fix: use configured resolver and handle-domain behavior in rsky-pds#165
Open
rabble wants to merge 8 commits intoblacksky-algorithms:mainfrom
Open
fix: use configured resolver and handle-domain behavior in rsky-pds#165rabble wants to merge 8 commits intoblacksky-algorithms:mainfrom
rabble wants to merge 8 commits intoblacksky-algorithms:mainfrom
Conversation
Two fixes for deploying rsky-pds on standard S3-compatible storage: 1. S3BlobStore: Use configurable bucket name via PDS_BLOBSTORE_S3_BUCKET env var instead of using the actor DID as the S3 bucket name. DIDs contain colons which are invalid in bucket names on AWS S3, GCS, and most S3-compatible providers. The DID is still used as a path prefix within the bucket. Falls back to the DID for backwards compatibility. 2. PLC DID resolution: Remove encode_uri_component() from DID URL construction. DIDs (e.g., did:plc:abc123) are valid URL path segments and should not be percent-encoded. The encoding turns colons into %3A, causing 404s from plc.directory (e.g., /did%3Aplc%3Aabc123 instead of /did:plc:abc123). This affected both rsky-identity's PLC resolver and rsky-pds's PLC client. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
hickory-dns (formerly trust-dns) does its own DNS resolution instead of using the system resolver. In Kubernetes environments, pods rely on kube-dns via /etc/resolv.conf, and hickory-dns doesn't always correctly follow the cluster's DNS configuration. This was causing DID resolution to fail with "error sending request" even though the system resolver, curl, and openssl all work correctly from inside the same container. Switching to the default system DNS resolver (via libc) fixes DID resolution in containerized deployments. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…lution The webpki-roots bundle may not include all CAs needed for plc.directory (which uses Amazon Root CA). Switching to native-roots uses the system's CA store (/etc/ssl/certs) which includes all necessary CAs. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
rabble
changed the title
rabble
changed the title
rustls-tls-webpki-roots failed to resolve DIDs from plc.directory, and rustls-tls-native-roots caused the server to hang on startup. Using native-tls (OpenSSL-based) which is the most compatible option for containerized deployments. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replaces the ASCII art root page with a proper HTML page that: - Shows PDS info and available XRPC endpoints - Provides a mini query app to look up accounts by DID or handle - Lists posts for any account hosted on this PDS - Uses dark theme with ATProto branding Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Test Plan