Trouble Setting up Web Interface With NGINX and uWSGI

[samuelkneppel]

Hello,

I am fairly new to Cuckoo Sandbox, but I was able to get a basic sandbox on version 2.0.6 up and running using the guide here: https://cuckoo.sh/docs/ on a 64-bit Ubuntu 18.04 VM on my ESXi host with nested virtualization.

I know this is not optimal, but it works. I plan on eventually figuring out how to setup the sandbox to use another VM on my ESXi host.

Either way, I am unable to access the web server via port 8000 outside of the VM.

I assumed this is by design. So, I started trying to set up the web interface with NGINX and uWSGI as explained on this page of your docs: https://cuckoo.sh/docs/usage/web.html#web-deployment.

However, after following all of the instructions as best I could, I still cannot access the web interface, Firefox just says it is "Unable to Connect."

Also, no logs are populating /var/log/uwsgi/app/ or /run/uwsgi, which leads me believe that either the uwsgi or nginx services are not even running even though they are when I run service --status-all.

My /etc/uwsgi/apps-available/cuckoo-web.ini looks like this:

plugins = python
virtualenv = /home/cuckoo/venv
module = cuckoo.web.web.wsgi
uid = cuckoo
gid = cuckoo
static-map = /static=/home/cuckoo/venv/local/lib/python2.7/site-packages/cuckoo/web/static
# If you're getting errors about the PYTHON_EGG_CACHE, then
# uncomment the following line and add some path that is
# writable from the defined user.
# env = PYTHON_EGG_CACHE=
env = CUCKOO_APP=web
env = `CUCKOO_CWD=/home/cuckoo/.cuckoo

And, my /etc/nginx/sites-available/cuckoo-web looks like this:

upstream _uwsgi_cuckoo_web {
    server unix:/run/uwsgi/app/cuckoo-web/socket;
}

server {
    listen localhost:8000;

    # Cuckoo Web Interface
    location / {
        client_max_body_size 1G;
        proxy_redirect off;
        proxy_set_header X-Forwarded-Proto $scheme;
        uwsgi_pass  _uwsgi_cuckoo_web;
        include     uwsgi_params;
    }
}

Are there any other relevant logs for me to check and see why this is not working?

Or am I missing something?

Any help would be much appreciated!

[RicoVZ]

Hi samuelkneppel,

Thanks for posting an issue.

Either way, I am unable to access the web server via port 8000 outside of the VM.

You are right, It is. :smile: This is the development server, by default it binds to localhost. You can change the IP it binds to though, by using the -H <someip> argument.

About uwsgi and nginx: As the log and /run/uwsgi socket are not available, I wonder if you enabled the uwsgi and nginx apps and then reloaded both services.

Did you use: sudo ln -s /etc/uwsgi/apps-available/cuckoo-web.ini /etc/uwsgi/apps-enabled/ sudo ln -s /etc/nginx/sites-available/cuckoo-web /etc/nginx/sites-enabled/

and these?

sudo service uwsgi reload sudo service nginx reload

[samuelkneppel]

RicoVZ,

Thanks for your response.

Yea, I figured as much.

So I did run the two sudo ln -s commands and started both uwsgi and nginx (which, I believe, reloads them if they were already started).

I also rebooted the VM multiple times and ran the start commands.

Sadly, it still does not work.

Do you think running the reload commands will make a difference in my case?

[RicoVZ]

@samuelkneppel

A full restart of the service should also start it. Still, no logs present in /var/log/uwsgi/app and in /var/log/nginx? What about a socket at /run/uwsgi/app?

What is the output of Cuckoo when you run cuckoo --debug web?

Oh, and I overlooked this first: in your nginx config, it is configured to only listen on localhost. To make it available to the outside, change localhost:8000; to <some IP you can connect to>:8000.

[samuelkneppel]

@RicoVZ

Alright, so I put in an IP address (192.168.1.101) in my cuckoo-web file and reloaded nginx.

