Off-and-on trying out an account over at @tal@oleo.cafe due to scraping bots bogging down lemmy.today to the point of near-unusability.

  • 1 Post
  • 182 Comments
Joined 2 years ago
Cake day: October 4th, 2023
  • tal@lemmy.todaytoSelfhosted@lemmy.worldLemmy 0.19.4 HTTP server not binding to port - federation broken ?English
    1·
    3 months ago

    I found that while the lemmy_server process starts successfully and shows “Starting HTTP server at 0.0.0.0:8536” in logs, nothing is actually listening on port 8536.

    Does:

    # netstat -ntap|grep 8536

    …show anything bound to the port?

    I’m not sure how you determined that it’s not binding to the port, but that’s how I’d check.

    There isn’t much that should stop a process from listening on a port over 1024 unless another process is already listening on it.

  • tal@lemmy.todaytoSelfhosted@lemmy.worldFrustratingly bad at self hosting. Can someone help me access LLMs on my rig from my phoneEnglish
    1·
    3 months ago

    -the opening the port process makes sense. It seems like if I have a backend on my rig, I’m going to need to open a port to access that backend from a front end of a phone device.

    Yes. Or even if you run a Web-accessible front-end on the LLM PC — the Web browser on the phone needs to reach the Web frontend on the PC.

    Or possibly even access that same backend on the phone device via a mirror?

    Well, the term wouldn’t be a mirror. In your shoes, it’s not what I would do, because introducing some third host not on your network to the equation is another thing to break. But, okay, hypothetically, I guess that doing that would be an option. thinks. There might be some service out there that permits two devices to connect to each other, though I’m not personally aware of one. And, say you got a virtual private server for $10 a month or whatever the going rate is, yeah, that could be set up to do this – you could use it as an intermediate host, do SSH tunneling from both the PC and the phone of the sort that another user in this thread mentioned. I guess that that’d let you reach the PC from other places, if that’s something that you want to do, though it’s not the only way to accomplish that. But…I think that that’s most-likely going to add more complexity. The only scenario where that would truly be necessary is if the wireless access point — which I assume your ISP has provided — absolutely does not permit the LLM PC and the phone to communicate at all on the WiFi network, which I think is very unlikely, and even then, I’d probably just get a second wireless access point in that scenario, put the PC and the phone on it.

    In general, I don’t think that trying to connect the two machines on your home network via a machine out on the Internet somewhere is a great idea. More moving parts, more things to break, and if you lose Internet connectivity, you lose the ability to have them talk to each other.

    -it seems like it would be easier if I could connect to the rig via an android phone instead of an iPhone. My end goal is to use Linux but I’m not ready for that step. Seems like android would be an adequate stepping stone to move to, especially if we have to go thru all this trouble with iPhone. Shall we try on the android instead? If not I’ll follow the directions you put above and report back on Saturday.

    If you have an Android phone available, that would probably be easier from my standpoint, because I can replicate the environment; I have an Android phone available here. But it’s not really the phone where setup is the issue. Like, it’s going to be the LLM PC and potentially wireless access point that require any configuration changes to make ollama reachable from the phone; the phone doesn’t need anything other than Reins installed and having an endpoint set or just using a Web browser and using the correct URL there. I’m just mostly-interested in that the phone has to be able to talk to the PC, has to be able to open a TCP connection to the PC, and so having diagnostic tools on a phone is helpful. I don’t have to guess how the diagnostic tools work in Termux on an Android, because I can use them myself locally.

    I wouldn’t suggest going out and buying an Android phone to do just that, though. I mean…this is a one-off diagnostic task, just trying to understand why the phone isn’t able to reach the LLM PC. If you can open a connection from the Android phone to the LLM PC, then you should also be able to open a connection from the iOS phone to the LLM PC. If you do have one already available, though, then yeah, my preference would be if you could install Termux on it for the diagnostic tools rather than install iSH on the iOS device. It should still be possible to get the LLM PC reachable on the iOS device either way.

