search

deckerego / docmag

The web UI for Facile Search. Together with DocIndex, this UI can help you search the myriad of scanned documents you have been accumulating over the years. Using the power of Docker & Elasticsearch you can run a powerful search engine that lets you convert scanned (image-based) PDFs to searchable text, group documents by letterhead, run fuzzy searches by date and view document metadata.
https://github.com/deckerego/docmag/wiki
Mozilla Public License 2.0
4 stars 0 forks source link

docker-compose up -d fails to start modsecurity due to SSL-cache mutex creation failure #55

Open technicalpickles opened 3 weeks ago

technicalpickles commented 3 weeks ago

I'm trying to run locally using the method described on https://github.com/deckerego/docmag/wiki/Installing-DocMag-on-a-Single-Server

After running docker-compose up -d, I'm not able to access http://localhost:1080.

docker-compose ps doesn't show it running:

❯ docker-compose ps
WARN[0000] /Users/josh.nichols/workspace/docmag/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
NAME              IMAGE                           COMMAND                  SERVICE         CREATED          STATUS         PORTS
docidx            deckerego/docidx:latest         "java -Djava.library…"   docidx          22 minutes ago   Up 3 seconds
docmagui          deckerego/docmagui:latest       "java -jar docmagui.…"   docmagui        16 seconds ago   Up 3 seconds
elasticsearch01   deckerego/elasticsearch:5.6.8   "/bin/bash bin/es-do…"   elasticsearch   22 minutes ago   Up 4 seconds   9200/tcp, 9300/tcp

And docker-compose logs modsecurity shows:

modsecurity  | [Sat Oct 26 15:59:56.718267 2024] [core:emerg] [pid 26:tid 274924181376] (95)Operation not supported: AH00023: Couldn't create the ssl-cache mutex
modsecurity  | AH00016: Configuration Failed

Environment

Steps to Reproduce

  1. Run docker-compose up -d
  2. Check service status with docker-compose ps
  3. Observe that modsecurity service is not running
  4. Check logs with `docker-compose logs
technicalpickles commented 3 weeks ago

I did find the modsecurity image up on dockerhub: https://hub.docker.com/r/deckerego/modsecurity-crs ... but it's not clear what the source is, and the last update is 3 years ago

On further review of the repo, I found modsecurity/Dockerfile. It is just using another docker image, so I figure I could update the docker-compose.yml to use that.

It does successfully start, but instead of the port not being open, I get an empty response. Here are the logs from an updated modsecurity:

modsecurity  | /usr/local/bin/generate-certificate: generating new certificate
modsecurity  | Warning: No -copy_extensions given; ignoring any extensions in the request
modsecurity  | /usr/local/bin/generate-certificate: generated /usr/local/apache2/conf/server.key and /usr/local/apache2/conf/server.crt
modsecurity  | [Sat Oct 26 16:07:19.435224 2024] [ssl:error] [pid 1:tid 1] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: OU=MyUnit,O=MyOrg,L=NY,ST=NY,C=US,emailAddress=none@none.com,CN=localhost / issuer: OU=MyUnit,O=MyOrg,L=NY,ST=NY,C=US,emailAddress=none@none.com,CN=localhost / serial: 604B679157B7CD34AF258FB03499E30EF1F7D71A / notbefore: Oct 26 16:07:19 2024 GMT / notafter: Oct 26 16:07:19 2025 GMT]
modsecurity  | [Sat Oct 26 16:07:19.435284 2024] [ssl:error] [pid 1:tid 1] AH02604: Unable to configure certificate localhost:8443:0 for stapling
modsecurity  | [Sat Oct 26 16:07:19.435317 2024] [security2:notice] [pid 1:tid 1] ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/) configured.
modsecurity  | [Sat Oct 26 16:07:19.435319 2024] [security2:notice] [pid 1:tid 1] ModSecurity: APR compiled version="1.7.2"; loaded version="1.7.2"
modsecurity  | [Sat Oct 26 16:07:19.435320 2024] [security2:notice] [pid 1:tid 1] ModSecurity: PCRE compiled version="8.39 "; loaded version="8.39 2016-06-14"
modsecurity  | [Sat Oct 26 16:07:19.435321 2024] [security2:notice] [pid 1:tid 1] ModSecurity: LUA compiled version="Lua 5.3"
modsecurity  | [Sat Oct 26 16:07:19.435322 2024] [security2:notice] [pid 1:tid 1] ModSecurity: YAJL compiled version="2.1.0"
modsecurity  | [Sat Oct 26 16:07:19.435323 2024] [security2:notice] [pid 1:tid 1] ModSecurity: LIBXML compiled version="2.9.14"
modsecurity  | [Sat Oct 26 16:07:19.435323 2024] [security2:notice] [pid 1:tid 1] ModSecurity: Original server signature: Apache/2.4.62 (Unix) OpenSSL/3.0.14
modsecurity  | [Sat Oct 26 16:07:19.435324 2024] [security2:notice] [pid 1:tid 1] ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.
modsecurity  | [Sat Oct 26 16:07:19.465832 2024] [ssl:error] [pid 1:tid 1] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: OU=MyUnit,O=MyOrg,L=NY,ST=NY,C=US,emailAddress=none@none.com,CN=localhost / issuer: OU=MyUnit,O=MyOrg,L=NY,ST=NY,C=US,emailAddress=none@none.com,CN=localhost / serial: 604B679157B7CD34AF258FB03499E30EF1F7D71A / notbefore: Oct 26 16:07:19 2024 GMT / notafter: Oct 26 16:07:19 2025 GMT]
modsecurity  | [Sat Oct 26 16:07:19.465882 2024] [ssl:error] [pid 1:tid 1] AH02604: Unable to configure certificate localhost:8443:0 for stapling
modsecurity  | [Sat Oct 26 16:07:19.467784 2024] [mpm_event:notice] [pid 1:tid 1] AH00489: Apache/2.4.62 (Unix) OpenSSL/3.0.14 Apache configured -- resuming normal operations
modsecurity  | [Sat Oct 26 16:07:19.469689 2024] [core:notice] [pid 1:tid 1] AH00094: Command line: 'httpd -D FOREGROUND'
deckerego commented 3 weeks ago

Correct the image is getting old - I'm wondering if this issue is caused by either some code rust or modsecurity being updated recently. Will take a look this week!

deckerego commented 2 weeks ago

Quick update - haven't found steps to reproduce locally just yet, but that may just be due to the test harness I'm using. Will keep working on reproducing.