Interestingly enough, when I tried to reload uwsgi, just for good measure, I received the below error:

cuckoo@CuckooSandbox:/var/log/nginx$ sudo service uwsgi reload
Job for uwsgi.service failed because the control process exited with error code.
See "systemctl status uwsgi.service" and "journalctl -xe" for details.
cuckoo@CuckooSandbox:/var/log/nginx$ systemctl status uwsgi.service
● uwsgi.service - LSB: Start/stop uWSGI server instance(s)
   Loaded: loaded (/etc/init.d/uwsgi; generated)
   Active: active (exited) (Result: exit-code) since Thu 2018-06-21 20:09:01 EDT; 1 day 17h ago
     Docs: man:systemd-sysv-generator(8)
  Process: 14857 ExecReload=/etc/init.d/uwsgi reload (code=exited, status=1/FAILURE)

Jun 23 13:10:37 CuckooSandbox systemd[1]: Reloading LSB: Start/stop uWSGI server instance(s).
Jun 23 13:10:37 CuckooSandbox uwsgi[14813]:  * Reloading app server(s) uwsgi
Jun 23 13:10:37 CuckooSandbox uwsgi[14813]:    ...fail!
Jun 23 13:10:37 CuckooSandbox systemd[1]: uwsgi.service: Control process exited, code=exited status=1
Jun 23 13:10:37 CuckooSandbox systemd[1]: Reload failed for LSB: Start/stop uWSGI server instance(s).
Jun 23 13:12:13 CuckooSandbox systemd[1]: Reloading LSB: Start/stop uWSGI server instance(s).
Jun 23 13:12:13 CuckooSandbox uwsgi[14857]:  * Reloading app server(s) uwsgi
Jun 23 13:12:13 CuckooSandbox uwsgi[14857]:    ...fail!
Jun 23 13:12:13 CuckooSandbox systemd[1]: uwsgi.service: Control process exited, code=exited status=1
Jun 23 13:12:13 CuckooSandbox systemd[1]: Reload failed for LSB: Start/stop uWSGI server instance(s).

If I run cuckoo --debug web, I get the following output:

(venv) cuckoo@CuckooSandbox:~$ cuckoo --debug web
Performing system checks...

System check identified no issues (0 silenced).
June 23, 2018 - 13:15:45
Django version 1.8.4, using settings 'cuckoo.web.web.settings'
Starting development server at http://localhost:8000/
Quit the server with CONTROL-C.

And I checked the log locations and only found the following logs:

cuckoo@CuckooSandbox:/var/log/nginx$ cat access.log
192.168.1.101 - - [23/Jun/2018:13:09:34 -0400] "GET / HTTP/1.1" 502 182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0"
192.168.1.101 - - [23/Jun/2018:13:09:35 -0400] "GET /favicon.ico HTTP/1.1" 502 182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0"
192.168.1.101 - - [23/Jun/2018:13:09:35 -0400] "GET /favicon.ico HTTP/1.1" 502 182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0"
192.168.1.101 - - [23/Jun/2018:13:09:36 -0400] "GET / HTTP/1.1" 502 182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0"
192.168.1.101 - - [23/Jun/2018:13:09:36 -0400] "GET / HTTP/1.1" 502 182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0"
192.168.1.101 - - [23/Jun/2018:13:09:37 -0400] "GET / HTTP/1.1" 502 182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0"
192.168.1.101 - - [23/Jun/2018:13:09:37 -0400] "GET / HTTP/1.1" 502 182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0"
192.168.1.101 - - [23/Jun/2018:13:12:23 -0400] "GET / HTTP/1.1" 502 182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0"

cuckoo@CuckooSandbox:/var/log/nginx$ cat access.log.1
127.0.0.1 - - [21/Jun/2018:20:24:56 -0400] "GET / HTTP/1.1" 200 396 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0"
127.0.0.1 - - [21/Jun/2018:20:24:56 -0400] "GET /favicon.ico HTTP/1.1" 404 152 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0"
127.0.0.1 - - [21/Jun/2018:20:24:56 -0400] "GET /favicon.ico HTTP/1.1" 404 152 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0"

