Docker - Unable to create api key - buffer overflow

Hi,
Im using docker version of FusionAuth version 1.47.1
I can create/edit users and applications but not api key(s) as it cause error:

fusionauth-fusionauth-1  | 2023-10-20 05:22:45.357 AM ERROR io.fusionauth.http.server.HTTPServerThread - An exception was thrown during processing
fusionauth-fusionauth-1  | java.lang.IllegalStateException: A buffer overflow is not expected during an unwrap operation. This occurs because the preamble or body buffers are too small. Increase their sizes to avoid this issue.
fusionauth-fusionauth-1  |      at io.fusionauth.http.server.HTTPS11Processor.read(HTTPS11Processor.java:191)
fusionauth-fusionauth-1  |      at io.fusionauth.http.server.HTTPServerThread.read(HTTPServerThread.java:298)
fusionauth-fusionauth-1  |      at io.fusionauth.http.server.HTTPServerThread.run(HTTPServerThread.java:169)

At first I used .env file from repo .env, then increased memory for app to

FUSIONAUTH_APP_MEMORY=1024M

but this didn't help.

Here is screen of docker stats with running fusionauth:

CONTAINER ID   NAME                      CPU %     MEM USAGE / LIMIT     MEM %     NET I/O           BLOCK I/O         PIDS
f8fd1d7a3dda   fusionauth-fusionauth-1   0.18%     907MiB / 3.812GiB     23.23%    6.26MB / 1.45MB   819kB / 1.57MB    121
8e757ef046f1   fusionauth-search-1       0.39%     830.2MiB / 3.812GiB   21.27%    12.8kB / 9.97kB   2.27MB / 88.8MB   67
867feb08bc18   fusionauth-db-1           0.19%     42.66MiB / 3.812GiB   1.09%     1.11MB / 6.06MB   7.89MB / 3.51MB   18

Any way to prevent this issue?

@dan Hi,
I don't think its certificate.
When i have time, i'll test it with and without certificates and see how i goes.

@dan Hi,
sorry about late reply.
No i have created 1 application, 1 tenant, 1 user and no webhooks, the rest is default.

@dan
After clean install (removed containers, volumes and images).
I can create api key.
Here is current docker usage, is it possible that https increases memory requirements?
What are actual system requirements? (512MB stated in doc is not enougth)

CONTAINER ID   NAME                      CPU %     MEM USAGE / LIMIT     MEM %     NET I/O           BLOCK I/O         PIDS
12f3678eddb5   fusionauth-fusionauth-1   0.17%     944.3MiB / 3.812GiB   24.19%    4.25MB / 1.78MB   63.7MB / 553kB    119
63fa5b302d5b   fusionauth-db-1           0.00%     48.48MiB / 3.812GiB   1.24%     1.04MB / 3.92MB   15.5MB / 65.3MB   17
6206fdf53f93   fusionauth-search-1       0.94%     839.8MiB / 3.812GiB   21.51%    40.4MB / 254kB    27.3MB / 174MB    72

@dan
After disabling https, I was unable to login to webUI as i was redirected back to login screen

Url after redirect: 
/oauth2/authorize?client_id=3c219e58-ed0e-4b18-ad48-f4f92793ae32&response_type=code&redirect_uri=%2Fadmin%2Flogin&scope=offline_access&code_challenge=aAjtN7cCeIcKGNy98zdKVJLQGiFAhjE90WA3NeOkvH0&code_challenge_method=S256&state=iCNptKF_HgM7P_H74jFphFI_9pHzJ0gIu77LYPxNr0o

with front end error:

Authorize.js?version=1.48.1:34 Uncaught ReferenceError: PublicKeyCredential is not defined
    at new FusionAuth.OAuth2.Authorize (Authorize.js?version=1.48.1:34:43)
    at authorize?client_id=3c219e58-ed0e-4b18-ad48-f4f92793ae32&response_type=code&redirect_uri=%2Fadmin%2Flogin&scope=offline_access&code_challenge=_Y6KAh3_n1H6hJB0yrTtbmhB-AtWm_0VpQf4xF7tHEE&code_challenge_method=S256&state=iLC0KrVXMrQ9BH63SYOQX7Q7QazQa8CVWiUx-YK8ZH0:78:9
    at HTMLDocument.value (PrimeDocument.js:377:9)

I will try after clean install.

