New Joplin Server just set up, getting getaddrinfo ENOTFOUND

Operating system

Windows

Joplin version

3.2.8

Desktop version info

Joplin 3.2.8 (prod, win32)

Client ID: 1ce9d0aa917e43d991489a615c4a70c8
Sync Version: 3
Profile Version: 47
Keychain Supported: Yes

Revision: d458648

Backup: 1.4.2
Freehand Drawing: 2.13.0

Sync target

Joplin Server

What issue do you have?

I've got a new Joplin Server set up on a Raspberry Pi in RaspOS, fully up to date. I run Joplin mainly on Windows 10. I can't get it to start syncing with the new Joplin Server set up. I was syncing with OneDrive up to now but found that unsatisfactory.

The instructions I followed were from here: https://www.xda-developers.com/install-joplin-serven-raspberry-pi-other-linux-servers/

In a browser, I can log in to https://pi3/joplin/home securely.

In Joplin itself, I put https://pi3/joplin in the Joplin Server URL box, and, for now, the default email and password (it's on a home LAN).

When I press the Check synchronisation configuration button, I get:
request to https://pi3/joplin/api/sessions failed, reason: getaddrinfo ENOTFOUND pi3 (Code ENOTFOUND)

Can you suggest what I can do to troubleshoot, please?

Thanks.

Screenshots

Hello @roygrubb ,

can you please post your nginx reverse-proxy configuration? I guess the problem could be there.
The api can not be found.

Thanks for the reply.

/etc/nginx/sites-enabled/joplin contains:

server {
    listen 443 ssl http2;
    server_name pi3;
    ssl_certificate /etc/ssl/certs/nginx.crt;
    ssl_certificate_key /etc/ssl/private/nginx.key;
    location /joplin/ {
        proxy_redirect off;
        proxy_pass http://127.0.0.1:22300;
        rewrite ^/joplin/(.*)$ /$1 break;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

which is just copied from the XDA article, with the only changes being adding indentation (after my problem with their docker-compose.yml shown with no indentation) and my server name.

Is anything else needed for the reverse-proxy?

Thanks

Hm. My config looks very simliar but I use a seperate subdomain. So I don't know if the rewrite rule is correct. But it is like in the XDA Article, so it should be the right.

I've a slight deviation. I don't know if this helps, but give it a try:
proxy_set_header Host $http_host;

Full config:

server {
    listen 443 ssl http2;
    server_name pi3;
    ssl_certificate /etc/ssl/certs/nginx.crt;
    ssl_certificate_key /etc/ssl/private/nginx.key;
    location /joplin/ {
        proxy_redirect off;
        proxy_pass http://127.0.0.1:22300;
        rewrite ^/joplin/(.*)$ /$1 break;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

It's fishing in the dark from my point. We need help from someone else here. :smiley:

Thanks.

I changed
proxy_set_header Host $host;
to
proxy_set_header Host $http_host;
but the error message is the same.

I've raised the question on that xda-developers page, but they don't seem to be replying to my first message.

getaddrinfo ENOTFOUND means client was not able to connect to given address or can't resolve the name.

First you can try with the IP address, pi3 is only a short name, no FQDN this could also be a problem for the resolver.

Thanks for help, much appreciated.

I replaced all references to pi3 with its IP address 192.168.0.103 and that was the reason for the ENOTFOUND error, so it moved me forward to the next issue:
request to https://192.168.0.103/joplin/api/sessions failed, reason: unable to verify the first certificate (Code UNABLE_TO_VERIFY_LEAF_SIGNATURE)

I'd already made /etc/ssl/certs/nginx.crt and /etc/ssl/private/nginx.key but apart from creating those, I followed

I made /etc/nginx/snippets/self-signed.conf

that mentioned /etc/nginx/dhparam.pem which did not exist, so I followed instructions to make that (about 3 hours on a Rpi 3).

I added this to /etc/nginx/nginx.conf
# added by roy
server {
listen 443 ssl;
listen [::]:443 ssl;
include snippets/self-signed.conf;
server_name 192.168.0.103;
}

That didn't work, so reverted it and tried adding it to /etc/nginx/sites-available/default though this is not a multi-site server.
That also didn't work, and I still have the UNABLE_TO_VERIFY_LEAF_SIGNATURE message.

I'm wondering whether to try Let's Encrypt's certbot, but don't know if that's only good for websites and not for locally run apps.

Any pointers, please?

The complete chain should always be used as the certificate, i.e. also all intermediate certificates needs to be included.
As this is a self sign certificate, the CA with which it was signed must be installed in windows and on all other devices, or Ignore TLS certificate errors must be activated in the advanced sync settings.

Personally, all my internal services also have valid certificates, e.g. from lets encrypt.

Turns out Let's Encrypt is only able to issue certificates for true top level domains registered with IANA, so I can't use LE.

Then, from Unable to get local issuer certificate: company firewall - #2 by mcmessina
I see 'resolve the errors by using the "Ignore TLS certificate errors" setting in the Synchronization -> Nextcloud -> Show Advanced Settings window which sets a global variable of sorts.'

Pressing 'Check synchronisation configuration' now shows 'Success! Synchronisation configuration appears to be correct' with Joplin Server as well, so I pressed Re-upload local data to sync target.

Then I see
Completed: 17/01/2025 20:19 (30s)
Last error: Error: Error 413 Payload Too Large: 413 Request Entity Too Large

413 Request Entity Too Large


nginx/1.22.1

So I inserted client_max_body_size 40M; into nginx.conf, pressed Re-upload local data to sync target again, and now it's creating remote items.

Fingers crossed and thanks for all the help.

I've now got Joplin Server on a Pi 3 fully synced with all notes in Joplin Desktop.

As advised by @JackGruber, I got this working using Ignore TLS certificate errors.

Now I've moved on to set an iPad to sync with the Pi3 and found that there's no Ignore TLS certificate errors possibility with the iOS version of Joplin.

In iPad, I installed a self-signed nginx.crt with a Common Name of 192.168.0.103, rebooted server and restarted iPad. I set the credentials to be the same as in Joplin desktop. When I press Check synchronisation configuration, it responds Network request failed.

Looking in the log, it seems to go wrong at
JoplinServerApi: Code <undefined>
JoplinServerApi: TypeError: Network request failed

I can't use Let's Encrypt on a server on a LAN, so I used the IP address as the Common Name in a self-signed certificate.

Is there no way past this? I only want the Joplin data accessible from Windows, iPad and iPhone when I'm within WiFi range of the LAN.

Thanks for past help.