Closed galbantow closed 2 years ago
I will take a look at this when I finish my winter vacation.
I will take a look at this when I finish my winter vacation.
Enjoy your vacation :)
This is a solid workaround for the problem, but I don't think it is docker style approach... if you know what i mean ;)
How about this:
Inside the Dockerfile
we can add additional package called wait-for-it. This is tool recommended by Docker, which helps you in situations you described. Additionally we have to change Dockerfile
and replace
ENTRYPOINT ["npm", "start"]
with
CMD ["npm", "start"]
In such a way we can have full backward compatibility (one could start CRA container as before), but CMD
can be overwritten by command
in docker-compose.yaml
file:
version: '3.8'
services:
clamd:
image: clamav/clamav:0.104
restart: unless-stopped
networks:
- clam-net
api:
image: clamav-rest-api
restart: unless-stopped
command: ['/usr/bin/wait-for-it', '-h', 'clamd', '-p', '3310', '-s', '-t', '30', '--', 'npm', 'start']
environment:
- NODE_ENV=production
- CLAMD_IP=clamd
- APP_FORM_KEY=FILES
- APP_PORT=3000
ports:
- '8080:3000'
networks:
- clam-net
networks:
clam-net:
As Microsoft docs states here command
is a supported option while depends_on
is ignored in docker-compose.yaml
file.
I haven't tested it on Azure but starting this stack locally gives me this output:
❯ docker-compose up
[+] Running 3/3
⠿ Network temp_clam-net Created 0.0s
⠿ Container temp-clamd-1 Created 0.1s
⠿ Container temp-api-1 Created 0.1s
Attaching to temp-api-1, temp-clamd-1
temp-api-1 | wait-for-it: waiting 30 seconds for clamd:3310
temp-clamd-1 | Starting ClamAV
Socket for clamd not found yet, retrying (12/1800) ...Sat Feb 19 18:54:39 2022 -> Limits: Global time limit set to 120000 milliseconds.
temp-clamd-1 | Sat Feb 19 18:54:39 2022 -> Limits: Global size limit set to 104857600 bytes.
temp-clamd-1 | Sat Feb 19 18:54:39 2022 -> Limits: File size limit set to 26214400 bytes.
temp-clamd-1 | Sat Feb 19 18:54:39 2022 -> Limits: Recursion level limit set to 17.
temp-clamd-1 | Sat Feb 19 18:54:39 2022 -> Limits: Files limit set to 10000.
temp-clamd-1 | Sat Feb 19 18:54:39 2022 -> Limits: MaxEmbeddedPE limit set to 10485760 bytes.
temp-clamd-1 | Sat Feb 19 18:54:39 2022 -> Limits: MaxHTMLNormalize limit set to 10485760 bytes.
temp-clamd-1 | Sat Feb 19 18:54:39 2022 -> Limits: MaxHTMLNoTags limit set to 2097152 bytes.
temp-clamd-1 | Sat Feb 19 18:54:39 2022 -> Limits: MaxScriptNormalize limit set to 5242880 bytes.
temp-clamd-1 | Sat Feb 19 18:54:39 2022 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes.
temp-clamd-1 | Sat Feb 19 18:54:39 2022 -> Limits: MaxPartitions limit set to 50.
temp-clamd-1 | Sat Feb 19 18:54:39 2022 -> Limits: MaxIconsPE limit set to 100.
temp-clamd-1 | Sat Feb 19 18:54:39 2022 -> Limits: MaxRecHWP3 limit set to 16.
temp-clamd-1 | Sat Feb 19 18:54:39 2022 -> Limits: PCREMatchLimit limit set to 100000.
temp-clamd-1 | Sat Feb 19 18:54:39 2022 -> Limits: PCRERecMatchLimit limit set to 2000.
temp-clamd-1 | Sat Feb 19 18:54:39 2022 -> Limits: PCREMaxFileSize limit set to 26214400.
temp-clamd-1 | Sat Feb 19 18:54:39 2022 -> Archive support enabled.
temp-clamd-1 | Sat Feb 19 18:54:39 2022 -> AlertExceedsMax heuristic detection disabled.
temp-clamd-1 | Sat Feb 19 18:54:39 2022 -> Heuristic alerts enabled.
temp-clamd-1 | Sat Feb 19 18:54:39 2022 -> Portable Executable support enabled.
