Bug: Could not create secure SSL/TLS channel (TLS 1.3)

sh0tx420 commented 9 months ago

What happened?

I can upload the pictures to the Zipline instance but instead of receiving the URL i get this error.

I'm running Zipline through a docker container, and then reverse proxying it with nginx. Also running the domain through Cloudflare with TLS v1.3 being the only allowed TLS version, and Full (strict) encryption mode. Very similar setup as #128. For me, forcing TLS 1.2 doesn't work no matter what.

As a side note, for some reason the images now get uploaded 2 times (there was a time where it didn't).

Version

latest (ghcr.io/diced/zipline or ghcr.io/diced/zipline:latest)

What browser(s) are you seeing the problem on?

No response

Zipline Logs

debian@vps-REDACTED:~/docker/zipline$ docker container logs 6d1dd0c40d35
2023-12-05 01:54:38,086 PM debug [config] attemping to read .env.local/.env or environment variables
2023-12-05 01:54:38,089 PM debug [config] Attemping to validate {"core":{"return_https":false,"secret":"REDACTED","host":"0.0.0.0","port":7510,"database_url":"postgresql://postgres:REDACTED@db.REDACTED.supabase.co:5432/postgres","logger":true},"datasource":{"type":"supabase","supabase":{"url":"https://REDACTED.supabase.co","key":"REDACTED","bucket":"zipline"}}}
2023-12-05 01:54:38,091 PM debug [config] Recieved config: {"core":{"secret":"REDACTED","database_url":"postgresql://postgres:REDACTED@db.REDACTED.supabase.co:5432/postgres","return_https":false,"temp_directory":"/tmp/zipline","host":"0.0.0.0","port":7510,"logger":true,"stats_interval":1800,"invites_interval":1800,"thumbnails_interval":600,"compression":{"enabled":false,"on_dashboard":false}},"datasource":{"type":"supabase","local":{"directory":"./uploads"},"supabase":{"url":"https://REDACTED.supabase.co","key":"REDACTED","bucket":"zipline"}},"uploader":{"default_format":"RANDOM","route":"/u","embed_route":"/a","length":6,"admin_limit":104857600,"user_limit":104857600,"disabled_extensions":[],"format_date":"YYYY-MM-DD_HH:mm:ss","default_expiration":null,"assume_mimetypes":false},"urls":{"route":"/go","length":6},"ratelimit":{"user":0,"admin":0},"website":{"title":"Zipline","show_files_per_user":true,"show_version":true,"disable_media_preview":false,"external_links":[{"label":"Zipline","link":"https://github.com/diced/zipline"},{"label":"Documentation","link":"https://zipline.diced.sh/"}]},"discord":null,"oauth":null,"features":{"invites":false,"invites_length":6,"oauth_registration":false,"oauth_login_only":false,"user_registration":false,"headless":false,"default_avatar":null,"robots_txt":false,"thumbnails":false},"chunks":{"max_size":94371840,"chunks_size":20971520,"enabled":true},"mfa":{"totp_issuer":"Zipline","totp_enabled":false},"exif":{"enabled":false,"remove_gps":false},"ssl":null}
2023-12-05 01:54:38,091 PM info  [datasource] using Supabase(zipline) datasource
2023-12-05 01:54:38,108 PM debug [server] Starting server
2023-12-05 01:54:38,132 PM info  [database::migrations] establishing database connection
2023-12-05 01:54:38,134 PM info  [database::migrations] ensuring database exists, if not creating database - may error if no permissions
2023-12-05 01:54:38,972 PM info  [database::migrations] exiting migrations engine - database is up to date
2023-12-05 01:54:40,582 PM info  [server] listening on 0.0.0.0:7510
2023-12-05 01:54:40,583 PM info  [server] started production zipline@3.7.7 server
2023-12-05 01:54:41,039 PM debug [server::invites] deleted 0 used invites
2023-12-05 01:54:41,770 PM debug [server] full size: 175223
2023-12-05 01:54:41,813 PM debug [server] by user: [{"_count":{"_all":6},"userId":1},{"_count":{"_all":4},"userId":2}]
2023-12-05 01:54:41,861 PM debug [server] count users: 2
2023-12-05 01:54:42,028 PM debug [server] count by user: [{"username":"administrator","count":6},{"username":"sh0tx","count":4}]
2023-12-05 01:54:42,069 PM debug [server] count files: 10
2023-12-05 01:54:42,111 PM debug [server] sum views: {"_sum":{"views":0}}
2023-12-05 01:54:42,153 PM debug [server] types count: [{"_count":{"mimetype":10},"mimetype":"image/png"}]
2023-12-05 01:54:42,153 PM debug [server] types count: [{"mimetype":"image/png","count":10}]
2023-12-05 01:54:42,198 PM debug [server::stats] stats updated {"size":"171.1 kB","size_num":175223,"count":10,"count_by_user":[{"username":"administrator","count":6},{"username":"sh0tx","count":4}],"count_users":2,"views_count":0,"types_count":[{"mimetype":"image/png","count":10}]}
2023-12-05 01:55:07,764 PM debug [upload] recieved upload (len=1) [{"fieldname":"file","originalname":"ShareX_CuonqCwaVv.png","mimetype":"image/png","size":24555,"encoding":"7bit"}]
2023-12-05 01:55:08,613 PM info  [upload] User administrator (1) uploaded orBPLK.png (67)
2023-12-05 01:55:08,619 PM info  [server::response] POST /api/upload -> 200
2023-12-05 01:55:08,619 PM debug [server::response] {"method":"POST","url":"/api/upload","headers":{"host":"i.rc7.pw","x-real-ip":"REDACTED","x-forwarded-for":"REDACTED, REDACTED","x-forwarded-proto":"https","connection":"close","content-length":"24743","cdn-loop":"cloudflare","cf-ipcountry":"REDACTED","accept-encoding":"gzip","cf-ray":"830cc8ef2f52d91a-HEL","cf-visitor":"{\"scheme\":\"https\"}","authorization":"REDACTED","format":"random","content-type":"multipart/form-data; boundary=--------------------8dbf5aa8d2b386a","user-agent":"ShareX/15.0.0","cf-connecting-ip":"REDACTED","x-middleware-invoke":"","x-invoke-path":"/api/upload","x-invoke-query":"%7B%7D","x-invoke-output":"/api/upload","x-forwarded-host":"i.rc7.pw","x-forwarded-port":"7510"}}
2023-12-05 01:55:09,953 PM debug [upload] recieved upload (len=1) [{"fieldname":"file","originalname":"ShareX_CuonqCwaVv.png","mimetype":"image/png","size":24555,"encoding":"7bit"}]
2023-12-05 01:55:10,413 PM info  [upload] User administrator (1) uploaded MdqEpL.png (68)
2023-12-05 01:55:10,415 PM info  [server::response] POST /api/upload -> 200
2023-12-05 01:55:10,416 PM debug [server::response] {"method":"POST","url":"/api/upload","headers":{"host":"i.rc7.pw","x-real-ip":"REDACTED","x-forwarded-for":"REDACTED, REDACTED","x-forwarded-proto":"https","connection":"close","content-length":"24743","cdn-loop":"cloudflare","cf-ipcountry":"REDACTED","accept-encoding":"gzip","cf-ray":"830cc901a9b64c81-HEL","cf-visitor":"{\"scheme\":\"https\"}","authorization":"REDACTED","format":"random","content-type":"multipart/form-data; boundary=--------------------8dbf5aa8ef24e97","user-agent":"ShareX/15.0.0","cf-connecting-ip":"REDACTED","x-middleware-invoke":"","x-invoke-path":"/api/upload","x-invoke-query":"%7B%7D","x-invoke-output":"/api/upload","x-forwarded-host":"i.rc7.pw","x-forwarded-port":"7510"}}

