Closed chaospheremk closed 2 weeks ago
ssddanbrown
commented
3 weeks ago Whatever is generated via that appkey command should be fine, since it's just running the key:generate command we suggest anyway: https://github.com/linuxserver/docker-bookstack/blob/1eb8aa7e866a2d2d0303a393c23e381b340a4f9c/root/appkey
chaospheremk
commented
3 weeks ago @ssddanbrown Well, as an update... just for kicks I generated my own 32 character key, plugged it in, and now bookstack is working. So it appears that what was generated by the appkey command is unfortunately not fine. What it generates is too long for bookstack to be able to use.
There might be a problem with the key:generate command and the default number of characters? It appears 44 characters is too long of a key for a default installation. Or am I missing something?
Second, is there any issue with me generating my own key? I didn't use key:generate and just used a powershell function I personally created to generate a random password at variable lengths.
cgaskins-tx
commented
3 weeks ago I am running in to the exact same problem with Ubuntu 24.04 as the docker host + MariaDB.
production.ERROR: Unsupported cipher or incorrect key length.
I generated my key using the documented command:
docker run -it --rm --entrypoint /bin/bash lscr.io/linuxserver/bookstack:latest appkey
Which generates a key but causes the error above at runtime.
I tried generating my own key as follows and I still get the same error.
openssl rand -base64 32
@chaospheremk - How did you generate your own key?
cgaskins-tx
commented
3 weeks ago Well never mind... I was generating a key to long - duh...
Tried again with the following:
openssl rand -base64 24
It worked perfectly. I am up and running now. :-)
ssddanbrown
commented
3 weeks ago @chaospheremk @cgaskins-tx When you were using the appkey command were you just taking the text after the base64: in the output string? If so, that could be the issue, that should be part of the value:
APP_KEY="base64:gJJbTsv2CTPeHrCOmu0crY65zypNC747jgMHvYEUlto="The desired value is 32 bytes, which is what that command provides, but it is represented base64 encoded which results in a longer string.
Second, is there any issue with me generating my own key?
Don't think any major issue, might just be less secure (using a narrower range of bytes within the key).
cgaskins-tx
commented
3 weeks ago @chaospheremk @cgaskins-tx When you were using the
appkeycommand were you just taking the text after thebase64:in the output string? If so, that could be the issue, that should be part of the value:APP_KEY="base64:gJJbTsv2CTPeHrCOmu0crY65zypNC747jgMHvYEUlto="The desired value is 32 bytes, which is what that command provides, but it is represented base64 encoded which results in a longer string.
Second, is there any issue with me generating my own key?
Don't think any major issue, might just be less secure (using a narrower range of bytes within the key).
Yes sir. I did NOT include the "base64:" so that was probably the issue. I apologize for the mistake.
chaospheremk
commented
2 weeks ago I am running in to the exact same problem with Ubuntu 24.04 as the docker host + MariaDB.
production.ERROR: Unsupported cipher or incorrect key length.I generated my key using the documented command:
docker run -it --rm --entrypoint /bin/bash lscr.io/linuxserver/bookstack:latest appkeyWhich generates a key but causes the error above at runtime.
I tried generating my own key as follows and I still get the same error.
openssl rand -base64 32@chaospheremk - How did you generate your own key?
I generated it with a custom powershell function I created for randomly generating passwords
function New-ComplexPassword {
[CmdletBinding()]
param ( [int]$Length = 16 )
Begin {
$upperCase = [char[]]"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
$lowerCase = [char[]]"abcdefghijklmnopqrstuvwxyz"
$digits = [char[]]"0123456789"
$specialChars = [char[]]"!@#$%^&*()-_=+[]{}|;:,.<>?/"
# Combine all character sets
[char[]]$allChars = $upperCase + $lowerCase + $digits + $specialChars
}
Process {
$passwordList = [System.Collections.Generic.List[PSObject]]::new()
$passwordList.Add(($upperCase | Get-SecureRandom))
$passwordList.Add(($lowerCase | Get-SecureRandom))
$passwordList.Add(($digits | Get-SecureRandom))
$passwordList.Add(($specialChars | Get-SecureRandom))
# Generate the remaining characters randomly
for ($i = $passwordList.count; $i -lt $Length; $i++) { $passwordList.Add(($allChars | Get-SecureRandom)) }
# Convert the password array to a string and return
[string]$passwordString = ($passwordList | Get-SecureRandom -Shuffle) -join ''
$passwordString
}
}I took the output from the above function New-ComplexPassword -Length 32 and just plugged it in. It worked fine. After reading the above conversation it's possible I did not include base64: in my value as well.
ssddanbrown
commented
2 weeks ago Okay, thanks for confirming. I'll therefore close this off but if this continues to occur I'll look to collaborate with the linuxserver team to improve their guidance around this.
Attempted Debugging
Searched GitHub Issues
Describe the Scenario
The problem is that after a fresh install/setup of bookstack, I go to the bookstack URL I configured and see a header of "An Error Occurred" with the content under it showing "An unknown error occurred"
This is a fresh install of bookstack via docker-compose. I'm using mariadb as the mysql database. I did use the recommendation in the documentation to generate the APP_KEY with the following command
docker run -it --rm --entrypoint /bin/bash lscr.io/linuxserver/bookstack:latest appkeyThis generates a 44 character APP_KEY. However, online documentation seems to indicate that it should be a 32 character key? I'm not entirely sure.
