Skip to content

[Bug] Complete Breakdown when trying to use recaptcha #12

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
VilterPD opened this issue Sep 3, 2024 · 1 comment
Open

[Bug] Complete Breakdown when trying to use recaptcha #12

VilterPD opened this issue Sep 3, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@VilterPD
Copy link

VilterPD commented Sep 3, 2024

Current Behavior

Nginx Proxy Manager breaks down completely when trying to use captcha remediation with the default captcha.html.

Every Site shows Errorcode: SSL_ERROR_UNRECOGNIZED_NAME_ALERT when using https, and the standard page is shown when using http (force SSL and HSTS activated). When I remove myself from the decisions, back to normal.

Expected Behavior

Captcha being made, ban if unsuccessful, removal from list when successful.

Steps To Reproduce

Add recaptcha data to crowdsec-openresty-bouncer.conf (bottom), set to captcha.html.

then run sudo cscli decisions add -i <IP> -t captcha

Go to one of the proxies

Environment

  • OS: debian
  • OS version: bookworm
  • CPU: amd64
  • Docker version:Community Version: 27.2.0
  • Device model: Raspberry Pi 4
  • Browser/OS: Firefox/Windows

Container creation

version: '3.8'
services:
npm:
image: lepresidente/nginx-proxy-manager:latest
platform: linux/arm64
container_name: npm
restart: unless-stopped
ports:
- "80:8080"
- "443:4443"
- "81:8181"
volumes:
- data:/data
- letsencrypt:/etc/letsencrypt
environment:
DB_MYSQL_HOST: "-"
DB_MYSQL_PORT: -
DB_MYSQL_USER: "-"
DB_MYSQL_PASSWORD: "-"
DB_MYSQL_NAME: "npm"
networks:
- network

volumes:
data:
letsencrypt:

