Comments (27)
Great, I was able to reproduce the error! 😃
Nginx uses some directories in /var/lib/nginx/tmp
when the request body is larger than the buffer client_body_buffer_size
(see #comment1304547_728033). These directories don't have the correct permission in the current Docker image. This explains why the error is fired on some env only, everyone used images with various filesize.
@qdm12 your Dockerfile contains chown -R ${UID}:${GID} /var/lib/nginx/
which should do the trick. Do you understand why subdir /tmp/* are owned by nginx:root?
/var/lib/nginx $ ls -l
total 12
drwx--x--x 1 1000 1000 4096 May 10 13:39 html
lrwxrwxrwx 1 1000 1000 14 May 10 13:39 logs -> /var/log/nginx
lrwxrwxrwx 1 1000 1000 22 May 10 13:39 modules -> /usr/lib/nginx/modules
lrwxrwxrwx 1 1000 1000 10 May 10 13:39 run -> /run/nginx
drwx--x--x 1 1000 1000 4096 May 10 13:39 tmp
/var/lib/nginx $ cd tmp
/var/lib/nginx/tmp $ ls -l
total 20
drwx------ 2 nginx root 4096 May 10 13:39 client_body
drwx------ 2 nginx root 4096 May 10 13:39 fastcgi
drwx------ 2 nginx root 4096 May 10 13:39 proxy
drwx------ 2 nginx root 4096 May 10 13:39 scgi
drwx------ 2 nginx root 4096 May 10 13:39 uwsgi
from 2fauth.
Based on dockerfile/nginx#4 (comment) I've changed the nginx tmp folder configuration, it works.
A new release is coming.
If some of you want to fix/test on their side, use the :dev
docker image or add client_body_temp_path /tmp 1 2;
to your /etc/nginx/nginx.conf
container file (see 990fca3#diff-fe579aa58b5146f19eeb285be0d8f90e9498ef94194c7e62cf6fdc6c6cccaf2e)
from 2fauth.
The same for me, installed in a docker container.
When I try to scan a QR code, it fails to load it. Also, when I try to add an icon to a pre-filled 2FA code, it ends with error.
from 2fauth.
Mmmmh
Any update here? Is it a bug or is it user side?
from 2fauth.
I updated the Docker image, some PHP extensions were missing. This fixed the issue on my side, what about you?
from 2fauth.
@Bubka Thank you very much for updating the image.
Now it's working as expected for me (Android). Also, scanning an image (upload QR pic) works.
UPDATE: I didn't test the icon features. When I try to assign an icon, it stills showing the error: 'An error accured'.
Mmmm, does the icon need any special resolution or it must not be over x resolution (.i.e: not bigger than 256x256)?
And/or when adding an icon, does it still need to be done via HTTP(S) connection? Because I added the previous QR code via HTTP, not HTTPS.
from 2fauth.
Barcode import works, Icon import doesn't.
I know that it worked already once.
Will this help?
Website is setup with https using nginx proxy manager
from 2fauth.
I have a different log about uploading an icon. Hope it helps. Maybe the error is because there's an issue with permissions when accessing the the dir shown in 'Line2' log.
Line1: "GET /api/twofaccounts/3/withSensitive HTTP/1.1" 200 401 "http://192.168.1.100:8674/account/edit/3" "Mozilla/5.0 (Android 11, [OMITTED])
Line2: 2022/02/10 12:02:37 [crit] 61#61: *77 open() "/var/lib/nginx/tmp/client_body/0000000001" failed (13: Permission denied), client: 192.168.1.115, server: 2fauth, request: "POST /api/icon/upload HTTP/1.1", host: "192.168.1.100:8674", referrer: "http://192.168.1.100:8674/account/edit/3"
Line3: "POST /api/icon/upload HTTP/1.1" 500 177 "http://192.168.1.100:8674/account/edit/3" "Mozilla/5.0 (Android 11, [OMITTED])
So, as shown here on this thread, the error is happening whatever the connection to the service is: HTTP/HTTPS. Hope that helps too.
from 2fauth.
I cannot reproduce this issue. Did you follow the setup doc, especially the part 2?
chown 1000:1000 2fauth
chmod 700 2fauth
@qdm12 any idea?
from 2fauth.
I cannot reproduce this issue. Did you follow the setup doc, especially the part 2?
chown 1000:1000 2fauth chmod 700 2fauth
If this is the path where 2fauth stores all the data on a mounted volume (/yourpath/2fauth:/2fauth), I tried changing its permissions (host side) to 777 and does nothing. It works with the default 755 permissions when installed on my host machine.
from 2fauth.
