Apache images built after ~mid June 2022 introduce 1GB upload limit #1796
Comments
|
The following workaround can be used (e.g. with docker-compose). Create a file and bind mount into the container. E.g. in docker-compose: But IMHO this really should be done as part of the container build, since it's an unexpected breaking behaviour change. |
|
Same issue affected me. I cannot find any information about this change in Apache changelog. But documentation says:
Thank you @henryk for fast workaround. |
|
Effected me as well. During debugging I "fixed" it quickly by adding the following to my .htaccess: But the solution provided in this thread is better IMO and I deployed it instead. Thanks for the (proper-ish) workaround. |
|
This issue is still around on apache docker image of nextcloud. Thanks for the workaround. I was wondering why my rclone sync tasks were failing after upgrade. |
|
Hi, I'm also having this issue. Personally I would think that the apache config value should be configurable as the corresponding php config. Or that the "LimitRequestBody" value should be set to the same php value, if it is set. BG Mathias |
|
Just saw another Issue with the same problem #1830 |
|
I can confirm that bug. Sadly it's not fixed in the image, yet. |
Workaround for nextcloud/docker#1796
|
I think the following patch should fix this. diff --git a/update.sh b/update.sh
index 608a9bb..962b72e 100755
--- a/update.sh
+++ b/update.sh
@@ -20,7 +20,7 @@ declare -A base=(
)
declare -A extras=(
- [apache]='\nRUN a2enmod headers rewrite remoteip ;\\\n {\\\n echo RemoteIPHeader X-Real-IP ;\\\n echo RemoteIPTrustedProxy 10.0.0.0/8 ;\\\n echo RemoteIPTrustedProxy 172.16.0.0/12 ;\\\n echo RemoteIPTrustedProxy 192.168.0.0/16 ;\\\n } > /etc/apache2/conf-available/remoteip.conf;\\\n a2enconf remoteip'
+ [apache]='\nRUN a2enmod headers rewrite remoteip ;\\\n {\\\n echo RemoteIPHeader X-Real-IP ;\\\n echo RemoteIPTrustedProxy 10.0.0.0/8 ;\\\n echo RemoteIPTrustedProxy 172.16.0.0/12 ;\\\n echo RemoteIPTrustedProxy 192.168.0.0/16 ;\\\n } > /etc/apache2/conf-available/remoteip.conf;\\\n a2enconf remoteip\\\n { echo LimitRequestBody 0 ; } > /etc/apache2/conf-available/limitrequestbody.conf;\\\n a2enconf limitrequestbody'
[fpm]=''
[fpm-alpine]=''
) |
|
My workaround is a nextcloud-apache.conf with content LimitRequestBody 0 as a host-mount in my yml-file |
|
Thanks for the workaround, searched for ages. Hope this get fixed soon. |
|
Still an issue with Nextcloud 27. |
|
There are multiple parameters and conditions that affect the upload limit: https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/big_file_upload_configuration.html |
|
Optimal configuration depends on the use case, correct, but the patch I wrote would atleast work, even if not optimally. In the container setup, the only limit I'm aware off is the Apache Limit right now, making this arbitrary 1GB limitation. |
|
It's kind of embarrassing that such an issue is still not fixed after over a year. Some update quietly introduced a previously not existing upload limit. A year ago, it took me a day to figure out why this is suddenly happening. I am not aware of documentation that announced this change. Also the current README here still does not mention that there is this limit one needs to be aware of. And instead of restoring previous behavior with a simple patch, one gets some excuse like "there are additional places to set an upload limit". |
Apache's default for this changed from 0 (unlimited) to 1 GiB. This impacts non-chunking client transactions. Resolves: #35778 and #37695 and documents needed adjustments applicable to various others like nextcloud/docker#1796 Signed-off-by: Josh Richards <[email protected]>
|
Hello everyone,@J0WI,@joshtrichards I wanted to inform you that I have created a pull request to address this issue. Thank you for your attention. Your feedback and contributions are highly appreciated. |
|
Note: I still think the docker build should just revert the Apache change generally (well, at least the footgun is documented now via nextcloud/documentation#10989). No one has mentioned yet the reason for the Apache change (and Apache doesn't make it easy to find): It's CVE-2022-29404. If you have a) mod_lua and b) are running a lua script that reads unbounded input, you get a DoS if you allow unlimited LimitRequestBody. As far as I can tell neither condition a and certainly not condition b are present in the nextcloud docker image, so the change doesn't really make sense. |
Apache's default for this changed from 0 (unlimited) to 1 GiB. This impacts non-chunking client transactions. Resolves: #35778 and #37695 and documents needed adjustments applicable to various others like nextcloud/docker#1796 Signed-off-by: Josh Richards <[email protected]>
|
Fixed in #2065 |
|
So to use the fix, I would have to rebuild the docker image for apache with APACHE_BODY_LIMIT set to 0. Thus, the image from https://hub.docker.com/_/nextcloud is still unusable, unless one builds on top of it to overwrite If NextCloud thinks that limiting uploads to 1GB is a good default, then I would have expected that I could change this default by setting the apache body limit when starting the container. But for that, |
|
@svigerske No, If you're looking at the PR and trying to figure out how in the heck it works, here is a quick overview: ENV values, defined in a Dockerfile, can be overridden when starting a container. While the RUN command that references that variable does execute at build time, the value of That value will either be the default (1G, as set in the Dockerfile) or the value specified at container run time (e.g. via Line 137 in 37ee8cf https://httpd.apache.org/docs/2.4/configuring.html#syntax The same approach is used for |
|
Oh ok, you're right, single quotes. Sorry. Thanks. |
After my last docker image update I suddenly saw upload failures for very large files, even though I hadn't changed any configuration, and the nextcloud docker build also has no related configuration changes. I finally tracked the problem down to a change in Apache default configuration.
Steps to reproduce:
dd if=/dev/zero of=testfile bs=1M count=1025)curl -X PUT -H "X-Requested-With: XMLHttpRequest" -T testfile http://<shareid>:<sharepass>@<host>/public.php/webdav/testfilecurl -X PUT -H "X-Requested-With: XMLHttpRequest" -T testfile http://<shareid>:<sharepass>@<host>/public.php/webdav/testfile2Actual result:
Step 5 works, Step 7 doesn't work. A smaller testfile (
dd if=/dev/zero of=testfile bs=1M count=1024) will still work with the new image.Root cause: https://httpd.apache.org/docs/current/en/mod/core.html#limitrequestbody has changed default value in Apache version 2.4.53 from 0 (unlimited) to 1073741824. Note: This also means the the various documentation entries about increasing PHP_UPLOAD_LIMIT etc. don't apply.
IMHO this is a regression, and the apache nextcloud docker image should change the builtin Apache configuration back to the old value of 0 (unlimited).
The text was updated successfully, but these errors were encountered: