BASE_URL seems broken for versions after v2.4.193

yaleman commented 2 months ago

It's set as an environment variable on the container, but attempting to log into the instance redirects me to https://localhost/users/login ... upgrading to any version after that exhibits the erroneous behaviour.

env var list:

MYSQL_HOST:           misp-mysql.misp.svc.cluster.local
MYSQL_LOGIN:          misp
MYSQL_PASSWORD:       <redacted>
MYSQL_DATABASE:       misp
REDIS_FQDN:           misp-redis.misp.svc.cluster.local
BASE_URL:             https://misp.example.com (my domain)
MISP_UUID:            <redacted>
MISP_ORG:             <redacted>
MISP_MODULE_URL:      http://misp-modules
MISP_EMAIL:           <redacted>
SECURITY_SALT:        <redacted>
ZEROMQ_ENABLED:       no
GPG_PASSPHRASE:       <redacted>

ostefano commented 2 months ago

Can you post all the terminal logs after docker compose up?

ostefano commented 2 months ago

@yaleman just tried to: 1) remove localhost from /etc/hosts 2) add localhost2 3) change .env file to localhost2

And:

login was successful, ended up in localhost2
all base_urls inside the container changed to localhost2

In other words, unable to reproduce.

ostefano commented 2 months ago

The only thing I see that might need to be updated is the healthcheck inside the docker compose, but besides that I see nothing off after .193.

yaleman commented 2 months ago

I'm confused by your "unable to reproduce".

I have a working configuration, and the only change is to bump the container image from ghcr.io/misp/misp-docker/misp-core:v2.4.193 to ghcr.io/misp/misp-docker/misp-core:v2.4.194 and it starts redirecting me to the incorrect URL..

yaleman commented 2 months ago

logs from running v.2.4.194

the URL seems to be being set correctly per the logs (I've replaced my internal hostname with misp.example.com)

2024-08-26 05:13:37,270 WARN For [program:nginx], redirect_stderr=true but stderr_logfile has also been set to a filename, the filename has been ignored
2024-08-26 05:13:37,291 WARN For [program:php-fpm], redirect_stderr=true but stderr_logfile has also been set to a filename, the filename has been ignored
2024-08-26 05:13:37,295 WARN For [program:cron], redirect_stderr=true but stderr_logfile has also been set to a filename, the filename has been ignored
2024-08-26 05:13:37,323 INFO Included extra file "/etc/supervisor/conf.d/10-supervisor.conf" during parsing
2024-08-26 05:13:37,326 INFO Included extra file "/etc/supervisor/conf.d/50-workers.conf" during parsing
2024-08-26 05:13:37,327 INFO Set uid to user 0 succeeded
2024-08-26 05:13:37,568 INFO RPC interface 'supervisor' initialized
2024-08-26 05:13:37,570 INFO RPC interface 'supervisor' initialized
2024-08-26 05:13:37,571 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2024-08-26 05:13:37,596 INFO supervisord started with pid 7
2024-08-26 05:13:38,601 INFO spawned: 'cron' with pid 8
2024-08-26 05:13:38,628 INFO spawned: 'nginx' with pid 9
2024-08-26 05:13:38,657 INFO spawned: 'php-fpm' with pid 10
Configure PHP | Change PHP values ...
INIT | Initialize MySQL ...
Configure PHP | Starting PHP FPM
... database has already been initialized
INIT | Initialize NGINX ...
... enabling port 80 redirect
... enabling IPv6 on port 80
... enabling SSL redirect
... enabling port 443
... enabling IPv6 on port 443
... generating new self-signed TLS certificate
..+............+.........+.+......+..+......+......+.+.........+.....+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*........+...+.+...+...........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...........+..+.2024-08-26 05:13:39,613 INFO success: cron entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-26 05:13:39,613 INFO success: nginx entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
...2024-08-26 05:13:39,635 INFO success: php-fpm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
..............+...+............+....+...+.....+......+.+...+...+.....+.......+...+........+......+...+.+......+........+...+...+..........+.........+.....................+.....+.+........+...+.........+.+........+............+...+......+......+.........+....+..+..........+.....+.............+..............+.+..............+.+..............+......+.+...........+.............+.....+......+..........+...+.......................+...+.+...+..+.+...............+.....+............+......+......+.+...+..+............+.+..+............+.+...............+...........+................+..+...+...+...............+............+.........+.............+..+.............+.....+..........+..+..........+.....+...+...+.........+.........+....+......+...........+...............+.........+.......+.....+.........................+...+.....+.+......+...............+............+..+...............+...+..........+.................+..........+.....+.........+....+..+.............+...........+....+.....+..........+..................+.....+...+..........+.....+.+..............+............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
..+...+.....+......+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+.+......+...........+...+....+......+...........+....+.........+...+..+......+.+.....+.+...+..+.........+...+...+............+......+....+.....+......+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+........+.+..................+...+............+......+.................+...+....+...............+...+........+.+.....+...+...+....+...+...+..+...+...............+.......+...+............+..+......+............+......+....+...+...+...........+.............+..+...............+...............+.+..............+....+.....................+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
... generating new DH parameters
Generating DH parameters, 2048 bit long safe prime
......................+.................+.......................................................................................................................................................................................................................+.................................................+................................................................................................................................................................................+...................................................+...................................................+............................................................................................................................................+.......................................................+.......................................................................+....................................................................................................+...........................+........................+.............................................+........................................................................................................................................................................................................................+......................................................................................................................................................................................................................+............................................+................................................................................................................................+.................................................................................................................................................+....................+............................................................................................................................................................+..............................................................................................................................................................................................................................................................................................................................................................+..............................................................................................+.......