Synology station: Rss updates fail when the rss feed is an httpS

Describe the problem you’re having:

…

If possible include steps to reproduce the problem:

…

tt-rss version (including git commit id):
Tiny Tiny RSS v15.7
…

Platform (i.e. Linux distro, PHP, PostgreSQL, etc) versions:
Synology DS411J
DSM 6.1.4-15217 Update 5
Php5.6
Apache 2.2
MariaDb5

For PHP5.6, GD, Curl, SSH2 and some more parameters are enabled.
…

Please provide any additional information below:
I hope you can help me. I have installed the latest version of TTRSS and got it working (after introduction of DSM 6, you have to move certain fies manually) and automatic updates apparently only work with a crontab job), even the auto updates (script that is kicked off every 15 minutes: Php56 /volume1/web/tt-rss/update.php --feeds)

Now, if I add an rss-feed with no SSL(http), everything works fine. Automatic updates are coming in.
But when I add an rss-feed with SSL (httpS), the adding itself works fine, even when I click on the feed in TTRSS the rss feed is coming in nicely. However, the automatic updates through the script are not working.
TTrss reports that some feeds has errors:
file_get_contents(https://…com/rss): failed to open stream: No such file or directory

TTRSS reports system errors:
E_WARNING (2) include/functions.php:1042 fopen(lock/update.lock): failed to open stream: Permission denied [Last query: SELECT schema_version FROM ttrss_version]1. include/functions.php(1042): fopen(lock/update.lock, w)
2. update.php(137): make_lockfile(update.lock)

Is my problem related to certain permissions not set? Why is HTTP working while HTTPs isn’t? Should I make a lockfile and, if so, can I use VI for that?

I am far from an expert (maybe an advanced beginner) and I feel i am close of getting it all to work after days.

Can you please help me?

Sorry I hadn’t seen the first two headings:

Describe the problem you’re having:
Autoamtic updates are not working when SSL is used in rss feed

If possible include steps to reproduce the problem:
I don’t think this is applicable in this case

Hi imbean,

the warning may be due because the tt-rss process cannot write in the lock directory.
The user that executes the tt-rss process must be permitted to write in the lock dir.
You can check the owner with command like this:

gabboubuntu:~$ ls -alt /var/www/html/ttrss/
total 308
drwxrwxrwx 2 www-data www-data 4096 Jan 5 10:20 lock
drwxr-xr-x 8 www-data www-data 4096 Jan 4 18:49 classes
drwxr-xr-x 3 root root 4096 Jan 3 17:30 …
drwxr-xr-x 24 www-data www-data 4096 Jan 2 23:38 .
(omissis)

where
/var/www/html/ttrss/ => directory where tt-rss is installed.
www-data => is the user that executes the process.

Hope this can help.

g.

You have to execute the update command with the same owner.

g.

Hi Gabbo,

Thank you for the prompt reply! I am sure going to try directly after lunch (I am in The Netherlands).

I’ll try the ls command and see what that brings!

I am using ADMIN as user for the script and that is also the user for each subscribed feed. But I’ll start with changing users here and there and see if that works.

Thank you, I’ll post my findings here.

Okay, below the copy of the directory:

