jn9999
commented
1 year ago Try without listen.acl_users = apache,nginx and listen.acl_users = apache in /etc/php-fpm.d/www.conf
Open Foxi352 opened 1 year ago
jn9999
commented
1 year ago Try without listen.acl_users = apache,nginx and listen.acl_users = apache in /etc/php-fpm.d/www.conf
Foxi352
commented
1 year ago What i tried is while the MISP container is running and continuously spawning the two error lines mentioned above, i went into a bash shell edited the /etc/php-fpm.d/www.conf file and commented out the listen.acl_users line you mentioned (war 3rd last line):
...<snip>...
;listen.acl_users = apache
access.log = /var/log/php-fpm/$pool.access.log
access.format = "%R %{HTTP_X_REQUEST_ID}e - %u %t \"%m %r%Q%q\" %s %{mili}d %{kilo}M %C%%"
[root@a22bd860d3cb php-fpm.d]# The error message continued ... Even a container restart (which preserves the modification) did not solve it. Could it be an umask issue on the host system ?
jn9999
commented
1 year ago Check the whole file for a second listen.acl_users line and comment out that as well.
Foxi352
commented
1 year ago Thanks, i did miss this line the first time. Sorry. Now everything seems to startup as it should. And i end up with the following:
---<snip>---
misp | 2023-03-07 11:47:33,478 INFO success: php-fpm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
misp | Galaxies updated.
misp | Noticelists updated.
misp | Warninglists updated.
misp | Taxonomies updated.
misp | ObjectTemplates updated.
misp | ObjectRelationships updated.
misp | All JSON structures updated. Thank you and have a very safe and productive day.
misp | 2023-03-07 11:49:12,613 INFO reaped unknown pid 50 (exit status 0)While this looks right the container stays in unhealthy state (after being for +/- 1 minuten in (health: starting) state:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
db3b16c59eca ghcr.io/nukib/misp:latest "/usr/local/bin/dock…" 2 hours ago Up 2 hours (unhealthy) 127.0.0.1:50000->50000/tcp, 127.0.0.1:8003->80/tcp misp
f4b7eb90cd21 ghcr.io/nukib/misp-modules:latest "/home/misp-modules/…" 2 hours ago Up 2 hours (healthy) 6666/tcp misp-modules
221d7ee399b6 mariadb:10.10 "docker-entrypoint.s…" 2 hours ago Up 2 hours 3306/tcp misp-mysql
e500d41c58ec redis:7.0 "docker-entrypoint.s…" 2 hours ago Up 2 hours 6379/tcp misp-redisAnd the MISP web page shows the following:
At first i thought it was due to my HTTPS reverse proxy which does the TLS offloading and forwards to localhost:8003, but a quick curl http://localhost:8003 on the docker host itself yielded the same error.
It this maybe related, or should i open a new issue ?
Foxi352
commented
1 year ago Additional info in /var/log/httpd/error_log inside misp container:
[Mon Mar 13 14:30:21.881547 2023] [proxy:error] [pid 175:tid 140011403982592] (13)Permission denied: AH02454: FCGI: attempt to connect to Unix domain socket /run/php-fpm/www.sock (127.0.0.1) failed
[Mon Mar 13 14:30:21.881650 2023] [proxy_fcgi:error] [pid 175:tid 140011403982592] [client 172.20.0.1:33224] AH01079: failed to make connection to backend: httpd-UDSSolution was to chown apache:apache /run/php-fpm/www.sock. This has probably to do with the listen.acl_users you asked me to remove in your comment above ?
Anyways: This makes the container go healthy and MISP seems to work correctly. Sadly these manipulations, editing the .conf and chown'ing the socket, have to be done on every container restart. So i guess we need a fix for this ...
First time i try containerised MISP. So i pulled the
docker-compose.ymlwith thecurlcommand you specified into an empty directory. Changed:And the ports section to
- 127.0.0.1:8003:80which my nginx https reverse proxy points to.I launched
docker-compose upwhich initialised everything correctly as far as i can see, butmispcontainer stays unhealthy and does not start correctly.docker-compose upconsole shows:Inside the misp container
/var/log/php-fpm/error.logDidi i miss something ?
Additional info: OS:
VMware Photon OS 5.0Docker:Docker version 20.10.14, build a224086