Can't connect to my node via Sakia

I’m trying to connect to my Duniter node via Sakia.

I have Duniter running on a Raspberry Pi 2 that’s running Yunohost.

admin@Xroklaus:~ $ sudo duniter status
Duniter is running using PID 1823.

I start Sakia on my home computer.

[folatt@Home sakia]$ sakia --currency=Guilder-Test

But run into this error:

Error connecting to the network : Error : No peer answered in  community (0 peers available)

root_servers.yml

Guilder-Test:
  display: European Basic Guilder Test 
  nodes:
    4pDRn4BZqedUXQq2bvnrrJJeBhisZQjs9uq9BTMDQnaq:
    - "BMAS folatt-duniter.nohost.me 443"

conf.json

{
 "currency": "Guilder-Test",
 "endpoints": [
  "BMAS duniter-folatt.nohost.me 443"
 ],
 "rmEndpoints": [],
 "upInterval": 3600000,
 "c": "0.000054218",
 "dt": "86400",
 "dtReeval": 2629800,
 "ud0": "100",
 "stepMax": 3,
 "sigPeriod": "0",
 "sigValidity": 31536000,
 "msValidity": 31536000,
 "sigQty": "3",
 "xpercent": 0.9,
 "percentRot": 0.6666666666666666,
 "powDelay": "1200",
 "avgGenTime": 960,
 "dtDiffEval": 10,
 "medianTimeBlocks": 20,
 "httplogs": false,
 "udid2": false,
 "timeout": 3000,
 "isolate": false,
 "forksize": 100,
 "switchOnHeadAdvance": 3,
 "sync": {},
 "port": 10901,
 "msPeriod": 604800,
 "loglevel": "info",
 "cpu": 0.6,
 "ipv4": "192.168.178.10",
 "remotehost": "duniter-folatt.nohost.me",
 "remoteport": "443",
 "upnp": false,
 "dos": {
  "whitelist": [
   "127.0.0.1"
  ],
  "maxcount": 50,
  "burst": 20,
  "limit": 40,
  "maxexpiry": 10,
  "checkinterval": 1,
  "trustProxy": true,
  "includeUserAgent": true,
  "errormessage": "Error",
  "testmode": false,
  "silent": false,
  "silentStart": false,
  "responseStatus": 429
 },
 "sigStock": "300000",
 "sigWindow": 604800,
 "idtyWindow": 604800,
 "msWindow": 604800,
 "rootoffset": 0,
 "remoteipv6": "2001:983:8610:1:15e7:898b:aac8:6eff",
 "ipv6": "2001:983:8610:1:15e7:898b:aac8:6eff",
 "remoteipv4": "83.163.103.119"
}

[Update]

Changed BMAS to BMA_ENDPOINT_API. This returns the same error.
Also BASIC_MERKLED_API returns the same error.

[Update #2]
Changed back to BMAS and changed port 10901 to 443 on endpoint and sakia.
I still recieve the same error.

[Update #2]
Changed remote port 10901 to 443.
I still recieve the same error.

BMAS is for nodes in https. You should use BMA_ENDPOINT_API if you node is not behind a reverse proxy.

Why are nodes using the https protocol?

For web clients hosted in https.

Web clients? I thought nodes were servers.

Cesium is a web client.

I see. Is it necessary to run Cesium as well on a Duniter node?

No, but Cesium connects to Duniter nodes. And modern web standards forbids https pages to send request to http pages.

But why connect to a Cesium app if it’s a client? Or is it a server as well?

It’s a “client” because it doesn’t participate in the network to share blocks and transactions like “servers”. So it’s a “Duniter client”, but it’s a “web server”. I find the terminology a bit confusing in this case too.

I’m trying to wrap my head around how Sakia, a client desktop app can connect to a client web server app + Duniter client and still be able to make a new account on it. At least that’s what I assume Sakia’s capabilities are.

I would have assumed that one has to connect to a Duniter server in order to be part of the network, in which the network of Duniter servers takes care of all of the Duniter accounts.

  • Cesium connects to Duniter nodes
  • Sakia connects to Duniter nodes
  • Cesium, when accessed through a browser in a https page, can only connect to https Duniter nodes.

And yet root_servers.yml is full of connections via port 443 and even port 80.
What’s up with that?

g1:
  display: ğ1
  nodes:
    4aCqwikTaTPBRQLGiLHohuoJLPmLephy9eDtgCWLMwBk:
    - "BMAS g1.duniter.org 443"
    - "BASIC_MERKLED_API g1.duniter.org 10901"
    38MEAZN68Pz1DTvT3tqgxx4yQP6snJCQhPqEFxbDk4aE:
    - "BMAS g1.duniter.fr 443"
    - "BASIC_MERKLED_API g1.duniter.fr 10901"
    D9D2zaJoWYWveii1JRYLVK3J4Z7ZH3QczoKrnQeiM6mx:
    - "BASIC_MERKLED_API g1-monit.elois.org 10901"
    5cnvo5bmR8QbtyNVnkDXWq6n5My6oNLd1o6auJApGCsv:
    - "BASIC_MERKLED_API g1.duniter.inso.ovh 80"
    - "BMAS g1.duniter.inso.ovh 443"
g1-test:
  display: ğ1-test
  nodes:
    4aCqwikTaTPBRQLGiLHohuoJLPmLephy9eDtgCWLMwBk:
    - "BMAS g1-test.duniter.org 443"
    2RbXrLkmtgWMcis8NWhPvM7BAGT4xLK5mFRkHiYi2Vc7:
    - "BASIC_MERKLED_API gtest.duniter.inso.ovh 80"
    3dnbnYY9i2bHMQUGyFp5GVvJ2wBkVpus31cDJA5cfRpj:
    - "BASIC_MERKLED_API g1-test.cgeek.fr 80"

Yes, these nodes are hosted behind a reverse proxy, on port 80 and 443. This is the case of yunohost nodes for example.

Since I’m running a yunohost node and it’s webUI is working behind a reverse proxy on port 443, I take it that I need to change some values to port 443 as well.

I assume that remoteport should still be port 10901 no?

No, remote port is the remote one… So the port of the system which is in front of your node. It is the reverse proxy in your case, but it could be a NATed router too, for example.

Local port is the one local to your node. So, 10901.

Okay so I have this:

Server side

endpoint: "BMAS duniter-folatt.nohost.me 443"
remoteipv4: "83.163.103.119"
remoteport: 443
ipv4: "192.168.178.10"
port: 10901

Client side

node: - "BMAS folatt-duniter.nohost.me 443"

Am I missing something? Because I’m still unable to connect.

Can you contact it from your browser on the same computer?

Thank you Inso.

That answer is no.
My personal Yunohost computer has port 443 open for WebDAV. For my duniter computer I have port 44344 assigned externally to point to port 443.

And now port 44344 is not working either for some reason. I used to be able to visit webui with it.

The connection is being seen as too insecure.

The owner of duniter-folatt.nohost.me has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate.

I suppose I should set the endpoint ports to 44344 and leave the remoteport be? Or change the remoteport as well?

The webui is accessed through the 443 port, https.

If you change Duniter endpoint from 443 to 44344, the webui requests the node without going through the reverse proxy. So, it is using directly the http connexion of Duniter. And as I said earlier, it is forbidden by browser for a https page to send request to an http URI.

EDIT : Ah the error is about HSTS. It seems that you accessed your webui using https once. So Firefox refuse to access it in http now.