+.....................................................................................................................................................................................................................................................................................................................................................................................................................................+..................................................................................................................+.........................................................................+.................................................................................................................................................................................................................................................+...........................................+..............................................................................................................................................................................................................................................................+.........................+............................................................................................................................................+.............+....+...............+.........................+...................................................................................................................................................................................................................................................................................................................+...............................................................................................+......................................................+..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................+...............................................................................................................+..................................................................................+.....................................................+............................................................................................................+.+...................................+...........................................................................+..............................................................................................................................................................................................................................................................................+.................................................................................................................................................................................................................................................................................................................................................................+.....................................................................................................................................................................................+......................+............................................................................................................+......................................+............................................................................+...............................................................................................................+.......................................................................................................................+..................................................................................................................+...+....................................+.....................................................................................+................................................................................................+........................................................................................................................................................................................................................................................................................+............................................................................................................................................................................................................................................................................................................................................................................+.......................................................................................................................................................................+......+.......................................................................................................................................................+........+................................................................................+....................................................................................................................................................................................................................+...............................................................................................+..................+...................................................................................................................+................................................+............................................+.................................................................................................+.............+........................................................................+.....................................................................................+..........................+....................................+....................+....+............................................................................................................................................................................+..................................................................................................................................................................................+........................................+....................+..................................................................................................................................................................................................................................................................................................................................................................................