    I don’t mind trying to diagnose connectivity on the iOS device. Just keep in mind that I may have to guess a bit as to what the behavior is, because I can’t actually try the device here, so we may potentially have a few extra rounds of back-and-forth.

    If you do want to use an Android phone, then just put the phone on the WiFi network, install Termux, open Termux, run the apk command to install telnet (apk install telnet) and then try the telnet command I mentioned and just report back what error, if anything, you get when trying to open a connection to the LLM PC — hopefully it’ll be one of the above three outcomes.

  • tal@lemmy.todaytoSelfhosted@lemmy.worldFrustratingly bad at self hosting. Can someone help me access LLMs on my rig from my phoneEnglish
    1·
    3 months ago

    I choose Ollama because it was supposed to be one of the easier loca AIs to set up.

    Well, the ollama bit is up, which is why you can use it on the PC. The problem is network connectivity between the Windows PC and the phone.

    Opening a port between two things on the local network is going to be pretty much the same for anything. Some software packages — I dunno about LLM chat stuff — make use of a third, outside system as a point to coordinate, so that software only has to open outbound TCP connections to the Internet. But for local communication, it’s gonna look pretty similar. If you put koboldcpp or llama.cpp or whatever on your machine, you need the same connectivity, though it might default to using a different port number.

    I’m happy to keep banging away if you’re also willing, though. I mean, this does kinda narrow it down. If you don’t want to do so though, remove that firewall rule that we added earlier from the Windows PC. If you do:

    considers

    The next step is seeing where the break in connectivity is.

    I’m not familiar with iOS, but let me see if there’s a software package for it that will let it open a TCP connection and preferably ping (and ideally show the ARP cache to see whether Ethernet packets are getting from the phone to the Windows machine at all, though that may not be viable).

    Basically, would be nice to see whether packets can currently get from the phone to the PC and back.

    kagis

    Looks like Windows Firewall blocks ICMP by default, which is traditionally used by ping, the simple protocol to see if one host can reach another on the network. Mmmmf.

    And it sounds like ARP isn’t available on a non-jailbroken iPhone, which would be the simplest way to see whether a packet is making it from the iPhone to the PC. I was worried would be the case.

    Hmm. This is a little less convenient in that I don’t have tools that I normally would when trying to troubleshoot network problems on a Linux system.

    thinks

    I guess the simplest thing available, cuts things down as far as possible in terms of connectivity between the two that should be able to reach from the iPhone to the PC should be a TCP connection.

    I don’t know the iOS software library well, but lemme search for a telnet client. I’m sure that it’ll have one; every platform does.

    searches

    Oh, this is even better. It looks like there’s some iOS app, “iSH”, with a tiny Alpine Linux environment for iOS, kinda like Termux on Android. That’ll have telnet and probably other network diagnostic tools, and those I am familiar with, so I don’t have to guess from screenshots how things work. You should be able to try to open a TCP connection from the phone to the PC with the Linux telnet client in that.

    goes looking around

    Okay. If you’re willing to give this a shot, it sounds like the way this works is:

    https://apps.apple.com/us/app/ish-shell/id1436902243

    Install that from the iOS store.

    When opened, it should show a Linux terminal. If it works like Termux, it’ll have basically nothing from Alpine Linux installed, no telnet client, just a few simple commands. You’ll be looking at a prompt that probably looks something like iPhone:~#.

    Then if you run (don’t type the pound sign — it’s just a convention to include it, to show that it’s something to type at a prompt):

    # apk install telnet

    That should install the Linux telnet client inside the iSH app using the Alpine Linux package manager.

    Then to try to open a TCP connection from the phone to the Windows PC, you want the private IP of the Windows PC, the thing you see in ipconfig (which I’ll type as 10.1.1.2 here, but replace with yours):

    # telnet 10.1.1.2 11434

    That’ll try to open a TCP connection from the phone to port 11434 on the PC.

    Now, what would happen if everything were working correctly, is that the phone would send an ARP request saying “what is the MAC address — the Ethernet address — of the machine with IP address 10.1.1.2 on the local network?” The wireless access point would hand this to the PC. The PC would respond. The phone would then send a series of packets to that IP address to open a TCP connection on port 11434.

