Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't save icons or upload QR codes - Docker installation #57

Closed
URBANsUNITED opened this issue Jan 21, 2022 · 27 comments
Closed

Can't save icons or upload QR codes - Docker installation #57

URBANsUNITED opened this issue Jan 21, 2022 · 27 comments
Labels
bug Something isn't working docker dockerfile or docker-compose setup fixed The issue is fixed (in a coming release)

Comments

@URBANsUNITED
Copy link

Hi!

I am not able to upload anything to my docker installation.
Version: 04f8e8a
org.opencontainers.image.created | 2021-12-30T09:04:01Z

Icon and QR Code upload:
This error pops up:

2022/01/21 10:50:26 [crit] 60#60: *97 open() "/var/lib/nginx/tmp/client_body/0000000003" failed (13: Permission denied), client: 172.17.0.1, server: 2fauth, request: "POST /api/icon/upload HTTP/1.1", host: "xxx.duckdns.org", referrer: "https://xxx.duckdns.org/account/edit/1"

Log file:
[2022-01-21 10:44:39] local.ERROR: The resource owner or authorization server denied the request. {"exception":"[object] (League\\OAuth2\\Server\\Exception\\OAuthServerException(code: 9): The resource owner or authorization server denied the request. at /srv/vendor/lea> [stacktrace] #0 /srv/vendor/league/oauth2-server/src/AuthorizationValidators/BearerTokenValidator.php(73): League\\OAuth2\\Server\\Exception\\OAuthServerException::accessDenied() #1 /srv/vendor/league/oauth2-server/src/ResourceServer.php(84): League\\OAuth2\\Server\\AuthorizationValidators\\BearerTokenValidator->validateAuthorization() #2 /srv/vendor/laravel/passport/src/Guards/TokenGuard.php(207): League\\OAuth2\\Server\\ResourceServer->validateAuthenticatedRequest() #3 /srv/vendor/laravel/passport/src/Guards/TokenGuard.php(150): Laravel\\Passport\\Guards\\TokenGuard->getPsrRequestViaBearerToken() #4 /srv/vendor/laravel/passport/src/Guards/TokenGuard.php(113): Laravel\\Passport\\Guards\\TokenGuard->authenticateViaBearerToken() #5 /srv/vendor/laravel/passport/src/PassportServiceProvider.php(286): Laravel\\Passport\\Guards\\TokenGuard->user() #6 [internal function]: Laravel\\Passport\\PassportServiceProvider->Laravel\\Passport\\{closure}() #7 /srv/vendor/laravel/framework/src/Illuminate/Auth/RequestGuard.php(58): call_user_func() #8 /srv/vendor/laravel/framework/src/Illuminate/Auth/GuardHelpers.php(60): Illuminate\\Auth\\RequestGuard->user() #9 /srv/vendor/laravel/framework/src/Illuminate/Auth/Middleware/Authenticate.php(63): Illuminate\\Auth\\RequestGuard->check() #10 /srv/vendor/laravel/framework/src/Illuminate/Auth/Middleware/Authenticate.php(42): Illuminate\\Auth\\Middleware\\Authenticate->authenticate() #11 /srv/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Auth\\Middleware\\Authenticate->handle() #12 /srv/vendor/laravel/framework/src/Illuminate/Routing/Middleware/ThrottleRequests.php(59): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #13 /srv/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Routing\\Middleware\\ThrottleRequests->handle() #14 /srv/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #15 /srv/vendor/laravel/framework/src/Illuminate/Routing/Router.php(687): Illuminate\\Pipeline\\Pipeline->then() #16 /srv/vendor/laravel/framework/src/Illuminate/Routing/Router.php(662): Illuminate\\Routing\\Router->runRouteWithinStack() #17 /srv/vendor/laravel/framework/src/Illuminate/Routing/Router.php(628): Illuminate\\Routing\\Router->runRoute() #18 /srv/vendor/laravel/framework/src/Illuminate/Routing/Router.php(617): Illuminate\\Routing\\Router->dispatchToRoute() #19 /srv/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(165): Illuminate\\Routing\\Router->dispatch() #20 /srv/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\\Foundation\\Http\\Kernel->Illuminate\\Foundation\\Http\\{closure}() #21 /srv/app/Http/Middleware/SetLanguage.php(20): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #22 /srv/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): App\\Http\\Middleware\\SetLanguage->handle() #23 /srv/vendor/fideloper/proxy/src/TrustProxies.php(57): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #24 /srv/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Fideloper\\Proxy\\TrustProxies->handle() #25 /srv/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #26 /srv/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle() #27 /srv/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #28 /srv/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle() #29 /srv/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #30 /srv/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize->handle() #31 /srv/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php(63): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #32 /srv/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\CheckForMaintenanceMode->handle() #33 /srv/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #34 /srv/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(140): Illuminate\\Pipeline\\Pipeline->then() #35 /srv/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(109): Illuminate\\Foundation\\Http\\Kernel->sendRequestThroughRouter() #36 /srv/public/index.php(55): Illuminate\\Foundation\\Http\\Kernel->handle() #37 {main} "}

