Getting HTTP error 503 when trying to retrieve feeds

[regulartim]

On a fresh GreedyBear installation (main branch) I regularly get HTTP error 503. This happens about every other request I make on both the feeds page and on the API. Switching to the local development configuration in the .env file resolves the issue.

[mlodic]

Do you have any logs generated by GB? You can find them in the console if you executed it without -d option, or in the var/lib/docker/volumes/greedybear_x folders.

[regulartim]

There is nothing about the error in the logs in greedybear_generic_logs/_data/. But the nginx logs might be interesting:

greedybear_nginx_logs/_data/access.log

127.0.0.1 - - [11/Dec/2024:07:30:40 +0000] "GET /hc HTTP/1.1" 200 0 "-" "curl/8.9.0" "-"
127.0.0.1 - - [11/Dec/2024:07:30:43 +0000] "GET /hc HTTP/1.1" 200 0 "-" "curl/8.9.0" "-"
127.0.0.1 - - [11/Dec/2024:07:30:46 +0000] "GET /hc HTTP/1.1" 200 0 "-" "curl/8.9.0" "-"
127.0.0.1 - - [11/Dec/2024:07:30:49 +0000] "GET /hc HTTP/1.1" 200 0 "-" "curl/8.9.0" "-"
127.0.0.1 - - [11/Dec/2024:07:30:52 +0000] "GET /hc HTTP/1.1" 200 0 "-" "curl/8.9.0" "-"
127.0.0.1 - - [11/Dec/2024:07:30:55 +0000] "GET /hc HTTP/1.1" 200 0 "-" "curl/8.9.0" "-"
127.0.0.1 - - [11/Dec/2024:07:30:58 +0000] "GET /hc HTTP/1.1" 200 0 "-" "curl/8.9.0" "-"
172.18.0.1 - - [11/Dec/2024:07:31:01 +0000] "GET / HTTP/1.1" 200 725 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0" "-"
172.18.0.1 - - [11/Dec/2024:07:31:01 +0000] "GET /static/reactapp/static/js/main.37e90053.js HTTP/1.1" 200 1313064 "http://localhost/" "Mozilla/5.0 (X11; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0" "-"
172.18.0.1 - - [11/Dec/2024:07:31:01 +0000] "GET /static/reactapp/static/css/main.9f5f6c7f.css HTTP/1.1" 200 279318 "http://localhost/" "Mozilla/5.0 (X11; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0" "-"
127.0.0.1 - - [11/Dec/2024:07:31:01 +0000] "GET /hc HTTP/1.1" 200 0 "-" "curl/8.9.0" "-"
172.18.0.1 - - [11/Dec/2024:07:31:02 +0000] "GET /static/reactapp/static/css/687.d3ec8328.chunk.css HTTP/1.1" 200 494 "http://localhost/" "Mozilla/5.0 (X11; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0" "-"
172.18.0.1 - - [11/Dec/2024:07:31:02 +0000] "GET /static/reactapp/static/js/687.69ac8067.chunk.js HTTP/1.1" 200 1572 "http://localhost/" "Mozilla/5.0 (X11; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0" "-"
172.18.0.1 - - [11/Dec/2024:07:31:02 +0000] "GET /static/reactapp/greedybear.png HTTP/1.1" 200 296154 "http://localhost/" "Mozilla/5.0 (X11; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0" "-"
