Slow load of root page
bigbeka opened this issue · comments
Version
5.2.0
Details & Steps to reproduce
First of all, @Bubka thank you very much for a great piece of software and amazing work you are doing!
- I have 96 accounts on my admin account.
- I am on the latest version 5.2.0
- Show password is
After a Click/Tap - I switch my environment between FQDN and local domain (.lan) and recreate the docker container (this didn't create any issue in the past)
The issue I am facing is that locally hosted 2FAuth instance takes 15 seconds to load the root directory (see screenshot below).
A few weeks ago, I was 1 or two versions behind and with the same configurations root directory loaded instantly.
Any idea how I can further troubleshoot this?
Expectation
Root WebUI directory should load instantly.
Error & Logs
Docker doesn't have any logs apart from API calls that the browser makes despite having debug level enabled:
Running version latest commit a707ad3 built on 2024-05-29T14:27:28Z
supervisord version: v0.6.8
PHP 8.2.19 (fpm-fcgi) (built: May 9 2024 19:31:11)
nginx version: nginx/1.24.0
DB_DATABASE sets with default path, we will use a symlink
Actual db file will be /2fauth/database.sqlite
/srv/database/database.sqlite is now a symlink to /2fauth/database.sqlite
INFO Clearing cached bootstrap files.
events ............................................................ 1ms DONE
views ............................................................. 7ms DONE
cache ............................................................. 2ms DONE
route ............................................................. 1ms DONE
config ............................................................ 1ms DONE
compiled .......................................................... 1ms DONE
INFO Configuration cached successfully.
INFO Routes cached successfully.
INFO Blade templates cached successfully.
time="2024-06-11T14:12:33Z" level=info msg="load configuration from file" file=/etc/supervisor/supervisord.conf
192.168.218.1 - - [11/Jun/2024:14:13:02 +0000] "GET / HTTP/1.1" 200 2722 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15"
192.168.218.1 - - [11/Jun/2024:14:13:02 +0000] "GET /api/v1/user HTTP/1.1" 200 698 "http://2fa.lan/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15"
192.168.218.1 - - [11/Jun/2024:14:13:02 +0000] "GET /api/v1/twofaccounts HTTP/1.1" 200 17986 "http://2fa.lan/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15"
192.168.218.1 - - [11/Jun/2024:14:13:02 +0000] "GET /api/v1/groups HTTP/1.1" 200 107 "http://2fa.lan/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15"
192.168.218.1 - - [11/Jun/2024:14:13:09 +0000] "GET /api/v1/user/preferences HTTP/1.1" 200 996 "http://2fa.lan/settings/options" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15"
192.168.218.1 - - [11/Jun/2024:14:13:14 +0000] "GET /api/v1/twofaccounts HTTP/1.1" 200 17986 "http://2fa.lan/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15"
192.168.218.1 - - [11/Jun/2024:14:13:15 +0000] "GET /api/v1/groups HTTP/1.1" 200 107 "http://2fa.lan/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15"
192.168.218.1 - - [11/Jun/2024:14:13:22 +0000] "GET /user/logout HTTP/1.1" 200 35 "http://2fa.lan/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15"
192.168.218.1 - - [11/Jun/2024:14:13:25 +0000] "POST /user/login HTTP/1.1" 200 702 "http://2fa.lan/login" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15"
192.168.218.1 - - [11/Jun/2024:14:13:25 +0000] "GET /api/v1/twofaccounts HTTP/1.1" 200 17986 "http://2fa.lan/login" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15"
192.168.218.1 - - [11/Jun/2024:14:13:25 +0000] "GET /api/v1/groups HTTP/1.1" 200 107 "http://2fa.lan/login" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15"
192.168.218.1 - - [11/Jun/2024:14:13:48 +0000] "GET /accounts HTTP/1.1" 200 2722 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15"
192.168.218.1 - - [11/Jun/2024:14:13:48 +0000] "GET /api/v1/user HTTP/1.1" 200 698 "http://2fa.lan/accounts" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15"
