Comments (13)
Hi @SEO-Andriej,
Thanks for getting in touch. Just so we are on the same page. Would you mind pasting your nginx.conf and your docker-compose.yml here so that I can try replicate the issue?
from canarytokens-docker.
Hello,
I'm having the same issue. after running the ' docker-compose up' command, I'm getting this:
redis is up-to-date
Recreating frontend ... done
Recreating switchboard ... error
ERROR: for switchboard Cannot start service switchboard: driver failed programm ing external connectivity on endpoint switchboard (2a4116ba839d1899e3050548b1f7d d7c5f0d2de6d384954901f6fc77f54ea257): Error starting userland proxy: listen tcp 0.0.0.0:53: bind: address already in use
ERROR: for switchboard Cannot start service switchboard: driver failed programm ing external connectivity on endpoint switchboard (2a4116ba839d1899e3050548b1f7d d7c5f0d2de6d384954901f6fc77f54ea257): Error starting userland proxy: listen tcp 0.0.0.0:53: bind: address already in use
ERROR: Encountered errors while bringing up the project.
Any help will be appreciated it!
from canarytokens-docker.
Just in case, I'm posting my nginx.conf here:
worker_processes 1;
events {worker_connections 1024;
}
http {
sendfile on; gzip on; gzip_http_version 1.0; gzip_proxied any; gzip_min_length 500; gzip_disable "MSIE [1-6]\."; gzip_types text/plain text/xml text/css text/comma-separated-values text/javascript application/x-javascript application/atom+xml; default_type application/octet-stream; include /etc/nginx/mime.types; server_tokens off; server { client_max_body_size 50M; listen 80; server_name _; # Proxying connections to application servers location = / { proxy_pass http://frontend:8082/; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $server_name; } location ~* (/generate|/manage|/download|/history|/settings|/resources).* { proxy_pass http://frontend:8082; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $server_name; } location = /robots.txt { proxy_pass http://frontend:8082/robots.txt; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $server_name; } location ~ [.]* { proxy_pass http://switchboard:8083; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $server_name; } }
}
from canarytokens-docker.
And here is my docker-compose.yml:
version: '2'
services:
redis:
restart: always
image: redis
volumes:
- ./data:/data/
container_name: redis
command: redis-server --appendonly yes --protected-mode no --save 60 1
frontend:
restart: always
build: ./canarytokens/
image: thinkst/canarytokens
links:
- redis
env_file:
- frontend.env
volumes:
- ./uploads:/uploads/
- log-volume:/logs
container_name: frontend
command: bash -c "rm frontend.pid; twistd -noy frontend.tac --logger log.logger --pidfile=frontend.pid"
switchboard:
build: ./canarytokens/
restart: always
image: thinkst/canarytokens
ports:
- "53:53"
- "53:53/udp"
- "25:25"
links:
- redis
env_file:
- switchboard.env
volumes_from:
- frontend
container_name: switchboard
command: bash -c "rm switchboard.pid; twistd -noy switchboard.tac --logger log.logger --pidfile=switchboard.pid"
nginx:
restart: always
image: thinkst/canarytokens_nginx
build: ./nginx/
ports:
- "80:80"
links:
- frontend
- switchboard
container_name: nginx
command: /usr/sbin/nginx -c /etc/nginx/nginx.conf -g "daemon off;"
volumes:
log-volume:
from canarytokens-docker.
Hey @Kpodov,
Thanks for reporting and sending through some info. Would you mind telling me what system you trying to run this on? (OS?)
from canarytokens-docker.
Thanks for your quick reply @jayjb
I am using Ubuntu 18.04.3 (LTS) x64 as droplet hosted on DigitalOcean
from canarytokens-docker.
Hey @Kpodov,
Thanks for the patience. So we have hit this issue before and the blunt edge solution was to
sudo systemctl stop systemd-resolved
sudo systemctl disable systemd-resolved
because it seems with the new ubuntu (18.04) enables systemd-resolved
by default.
So I looked a little for a better solution and it seems that we can simply modify the docker-compose.yml
file like such. Under the section switchboard
, change to:
ports:
- "<EXTERNAL_IP>:53:53/tcp"
- "<EXTERNAL_IP>:53:53/udp"
where <EXTERNAL_IP>
is the public IP you want to access your docker from.
from canarytokens-docker.
