cryptgeon icon indicating copy to clipboard operation
cryptgeon copied to clipboard
verified publisher icon cupcakearmy

Unable to Create Secure Note for Larger Files

Open mengelsen opened this issue 11 months ago • 3 comments

I have a 6MB file that I'm trying to share (create a secure note).

When I go to my site (https://cryptgeon.lifeisgood.com) I'm told that the max file size is 22.2 MiB.

However, when I try clicking the "Create" button, I get a message that says: "could not create note. note too big"

Image

I have tried using multiple web browsers (no change in result).

I have also tried increasing the "SIZE_LIMIT" variable within the docker-compose.yaml file. (No luck!)

I am able to create secure notes w. tiny files. (Less than 1MB) Larger files are failing.

mengelsen avatar Jan 29 '25 18:01 mengelsen

Mhhh, could you share the config as text?

cupcakearmy avatar Jan 30 '25 09:01 cupcakearmy

Sure. Here are the files. You might need to modify the contents of nginx-tls.conf to point to your SSL certificate & key file.

cryptgeon.zip

mengelsen avatar Jan 30 '25 16:01 mengelsen

I can neither reproduce, or understand why. Maybe you have some proxy in front? are there error messages?

cupcakearmy avatar Mar 01 '25 15:03 cupcakearmy

I had a similar problem when I indicated the parameter Client_max_body_size and client_body_timeout only on the proxy, forgetting about Nginx by car with the container. Try to set them up in both places and this should solve the problem.

However, I ran into another: When downloading files of more than 10 MIB, I can not decipher a note if the browser is Vivaldi Firefox does not experience problems, like Vivaldi <10Mib BROWSER: Vivaldi SIZE_LIMIT: 100MiB CONF: proxy -> host nginx -> docker container

muffintime77 avatar Sep 15 '25 12:09 muffintime77

That did the trick!

As soon as I added client_max_body_size and proxy_read_timeout to the nginx-tls.conf file, I was able to upload files that were larger than 2MiB.

server {
    listen 80;
    listen [::]:80;
    server_name DOMAIN_GOES_HERE.com;

    # Enforce HTTPS
    return 301 https://$server_name$request_uri;
}
server {
    listen 443      ssl http2;
    listen [::]:443 ssl http2;
    server_name DOMAIN_GOES_HERE.com;

    ssl_certificate     /path/to/cert.pem;
    ssl_certificate_key /path/to/key.pem;
    ssl_trusted_certificate /path/to/certbundle.pem;

    client_max_body_size 50m;   # >= SIZE_LIMIT, with overhead headroom
    proxy_read_timeout 300s;    # optional, avoids slow upload timeouts

    location / {
      proxy_pass http://app:8000/;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
    }
}

mengelsen avatar Sep 15 '25 18:09 mengelsen