davidovski
commented
11 months ago Can't seem to replicate on search.davidovski.xyz, version 217601a. Might be a config related issue?
Closed codedipper closed 11 months ago
davidovski
commented
11 months ago Can't seem to replicate on search.davidovski.xyz, version 217601a. Might be a config related issue?
Ahwxorg
commented
11 months ago Can't replicate it either, I don't think this is an issue with LibreY.
codedipper
commented
11 months ago It may indeed be a config issue. I am able to reproduce on my onion service (librex.revvybrr6pvbx4n3j4475h4ghw4elqr4t5xo2vtd3gfpu2nrsnhh57id.onion). I am not able to replicate on my clearnet domains or on any other onion domains.
davidovski
commented
11 months ago Can you send your config files/ so I can see if I can replicate it? If you don't want to post them here I don't mind if its over matrix. Probably still worth looking into this because it may affect other unknown instances.
codedipper
commented
11 months ago Can you send your config files/ so I can see if I can replicate it? If you don't want to post them here I don't mind if its over matrix. Probably still worth looking into this because it may affect other unknown instances.
config.php
<?php
return (object) array(
// e.g.: fr -> https://google.fr/
"google_domain" => "ca",
// Results will be in this language
"language" => "en",
"number_of_results" => 10,
// You can use any Invidious instance here
"invidious_instance_for_video_results" => "https://yt.revvy.de",
"disable_bittorent_search" => false,
"bittorent_trackers" => "&tr=http://nyaa.tracker.wf:7777/announce&tr=udp://open.stealth.si:80/announce&tr=udp://tracker.opentrackr.org:1337/announce&tr=udp://exodus.desync.com:6969/announce&tr=udp://tracker.torrent.eu.org:451/announce",
"disable_hidden_service_search" => false,
// Fallback to another librex instance if google search fails
// This may greatly increase the time it takes to get a result, if a direct search is not possible
"instance_fallback" => false,
// how long in minutes to put google/other instances on cooldown if they aren't responding
"request_cooldown" => 3,
// how long in minutes to store results for in the cache
"cache_time" => 60,
/*
Preset privacy friendly frontends for users, these can be overwritten by users in the settings
e.g.: Preset the invidious instance URL: "instance_url" => "https://yewtu.be",
*/
"frontends" => array(
"invidious" => array(
"instance_url" => "http://rev46ursgvexwbhmc3slf7ens7i4efhpd6dl5d75zqb4h6mn7uhq.b32.i2p",
"project_url" => "https://docs.invidious.io/instances/",
"original_name" => "YouTube",
"original_url" => "youtube.com"
),
"rimgo" => array(
"instance_url" => "http://revohjpv525lwqzfn4wzyp2iex45r4rfsp57lcje2u64l4te6ejq.b32.i2p",
"project_url" => "https://codeberg.org/video-prize-ranch/rimgo#instances",
"original_name" => "Imgur",
"original_url" => "imgur.com"
),
"scribe" => array(
"instance_url" => "http://revau6vctsjqsyy5eihtiijgyb6ku56exnuzrvkjnsr2hl3uvxpq.b32.i2p",
"project_url" => "https://git.sr.ht/~edwardloveall/scribe/tree/main/docs/instances.md",
"original_name" => "Medium",
"original_url" => "medium.com"
),
"gothub" => array(