Kept strict following the docker install manual.
Adding TOTP by scanning a QR code is no problem, but adding icons or uploading QR Codes.

This is my main user:
uid=1000(urbansunited) gid=1000(urbansunited) Gruppen=1000(urbansunited),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),109(netdev)

$ ls -l
drwx------  3 urbansunited     urbansunited 4096 21. Jan 11:55 2fauth

~/Docker/2fauth$ ls -l
-rw-r--r-- 1 urbansunited urbansunited 98304 21. Jan 11:55 database.sqlite
-rw-r--r-- 1 urbansunited urbansunited     8 21. Jan 11:44 installed
drwxrwxrwx 5 urbansunited urbansunited  4096 21. Jan 11:44 storage

Thanks

URBANsUNITED
@SmartPhoneLover
Copy link

SmartPhoneLover commented Jan 23, 2022
edited

The same for me, installed in a docker container.

When I try to scan a QR code, it fails to load it. Also, when I try to add an icon to a pre-filled 2FA code, it ends with error.

@Bubka Bubka added the docker dockerfile or docker-compose setup label Feb 2, 2022
@URBANsUNITED
Copy link
Author

Mmmmh
Any update here? Is it a bug or is it user side?

@Bubka
Copy link
Owner

Bubka commented Feb 10, 2022

I updated the Docker image, some PHP extensions were missing. This fixed the issue on my side, what about you?

@Bubka Bubka added the bug Something isn't working label Feb 10, 2022
@SmartPhoneLover
Copy link

SmartPhoneLover commented Feb 10, 2022
edited

@Bubka Thank you very much for updating the image.
Now it's working as expected for me (Android). Also, scanning an image (upload QR pic) works.

UPDATE: I didn't test the icon features. When I try to assign an icon, it stills showing the error: 'An error accured'.
Mmmm, does the icon need any special resolution or it must not be over x resolution (.i.e: not bigger than 256x256)?
And/or when adding an icon, does it still need to be done via HTTP(S) connection? Because I added the previous QR code via HTTP, not HTTPS.

@URBANsUNITED
Copy link
Author

URBANsUNITED commented Feb 10, 2022
edited

Barcode import works, Icon import doesn't.
I know that it worked already once.
Will this help?
image

Website is setup with https using nginx proxy manager

@SmartPhoneLover
Copy link

SmartPhoneLover commented Feb 10, 2022
edited

I have a different log about uploading an icon. Hope it helps. Maybe the error is because there's an issue with permissions when accessing the the dir shown in 'Line2' log.

Line1: "GET /api/twofaccounts/3/withSensitive HTTP/1.1" 200 401 "http://192.168.1.100:8674/account/edit/3" "Mozilla/5.0 (Android 11, [OMITTED])
Line2: 2022/02/10 12:02:37 [crit] 61#61: *77 open() "/var/lib/nginx/tmp/client_body/0000000001" failed (13: Permission denied), client: 192.168.1.115, server: 2fauth, request: "POST /api/icon/upload HTTP/1.1", host: "192.168.1.100:8674", referrer: "http://192.168.1.100:8674/account/edit/3"
Line3: "POST /api/icon/upload HTTP/1.1" 500 177 "http://192.168.1.100:8674/account/edit/3" "Mozilla/5.0 (Android 11, [OMITTED])

So, as shown here on this thread, the error is happening whatever the connection to the service is: HTTP/HTTPS. Hope that helps too.