@dan
Here is more info that could help.
Api key creation screen:

After clicking on save, end of url changes to "/admin/api-key/add" with ERR_EMPTY_RESPONSE

Here is log from start of fisionauth to me trying to create api key:

fusionauth-fusionauth-1  | ---------------------------------------------------------------------------------------------------------
fusionauth-fusionauth-1  | --------------------------------- Starting FusionAuth version [1.47.1] ----------------------------------
fusionauth-fusionauth-1  | ---------------------------------------------------------------------------------------------------------
fusionauth-fusionauth-1  |
fusionauth-fusionauth-1  | 2023-10-25 05:54:06.220 AM INFO  io.fusionauth.api.plugin.guice.PluginModule - No plugins found
fusionauth-fusionauth-1  | 2023-10-25 05:54:06.420 AM INFO  io.fusionauth.api.service.system.NodeService - Node [78094893-7c22-447e-ad2e-8ab48cc5231f] started.
fusionauth-fusionauth-1  | 2023-10-25 05:54:06.928 AM INFO  io.fusionauth.api.configuration.DefaultFusionAuthConfiguration - Loading FusionAuth configuration file [/usr/local/fusionauth/config/fusionauth.properties]
fusionauth-fusionauth-1  | 2023-10-25 05:54:06.929 AM INFO  io.fusionauth.api.configuration.DefaultFusionAuthConfiguration - Set property [fusionauth-app.url] set to [http://fusionauth:9011] using configured value.
fusionauth-fusionauth-1  | 2023-10-25 05:54:06.930 AM INFO  com.inversoft.configuration.BasePropertiesFileInversoftConfiguration -
fusionauth-fusionauth-1  |   - Overriding default value of property [database.mysql.enforce-utf8mb4] with value [true]
fusionauth-fusionauth-1  |   - Overriding default value of property [FUSIONAUTH_APP_RUNTIME_MODE] with value [development]
fusionauth-fusionauth-1  |   - Overriding default value of property [SEARCH_TYPE] with value [elasticsearch]
fusionauth-fusionauth-1  |
fusionauth-fusionauth-1  | 2023-10-25 05:54:06.932 AM INFO  com.inversoft.jdbc.hikari.DataSourceProvider - Connecting to PostgreSQL database at [jdbc:postgresql://db:5432/fusionauth]
fusionauth-fusionauth-1  | 2023-10-25 05:54:06.933 AM WARN  com.zaxxer.hikari.HikariConfig - HikariPool-1 - idleTimeout has been set but has no effect because the pool is operating as a fixed size pool.
fusionauth-fusionauth-1  | 2023-10-25 05:54:06.935 AM INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Starting...
fusionauth-fusionauth-1  | 2023-10-25 05:54:06.955 AM INFO  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Added connection org.postgresql.jdbc.PgConnection@243bf087
fusionauth-fusionauth-1  | 2023-10-25 05:54:06.965 AM INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Start completed.
fusionauth-fusionauth-1  | 2023-10-25 05:54:08.234 AM INFO  com.inversoft.scheduler.DefaultScheduler - Starting up scheduler
fusionauth-fusionauth-1  | 2023-10-25 05:54:08.236 AM INFO  com.inversoft.scheduler.DefaultScheduler - Scheduler is running
fusionauth-fusionauth-1  | 2023-10-25 05:54:08.370 AM INFO  com.inversoft.search.ElasticRestClientHelper - Connecting to Elasticsearch at [http://search:9200]