"instance_url" => "http://rev7s77rcmtl42weyf363hytixmijsaocd677awj4cf5mzu2xxoa.b32.i2p",
"project_url" => "https://codeberg.org/gothub/gothub#instances",
"original_name" => "GitHub",
"original_url" => "github.com"
),
"nitter" => array(
"instance_url" => "http://rev7kfnpeb7g7m5wgurbgpidlaalxtzj4sytlldgsoutwesdu5ba.b32.i2p",
"project_url" => "https://github.com/zedeus/nitter/wiki/Instances",
"original_name" => "Twitter",
"original_url" => "twitter.com"
),
"libreddit" => array(
"instance_url" => "http://revypwtfgicxgkqrcyq4evja5z3jct47cyh6ra6kvxlybhbvhpka.b32.i2p",
"project_url" => "https://github.com/libreddit/libreddit-instances/blob/master/instances.md",
"original_name" => "Reddit",
"original_url" => "reddit.com"
),
"proxitok" => array(
"instance_url" => "http://revuawxvbizu5yi5l3ontcihwydld2qpdupw2ejf7ben2wag6alq.b32.i2p",
"project_url" => "https://github.com/pablouser1/ProxiTok/wiki/Public-instances",
"original_name" => "TikTok",
"original_url" => "tiktok.com"
),
"wikiless" => array(
"instance_url" => "http://revlnnsvwajkgw7rg6aqyxk6ltvdcasi6utmjowkrkff2su5d6za.b32.i2p",
"project_url" => "https://github.com/Metastem/wikiless#instances",
"original_name" => "Wikipedia",
"original_url" => "wikipedia.org"
),
"quetre" => array(
"instance_url" => "http://revgjjxqbj5fmeckuhoqw5xt5lyajaslswqdohvzciq4ezo547ga.b32.i2p",
"project_url" => "https://github.com/zyachel/quetre#instances",
"original_name" => "Quora",
"original_url" => "quora.com"
),
"libremdb" => array(
"instance_url" => "http://revbf35yfwnlqbydvkme3s3ntzhhhjrcaat6a7ro2z7kuig3m7ma.b32.i2p",
"project_url" => "https://github.com/zyachel/libremdb#instances",
"original_name" => "IMDb",
"original_url" => "imdb.com"
),
"breezewiki" => array(
"instance_url" => "http://revllxvdydtfuhkilvr3cfqupqq52v5ifgrdgff35p44gfg3kepq.b32.i2p",
"project_url" => "https://docs.breezewiki.com/Links.html",
"original_name" => "Fandom",
"original_url" => "fandom.com"
),
"anonymousoverflow" => array(
"instance_url" => "http://revoqfju6mgi55ujjhfnnywftj67236ej7iwx4adiodcbiqijmiq.b32.i2p",
"project_url" => "https://github.com/httpjamesm/AnonymousOverflow#clearnet-instances",
"original_name" => "StackOverflow",
"original_url" => "stackoverflow.com"
),
"suds" => array(
"instance_url" => "http://revjkbftx2csglc3pcf7bavvprpbbropjqfyio3x5536hyqaem4a.b32.i2p",
"project_url" => "https://git.vern.cc/cobra/Suds/src/branch/main/instances.json",
"original_name" => "Snopes",
"original_url" => "snopes.com"
),
"biblioreads" => array(
"instance_url" => "http://revptzkgftlyslkkokjyytaasjz6v6djxe4pr45ihlusflu2vmda.b32.i2p",
"project_url" => "https://github.com/nesaku/BiblioReads#instances",
"original_name" => "Goodreads",
"original_url" => "goodreads.com"
)
),
"preferred_engines" => array(
/* replace with "text" => "duckduckgo" to use duckduckgo instead
* (recommended if being ratelimited */
"text" => "google"
// "text" => "duckduckgo"
),
/*
To send requests trough a proxy uncomment CURLOPT_PROXY and CURLOPT_PROXYTYPE:
CURLOPT_PROXYTYPE options:
CURLPROXY_HTTP
CURLPROXY_SOCKS4
CURLPROXY_SOCKS4A
CURLPROXY_SOCKS5
CURLPROXY_SOCKS5_HOSTNAME
!!! ONLY CHANGE THE OTHER OPTIONS IF YOU KNOW WHAT YOU ARE DOING !!!
