Re: httpd option max body size is ignored for subdomain

2019-02-03 Thread Robert Paschedag 
Am 3. Februar 2019 16:43:20 MEZ schrieb Chris Narkiewicz :
>Hi,
>
>I'm trying to configure Nextcloud on a subdomain. My config has 2
>vhosts and connection max request body is not respected for my
>subdomain.
>
>default vhost:
>
>server "default" {
>listen on * port 80
>
>location "/.well-known/acme-challenge/*" {
>root "/acme"
>request strip 2
>}
>
>location * {
>block return 404
>}
>}
>
>server "default_tls" {
>listen on * tls port 443
>tls certificate ...
>tls key ...
>
># I must place max request body here, but why?
># connection max request body 536870912
>
>location * {
>block return 403
>}
>}
>
>
>nextcloud vhost:
>
>server "nextcloud.mydomain.com" {
>listen on * tls port 443
>...
># this is ignored! It takes setting from "default_tls"!
>connection max request body 536870912
>}
>
>server "nextcloud.mydomain.com" {
>listen on * port 80;
>location "/.well-known/acme-challenge/*" {
>root "/acme"
>request strip 2
>}
>
>block return 301 "https://nextcloud.mydomain.com$REQUEST_URI;
>}
>
>
>When I try PUT a file to nextcloud.mydomain.com, my access.log tells me
>that this request is handled by default_tls:
>
>default_tls xx.xx.xx.xx - - [03/Feb/2019:14:38:35 +] "PUT
>/remote.php/webdav/bigger-file.png HTTP/1.1" 413 0
>
>For smaller files with body <1024k (default body limit) it works ok:
>
>nextcloud.mydomain.com xx.xx.xx.xx - - [03/Feb/2019:14:39:51 +]
>"PUT
>/remote.php/webdav/smaller-file.png HTTP/1.1" 201 0
>
>Why is httpd not specting subdomain config?

I think it's because all your servers are listening on all ip addresses for tls 
and httpd cannot determine the "hostname" of the server you're requesting
So it takes the *first*... The default. Define a IP to listen for nextcloud 
and it should work.

Robert

-- 
sent from my mobile device

Re: httpd option max body size is ignored for subdomain

2019-02-03 Thread Florian Obser 
On Sun, Feb 03, 2019 at 03:43:20PM +, Chris Narkiewicz wrote:
> Hi,
> 
> I'm trying to configure Nextcloud on a subdomain. My config has 2
> vhosts and connection max request body is not respected for my subdomain.

this has been fixed in current. Wild guess, you are on 6.4?

This diff should apply cleanly to stable sources:

Index: server_http.c
===
RCS file: /cvs/src/usr.sbin/httpd/server_http.c,v
retrieving revision 1.127
retrieving revision 1.128
diff -u -p -r1.127 -r1.128
--- server_http.c   4 Nov 2018 05:56:45 -   1.127
+++ server_http.c   4 Dec 2018 18:12:08 -   1.128
@@ -198,7 +198,6 @@ void
 server_read_http(struct bufferevent *bev, void *arg)
 {
struct client   *clt = arg;
-   struct server_config*srv_conf = clt->clt_srv_conf;
struct http_descriptor  *desc = clt->clt_descreq;
struct evbuffer *src = EVBUFFER_INPUT(bev);
char*line = NULL, *key, *value;
@@ -357,11 +356,6 @@ server_read_http(struct bufferevent *bev
server_abort_http(clt, 500, errstr);
goto abort;
}
-   if ((size_t)clt->clt_toread >
-   srv_conf->maxrequestbody) {
-   server_abort_http(clt, 413, NULL);
-   goto abort;
-   }
}
 
if (strcasecmp("Transfer-Encoding", key) == 0 &&
@@ -1332,6 +1326,12 @@ server_response(struct httpd *httpd, str
 
/* Now search for the updated location */
srv_conf = server_getlocation(clt, desc->http_path);
+   }
+
+   if (clt->clt_toread > 0 && (size_t)clt->clt_toread >
+   srv_conf->maxrequestbody) {
+   server_abort_http(clt, 413, NULL);
+   return (-1);
}
 
if (srv_conf->flags & SRVFLAG_BLOCK) {


-- 
I'm not entirely sure you are real.