networks:
network:
driver: bridge

Container log

[cont-init   ] executing container initialization scripts...
[cont-init   ] 10-check-app-niceness.sh: executing...
[cont-init   ] 10-check-app-niceness.sh: terminated successfully.
[cont-init   ] 10-clean-logmonitor-states.sh: executing...
[cont-init   ] 10-clean-logmonitor-states.sh: terminated successfully.
[cont-init   ] 10-clean-tmp-dir.sh: executing...
[cont-init   ] 10-clean-tmp-dir.sh: terminated successfully.
[cont-init   ] 10-init-users.sh: executing...
[cont-init   ] 10-init-users.sh: terminated successfully.
[cont-init   ] 10-pkgs-mirror.sh: executing...
[cont-init   ] 10-pkgs-mirror.sh: terminated successfully.
[cont-init   ] 10-set-tmp-dir-perms.sh: executing...
[cont-init   ] 10-set-tmp-dir-perms.sh: terminated successfully.
[cont-init   ] 10-xdg-runtime-dir.sh: executing...
[cont-init   ] 10-xdg-runtime-dir.sh: terminated successfully.
[cont-init   ] 15-install-pkgs.sh: executing...
[cont-init   ] 15-install-pkgs.sh: terminated successfully.
[cont-init   ] 54-db-upgrade.sh: executing...
[cont-init   ] 54-db-upgrade.sh: terminated successfully.
[cont-init   ] 55-nginx-proxy-manager.sh: executing...
[cont-init   ] 55-nginx-proxy-manager.sh: Enabling IPV6 in hosts in: /etc/nginx/conf.d
[cont-init   ] 55-nginx-proxy-manager.sh: - /etc/nginx/conf.d/default.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /etc/nginx/conf.d/include/force-ssl.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /etc/nginx/conf.d/include/block-exploits.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /etc/nginx/conf.d/include/ssl-ciphers.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /etc/nginx/conf.d/include/proxy.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /etc/nginx/conf.d/include/log.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /etc/nginx/conf.d/include/assets.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /etc/nginx/conf.d/production.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /etc/nginx/conf.d/crowdsec_openresty.conf
[cont-init   ] 55-nginx-proxy-manager.sh: Enabling IPV6 in hosts in: /config/nginx
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/ip_ranges.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/resolvers.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/redirection_host/2.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/redirection_host/4.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/redirection_host/1.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/redirection_host/3.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/proxy_host/2.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/proxy_host/20.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/proxy_host/5.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/proxy_host/6.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/proxy_host/4.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/proxy_host/16.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/proxy_host/10.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/proxy_host/17.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/proxy_host/11.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/proxy_host/14.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/proxy_host/13.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/proxy_host/8.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/proxy_host/15.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/proxy_host/12.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/proxy_host/3.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/proxy_host/7.conf
[cont-init   ] 55-nginx-proxy-manager.sh: - /config/nginx/proxy_host/9.conf
[cont-init   ] 55-nginx-proxy-manager.sh: terminated successfully.
[cont-init   ] 85-take-config-ownership.sh: executing...
[cont-init   ] 85-take-config-ownership.sh: terminated successfully.
[cont-init   ] 89-info.sh: executing...
    ╭――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――╮
    │                                                                      │
    │ Application:           Nginx Proxy Manager                           │
    │ Application Version:   2.11.3                                        │
    │ Docker Image Version:  n/a                                           │
    │ Docker Image Platform: linux/arm64                                   │
    │                                                                      │
    ╰――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――╯
[cont-init   ] 89-info.sh: terminated successfully.
[cont-init   ] 99_crowdsec-openresty-bouncer.sh: executing...
[cont-init   ] 99_crowdsec-openresty-bouncer.sh: Deploy Crowdsec Openresty Bouncer..
[cont-init   ] 99_crowdsec-openresty-bouncer.sh: Patch crowdsec-openresty-bouncer.conf ..
[cont-init   ] 99_crowdsec-openresty-bouncer.sh: Deploy Crowdsec Templates ..
[cont-init   ] 99_crowdsec-openresty-bouncer.sh: terminated successfully.
[cont-init   ] all container initialization scripts executed.
[init        ] giving control to process supervisor.
[supervisor  ] loading services...
[supervisor  ] loading service 'default'...
[supervisor  ] loading service 'logrotate'...
[supervisor  ] service 'logrotate' is disabled.
[supervisor  ] loading service 'app'...
[supervisor  ] loading service 'nginx'...
[supervisor  ] loading service 'logmonitor'...
[supervisor  ] service 'logmonitor' is disabled.
[supervisor  ] loading service 'cert_cleanup'...
[supervisor  ] all services loaded.
[supervisor  ] starting services...
[supervisor  ] starting service 'nginx'...
[nginx       ] nginx: [alert] [lua] init_by_lua:11: [Crowdsec] Initialisation done
[supervisor  ] starting service 'app'...
[app         ] [9/3/2024] [2:41:50 PM] [Global   ] › ℹ  info      Using MySQL configuration
[supervisor  ] all services started.
[cert_cleanup] ----------------------------------------------------------
[cert_cleanup] Let's Encrypt certificates cleanup - 2024/09/03 14:41:51
[cert_cleanup] ----------------------------------------------------------
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-18/chain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-18/privkey1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-18/cert1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-18/fullchain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-26/chain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-26/privkey1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-26/cert1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-26/fullchain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-5/chain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-5/privkey1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-5/cert1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-5/fullchain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-4/chain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-4/privkey1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-4/cert1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-4/fullchain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-20/chain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-20/privkey1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-20/cert1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-20/fullchain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-3/chain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-3/privkey1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-3/cert1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-3/fullchain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-6/chain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-6/privkey1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-6/cert1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-6/fullchain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-28/chain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-28/privkey1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-28/cert1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-28/fullchain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-25/chain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-25/privkey1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-25/cert1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-25/fullchain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-19/chain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-19/privkey1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-19/cert1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-19/fullchain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-11/chain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-11/privkey1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-11/cert1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-11/fullchain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-7/chain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-7/privkey1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-7/cert1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-7/fullchain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-12/chain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-12/privkey1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-12/cert1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-12/fullchain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-1/chain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-1/privkey1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-1/cert1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-1/fullchain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-2/chain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-2/privkey1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-2/cert1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-2/fullchain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-13/chain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-13/privkey1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-13/cert1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-13/fullchain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-24/chain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-24/privkey1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-24/cert1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-24/fullchain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-8/chain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-8/privkey1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-8/cert1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-8/fullchain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-10/chain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-10/privkey1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-10/cert1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-10/fullchain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-23/chain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-23/privkey1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-23/cert1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-23/fullchain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-9/chain1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-9/privkey1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-9/cert1.pem.
[cert_cleanup] Keeping /etc/letsencrypt/archive/npm-9/fullchain1.pem.
[cert_cleanup] 84 file(s) kept.
[cert_cleanup] 0 file(s) deleted.
[app         ] [9/3/2024] [2:41:53 PM] [Migrate  ] › ℹ  info      Current database version: 20211108145214
[app         ] [9/3/2024] [2:41:54 PM] [Setup    ] › ℹ  info      Logrotate Timer initialized
[app         ] [9/3/2024] [2:41:54 PM] [Global   ] › ⬤  debug     CMD: logrotate -s /config/logrotate.status /etc/logrotate.d/nginx-proxy-manager
[app         ] [9/3/2024] [2:41:54 PM] [Setup    ] › ℹ  info      Logrotate completed.
[app         ] [9/3/2024] [2:41:54 PM] [IP Ranges] › ℹ  info      Fetching IP Ranges from online services...
[app         ] [9/3/2024] [2:41:54 PM] [IP Ranges] › ℹ  info      Fetching https://ip-ranges.amazonaws.com/ip-ranges.json
[app         ] [9/3/2024] [2:41:55 PM] [IP Ranges] › ℹ  info      Fetching https://www.cloudflare.com/ips-v4
[app         ] [9/3/2024] [2:41:56 PM] [IP Ranges] › ℹ  info      Fetching https://www.cloudflare.com/ips-v6
[app         ] [9/3/2024] [2:41:56 PM] [SSL      ] › ℹ  info      Let's Encrypt Renewal Timer initialized
[app         ] [9/3/2024] [2:41:56 PM] [SSL      ] › ℹ  info      Renewing SSL certs expiring within 30 days ...
[app         ] [9/3/2024] [2:41:56 PM] [IP Ranges] › ℹ  info      IP Ranges Renewal Timer initialized
[app         ] [9/3/2024] [2:41:56 PM] [Global   ] › ℹ  info      Backend PID 445 listening on port 3000 ...
[app         ] [9/3/2024] [2:41:56 PM] [SSL      ] › ℹ  info      Completed SSL cert renew process

Container inspect

No response

Anything else?

CAPTCHA_PROVIDER=recaptcha

Captcha Secret Key

SECRET_KEY=Key

Captcha Site key

SITE_KEY=Other Key
CAPTCHA_TEMPLATE_PATH=/data/crowdsec/templates/captcha.html
CAPTCHA_EXPIRATION=3600
@VilterPD VilterPD added the bug Something isn't working label Sep 3, 2024
@VilterPD
Copy link
Author

VilterPD commented Sep 3, 2024

Aaaand I found the solution myself. The captcha.html has to be inside /data/crowdsec/ or subfolders, otherwise chaos will ensue. Not sure why.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@VilterPD