search

andrii-kryvoviaz / slink

Self-hosted image sharing service.
GNU Affero General Public License v3.0
306 stars 9 forks source link

TypeError: fetch failed | code: 'UND_ERR_INVALID_ARG' #14

Closed badmark closed 6 months ago

badmark commented 6 months ago

Running in a Docker container behind an Nginx reverse proxy, cannot upload images.

Docker log error:
4/12/2024 11:18:09 PM TypeError: fetch failed
4/12/2024 11:18:09 PM    at Object.fetch (node:internal/deps/undici/undici:11372:11)
4/12/2024 11:18:09 PM    at process.processTicksAndRejections (node:internal/process/task_queues:95:5) {
4/12/2024 11:18:09 PM  cause: _InvalidArgumentError: invalid connection header
4/12/2024 11:18:09 PM      at processHeader (node:internal/deps/undici/undici:6430:17)
4/12/2024 11:18:09 PM      at new _Request (node:internal/deps/undici/undici:6259:13)
4/12/2024 11:18:09 PM      at [http1 build request] (node:internal/deps/undici/undici:6352:16)
4/12/2024 11:18:09 PM      at [dispatch] (node:internal/deps/undici/undici:7429:139)
4/12/2024 11:18:09 PM      at Intercept (node:internal/deps/undici/undici:7113:20)
4/12/2024 11:18:09 PM      at [Intercepted Dispatch] (node:internal/deps/undici/undici:5784:16)
4/12/2024 11:18:09 PM      at Client.dispatch (node:internal/deps/undici/undici:5800:44)
4/12/2024 11:18:09 PM      at [dispatch] (node:internal/deps/undici/undici:6019:32)
4/12/2024 11:18:09 PM      at Pool.dispatch (node:internal/deps/undici/undici:5800:44)
4/12/2024 11:18:09 PM      at [dispatch] (node:internal/deps/undici/undici:9035:27) {
4/12/2024 11:18:09 PM    code: 'UND_ERR_INVALID_ARG'
4/12/2024 11:18:09 PM  }
4/12/2024 11:18:09 PM }

Client side error:

POST https://**<redacted>**/upload 500 (Internal Server Error)
window.fetch @ entry.C2FYQVlU.js:1
ve @ entry.C2FYQVlU.js:1
fetch @ entry.C2FYQVlU.js:1
fetch @ Client.B_Ku4AZX.js:1
post @ Client.B_Ku4AZX.js:1
upload @ Client.B_Ku4AZX.js:1
(anonymous) @ 12.CEcAHsjR.js:3
b @ ReactiveState.C9IfZTIY.js:1
x @ 12.CEcAHsjR.js:7
(anonymous) @ scheduler.DYRTyI_T.js:1
ie @ scheduler.DYRTyI_T.js:1
r @ 12.CEcAHsjR.js:1
andrii-kryvoviaz commented 6 months ago

May you share your nginx config, so I can reproduce the issue?

badmark commented 6 months ago

I also get error accessing by it's local IP but I assumed that was because of the domain being passed into the docker.

Here is the Nginx config with domain redacted:

server {
    server_name ********;
    listen 80;

    location ~ /.well-known 
    {
        allow all;
        root /usr/share/nginx/html;
    }

location /{
  return 301 https://$server_name$request_uri;

    }

}

server {
    listen 443 ssl;
    server_name *********;

    real_ip_header X-Forwarded-For;
    client_max_body_size 30M;
    client_body_buffer_size 512M;

    ssl_certificate /etc/letsencrypt/live/*******/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/*******/privkey.pem;

    #ssl on;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_dhparam /etc/ssl/certs/dhparam.pem;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:50m;
        ssl_stapling on;
        ssl_stapling_verify on;
        add_header Strict-Transport-Security max-age=15768000;

    access_log            /var/log/nginx/******.access.log;
    error_log            /var/log/nginx/******.error.log;

    location / {

        proxy_pass http://*.*.*.*:24750;

        proxy_redirect off;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_ssl_server_name on;

    }

    }

Thank you.

andrii-kryvoviaz commented 6 months ago

Here is a little update, for some reason fetch does not recognize Connection header when form-data is submitted.

Hence the issue is in line:

proxy_set_header Connection "upgrade";

If I recall it right this header is used with websockets, so not sure whether it is needed here. For safety, I might just need to drop this header when it makes an API call.

badmark commented 6 months ago

That did the trick, thank you!

andrii-kryvoviaz commented 6 months ago

I dug a little bit more on this issue and it seems to be related to this nodejs/undici#1470.

In the next patch I intend just to strip unwanted headers from beeing passed to the API.