search

LePresidente / docker-nginx-proxy-manager

Docker container for Nginx Proxy Manager
MIT License
47 stars 4 forks source link

[Bug] Complete Breakdown when trying to use recaptcha #12

Open VilterPD opened 1 week ago

VilterPD commented 1 week ago

Current Behavior

Nginx Proxy Manager breaks down completely when trying to use captcha remediation with the default captcha.html.

Every Site shows Errorcode: SSL_ERROR_UNRECOGNIZED_NAME_ALERT when using https, and the standard page is shown when using http (force SSL and HSTS activated). When I remove myself from the decisions, back to normal.

Expected Behavior

Captcha being made, ban if unsuccessful, removal from list when successful.

Steps To Reproduce

Add recaptcha data to crowdsec-openresty-bouncer.conf (bottom), set to captcha.html.

then run sudo cscli decisions add -i <IP> -t captcha

Go to one of the proxies

Environment

Container creation

version: '3.8' services: npm: image: lepresidente/nginx-proxy-manager:latest platform: linux/arm64 container_name: npm restart: unless-stopped ports:

volumes: data: letsencrypt:

networks: network: driver: bridge

Container log

[cont-init   ] executing container initialization scripts...
[cont-init   ] 10-check-app-niceness.sh: executing...
[cont-init   ] 10-check-app-niceness.sh: terminated successfully.
[cont-init   ] 10-clean-logmonitor-states.sh: executing...
[cont-init   ] 10-clean-logmonitor-states.sh: terminated successfully.
[cont-init   ] 10-clean-tmp-dir.sh: executing...
[cont-init   ] 10-clean-tmp-dir.sh: terminated successfully.
[cont-init   ] 10-init-users.sh: executing...
[cont-init   ] 10-init-users.sh: terminated successfully.
[cont-init   ] 10-pkgs-mirror.sh: executing...
[cont-init   ] 10-pkgs-mirror.sh: terminated successfully.
[cont-init   ] 10-set-tmp-dir-perms.sh: executing...
[cont-init   ] 10-set-tmp-dir-perms.sh: terminated successfully.
[cont-init   ] 10-xdg-runtime-dir.sh: executing...
[cont-init   ] 10-xdg-runtime-dir.sh: terminated successfully.
[cont-init   ] 15-install-pkgs.sh: executing...
[cont-init   ] 15-install-pkgs.sh: terminated successfully.
[cont-init   ] 54-db-upgrade.sh: executing...
[cont-init   ] 54-db-upgrade.sh: terminated successfully.
[cont-init   ] 55-nginx-proxy-manager.sh: executing...
[cont-init   ] 55-nginx-proxy-manager.sh: Enabling IPV6 in hosts in: /etc/nginx/conf.d
[cont-init   ] 55-nginx-proxy-manager.sh: - /etc/nginx/conf.d/default.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /etc/nginx/conf.d/include/force-ssl.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /etc/nginx/conf.d/include/block-exploits.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /etc/nginx/conf.d/include/ssl-ciphers.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /etc/nginx/conf.d/include/proxy.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /etc/nginx/conf.d/include/log.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /etc/nginx/conf.d/include/assets.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /etc/nginx/conf.d/production.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /etc/nginx/conf.d/crowdsec_openresty.conf
[cont-init   ] 55-nginx-proxy-manager.sh: Enabling IPV6 in hosts in: /config/nginx
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/ip_ranges.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/resolvers.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/redirection_host/2.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/redirection_host/4.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/redirection_host/1.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/redirection_host/3.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/proxy_host/2.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/proxy_host/20.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/proxy_host/5.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/proxy_host/6.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/proxy_host/4.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/proxy_host/16.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/proxy_host/10.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/proxy_host/17.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/proxy_host/11.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/proxy_host/14.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/proxy_host/13.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/proxy_host/8.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/proxy_host/15.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/proxy_host/12.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/proxy_host/3.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/proxy_host/7.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/proxy_host/9.conf
[cont-init   ] 55-nginx-proxy-manager.sh: terminated successfully.
[cont-init   ] 85-take-config-ownership.sh: executing...
[cont-init   ] 85-take-config-ownership.sh: terminated successfully.
[cont-init   ] 89-info.sh: executing...
    ╭――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――╮
    │                                                                      │
    │ Application:           Nginx Proxy Manager                           │
    │ Application Version:   2.11.3                                        │
    │ Docker Image Version:  n/a                                           │
    │ Docker Image Platform: linux/arm64                                   │
    │                                                                      │
    ╰――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――╯
[cont-init   ] 89-info.sh: terminated successfully.
[cont-init   ] 99_crowdsec-openresty-bouncer.sh: executing...
[cont-init   ] 99_crowdsec-openresty-bouncer.sh: Deploy Crowdsec Openresty Bouncer..
[cont-init   ] 99_crowdsec-openresty-bouncer.sh: Patch crowdsec-openresty-bouncer.conf ..
[cont-init   ] 99_crowdsec-openresty-bouncer.sh: Deploy Crowdsec Templates ..
[cont-init   ] 99_crowdsec-openresty-bouncer.sh: terminated successfully.
[cont-init   ] all container initialization scripts executed.
[init        ] giving control to process supervisor.
[supervisor  ] loading services...
[supervisor  ] loading service 'default'...
[supervisor  ] loading service 'logrotate'...
[supervisor  ] service 'logrotate' is disabled.
[supervisor  ] loading service 'app'...
[supervisor  ] loading service 'nginx'...
[supervisor  ] loading service 'logmonitor'...
[supervisor  ] service 'logmonitor' is disabled.
[supervisor  ] loading service 'cert_cleanup'...
[supervisor  ] all services loaded.
[supervisor  ] starting services...
[supervisor  ] starting service 'nginx'...
[nginx       ] nginx: [alert] [lua] init_by_lua:11: [Crowdsec] Initialisation done
[supervisor  ] starting service 'app'...
[app         ] [9/3/2024] [2:41:50 PM] [Global   ] › ℹ  info      Using MySQL configuration
[supervisor  ] all services started.
[cert_cleanup] ----------------------------------------------------------
[cert_cleanup] Let's Encrypt certificates cleanup - 2024/09/03 14:41:51
[cert_cleanup] ----------------------------------------------------------
