Comments (10)
Hi!
... so v1.0.0-rc3 does work for you and Version 1.0.0 does not? Please paste your configuration of prosody-filer and Nginx (if used) here, so I can have a look at it.
I'm running v1.0.0(no RC, but the release) myself without problems, but maybe there's a bug that occurs on certain configurations only.
from prosody-filer.
Hi,
yes. With the version v1.0.0-rc3 works alll fine. With Version 1.0.0 i get the problem.
Configfile for prosody-filer:
### IP address and port to listen to, e.g. "127.0.0.1:8484"
listenport = "127.0.0.1:8808"
### Secret (must match the one in prosody.conf.lua!)
secret = "mysecret"
### Where to store the uploaded files
storeDir = "./upload/"
### Subdirectory for HTTP upload / download requests (usually "upload/")
uploadSubDir = "upload/"
I am using a Apache with the following Config:
#Port 80
<VirtualHost *:80>
ServerName example.server.eu
RedirectPermanent / https://example.server.eu/
</VirtualHost>
#Aufruf SSL
<VirtualHost *:443>
#Aufruf Webseite
ServerName example.server.eu
SSLEngine on
SSLCertificateFile ""
SSLCertificateKeyFile "
Header always set Public-Key-Pins: ''
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
H2Direct on
<Location /upload/>
# Allow cross site requests
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Headers "Content-Type"
Header always set Access-Control-Allow-Methods "OPTIONS, PUT, GET"
RewriteEngine On
# modify status code of preflight request
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
</Location>
SSLProxyEngine on
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://localhost:8808/upload/
ProxyPassReverse / http://localhost:8808/upload/
<IfModule mod_security2.c>
SecRuleRemoveById 920420
SecRuleRemoveById 911100
</IfModule>
</VirtualHost>
from prosody-filer.
I just checked the changes from v1.0.0-rc3 to v1.0.0 but couldn't find the cause from looking at the sources.
Did you shorten / alter the log output in your first post? Because
fileStorePath: upload/zko4b3j kbrv/1.png
seems weird to me. There shouldn't be any spaces in the path and the file name should not be just a number.
Which XMPP client have you tried? Which XMPP server do you use?
from prosody-filer.
Oh sorry. This is a copy and failure on the first post. i have anonymize the outpout with a wrong syntax.
This one the correct output:
Feb 01 02:09:24 prosody-filer[34172]: MAC sent: 596rogbetoh3hteb
Feb 01 02:09:24 prosody-filer[34172]: 2019/02/01 02:09:24 fileStorePath: upload/ff6854d4-d202-4473-b684-dd9dd28ee566f/053d83dd-afb3-4e34-b0ad-2e45e560.png
Feb 01 02:09:24 prosody-filer[34172]: 2019/02/01 02:09:24 ContentLength: 26856
Feb 01 02:09:24 prosody-filer[34172]: 2019/02/01 02:09:24 Invalid MAC.
I use it with Conversations 2.3.12 and as server Prosody 0.11.2. Can the problem coning from this
changes
from prosody-filer.
I just had a look at my own instance, running with Nginx instead of Apache (I've never tried on Apache - not using it).
Feb 04 12:14:47 h-pollux prosody-filer[575]: 2019/02/04 12:14:47 Incoming request: PUT /upload/bc277cc7-2d2d-45ad-90ee-c95f8d35600c/DB5CBC89-63EE-4585-9DFD-AD8A8F08D2BE.jpg?v=778d72a41d0b05232511999eade33510711468c197aa381db31b665e5ba034bf
Feb 04 12:14:47 h-pollux prosody-filer[575]: MAC sent: 778d72a41d0b05232511999eade33510711468c194aa381db31b665e5ba034bf
Feb 04 12:14:47 h-pollux prosody-filer[575]: 2019/02/04 12:14:47 fileStorePath: bc277cc7-2d2d-45ad-90ee-c95f8d35600c/DB5CBC89-63EE-4585-9DFD-AD8A8F08D2BE.jpg
Feb 04 12:14:47 h-pollux prosody-filer[575]: 2019/02/04 12:14:47 ContentLength: 856014
Feb 04 12:14:48 h-pollux prosody-filer[575]: 2019/02/04 12:14:48 Successfully written 856014 bytes to file bc277cc7-2d2d-45ad-90ee-c95f8d35600c/DB5CBC89-63EE-4585-9DFD-AD8A8F08D2BE.jpg
You can see that the upload/ Prefix in paths is removed correctly. Your paths are prefixed by upload/
and that is why the upload is failing.