+...............................+...+...............................................................................................+.............................+..............................+......................+................................................................+......................................................+.........+.............................................................+.................................................................................................................................................................................+..........................................+.....................................................................................................................................+......................................................................................+.................................................................................................................................................+......................................................+.....................................+..........................................................................+........................................+.......................................................................................................................+...............................................................................................+...............................+..............................................................................................................................................................................++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*++*
... nginx docroot set to /var/www/html/
INIT | Initialize MISP files and configurations ...
... initialize configuration files
13+1 records in
13+1 records out
7120 bytes (7.1 kB, 7.0 KiB) copied, 0.00103316 s, 6.9 MB/s
4+1 records in
4+1 records out
2541 bytes (2.5 kB, 2.5 KiB) copied, 0.00159333 s, 1.6 MB/s
21+1 records in
21+1 records out
10814 bytes (11 kB, 11 KiB) copied, 0.00116278 s, 9.3 MB/s
31+1 records in
31+1 records out
15928 bytes (16 kB, 16 KiB) copied, 0.00126326 s, 12.6 MB/s
... initialize database.php settings
... initialize email.php settings
... initialize app files
INIT | Update MISP app/files directory ...
... rsync -azh --delete "/var/www/MISP/app/files.dist/browscap" "/var/www/MISP/app/files/"
... rsync -azh "/var/www/MISP/app/files.dist/certs" "/var/www/MISP/app/files/"
... rsync -azh --delete "/var/www/MISP/app/files.dist/community-metadata" "/var/www/MISP/app/files/"
... rsync -azh --delete "/var/www/MISP/app/files.dist/empty" "/var/www/MISP/app/files/"
... rsync -azh --delete "/var/www/MISP/app/files.dist/feed-metadata" "/var/www/MISP/app/files/"
... rsync -azh --delete "/var/www/MISP/app/files.dist/geo-open" "/var/www/MISP/app/files/"
... rsync -azh "/var/www/MISP/app/files.dist/img" "/var/www/MISP/app/files/"
... rsync -azh --delete "/var/www/MISP/app/files.dist/misp-decaying-models" "/var/www/MISP/app/files/"
... rsync -azh --delete "/var/www/MISP/app/files.dist/misp-galaxy" "/var/www/MISP/app/files/"
... rsync -azh --delete "/var/www/MISP/app/files.dist/misp-objects" "/var/www/MISP/app/files/"
... rsync -azh --delete "/var/www/MISP/app/files.dist/misp-workflow-blueprints" "/var/www/MISP/app/files/"
... rsync -azh --delete "/var/www/MISP/app/files.dist/noticelists" "/var/www/MISP/app/files/"
... rsync -azh --delete "/var/www/MISP/app/files.dist/scripts" "/var/www/MISP/app/files/"
... rsync -azh "/var/www/MISP/app/files.dist/taxonomies" "/var/www/MISP/app/files/"
... rsync -azh --delete "/var/www/MISP/app/files.dist/terms" "/var/www/MISP/app/files/"
... rsync -azh --delete "/var/www/MISP/app/files.dist/warninglists" "/var/www/MISP/app/files/"
INIT | Enforce MISP permissions ...
... chown -R www-data:www-data /var/www/MISP/app/tmp
... chmod -R 0550 files /var/www/MISP/app/tmp
... chmod -R 0770 directories /var/www/MISP/app/tmp
... chmod -R u+w,g+w /var/www/MISP/app/tmp
... chown -R www-data:www-data /var/www/MISP/app/files
... chmod -R 0550 files /var/www/MISP/app/files
... chmod -R 0770 directories /var/www/MISP/app/files
... chmod -R u+w,g+w /var/www/MISP/app/files
... chown -R www-data:www-data /var/www/MISP/app/Config
... chmod -R 0550 files /var/www/MISP/app/Config ...
... chmod -R 0770 directories /var/www/MISP/app/Config
... chmod 600 /var/www/MISP/app/Config/{config,database,email}.php
INIT | Flip NGINX live ...
... nginx docroot set to /var/www/MISP/app/webroot
... nginx reloaded
2024/08/26 05:18:56 [notice] 144#144: signal process started
INIT | Configure MISP installation ...
MISP | Update CA certificates ...
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
Updating /var/www/MISP/app/Lib/cakephp/lib/Cake/Config/cacert.pem...
MISP | Apply minimum configuration directives ...
... enforcing env var settings
Enforcing minimum_config setting 'GnuPG.binary' to env var or default value '/usr/bin/gpg'...
Enforcing minimum_config setting 'MISP.python_bin' to env var or default value '/usr/local/bin/python3'...
Enforcing minimum_config setting 'MISP.redis_host' to env var or default value 'misp-redis.misp.svc.cluster.local'...
Enforcing minimum_config setting 'SimpleBackgroundJobs.redis_host' to env var or default value 'misp-redis.misp.svc.cluster.local'...
... checking for unset default settings
Updating unset minimum_config setting 'MISP.attachments_dir' to '/var/www/MISP/app/files'...
Updating unset minimum_config setting 'MISP.background_jobs' to 'true'...
Updating unset minimum_config setting 'MISP.ca_path' to '/etc/ssl/certs/ca-certificates.crt'...
Updating unset minimum_config setting 'MISP.download_gpg_from_homedir' to 'false'...
Updating unset minimum_config setting 'MISP.menu_custom_right_link' to ''...
Updating unset minimum_config setting 'MISP.menu_custom_right_link_html' to ''...
Updating unset minimum_config setting 'MISP.online_version_check' to 'true'...
Updating unset minimum_config setting 'MISP.osuser' to 'www-data'...
Updating unset minimum_config setting 'MISP.redis_database' to '13'...
Updating unset minimum_config setting 'MISP.redis_password' to ''...
Updating unset minimum_config setting 'MISP.redis_port' to '6379'...
Updating unset minimum_config setting 'MISP.self_update' to 'false'...
Updating unset minimum_config setting 'MISP.tmpdir' to '/var/www/MISP/app/tmp'...
Updating unset minimum_config setting 'Security.disable_instance_file_uploads' to 'false'...
