Nginx configuration problem?

[mbrozzo]

Hello, I am doing a university project and I was advised to use this container. I thought it was working fine, but tonight when I tried it and I accessed the modsecurity port, I got this:

So I tried using a very very simple docker-compose.yml (please check if I have made any mistakes in the compose file):

version: "3"

networks:
  gitea:
    external: false

services:
  modsecurity-crs:
    image: owasp/modsecurity-crs:3.3.2-nginx
    # hostname: modsecurity-crs
    ports: 
      - "8000:80"
    environment:
      - "BACKEND=http://whoami"
      - SERVERNAME=gitea_server
      - PORT=80
    networks:
      - gitea
    depends_on:
       - whoami
    # logging:
    #   driver: loki
    #   options:
    #     loki-url: http://localhost:3100/loki/api/v1/push

  whoami:
    image: "traefik/whoami"
    # hostname: whoami
    ports: 
      - "80:80"
    networks:
      - gitea

I still get the same response from modsecurity (port 8000), while whoami works fine (port 80).

Here are the modsecurity logs, but I think they are useless:

2022/04/13 23:04:52 [notice] 1#1: ModSecurity-nginx v1.0.2 (rules loaded inline/local/remote: 0/0/0)
172.21.0.1 - - [13/Apr/2022:23:04:59 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.68.0"
192.168.100.1 - - [13/Apr/2022:23:06:48 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
192.168.100.1 - - [13/Apr/2022:23:06:48 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
192.168.100.1 - - [13/Apr/2022:23:06:48 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
192.168.100.1 - - [13/Apr/2022:23:06:48 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
192.168.100.1 - - [13/Apr/2022:23:06:48 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
192.168.100.1 - - [13/Apr/2022:23:06:49 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
192.168.100.1 - - [13/Apr/2022:23:06:49 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
192.168.100.1 - - [13/Apr/2022:23:06:49 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
192.168.100.1 - - [13/Apr/2022:23:06:49 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
192.168.100.1 - - [13/Apr/2022:23:06:49 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
192.168.100.1 - - [13/Apr/2022:23:06:49 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
192.168.100.1 - - [13/Apr/2022:23:06:50 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
192.168.100.1 - - [13/Apr/2022:23:06:50 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
192.168.100.1 - - [13/Apr/2022:23:06:50 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
192.168.100.1 - - [13/Apr/2022:23:06:50 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
192.168.100.1 - - [13/Apr/2022:23:06:51 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
2022/04/13 23:06:51 [error] 29#29: *2 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 192.168.100.1, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "192.168.100.11:8000", referrer: "http://192.168.100.11:8000/"
192.168.100.1 - - [13/Apr/2022:23:06:51 +0000] "GET /favicon.ico HTTP/1.1" 404 555 "http://192.168.100.11:8000/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
192.168.100.1 - - [13/Apr/2022:23:06:51 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
2022/04/13 23:06:51 [error] 29#29: *2 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 192.168.100.1, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "192.168.100.11:8000", referrer: "http://192.168.100.11:8000/"
192.168.100.1 - - [13/Apr/2022:23:06:51 +0000] "GET /favicon.ico HTTP/1.1" 404 555 "http://192.168.100.11:8000/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
192.168.100.1 - - [13/Apr/2022:23:06:52 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
192.168.100.1 - - [13/Apr/2022:23:06:52 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
192.168.100.1 - - [13/Apr/2022:23:06:52 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
2022/04/13 23:06:52 [error] 29#29: *3 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 192.168.100.1, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "192.168.100.11:8000", referrer: "http://192.168.100.11:8000/"
192.168.100.1 - - [13/Apr/2022:23:06:52 +0000] "GET /favicon.ico HTTP/1.1" 404 555 "http://192.168.100.11:8000/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
192.168.100.1 - - [13/Apr/2022:23:06:52 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
2022/04/13 23:06:52 [error] 29#29: *3 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 192.168.100.1, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "192.168.100.11:8000", referrer: "http://192.168.100.11:8000/"
192.168.100.1 - - [13/Apr/2022:23:06:52 +0000] "GET /favicon.ico HTTP/1.1" 404 555 "http://192.168.100.11:8000/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
192.168.100.1 - - [13/Apr/2022:23:06:52 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
2022/04/13 23:06:52 [error] 29#29: *3 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 192.168.100.1, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "192.168.100.11:8000", referrer: "http://192.168.100.11:8000/"
192.168.100.1 - - [13/Apr/2022:23:06:52 +0000] "GET /favicon.ico HTTP/1.1" 404 555 "http://192.168.100.11:8000/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"

I tried entering the container to read the /var/log/nginx/error.log but cat does not seem to work and there are no tail, nano or vi installed.

EDIT: I know this might be a mistake on my part in configuring the container, sorry if that is the case.

[floriannadaud]

Hi there 👋

We are having the same issue since someone has override the 3.3.2-nginx image tag

Our current workaround is to use a previous image digest form the 3.3.2-nginx tag:
owasp/modsecurity-crs@sha256:ce648dd5fd0d250f6505299a47a532e50bcde02366888ef5924dea27f65cba7b

IMO the published tags should not be overridden

[limemdhafer19]

Same problem here !!!

[mbrozzo]

Hi there 👋

We are having the same issue since someone has override the 3.3.2-nginx image tag

Our current workaround is to use a previous image digest form the 3.3.2-nginx tag: owasp/modsecurity-crs@sha256:ce648dd5fd0d250f6505299a47a532e50bcde02366888ef5924dea27f65cba7b

IMO the published tags should not be overridden

Definitely a bad idea to overwrite the tag! Thank you for the workaround, I will try it when I have time.

[theseion]

Thanks for reporting this. I noticed the same today by chance. We'll look into it.

[theseion]

An issue with this image was fixed in #62. Can you force pull and check whether your issue persists?

[theseion]

Closing this as duplicate of #72, and considering it addressed in #67.

[mbrozzo]

Closing this as duplicate of #72, and considering it addressed in #67.

I have pulled the new image from docker hub but I am still getting the same problem. Am I missing something?

EDIT: I am dumb, when you said it was addressed I thought you meant it was solved. I see that the issue is still open though.

[theseion]

Sorry. I meant to write that overwriting of image tags should be addressed by #67.