G3 cannot upload photos.
|
orbisvicis
Joined: 2009-07-07
Posts: 15 |
Posted: Fri, 2009-07-31 04:41
|
|
I run a self-signed Apache HTTPS server on linux and I have problems uploading images to Gallery3: FF3.5.1 Linux FF3.5.1 Vista/7 RC1 FF3.5.1 XP Opera Vista/Linux It occurs with a pristine installation of Gallery3 beta 2. It also occured on Gallery3 beta 1. No errors are reported in the logs (Gallery or Apache), I am assuming it is a problem with the flash uploader. Default .htaccess file, with or without the mod_rewrite modifications. I have appropriate permissions on the var/ directory as well. edit: tried on various images, 600Kb - 2Mb in size |
|
Posts: 16503
Try not uploading via HTTPS
Is there a value entered for upload_tmp_dir for PHP? If not, try entering a valid directory that the webserver can access and write to.
____________________________________________
Like Gallery? Like the support? Donate now!!! See G2 live here
Posts: 15
HTTP and upload_tmp_dir unset ("no value" aka system defaults)
-image upload works
HTTPS and upload_tmp_dir set (to "/tmp")
-image upload *still* doesnt work
-notes:
--I tried setting upload_tmp_dir in the mod_php5 section of gallery3's .htaccess file. Couldn't ascertain it worked.
--Then in a local gallery3/php.ini file. Same...
--Lastly ended up setting it in the global /etc/php5/apache2/php.ini file. phpinfo() showed the upload_tmp_dir was set.
HTTPS and upload_tmp_dir unset
-situation as of original post (file upload doesnt work).
So it seems to be uploader + ssl + self-signed. Though I would like to use gallery3 on HTTPS.
Posts: 15
So ..is this a bug known under progress, or should I register on sourceforge to report it ?
Posts: 16503
Try upgrading to the latest code: http://codex.gallery2.org/Gallery3:Upgrading
I'm able to login and upload via HTTPS just fine. There have been lots of changes since B2 was released.
____________________________________________
Like Gallery? Like the support? Donate now!!! See G2 live here
Posts: 25953
I have not tested this with https but, are using a self signed ssl certificate?
Dave
_____________________________________________
Blog & G2 || floridave - Gallery Team
Posts: 16503
I am not. But that's something I can test once I figure out how to make one and configure that server to use SSL.
____________________________________________
Like Gallery? Like the support? Donate now!!! See G2 live here
Posts: 15
Tested with: commit 86c7fabeaf6fcc9fbbdf1c1a7dc2a3cf9c9a6366 (Fri Jul 31 20:27:53 2009 +0800)
Still doesnt work, same errors as above depending on OS/browser.
(Though the upload animation - only visible on linux/FF3.5.1 - was improved
)
Posts: 16503
Cert for a certificate authority works for me
Self signed cert doesn't, in FF, but it does work in IE 7 (didn't test 6 or 8)
Looks like this is probably a problem with FF and self-signed certs. It works in IE 7 for me with my self signed cert, but not FF 3.5. I'm not currently able to login via Chrome for some reason nor am I able to upload via Opera (I need to check if flash is working correctly under Opera).
This doc for Lighttpd: http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:SSL
Explains that there is some issue with Firefox and certs that don't have a CA file. I'm not 100% what that means, but I think that means for certs that don't come from a cert authority.
I haven't tried this yet to see if this works, but try the free, demo cert from these guys:
http://www.instantssl.com/ssl-certificate-products/free-ssl-certificate.html
If that works, then my suggestion is to get a cheap cert from some cert authority. But it works with my signed cert so I can't think or say this is a bug any where in Gallery. It looks to be a browser issue to me. Though you may have better luck if a non-flash uploader becomes available, or you can upload your files via SFTP to your server, then use the Server Add module to import them from the local server.
EDIT: I also didn't get any errors in gallery3/var/logs or in my error.log for the server when trying to upload. Though I do get 2 errors when Firefox first tries to connect to the HTTPS site with the self signed cert. IE does not cause these errors:
At some point this weekend. I'll test with Apache, but I'm not expecting any different results.
____________________________________________
Like Gallery? Like the support? Donate now!!! See G2 live here
Posts: 15
I can't really test with Internet Explorer because in actuality I am using a TLS certificate with a limited subset of more secure ciphers and key-exchange algorithms:
GnuTLSPriorities NONE:+CAMELLIA-256-CBC:+AES-256-CBC:+DHE-RSA:+SHA1:+COMP-NULL:+COMP-DEFLATE:+VERS-TLS1.1:+VERS-SSL3.0
Basically, IE is not able to process this combination, however Firefox/Opera/Safari have been doing a great job with the other web services I run (excluding, unfortunately, gallery3).
However, my certs use the entire x.509 chain, that is:
- Certificate Authority to sign certificates
- Certificate signed by a CA, and keys
- DH parameters
The only issue in FF is that "this [server] certificate is signed by an unknown root CA". However, once the CA is added to Firefox's whitelist, there should be *no* difference in behavior between other certificates. Similarly for Opera.
Most likely this is not a browser issue, but a flash issue. I am not sure how flash is implemented - does it have to be able to talk SSL/TLS or does it receive/send unencrypted data to the browser which forwards it to the server?
Unfortunately, giving SFTP or FTP access to every gallery3 user would become very impractical and tedious.
