Snap-store-proxy setup issues (and solutions)

apologizes for the verbose test, but after some tests, I have found below issues that I would to report to improve the service.

I have also opened this other, to discuss about the cache behaviour here

After following the detailed setup of How to cache snap downloads and save bandwidth I found the following issues:

  • the snap-proxy.conf file suggested as part of the deploy, is not read due to the lack of include and due to the fact that if you load the URLs described there, always replied with not-found.

  • If you include the setup suggested to be in snap-prxy.conf in nginx.conf, the code suggested:

   # Requires ngx_http_substitutions_filter_module that comes with nginx-extras in Debian/Ubuntu.
    subs_filter_types application/json;

generates errors as follows:

nginx: [emerg] unknown directive “subs_filter_types”

I have installed manually the required packages suggested nginx-extra, despite it does not really contain the module, as well as libnginx-mod-http-subs-filter which is the real package that includes the module but I cannot find the way to load the module in the snap-proxy nginx

(I also tried including it manually by adding an include line with the module but then there is a mismatch in version between snap-nginx and the module installed).

The system nginx load the right module:

╰─○ /usr/sbin/nginx -V 2>&1 | tr ' ' '\n' | grep -i sub

but the module does not appear in the proxy nginx:

╰─○ /snap/snap-store-proxy/78/usr/bin/nginx -V 2>&1 | tr ’ ’ ‘\n’ | grep -i sub

Now couple of solutions to other issues:

  • Another issue is the “Internal” dicrective, which looks has an issue with the capital I letter:

location @handle_cdn { Internal;

it shows the error:

nginx: [emerg] unknown directive “Internal”

Solution, change it without capital letter (internal)

  • when the nginx service is running (without the snap-proxy.conf), you always see the below 3 errors:

snap-store-proxy.nginx[8645]: nginx: [alert] could not open error log file: open() “/var/log/nginx/error.log” failed (13: Permission denied)

and in system logs:

apparmor="DENIED" operation="open" profile="snap.snap-store-proxy.snaprevs" name="/etc/gss/mech.d/" pid=27380 comm="python3"
apparmor="DENIED" operation="capable" profile="snap.snap-store-proxy.nginx" pid=30844 comm="nginx" capability=6  capname="setgid"

That I have managed to solve by adding the following code in apparmour and restarting the service:

under /var/lib/snapd/apparmor/profiles/snap.snap-store-proxy.nginx

      /var/log/nginx/* w,
      /etc/gss/mech.d/* w,
      capability setgid,
  • Snap proxy services are not enable and some not stated…

Status just after finish the setup:

snap services snap-store-proxy
Service                        Startup   Current   Notes
snap-store-proxy.memcached     disabled  active    -
snap-store-proxy.nginx         enabled   active    -
snap-store-proxy.snapassert    disabled  inactive  -
snap-store-proxy.snapauth      disabled  active    -
snap-store-proxy.snapdevicegw  disabled  active    -
snap-store-proxy.snapident     disabled  inactive  -
snap-store-proxy.snapproxy     disabled  active    -
snap-store-proxy.snaprevs      disabled  active    -

Run this command to start and enabled the services.

╰─○ for i in `snap services snap-store-proxy snap-store-proxy.nginx | awk '{print $1}'`; do  snap start             --enable  $i; done

any suggestion how to load the setup suggested the documentation included in snap-proxy.conf ?

OS is Ubuntu 20.4

Latest snap and proxy packages are installed and updated.


snapd                                  2.51.1+18.04  
╰─○ snap-proxy status              
Store ID: BlabLaBLabLAblaBlaBLAbLa
Status: pending
Connected Devices (updated daily): 0
Device Limit: None
Internal Service Status:
  memcached: running
  nginx: running
  snapauth: running
  snapdevicegw: running
  snapdevicegw-local: running
  snapproxy: running
  snaprevs: running