fusionauth-fusionauth-1  | 2023-10-25 05:54:08.385 AM INFO  io.fusionauth.api.service.system.NodeService - Node [78094893-7c22-447e-ad2e-8ab48cc5231f] added with address [http://fusionauth:9011]
fusionauth-fusionauth-1  | 2023-10-25 05:54:09.159 AM INFO  io.fusionauth.api.service.system.NodeService - Node [78094893-7c22-447e-ad2e-8ab48cc5231f] promoted to master at [2023-10-25T05:54:09.159586852Z], the previous master Node [76a0b959-f6fa-4085-b64f-7df990611db7] has been shutdown or removed
fusionauth-fusionauth-1  | 2023-10-25 05:54:09.481 AM INFO  io.fusionauth.app.primeframework.FusionHTTPContextAuthSetup - Initializing the FusionAuth HTTP Context.
fusionauth-fusionauth-1  | 2023-10-25 05:54:09.553 AM INFO  com.inversoft.search.ElasticRestClientHelper - Connecting to Elasticsearch at [http://search:9200]
fusionauth-fusionauth-1  | 2023-10-25 05:54:09.646 AM INFO  org.primeframework.mvc.PrimeMVCRequestHandler - Initializing Prime
fusionauth-fusionauth-1  | 2023-10-25 05:54:09.653 AM INFO  org.primeframework.mvc.PrimeMVCRequestHandler - Initializing Prime
fusionauth-fusionauth-1  | 2023-10-25 05:54:09.653 AM INFO  org.primeframework.mvc.PrimeMVCRequestHandler - Initializing Prime
fusionauth-fusionauth-1  | 2023-10-25 05:54:09.659 AM INFO  io.fusionauth.http.server.HTTPServer - Starting the HTTP server. Buckle up!
fusionauth-fusionauth-1  | 2023-10-25 05:54:09.669 AM INFO  io.fusionauth.http.server.HTTPServer - HTTP server listening on port [9011]
fusionauth-fusionauth-1  | 2023-10-25 05:54:09.670 AM INFO  io.fusionauth.http.server.HTTPServer - HTTP server started successfully
fusionauth-fusionauth-1  | 2023-10-25 05:54:09.670 AM INFO  io.fusionauth.http.server.HTTPServer - Starting the HTTP server. Buckle up!
fusionauth-fusionauth-1  | 2023-10-25 05:54:09.671 AM INFO  io.fusionauth.http.server.HTTPServer - HTTP server listening on port [9012]
fusionauth-fusionauth-1  | 2023-10-25 05:54:09.671 AM INFO  io.fusionauth.http.server.HTTPServer - HTTP server started successfully
fusionauth-fusionauth-1  | 2023-10-25 05:54:09.671 AM INFO  io.fusionauth.http.server.HTTPServer - Starting the HTTP server. Buckle up!
fusionauth-fusionauth-1  | 2023-10-25 05:54:09.672 AM INFO  io.fusionauth.http.server.HTTPServer - HTTP server listening on port [9013]
fusionauth-fusionauth-1  | 2023-10-25 05:54:09.672 AM INFO  io.fusionauth.http.server.HTTPServer - HTTP server started successfully
fusionauth-fusionauth-1  | 2023-10-25 05:55:15.340 AM INFO  com.inversoft.search.ElasticSearchClient - Determine version of the search engine.
fusionauth-fusionauth-1  | 2023-10-25 05:55:15.348 AM WARN  org.elasticsearch.client.RestClient - request [GET http://search:9200/] returned 1 warnings: [299 Elasticsearch-7.17.0-bee86328705acaa9a6daede7140defd4d9ec56bd "Elasticsearch built-in security features are not enabled. Without authentication, your cluster could be accessible to anyone. See https://www.elastic.co/guide/en/elasticsearch/reference/7.17/security-minimal-setup.html to enable security."]
fusionauth-fusionauth-1  | 2023-10-25 05:55:15.350 AM INFO  com.inversoft.search.ElasticSearchClient - Reported version [7.17.0]
