Need an insight for cloudflare tunnels --->> Nginx ---->> Website
Everything is working perfectly but alerts are not pop up.
SystemOS- Ubuntu 24.04
Nginx version is 1.26.2
150 Replies
Important Information
Thank you for getting in touch with your support request. To expedite a swift resolution, could you kindly provide the following information? Rest assured, we will respond promptly, and we greatly appreciate your patience. While you wait, please check the links below to see if this issue has been previously addressed. If you have managed to resolve it, please use run the command
/resolve or press the green resolve button below.Log Files
If you possess any log files that you believe could be beneficial, please include them at this time. By default, CrowdSec logs to /var/log/, where you will discover a corresponding log file for each component.
Guide Followed (CrowdSec Official)
If you have diligently followed one of our guides and hit a roadblock, please share the guide with us. This will help us assess if any adjustments are necessary to assist you further.
Screenshots
Please forward any screenshots depicting errors you encounter. Your visuals will provide us with a clear view of the issues you are facing.
© Created By WhyAydan for CrowdSec ❤️
As stated can you provide some information like
cscli metrics or what you mean by alerts are not pop upsure will provide you the details
current nginx status
Can you check your
/etc/nginx/nginx.conf has a include /etc/nginx/conf.d/*.conf; line (a line similar to include it)
also from the alert generation point of view within the acquisition there is no nginx logs, can you check
/etc/crowdsec/acquis.yaml has a line for nginx logsyes its there
current status
/etc/crowdsec/acquis.yaml has a line for nginx logsbut it only has the error log line, so what files do you see in
/var/log/nginx/?do i have to add access log line also?
you are correct it only has error log
Yes, dont know why it wasnt picked up, maybe nginx didnt generate it before crowdsec was installed
but you can just add it manually
just to be sure
and for the bouncer itself can you check
/var/log/nginx/error.log if there are any entries for runtime errorsstill nothing
and do you see anything if you
nginx -t
and
cscli bouncers listeverything it to the T.
its 72 hours working on this. did all the permutation and combinations. 4 VM;s scraped. and today i can to you guys. i generally avoid posting and prefer to read on but i didn't get any ref so.
hmm odd we dont see the other nginx with number, could you run:
Then copy the key that is generated and add it to
/etc/crowdsec/bouncers/crowdsec-nginx-bouncer.confgive me a sec. will do that hands on
Did you add the key to
/etc/crowdsec/bouncers/crowdsec-nginx-bouncer.conf?yes
Okay now run
nginx -t && nginx -s reload
hmm
okay can you run
grep "listen" /etc/crowdsec/config.yaml
okay the url is wrong in nginx bouncer config, you need to put
http://127.0.0.1:8089
if you want to use appsec
that is a different option
APPSEC_URL=http://127.0.0.1:7422Yeah you just need to add
APPSEC_URL=http://127.0.0.1:7422in config.yaml ?
no in
bouncers/crowdsec-nginx-bouncer.confits there
no you are setting
API_URL not APPSEC_URLohh my lord
API_URL must be set the crowdsec lapi port
which is 8089 in your caseapi url should be 8089
ye
damm
still nothing
the url is
/.env/
it must match /.env
you might have a directory redirect on wordpressany other scenarios i can test
yesterday i tested your given example it worked
Yes you can
curl -X POST --data "0x[]" <your_url>
did you
nginx -t && nginx -s reload after updating the config?
okay and
cscli bouncers list
okay and 100% there is a include line in the
nginx.conf?
okay and run
nginx -T | grep include
it shouldnt make a difference but could you put the
conf.d include line above the sites enabled linesure why not
then
nginx -t && nginx -s reload
then if you send a request to the server?
yes
the same command you gave
its definitely hitting logs with my public ip
Could we just try a restart of the nginx service incase the main pid is stuck
systemctl restart nginxdone
did curl again
a hit
nothing here
can you list
/etc/nginx/modules-enabled/as I dont see
as this is what loads the lua module, however, I would expect nginx to throw an error if this module doesnt exist
okay, then try
apt list --installed libnginx-mod-http-lua
yeah modules-available != modules-enabled, we need to see if the lua module is actually installed
😦
can you run
apt install libnginx-mod-http-luai did
yeah symlinking doesnt matter the underlying library is not installed
Yeah that is missing, it should be installed
i should run this
ye
okay
done
and try
nginx -t to see if the previous symlink might cause a failureyes
can you ensure this file also exists
no
Okay firstly make sure
/usr/share/nginx/modules/ngx_http_lua_module.so exists
oops wrong file
I meant
/usr/share/nginx/modules/ndk_http_module.sono issues
No please read the file path, you are looking in modules-available
my bad
Okay so we got both modules
eyes are a bit sore of trying
will get a coffee
its an imp project for our company
can you run these commands:
then see if
nginx -t gets workingGive me a few mins. I really appreciate your time and help. Got up to get some coffee and freshen up
and in
/etc/nginx/modules-enabled/ you have both 10 and 50?
no 50 removed
so
ls -la /etc/nginx/modules-enabled/?
should i scrap it and start again
If you have the ability too, it might be easier cause it seems there something happened to the nginx itself which I cant see easily from discord
sure
will try and scrape it
do you suggest to manually compile modules this time?
rather than apt install
Not really needed, you can just use the distro provided ones and it should work.
with all those modules, which distro is this or is it a platform like plesk or cpanel?
we have a list of our own modules well
its a saas app
i take care of the security part
but couldn't integrate crowdsec with cf tunnels
is this prod or a development box?
dev
its just a concept we are try for the next release
i am adamant to use crowdsec
long time advocate
will keep you posted. if any solution comes up
thanks once again for your time and efforts
Great product by the way.
Please do, I want to make sure this is resolved 👍
See you around. I saw we share a lot of servers.
a quick question for you: can we install bouncer manually without the lua module and build lua module separately?
Unknown User•10mo ago
Message Not Public
Sign In & Join Server To View
Done that already
It's working for clp
I have a script for that when a user adds it auto adds that to it
It's not working for our custom stack
With tunnels
Did you compile lua with apt or custom compile
Unknown User•10mo ago
Message Not Public
Sign In & Join Server To View
You can mix them in this way, as long as -lpcre is added
./configure --with-compat --with-ld-opt='-lpcre' --add-dynamic-module=../ngx_devel_kit-${DEVEL_KIT_VERSION} --add-dynamic-module=../lua-nginx-module-${LUA_MODULE_VERSION}
Unknown User•10mo ago
Message Not Public
Sign In & Join Server To View
they have updated. not merged
with --with-ld-opt='-lpcre' you can use the older version
Unknown User•10mo ago
Message Not Public
Sign In & Join Server To View
it works
wait i will give yo the compile command
Unknown User•10mo ago
Message Not Public
Sign In & Join Server To View
no that will not work
./configure --with-ld-opt="-Wl,-rpath,/usr/local/include/luajit-2.1" --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-pcre-jit --with-compat --with-ld-opt='-lpcre' --add-dynamic-module=/root/ngx_devel_kit-0.3.3 --add-dynamic-module=/root/lua-nginx-module-0.10.27Unknown User•10mo ago
Message Not Public
Sign In & Join Server To View
hmm
Unknown User•10mo ago
Message Not Public
Sign In & Join Server To View
Unknown User•10mo ago
Message Not Public
Sign In & Join Server To View
its running perfectly since a month