192.168.218.1 - - [11/Jun/2024:14:13:48 +0000] "GET /api/v1/twofaccounts HTTP/1.1" 200 17986 "http://2fa.lan/accounts" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15"
192.168.218.1 - - [11/Jun/2024:14:13:48 +0000] "GET /api/v1/groups HTTP/1.1" 200 107 "http://2fa.lan/accounts" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15"
192.168.218.1 - - [11/Jun/2024:14:17:47 +0000] "GET / HTTP/1.1" 200 2729 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15"
192.168.218.1 - - [11/Jun/2024:14:17:47 +0000] "GET /api/v1/user HTTP/1.1" 200 698 "http://2fa.lan/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15"
192.168.218.1 - - [11/Jun/2024:14:17:47 +0000] "GET /api/v1/twofaccounts HTTP/1.1" 200 17986 "http://2fa.lan/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15"
192.168.218.1 - - [11/Jun/2024:14:17:47 +0000] "GET /api/v1/groups HTTP/1.1" 200 107 "http://2fa.lan/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15"
192.168.218.1 - - [11/Jun/2024:14:18:27 +0000] "GET /api/v1/settings HTTP/1.1" 200 343 "http://2fa.lan/admin/app" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15"
192.168.218.1 - - [11/Jun/2024:14:18:27 +0000] "GET /system/infos HTTP/1.1" 200 557 "http://2fa.lan/admin/app" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15"Execution environment
Date: Tue, 11 Jun 2024 14:18:27 +0000
userAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15
Version: 5.2.0
Environment: local
Install path: /
Debug: true
Cache driver: file
Log channel: daily
Log level:
DB driver: sqlite
PHP version: 8.2.19
Operating system: Linux
interface: fpm-fcgi
Auth guard: web-guard
webauthn user verification: preferred
Trusted proxies: *
lastRadarScan: 2024-05-27 11:20:57
Containerization
- Docker
Additional information
Docker Compose file:
version: "3"
services:
2fauth:
image: 2fauth/2fauth:latest
container_name: 2fauth
volumes:
- /home/ssd/storage/config/2fauth:/2fauth
ports:
- 8046:8000/tcp
networks:
- 2fauth
environment:
# You can change the name of the app
- APP_NAME=2FA
# You can leave this on "local". If you change it to production most console commands will ask for extra confirmation.
# Never set it to "testing".
- APP_ENV=local
# Set to true if you want to see debug information in error screens.
- APP_DEBUG=true
# This should be your email address
- SITE_OWNER=2fauth@fqdn
# The encryption key for our database and sessions. Keep this very secure.
# If you generate a new one all existing data must be considered LOST.
# Change it to a string of exactly 32 chars or use command `php artisan key:generate` to generate it
- APP_KEY=[key]
# This variable must match your installation's external address but keep in mind that
# it's only used on the command line as a fallback value.
- APP_URL=http://2fa.lan
# Turn this to true if you want your app to react like a demo.
# The Demo mode reset the app content every hours and set a generic demo user.
- IS_DEMO_APP=false
# The log channel defines where your log entries go to.
# 'daily' is the default logging mode giving you 5 daily rotated log files in /storage/logs/.
# Several other options exist. You can use 'single' for one big fat error log (not recommended).
# Also available are 'syslog', 'errorlog' and 'stdout' which will log to the system itself.
- LOG_CHANNEL=daily
# Log level. You can set this from least severe to most severe:
# debug, info, notice, warning, error, critical, alert, emergency
# If you set it to debug your logs will grow large, and fast. If you set it to emergency probably
# nothing will get logged, ever.
- LOG_LEVEL=debug
# Database config (can only be sqlite)
- DB_DATABASE="/srv/database/database.sqlite"
# If you're looking for performance improvements, you could install memcached.
- CACHE_DRIVER=file
- SESSION_DRIVER=file
# Mail settings
# Refer your email provider documentation to configure your mail settings
# Set a value for every available setting to avoid issue
- MAIL_DRIVER=smtp
- MAIL_HOST=smtp.fqdn.net
- MAIL_PORT=465
- MAIL_FROM=2fauth@fqdn
- MAIL_USERNAME=key
- MAIL_PASSWORD=[key]
- MAIL_ENCRYPTION=ssl
- MAIL_FROM_NAME="2FAuth"
