misp icon indicating copy to clipboard operation
misp copied to clipboard

Published 20 hours ago verified publisher icon NUKIB

New install: php-fpm not starting

Open Foxi352 opened this issue 2 years ago • 5 comments

First time i try containerised MISP. So i pulled the docker-compose.yml with the curl command you specified into an empty directory. Changed:

  • MYSQL_PASSWORD (2x)
  • MYSQL_ROOT_PASSWORD
  • MISP_BASEURL
  • MISP_UUID
  • MISP_ORG
  • MISP_EMAIL
  • SECURITY_SALT.

And the ports section to - 127.0.0.1:8003:80 which my nginx https reverse proxy points to.

I launched docker-compose up which initialised everything correctly as far as i can see, but misp container stays unhealthy and does not start correctly.

docker-compose up console shows:

misp          | 2023-02-02 08:15:22,366 INFO success: php-fpm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
misp          | 2023-02-02 08:15:22,367 INFO exited: php-fpm (exit status 78; not expected)

Inside the misp container /var/log/php-fpm/error.log

[02-Feb-2023 08:12:14] ERROR: [pool www] failed to read the ACL of the socket '/run/php-fpm/www.sock': Operation not supported (95)
[02-Feb-2023 08:12:14] ERROR: FPM initialization failed

Didi i miss something ?

Additional info: OS: VMware Photon OS 5.0 Docker: Docker version 20.10.14, build a224086

Foxi352 avatar Feb 02 '23 08:02 Foxi352

Try without listen.acl_users = apache,nginx and listen.acl_users = apache in /etc/php-fpm.d/www.conf

jn9999 avatar Mar 07 '23 09:03 jn9999

What i tried is while the MISP container is running and continuously spawning the two error lines mentioned above, i went into a bash shell edited the /etc/php-fpm.d/www.conf file and commented out the listen.acl_users line you mentioned (war 3rd last line):

...<snip>...
;listen.acl_users = apache
access.log = /var/log/php-fpm/$pool.access.log
access.format = "%R %{HTTP_X_REQUEST_ID}e - %u %t \"%m %r%Q%q\" %s %{mili}d %{kilo}M %C%%"
[root@a22bd860d3cb php-fpm.d]#

The error message continued ... Even a container restart (which preserves the modification) did not solve it. Could it be an umask issue on the host system ?

Foxi352 avatar Mar 07 '23 10:03 Foxi352

Check the whole file for a second listen.acl_users line and comment out that as well.

jn9999 avatar Mar 07 '23 11:03 jn9999

Thanks, i did miss this line the first time. Sorry. Now everything seems to startup as it should. And i end up with the following:

---<snip>---
misp          | 2023-03-07 11:47:33,478 INFO success: php-fpm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
misp          | Galaxies updated.
misp          | Noticelists updated.
misp          | Warninglists updated.
misp          | Taxonomies updated.
misp          | ObjectTemplates updated.
misp          | ObjectRelationships updated.
misp          | All JSON structures updated. Thank you and have a very safe and productive day.
misp          | 2023-03-07 11:49:12,613 INFO reaped unknown pid 50 (exit status 0)

While this looks right the container stays in unhealthy state (after being for +/- 1 minuten in (health: starting) state:

CONTAINER ID   IMAGE                               COMMAND                  CREATED       STATUS                   PORTS                                                NAMES
db3b16c59eca   ghcr.io/nukib/misp:latest           "/usr/local/bin/dock…"   2 hours ago   Up 2 hours (unhealthy)   127.0.0.1:50000->50000/tcp, 127.0.0.1:8003->80/tcp   misp
f4b7eb90cd21   ghcr.io/nukib/misp-modules:latest   "/home/misp-modules/…"   2 hours ago   Up 2 hours (healthy)     6666/tcp                                             misp-modules
221d7ee399b6   mariadb:10.10                       "docker-entrypoint.s…"   2 hours ago   Up 2 hours               3306/tcp                                             misp-mysql
e500d41c58ec   redis:7.0                           "docker-entrypoint.s…"   2 hours ago   Up 2 hours               6379/tcp                                             misp-redis

And the MISP web page shows the following:

Screenshot 2023-03-07 at 15 01 40

At first i thought it was due to my HTTPS reverse proxy which does the TLS offloading and forwards to localhost:8003, but a quick curl http://localhost:8003 on the docker host itself yielded the same error.

It this maybe related, or should i open a new issue ?

Foxi352 avatar Mar 07 '23 14:03 Foxi352

Additional info in /var/log/httpd/error_log inside misp container:

[Mon Mar 13 14:30:21.881547 2023] [proxy:error] [pid 175:tid 140011403982592] (13)Permission denied: AH02454: FCGI: attempt to connect to Unix domain socket /run/php-fpm/www.sock (127.0.0.1) failed
[Mon Mar 13 14:30:21.881650 2023] [proxy_fcgi:error] [pid 175:tid 140011403982592] [client 172.20.0.1:33224] AH01079: failed to make connection to backend: httpd-UDS

Solution was to chown apache:apache /run/php-fpm/www.sock. This has probably to do with the listen.acl_users you asked me to remove in your comment above ?

Anyways: This makes the container go healthy and MISP seems to work correctly. Sadly these manipulations, editing the .conf and chown'ing the socket, have to be done on every container restart. So i guess we need a fix for this ...

Foxi352 avatar Mar 13 '23 14:03 Foxi352