@Bubka
Copy link
Owner

Bubka commented Feb 10, 2022
edited

I cannot reproduce this issue. Did you follow the setup doc, especially the part 2?

chown 1000:1000 2fauth
chmod 700 2fauth

@qdm12 any idea?

@SmartPhoneLover
Copy link

SmartPhoneLover commented Feb 10, 2022
edited

I cannot reproduce this issue. Did you follow the setup doc, especially the part 2?

chown 1000:1000 2fauth
chmod 700 2fauth

If this is the path where 2fauth stores all the data on a mounted volume (/yourpath/2fauth:/2fauth), I tried changing its permissions (host side) to 777 and does nothing. It works with the default 755 permissions when installed on my host machine.

@URBANsUNITED
Copy link
Author

Wrong Conatiner??
I restarted from the scratch and got this:
ENV
image

Labels
image

It is not working! Setup as it should!

@URBANsUNITED
Copy link
Author

redid it and now image revision and commit are same.
BUT still no uploading possible

@URBANsUNITED
Copy link
Author

[2022-02-11 06:33:04] local.ERROR: The resource owner or authorization server denied the request. {"exception":"[object] (League\\OAuth2\\Server\\Exception\\OAuthServerException(code: 9): The resource owner or authorization server denied the request> [stacktrace] #0 /srv/vendor/league/oauth2-server/src/AuthorizationValidators/BearerTokenValidator.php(73): League\\OAuth2\\Server\\Exception\\OAuthServerException::accessDenied() #1 /srv/vendor/league/oauth2-server/src/ResourceServer.php(84): League\\OAuth2\\Server\\AuthorizationValidators\\BearerTokenValidator->validateAuthorization() #2 /srv/vendor/laravel/passport/src/Guards/TokenGuard.php(207): League\\OAuth2\\Server\\ResourceServer->validateAuthenticatedRequest() #3 /srv/vendor/laravel/passport/src/Guards/TokenGuard.php(150): Laravel\\Passport\\Guards\\TokenGuard->getPsrRequestViaBearerToken() #4 /srv/vendor/laravel/passport/src/Guards/TokenGuard.php(113): Laravel\\Passport\\Guards\\TokenGuard->authenticateViaBearerToken() #5 /srv/vendor/laravel/passport/src/PassportServiceProvider.php(286): Laravel\\Passport\\Guards\\TokenGuard->user() #6 [internal function]: Laravel\\Passport\\PassportServiceProvider->Laravel\\Passport\\{closure}() #7 /srv/vendor/laravel/framework/src/Illuminate/Auth/RequestGuard.php(58): call_user_func() #8 /srv/vendor/laravel/framework/src/Illuminate/Auth/GuardHelpers.php(60): Illuminate\\Auth\\RequestGuard->user() #9 /srv/vendor/laravel/framework/src/Illuminate/Auth/Middleware/Authenticate.php(63): Illuminate\\Auth\\RequestGuard->check() #10 /srv/vendor/laravel/framework/src/Illuminate/Auth/Middleware/Authenticate.php(42): Illuminate\\Auth\\Middleware\\Authenticate->authenticate() #11 /srv/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Auth\\Middleware\\Authenticate->handle() #12 /srv/vendor/laravel/framework/src/Illuminate/Routing/Middleware/ThrottleRequests.php(59): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #13 /srv/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Routing\\Middleware\\ThrottleRequests->handle() #14 /srv/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #15 /srv/vendor/laravel/framework/src/Illuminate/Routing/Router.php(687): Illuminate\\Pipeline\\Pipeline->then() #16 /srv/vendor/laravel/framework/src/Illuminate/Routing/Router.php(662): Illuminate\\Routing\\Router->runRouteWithinStack() #17 /srv/vendor/laravel/framework/src/Illuminate/Routing/Router.php(628): Illuminate\\Routing\\Router->runRoute() #18 /srv/vendor/laravel/framework/src/Illuminate/Routing/Router.php(617): Illuminate\\Routing\\Router->dispatchToRoute() #19 /srv/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(165): Illuminate\\Routing\\Router->dispatch() #20 /srv/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\\Foundation\\Http\\Kernel->Illuminate\\Foundation\\Http\\{closure}() #21 /srv/app/Http/Middleware/SetLanguage.php(20): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #22 /srv/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): App\\Http\\Middleware\\SetLanguage->handle() #23 /srv/vendor/fideloper/proxy/src/TrustProxies.php(57): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #24 /srv/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Fideloper\\Proxy\\TrustProxies->handle() #25 /srv/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #26 /srv/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle() #27 /srv/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #28 /srv/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle() #29 /srv/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #30 /srv/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize->handle() #31 /srv/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php(63): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #32 /srv/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\CheckForMaintenanceMode->handle() #33 /srv/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #34 /srv/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(140): Illuminate\\Pipeline\\Pipeline->then() #35 /srv/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(109): Illuminate\\Foundation\\Http\\Kernel->sendRequestThroughRouter() #36 /srv/public/index.php(55): Illuminate\\Foundation\\Http\\Kernel->handle() #37 {main} "}