cuckoo@CuckooSandbox:/var/log/nginx$ cat error.log
2018/06/23 13:09:14 [notice] 14786#14786: signal process started
2018/06/23 13:09:34 [crit] 14787#14787: *2 connect() to unix:/run/uwsgi/app/cuckoo-web/socket failed (2: No such file or directory) while connecting to upstream, client: 192.168.1.101, server: , request: "GET / HTTP/1.1", upstream: "uwsgi://unix:/run/uwsgi/app/cuckoo-web/socket:", host: "192.168.1.101:8000"
2018/06/23 13:09:35 [crit] 14787#14787: *2 connect() to unix:/run/uwsgi/app/cuckoo-web/socket failed (2: No such file or directory) while connecting to upstream, client: 192.168.1.101, server: , request: "GET /favicon.ico HTTP/1.1", upstream: "uwsgi://unix:/run/uwsgi/app/cuckoo-web/socket:", host: "192.168.1.101:8000"
2018/06/23 13:09:35 [crit] 14787#14787: *2 connect() to unix:/run/uwsgi/app/cuckoo-web/socket failed (2: No such file or directory) while connecting to upstream, client: 192.168.1.101, server: , request: "GET /favicon.ico HTTP/1.1", upstream: "uwsgi://unix:/run/uwsgi/app/cuckoo-web/socket:", host: "192.168.1.101:8000"
2018/06/23 13:09:36 [crit] 14787#14787: *2 connect() to unix:/run/uwsgi/app/cuckoo-web/socket failed (2: No such file or directory) while connecting to upstream, client: 192.168.1.101, server: , request: "GET / HTTP/1.1", upstream: "uwsgi://unix:/run/uwsgi/app/cuckoo-web/socket:", host: "192.168.1.101:8000"
2018/06/23 13:09:36 [crit] 14787#14787: *2 connect() to unix:/run/uwsgi/app/cuckoo-web/socket failed (2: No such file or directory) while connecting to upstream, client: 192.168.1.101, server: , request: "GET / HTTP/1.1", upstream: "uwsgi://unix:/run/uwsgi/app/cuckoo-web/socket:", host: "192.168.1.101:8000"
2018/06/23 13:09:37 [crit] 14787#14787: *2 connect() to unix:/run/uwsgi/app/cuckoo-web/socket failed (2: No such file or directory) while connecting to upstream, client: 192.168.1.101, server: , request: "GET / HTTP/1.1", upstream: "uwsgi://unix:/run/uwsgi/app/cuckoo-web/socket:", host: "192.168.1.101:8000"
2018/06/23 13:09:37 [crit] 14787#14787: *2 connect() to unix:/run/uwsgi/app/cuckoo-web/socket failed (2: No such file or directory) while connecting to upstream, client: 192.168.1.101, server: , request: "GET / HTTP/1.1", upstream: "uwsgi://unix:/run/uwsgi/app/cuckoo-web/socket:", host: "192.168.1.101:8000"
2018/06/23 13:12:23 [crit] 14787#14787: *10 connect() to unix:/run/uwsgi/app/cuckoo-web/socket failed (2: No such file or directory) while connecting to upstream, client: 192.168.1.101, server: , request: "GET / HTTP/1.1", upstream: "uwsgi://unix:/run/uwsgi/app/cuckoo-web/socket:", host: "192.168.1.101:8000"

I did not find any logs in the directory /var/log/uwsgi/app/ and I did not find the directory /run/uwsgi.

Also, when I go to http://192.168.1.101:8000

I get a 502 Bad Gateway error with the subtitle nginx/1.14.0 (Ubuntu) underneath it.

So, my guess is that something is wrong with my uwsgi setup somewhere, but I am not sure what it is.

I have never worked with uwsgi or nginx before, so it is very possible that this is a simple thing that I have overlooked.

[doomedraven]

restart uwsgi and than nginx, the order is important,

• does this file exist on host? /run/uwsgi/app/cuckoo-web/socketand if does, which permission it has?

also it Loaded: loaded (/etc/init.d/uwsgi; generated) <- loaded not started, should be Active: active (running)

[samuelkneppel]

@doomedraven

No, the director /run/uwsgi does not exist actually, which is strange.

And I initially tried reloading uwsgi first, then nginx.