temp-clamd-1 | Sat Feb 19 18:54:39 2022 -> ELF support enabled.
temp-clamd-1 | Sat Feb 19 18:54:39 2022 -> Mail files support enabled.
temp-clamd-1 | Sat Feb 19 18:54:39 2022 -> OLE2 support enabled.
temp-clamd-1 | Sat Feb 19 18:54:39 2022 -> PDF support enabled.
temp-clamd-1 | Sat Feb 19 18:54:39 2022 -> SWF support enabled.
temp-clamd-1 | Sat Feb 19 18:54:39 2022 -> HTML support enabled.
temp-clamd-1 | Sat Feb 19 18:54:39 2022 -> XMLDOCS support enabled.
temp-clamd-1 | Sat Feb 19 18:54:39 2022 -> HWP3 support enabled.
temp-clamd-1 | Sat Feb 19 18:54:39 2022 -> Self checking every 600 seconds.
temp-clamd-1 | Sat Feb 19 18:54:39 2022 -> Set stacksize to 1048576
temp-clamd-1 | socket found, clamd started.
temp-clamd-1 | Starting Freshclamd
temp-clamd-1 | ClamAV update process started at Sat Feb 19 18:54:39 2022
temp-clamd-1 | daily database available for update (local version: 26454, remote version: 26458)
temp-api-1 | wait-for-it: clamd:3310 is available after 14 seconds
temp-api-1 |
temp-api-1 | > clamav-rest-api@1.0.10 start /clamav-rest-api
temp-api-1 | > node src/app.js
temp-api-1 |
temp-api-1 | Server started on PORT: 3000
temp-clamd-1 | Testing database: '/var/lib/clamav/tmp.f7b4f0cf1f/clamav-1393d39a8ada227a57df7f3344fef810.tmp-daily.cld' ...
temp-clamd-1 | Database test passed.
temp-clamd-1 | daily.cld updated (version: 26458, sigs: 1974077, f-level: 90, builder: raynman)
temp-clamd-1 | main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
temp-clamd-1 | bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)
temp-clamd-1 | Clamd successfully notified about the update.
temp-clamd-1 | Sat Feb 19 18:54:45 2022 -> Reading databases from /var/lib/clamav
temp-clamd-1 | Sat Feb 19 18:54:57 2022 -> Database correctly reloaded (8606148 signatures)
temp-clamd-1 | Sat Feb 19 18:54:57 2022 -> Activating the newly loaded database...
temp-api-1 | ::ffff:172.20.0.1 - - [19/Feb/2022:18:55:04 +0000] "GET /api/v1/version HTTP/1.1" 200 85 "-" "PostmanRuntime/7.29.0"
temp-clamd-1 | Sat Feb 19 18:55:08 2022 -> instream(172.20.0.3@49792): Win.Test.EICAR_HDB-1 FOUND
temp-api-1 | ::ffff:172.20.0.1 - - [19/Feb/2022:18:55:09 +0000] "POST /api/v1/scan HTTP/1.1" 200 229 "-" "PostmanRuntime/7.29.0"
temp-clamd-1 | Sat Feb 19 19:05:09 2022 -> SelfCheck: Database status OK.
Of course there has to be examples
updated to show this solution for someone facing the same problem.
PS. I'm a little bit purist in terms of applying "quick fixes" or "workarounds"... I've seen to many of them ;)
No problem, thanks for taking the time to investigate and for giving a work around. Feel free to close this PR if you feel it's not quite appropriate. Cheers, Gavin
Gavin, could you please check temporary new docker image called: benzino77/clamav-rest-api:development
I've just pushed to repository, and tell me whether it solves your issue on Azure or not?
The docker-compose.yml
you could use should be similar to this one:
version: '3.8'
services:
clamd:
image: clamav/clamav:0.104
restart: unless-stopped
networks:
- clam-net
api:
image: benzino77/clamav-rest-api:development
restart: unless-stopped
# depends_on is ignored in some situations (have a look at the discussion in this PR: https://github.com/benzino77/clamav-rest-api/pull/23)
# to fix such situation there is wait-for-it script available inside the CRA docker image
# so to wait for clamd to be available, one could ovewrite the CMD with wait-for-it script
# UNCOMMENT following line to check if clamav is available on host clamd and port 3310, set timeout to 60 seconds
command: ['/usr/bin/wait-for-it', '-h', 'clamd', '-p', '3310', '-s', '-t', '60', '--', 'npm', 'start']
# depends_on:
# - clamd
environment:
- NODE_ENV=production
- CLAMD_IP=clamd
- APP_FORM_KEY=FILES
- APP_PORT=3000
ports:
- '8080:3000'
networks:
- clam-net
networks:
clam-net:
Just tested it and it all looks good to me, Cheers!