Updating unset minimum_config setting 'Security.disable_local_feed_access' to 'false'...
Updating unset minimum_config setting 'Security.rest_client_enable_arbitrary_urls' to 'false'...
Updating unset minimum_config setting 'Security.salt' to ''...
Updating unset minimum_config setting 'SimpleBackgroundJobs.enabled' to 'true'...
Updating unset minimum_config setting 'SimpleBackgroundJobs.max_job_history_ttl' to '86400'...
Updating unset minimum_config setting 'SimpleBackgroundJobs.redis_database' to '1'...
Updating unset minimum_config setting 'SimpleBackgroundJobs.redis_namespace' to 'background_jobs'...
Updating unset minimum_config setting 'SimpleBackgroundJobs.redis_password' to ''...
Updating unset minimum_config setting 'SimpleBackgroundJobs.redis_port' to '6379'...
Updating unset minimum_config setting 'SimpleBackgroundJobs.supervisor_host' to '127.0.0.1'...
Updating unset minimum_config setting 'SimpleBackgroundJobs.supervisor_password' to 'supervisor'...
Updating unset minimum_config setting 'SimpleBackgroundJobs.supervisor_port' to '9001'...
Updating unset minimum_config setting 'SimpleBackgroundJobs.supervisor_user' to 'supervisor'...
MISP | Apply DB updates ...
Executing all updates to bring the database up to date with the current version.
All updates completed.
MISP | Initialize configuration ...
... enforcing env var settings
Enforcing db_enable setting 'MISP.system_setting_db' to env var or default value ''...
Error: Invalid state value ``, it must be `true`, `false`, `1`, or `0`.
... enforcing env var settings
Enforcing initialisation setting 'MISP.baseurl' to env var or default value 'https://misp.example.com'...
Enforcing initialisation setting 'MISP.contact' to env var or default value 'admin@admin.test'...
Enforcing initialisation setting 'MISP.email' to env var or default value 'misp@example.com'...
Enforcing initialisation setting 'Plugin.Action_services_url' to env var or default value 'http://misp-modules'...
Enforcing initialisation setting 'Plugin.Enrichment_services_url' to env var or default value 'http://misp-modules'...
Enforcing initialisation setting 'Plugin.Export_services_url' to env var or default value 'http://misp-modules'...
Enforcing initialisation setting 'Plugin.Import_services_url' to env var or default value 'http://misp-modules'...
Enforcing initialisation setting 'Plugin.ZeroMQ_redis_host' to env var or default value 'misp-redis.misp.svc.cluster.local'...
Enforcing initialisation setting 'debug' to env var or default value ''...
Error: Setting "debug" change rejected.
Provided value  is not a number.
... checking for unset default settings
Updating unset initialisation setting 'MISP.default_attribute_distribution' to 'event'...
Updating unset initialisation setting 'MISP.default_event_distribution' to '1'...
Updating unset initialisation setting 'MISP.default_event_tag_collection' to '0'...
Updating unset initialisation setting 'MISP.delegation' to 'true'...
Updating unset initialisation setting 'MISP.disable_user_login_change' to 'false'...
Updating unset initialisation setting 'MISP.enableEventBlocklisting' to 'true'...
Updating unset initialisation setting 'MISP.enableOrgBlocklisting' to 'true'...
Updating unset initialisation setting 'MISP.event_alert_republish_ban' to 'true'...
Updating unset initialisation setting 'MISP.event_alert_republish_ban_refresh_on_retry' to 'true'...
Updating unset initialisation setting 'MISP.event_alert_republish_ban_threshold' to '120'...
Updating unset initialisation setting 'MISP.full_tags_on_event_index' to '1'...
Updating unset initialisation setting 'MISP.incoming_tags_disabled_by_default' to 'false'...
Updating unset initialisation setting 'MISP.language' to 'eng'...
Updating unset initialisation setting 'MISP.log_auth' to 'true'...
Updating unset initialisation setting 'MISP.log_new_audit' to 'true'...
Updating unset initialisation setting 'MISP.proposals_block_attributes' to 'false'...
Updating unset initialisation setting 'MISP.server_settings_skip_backup_rotate' to 'false'...
Updating unset initialisation setting 'MISP.showCorrelationsOnIndex' to 'true'...
Updating unset initialisation setting 'MISP.showorg' to 'true'...
Updating unset initialisation setting 'MISP.showorgalternate' to 'false'...
Updating unset initialisation setting 'MISP.store_api_access_time' to 'false'...
Updating unset initialisation setting 'MISP.tagging' to 'true'...
Updating unset initialisation setting 'MISP.take_ownership_xml_import' to 'false'...
Updating unset initialisation setting 'MISP.terms_download' to 'false'...
Updating unset initialisation setting 'MISP.unpublishedprivate' to 'false'...
Updating unset initialisation setting 'MISP.user_email_notification_ban' to 'true'...
Updating unset initialisation setting 'Plugin.Cortex_services_enable' to 'false'...
Updating unset initialisation setting 'Plugin.Enrichment_services_enable' to 'true'...
Updating unset initialisation setting 'Plugin.Export_services_enable' to 'true'...
Updating unset initialisation setting 'Plugin.Import_services_enable' to 'true'...
Updating unset initialisation setting 'Plugin.ZeroMQ_enable' to 'false'...
Updating unset initialisation setting 'SecureAuth.amount' to '5'...
Updating unset initialisation setting 'SecureAuth.expire' to '300'...
Updating unset initialisation setting 'Security.advanced_authkeys' to 'true'...
Updating unset initialisation setting 'Security.alert_on_suspicious_logins' to 'true'...
Updating unset initialisation setting 'Security.check_sec_fetch_site_header' to 'true'...
Updating unset initialisation setting 'Security.disable_browser_cache' to 'true'...
Updating unset initialisation setting 'Security.do_not_log_authkeys' to 'true'...
Updating unset initialisation setting 'Security.encryption_key' to ''...
Updating unset initialisation setting 'Security.log_each_individual_auth_fail' to 'true'...
Updating unset initialisation setting 'Security.require_password_confirmation' to 'true'...
Updating unset initialisation setting 'Security.username_in_response_header' to 'true'...
MISP | Initialize workers ...
... starting background workers
2024-08-26 05:20:38,138 INFO spawned: 'default_00' with pid 2496
2024-08-26 05:20:38,146 INFO spawned: 'default_01' with pid 2497
2024-08-26 05:20:38,154 INFO spawned: 'default_02' with pid 2498
2024-08-26 05:20:38,161 INFO spawned: 'default_03' with pid 2499
2024-08-26 05:20:38,176 INFO spawned: 'default_04' with pid 2502
2024-08-26 05:20:38,186 INFO spawned: 'email_00' with pid 2505
2024-08-26 05:20:38,213 INFO spawned: 'email_01' with pid 2513