If I tried to reload uwsgi now, I still get the same error as above:

cuckoo@CuckooSandbox:~$ sudo service uwsgi reload
Job for uwsgi.service failed because the control process exited with error code.
See "systemctl status uwsgi.service" and "journalctl -xe" for details.

cuckoo@CuckooSandbox:~$ systemctl status uwsgi.service
● uwsgi.service - LSB: Start/stop uWSGI server instance(s)
   Loaded: loaded (/etc/init.d/uwsgi; generated)
   Active: active (exited) (Result: exit-code) since Thu 2018-06-21 20:09:01 EDT; 1 day 19h ago
     Docs: man:systemd-sysv-generator(8)
  Process: 15533 ExecReload=/etc/init.d/uwsgi reload (code=exited, status=1/FAILURE)

Jun 23 15:22:06 CuckooSandbox systemd[1]: Reloading LSB: Start/stop uWSGI server instance(s).
Jun 23 15:22:06 CuckooSandbox uwsgi[15459]:  * Reloading app server(s) uwsgi
Jun 23 15:22:06 CuckooSandbox uwsgi[15459]:    ...fail!
Jun 23 15:22:06 CuckooSandbox systemd[1]: uwsgi.service: Control process exited, code=exited status=1
Jun 23 15:22:06 CuckooSandbox systemd[1]: Reload failed for LSB: Start/stop uWSGI server instance(s).
Jun 23 15:25:11 CuckooSandbox systemd[1]: Reloading LSB: Start/stop uWSGI server instance(s).
Jun 23 15:25:11 CuckooSandbox uwsgi[15533]:  * Reloading app server(s) uwsgi
Jun 23 15:25:11 CuckooSandbox uwsgi[15533]:    ...fail!
Jun 23 15:25:11 CuckooSandbox systemd[1]: uwsgi.service: Control process exited, code=exited status=1
Jun 23 15:25:11 CuckooSandbox systemd[1]: Reload failed for LSB: Start/stop uWSGI server instance(s).

Is it possible that the fact that I initially installed the sandbox in a virtual environment (venv) but have been making the changes for uwsgi and nginx outside of venv have anything to do with my issue?

[doomedraven]

you should investigate here journalctl -xe there should be extra details about what is wrong <-

also what about ps aux| grep uwsgi something reload fails bcz there is uwsgi running with emperor

[doomedraven]

uwsgi and nginx don't have nothign to see with venv

[samuelkneppel]

@doomedraven

journalctl -xe shows the follwoing:

Jun 23 15:54:20 CuckooSandbox sudo[15771]:   cuckoo : TTY=pts/0 ; PWD=/home/cuckoo ; USER=root ; COMMAND=/usr/sbin/service uwsgi reload
Jun 23 15:54:20 CuckooSandbox sudo[15771]: pam_unix(sudo:session): session opened for user root by cuckoo(uid=0)
Jun 23 15:54:20 CuckooSandbox systemd[1]: Reloading LSB: Start/stop uWSGI server instance(s).
-- Subject: Unit uwsgi.service has begun reloading its configuration
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- Unit uwsgi.service has begun reloading its configuration
Jun 23 15:54:20 CuckooSandbox uwsgi[15778]:  * Reloading app server(s) uwsgi
Jun 23 15:54:20 CuckooSandbox uwsgi[15778]:    ...fail!
Jun 23 15:54:20 CuckooSandbox systemd[1]: uwsgi.service: Control process exited, code=exited status=1
Jun 23 15:54:20 CuckooSandbox systemd[1]: Reload failed for LSB: Start/stop uWSGI server instance(s).
-- Subject: Unit uwsgi.service has finished reloading its configuration
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- Unit uwsgi.service has finished reloading its configuration
--
-- The result is RESULT.
Jun 23 15:54:20 CuckooSandbox sudo[15771]: pam_unix(sudo:session): session closed for user root

I am not exactly sure what you mean by your second sentence, but here is the output of ps aux | grep uwsgi: cuckoo 15819 0.0 0.0 21536 1076 pts/0 S+ 15:55 0:00 grep --color=auto uwsgi.

[doomedraven]

it was about this http://uwsgi-docs.readthedocs.io/en/latest/Emperor.html

can you try to execute uwsgi like this uwsgi --ini path_to_config.ini ?

[samuelkneppel]

@doomedraven

Ah, ok, thanks for the clarification on what Emperor is.

As far as I am aware, I am not using Emperor.

I also ran uwsgi --ini /etc/uwsgi/apps-available/cuckoo-web.ini and initially ran into an error which showed me that I was missing the [uwsgi] tag in my ini file.