admin@Gercoext4:/$ ls -alt /volume1/web/tt-rss/
total 304
drwxrwxrwx 2 http root 4096 Jan 5 12:11 lock
drwxrwxrwx 2 http root 4096 Jan 5 03:00 feed-icons
drwxr-xr-x 21 root root 4096 Jan 4 23:45 .
-rw-r–r-- 1 root root 8048 Jan 4 23:45 config.php
-rw-r–r-- 1 root root 52 Jan 4 22:50 manualupdate.sh
-rw-r–r-- 1 root root 25 Jan 4 22:31 manualupdate.php
-rw-r–r-- 1 root root 367 Jan 4 22:26 test.php
drwxrwxrwx+ 6 root root 4096 Jan 4 14:28 …
-rw-r–r-- 1 root root 9229 Jan 4 10:55 sanity1.php
-rw-r–r-- 1 root root 7045 Jan 4 10:51 sanity.php
-rwxr-xr-x 1 root root 10946 Jan 4 10:34 update.php
-rwxr-xr-x 1 root root 10938 Jan 3 18:21 update1.php
-rw-r–r-- 1 root root 8040 Jan 3 18:21 confio1.php
drwxr-xr-x 2 root root 4096 Jan 3 2016 api
-rw-r–r-- 1 root root 1272 Jan 3 2016 atom-to-html.xsl
-rw-r–r-- 1 root root 3455 Jan 3 2016 backend.php
drwxrwxrwx 7 http root 4096 Jan 3 2016 cache
drwxr-xr-x 8 root root 4096 Jan 3 2016 classes
-rw-r–r-- 1 root root 8045 Jan 3 2016 config.php-dist
drwxr-xr-x 2 root root 4096 Jan 3 2016 css
-rw-r–r-- 1 root root 1622 Jan 3 2016 errors.php
-rw-r–r-- 1 root root 260 Jan 3 2016 .htaccess
drwxr-xr-x 2 root root 4096 Jan 3 2016 images
drwxr-xr-x 2 root root 4096 Jan 3 2016 include
-rw-r–r-- 1 root root 9871 Jan 3 2016 index.php
drwxr-xr-x 2 root root 4096 Jan 3 2016 install
drwxr-xr-x 2 root root 4096 Jan 3 2016 js
drwxr-xr-x 14 root root 4096 Jan 3 2016 lib
drwxr-xr-x 28 root root 4096 Jan 3 2016 locale
-rw-r–r-- 1 root root 68801 Jan 3 2016 messages.pot
-rw-r–r-- 1 root root 805 Jan 3 2016 opml.php
drwxr-xr-x 36 root root 4096 Jan 3 2016 plugins
drwxr-xr-x 2 root root 4096 Jan 3 2016 plugins.local
-rw-r–r-- 1 root root 4701 Jan 3 2016 prefs.php
-rw-r–r-- 1 root root 1474 Jan 3 2016 public.php
-rw-r–r-- 1 root root 960 Jan 3 2016 README.md
-rw-r–r-- 1 root root 10225 Jan 3 2016 register.php
drwxr-xr-x 3 root root 4096 Jan 3 2016 schema
drwxr-xr-x 2 root root 4096 Jan 3 2016 templates
drwxr-xr-x 2 root root 4096 Jan 3 2016 themes
drwxr-xr-x 2 root root 4096 Jan 3 2016 themes.local
-rwxr-xr-x 1 root root 6255 Jan 3 2016 update_daemon2.php
drwxr-xr-x 2 root root 4096 Jan 3 2016 utils

So ROOT is the user I need to use for running the script. It strikes me that HTTP ROOT is mentioned in the listing, but there is no HTTPS ROOT entry. Could that be the issue?
I changed the user for running the script:

The output of running this script is as follows:
[11:20:05] Lock: update.lock
[11:20:06] Scheduled 0 feeds to update…
[11:20:06] Sending digests, batch of max 15 users, headline limit = 1000
[11:20:06] All done.
[11:20:06] cache/simplepie: removed 0 files.
[11:20:06] cache/images: removed 0 files.
[11:20:06] cache/export: removed 0 files.
[11:20:06] cache/upload: removed 0 files.
[11:20:06] Removed 0 old lock files.
[11:20:06] Removing old error log entries…
[11:20:06] Feedbrowser updated, 3 feeds processed.
[11:20:06] Purged 0 orphaned posts.
[11:20:06] Removed 0 (feeds) 0 (cats) orphaned counter cache entries.
[11:20:06] Cleaned 0 cached tags.

The 3 feeds are the feeds that have no SSL (http). These are working fine.

I tried to SU ROOT but after entering the password (hoping I am using the right one) gives me ‘permission denied’.

ANything else I could trie, @gabbo?

Update: I managed to change to root user using ‘sudo su root’. I would expect a prompt with root$ but is says ash-4.3#.
I ran the manual update script. Same result though…

Did it work? I see https feeds are not included in the update.

You said:

so the feed is downloaded and parsed, right? The update is not working.

g.

Hi @gabbo

Yes, you’re right.
So, everything works as expected for http-rss-feeds (adding, clicking on feed in ttrss updates the feed and also the auto update script is working). With auto update script I mean the script kicked off by task scheduler of my Synology: PSP56 update.php --feeds.

However, for httpS rss feeds everything is working except for the auto update script: failed to open stream: No such file or directory. So yes, I think the parsing works fine but it looks that somewhere there’s an security issue.