2024-08-26 05:20:38,233 INFO spawned: 'email_02' with pid 2516
2024-08-26 05:20:38,245 INFO spawned: 'email_03' with pid 2529
2024-08-26 05:20:38,287 INFO spawned: 'email_04' with pid 2537
2024-08-26 05:20:38,311 INFO spawned: 'cache_00' with pid 2544
2024-08-26 05:20:38,320 INFO spawned: 'cache_01' with pid 2549
2024-08-26 05:20:38,375 INFO spawned: 'cache_02' with pid 2562
2024-08-26 05:20:38,417 INFO spawned: 'cache_03' with pid 2567
2024-08-26 05:20:38,474 INFO spawned: 'cache_04' with pid 2572
2024-08-26 05:20:38,546 INFO spawned: 'prio_00' with pid 2582
2024-08-26 05:20:38,571 INFO spawned: 'prio_01' with pid 2585
2024-08-26 05:20:38,613 INFO spawned: 'prio_02' with pid 2591
2024-08-26 05:20:38,719 INFO spawned: 'prio_03' with pid 2594
2024-08-26 05:20:38,755 INFO spawned: 'prio_04' with pid 2606
2024-08-26 05:20:38,873 INFO spawned: 'update_00' with pid 2618
2024-08-26 05:20:39,336 INFO success: default_00 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-26 05:20:39,341 INFO success: default_01 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-26 05:20:39,341 INFO success: default_02 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-26 05:20:39,341 INFO success: default_03 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-26 05:20:39,341 INFO success: default_04 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-26 05:20:39,341 INFO success: email_00 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-26 05:20:39,342 INFO success: email_01 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-26 05:20:39,342 INFO success: email_02 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-26 05:20:39,342 INFO success: email_03 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-26 05:20:39,342 INFO success: email_04 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-26 05:20:39,342 INFO success: cache_00 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-26 05:20:39,342 INFO success: cache_01 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-26 05:20:39,342 INFO success: cache_02 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-26 05:20:40,091 INFO success: cache_03 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-26 05:20:40,092 INFO success: cache_04 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-26 05:20:40,098 INFO success: prio_00 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-26 05:20:40,099 INFO success: prio_01 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-26 05:20:40,099 INFO success: prio_02 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-26 05:20:40,099 INFO success: prio_03 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-26 05:20:40,099 INFO success: prio_04 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-26 05:20:40,099 INFO success: update_00 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
misp-workers:default_00: started
misp-workers:default_01: started
misp-workers:default_02: started
misp-workers:default_03: started
misp-workers:default_04: started
misp-workers:email_00: started
misp-workers:email_01: started
misp-workers:email_02: started
misp-workers:email_03: started
misp-workers:email_04: started
misp-workers:cache_00: started
misp-workers:cache_01: started
misp-workers:cache_02: started
misp-workers:cache_03: started
misp-workers:cache_04: started
misp-workers:prio_00: started
misp-workers:prio_01: started
misp-workers:prio_02: started
misp-workers:prio_03: started
misp-workers:prio_04: started
misp-workers:update_00: started
MISP | Configure GPG key ...
... generating new GPG key in /var/www/MISP/.gnupg
gpg: WARNING: unsafe permissions on homedir '/var/www/MISP/.gnupg'
gpg: keybox '/var/www/MISP/.gnupg/pubring.kbx' created
gpg: Generating a basic OpenPGP key
gpg: /var/www/MISP/.gnupg/trustdb.gpg: trustdb created
gpg: directory '/var/www/MISP/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/var/www/MISP/.gnupg/openpgp-revocs.d/512C97B3825846A072C8B32E2146EF68ACA021B8.rev'
gpg: Done
... exporting GPG key
... enforcing env var settings
Enforcing gpg setting 'GnuPG.email' to env var or default value 'misp@example.com'...
Enforcing gpg setting 'GnuPG.homedir' to env var or default value '/var/www/MISP/.gnupg'...
Enforcing gpg setting 'GnuPG.password' to env var or default value '<redacted>'...
... checking for unset default settings
Updating unset gpg setting 'GnuPG.onlyencrypted' to 'false'...
Updating unset gpg setting 'SMIME.enabled' to 'false'...
MISP | Init default user and organization ...
... admin user key auto generation disabled
... setting admin password skipped
MISP | Resolve critical issues ...
... enforcing env var settings
Enforcing critical setting 'MISP.external_baseurl' to env var or default value 'https://misp.example.com'...
Enforcing critical setting 'Security.rest_client_baseurl' to env var or default value 'https://misp.example.com'...
... checking for unset default settings
Updating unset critical setting 'MISP.host_org_id' to '1'...
Updating unset critical setting 'Plugin.Action_services_enable' to 'false'...
Updating unset critical setting 'Plugin.Enrichment_hover_enable' to 'false'...
Updating unset critical setting 'Plugin.Enrichment_hover_popover_only' to 'false'...
Updating unset critical setting 'Security.csp_enforce' to 'true'...
Updating unset critical setting 'Security.auth' to 'Array()'...
MISP | Resolve non-critical issues ...
... checking for unset default settings
Updating unset optional setting 'MISP.log_client_ip' to 'true'...
Updating unset optional setting 'MISP.log_user_ips' to 'true'...
Updating unset optional setting 'MISP.log_user_ips_authkeys' to 'true'...
Updating unset optional setting 'MISP.welcome_text_bottom' to ''...
Updating unset optional setting 'MISP.welcome_text_top' to ''...
Updating unset optional setting 'Plugin.Enrichment_hover_timeout' to '5'...
Updating unset optional setting 'Plugin.Enrichment_timeout' to '30'...
MISP | Create sync servers ...
... admin key auto configuration is required to configure sync servers
MISP | Update components ...
Galaxies updated
All taxonomies are up to date already.
0 warninglists updated, 0 fails
Notice lists updated
All object templates are up to date already.
MISP | Set Up OIDC ...
... OIDC authentication disabled
MISP | Set Up LDAP ...
... LDAP authentication disabled
MISP | Set Up AAD ...
... Entra (AzureAD) authentication disabled
MISP | Set Up Proxy ...
... Proxy disabled
MISP | Mark instance live
Set live status to True in Redis.
Set live status in PHP config file.
MISP is now live. Users can now log in.