Other documentation suggests using
php artisan key:generateandphp artisan migratebut that appears to be for a manual install. I'm not sure how I would or could accomplish the same thing when installing via docker compose.Exact BookStack Version
v24.10-ls170
Log Content
With APP_DEBUG not set to true:
Details
``` > [2024-10-25 15:02:24] production.ERROR: Unsupported cipher or incorrect key length. Supported ciphers are: aes-128-cbc, aes-256-cbc, aes-128-gcm, aes-256-gcm. {"exception":"[object] (RuntimeException(code: 0): Unsupported cipher or incorrect key length. Supported ciphers are: aes-128-cbc, aes-256-cbc, aes-128-gcm, aes-256-gcm. at /app/www/vendor/laravel/framework/src/Illuminate/Encryption/Encrypter.php:55) > [stacktrace] > #0 /app/www/vendor/laravel/framework/src/Illuminate/Encryption/EncryptionServiceProvider.php(32): Illuminate\\Encryption\\Encrypter->__construct() > #1 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(908): Illuminate\\Encryption\\EncryptionServiceProvider->Illuminate\\Encryption\\{closure}() > #2 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(795): Illuminate\\Container\\Container->build() > #3 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(961): Illuminate\\Container\\Container->resolve() > #4 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(731): Illuminate\\Foundation\\Application->resolve() > #5 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(946): Illuminate\\Container\\Container->make() > #6 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(1066): Illuminate\\Foundation\\Application->make() > #7 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(982): Illuminate\\Container\\Container->resolveClass() > #8 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(943): Illuminate\\Container\\Container->resolveDependencies() > #9 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(795): Illuminate\\Container\\Container->build() > #10 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(961): Illuminate\\Container\\Container->resolve() > #11 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(731): Illuminate\\Foundation\\Application->resolve() > #12 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(946): Illuminate\\Container\\Container->make() > #13 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(255): Illuminate\\Foundation\\Application->make() > #14 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(213): Illuminate\\Foundation\\Http\\Kernel->terminateMiddleware() > #15 /app/www/public/index.php(56): Illuminate\\Foundation\\Http\\Kernel->terminate() > #16 {main} ```
With APP_DEBUG set to true, I can go to the bookstack ip and see the following:
Error RuntimeException Unsupported cipher or incorrect key length. Supported ciphers are: aes-128-cbc, aes-256-cbc, aes-128-gcm, aes-256-gcm.
Environment PHP Version: 8.3.12 BookStack Version: v24.10
Stack Trace
Details
``` > #0 /app/www/vendor/laravel/framework/src/Illuminate/Encryption/EncryptionServiceProvider.php(32): Illuminate\Encryption\Encrypter->__construct() > #1 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(908): Illuminate\Encryption\EncryptionServiceProvider->Illuminate\Encryption\{closure}() > #2 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(795): Illuminate\Container\Container->build() > #3 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(961): Illuminate\Container\Container->resolve() > #4 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(731): Illuminate\Foundation\Application->resolve() > #5 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(946): Illuminate\Container\Container->make() > #6 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(1066): Illuminate\Foundation\Application->make() > #7 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(982): Illuminate\Container\Container->resolveClass() > #8 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(943): Illuminate\Container\Container->resolveDependencies() > #9 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(795): Illuminate\Container\Container->build() > #10 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(961): Illuminate\Container\Container->resolve() > #11 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(731): Illuminate\Foundation\Application->resolve() > #12 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(946): Illuminate\Container\Container->make() > #13 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(172): Illuminate\Foundation\Application->make() > #14 /app/www/app/Http/Middleware/ApplyCspRules.php(33): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}() > #15 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): BookStack\Http\Middleware\ApplyCspRules->handle() > #16 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(119): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}() > #17 /app/www/vendor/laravel/framework/src/Illuminate/Routing/Router.php(805): Illuminate\Pipeline\Pipeline->then() > #18 /app/www/vendor/laravel/framework/src/Illuminate/Routing/Router.php(784): Illuminate\Routing\Router->runRouteWithinStack() > #19 /app/www/vendor/laravel/framework/src/Illuminate/Routing/Router.php(748): Illuminate\Routing\Router->runRoute() > #20 /app/www/vendor/laravel/framework/src/Illuminate/Routing/Router.php(737): Illuminate\Routing\Router->dispatchToRoute() > #21 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(200): Illuminate\Routing\Router->dispatch() > #22 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(144): Illuminate\Foundation\Http\Kernel->Illuminate\Foundation\Http\{closure}() > #23 /app/www/app/Http/Middleware/PreventResponseCaching.php(21): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}() > #24 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): BookStack\Http\Middleware\PreventResponseCaching->handle() > #25 /app/www/vendor/laravel/framework/src/Illuminate/Http/Middleware/TrustProxies.php(39): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}() > #26 /app/www/app/Http/Middleware/TrustProxies.php(41): Illuminate\Http\Middleware\TrustProxies->handle() > #27 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): BookStack\Http\Middleware\TrustProxies->handle() > #28 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}() > #29 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TrimStrings.php(40): Illuminate\Foundation\Http\Middleware\TransformsRequest->handle() > #30 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\Foundation\Http\Middleware\TrimStrings->handle() > #31 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}() > #32 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\Foundation\Http\Middleware\ValidatePostSize->handle() > #33 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestsDuringMaintenance.php(99): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}() > #34 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\Foundation\Http\Middleware\PreventRequestsDuringMaintenance->handle() > #35 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(119): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}() > #36 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(175): Illuminate\Pipeline\Pipeline->then() > #37 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(144): Illuminate\Foundation\Http\Kernel->sendRequestThroughRouter() > #38 /app/www/public/index.php(52): Illuminate\Foundation\Http\Kernel->handle() > #39 {main} ```
Hosting Environment
I am simply trying to host bookstack via Docker with docker compose. Host OS is Ubuntu 24.04.