172.18.0.1 - - [11/Dec/2024:07:31:02 +0000] "GET /static/reactapp/logo192.png HTTP/1.1" 404 34 "http://localhost/" "Mozilla/5.0 (X11; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0" "-"
172.18.0.1 - - [11/Dec/2024:07:31:02 +0000] "GET /static/reactapp/favicon.ico HTTP/1.1" 200 48413 "http://localhost/" "Mozilla/5.0 (X11; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0" "-"
172.18.0.1 - - [11/Dec/2024:07:31:02 +0000] "GET /api/auth/authentication HTTP/1.1" 401 58 "http://localhost/" "Mozilla/5.0 (X11; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0" "-"
172.18.0.1 - - [11/Dec/2024:07:31:04 +0000] "GET /static/reactapp/static/js/506.ba268966.chunk.js HTTP/1.1" 200 34484 "http://localhost/feeds" "Mozilla/5.0 (X11; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0" "-"
172.18.0.1 - - [11/Dec/2024:07:31:04 +0000] "GET /static/reactapp/static/js/651.d4448d79.chunk.js HTTP/1.1" 200 3503 "http://localhost/feeds" "Mozilla/5.0 (X11; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0" "-"
172.18.0.1 - - [11/Dec/2024:07:31:04 +0000] "GET /static/reactapp/static/js/578.112c3779.chunk.js HTTP/1.1" 200 610 "http://localhost/feeds" "Mozilla/5.0 (X11; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0" "-"
172.18.0.1 - - [11/Dec/2024:07:31:04 +0000] "GET /static/reactapp/static/js/237.6fb883ce.chunk.js HTTP/1.1" 200 3884 "http://localhost/feeds" "Mozilla/5.0 (X11; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0" "-"
127.0.0.1 - - [11/Dec/2024:07:31:04 +0000] "GET /hc HTTP/1.1" 200 0 "-" "curl/8.9.0" "-"
172.18.0.1 - - [11/Dec/2024:07:31:05 +0000] "GET /api/feeds?page_size=10&page=1&feed_type=all&attack_type=all&age=recent HTTP/1.1" 301 5 "http://localhost/feeds?page=1" "Mozilla/5.0 (X11; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0" "-"
172.18.0.1 - - [11/Dec/2024:07:31:05 +0000] "GET /api/feeds/?page_size=10&page=1&feed_type=all&attack_type=all&age=recent HTTP/1.1" 503 56 "http://localhost/feeds?page=1" "Mozilla/5.0 (X11; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0" "-"
172.18.0.1 - - [11/Dec/2024:07:31:05 +0000] "GET /api/auth/authentication HTTP/1.1" 401 58 "http://localhost/feeds" "Mozilla/5.0 (X11; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0" "-"
172.18.0.1 - - [11/Dec/2024:07:31:05 +0000] "GET /api/general_honeypot?onlyActive=true HTTP/1.1" 200 187 "http://localhost/feeds?page=1" "Mozilla/5.0 (X11; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0" "-"
172.18.0.1 - - [11/Dec/2024:07:31:05 +0000] "GET /api/auth/authentication HTTP/1.1" 401 58 "http://localhost/feeds?page=1" "Mozilla/5.0 (X11; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0" "-"
127.0.0.1 - - [11/Dec/2024:07:31:08 +0000] "GET /hc HTTP/1.1" 200 0 "-" "curl/8.9.0" "-"