Since it didn't work with your self-signed certificates, can we say the problem lies in the trust of the Certificate Authority.. like vlc/curl/wget/openssl/gnutls does flash have settings to 1) disable server certificate checks and 2) disable verification against a list of trusted CAs. You would be interested in (2).
Posts: 16503
That's all getting way over my head without me doing a lot of research and education on certs
Right now, I can only suggest:
So right now, you're just asking all of your visitors to just add your cert to their browser? That seems pretty impractical to me
But yeah, if you have other users uploading photos, SFTP to the server and importing from there would be impractical because only Gallery admins can import from the local server. So you'd have to make those users admins for your Gallery.
Perhaps the issue is the combination of Flash and the self-signed certs and the browser. Maybe a non-flash upload method will work, but right now I think there are only 2 methods for uploading (that I know of), the flash simple uploader and the from local server method, which I would be surprised if it didn't work. However, that's probably not the right solution for you.
____________________________________________
Like Gallery? Like the support? Donate now!!! See G2 live here
Posts: 15
Well, not that inconvenient as Firefox and Opera have convenient one/two-click dialogs to automatically add trusted certificates. You can find an example @ https://trac.videolan.org/vlc/
However, what would be really convenient is a way to debug/view flash errors in more detail...
Posts: 15
I've checked out existing bug reports and while I don't know if any apply to my situation, they seem somewhat conflicting:
#525: flash uploader doesn't work on SSL, possibly for certificates signed by a recognized authority only. How'd the reporter get an error number?
milestone 3.0
http://sourceforge.net/apps/trac/gallery/ticket/525
#218: flash uploader doesn't work on HTTPS (SSL/TLS) with Firefow/windows, "server error"
already fixed
http://sourceforge.net/apps/trac/gallery/ticket/218
#125: general to get gallery3 working on SSL. reports having fixed the symptoms of error #525.
already fixed
http://sourceforge.net/apps/trac/gallery/ticket/125
----------------------
#218 looks exactly like my situation. However when I tried capturing packets (as in the bug report) with wireshark, strangely I was unable to capture any HTTPS/SSL/TLS traffic.
nivekiam: just saw your edit, post #6453 ... Actually, I'm going to look into my Apache/2.2.8 error.log, something I didnt see before.
Posts: 15
Whenever I initially connect to my website (Firefox or Opera), in Apache's error.log I see:
However, since HTTPS browsing works fine I assume the error is logged when the browser switches from SSL to TLS, or when renegotiating cipher suites or resetting the cache. Im not sure why and I never saw that with mod_ssl. Since packets captured by wireshark are gibberish, I assume encryption works.
What I missed in the log file is an error every time I try uploading pictures:
I'm not sure what that means.
edit: running mod_gnutls svn pre-v0.5.5
Posts: 15
I still think the blame rests with flash.
Posts: 15
Reported as bug #609 at https://sourceforge.net/apps/trac/gallery/ticket/609
Posts: 7985
I wouldn't be surprised if there's some issue with flash and self-signed certs. I'll look into it when I get a chance (but its not high on my priority list).
---
Problems? Check gallery3/var/logs
bugs/feature req's | upgrade to the latest code | use git | help! vote!
Posts: 16503
Like I've said before, there isn't a problem with that. I'm able to upload images with the flash uploader with a self signed cert and IE7 just fine. I believe it's a combination of the self signed cert and browser. But for what ever reason he doesn't want to test with a free signed cert to help narrow down the problem.
____________________________________________
Like Gallery? Like the support? Donate now!!! See G2 live here
Posts: 7985
Hey, he's done a lot of work so far. Not everybody is dedicating their entire life to Gallery 3 like you and I
No worries, at some point enough information will surface so that we can figure this one out.
---
Problems? Check gallery3/var/logs
bugs/feature req's | upgrade to the latest code | use git | help! vote!
Posts: 16503
You're right, I spend too much time here
I'm going to try a that free signed cert at some point (need to get one on the new server anyway) and if there's any other testing I can do let me know. That goes for either bharat or orbisvicis
____________________________________________
Like Gallery? Like the support? Donate now!!! See G2 live here
Posts: 15
Hey,
I've discovered the problem and updated the ticket http://sourceforge.net/apps/trac/gallery/ticket/525 with additional details.
Unfortunately, it seems that the only workaround is to develop a non-flash backend-uploader, which is a bummer because there really aren't any other neat sever-side methods to upload batches of files.
I've been thinking about an alternative solution:
Use flash to select photographs, insuring that the experience for the end user stays the same.
Pass the information to javscript (surprisingly, this is possible), and upload the photos via javascript
This has the benefit:
Frontend/GUI/experience remains the same
Flash codebase reduced
. some people complain about flash in gallery3
. flash is slow
. flash + linux == bad
. flash probablt doesn't provide extensive support
. fewer cryptic error messages (for example, "Error #2038" applies to a gazillion posible circumstances; could mean anything)
HTTPS/SSL/TLS problems resolved
Possible problems
. could be more complicated
. will the javascript be allowed access to the files ?
Posts: 15
A strictly-HTML5 uploader would probably look nicer and work better than the current sfwuploader. Unfortunately, most browsers would be left out. Have you considered creating/enabling one as an optional module? If I where to do, what would my entry points be? Which files should I look at, which files should I modify ?
Posts: 25953
A basic very simple html uploader:
http://codex.gallery2.org/index.php?title=Gallery3:Modules:html_uploader
I guess this could be expanded upon to be a bit more 'flashy'
Dave
_____________________________________________
Blog & G2 || floridave - Gallery Team