[BUG] 500 Internal Server Error with crowdsec appsec functionality

[alleyu2]

Is there an existing issue for this?

• I have searched the existing issues

Name of mod

CrowdSec - Docker mod for SWAG

Name of base container

SWAG

Current Behavior

500 Internal Server Error

Expected Behavior

No response

Steps To Reproduce

enable appsec in SWAG crowdsec docker mods

Environment

- OS:Debian 12
- How docker service was installed: Debian repo

CPU architecture

x86-64

Docker creation

version: "3"
services:
  crowdsec:
    image: docker.io/crowdsecurity/crowdsec:latest-debian
    container_name: crowdsec
    environment:
      - GID=0
      - COLLECTIONS=crowdsecurity/nginx crowdsecurity/http-cve crowdsecurity/whitelist-good-actors crowdsecurity/http-dos LePresidente/jellyfin LePresidente/ombi crowdsecurity/nextcloud LePresidente/jellyseerr thespad/sshesame crowdsecurity/appsec-virtual-patching
      - CUSTOM_HOSTNAME=Server.Linux
      - TZ=America/Los_Angeles
    ports:
      - 8080:8080
      - 6060:6060
      - 4242:4242
    volumes:
      - /opt/crowdsec/config:/etc/crowdsec:rw
      - /opt/crowdsec/data:/var/lib/crowdsec/data:rw
      - /opt/swag/log/nginx:/var/log/swag:ro
      - /var/lib/docker/volumes/nextcloud_aio_nextcloud/_data/data/:/var/log/nextcloud:ro 
      - /var/log:/var/log/host:ro    
      - /var/log/journal:/run/log/journal:ro
      - /opt/ombi/Logs:/var/log/ombi:ro
      - /opt/jellyseerr/config/logs:/var/log/jellyseerr:ro
      - /opt/sshesame:/var/log/sshesame:ro
    restart: unless-stopped
    security_opt:
      - no-new-privileges=true
  
  swag:
    image: lscr.io/linuxserver/swag
    container_name: swag
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=America/Los_Angeles
      - URL=xxx
      - SUBDOMAINS=wildcard
      - VALIDATION=duckdns
      - CERTPROVIDER= #optional
      - DNSPLUGIN=cloudflare #optional
      - DUCKDNSTOKEN=xx
      - EMAIL=xx
      - ONLY_SUBDOMAINS=false #optional
      - EXTRA_DOMAINS= #optional
      - STAGING=false #optional
      - DOCKER_MODS=linuxserver/mods:swag-crowdsec|linuxserver/mods:swag-dashboard|linuxserver/mods:swag-auto-reload
      - DOCKER_MODS_DEBUG=false
      - CROWDSEC_API_KEY= xx
      - CROWDSEC_LAPI_URL=http://crowdsec:8080
      - CROWDSEC_F2B_DISABLE=true
      - CROWDSEC_CAPTCHA_PROVIDER=recaptcha
      - CROWDSEC_SITE_KEY=xx
      - CROWDSEC_SECRET_KEY=xx
      - CROWDSEC_APPSEC_URL=http://crowdsec:4242
    depends_on:
     - crowdsec
    volumes:
      - /opt/swag:/config
    ports:
      - 443:443
      - 80:80
      - 81:81
    restart: unless-stopped
    security_opt:
      - no-new-privileges=true

Container logs

2024/02/20 14:23:40 [alert] 540#540: [lua] crowdsec_nginx.conf:4):8: [Crowdsec] Initialisation done
2024/02/20 14:31:40 [error] 544#544: [lua] crowdsec.lua:99: init(): APPSEC is enabled on 'crowdsec:4242'
2024/02/20 14:31:40 [alert] 544#544: [lua] crowdsec_nginx.conf:4):8: [Crowdsec] Initialisation done
2024/02/20 14:31:47 [error] 592#592: *1 connect() failed (111: Connection refused), client: 192.168.31.179, server: _, request: "GET / HTTP/1.1", host: "192.168.31.170:81"
2024/02/20 14:31:47 [error] 592#592: *1 [lua] crowdsec.lua:542: AppSecCheck(): Fallback because of err: connection refused, client: 192.168.31.179, server: _, request: "GET / HTTP/1.1", host: "192.168.31.170:81"
2024/02/20 14:31:47 [error] 592#592: *1 [lua] crowdsec.lua:615: Allow(): AppSec check: connection refused, client: 192.168.31.179, server: _, request: "GET / HTTP/1.1", host: "192.168.31.170:81"
2024/02/20 14:31:53 [error] 593#593: *11 lua entry thread aborted: runtime error: /usr/local/lua/crowdsec/crowdsec.lua:410: http2 requests are not supported yet
stack traceback:
coroutine 0:
	[C]: in function 'read_body'
	/usr/local/lua/crowdsec/crowdsec.lua:410: in function 'get_body'
	/usr/local/lua/crowdsec/crowdsec.lua:523: in function 'AppSecCheck'
	/usr/local/lua/crowdsec/crowdsec.lua:613: in function 'Allow'
	access_by_lua(http.d/crowdsec_nginx.conf:19):6: in main chunk, client: 192.168.31.179, server: _, request: "GET / HTTP/2.0", host: "192.168.31.170"
2024/02/20 14:31:53 [error] 593#593: *11 lua entry thread aborted: runtime error: /usr/local/lua/crowdsec/crowdsec.lua:410: http2 requests are not supported yet
stack traceback:
coroutine 0:
	[C]: in function 'read_body'
	/usr/local/lua/crowdsec/crowdsec.lua:410: in function 'get_body'
	/usr/local/lua/crowdsec/crowdsec.lua:523: in function 'AppSecCheck'
	/usr/local/lua/crowdsec/crowdsec.lua:613: in function 'Allow'
	access_by_lua(http.d/crowdsec_nginx.conf:19):6: in main chunk, client: 192.168.31.179, server: _, request: "GET /favicon.ico HTTP/2.0", host: "192.168.31.170", referrer: "https://192.168.31.170/"

[LaurenceJJones]

I dont believe you needed to open another issue as it linked to your original #772 issue and it has the same message. SWAG has no control over the dependencies development and is tied to alpine packaging for versioning.

[alleyu2]

I will close this one.