- MAIL_FROM_ADDRESS=2fauth@fqdn
# Authentication settings
# The default authentication guard
# Supported:
# 'web-guard' : The Laravel built-in auth system (default if nulled)
# 'reverse-proxy-guard' : When 2FAuth is deployed behind a reverse-proxy that handle authentication
# WARNING
# When using 'reverse-proxy-guard' 2FAuth only look for the dedicated headers and skip all other built-in
# authentication checks. That means your proxy is fully responsible of the authentication process, 2FAuth will
# trust him as long as headers are presents.
- AUTHENTICATION_GUARD=web-guard
# Name of the HTTP headers sent by the reverse proxy that identifies the authenticated user at proxy level.
# Check your proxy documentation to find out how these headers are named (i.e 'REMOTE_USER', 'REMOTE_EMAIL', etc...)
# (only relevant when AUTHENTICATION_GUARD is set to 'reverse-proxy-guard')
- AUTH_PROXY_HEADER_FOR_USER=null
- AUTH_PROXY_HEADER_FOR_EMAIL=null
# Custom logout URL to open when using an auth proxy.
- PROXY_LOGOUT_URL=null
# WebAuthn settings
# Relying Party name, aka the name of the application. If null, defaults to APP_NAME
- WEBAUTHN_NAME=2FAuth
# Relying Party ID. If null, the device will fill it internally.
# See https://webauthn-doc.spomky-labs.com/pre-requisites/the-relying-party#how-to-determine-the-relying-party-id
- WEBAUTHN_ID=null
# Optional image data in BASE64 (128 bytes maximum) or an image url
# See https://webauthn-doc.spomky-labs.com/pre-requisites/the-relying-party#relying-party-icon
- WEBAUTHN_ICON=null
# Use this setting to control how user verification behave during the
# WebAuthn authentication flow.
#
# Most authenticators and smartphones will ask the user to actively verify
# themselves for log in. For example, through a touch plus pin code,
# password entry, or biometric recognition (e.g., presenting a fingerprint).
# The intent is to distinguish one user from any other.
#
# Supported:
# 'required': Will ALWAYS ask for user verification
# 'preferred' (default) : Will ask for user verification IF POSSIBLE
# 'discouraged' : Will NOT ask for user verification (for example, to minimize disruption to the user interaction flow)
- WEBAUTHN_USER_VERIFICATION=preferred
# Use this setting to declare trusted proxied.
# Supported:
# '*': to trust any proxy
# A comma separated IP list: The list of proxies IP to trust
- TRUSTED_PROXIES=*
# Leave the following configuration vars as is.
# Unless you like to tinker and know what you're doing.
- BROADCAST_DRIVER=log
- QUEUE_DRIVER=sync
- SESSION_LIFETIME=120
- REDIS_HOST=127.0.0.1
- REDIS_PASSWORD=null
- REDIS_PORT=6379
- PUSHER_APP_ID=
- PUSHER_APP_KEY=
- PUSHER_APP_SECRET=
- PUSHER_APP_CLUSTER=mt1
- MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
- MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
- MIX_ENV=local
networks:
2fauth:
name: 2fauth
external: true
Hi,
Thanks for your feedback 😃
Have you enabled the On New Device email notification? If so, try to disable it. Does it help?
It was never enabled.
I have enabled and re-disabled, no change.
Please check the app log in 2fauth/storage/logs/
@Bubka you are amazing, thank you. the logs helped.
There was this error:
[2024-06-11 14:07:25] local.ERROR: cannot reach 'https://api.github.com/repos/Bubka/2FAuth/releases/latest' endpoint
Which led me to DNS issue, I have defined DNS in docker-compose, and all works with lightning fast speed. I have an ongoing issue in my Tailscale DNS which is not related to 2FAuth.
In this troubleshooting I have two followup questions:
- Despite enabling
LOG_LEVEL=debugandAPP_DEBUG=trueno logs appeared within docker logs - is this expected? - Despite setting 32 chars key in
APP_KEYI am getting this error repeatedly in the logs:[2024-06-11 14:06:50] production.ERROR: No application encryption key has been specified. {"exception":"[object] (Illuminate\\Encryption\\MissingAppKeyException(code: 0): No application encryption key has been specified. at /srv/vendor/laravel/framework/src/Illuminate/Encryption/EncryptionServiceProvider.php:79)
Great 👍🏻
Regarding your questions:
- Yes. Those settings apply only to the php logs, in
/2fauth/storage/logs/ - This is unexpected, most probably a cache issue.
Try this: Enter the Admin area of 2FAuth and click the Clear button of the Environment section.
Be careful, you probably know it, this key is required, especially for db encryption. If for some reason (cache, issue in configuration or whatever) the key is changed while the db has 2FA records and DB Encryption setting is On, you can loose your data. There is no automatic generation of this key in the code base, so there is no reason the app uses a random key. But there's no reason for this error to occur either, so... If you enabled DB Encryption, maybe you should export all items to json to ensure you own a readable backup, then disable the Encryption feature until you fixed the missing key error.
Thanks, yes
2. I had done this after I saw the error and as part of the troubleshooting for the original issue. Logs are not showing this error anymore, but I will keep an eye out.
Thanks for your help!