Thanks for your help, @gabbo, I really appreciate that

guys whatever you’re doing please don’t run tt-rss as root

also wouldn’t it be easier to use docker? dsm supposedly supports it

Hi @fox,

Yup, that’s what it said alright. So, won’t do that a next time. Do you also mean not to run the scheduled task as root but as admin, in my case?

I have heard about Docker and would love to try it but I can’t seem to find it as as available package in the package center. I have understood that if it doesn’t show up in available packages, it won’t run on that Synology station. I have 4 Synology stations, one of them being quite new: DS1515. I can’t imagine that station is not fast enough or has not enough memory? I’ll dive into that too.

Would you have other suggestions maybe?

du you install it from git oder via a package manager?

did you see this folder? It’s owned by the user “http”. Can you do a ls -l /volume1/web/tt-rss/lock that we can be shure this user also owns the lock files in there.

You do not have to create the lock file. TT-RSS creates them and therefore the webserver user (http) has to have write access in this folder and all the files in there.

Those are very basic questions… are you sure you would identify yourself as

Sorry
If you type in just su you are asked for the root user password.
If you type in sudo su <whateverusername> you can change to this user, but your user has to have sudo rights and you have to type in your user password.
ash is a shell supposedly

You should schedule the update script with crontab as the http user. You can change to the http user via sudo su http --shell=/bin/sh

Like @fox said.

As far as I know from my experience some years ago you can use it just like every other linux system if you got shell access enabled (and you certainly have if you are able to do what you described). But every update of DSM can break whatever dependencies for your self compiled programs.

i have no idea how DSM admin user works but it probably be better to use a separate unprivileged user.

most importantly don’t run anything as root. you shouldn’t even be able too, it’s an instant fatal error.

oh, that sucks. i have an rs2416+ at work but it’s used as a file server. i didn’t even enable ssh.

as a file server it’s pretty good i’d give it that

e: well mine has docker package so at least some stations have them

@conrad784 Hi Conrad,

Thanks for all the feedback.

du you install it from git oder via a package manager?
I installed it via DSM package manager.

did you see this folder? It’s owned by the user “http”. Can you do a ls -l /volume1/web/tt-rss/lock that we can be shure this user also owns the lock files in there.
/volume1/web/tt-rss/lock:
total 4
-rw-r–r-- 1 root root 0 Jan 5 12:52 update_daemon.lock
-rw-r–r-- 1 http http 11 Jan 5 13:59 update_daemon.stamp
-rw-r–r-- 1 http http 0 Jan 5 14:05 update.lock

Did you see my remark that HTTP is working but HTTPS isn’t? It puzzles me that updates are working fine for HTTP feeds but not for HTTPS.

Those are very basic questions… are you sure you would identify yourself as advanced.
I did not say advanced but ‘advanced beginner’, meaning I am not completely new to Linux, that is all.

You should schedule the update script with crontab as the http user. You can change to the http user via sudo su http --shell=/bin/sh
Thanks, I’ll give that a shot.

It’s not SELinux by any chance…

Hi @fox,

I have found the Docker package and downloaded it but when I triied to manually install it, I got a message that it’s not suitable for this Sunology Station and won’t install…

can you install or enable php-curl instead of php internal fopen? which might be somehow limited for whatever reason.

apparently php can be gimped so remote fopen() doesn’t work with SSL - php - How to get file_get_contents() to work with HTTPS? - Stack Overflow

e: see the answer about php-openssl

This means your http user is not allowed to write to this file. Please remove this file as the root user.

First we have to check if your installation is broken then we think about why https isn’t working…

Maybe it’s easier for you just to use an installation provided by another user here on this forum, there are some threads about this.

Hi @conrad784,

I could indeed do a fresh installation. I once couldn’t enable Rsync and even Synology didn’t know how to fix it. I did a fresh installation of DSM and voila it worked…

I’ll remove the lock file.

You are no experienced user of any unix based system, please first read some stuff about Linux (or BSD) then do some more research what docker is and then you can think about how to install docker on SynologyDSM…
Docker is not “plug and play” like the SynologyDSM is made to be.

Then do an update as the http user.
If this still not works take the advice of @fox and install

(I don’t know exactly how you do this with SynologyDSM but Google it and you should be able to solve this )