Open prohtex opened 7 months ago
I must admin, setting up OIDC is sometimes a bit hard.
Can your ocis reach the idp from inside your host?
You should be able to do a curl
to https://ocis.server.com/.well-known/openid-configuration
In your logs, I also see a lot of errors which indicate that ocis could not read from the filesystem. Maybe a permissions problem?
In your logs, I also see a lot of errors which indicate that ocis could not read from the filesystem. Maybe a permissions problem?
The only way I could get the binary to run as a launchctl service (macOS daemon) was to run as root. The ocis directory permissions are as follows:
user$ ls -lah ocis
total 32
drwxr-xr-x 12 user staff 408B Feb 4 13:51 .
drwxrwxr-x 11 user staff 442B Feb 5 23:56 ..
-rw-r--r--@ 1 user staff 8.0K Feb 4 13:51 .DS_Store
drwx------ 5 user staff 170B Feb 4 04:27 idm
drwx------ 5 user staff 170B Feb 4 04:27 idp
drwxr-x--- 4 user staff 136B Feb 4 13:51 nats
drwx------ 4 user staff 136B Feb 4 04:27 proxy
drwx------ 4 user staff 136B Feb 4 13:51 search
drwx------ 6 user staff 204B Feb 4 13:51 storage
drwx------ 5 user staff 170B Feb 4 15:17 store
drwx------ 4 user staff 136B Feb 4 13:51 thumbnails
drwxr-x--- 3 user staff 102B Feb 4 04:43 web
You can see macOS pollutes the directory tree with those cursed .DS_Store files. This used to be an issue for OC10 any time I would browse the data directory.
I must admin, setting up OIDC is sometimes a bit hard.
Can your ocis reach the idp from inside your host?
You should be able to do a
curl
tohttps://ocis.server.com/.well-known/openid-configuration
Yes, it can.
I must admin, setting up OIDC is sometimes a bit hard.
Can your ocis reach the idp from inside your host?
You should be able to do a
curl
tohttps://ocis.server.com/.well-known/openid-configuration
Hi @micbar can you provide more information about how I might change the token expiry? I tried this but it had no effect: IDP_ACCESS_TOKEN_EXPIRATION=2592000 IDP_ID_TOKEN_EXPIRATION=2592000
Here is my test procedure:
I can reproduce this issue in every test environment I try, including OCIS 4.0.6, OCIS latest, ocis_wopi, Darwin binary, Ubuntu inside VM, everything, including the OCIS continual deployment test server as documented in owncloud/web#10474. Is there some extra process to configure OIDC that is undocumented or am I the only one trying to upload large files to OCIS?
Thank you for your help!
same problem here, doesn't matter if I use android client, web client, rclone, everything above 20mb is causing the same error you have
guys 😄 we are using our own software too 😏 and we have a ton of tests running. Large file uploads are working on our instances.
Please check https://owncloud.dev/ocis/deployment/continuous_deployment/
Can you please post the errors or a screenshot of the network tab of the browser dev tools?
I uploaded an example large file upload. You can see in my example that the TUS upload creates the upload with a POST request and executes PATCH request to the /data/<uploadID>
endpoint.
I would suggest, that your problem is somewhere in that area.
@prohtex @appiekap653
We have the linked web issue. This is indeed not nice. I must admit that i didn't run into that in real life or in End2End tests. But i always have my browser tab focused. Same in the Tests.
@appiekap653 I am a bit puzzled with that reference to the other clients.
@jesmrec Can you clarify android?
rclone
@appiekap653 How do you connect with rclone? Rclone needs to refresh access tokens too.
@prohtex @appiekap653
We have the linked web issue. This is indeed not nice. I must admit that i didn't run into that in real life or in End2End tests. But i always have my browser tab focused. Same in the Tests.
@appiekap653 I am a bit puzzled with that reference to the other clients.
@jesmrec Can you clarify android?
rclone
@appiekap653 How do you connect with rclone? Rclone needs to refresh access tokens too.
I connect with RClone following the inductions from this link
https://owncloud.dev/clients/rclone/webdav-sync-oidc/
Ocis is setup with all basic settings following the deployment example. Only thing that is configured differently is the Idp provider. I'm using an external provider (Authentik). In Authentik I have set the access token to be valid for 24 hours until it needs to be refreshed. Despite the 24 hours duration I still get errors with Rclone, Android and web clients when uploading any type of file greater than 20mb
Rclone gives this message:
DEBUG : webdav root '': Bearer token expired: 401
Unauthorized ERROR : rc: "operations/uploadfile": error: Bad Gateway: 502 Bad Gateway
It looks like it is also related and likewise to:
@appiekap653 I doubt that the issue with web is related. Web has an issue with tab throttling which leads to timing problems during the token refresh.
Hi All, I'm a longtime OC user excited to move to OCIS after experiencing issues with large file uploads over the years. I love OC and OCIS looks really fantastic, and seems to do everything SeaFile can do. I am excited to get it working.
Unfortunately after setting it up, I am stumped. I have a fresh install of OCIS on a macOS 12.4 host with macports. I am using 5.0.0-RC3 Darwin AMD64 binary. I did a fairly vanilla setup with the server running as a launchctl service (the only way I could get this to work was running as root):
My apache config:
Things were going pretty well, although I did notice a lot of "token expired" errors. I also noticed that WebDAV was acting weird-I could mount the share using https://ocis.server.com/remote.php/webdav/, but it seemed to mount read/write while providing only "read" functionality. I was able to open, edit and save files, but the changes were not actually written. I could also upload files, which became 0 byte files on the server. Very odd.
Here are some initial logs.
error.txt
Then when I tried to upload some files, things got really interesting.
Normally when large file uploads fail, I'd investigate Apache and PHP file and memory limits, but I don't believe those apply here. I thought permissions might be an issue-the store is located on an external disk and I did not set up a dedicated "ocis" user as the deployment instructions specify. But why would some uploads work while others fail? I am stumped!
I'd be grateful for any advice, and would like to extend a huge "thanks" to the devs who make OC so fantastic.