I think I figured it out. Apparently there's a really low default if you don't explicitly set a max size via client_max_body_size. Setting that explicitly seemed to work.
Thanks folks. Sometimes you just need to bounce stuff off people to get to the right place.
Just did a check and when I bypass the reverse proxy it seems to work. Anyone have an idea why that would be? I have the config posted above. Argh!
Sorry for the delay, I was out of town. I do have an nginx reverse proxy in front of it, but I don't see anything in the config would restrict that. It's pretty simple:
server {
server_name tube.midwaytrades.com;
location / {
proxy_pass https://tube.midwaytrades.com;
proxy_set_header Host $host;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/tube.midwaytrades.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/tube.midwaytrades.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = tube.midwaytrades.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name tube.midwaytrades.com;
listen 80;
return 404; # managed by Certbot
}
I will try to bypass it and see if it makes a difference but if you see anything in there that would mess with that, let me know. Thanks!
Both are with Cloudron. The one that's working is on a VPS, the one that's stopping me from uploading is locally hosted. Trying to figure out where the difference may be.
Thanks
I first tried out PeerTube via Cloudron on a VSP and it seemed to work fine. So I set it up on my own system and it all seemed to install fine, but I try to upload even a reasonably sized video and it says it's too big. No quota on the user and nginx looks okay from my end, but I'll post the config here just in case I missed something. File is about 45MB, so not very big.
Any ideas?
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
map $upstream_http_referrer_policy $hrp {
default $upstream_http_referrer_policy;
"" "same-origin";
}
server {
# note listen [::]:80 only listens on ipv6 since ipv6only=on since nginx 1.3.4. listen 80 listens on ipv4 only
listen 80;
server_name tube.cloud.midwaytrades.com;
listen [::]:80;
server_tokens off; # hide version
# acme challenges
location /.well-known/acme-challenge/ {
default_type text/plain;
alias /home/yellowtent/platformdata/acme/;
}
location /notfound.html {
root /home/yellowtent/box/dashboard/dist;
try_files /notfound.html =404;
internal;
}
# for default server, serve the notfound page. for other endpoints, redirect to HTTPS
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2;
server_name tube.cloud.midwaytrades.com;
listen [::]:443 ssl http2;
server_tokens off; # hide version
# paths are relative to prefix and not to this file
ssl_certificate /home/yellowtent/platformdata/nginx/cert/_.cloud.midwaytrades.com.cert;
ssl_certificate_key /home/yellowtent/platformdata/nginx/cert/_.cloud.midwaytrades.com.key;
ssl_session_timeout 5m;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
# https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
# https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices#25-use-forward-secrecy
# ciphers according to https://ssl-config.mozilla.org/#server=nginx&version=1.14.0&config=intermediate&openssl=1.1.1&guideline=5.4
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256;
ssl_prefer_server_ciphers off;
# some apps have underscores in headers. this is apparently disabled by default because of some legacy CGI compat
underscores_in_headers on;
# dhparams is generated only after dns setup
ssl_dhparam /home/yellowtent/platformdata/dhparams.pem;
proxy_hide_header Strict-Transport-Security;
add_header Strict-Transport-Security "max-age=63072000";
# OCSP. LE certs are generated with must-staple flag so clients can enforce OCSP
ssl_stapling on;
ssl_stapling_verify on;
# https://github.com/twitter/secureheaders
# https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#tab=Compatibility_Matrix
# https://wiki.mozilla.org/Security/Guidelines/Web_Security
add_header X-XSS-Protection "1; mode=block";
proxy_hide_header X-XSS-Protection;
add_header X-Download-Options "noopen";
proxy_hide_header X-Download-Options;
add_header X-Content-Type-Options "nosniff";
proxy_hide_header X-Content-Type-Options;
add_header X-Permitted-Cross-Domain-Policies "none";
proxy_hide_header X-Permitted-Cross-Domain-Policies;
# See header handling from upstream on top of this file
add_header Referrer-Policy $hrp;
proxy_hide_header Referrer-Policy;
# gzip responses that are > 50k and not images
gzip on;
gzip_min_length 18k;
gzip_types text/css text/javascript text/xml text/plain application/javascript application/x-javascript application/json;
# enable for proxied requests as well
gzip_proxied any;
proxy_http_version 1.1;
# intercept errors (>= 400) and use the error_page handler
proxy_intercept_errors on;
# nginx will return 504 on connect/timeout errors
proxy_read_timeout 3500;
proxy_connect_timeout 3250;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl on;
# upgrade is a hop-by-hop header (http://nginx.org/en/docs/http/websocket.html)
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
# only serve up the status page if we get proxy gateway errors
root /home/yellowtent/box/dashboard/dist;
# some apps use 503 to indicate updating or maintenance
error_page 502 504 /app_error_page;
location /app_error_page {
root /home/yellowtent/boxdata;
# the first argument looks for file under the root
try_files /custom_pages/$request_uri /custom_pages/app_not_responding.html /appstatus.html;
# internal means this is for internal routing and cannot be accessed as URL from browser
internal;
}
location @wellknown-upstream {
proxy_pass http://172.18.18.9:80;
}
# user defined .well-known resources
location /.well-known/ {
error_page 404 = @wellknown-upstream;
proxy_pass http://127.0.0.1:3000/well-known-handler/;
}
# increase the proxy buffer sizes to not run into buffer issues (http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffers)
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
# No buffering to temp files, it fails for large downloads
proxy_max_temp_file_size 0;
# Disable check to allow unlimited body sizes. this allows apps to accept whatever size they want
client_max_body_size 0;
location = /appstatus.html {
root /home/yellowtent/box/dashboard/dist;
}
location / {
proxy_pass http://172.18.18.9:80;
}
}