3

I run a Debian 9 server (recently upgraded from Debian 8 where similar problems occurred). I have a task warrior instance up and running and it works internally, I am unable to sync to it externally however. I run a UFW firewall instance.

/var/taskd/config:

    confirmation=1
    extensions=/usr/local/libexec/taskd
    ip.log=on
    log=/var/taskd/taskd.log
    pid.file=/var/taskd/taskd.pid
    queue.size=10
    request.limit=1048576
    root=/var/taskd
    server=hub.home:53589
    trust=strict
    verbose=1
    client.cert=/var/taskd/client.cert.pem
    client.key=/var/taskd/client.key.pem
    server.cert=/var/taskd/server.cert.pem
    server.key=/var/taskd/server.key.pem
    server.crl=/var/taskd/server.crl.pem
    ca.cert=/var/taskd/ca.cert.pem

/etc/systemd/system/taskd.service

    [Unit]
    Description=Secure server providing multi-user, multi-client access to Taskwarrior data
    Requires=network.target
    After=network.target
    Documentation=http://taskwarrior.org/docs/#taskd

    [Service]
    ExecStart=/usr/local/bin/taskd server --data /var/taskd
    Type=simple
    User=<myusername>
    Group=<mygroupname>
    WorkingDirectory=/var/taskd
    PrivateTmp=true
    InaccessibleDirectories=/home /root /boot /opt /mnt /media
    ReadOnlyDirectories=/etc /usr

    [Install]
    WantedBy=multi-user.target

systemctl status taskd.service:

    ● taskd.service - Secure server providing multi-user, multi-client access to Taskwarrior data
       Loaded: loaded (/etc/systemd/system/taskd.service; enabled; vendor preset: enabled)
       Active: active (running) since Tue 2017-07-04 10:21:42 BST; 28min ago
         Docs: http://taskwarrior.org/docs/#taskd
     Main PID: 3964 (taskd)
        Tasks: 1 (limit: 4915)
       CGroup: /system.slice/taskd.service
               └─3964 /usr/local/bin/taskd server --data /var/taskd

sufo ufw status:

    Status: active

    To                         Action      From
    --                         ------      ----
    ...
    53589                      ALLOW       Anywhere
    53589 (v6)                 ALLOW       Anywhere (v6)
    ...

nmap localhost -p 53589 -Pn (from host)

    ...
    PORT      STATE  SERVICE
    53589/tcp closed unknown
    ...

nmap hub.home -p 53589 -Pn (from host)

    ...
    PORT      STATE  SERVICE
    53589/tcp open  unknown
    ...

nmap hub.home -p 53589 -Pn (from client)

    ...
    PORT      STATE  SERVICE
    53589/tcp closed  unknown
    ...

taskd server --debug --debug.tls=2

    s: INFO Client certificate will be verified.
    s: INFO IPv4: 127.0.1.1
    s: INFO Server listening.

The sync works internally but not externally. Many thanks

Slava Semushin
  • 13,753
  • 7
  • 47
  • 66
TheOrganist24
  • 89
  • 7
  • Did a work around; I changed the "taskd.server=192.168.1.87:53589" and then did "taskd.trust=allow" all in the client folders (commenting our the ca.cert.pem) and that worked, though it is insecure. Still looking for a solution. – TheOrganist24 Jul 04 '17 at 12:25

1 Answers1

2

I ran into the same issue. For me, ensuring /etc/hosts was set with the externally facing IP addresses and setting the server taskd config variable to the fqdn with port, then setting the family=IPv4 worked (it wouldn't work with IPv6 for me). The only thing I don't see is the family in your config...

Though in your config it looks like the INFO IPv4: 127.0.1.1 doesn't match the comment you made about taskd.server=192.*. That looks like a localhost loopback.

Maybe if you edit /etc/hosts with the fully qualified domain name & hostname and specify the IP address and IP family in the config it will give taskwarrior the info it needs to bind to the right external IP and port and permit the use of the self signed cert?

When I run with the debug server, I get:

taskd@(host):~$ taskd server --debug --debug.tls=2 s: INFO Client certificate will be verified. s: INFO IPv4: (my external IPv4 address) s: INFO Server listening.

Nelson
  • 461
  • 3
  • 5
  • This fixed it, I need to get networking a bit clearer in my head. Thank you so very much. – TheOrganist24 Jul 07 '17 at 15:09
  • What do you mean by 'ensuring /etc/hosts was set with the externally facing IP addresses'? – bp99 Apr 18 '18 at 17:20
  • If I remember correctly, you want the taskwarrior server to bind to same address that is serving your fully qualified domain name. The issue is that it is originally only responding to requests on localhost because TW can't figure out what IP address to bind to (and doesn't have a parameter I know to bind to all addresses). So you say in /etc/hosts that your own domain name is the statically assigned IP address, and when starting the service with debug it will say it is serving on that same static IP instead of localhost. – Nelson Apr 20 '18 at 12:50
  • The TW config param relevant here is server=hub.home:53589. TW can't figure out what hub.home is so it serves on localhost and only responds to localhost. If you say that hub.home is (some static IP address that you have configured on a host interface), then it will respond to requests on that IP. – Nelson Apr 20 '18 at 12:53