@Bubka
Copy link
Owner

Bubka commented Feb 11, 2022

This error is triggered only when you try to upload an icon?! Sign in feature works as expected?

@URBANsUNITED
Copy link
Author

No, also when I'll try to upload an QR Code

@URBANsUNITED
Copy link
Author

Forgot... Sign In = no issue, also adding QR codes manually, no problem. Only uploading images or QR Codes

@SmartPhoneLover
Copy link

Forgot... Sign In = no issue, also adding QR codes manually, no problem. Only uploading images or QR Codes

Mmm, strange. For me the only thing that is not working, is uploading an icon for codes. I can sign-in, upload QR codes and add them manually.

@URBANsUNITED
Copy link
Author

A shame that this is not going further...
Tried to build the docker myself:

~# docker build --build-arg UID=1000 --build-arg GID=1000 -t 2fauth/2fauth https://github.com/Bubka/2FAuth.git Sending build context to Docker daemon 2.886MB Step 1/51 : ARG BUILDPLATFORM=linux/amd64 Step 2/51 : ARG TARGETPLATFORM Step 3/51 : ARG ALPINE_VERSION=3.14 Step 4/51 : ARG PHP_VERSION=7.3-alpine${ALPINE_VERSION} Step 5/51 : ARG COMPOSER_VERSION=2.1 Step 6/51 : ARG SUPERVISORD_VERSION=v0.7.3 Step 7/51 : FROM --platform=${BUILDPLATFORM} composer:${COMPOSER_VERSION} AS build-composer ---> c36110478797 Step 8/51 : FROM composer:${COMPOSER_VERSION} AS composer ---> c36110478797 Step 9/51 : FROM qmcgaw/binpot:supervisord-${SUPERVISORD_VERSION} AS supervisord ---> a0dcdcfeb1b5 Step 10/51 : FROM --platform=${BUILDPLATFORM} php:${PHP_VERSION} AS vendor ---> 309ba07e4c54 Step 11/51 : COPY --from=build-composer --chown=${UID}:${GID} /usr/bin/composer /usr/bin/composer unable to convert uid/gid chown string to host mapping: can't find uid for user : no such user:

So I believe that there is a permission issue in the docker env....

@qdm12
Copy link
Contributor

qdm12 commented Mar 9, 2022

@URBANsUNITED #63 fixes the Dockerfile, not sure why it got messed up at some point.