@jayjb Thank you so much for helping out!
That solved my issue. However, I can't access the my.domain/generate
URL. Also, I had to changed the port that nginx uses in the docker-compose.yml
file from 80 to 3200. This is the output I have got when I run docker-compose up
:
Starting redis ... done
Starting frontend ... done
Starting switchboard ... done
Recreating 6b6046e6fe5f_nginx ... done
Attaching to redis, frontend, switchboard, nginx
redis | 1:C 03 Oct 2019 16:13:14.610 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
redis | 1:C 03 Oct 2019 16:13:14.610 # Redis version=5.0.6, bits=64, commit=00000000, modified=0, pid=1, just started
redis | 1:C 03 Oct 2019 16:13:14.610 # Configuration loaded
redis | 1:M 03 Oct 2019 16:13:14.612 * Running mode=standalone, port=6379.
redis | 1:M 03 Oct 2019 16:13:14.612 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.
redis | 1:M 03 Oct 2019 16:13:14.612 # Server initialized
redis | 1:M 03 Oct 2019 16:13:14.612 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled.
redis | 1:M 03 Oct 2019 16:13:14.801 * DB loaded from append only file: 0.189 seconds
redis | 1:M 03 Oct 2019 16:13:14.801 * Ready to accept connections
frontend | DEBUG:generator_httpd:Canarydrops generator HTTPd
redis | 1:M 03 Oct 2019 16:14:15.053 * 1 changes in 60 seconds. Saving...
redis | 1:M 03 Oct 2019 16:14:15.053 * Background saving started by pid 15
redis | 15:C 03 Oct 2019 16:14:15.059 * DB saved on disk
redis | 15:C 03 Oct 2019 16:14:15.059 * RDB: 0 MB of memory used by copy-on-write
redis | 1:M 03 Oct 2019 16:14:15.154 * Background saving terminated with success
I know it's too much to ask but, do you have any advice on this?
from canarytokens-docker.
@jayjb nevermind. Indeed, i was able to solve this issue by setting back the Nginx port to 8080:80.
Again thanks again. I appreciate your help!
from canarytokens-docker.
Sorry for delay @jayjb , and also thank you @Kpodov for supporting this thread ;)
Hovewer i did everything like you suggested above and still getting errors :/
ERROR: for nginx Cannot start service nginx: OCI runtime create failed: containe r_linux.go:345: starting container process caused "process_linux.go:346: sending config to init process caused "write init-p: broken pipe"": unknown
Ubuntu 18.04 VPS
my docker-compose.yml is:
version: '2'
services:
redis:
restart: always
image: redis
volumes:
- ./data:/data/
container_name: redis
command: redis-server --appendonly yes --protected-mode no --save 60 1
frontend:
restart: always
build: ./canarytokens/
image: thinkst/canarytokens
links:
- redis
env_file:
- frontend.env
volumes:
- ./uploads:/uploads/
- log-volume:/logs
container_name: frontend
command: bash -c "rm frontend.pid; twistd -noy frontend.tac --logger log.logger --pidfile=frontend.pid"
switchboard:
build: ./canarytokens/
restart: always
image: thinkst/canarytokens
ports:
- "this.is.my.ip:53:53"
- "this.is.my.ip:53:53/udp"
- "this.is.my.ip:25:25"
links:
- redis
env_file:
- switchboard.env
volumes_from:- frontend
container_name: switchboard
command: bash -c "rm switchboard.pid; twistd -noy switchboard.tac --logger log.logger --pidfile=switchboard.pid"
nginx:
restart: always
image: thinkst/canarytokens_nginx
build: ./nginx/
ports:- "8080:80"
links:- frontend
- switchboard
container_name: nginx
command: /usr/sbin/nginx -c /etc/nginx/nginx.conf -g "daemon off;"
volumes:
log-volume:
nginx.conf
worker_processes 1;
events {worker_connections 1024;
}
http {
sendfile on; gzip on; gzip_http_version 1.0; gzip_proxied any; gzip_min_length 500; gzip_disable "MSIE [1-6]\."; gzip_types text/plain text/xml text/css text/comma-separated-values text/javascript application/x-javascript application/atom+xml; default_type application/octet-stream; include /etc/nginx/mime.types; server_tokens off; server { client_max_body_size 50M; listen 80; server_name _; # Proxying connections to application servers
location = / {
proxy_pass http://frontend:8082/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;} location ~* (/generate|/manage|/download|/history|/settings|/resources).* { proxy_pass http://frontend:8082; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $server_name; } location = /robots.txt { proxy_pass http://frontend:8082/robots.txt; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $server_name; } location ~ [.]* { proxy_pass http://switchboard:8083; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
from canarytokens-docker.