Wrong Conatiner??
I restarted from the scratch and got this:
ENV
It is not working! Setup as it should!
from 2fauth.
redid it and now image revision and commit are same.
BUT still no uploading possible
from 2fauth.
[2022-02-11 06:33:04] local.ERROR: The resource owner or authorization server denied the request. {"exception":"[object] (League\\OAuth2\\Server\\Exception\\OAuthServerException(code: 9): The resource owner or authorization server denied the request> [stacktrace] #0 /srv/vendor/league/oauth2-server/src/AuthorizationValidators/BearerTokenValidator.php(73): League\\OAuth2\\Server\\Exception\\OAuthServerException::accessDenied() #1 /srv/vendor/league/oauth2-server/src/ResourceServer.php(84): League\\OAuth2\\Server\\AuthorizationValidators\\BearerTokenValidator->validateAuthorization() #2 /srv/vendor/laravel/passport/src/Guards/TokenGuard.php(207): League\\OAuth2\\Server\\ResourceServer->validateAuthenticatedRequest() #3 /srv/vendor/laravel/passport/src/Guards/TokenGuard.php(150): Laravel\\Passport\\Guards\\TokenGuard->getPsrRequestViaBearerToken() #4 /srv/vendor/laravel/passport/src/Guards/TokenGuard.php(113): Laravel\\Passport\\Guards\\TokenGuard->authenticateViaBearerToken() #5 /srv/vendor/laravel/passport/src/PassportServiceProvider.php(286): Laravel\\Passport\\Guards\\TokenGuard->user() #6 [internal function]: Laravel\\Passport\\PassportServiceProvider->Laravel\\Passport\\{closure}() #7 /srv/vendor/laravel/framework/src/Illuminate/Auth/RequestGuard.php(58): call_user_func() #8 /srv/vendor/laravel/framework/src/Illuminate/Auth/GuardHelpers.php(60): Illuminate\\Auth\\RequestGuard->user() #9 /srv/vendor/laravel/framework/src/Illuminate/Auth/Middleware/Authenticate.php(63): Illuminate\\Auth\\RequestGuard->check() #10 /srv/vendor/laravel/framework/src/Illuminate/Auth/Middleware/Authenticate.php(42): Illuminate\\Auth\\Middleware\\Authenticate->authenticate() #11 /srv/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Auth\\Middleware\\Authenticate->handle() #12 /srv/vendor/laravel/framework/src/Illuminate/Routing/Middleware/ThrottleRequests.php(59): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #13 /srv/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Routing\\Middleware\\ThrottleRequests->handle() #14 /srv/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #15 /srv/vendor/laravel/framework/src/Illuminate/Routing/Router.php(687): Illuminate\\Pipeline\\Pipeline->then() #16 /srv/vendor/laravel/framework/src/Illuminate/Routing/Router.php(662): Illuminate\\Routing\\Router->runRouteWithinStack() #17 /srv/vendor/laravel/framework/src/Illuminate/Routing/Router.php(628): Illuminate\\Routing\\Router->runRoute() #18 /srv/vendor/laravel/framework/src/Illuminate/Routing/Router.php(617): Illuminate\\Routing\\Router->dispatchToRoute() #19 /srv/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(165): Illuminate\\Routing\\Router->dispatch() #20 /srv/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\\Foundation\\Http\\Kernel->Illuminate\\Foundation\\Http\\{closure}() #21 /srv/app/Http/Middleware/SetLanguage.php(20): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #22 /srv/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): App\\Http\\Middleware\\SetLanguage->handle() #23 /srv/vendor/fideloper/proxy/src/TrustProxies.php(57): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #24 /srv/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Fideloper\\Proxy\\TrustProxies->handle() #25 /srv/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #26 /srv/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle() #27 /srv/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #28 /srv/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle() #29 /srv/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #30 /srv/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize->handle() #31 /srv/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php(63): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #32 /srv/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\CheckForMaintenanceMode->handle() #33 /srv/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #34 /srv/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(140): Illuminate\\Pipeline\\Pipeline->then() #35 /srv/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(109): Illuminate\\Foundation\\Http\\Kernel->sendRequestThroughRouter() #36 /srv/public/index.php(55): Illuminate\\Foundation\\Http\\Kernel->handle() #37 {main} "}
from 2fauth.