However I get this when trying to access localhost:8000:

2fauth  | 2022/03/09 12:10:16 [error] 61#61: *1 FastCGI sent in stderr: "PHP message: PHP Fatal error:  Uncaught Error: Call to undefined function Illuminate\View\Compilers\token_get_all() in /srv/vendor/laravel/framework/src/Illuminate/View/Compilers/BladeCompiler.php:232
2fauth  | Stack trace:
2fauth  | #0 /srv/vendor/laravel/framework/src/Illuminate/View/Compilers/BladeCompiler.php(143): Illuminate\View\Compilers\BladeCompiler->compileString()
2fauth  | #1 /srv/vendor/laravel/framework/src/Illuminate/View/Engines/CompilerEngine.php(51): Illuminate\View\Compilers\BladeCompiler->compile()
2fauth  | #2 /srv/vendor/laravel/framework/src/Illuminate/View/View.php(139): Illuminate\View\Engines\CompilerEngine->get()
2fauth  | #3 /srv/vendor/laravel/framework/src/Illuminate/View/View.php(122): Illuminate\View\View->getContents()
2fauth  | #4 /srv/vendor/laravel/framework/src/Illuminate/View/View.php(91): Illuminate\View\View->renderContents()
2fauth  | #5 /srv/vendor/laravel/framework/src/Illuminate/Http/Response.php(62): Illuminate\View\View->render()
2fauth  | #6 /srv/vendor/laravel/framework/src/Illuminate/Http/Response.php(34): Illuminate\Http\Respo...PHP message: PHP Fatal error:  Uncaught Error: Call to undefined function Illuminate\View\Compilers\token_get_all() in /srv/vendor/laravel/framework/src/Illuminate/View/Compilers/BladeCompiler.php:232
2fauth  | Stack trace:
2fauth  | #0 /srv/vendor/laravel/framework/src/Illuminate/View/Compilers/BladeCompiler.php(143): Illuminate\View\Compilers\BladeCompiler->compileString()
2fauth  | #1 /srv/vendor/laravel/framework/src/Illuminate/View/Engines/CompilerEngine.php(51): Illuminate\View\Compilers\BladeCompiler->compile()
2fauth  | #2 /srv/vendor/laravel/framework/src/Illuminate/View/View.php(139): Illuminate\View\Engines\CompilerEngine->get()
2fauth  | #3 /srv/vendor/laravel/framework/src/Illuminate/View/View.php(122): Illuminate\View\View->getContents()
2fauth  | #4 /srv/vendor/laravel/framework/src/Illuminate/View/View.php(91): Illuminate\View\View->renderContents()
2fauth  | #5 /srv/vendor/laravel/framework/src/Illuminate/Http/Response.php(62): Illuminate\View\View->render()
2fauth  | #6 /srv/vendor/laravel/framework/src/Illuminate/H
2fauth  | 172.31.0.1 - - [09/Mar/2022:12:10:16 +0000] "GET / HTTP/1.1" 500 5 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36

@Bubka Bubka added the fixed The issue is fixed (in a coming release) label Apr 5, 2022
@martabal
Copy link

When will you update the docker image on docker hub ? I still have this issue ...

@zarevskaya
Copy link

zarevskaya commented May 6, 2022
edited

I have this issue too. But with somes icons that's run oO

Thank's

2022/05/06 19:28:34 [crit] 46#46: *153 open() "/var/lib/nginx/tmp/client_body/0000000019" failed (13: Permission denied), client: 192.168.1.127, server: 2fauth, request: "POST /api/icon/upload HTTP/1.1", host: "ixxx.xxx:8077", referrer: "xxx://xxx.xxx:8077/account/edit/3"

@Bubka Bubka mentioned this issue May 10, 2022
Closed
@zarevskaya
Copy link

Hi,

Impossible to upload an icone.

2022/05/10 13:43:47 [crit] 46#46: *104 open() "/var/lib/nginx/tmp/client_body/0000000006" failed (13: Permission denied), client: 192.168.1.127, server: 2fauth, request: "POST /api/v1/icons HTTP/1.1", host: "xxxx.localdomain:8041", referrer: "http://xxxxxxx.localdomain:8041/account/2/edit"

How big should the image be? The format maybe?

Thank you

@Bubka
Copy link
Owner

Bubka commented May 10, 2022
edited

Great, I was able to reproduce the error! 😃

Nginx uses some directories in /var/lib/nginx/tmp when the request body is larger than the buffer client_body_buffer_size (see #comment1304547_728033). These directories don't have the correct permission in the current Docker image. This explains why the error is fired on some env only, everyone used images with various filesize.