Hey @SEO-Andriej,
I haven't seen this error before so i did a bunch of digging. Would you mind confirming some details for me and sending the results of the following commands please:
lsb_release -a
uname -a
docker version
I see there is a known issue with a certain combo of docker and ubuntu (spoken about here)
from canarytokens-docker.
Hey @SEO-Andriej, I haven't seen this error before so i did a bunch of digging. Would you mind confirming some details for me and sending the results of the following commands please: lsb_release -a uname -a docker version I see there is a known issue with a certain combo of docker and ubuntu (spoken about here)
Hello thank you for you help. I took a look into the thread but I must say I'm confused.
Which version of Docker should I use? Too much downgrade is a security threat (or I'm wrong?)
Thank you in advance , below my results from terminal
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04.3 LTS
Release: 18.04
Codename: bionic
-----
Linux vps12345678.local 4.15.0 #1 SMP Thu Jun 27 15:10:55 MSK 2019 x86_64 x86_64 x86_64 GNU/Linux
--------
Client: Docker Engine - Community
Version: 19.03.2
API version: 1.40
Go version: go1.12.8
Git commit: 6a30dfc
Built: Thu Aug 29 05:29:11 2019
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.2
API version: 1.40 (minimum version 1.12)
Go version: go1.12.8
Git commit: 6a30dfc
Built: Thu Aug 29 05:27:45 2019
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.2.6
GitCommit: 894b81a4b802e4eb2a91d1ce216b8817763c29fb
runc:
Version: 1.0.0-rc8
GitCommit: 425e105d5a03fabd737a126ad93d62a9eeede87f
docker-init:
Version: 0.18.0
GitCommit: fec3683
from canarytokens-docker.
Hi @SEO-Andriej,
Im sorry for the drop on this issue. Did you figure out what the issue was? Looking over the issue again, Im wondering if it is an architecture difference. We recently found that building the images on certain architectures was causing some unexpected issues.
Im going to close the issue for now (we can reopen it if you still have an issue)
from canarytokens-docker.
Related Issues (20)
- Word safty view not triggering token HOT 2
- Sending mails via sendgrid not working HOT 4
- This is relevant for EVERYONE installing Canarytokens after 29.10.22: Crash on startup HOT 2
- Getting the following error with switchboard: "Unable to format event" HOT 2
- Support for MatterMost webhooks as well as Slack
- [SOLVED] - Remove/delete a single token? HOT 2
- canarytokens.com Categorised as - "Malicious Sites" HOT 1
- Incident List not showing or exporting more than 10 entries HOT 3
- [channel_output_email#error] A smtp error occurred: <class 'smtplib.SMTPSenderRefused'> - (550, 'From header is missing, header is not RFC 5322 compliant', '') HOT 2
- Making Canary Tokens work in an intranet environment HOT 2
- port for sensitive command HOT 2
- sensitive command wrong domain HOT 2
- Random Domains used in DNS-Token HOT 8
- [BUG] BasicAuth requires workaround? HOT 2
- Running with Docker-compose ends up with a lot of errors HOT 5
- [BUG] v3 - object has no attribute 'SMTP_SERVER' HOT 4
- Canary Token conflicts with already running service in port 53 in ubuntu HOT 2
- [BUG] AWS Tokens not firering (sometimes?) HOT 1
- Support for Load Balancer DNS Record in CANARY_PUBLIC_IP HOT 3
- Enhance CanaryToken to Capture Real User IP and Extract More Values HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from canarytokens-docker.