search

bunkerity / bunkerweb

🛡️ Open-source and next-generation Web Application Firewall (WAF)
https://www.bunkerweb.io
GNU Affero General Public License v3.0
6.27k stars 350 forks source link

[BUG] I get 502 bad gateway with flask app #195

Closed Sorrow81 closed 3 years ago

Sorrow81 commented 3 years ago

Description Hello,

I tried to add a Flask service using autoconf. But with this service I get 502 bad gateway.

I tried to see the logs of the main container but when I do a cat on /var/logs/error.log it doesn't work inside the container I think.

Thank you for your insight.

How to reproduce When I launch my application (main.py) it launches a Flask application on port 5000.

image

class AnalyticsServer(Thread):
    def __init__(self, host: str = "127.0.0.1", port: int = 5000, refresh: int = 5):
        super(AnalyticsServer, self).__init__()

        self.host = host
        self.port = port
        self.refresh = refresh

        self.app = Flask(
            __name__,
            template_folder=os.path.join(Path().absolute(), "assets"),
            static_folder=os.path.join(Path().absolute(), "assets"),
        )
        self.app.add_url_rule("/", "index", index, defaults={"refresh": refresh})
        self.app.add_url_rule("/json/<string:streamer>", "json", read_json)

    def run(self):
        logger.info(
            f"Analytics running on http://{self.host}:{self.port}/",
            extra={"emoji": ":globe_with_meridians:"},
        )
        self.app.run(host=self.host, port=self.port, threaded=True)

image

My Dockerfile:

FROM python:3-slim-buster

ARG BUILDX_QEMU_ENV

WORKDIR /usr/src/app

COPY ./requirements.txt ./
RUN apt-get update
RUN DEBIAN_FRONTEND=noninteractive apt-get install -qq -y --fix-missing --no-install-recommends \
    gcc \
    libffi-dev \
    rustc \
    zlib1g-dev \
    libjpeg-dev \
    libssl-dev \
  && if [ "${BUILDX_QEMU_ENV}" = "true" ] && [ "$(getconf LONG_BIT)" = "32" ]; then \
        pip install -U cryptography==3.3.2; \
     fi \
  && pip install -r requirements.txt \
  && pip cache purge \
  && apt-get remove -y gcc rustc \
  && apt-get autoremove -y \
  && apt-get autoclean -y \
  && apt-get clean -y \
  && rm -rf /var/lib/apt/lists/* \
  && rm -rf /usr/share/doc/*

COPY . .
CMD [ "python", "./main.py" ]

My docker-compose:

version: "3"

services:

  twitchminer:
    build:
      context: .
      dockerfile: Dockerfile
    networks:
      services-net:
        aliases:
          - twitchminer
    labels:
      - "bunkerized-nginx.SERVER_NAME=twitchminer.local"
      - "bunkerized-nginx.USE_REVERSE_PROXY=yes"
      - "bunkerized-nginx.REVERSE_PROXY_URL=/"
      - "bunkerized-nginx.REVERSE_PROXY_HOST=http://twitchminer:5000"
      - "bunkerized-nginx.USE_BAD_BEHAVIOR=no"
      - "bunkerized-nginx.SERVE_FILES=no"
      - "bunkerized-nginx.DISABLE_DEFAULT_SERVER=yes"
    volumes:
      - ./analytics:/usr/src/app/analytics
      - ./cookies:/usr/src/app/cookies
      - ./logs:/usr/src/app/logs
      - ./main.py:/usr/src/app/main.py:ro

networks:
  services-net:
    external:
      name: services-net

After run my docker-compose, application are running, but when i tri to access twitchminer.local not working. I tried to run a nodejs service on port 3000 (same as your examples) and it works fine.

Logs

mybunkerized_1  | [2021-10-01 09:14:21] reload - INFO - reloading successful
mybunkerized_1  | 2021/10/01 09:14:21 [error] 13#13: [INIT] *NOT AN ERROR* loaded 1873203 IPs from /etc/nginx/proxies.list
mybunkerized_1  | 2021/10/01 09:14:21 [error] 13#13: [INIT] *NOT AN ERROR* loaded 214739 IPs from /etc/nginx/abusers.list
mybunkerized_1  | 2021/10/01 09:14:21 [error] 13#13: [INIT] *NOT AN ERROR* loaded 1204 IPs from /etc/nginx/tor-exit-nodes.list
mybunkerized_1  | 2021/10/01 09:14:21 [error] 13#13: [INIT] *NOT AN ERROR* loaded 1984 entries from /etc/nginx/user-agents.list
mybunkerized_1  | 2021/10/01 09:14:21 [error] 13#13: [INIT] *NOT AN ERROR* loaded 7079 entries from /etc/nginx/referrers.list
mybunkerized_1  | jsapp.local 172.18.0.1 - - [01/Oct/2021:09:14:46 +0000] "GET / HTTP/1.1" 200 17 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0"
mybunkerized_1  | jsapp.local 172.18.0.1 - - [01/Oct/2021:09:14:46 +0000] "GET /favicon.ico HTTP/1.1" 404 150 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0"
mybunkerized_1  | 2021/10/01 09:17:55 [error] 1845#1845: *68 connect() failed (111: Connection refused) while connecting to upstream, client: 172.18.0.1, server: twitchminer.local, request: "GET / HTTP/1.1", upstream: "http://172.18.0.4:5000/", host: "twitchminer.local"
mybunkerized_1  | twitchminer.local 172.18.0.1 - - [01/Oct/2021:09:17:55 +0000] "GET / HTTP/1.1" 502 532 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0"
mybunkerized_1  | 2021/10/01 09:17:55 [info] 1845#1845: *68 epoll_wait() reported that client prematurely closed connection, so upstream connection is closed too while connecting to upstream, client: 172.18.0.1, server: twitchminer.local, request: "GET /favicon.ico HTTP/1.1", upstream: "http://172.18.0.4:5000/favicon.ico", host: "twitchminer.local"
mybunkerized_1  | twitchminer.local 172.18.0.1 - - [01/Oct/2021:09:17:55 +0000] "GET /favicon.ico HTTP/1.1" 499 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0"
fl0ppy-d1sk commented 3 years ago

Hello @Sorrow81,

Looks like your Flask app is listening on 127.0.0.1. Can you try to make it listen on 0.0.0.0 instead ?

Sorrow81 commented 3 years ago

And yes, of course, if the server is running on 127.0.0.1, it can never be exposed for security reasons. Thanks for this reminder ;)