    My guess is that you’ll see one of several things at this point.

    First, it might be that the wireless access point is refusing to let packets from the phone reach the PC at all — they only let the phone talk to the Internet, not to the PC. Some wireless access points can be configured to do this or have a “guest” wireless network that impose this constraint. Then the phone won’t get an ARP response, since the PC will never see the ARP query. That’ll look like this (using a network I’m on at the moment to demonstrate):

    $ telnet 192.168.1.35
Trying 192.168.1.35...
telnet: Unable to connect to remote host: No route to host
$

    Second, it might fail because I dicked up in some way and Windows Firewall is still blocking the phone from connecting to the PC. The ARP request is going out, the response comes back from the PC, the phone tries to open a TCP connection to the IP address on the host with the specified MAC address, and never gets a response. If that’s the case, it’ll probably look like this:

    $ telnet 192.168.1.126 7500
Trying 192.168.1.126...
telnet: Unable to connect to remote host: Connection timed out
$

    If that’s what you get, the problem is likely the Windows Firewall configuration (well or theoretically the wireless access point could be configured to do that, but I doubt it).

    Third, it might succeed. That’ll look like this:

    $ telnet 192.168.1.126 6000
Trying 192.168.1.126...
Connected to 192.168.1.126.
Escape character is '^]'.

    If you see that, you can open a TCP connection from the phone to the PC, and whatever issue you’re hitting with Reins isn’t a network problem. Maybe I gave the endpoint syntax wrong, for example. But the issue will be at the application level, not the network level.

  • tal@lemmy.todaytoSelfhosted@lemmy.worldFrustratingly bad at self hosting. Can someone help me access LLMs on my rig from my phoneEnglish
    1·
    3 months ago

    There are 3 lines with the :11434 in them. No brackets or anything like that. -1 has 0.0.0.0 in front -2 has 10.#.#.# in front and has a foreign address that is something other than 0.0.0 -3 is like the 2nd but a slightly different foreign address

    Okay, that…should be okay. As long as all of the addresses that it’s listening on are IPv4 — of the format “x.x.x.x”. No colons in them (other than the colon preceeding “11434”). Not IPv6.

    The subnet mask is 255.255.255.0

    Okay, gotcha. In that case, go ahead with the instructions above, just instead of “/8”, do “/24”. So:

    For “local IP addresses”, you want “These IP Addresses”, and enter 10.0.0.0/24. That’ll be every IPv4 address on your Windows LLM that has “10” as its first number and the first following two numbers the same as yours.

    For “remote IP addresses”, you want “These IP Addresses”, and enter 10.0.0.0/24. Same thing all addresses that start with a “10.” followed by the same following two numbers, which should include your iOS device.

    Oh yes. I’m on windows 10 as well.

    Okay. I think that the interface to add the firewall rule there looks the same as the one I Iinked to above. I went searching for screenshots of adding a hole for a port on Windows 10, and the control panel looks identical to me.

    So, yeah, should be good to go ahead with the above instructions, just using “/24” instead of “/8” in the two places where I mention “/8”. Hopefully after that it’ll be working; if not, then we’ll need to troubleshoot.

  • tal@lemmy.todaytoSelfhosted@lemmy.worldFrustratingly bad at self hosting. Can someone help me access LLMs on my rig from my phoneEnglish
    1·
    4 months ago

    -A backend is where all the weird c++ language stuff happens to generate a response from an AI. -a front end is a pretty app or webpage that takes that response and make it more digestible to the user.

    Yes.

    -agreed. I’ve seen in other posts that exposing a port on windows defender firewall is the easiest (and safest?) way to go for specifically what I’m looking for. I don’t think I need to forward a port as that would be for more remote access.

    Yes. I’d like to confirm that that is not happening, in fact.

    The ipv6 was identical to one of the ones I have.