ostefano commented 2 months ago

Are you using MISP.system_setting_db?

ostefano commented 2 months ago

Please update to the latest image (ghcr.io/misp/misp-docker/misp-core:v2.4.196). I have fixed many corner cases.

If you are using MISP.system_setting_db we also need @UFOSmuggler here.

yaleman commented 2 months ago

I don't know what MISP.system_setting_db is and can't find any mention of it in my config (I'm using Terraform because I'm running in k8s)

starting up with v2.4.196 it seems not...

... enforcing env var settings
Enforcing db_enable setting 'MISP.system_setting_db' to env var or default value 'false'...
... enforcing env var settings

But now I have an endless loop of the misp-modules processes dying in the logs (this continues until the container is killed). Funnily enough the web UI's fine, so... that's fun.

2024-08-26 12:38:08,037 WARN exited: cache_02 (exit status 1; not expected)
2024-08-26 12:38:08,052 WARN exited: prio_03 (exit status 1; not expected)
2024-08-26 12:38:08,054 INFO success: default_02 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-26 12:38:08,131 INFO success: default_04 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-26 12:38:08,208 INFO spawned: 'cache_02' with pid 8441
2024-08-26 12:38:08,243 INFO success: prio_00 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-26 12:38:08,319 INFO spawned: 'prio_03' with pid 8445
2024-08-26 12:38:08,331 INFO success: update_00 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-26 12:38:08,360 WARN exited: prio_04 (exit status 1; not expected)
2024-08-26 12:38:08,448 INFO spawned: 'prio_04' with pid 8462
2024-08-26 12:38:08,478 INFO success: email_04 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-26 12:38:08,704 INFO success: default_00 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-26 12:38:08,705 INFO success: prio_01 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-26 12:38:08,706 WARN exited: default_04 (exit status 1; not expected)
2024-08-26 12:38:08,717 INFO spawned: 'default_04' with pid 8470
2024-08-26 12:38:08,729 INFO success: email_00 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-26 12:38:08,969 INFO success: cache_03 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-26 12:38:08,970 INFO success: prio_02 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-26 12:38:08,971 WARN exited: email_02 (exit status 1; not expected)
2024-08-26 12:38:08,984 INFO spawned: 'email_02' with pid 8478
2024-08-26 12:38:09,165 INFO success: cache_02 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-26 12:38:09,166 WARN exited: cache_01 (exit status 1; not expected)
2024-08-26 12:38:09,166 WARN exited: email_04 (exit status 1; not expected)
2024-08-26 12:38:09,174 INFO spawned: 'email_04' with pid 8486
2024-08-26 12:38:09,181 INFO spawned: 'cache_01' with pid 8487

yaleman commented 2 months ago

tesing with v2.4.193 it looks like there can be a relatively long time between these two events, which might explain my original issue:

INIT | Flip NGINX live ...
<snip>

Enforcing initialisation setting 'MISP.baseurl' to env var or default value 'https://<url>'...

yaleman commented 2 months ago

Apologies for the erroneous issue, it looks like it's related to the race condition above. I'll try and work out the other thing then log another issue for that.

ostefano commented 2 months ago

Note that we recently changed redis to have a password. Make sure you merged any change on docker-compose.yml

UFOSmuggler commented 2 months ago

I'll have a look later today. Just noting this is k8s, so cant fully replicate yaleman's config.

MISP / misp-docker

BASE_URL seems broken for versions after v2.4.193 #128