greedybear_nginx_logs/_data/error.log

2024/12/11 07:30:35 [notice] 1#1: using the "epoll" event method
2024/12/11 07:30:35 [notice] 1#1: nginx/1.27.0
2024/12/11 07:30:35 [notice] 1#1: built by gcc 13.2.1 20231014 (Alpine 13.2.1_git20231014) 
2024/12/11 07:30:35 [notice] 1#1: OS: Linux 6.12.4-arch1-1
2024/12/11 07:30:35 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1024:524288
2024/12/11 07:30:35 [notice] 1#1: start worker processes
2024/12/11 07:30:35 [notice] 1#1: start worker process 20
2024/12/11 07:30:35 [notice] 1#1: start worker process 21
2024/12/11 07:30:35 [notice] 1#1: start worker process 22
2024/12/11 07:30:35 [notice] 1#1: start worker process 23
2024/12/11 07:30:35 [notice] 1#1: start cache manager process 24
2024/12/11 07:30:35 [notice] 1#1: start cache loader process 25
2024/12/11 07:31:02 [error] 20#20: *10 open() "/var/www/static/reactapp/logo192.png" failed (2: No such file or directory), client: 172.18.0.1, server: localhost, request: "GET /static/reactapp/logo192.png HTTP/1.1", host: "localhost", referrer: "http://localhost/"
2024/12/11 07:31:05 [error] 21#21: *15 limiting requests, excess: 0.926 by zone "adminlimit", client: 172.18.0.1, server: localhost, request: "GET /api/feeds/?page_size=10&page=1&feed_type=all&attack_type=all&age=recent HTTP/1.1", host: "localhost", referrer: "http://localhost/feeds?page=1"
2024/12/11 07:31:08 [notice] 1#1: signal 3 (SIGQUIT) received, shutting down
2024/12/11 07:31:08 [notice] 21#21: gracefully shutting down
2024/12/11 07:31:08 [notice] 22#22: gracefully shutting down
2024/12/11 07:31:08 [notice] 22#22: exiting
2024/12/11 07:31:08 [notice] 21#21: exiting
2024/12/11 07:31:08 [notice] 22#22: exit
2024/12/11 07:31:08 [notice] 21#21: exit
2024/12/11 07:31:08 [notice] 20#20: gracefully shutting down
2024/12/11 07:31:08 [notice] 20#20: exiting
2024/12/11 07:31:08 [notice] 20#20: exit
2024/12/11 07:31:08 [notice] 23#23: gracefully shutting down
2024/12/11 07:31:08 [notice] 23#23: exiting
2024/12/11 07:31:08 [notice] 24#24: exiting
2024/12/11 07:31:08 [notice] 23#23: exit
2024/12/11 07:31:08 [notice] 25#25: exiting
2024/12/11 07:31:08 [notice] 1#1: signal 17 (SIGCHLD) received from 25
2024/12/11 07:31:08 [notice] 1#1: cache loader process 25 exited with code 0
2024/12/11 07:31:08 [notice] 1#1: signal 29 (SIGIO) received
2024/12/11 07:31:08 [notice] 1#1: signal 17 (SIGCHLD) received from 20
2024/12/11 07:31:08 [notice] 1#1: worker process 20 exited with code 0
2024/12/11 07:31:08 [notice] 1#1: worker process 21 exited with code 0
2024/12/11 07:31:08 [notice] 1#1: worker process 23 exited with code 0
2024/12/11 07:31:08 [notice] 1#1: cache manager process 24 exited with code 0
2024/12/11 07:31:08 [notice] 1#1: signal 29 (SIGIO) received
2024/12/11 07:31:08 [notice] 1#1: signal 17 (SIGCHLD) received from 23
2024/12/11 07:31:08 [notice] 1#1: signal 17 (SIGCHLD) received from 22
2024/12/11 07:31:08 [notice] 1#1: worker process 22 exited with code 0
2024/12/11 07:31:08 [notice] 1#1: exit

Does the line 2024/12/11 07:31:02 [error] 20#20: *10 open() "/var/www/static/reactapp/logo192.png" failed (2: No such file or directory), client: 172.18.0.1, server: localhost, request: "GET /static/reactapp/logo192.png HTTP/1.1", host: "localhost", referrer: "http://localhost/" in the error log suggest that the issue is due to rate limiting?

[mlodic]

I think you meant this line

2024/12/11 07:31:05 [error] 21#21: *15 limiting requests, excess: 0.926 by zone "adminlimit", client: 172.18.0.1, server: localhost, request: "GET /api/feeds/?page_size=10&page=1&feed_type=all&attack_type=all&age=recent HTTP/1.1", host: "localhost", referrer: "http://localhost/feeds?page=1"

and yes, there is this line here in the nginx config

limit_req_zone $binary_remote_addr zone=adminlimit:10m rate=5r/m;

You can find it in the http config only cause in the https one was removed cause was useless in the actual Honeynet instance cause Cloudflare was already doing that

[regulartim]

Yes, of course. Should we also remove it in the http conf or at least change it to a more permissive value? Because it's not like I'm spam-clicking stuff in the application, this happens on normal usage.

[mlodic]

I think you can completely remove it without any problem