    Hmm. Okay, thanks for mentioning the IPv6 thing. It is possible to have ollama reachable from the Internet via IPv6, if it’s forwarded. I should have thought of that too and mentioned that. Shouldn’t need to open an IPv6 hole in the Windows Firewall, but would rather not rely on the Windows Firewall at all.

    It shouldn’t be an issue if ollama is only listening on an IPv4 address. You only see the “0.0.0.0:11434” line, right? No other lines, probably with brackets in the address, that have a “:11434”, right? That could be an IPv6 address.

    goes to look for an example of Windows netstat output showing a listening IPv6 socket

    Here:

    https://www.configserverfirewall.com/windows-10/netstat-command-to-check-open-ports-in-windows/

    Can you just make sure that there’s nothing like 0:[::]:11434 in there? That’d be what you’d see if it were listening for IPv6 connections.

    Sorry, just don’t know oollama’s behavior off the top of my head and want to be sure on this before moving ahead, don’t want to create any security issues.

    The ipv4 was not identical. (But I don’t think that matters moving forward.)

    Yeah, that’s expected and good. The one from the website is your public IP address, anf the one from ipconfig your private one, that you’ll use to talk to the machine wirh your phone.

    I had to go into the settings in the ollama backend app to enable “expose Ollama to the network”.

    Great, yeah, that was the right move.

    Okay, then just want to sanity check that your iOS device is in the same address range on your WiFi network, that the 10.x.x.x address on your LLM PC isn’t from a VPN or something (since it’s a little unusual to use a 10.x.x.x address on a home broadband router, and I want to make sure that that’s where the address is from). Go ahead and put the iOS device on your WiFi network if you have not already.

    This describes how to check the IP address on an iOS device.

    https://servicehub.ucdavis.edu/servicehub?id=ucd_kb_article&sys_id=063498196f082100bc4f8a20af3ee45d&spa=1

    You should also be seeing a 10.x.x.x address there. If you don’t, then let’s stop and sort that out.

    If that’s a 10.x.x.x address as well, then should be good to go.

    Oh, one last thing. In the ipconfig output, can you make sure that the “Subnet Mask” reads “255.0.0.0”? If it’s something different, can you provide that? It’ll affect the “/8” thst I’m listing below.

    Okay, if you’ve got that set up and there are no other “:11434” lines and the Subnet Mask is “255.0.0.0”, the next is to poke a hole in Windows Firewall on IPv4 TCP port 11434.

    kagis for screenshots of someone doing this on Windows 11

    https://windowsreport.com/windows-firewall-allow-ip-range/

    I’m assuming that this is Windows 11 on your PC, should have asked.

    You’re going to want a new inbound rule, Protocol TCP, Port 11434.

    For “local IP addresses”, you want “These IP Addresses”, and enter 10.0.0.0/8. That’ll be every IPv4 address on your Windows LLM that has “10” as its first number — you said that you had a “10.” from ipconfig.

    For “remote IP addresses”, you want “These IP Addresses”, and enter 10.0.0.0/8. Same thing all addresses that start with a “10.”, which should include your iOS device.

    And you want to select “Allow this connection”.

    Okay. Now you should have a hole in Windows Firewall. Just to confirm that port 11434 isn’t reachable from the Internet, I’m gonna use one of the port-open-testing services online. My first hit is for one that only does IPv4 and another that only does IPv6, but I guess doing two sites is okay. Can you go to this site (or another, if you know of a site that does port testing that you prefer)

    https://www.yougetsignal.com/tools/open-ports/

    Plug in your public IPv4 address there (not the private one from ipconfig, the one from that website thst I listed earlier) and port 11434. It should say “closed” or “blocked” or something that isn’t “open”. If it’s “open”, go back and pull that firewall rule out, because your router is forwarding incoming IPv4 connections to your LLM PC in some way that’s getting to ollama, and we gotta work out how to stop that.

    https://port.tools/port-checker-ipv6/

    Here’s an IPv6 port tester. Plug in your IPv6 address there (which you said was the same from both the website and ipconfig) and port 11434. It should also say “closed” or “blocked” or similar. If it says “open” — I very much doubt this — then go back and pull out the firewall rule.