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-18/chain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-18/privkey1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-18/cert1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-18/fullchain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-26/chain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-26/privkey1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-26/cert1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-26/fullchain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-5/chain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-5/privkey1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-5/cert1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-5/fullchain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-4/chain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-4/privkey1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-4/cert1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-4/fullchain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-20/chain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-20/privkey1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-20/cert1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-20/fullchain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-3/chain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-3/privkey1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-3/cert1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-3/fullchain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-6/chain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-6/privkey1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-6/cert1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-6/fullchain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-28/chain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-28/privkey1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-28/cert1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-28/fullchain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-25/chain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-25/privkey1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-25/cert1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-25/fullchain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-19/chain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-19/privkey1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-19/cert1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-19/fullchain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-11/chain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-11/privkey1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-11/cert1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-11/fullchain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-7/chain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-7/privkey1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-7/cert1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-7/fullchain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-12/chain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-12/privkey1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-12/cert1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-12/fullchain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-1/chain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-1/privkey1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-1/cert1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-1/fullchain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-2/chain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-2/privkey1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-2/cert1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-2/fullchain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-13/chain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-13/privkey1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-13/cert1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-13/fullchain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-24/chain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-24/privkey1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-24/cert1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-24/fullchain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-8/chain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-8/privkey1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-8/cert1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-8/fullchain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-10/chain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-10/privkey1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-10/cert1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-10/fullchain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-23/chain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-23/privkey1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-23/cert1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-23/fullchain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-9/chain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-9/privkey1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-9/cert1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-9/fullchain1.pem.
[cert_cleanup] 84 file(s) kept.
[cert_cleanup] 0 file(s) deleted.
[app         ] [9/3/2024] [2:41:53 PM] [Migrate  ] › ℹ  info      Current database version: 20211108145214
[app         ] [9/3/2024] [2:41:54 PM] [Setup    ] › ℹ  info      Logrotate Timer initialized
[app         ] [9/3/2024] [2:41:54 PM] [Global   ] › ⬤  debug     CMD: logrotate -s /config/logrotate.status /etc/logrotate.d/nginx-proxy-manager
[app         ] [9/3/2024] [2:41:54 PM] [Setup    ] › ℹ  info      Logrotate completed.
[app         ] [9/3/2024] [2:41:54 PM] [IP Ranges] › ℹ  info      Fetching IP Ranges from online services...
[app         ] [9/3/2024] [2:41:54 PM] [IP Ranges] › ℹ  info      Fetching https://ip-ranges.amazonaws.com/ip-ranges.json
[app         ] [9/3/2024] [2:41:55 PM] [IP Ranges] › ℹ  info      Fetching https://www.cloudflare.com/ips-v4
[app         ] [9/3/2024] [2:41:56 PM] [IP Ranges] › ℹ  info      Fetching https://www.cloudflare.com/ips-v6
[app         ] [9/3/2024] [2:41:56 PM] [SSL      ] › ℹ  info      Let's Encrypt Renewal Timer initialized
[app         ] [9/3/2024] [2:41:56 PM] [SSL      ] › ℹ  info      Renewing SSL certs expiring within 30 days ...
[app         ] [9/3/2024] [2:41:56 PM] [IP Ranges] › ℹ  info      IP Ranges Renewal Timer initialized
[app         ] [9/3/2024] [2:41:56 PM] [Global   ] › ℹ  info      Backend PID 445 listening on port 3000 ...
[app         ] [9/3/2024] [2:41:56 PM] [SSL      ] › ℹ  info      Completed SSL cert renew process

Container inspect

No response

Anything else?

CAPTCHA_PROVIDER=recaptcha

Captcha Secret Key

SECRET_KEY=Key

Captcha Site key

SITE_KEY=Other Key CAPTCHA_TEMPLATE_PATH=/data/crowdsec/templates/captcha.html CAPTCHA_EXPIRATION=3600

VilterPD commented 1 week ago

Aaaand I found the solution myself. The captcha.html has to be inside /data/crowdsec/ or subfolders, otherwise chaos will ensue. Not sure why.