I added that, ran that command again, and received the following output:

[uWSGI] getting INI configuration from /etc/uwsgi/apps-available/cuckoo-web.ini
[uwsgi-static] added mapping for /static => /home/cuckoo/venv/local/lib/python2.7/site-packages/cuckoo/web/static
*** Starting uWSGI 2.0.15-debian (64bit) on [Sat Jun 23 16:07:51 2018] ***
compiled with version: 7.3.0 on 01 March 2018 10:02:30
os: Linux-4.15.0-23-generic #25-Ubuntu SMP Wed May 23 18:02:16 UTC 2018
nodename: CuckooSandbox
machine: x86_64
clock source: unix
pcre jit disabled
detected number of CPU cores: 4
current working directory: /run/uwsgi/app/cuckoo-web
detected binary path: /usr/bin/uwsgi-core
dropping root privileges as early as possible
*** WARNING: you are running uWSGI without its master process manager ***
your processes number limit is 15549
your memory page size is 4096 bytes
detected max file descriptor number: 1024
building mime-types dictionary from file /etc/mime.types...554 entry found
lock engine: pthread robust mutexes
thunder lock: disabled (you can enable it with --thunder-lock)
dropping root privileges after socket binding
dropping root privileges after plugin initialization
The -s/--socket option is missing and stdin is not a socket.

I also noticed that now, when I try to go to https://192.168.1.101:8000 in my browser, I get an Internal Server Error now.

[doomedraven]

what if you change socket file to port?

https://uwsgi-docs.readthedocs.io/en/latest/WSGIquickstart.html#putting-behind-a-full-webserver and use proxy in nginx?

maybe that will help you catch what is wrong

[samuelkneppel]

@doomedraven

To be honest, I am not sure how to do that.

I would like to figure out why I cannot figure out how to get this to work with your documentation.

I am running into the exact same issues trying to set up uwsgi and nginx on another physical computer running the latest cuckoo version as well.

Could the fact that I am using cuckoo rooter instead of the old way of routing have anything to do with this maybe?

[doomedraven]

Nop that isnt related, routed is for vms only, well sorry i cant help more im on vacations and only with phone

[samuelkneppel]

@doomedraven

No worries, enjoy your vacation.

If anyone else has any suggestions please let me know!

[pchandran]

Did your error got resolved ?

[samuelkneppel]

@pchandran Unfortunately no, do you have any suggestions?

[pchandran]

I also have the same error. I could not resolve it.

[pchandran]

Can anyone can help me with this issue. I am stuck with the same issue. I could not create any new issue that's why replying in this same post. any help will be really appreciated.

[doomedraven]

solved?

[samuelkneppel]

No, but I haven't really had time to work on this in awhile. I plan on getting back to it eventually though

[k41zen]

I have exactly the same issue here. Without uwsgi and Nginx all works manually starting rooter, cuckoo and the web interface. As soon as I follow the steps to install uwsgi and Nginx to the letter I get a 502 time and time again. I uninstall it, reboot and try again but always have the same result.

[0xtornado]

Hello guys, have you checked the log file /var/log/uwsgi/app/cuckoo-web.log ? Check if you have any plugin errors in the log file, if so, you should install uwsgi-plugin-python :) Everything should work after installing this plugin and restarting the two services.

[samuelkneppel]

@0xtornado Interestingly enough, I restarted nginx and uwsgi after starting up Cuckoo Rooter and Cuckoo itself, and it seems to have started working.

Back when I first posted this, I was using Ubuntu 18.04. Now I am running on 16.04, the recommended version. Not sure if that is relevant, but this is working for me now.

Thanks everyone for your help with this!

[wbond]

I was running into this exact issue (uwsgi not starting with Ubuntu 18.04) on an unrelated project, but I ended up having to restart the server to get uwsgi to start properly. I was never able to find any logs for the uwsgi service to explain what was going on, and the individual apps never started, so they wrote no log files.

[Suhaila123]

hey i got same issues here.. any solution ?

[samuelkneppel]

Closing this because my issue was resolved by re-following the instructions in the documentation. I can confirm that this is working with Cuckoo on Ubuntu 19.04.