The new code which came to v1.0.0 relys on getting an URL like this from your webserver:
PUT /upload/fb5c0b49-add1-4f91-8c0c-0ad1f08459c3/670AD26B-B59D-4C70-9BA3-A39F2D4A2525.jpg?v=441075465c37a8772a57ac40b00a886702cda72e2ea384fa706a31e37f122a7a
Instead your webserver might be sending this:
PUT upload/fb5c0b49-adb1-4f91-8c0c-0ad1f08459c3/670AD26B-K59D-4C70-9BA3-A39F2D4A2525.jpg?v=441075465c37a8772a57ac40b00a886702cda72e2ea384fa706a31e37f122a7a
(Note the missing slash before "upload".) Because of that removing the "upload" part fails and is stays in the URL, making the MAC check fail.
Now for the new version I'll make the /upload/ prefix removal more fault tolerant, but as a temporary workaround for you, we will need to make your Apache send URLs including the first slash. I'm not an Apache expert, but maybe changing
<Location /upload/>
to <Location /upload>
does help?
Please give me some more log input including PUT, HEAD, GET requests, to we can make sure my theory is correct :-)
from prosody-filer.
Ok i have updated the new version of prosody-filer and upload a file. The following error is created:
Feb 04 21:11:34 eridanus prosody-filer[31654]: 2019/02/04 21:11:34 Server started on port 127.0.0.1:8808. Waiting for requests. Feb 04 21:12:49 eridanus prosody-filer[31654]: 2019/02/04 21:12:49 Incoming request: PUT /upload/upload/fb6ad972-d8e6-5452-aa21-7e2/werden.jpg?v=8b94586e6519ccdfab5c2 Feb 04 21:12:49 eridanus prosody-filer[31654]: MAC sent: 8b94586e6519ccdfab5c2 Feb 04 21:12:49 eridanus prosody-filer[31654]: 2019/02/04 21:12:49 fileStorePath: upload/fb6ad972-d8e6-5452-aa21-7e2/werden.jpg Feb 04 21:12:49 eridanus prosody-filer[31654]: 2019/02/04 21:12:49 ContentLength: 70382 Feb 04 21:12:49 eridanus prosody-filer[31654]: 2019/02/04 21:12:49 Invalid MAC.
with the change from <Location /upload/> to <Location /upload>
. I get the same one:
Feb 04 21:19:18 eridanus prosody-filer[31654]: 2019/02/04 21:19:18 Incoming request: PUT /upload/upload/b45f05bf-c8fe-43ae-be85-274ed7/werden.jpg?v=53688c79ee8fa06d4 Feb 04 21:19:18 eridanus prosody-filer[31654]: MAC sent: 53688c79ee8fa06d4 Feb 04 21:19:18 eridanus prosody-filer[31654]: 2019/02/04 21:19:18 fileStorePath: upload/b45f05bf-c8fe-43ae-be85-274ed7/werden.jpg Feb 04 21:19:18 eridanus prosody-filer[31654]: 2019/02/04 21:19:18 ContentLength: 70382 Feb 04 21:19:18 eridanus prosody-filer[31654]: 2019/02/04 21:19:18 Invalid MAC.
But when i check this journal of prosody-filer, i see this one /upload/upload/
. Its very curiousity. The directive <Location /upload>
doesn't change the URL. With this one says you the apache where is start the exercises for the proxy reverse on the url. You can set <Location />
and all behind the url is starting the next step.