Browser Logs

No response

Additional Info

Full ShareX error:

Error message:
The request was aborted: Could not create SSL/TLS secure channel.

Request URL:
https://i.rc7.pw/api/upload

Stack trace:
   at System.Net.HttpWebRequest.GetResponse()
   at ShareX.UploadersLib.Uploader.SendRequestFile(String url, Stream data, String fileName, String fileFormName, Dictionary`2 args, NameValueCollection headers, CookieCollection cookies, HttpMethod method, String contentType, String relatedData)

NGINX configuration:

server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;

        server_name i.rc7.pw;

        include /etc/nginx/conf.d/ssl.conf;

        index index.html;
        root /home/user/programs/zipline;
        client_max_body_size 49M;

        location / {
                proxy_pass http://127.0.0.1:7510;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
        }
}

diced commented 9 months ago

Could you upload the contents of /etc/nginx/conf.d/ssl.conf?

diced commented 8 months ago

Closing as stale.

sh0tx420 commented 7 months ago

ssl_certificate /etc/nginx/ssl/rc7.pw/origin.pem;
ssl_certificate_key /etc/nginx/ssl/rc7.pw/privkey.pem;

ssl_client_certificate /etc/nginx/ssl/authenticated_origin_pull_ca.pem;
ssl_verify_client on;

diced / zipline