cannot upload more than 8-9KB in production

I’ve added this issue on rails/rails https://github.com/rails/rails/issues/36464 but was redirected here - fair enough (as I was not able to point to any malfunc)

Does anyone know of issues with NGINX in front of PUMA serving ActionCable and ActiveStorage?

My experience is that either I can have ActiveStorage working perfectly or I can have ActiveStorage working perfectly?!?

I have the code in this repo: https://github.com/wdiechmann/sucker.git and a demo here: https://sucker.alco.dk/messages

Can’t help without your Nginx config. Nginx is just a reverse proxy. There’s nothing you can do in rails that you can’t do with Nginx in front of it. There’s a problem with how you have Nginx set up, not with rails

Have you tested your app in production mode without Nginx in front of it?

Hi Sampson Crowley,

Good of you to answer :slight_smile:

Entire project on github and nginx confit in config/sucker.nginx.conf (gets linked on deploys)

Med venlig hilsen
Walther

No?!

But in dev all is good - and I am not sure I can run it in production without (lots of other sites bound to 80/443 :frowning:

Med venlig hilsen
Walther

  • and it’s behind a firewall exclusively offering 80/443 for this CentOS VM :frowning:

Med venlig hilsen
Walther

but I suspect that somehow I cannot POST more than 8-10KB to this config - so I am totally with you on the “rails is innoncent” trail :slight_smile:

torsdag den 13. juni 2019 kl. 18.51.22 UTC+2 skrev Walther Diechmann:

I looked in /var/log/nginx/sucker.error.log and see this:

/var/lib/nginx/tmp/client_body/0000000004" failed (13: Permission denied)

hmmm

This is how those folders are ‘permissioned’ (running my NGINX as user oxenserver)

[root@ruby2019 current]# ls -la /var/lib/nginx/tmp

totalt 0

drwx------. 7 oxenserver nginx 78 24 maj 20:23 .

drwx------. 3 nginx nginx 17 24 maj 20:22 …

drwx------. 2 oxenserver root 6 24 maj 20:23 client_body

drwx------. 2 oxenserver root 6 24 maj 20:23 fastcgi

drwx------. 2 oxenserver root 6 24 maj 20:23 proxy

drwx------. 2 oxenserver root 6 24 maj 20:23 scgi

drwx------. 2 oxenserver root 6 24 maj 20:23 uwsgi

further I should mention probably, that SELinux is disabled -

You can test in production *mode* locally, or on another system,
and try with and without Nginx in front. Or compare using another
proxy entirely, e.g. Squid or an AWS ELB.

torsdag den 13. juni 2019 kl. 10.24.57 UTC+2 skrev Walther Diechmann:

One thing to check in these situations is whether there's an MTU
(https://en.wikipedia.org/wiki/Maximum_transmission_unit) mismatch
with the don't-fragment bit set. This is lower level than your app
stack but often just mentioning those words can be enough to get other
folks to fix the issue :slight_smile:

So, finally – enjoying all the positive suggestions and wishful thinking, like a caring push by the wind on my bike – I cracked it!

:smiley:

The giveaways were

  • /var/lib/nginx/tmp/client_body/0000000004" failed (13: Permission denied) in /var/log/nginx/sucker.error.log

  • the ‘dot’ after the files!

I knew I had disabled SELinux already but little did I know that files are protected even with SELinux disabled (makes a lot of sense)

So I had to do this

yum install attr

find /var/lib/nginx -exec sudo setfattr -h -x security.selinux {} ;

cd /var/lib/nginx

chown -R oxenserver.nginx tmp

chmod 766 -R tmp

service nginx reload

(on my CentOS box with the /etc/nginx.conf user set to oxenserver)

Thank you for your attention and interest!

Walther

https://stackoverflow.com/a/35794955/9196467

you only have max body size set on https, but it in both blocks. also where is you main http block config? you can set the max body size there as well

*put it in both blocks

Thx Sampson - as it turned out it was SELinux and extended file attributes playing me :confused:

Added an update and how to to the repo and the thread in this group

Thx,

Walther