@qdm12 your Dockerfile contains chown -R ${UID}:${GID} /var/lib/nginx/ which should do the trick. Do you understand why subdir /tmp/* are owned by nginx:root?

/var/lib/nginx $ ls -l
total 12
drwx--x--x    1 1000     1000          4096 May 10 13:39 html
lrwxrwxrwx    1 1000     1000            14 May 10 13:39 logs -> /var/log/nginx
lrwxrwxrwx    1 1000     1000            22 May 10 13:39 modules -> /usr/lib/nginx/modules
lrwxrwxrwx    1 1000     1000            10 May 10 13:39 run -> /run/nginx
drwx--x--x    1 1000     1000          4096 May 10 13:39 tmp
/var/lib/nginx $ cd tmp
/var/lib/nginx/tmp $ ls -l
total 20
drwx------    2 nginx    root          4096 May 10 13:39 client_body
drwx------    2 nginx    root          4096 May 10 13:39 fastcgi
drwx------    2 nginx    root          4096 May 10 13:39 proxy
drwx------    2 nginx    root          4096 May 10 13:39 scgi
drwx------    2 nginx    root          4096 May 10 13:39 uwsgi

@Bubka Bubka removed the fixed The issue is fixed (in a coming release) label May 10, 2022
@SmartPhoneLover
Copy link

SmartPhoneLover commented May 11, 2022
edited

Ok, so the icon must not be bigger than 16K. Right?

Tests...

  • Uploading an icon (PNG) larger than 16KB, it fails.
  • Uploading an icon (PNG) of 4KB and 12KB, it gets uploaded correctly.

So, if it won't be fixed to allow the user to upload any size image (larger than 16KB), I would advice to add a message in the upload icon section to alert about that limit
48793698632
.

@Bubka
Copy link
Owner

Bubka commented May 11, 2022

It's not a 2FAuth limitation, it's the NGINX setup of the Docker image which does not behave as expected.

@aronmal
Copy link
Contributor

aronmal commented May 11, 2022

Ok, so the icon must not be bigger than 16K. Right?

Tests...

  • Uploading an icon (PNG) larger than 16KB, it fails.
  • Uploading an icon (PNG) of 4KB and 12KB, it gets uploaded correctly.

Just stumbled over this issue. I used a cloud conversion site (lowering the color bit depth) to compress the png files size because I read this earlier:

Nginx uses some directories in /var/lib/nginx/tmp when the request body is larger than the buffer client_body_buffer_size (see #comment1304547_728033). These directories don't have the correct permission in the current Docker image. This explains why the error is fired on some env only, everyone used images with various filesize.

@SmartPhoneLover
Copy link

It's not a 2FAuth limitation, it's the NGINX setup of the Docker image which does not behave as expected.

Ohh, got it, sorry. Thank you anyway.

@aronmal
Copy link
Contributor

aronmal commented May 11, 2022
edited

It's not a 2FAuth limitation, it's the NGINX setup of the Docker image which does not behave as expected.

Wouldn't it be possible to add an environment variable to change the client_body_buffer_size parameter in the nginx config file /etc/nginx/nginx.conf?

@Bubka Bubka added the fixed The issue is fixed (in a coming release) label May 20, 2022
@Bubka
Copy link
Owner

Bubka commented May 20, 2022
edited

Based on dockerfile/nginx#4 (comment) I've changed the nginx tmp folder configuration, it works.

A new release is coming.

If some of you want to fix/test on their side, use the :dev docker image or add client_body_temp_path /tmp 1 2; to your /etc/nginx/nginx.conf container file (see 990fca3#diff-fe579aa58b5146f19eeb285be0d8f90e9498ef94194c7e62cf6fdc6c6cccaf2e)

@Bubka Bubka closed this as completed in 990fca3 May 23, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working docker dockerfile or docker-compose setup fixed The issue is fixed (in a coming release)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@Bubka @URBANsUNITED @qdm12 @SmartPhoneLover @aronmal @zarevskaya @martabal