Can't share more than 63 password at a time

nicolas.delque · December 18, 2019, 10:08am

Hi,

I’m having an issue trying to share more than 63 entries at one time. Basicaly, the server return an error 502 when I try to share 64 entries and more (I have over 1500 entries to share)

I have a NGINX Reverse proxy version 1.14.0 running on Ubuntu Server 18.04.3 in front of my Passbolt instance v2.11.0

passbolt-proxy.conf

server {
listen 80;
listen [::]:80;
server_name server.domain.com;

enforce https

return 301 https://$server_name$request_uri;
}

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;

server_name server.domain.com
access_log /var/log/nginx/server.access.log;
error_log /var/log/nginx/server.error.log;

ssl on;
ssl_certificate /etc/ssl/certs/wildcard.domain.com.pem;
ssl_certificate_key /etc/ssl/private/wildcard.domain.com.key;

location / {
proxy_pass http://server.local/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
}
}

Regards

remy · December 18, 2019, 10:17am

Hello Nicolas,

Most likely you issue is related to the size of the request, and the reverse proxy not accepting request with “large” urls (see. http://nginx.org/en/docs/http/ngx_http_core_module.html#large_client_header_buffers ). The default on nginx is 8K (which allows to send fetch requests for more than 100 entries at a time), and we have set the extension to work with a 4K config just in case. I suspect your config is likely to be less than that, either on the reverse proxy or the final server.

That’s my intuition but it could be something else.

I think you speak to my colleagues last week in a call, from what I understood the team was waiting for the logs of both nginx servers to have a look at it. Feel free to send us more information at support@passbolt.com so that we can have @diego to look at it.

Best regards,

nicolas.delque · December 18, 2019, 10:40am

I’ve already sent all the informations to support@passbolt.com.

I can send it back if you didn’t receive it.

nicolas.delque · December 18, 2019, 11:27am

I’ve managed to find the problem :

The problem was our firewall that was detecting A URL exceeds the maximum size allowed.

We tried to increase the cursor but it didn’t work. So we disabled this parameters and now it’s working.

https://securitykb.stormshield.eu/us/0c090e934729e26d.html

system · December 23, 2019, 11:27am

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.