This error is triggered only when you try to upload an icon?! Sign in feature works as expected?
from 2fauth.
No, also when I'll try to upload an QR Code
from 2fauth.
Forgot... Sign In = no issue, also adding QR codes manually, no problem. Only uploading images or QR Codes
from 2fauth.
Forgot... Sign In = no issue, also adding QR codes manually, no problem. Only uploading images or QR Codes
Mmm, strange. For me the only thing that is not working, is uploading an icon for codes. I can sign-in, upload QR codes and add them manually.
from 2fauth.
A shame that this is not going further...
Tried to build the docker myself:
~# docker build --build-arg UID=1000 --build-arg GID=1000 -t 2fauth/2fauth https://github.com/Bubka/2FAuth.git Sending build context to Docker daemon 2.886MB Step 1/51 : ARG BUILDPLATFORM=linux/amd64 Step 2/51 : ARG TARGETPLATFORM Step 3/51 : ARG ALPINE_VERSION=3.14 Step 4/51 : ARG PHP_VERSION=7.3-alpine${ALPINE_VERSION} Step 5/51 : ARG COMPOSER_VERSION=2.1 Step 6/51 : ARG SUPERVISORD_VERSION=v0.7.3 Step 7/51 : FROM --platform=${BUILDPLATFORM} composer:${COMPOSER_VERSION} AS build-composer ---> c36110478797 Step 8/51 : FROM composer:${COMPOSER_VERSION} AS composer ---> c36110478797 Step 9/51 : FROM qmcgaw/binpot:supervisord-${SUPERVISORD_VERSION} AS supervisord ---> a0dcdcfeb1b5 Step 10/51 : FROM --platform=${BUILDPLATFORM} php:${PHP_VERSION} AS vendor ---> 309ba07e4c54 Step 11/51 : COPY --from=build-composer --chown=${UID}:${GID} /usr/bin/composer /usr/bin/composer unable to convert uid/gid chown string to host mapping: can't find uid for user : no such user:
So I believe that there is a permission issue in the docker env....
from 2fauth.
@URBANsUNITED #63 fixes the Dockerfile, not sure why it got messed up at some point.
However I get this when trying to access localhost:8000:
2fauth | 2022/03/09 12:10:16 [error] 61#61: *1 FastCGI sent in stderr: "PHP message: PHP Fatal error: Uncaught Error: Call to undefined function Illuminate\View\Compilers\token_get_all() in /srv/vendor/laravel/framework/src/Illuminate/View/Compilers/BladeCompiler.php:232
2fauth | Stack trace:
2fauth | #0 /srv/vendor/laravel/framework/src/Illuminate/View/Compilers/BladeCompiler.php(143): Illuminate\View\Compilers\BladeCompiler->compileString()
2fauth | #1 /srv/vendor/laravel/framework/src/Illuminate/View/Engines/CompilerEngine.php(51): Illuminate\View\Compilers\BladeCompiler->compile()
2fauth | #2 /srv/vendor/laravel/framework/src/Illuminate/View/View.php(139): Illuminate\View\Engines\CompilerEngine->get()
2fauth | #3 /srv/vendor/laravel/framework/src/Illuminate/View/View.php(122): Illuminate\View\View->getContents()
2fauth | #4 /srv/vendor/laravel/framework/src/Illuminate/View/View.php(91): Illuminate\View\View->renderContents()
2fauth | #5 /srv/vendor/laravel/framework/src/Illuminate/Http/Response.php(62): Illuminate\View\View->render()
2fauth | #6 /srv/vendor/laravel/framework/src/Illuminate/Http/Response.php(34): Illuminate\Http\Respo...PHP message: PHP Fatal error: Uncaught Error: Call to undefined function Illuminate\View\Compilers\token_get_all() in /srv/vendor/laravel/framework/src/Illuminate/View/Compilers/BladeCompiler.php:232
2fauth | Stack trace:
2fauth | #0 /srv/vendor/laravel/framework/src/Illuminate/View/Compilers/BladeCompiler.php(143): Illuminate\View\Compilers\BladeCompiler->compileString()
2fauth | #1 /srv/vendor/laravel/framework/src/Illuminate/View/Engines/CompilerEngine.php(51): Illuminate\View\Compilers\BladeCompiler->compile()
2fauth | #2 /srv/vendor/laravel/framework/src/Illuminate/View/View.php(139): Illuminate\View\Engines\CompilerEngine->get()
2fauth | #3 /srv/vendor/laravel/framework/src/Illuminate/View/View.php(122): Illuminate\View\View->getContents()
2fauth | #4 /srv/vendor/laravel/framework/src/Illuminate/View/View.php(91): Illuminate\View\View->renderContents()
2fauth | #5 /srv/vendor/laravel/framework/src/Illuminate/Http/Response.php(62): Illuminate\View\View->render()
2fauth | #6 /srv/vendor/laravel/framework/src/Illuminate/H
2fauth | 172.31.0.1 - - [09/Mar/2022:12:10:16 +0000] "GET / HTTP/1.1" 500 5 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36
from 2fauth.