fusionauth-fusionauth-1  | 2023-10-25 05:55:15.353 AM INFO  com.inversoft.search.ElasticSearchClient - Set major version to [7]
fusionauth-fusionauth-1  | 2023-10-25 05:55:15.419 AM WARN  org.elasticsearch.client.RestClient - request [PUT http://search:9200/fusionauth_user/_doc/91032242-efb0-4a2b-a38a-c8bb7c9d7243] returned 1 warnings: [299 Elasticsearch-7.17.0-bee86328705acaa9a6daede7140defd4d9ec56bd "Elasticsearch built-in security features are not enabled. Without authentication, your cluster could be accessible to anyone. See https://www.elastic.co/guide/en/elasticsearch/reference/7.17/security-minimal-setup.html to enable security."]
fusionauth-fusionauth-1  | 2023-10-25 05:55:15.917 AM WARN  org.elasticsearch.client.RestClient - request [PUT http://search:9200/fusionauth_user/_doc/91032242-efb0-4a2b-a38a-c8bb7c9d7243] returned 1 warnings: [299 Elasticsearch-7.17.0-bee86328705acaa9a6daede7140defd4d9ec56bd "Elasticsearch built-in security features are not enabled. Without authentication, your cluster could be accessible to anyone. See https://www.elastic.co/guide/en/elasticsearch/reference/7.17/security-minimal-setup.html to enable security."]
fusionauth-fusionauth-1  | 2023-10-25 05:55:48.832 AM WARN  org.elasticsearch.client.RestClient - request [PUT http://search:9200/fusionauth_user/_doc/91032242-efb0-4a2b-a38a-c8bb7c9d7243] returned 1 warnings: [299 Elasticsearch-7.17.0-bee86328705acaa9a6daede7140defd4d9ec56bd "Elasticsearch built-in security features are not enabled. Without authentication, your cluster could be accessible to anyone. See https://www.elastic.co/guide/en/elasticsearch/reference/7.17/security-minimal-setup.html to enable security."]
fusionauth-fusionauth-1  | 2023-10-25 05:57:14.945 AM ERROR io.fusionauth.http.server.HTTPServerThread - An exception was thrown during processing
fusionauth-fusionauth-1  | java.lang.IllegalStateException: A buffer overflow is not expected during an unwrap operation. This occurs because the preamble or body buffers are too small. Increase their sizes to avoid this issue.
fusionauth-fusionauth-1  |      at io.fusionauth.http.server.HTTPS11Processor.read(HTTPS11Processor.java:191)
fusionauth-fusionauth-1  |      at io.fusionauth.http.server.HTTPServerThread.read(HTTPServerThread.java:298)
fusionauth-fusionauth-1  |      at io.fusionauth.http.server.HTTPServerThread.run(HTTPServerThread.java:169)
fusionauth-fusionauth-1  | 2023-10-25 05:57:45.456 AM ERROR io.fusionauth.http.server.HTTPServerThread - An exception was thrown during processing
fusionauth-fusionauth-1  | java.lang.IllegalStateException: A buffer overflow is not expected during an unwrap operation. This occurs because the preamble or body buffers are too small. Increase their sizes to avoid this issue.
fusionauth-fusionauth-1  |      at io.fusionauth.http.server.HTTPS11Processor.read(HTTPS11Processor.java:191)
fusionauth-fusionauth-1  |      at io.fusionauth.http.server.HTTPServerThread.read(HTTPServerThread.java:298)
fusionauth-fusionauth-1  |      at io.fusionauth.http.server.HTTPServerThread.run(HTTPServerThread.java:169)

