra.idrivee2-10.com. is not in the cert's altnames: DNS:*.a3o6.fra.idrivee2-10.com, DNS:*.a6r8.fra.idrivee2-10.com, DNS:*.b1n5.fra.idrivee2-10.com, DNS:*.d0w2.fra.idrivee2-10.com, DNS:*.d2x2.fra.idrivee2-10.com, DNS:*.e1g5.fra.idrivee2-10.com, DNS:*.e3y3.fra.idrivee2-10.com, DNS:*.e4n0.fra.idrivee2-10.com, DNS:*.e4p6.fra.idrivee2-10.com, DNS:*.f5r3.fra.idrivee2-10.com, DNS:*.fra.idrivee2-10.com, DNS:*.g2c7.fra.idrivee2-10.com, DNS:*.g7n6.fra.idrivee2-10.com, DNS:*.h3g4.fra.idrivee2-10.com, DNS:*.h3s8.fra.idrivee2-10.com, DNS:*.h4d3.fra.idrivee2-10.com, DNS:*.h6k4.fra.idrivee2-10.com, DNS:*.h8l2.fra.idrivee2-10.com, DNS:*.i1l1.fra.idrivee2-10.com, DNS:*.i6o1.fra.idrivee2-10.com, DNS:*.i6s7.fra.idrivee2-10.com, DNS:*.i6t7.fra.idrivee2-10.com, DNS:*.j5n7.fra.idrivee2-10.com, DNS:*.k2b5.fra.idrivee2-10.com, DNS:*.k2u3.fra.idrivee2-10.com, DNS:*.k7o1.fra.idrivee2-10.com, DNS:*.l0w7.fra.idrivee2-10.com, DNS:*.l2o0.fra.idrivee2-10.com, DNS:*.m0h4.fra.idrivee2-10.com, DNS:*.n1l8.fra.idrivee2-10.com, DNS:*.n2v3.fra.idrivee2-10.com, DNS:*.q4t0.fra.idrivee2-10.com, DNS:*.r2b6.fra.idrivee2-10.com, DNS:*.s4r4.fra.idrivee2-10.com, DNS:*.s7j4.fra.idrivee2-10.com, DNS:*.u2a1.fra.idrivee2-10.com, DNS:*.u3p7.fra.idrivee2-10.com, DNS:*.v1d2.fra.idrivee2-10.com, DNS:*.v6g3.fra.idrivee2-10.com, DNS:*.w5l1.fra.idrivee2-10.com, DNS:*.w6v5.fra.idrivee2-10.com",
Jan 06 19:18:09"code": "ERR_TLS_CERT_ALTNAME_INVALID",
Jan 06 19:18:09"$metadata": {
Jan 06 19:18:09"attempts": 1,
Jan 06 19:18:09"totalRetryDelay": 0

Normally I try to change server info but I am beyond caring right now. Just aggravated that I've never gotten this to work.

A few questions: Does anyone know if CORS is the issue, and how I change it (on my Cloudron? On the iDrive 2e bucket?)

What cert is being referred to here??? Is it on my Cloudron, or connected to iDrive somehow? At one point I managed to make a CNAME for a domain I used for a bucket, but I don't remember the process (it was for easypanel) or even if it worked. But do I need to make a CNAME record for my Peertube Cloudron app domain?? But even if I do that, it seems that it is the iDrive e2 bucket address which is the problem.

Are the '' essential? Some tutorials put every option in '', and others don't use them at all. Since the move started, reading the details in the production.json, and I don't have any '', it suggests it isn't essential. To use an example, which is correct:

object_storage:
  enabled: true
  protocol: https
  endpoint: share.b1n5.fra.idrivee2-10.com

object_storage:
  enabled: 'true'
  protocol: 'https'
  endpoint: 'share.b1n5.fra.idrivee2-10.com'

At another point in time I had added something like 'use_path_style: true' but since the uploaded video wasn't moving it didn't seem to matter, so I deleted that line. Is it necessary?

Another question - does the bucket need to be private or public?

**To save everyone time, if you have a working, functioning object storage set up using iDrive e2 which works perhaps ONLY you can share the options in your local.production file and other pertinent iDrive e2 details. Otherwise, as I've seen in other object storage-related posts, we will all run ourselves ragged in circles. For every object storage service there seems to be an almost infinite number of "solutions" that work here and there but not consistently.

If NO ONE has a working iDrive e2 object storage working with Peertube, do say so and I will just delete this app and stop wasting time and life trying to get it to work!

Oh yes, happy new year!

scooke

Nevermind everyone. I've been working on updating the CNAME records, and keep getting conflicting responses. I'm just deleting it.

IF you happen to have Peertube installed WITH a functioning object storage option that IS NOT AWS S3 (I already have non-AWS S3 options available and don't want to pay again), do please share the details - domain (feel free to use example.com), iDrive/Minio/Scaleway details, production.yaml settings, etc. I may try reinstalling. If you DO NOT have it working, but want to post suggestions... do not post! Like I said, there are just so many frustrating variables that it really isn't worth anyone's time. Post only if you actually, truly, really, have it working, and can share your setup!!

Thanks!

jdaviescoates

@scooke said in Trying again with Peertube and iDrive e2, something to do with CORS and hostname/IP not matching:

IF you happen to have Peertube installed WITH a functioning object storage option that IS NOT S3

I thought basically all object storage services were S3 compatible, is that not the case?

I've had it working with Scaleway Object Storage buckets for some time now, but as I understand it the latest update may have broken it, but I've not yet investigated...

scooke

@jdaviescoates Good catch, I meant AWS S3 as that seems to be the standard and most tuts use that, and most S3-compatible also use similar phrasing for their options, but as the number of posts eve just here on this forum say, non AWS S3 is a crapshoot.