Great! I will release new version today evening (UTC). Thanks for your engagement!
I've just pushed new release 1.0.11
, so it can be used by benzino77/clamav-rest-api
(latest) or benzino77/clamav-rest-api:1.0.11
in docker-compose.yml
file.
can you please help me I get same error when i deploy clamav on a GKE cluster and it connects through a squid proxy , this is the dockerfile
FROM node:14.15.4-buster-slim
# Set versions
ENV CLOUD_SDK_VERSION=309.0.0
# Install base packages
ENV PATH $PATH:/usr/local/gcloud/google-cloud-sdk/bin
RUN apt-get update && \
apt-get install -y build-essential clamav-daemon clamav-freshclam curl python3 sudo && \
rm -rf /var/lib/apt/lists/* && \
mkdir -p /usr/local/gcloud && \
curl -O https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-${CLOUD_SDK_VERSION}-linux-x86_64.tar.gz && \
tar -C /usr/local/gcloud -xvf google-cloud-sdk-${CLOUD_SDK_VERSION}-linux-x86_64.tar.gz && \
rm google-cloud-sdk-${CLOUD_SDK_VERSION}-linux-x86_64.tar.gz && \
ln -s /lib /lib64 && \
gcloud config set core/disable_usage_reporting true && \
gcloud config set component_manager/disable_update_check true && \
mkdir -p /home/node/app && \
chown -R node:node /home/node/app && \
chmod 777 /var/log/clamav/freshclam.log && \
chmod 777 /var/lib/clamav && \
echo "TCPSocket 3310" >> /etc/clamav/clamd.conf && \
echo "TCPAddr 127.0.0.1" >> /etc/clamav/clamd.conf && \
echo "User node" >> /etc/clamav/clamd.conf && \
echo "DatabaseOwner node" >> /etc/clamav/freshclam.conf && \
echo "HTTPProxyServer squid-proxy.neds.local" >> /etc/clamav/freshclam.conf && \
echo "HTTPProxyPort 3128" >> /etc/clamav/freshclam.conf && \
echo "node ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/node
# Bring in app code
WORKDIR /home/node/app
COPY --chown=node:node . .
# Set up app
RUN npm config set python $(which python3) && \
npm install
# Run the rest as the node user
USER 1000
CMD ["/bin/bash", "bootstrap.sh"]
and this is the bootstrap.sh
#!/bin/bash
sudo service clamav-freshclam stop && \
sudo freshclam && \
sudo service clamav-freshclam start && \
sudo service clamav-daemon force-reload && \
npm start
The Error : Error: connect ECONNREFUSED 127.0.0.1:3310 at TCPConnectWrap.afterConnect [as oncomplete] (node:net:1158:16) I would really appreciate if you help me and thanks in advance
I think that changing your bootstrap.sh
script to something similar to:
#!/bin/bash
sudo service clamav-freshclam stop && \
sudo freshclam && \
sudo service clamav-freshclam start && \
sudo service clamav-daemon force-reload && \
/usr/bin/wait-for-it -h localhost -p 3310 -s -t 60 -- npm start
should do the trick. I assume that clamavd is running on localhost.
The problem: The API has a design flaw which causes issues when running with the Azure web app instance under docker compose.
The Solution: I have implemented a retry loop in that allows the application to attempt to restart up to X amount of times without notifying azure that there is a problem. In addition, I have created a new variable STARTUP_RETRY that allows us to specify the amount of times the API container will retry before failure.
REPRODUCE This issue can be easily reproduced on a local development environment using the following docker compose. You will note that the app crashes and restarts numerous times while clam is getting ready.
BEFORE![image](https://user-images.githubusercontent.com/16983537/154157483-a6da6937-5382-48de-a1ca-579a5fc17286.png)
AFTER![image](https://user-images.githubusercontent.com/16983537/154157832-d7286412-6a02-40ab-aa8f-b5e4e2f1bed2.png)