Walther
(Walther)
June 13, 2019, 8:24am
1
I’ve added this issue on rails/rails https://github.com/rails/rails/issues/36464 but was redirected here - fair enough (as I was not able to point to any malfunc)
Does anyone know of issues with NGINX in front of PUMA serving ActionCable and ActiveStorage?
My experience is that either I can have ActiveStorage working perfectly or I can have ActiveStorage working perfectly?!?
I have the code in this repo: GitHub - wdiechmann/sucker: A test to verify whether NGiNX reverse proxying in front of Puma does support wss and a demo here: https://sucker.alco.dk/messages
Can’t help without your Nginx config. Nginx is just a reverse proxy. There’s nothing you can do in rails that you can’t do with Nginx in front of it. There’s a problem with how you have Nginx set up, not with rails
Have you tested your app in production mode without Nginx in front of it?
Walther
(Walther)
June 13, 2019, 4:44pm
4
Hi Sampson Crowley,
Good of you to answer
Entire project on github and nginx confit in config/sucker.nginx.conf (gets linked on deploys)
Med venlig hilsen
Walther
Walther
(Walther)
June 13, 2019, 4:48pm
5
No?!
But in dev all is good - and I am not sure I can run it in production without (lots of other sites bound to 80/443
Med venlig hilsen
Walther
Walther
(Walther)
June 13, 2019, 4:51pm
6
and it’s behind a firewall exclusively offering 80/443 for this CentOS VM
Med venlig hilsen
Walther
Walther
(Walther)
June 13, 2019, 4:55pm
7
but I suspect that somehow I cannot POST more than 8-10KB to this config - so I am totally with you on the “rails is innoncent” trail
torsdag den 13. juni 2019 kl. 18.51.22 UTC+2 skrev Walther Diechmann:
Walther
(Walther)
June 13, 2019, 5:09pm
8
I looked in /var/log/nginx/sucker.error.log and see this:
/var/lib/nginx/tmp/client_body/0000000004" failed (13: Permission denied)
hmmm
This is how those folders are ‘permissioned’ (running my NGINX as user oxenserver)
[root@ruby2019 current]# ls -la /var/lib/nginx/tmp
totalt 0
drwx------. 7 oxenserver nginx 78 24 maj 20:23 .
drwx------. 3 nginx nginx 17 24 maj 20:22 …
drwx------. 2 oxenserver root 6 24 maj 20:23 client_body
drwx------. 2 oxenserver root 6 24 maj 20:23 fastcgi
drwx------. 2 oxenserver root 6 24 maj 20:23 proxy
drwx------. 2 oxenserver root 6 24 maj 20:23 scgi
drwx------. 2 oxenserver root 6 24 maj 20:23 uwsgi
Walther
(Walther)
June 13, 2019, 5:26pm
9
further I should mention probably, that SELinux is disabled -
hassan
(Hassan Schroeder)
June 13, 2019, 5:54pm
10
You can test in production *mode* locally, or on another system,
and try with and without Nginx in front. Or compare using another
proxy entirely, e.g. Squid or an AWS ELB.
Walther
(Walther)
June 13, 2019, 6:17pm
11
torsdag den 13. juni 2019 kl. 10.24.57 UTC+2 skrev Walther Diechmann:
One thing to check in these situations is whether there's an MTU
(Maximum transmission unit - Wikipedia ) mismatch
with the don't-fragment bit set. This is lower level than your app
stack but often just mentioning those words can be enough to get other
folks to fix the issue
Walther
(Walther)
June 13, 2019, 6:26pm
13
So, finally – enjoying all the positive suggestions and wishful thinking, like a caring push by the wind on my bike – I cracked it!
The giveaways were
I knew I had disabled SELinux already but little did I know that files are protected even with SELinux disabled (makes a lot of sense)
So I had to do this
yum install attr
find /var/lib/nginx -exec sudo setfattr -h -x security.selinux {} ;
cd /var/lib/nginx
chown -R oxenserver.nginx tmp
chmod 766 -R tmp
service nginx reload
(on my CentOS box with the /etc/nginx.conf user set to oxenserver)
Thank you for your attention and interest!
Walther
https://stackoverflow.com/a/35794955/9196467
you only have max body size set on https, but it in both blocks. also where is you main http block config? you can set the max body size there as well
Walther
(Walther)
June 13, 2019, 7:28pm
16
Thx Sampson - as it turned out it was SELinux and extended file attributes playing me
Added an update and how to to the repo and the thread in this group
Thx,
Walther