*/
"curl_settings" => array(
CURLOPT_PROXY => "127.0.0.1:9050",
CURLOPT_PROXYTYPE => CURLPROXY_SOCKS5,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_USERAGENT => "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:116.0) Gecko/20100101 Firefox/116.0", // For a normal Windows 10 PC running Firefox x64
CURLOPT_IPRESOLVE => CURL_IPRESOLVE_WHATEVER,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_PROTOCOLS => CURLPROTO_HTTPS | CURLPROTO_HTTP,
CURLOPT_REDIR_PROTOCOLS => CURLPROTO_HTTPS | CURLPROTO_HTTP,
CURLOPT_MAXREDIRS => 5,
CURLOPT_TIMEOUT => 3,
CURLOPT_VERBOSE => false,
CURLOPT_FOLLOWLOCATION => true
)
);
?>/etc/nginx/common/revekebotog64xrrammtsmjwtwlg3vqyzwdurzt2pu6botg4bejq.b32.i2p
add_header Content-Security-Policy "default-src 'none'; style-src 'self'; img-src 'self'";
add_header X-Frame-Options "DENY" always;
add_header X-Content-Type-Options "nosniff";
root /var/www/html/revekebotog64xrrammtsmjwtwlg3vqyzwdurzt2pu6botg4bejq.b32.i2p;
index index.php;
if ($http_user_agent ~ (Bytespider)) {
return 403;
}
if ($http_user_agent ~ (GPTBot)) {
return 403;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php-fpm.sock;
}/etc/nginx/snippets/fastcgi-php.conf
# regex to split $uri to $fastcgi_script_name and $fastcgi_path
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
# Check that the PHP script exists before passing it
try_files $fastcgi_script_name =404;
# Bypass the fact that try_files resets $fastcgi_path_info
# see: http://trac.nginx.org/nginx/ticket/321
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
fastcgi_index index.php;
include snippets/fastcgi.conf;/etc/nginx/snippets/fastcgi.conf
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;$ /sbin/nginx -V
nginx version: nginx/1.25.2
built by gcc 12.2.0 (Debian 12.2.0-14)
built with LibreSSL 3.7.3
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g -O2 -ffile-prefix-map=/data/builder/debuild/nginx-1.24.0/debian/debuild-base/nginx-1.24.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie' --with-openssl=../libressl-3.7.3 --with-http_v3_module$ /bin/php -v
PHP 8.2.7 (cli) (built: Jun 9 2023 19:37:27) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.2.7, Copyright (c) Zend Technologies
with Zend OPcache v8.2.7, Copyright (c), by Zend TechnologiesThe new nginx is not the problem, the same issue occurred before I upgraded.
davidovski
commented
11 months ago With config only, I can't seem to replicate it via the php8 testing server, however I did notice that I don't get any results whatsoever, since my proxy at 9050 is tor and google doesn't give results without a captcha for tor users. Its unrelated but it might be an issue. What sort of proxy do you have on port 9050?
Also might be worth checking nginx error logs if there are any, those usually report why there was a 502, or an issue that caused that to happen.
codedipper
commented
11 months ago With config only, I can't seem to replicate it via the php8 testing server, however I did notice that I don't get any results whatsoever, since my proxy at 9050 is tor and google doesn't give results without a captcha for tor users. Its unrelated but it might be an issue. What sort of proxy do you have on port 9050?
It is in fact Tor. It doesn't cause any problems for me and it is not related to the issue.
Also might be worth checking nginx error logs if there are any, those usually report why there was a 502, or an issue that caused that to happen.
I did exactly that.
Ahwxorg
commented
11 months ago Do we close this issue? I don't see it having a use at the moment.
davidovski
commented
11 months ago I did exactly that.
My bad, I forgot this was included in the original post.
I'm assuming that this is happening due to too many cookies being set when saving. I have probably not been able to replicate it since I havent been setting all of the settings fields. I'll do some more testing and see exactly how many cookies are being set. I don't think there is a limit in the HTTP spec for how big the header can be but apparently webservers often have a limitation, (ie nginx is 8K, at least what i can gather from a quick search)
codedipper
commented
11 months ago I set those values to unreasonable amounts and the issue still occurs.
fastcgi_buffers 128 512k;
fastcgi_busy_buffers_size 1024k;
Steps to reproduce:
Error:
2023/09/23 03:15:40 [error] 1126332#1126332: *308760 upstream sent too big header while reading response header from upstream, client: 127.106.15.158, server: revekebotog64xrrammtsmjwtwlg3vqyzwdurzt2pu6botg4bejq.b32.i2p, request: "POST /settings.php HTTP/1.1", upstream: "fastcgi://unix:/run/php/php-fpm.sock:", host: "revekebotog64xrrammtsmjwtwlg3vqyzwdurzt2pu6botg4bejq.b32.i2p"Version: 217601aa49cca0159523d244bc97d56b9421c236