The problem was this:
ProxyPass / http://localhost:8808/upload/ ProxyPassReverse / http://localhost:8808/upload/
I have change this to:
ProxyPass / http://localhost:8808/ ProxyPassReverse / http://localhost:8808/
I create a new upload and all is fine with this change:
Feb 04 21:26:49 eridanus prosody-filer[31654]: 2019/02/04 21:26:49 Incoming request: PUT /upload/2d45a10f-29d6-4469-9f8d-3aff/Hast%20du%20Getrunken%20Kurzer.mp4?v=9e2ff0fd241f Feb 04 21:26:49 eridanus prosody-filer[31654]: MAC sent: 9e2ff0fd241f Feb 04 21:26:49 eridanus prosody-filer[31654]: 2019/02/04 21:26:49 fileStorePath: 2d45a10f-29d6-4469-9f8d-3aff/Hast du Getrunken Kurzer.mp4 Feb 04 21:26:49 eridanus prosody-filer[31654]: 2019/02/04 21:26:49 ContentLength: 2167853 Feb 04 21:26:50 eridanus prosody-filer[31654]: 2019/02/04 21:26:50 Successfully written 2167853 bytes to file 2d45a10f-29d6-4469-9f8d-3aff/Hast du Getrunken Kurzer.mp4
Thanks four your help Thomas. We close the issue.
from prosody-filer.
Thanks for testing! I'm happy to see it work now. Is it okay for you if I copy your Apache Config and add it to README with minor changes?
from prosody-filer.
Hey thats not a problem. Here is he config as a example for Apache2 with the module mod_security2 (OWASP Firewall on Apache):
##Port 80 Redirect from http to https if they needed is
<VirtualHost` *:80>
ServerName upload.example.eu
RedirectPermanent / https://upload.example.eu/
</VirtualHost>`
#Starting SSL for the domain alias
<VirtualHost *:443>
#Aufruf Webseite
ServerName upload.example.eu
SSLEngine on
##If needed for the SSL Certificate. If they are used the module mod_md on apache with a unique domain you dont need this two parameter
SSLCertificateFile "Path to the ca file"
SSLCertificateKeyFile "Path to the key file"
## You needed this for HPKP. If dont needed, then comment out this parameter or delete it
Header always set Public-Key-Pins: ''
## You needed this for HSTS
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
## Activated HTTP/2 if available on the client side
H2Direct on
## Starting the matches session on the url for the proxy. See the external url on Prosody Server and ##matches with prosody-filer
<Location /upload>
## Allow cross site requests
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Headers "Content-Type"
Header always set Access-Control-Allow-Methods "OPTIONS, PUT, GET"
## Allow the Rewrite Engine with the following parameter
RewriteEngine On
## modify status code of preflight request
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
</Location>
##Starting the Proxyengine for the virtual host which communicated with SSL to outside. Please check the ##ports to prosody-filer
SSLProxyEngine on
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://localhost:8408/
ProxyPassReverse / http://localhost:8408/
## Deactivated this two security rules if used Apache with the module mod_security2. Its a OWASP ##Firewall
<IfModule mod_security2.c>
SecRuleRemoveById 920420
SecRuleRemoveById 911100
</IfModule>
</VirtualHost>
from prosody-filer.
<VirtualHost *:80>
ServerName upload.example.eu
RedirectPermanent / https://upload.example.eu/
</VirtualHost>
<VirtualHost *:443>
ServerName upload.example.eu
SSLEngine on
SSLCertificateFile "Path to the ca file"
SSLCertificateKeyFile "Path to the key file"
Header always set Public-Key-Pins: ''
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
H2Direct on
<Location /upload>
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Headers "Content-Type"
Header always set Access-Control-Allow-Methods "OPTIONS, PUT, GET"
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
</Location>
SSLProxyEngine on
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://localhost:8408/
ProxyPassReverse / http://localhost:8408/
<IfModule mod_security2.c>
SecRuleRemoveById 920420
SecRuleRemoveById 911100
</IfModule>
</VirtualHost>
from prosody-filer.
And here the config as txt file. :-)
from prosody-filer.
Related Issues (20)
- Support OPTIONS Request and CORS Headers HOT 9
- Investigate MAC generation / comparison HOT 2
- Error with Group=nginx HOT 1
- Not clearing old photos ever, and an index is available (not even obscurity) HOT 3
- Verifying sources and/or binaries HOT 3
- Invalid MAC HOT 2
- Prosody updated info HOT 5
- Running bin file HOT 1
- Project seems out of date HOT 4
- Please implement v2 protocol HOT 1
- Go get command is depreciated HOT 1
- SomeThing wrong with HMAC HOT 3
- create a new release HOT 3
- H2Direct not recognized HOT 1
- Implement a way to recieve a token at runtime rather than hardcoded HOT 2
- File size limit HOT 1
- Automatic purge HOT 1
- Automatic purge : remove message HOT 1
- Advantage of files served by nginx directly HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from prosody-filer.