    If both say “closed”, then go ahead and install Reins.

    Based on this:

    https://www.reddit.com/r/ollama/comments/1ijdp1e/reins/

    It’ll let you input an “endpoint”.

    Plug in the private IPv4 address from your LLM PC, what was in ipconfig, in the form of an http URL on the ollama port, like “http://10.something.something.something:11434/” and you should, hopefully, be able to chat.

    If all this is working and you’ve given your Windows PC a name, you might want to go back to that endpoint setting and replace the IP address there with the name of your LLM PC. I don’t know for sure what the mDNS situation is on iOS or Windows, but if that works, that way, if your Windows PC loses its DCHP lease and gets a new IP address at some point from your broadband router, it won’t break connectivity for Reins as Reins tries to use the old IP address.

  • tal@lemmy.todaytoSelfhosted@lemmy.worldFrustratingly bad at self hosting. Can someone help me access LLMs on my rig from my phoneEnglish
    1·
    4 months ago

    Backend/ front end. I see those a lot but I never got an explanation for it. In my case, the backend would be Ollama on my rig, and the front end would be me using it on my phone, whether that’s with and app or web ui. Is that correct?

    For Web-based LLM setups, it’s not common to have two different software packages. One loads the LLM into video memory and executes queries on the hardware. That’s the backend. It doesn’t need to have a user interface at all. Ollama or llama.cpp (though I know that llama.cpp also has a minimal frontend) are examples of this.

    Then there’s a frontend component. It runs a small Web server that displays a webpage that a Web browser can access, provides some helpful features, and can talk to various backends (e.g. ollama or llama.cpp or some of the cloud-based LLM services). Something like SillyTavern would be an example of this.

    Normally the terms are used in the context of Web-based stuff; it’s common for Web services, even outside of LLM stuff, to have a “front end” and a “back end” and to have different people working on those different aspects. If Reins is a native iOS app, I guess it could technically be called a frontend.

    But, okay, it sounds like probably the most-reasonable thing to do, if you like the idea of using Reins, is to run Ollama on the Windows machine, expose ollama’s port to the network, and then install Reins on iOS.

    So, yeah, probably need to open a port on Windows Firewall (or Windows Defender…not sure what the correct terminology is these days, long out of date on Windows). It sounds like having said firewall active has been the default on Windows for some years. I’m pretty out-of-date on Windows, but I should be able to stumble through this.

    While it’s very likely that you aren’t directly exposing your computer to the Internet — that is, nobody from the outside world can connect to an open port on your desktop — it is possible to configure consumer routers to do that. Might be called “putting a machine in the DMZ”, forwarding a port, or forwarding a range of ports. I don’t want to have you open a port on your home computer and have it inadvertently exposed to the Internet as a whole. I’d like to make sure that there’s no port forwarding to your Windows machine from the Internet.

    Okay, first step. You probably have a public IP address. I don’t need or want to know that — that’d give some indication to your location. If you go somewhere like https://whatismyipaddress.com/ in a web browser from your computer, then it will show that – don’t post that here.

    That IP address is most-likely handed by your ISP to your consumer broadband router.

    There will then be a set of “private” IP addresses that your consumer broadband router hands out to all the devices on your WiFi network, like your Windows machine and your phone. These will very probably be 192.168.something.something, though they could also be 172.something.something.something or 10.something.something.something. It’s okay to mention those in comments here — they won’t expose any meaningful information about where you are or your setup. This may be old hat to you, or new, but I’m going to mention it in case you’re not familiar with it; I don’t know what your level of familiarity is.

    What you’re going to want is your “private” IP address from the Windows machine. On your Windows machine, if you hit Windows Key-R and then enter “cmd” into the resulting dialog, you should get a command-line prompt. If you type “ipconfig” there, it should have a line listing your private IPv4 address. Probably be something like that “192.168.something.something”. You’re going to want to grab that address. It may also be possible to use the name of your Windows machine to reach it from your phone, if you’ve named it — there’s a network protocol, mDNS, that may let you do that — but I don’t know whether it’s active out-of-box on Windows or not, and would rather confirm that the thing is working via IP before adding more twists to this.