When will you update the docker image on docker hub ? I still have this issue ...
from 2fauth.
I have this issue too. But with somes icons that's run oO
Thank's
2022/05/06 19:28:34 [crit] 46#46: *153 open() "/var/lib/nginx/tmp/client_body/0000000019" failed (13: Permission denied), client: 192.168.1.127, server: 2fauth, request: "POST /api/icon/upload HTTP/1.1", host: "ixxx.xxx:8077", referrer: "xxx://xxx.xxx:8077/account/edit/3"
from 2fauth.
Hi,
Impossible to upload an icone.
2022/05/10 13:43:47 [crit] 46#46: *104 open() "/var/lib/nginx/tmp/client_body/0000000006" failed (13: Permission denied), client: 192.168.1.127, server: 2fauth, request: "POST /api/v1/icons HTTP/1.1", host: "xxxx.localdomain:8041", referrer: "http://xxxxxxx.localdomain:8041/account/2/edit"
How big should the image be? The format maybe?
Thank you
from 2fauth.
Ok, so the icon must not be bigger than 16K. Right?
Tests...
- Uploading an icon (PNG) larger than 16KB, it fails.
- Uploading an icon (PNG) of 4KB and 12KB, it gets uploaded correctly.
So, if it won't be fixed to allow the user to upload any size image (larger than 16KB), I would advice to add a message in the upload icon section to alert about that limit
.
from 2fauth.
It's not a 2FAuth limitation, it's the NGINX setup of the Docker image which does not behave as expected.
from 2fauth.
Ok, so the icon must not be bigger than 16K. Right?
Tests...
- Uploading an icon (PNG) larger than 16KB, it fails.
- Uploading an icon (PNG) of 4KB and 12KB, it gets uploaded correctly.
Just stumbled over this issue. I used a cloud conversion site (lowering the color bit depth) to compress the png files size because I read this earlier:
Nginx uses some directories in
/var/lib/nginx/tmp
when the request body is larger than the bufferclient_body_buffer_size
(see #comment1304547_728033). These directories don't have the correct permission in the current Docker image. This explains why the error is fired on some env only, everyone used images with various filesize.
from 2fauth.
It's not a 2FAuth limitation, it's the NGINX setup of the Docker image which does not behave as expected.
Ohh, got it, sorry. Thank you anyway.
from 2fauth.
It's not a 2FAuth limitation, it's the NGINX setup of the Docker image which does not behave as expected.
Wouldn't it be possible to add an environment variable to change the client_body_buffer_size
parameter in the nginx config file /etc/nginx/nginx.conf
?
from 2fauth.
Related Issues (20)
- 403 Forbidden {message: "unauthorized"} HOT 3
- Install with Docker Compose : problem to connect/use database.sqlite HOT 5
- Add outgoing email testing from the UI HOT 1
- 2fauth + NGINX reverse proxy = 502 error HOT 1
- Mail Password Format HOT 1
- Secret Type Format
- Blank screen after update from 5.0.3 to 5.0.4 HOT 10
- "Check now" button is untranslatable HOT 1
- Add a route to clear cache from browser
- Add a "keep SSO registration enabled" setting HOT 1
- Cannot access database after upgrading v3 to v5 (self host to docker) --> No account found using this email. HOT 3
- app/Policies/OwnershipTrait contains a bug, i think HOT 9
- Add support for FreeOPT+ json exports HOT 1
- Can't decipher codes after updating to 5.1.0 HOT 17
- 5.1 SSO: Authentication via SSO rejected HOT 8
- Admin panel not working when using security device
- "Keep SSO registration enabled" is not saved
- Add pagination to /accounts page HOT 4
- Last admin can demote to user, leaving the instance administratorless
- Accounts visibility HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from 2fauth.