An Internal error Occured, the server response could not be parsed

Hello,

I have some issue to add a user into a group.

The group has access to more than 5000 password. At the end of the share propagation, I encountered the error below

image_2023-04-14_112722205

Passbolt is hosted on a Docker in an Ubuntu 22.04 LTS server. it has a public IP and public DNS name to access it.

I tried to add the group as owner of the folders instead of just reader, but still have the same issue.

Could it be because of the large amount of secrets stored in the folders ?

Thank you in advance.

Hello @martint,

Hard to tell if it’s related to folders without seeing more logs, but it could be.

Can you provide us with the API log of the failing request, you should be able to access them in the docker output.

Also can you provide with the output of the command status-report. If using the docker compose you can run it as follow.

docker compose exec passbolt /usr/share/php/passbolt/bin/status-report

Hey,

Thank you for the link of both logs.

For the API logs, I found this 2 lines that appears at the end of the process of adding a user into the group :

2023/04/14 08:00:42 [warn] 184#184: *37163 an upstream response is buffered to a temporary file /var/lib/nginx/fastcgi/2/19/0000000192 while reading upstream, client: 172.18.0.2, server: _, request: “GET /resources.json?api-version=v2&contain%5Bpermission%5D=1&contain%5Bfavorite%5D=1&contain%5Btag%5D=1 HTTP/1.1”, upstream: “fastcgi://unix:/run/php/php7.4-fpm.sock:”, host: “XXXXXXX”

172.18.0.2 - - [14/Apr/2023:08:00:42 +0000] “GET /resources.json?api-version=v2&contain%5Bpermission%5D=1&contain%5Bfavorite%5D=1&contain%5Btag%5D=1 HTTP/1.1” 200 3924547 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0”

(I’ve removed the hostname from this logs)

Here is the ouput of the other command:

>     > Open source password manager for teams
> -------------------------------------------------------------------------------
> Passbolt CE 3.12.0
> Cakephp 4.3.11
> Linux 5583d612bd91 5.15.0-1035-azure #42-Ubuntu SMP Tue Feb 28 19:41:23 UTC 2023 x86_64 GNU/Linux
> PHP 7.4.33 (cli) (built: Feb 22 2023 20:07:47) ( NTS )
>  ERROR: /usr/share/php/passbolt/bin/utils.sh: line 64: mysql: command not found
> gpg: WARNING: unsafe ownership on homedir '/var/lib/passbolt/.gnupg'
> gpg (GnuPG) 2.2.27
>  ERROR: /usr/share/php/passbolt/bin/utils.sh: line 64: composer: command not found
> 
>      ____                  __          ____
>     / __ \____  _____ ____/ /_  ____  / / /_
>    / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
>   / ____/ /_/ (__  |__  ) /_/ / /_/ / / /
>  /_/    \__,_/____/____/_.___/\____/_/\__/
> 
>  Open source password manager for teams
> -------------------------------------------------------------------------------
>  Healthcheck shell
> -------------------------------------------------------------------------------
> 
>  Environment
> 
>  [PASS] PHP version 7.4.33.
>  [PASS] PCRE compiled with unicode support.
>  [PASS] The temporary directory and its content are writable and not executable.
>  [PASS] The logs directory and its content are writable.
>  [PASS] GD or Imagick extension is installed.
>  [PASS] Intl extension is installed.
>  [PASS] Mbstring extension is installed.
> 
>  Config files
> 
>  [PASS] The application config file is present
>  [WARN] The passbolt config file is missing in /etc/passbolt/
>  [HELP] Copy /etc/passbolt/passbolt.default.php to /etc/passbolt/passbolt.php
>  [HELP] The passbolt config file is not required if passbolt is configured with environment variables
> 
>  Core config
> 
>  [PASS] Debug mode is off.
>  [PASS] Cache is working.
>  [PASS] Unique value set for security.salt
>  [PASS] Full base url is set to "hostname"
>  [PASS] App.fullBaseUrl validation OK.
>  [PASS] /healthcheck/status is reachable.
> 
>  SSL Certificate
> 
>  [PASS] SSL peer certificate validates
>  [PASS] Hostname is matching in SSL certificate.
>  [PASS] Not using a self-signed certificate
> 
>  Database
> 
>  [PASS] The application is able to connect to the database
>  [PASS] 30 tables found
>  [PASS] Some default content is present
>  [PASS] The database schema up to date.
> 
>  GPG Configuration
> 
>  [PASS] PHP GPG Module is installed and loaded.
>  [PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
>  [PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
>  [FAIL] The server OpenPGP key is not set
>  [HELP] Create a key, export it and add the fingerprint to /etc/passbolt/passbolt.php
>  [HELP] See. https://www.passbolt.com/help/tech/install#toc_gpg
>  [PASS] The public key file is defined in /etc/passbolt/passbolt.php and readable.
>  [PASS] The private key file is defined in /etc/passbolt/passbolt.php and readable.
>  [FAIL] The server key fingerprint doesn't match the one defined in /etc/passbolt/passbolt.php.
>  [HELP] Double check the key fingerprint, example:
>  [HELP] sudo su -s /bin/bash -c "gpg --list-keys --fingerprint --home /var/lib/passbolt/.gnupg" www-data | grep -i -B 2 'SERVER_KEY_EMAIL'
>  [HELP] SERVER_KEY_EMAIL: The email you used when you generated the server key.
>  [HELP] See. https://www.passbolt.com/help/tech/install#toc_gpg
>  [FAIL] The server public key defined in the /etc/passbolt/passbolt.php (or environment variables) is not in the keyring
>  [HELP] Import the private server key in the keyring of the webserver user.
>  [HELP] you can try:
>  [HELP] sudo su -s /bin/bash -c "gpg --home /var/lib/passbolt/.gnupg --import /etc/passbolt/gpg/serverkey_private.asc" www-data
>  [FAIL] The server key does not have a valid email id.
>  [HELP] Edit or generate another key with a valid email id.
> 
>  Application configuration
> 
>  [PASS] Using latest passbolt version (3.12.0).
>  [PASS] Passbolt is configured to force SSL use.
>  [PASS] App.fullBaseUrl is set to HTTPS.
>  [PASS] Selenium API endpoints are disabled.
>  [PASS] Search engine robots are told not to index content.
>  [INFO] The Self Registration plugin is enabled.
>  [INFO] Registration is closed, only administrators can add users.
>  [PASS] The deprecated self registration public setting was not found in /etc/passbolt/passbolt.php.
>  [WARN] Host availability checking is disabled.
>  [HELP] Make sure this instance is not publicly available on the internet.
>  [HELP] Or set the PASSBOLT_EMAIL_VALIDATE_MX environment variable to true.
>  [HELP] Or set passbolt.email.validate.mx to true in /etc/passbolt/passbolt.php.
>  [PASS] Serving the compiled version of the javascript app.
>  [WARN] Some email notifications are disabled by the administrator.
> 
>  JWT Authentication
> 
>  [PASS] The JWT Authentication plugin is enabled
>  [PASS] The /etc/passbolt/jwt/ directory is not writable.
>  [PASS] A valid JWT key pair was found
> 
>  SMTP Settings
> 
>  [PASS] The SMTP Settings plugin is enabled.
>  [FAIL] SMTP Setting errors: Argument 1 passed to App\Utility\OpenPGP\Backends\Gnupg::setDecryptKeyFromFingerprint() must be of the type string, null given, called in /usr/share/php/passbolt/plugins/PassboltCe/SmtpSettings/src/Service/SmtpSettingsGetSettingsInDbService.php on line 109
>  [WARN] The SMTP Settings source is: undefined.
>  [HELP] It is recommended to set the SMTP Settings in the database through the administration section.
>  [WARN] The SMTP Settings plugin endpoints are enabled.
>  [HELP] It is recommended to disable the plugin endpoints.
>  [HELP] Set the PASSBOLT_SECURITY_SMTP_SETTINGS_ENDPOINTS_DISABLED environment variable to true.
>  [HELP] Or set passbolt.security.smtpSettings.endpointsDisabled to true in /etc/passbolt/passbolt.php.
> 
>  [FAIL] 5 error(s) found. Hang in there!
> 
> 
>      ____                  __          ____
>     / __ \____  _____ ____/ /_  ____  / / /_
>    / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
>   / ____/ /_/ (__  |__  ) /_/ / /_/ / / /
>  /_/    \__,_/____/____/_.___/\____/_/\__/
> 
>  Open source password manager for teams
> -------------------------------------------------------------------------------
>  Cleanup shell (dry-run)
> -------------------------------------------------------------------------------
> No issue found, data looks squeaky clean!
> 
>      ____                  __          ____
>     / __ \____  _____ ____/ /_  ____  / / /_
>    / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
>   / ____/ /_/ (__  |__  ) /_/ / /_/ / / /
>  /_/    \__,_/____/____/_.___/\____/_/\__/
> 
>  Open source password manager for teams
> -------------------------------------------------------------------------------
> Data check shell
> [PASS] Data integrity for AuthenticationTokens.
>   [PASS] Can validate: 74/74
> [PASS] Data integrity for Comments.
>   [PASS] Can validate: 0/0
> [PASS] Data integrity for Favorites.
>   [PASS] Can validate: 0/0
> [PASS] Data integrity for Gpgkeys.
>   [PASS] Can encrypt: 3/3
>   [PASS] Pass validation service checks: 3/3
>   [PASS] Entity data and armored key data matches: 3/3
>   [PASS] Is not expired: 3/3
>   [PASS] Is armored key format valid: 3/3
> [PASS] Data integrity for Groups.
>   [PASS] Can validate: 3/3
> [PASS] Data integrity for Profiles.
>   [PASS] Can validate: 8/8
> [PASS] Data integrity for Resources.
>   [PASS] Can validate: 5109/5109
> [PASS] Data integrity for Secrets.
>   [PASS] Can validate: 10212/10212
> [PASS] Data integrity for Users.
>   [PASS] Can validate: 8/8

I’ve removed the hostname in this output as well.

Thank you for your help.

I am having the same issue.

Hello @jwaresolutions

I’ve found this error while I was working on it yesterday :slight_smile:

client intended to send too large body: 5395137 bytes, client: [xxx.xxx.xxx.xxx], server: [xxx.xxx.xxx.xxx], request: “PUT /groups/40146767-c175-470a-80b4-d4c0af3124d6.json?api-version=v2 HTTP/1.1”, host: “[xxx.xxx.xxx.xxx]”

I also found this post : The server response could not be parsed - Installation Issues - Passbolt community forum

I’ve tried to change the value of the setting client_max_body_size into the nginx conf, but unfortunately, I still have the issue.

Did you tried it on your side ?

@jwaresolutions You restarted nginx after the change?

sudo service nginx reload

Yes I did.

@jwaresolutions How do you run Passbolt ? On a docker ?

Edit: Sorry, message was not for me, but I guess it should help ^^

1 Like

I just restarted it, no change.

I am using docker to run Passbolt.

I am running Passbolt on a docker.