Here are versions of nodejs and docker installed on my azure virtual where fusionauth docker is running:

nodejs --version
v20.8.0
docker --version
Docker version 24.0.6, build ed223bc

@dan Hi,
Yes i'm using docker from install guide (docker compose yml is from repo),
Operating sys. 22.04.1-Ubuntu , kernel: 6.2.0-1014-azure #14~,
yes it prevents api key from beaing created, .env file as i said is based on one in repo with minimum changes (***** are not real values):

POSTGRES_USER=*****
POSTGRES_PASSWORD=*****
DATABASE_USERNAME=*****
DATABASE_PASSWORD=*****
ES_JAVA_OPTS="-Xms512m -Xmx512m"
FUSIONAUTH_APP_MEMORY=1024M
FUSIONAUTH_APP_HTTPS_ENABLED=true
FUSIONAUTH_APP_HTTPS_PORT=9013
FUSIONAUTH_APP_HTTPS_CERTIFICATE_FILE=/usr/local/fusionauth/fullchain.crt
FUSIONAUTH_APP_HTTPS_PRIVATE_KEY_FILE=/usr/local/fusionauth/key.key

@dan
Hi, via admin UI (its fresh install there is no api yet), i don't need to fill anything just hit save and ti creates the error, I pasted above.

Hi,
Im using docker version of FusionAuth version 1.47.1
I can create/edit users and applications but not api key(s) as it cause error:

fusionauth-fusionauth-1  | 2023-10-20 05:22:45.357 AM ERROR io.fusionauth.http.server.HTTPServerThread - An exception was thrown during processing
fusionauth-fusionauth-1  | java.lang.IllegalStateException: A buffer overflow is not expected during an unwrap operation. This occurs because the preamble or body buffers are too small. Increase their sizes to avoid this issue.
fusionauth-fusionauth-1  |      at io.fusionauth.http.server.HTTPS11Processor.read(HTTPS11Processor.java:191)
fusionauth-fusionauth-1  |      at io.fusionauth.http.server.HTTPServerThread.read(HTTPServerThread.java:298)
fusionauth-fusionauth-1  |      at io.fusionauth.http.server.HTTPServerThread.run(HTTPServerThread.java:169)

At first I used .env file from repo .env, then increased memory for app to

FUSIONAUTH_APP_MEMORY=1024M

but this didn't help.

Here is screen of docker stats with running fusionauth:

CONTAINER ID   NAME                      CPU %     MEM USAGE / LIMIT     MEM %     NET I/O           BLOCK I/O         PIDS
f8fd1d7a3dda   fusionauth-fusionauth-1   0.18%     907MiB / 3.812GiB     23.23%    6.26MB / 1.45MB   819kB / 1.57MB    121
8e757ef046f1   fusionauth-search-1       0.39%     830.2MiB / 3.812GiB   21.27%    12.8kB / 9.97kB   2.27MB / 88.8MB   67
867feb08bc18   fusionauth-db-1           0.19%     42.66MiB / 3.812GiB   1.09%     1.11MB / 6.06MB   7.89MB / 3.51MB   18

Any way to prevent this issue?

@mark-robustelli
Thank you, problem was with missing volumes.
Also had to convert private key from PEM (-----BEGIN RSA PRIVATE KEY-----) to PEM (-----BEGIN PRIVATE KEY-----) format.
Now HTTPS is working.

@mark-robustelli
No, I fixed the missing letter, but problem is same.

fusionauth-fusionauth-1  | Exception in thread "main" java.lang.RuntimeException: java.nio.file.NoSuchFileException: /home/testmock/fusionauth/fullchain.crt
fusionauth-fusionauth-1  |      at io.fusionauth.app.FusionAuthMain.getHttpsConfiguration(FusionAuthMain.java:81)
fusionauth-fusionauth-1  |      at io.fusionauth.app.FusionAuthMain.configuration(FusionAuthMain.java:36)
fusionauth-fusionauth-1  |      at org.primeframework.mvc.BasePrimeMain.start(BasePrimeMain.java:103)
fusionauth-fusionauth-1  |      at io.fusionauth.app.FusionAuthMain.main(FusionAuthMain.java:27)
fusionauth-fusionauth-1  | Caused by: java.nio.file.NoSuchFileException: /home/testmock/fusionauth/fullchain.crt
fusionauth-fusionauth-1  |      at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:92)
fusionauth-fusionauth-1  |      at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:106)
fusionauth-fusionauth-1  |      at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111)
fusionauth-fusionauth-1  |      at java.base/sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:218)
fusionauth-fusionauth-1  |      at java.base/java.nio.file.Files.newByteChannel(Files.java:380)
fusionauth-fusionauth-1  |      at java.base/java.nio.file.Files.newByteChannel(Files.java:432)
fusionauth-fusionauth-1  |      at java.base/java.nio.file.Files.readAllBytes(Files.java:3288)
fusionauth-fusionauth-1  |      at java.base/java.nio.file.Files.readString(Files.java:3366)
fusionauth-fusionauth-1  |      at java.base/java.nio.file.Files.readString(Files.java:3325)
fusionauth-fusionauth-1  |      at io.fusionauth.app.FusionAuthMain.getHttpsConfiguration(FusionAuthMain.java:77)