    Go ahead and fire up ollama, if you need to start it — I don’t know if, on Windows, it’s installed as a Windows service (once installed, always runs) or as a regular application that you need to launch, but it sounds like you’re already familiar with that bit, so I’ll let you handle that.

    Back in the console window that you opened, go ahead and run netstat -a -b -n.

    Will look kinda like this:

    https://i.sstatic.net/mJali.jpg

    That should list all of the programs listening on any ports on the computer. If ollama is up and running on that Windows machine and doing so on the port that I believe it is, then you should have a line that looks like:

    TCP     0.0.0.0:11434    0.0.0.0:0    LISTENING

    “11434” is the port that I expect ollama to be listening on.

    If the address you see before “11434” is 0.0.0.0, then it means that ollama is listening on all addresses, which means that any program that can reach it over the network can talk to it (as long as it can get past Windows Firewall). We’re good, then.

    Might also be “127.0.0.1”. In that case, it’ll only be listening to connections originating from the local computer. If that’s the case, then it’ll have to be configured to use 0.0.0.0.

    I’m gonna stop here until you’ve confirmed that much. If that all works, and you have ollama already listening on the “0.0.0.0” address, then next step is gonna be to check that the firewall is active on the Windows machine, punch a hole in it, and then confirm that ollama is not accessible from the Internet, as you don’t want people using your hardware to do LLM computation; I’ll try and step-by-step that.

  • tal@lemmy.todaytoSelfhosted@lemmy.worldFrustratingly bad at self hosting. Can someone help me access LLMs on my rig from my phoneEnglish
    1·
    4 months ago

    Yes I have Ollama on my windows rig.

    TBH, im not sure if librechat has a web ui.

    Okay, gotcha. I don’t know if Ollama has a native Web UI itself; if so, I haven’t used it myself. I know that it can act as a backend for various front-end chat-based applications. I do know that kobold.cpp can operate both as an LLM backend and run a limited Web UI, so at least some backends do have Web UIs built in. You said that you’ve already used Ollama successfully. Was this via some Web-based UI that you would like to use on your phone, or just some other program (LibreChat?) running natively on the Windows machine?

  • tal@lemmy.todaytoSelfhosted@lemmy.worldFrustratingly bad at self hosting. Can someone help me access LLMs on my rig from my phoneEnglish
    11·
    4 months ago

    ssh -L 0.0.0.0:3000:YOURPUBLICIP:3000

    If you can SSH to the LLM machine, I’d probably recommend ssh -L127.0.0.1:11434:127.0.0.1:11434 <remote hostname>. If for some reason you don’t have or inadvertently bring down a firewall on your portable device, you don’t want to be punching a tunnel from whatever can talk to your portable device to the LLM machine.

    (Using 11434 instead of 3000, as it looks like that’s ollama’s port.)

    EDIT: OP, it’s going to be hard to give a reliable step-by-step, because I have no idea what your network looks like. So, for example, it’s possible to have your wireless access point set up so that devices can’t talk to each other at all. You might have some kind of firewall on your LLM machine, so that if they can talk to each other from the WAP’s standpoint, the firewall will block traffic from your phone; you’d need to punch a hole in that. At least something (sshd for the example here, or ollama itself to the network) needs to be listening on a routable address. As DrDystopia points out, we don’t even know what OS the LLM machine is running (Linux?) so giving any kind of step-by-step is going to be hard there.

    I have had absolutely no luck.

    Problem is, that doesn’t say much. Like, doesn’t say what you’ve seen.

    Do you know what the LAN IP address of your LLM machine is? Can you ping that IP address from Termux on your phone when both are on the same WiFi network ($ ping <ip-address>?) What OS is the LLM machine? If Linux, do you have sshd installed? It sounds like you do have ollama on it and that it’s working if you use it from the LLM machine? When you said that it didn’t work, what did you try and what errors or behavior did you see?