I am attempting to perform a full scan against my application using the OWASP ZAP docker packaged scan, however the scans are failing to connect to the proxy with ProxyError, and the error seems to be inconsistent. Sometimes it will be NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f89c980ee80>: Failed to establish a new connection: [Errno 111] Connection refused'), other times it will be ConnectionResetError(104, 'Connection reset by peer').
The command I am using is basic one from the documentation:
docker run -t owasp/zap2docker-stable zap-full-scan.py -t https://my.webapp.com
Running the baseline-scan works without issue, and running the full-scan against other demo sites works fine too.
As suggested I have run curl against my application from inside the container and 200 is returned as expected, so I am unsure what needs to be configured to enable the connection.
Related
I am new to Cypress, I am trying to run a simple test on a docker container but I get this error:
cy.visit() failed trying to load:
http://bp.localhost:84/
We attempted to make an http request to this URL but the request failed without a response.
We received this error at the network level:
> Error: getaddrinfo ENOTFOUND bp.localhost
Common situations why this would fail:
- you don't have internet access
- you forgot to run / boot your web server
- your web server isn't accessible
- you have weird network configuration settings on your computer
But my container is running and I can access to the test website from my browser
I have been looking around for a solution, but most of the ones I've found are related to Cypress being inside the same docker image.
I have installed it locally with npm install since I cannot modify the image itself.
How do I access the above URL then?
OS: Windows 10 Pro
The whole setup for properly starting up the Web UI seems confusing to me.
There’s the source code to the chirpstack-application-server and its finished docker image. Running docker-compose up at the source code directory starts all the necessary backend services, but not the UI. In the source code, there’s a section with the UI inside the /ui directory. Starting this through npm works up until after this console log:
Note that the development build is not optimized. To create a
production build, use npm run build.
After this I get this proxy error:
Proxy error: Could not proxy request /swagger/internal.swagger.json
from localhost:3000 to http ://localhost:8080/. See https:// nodejs.
org/api/errors.html#errors_common_system_errors for more information
(ECONNREFUSED).
Then there’s the chirpstack-appliaction from precompiled binary. I started this one by first creating the config file chirpstack-application-server configfile > chirpstack-application-server.toml and then starting the executable ./chirpstack-application-server.exe. Here I just get a connection error to PostgreSQL:
time=“2020-09-17T11:09:08+02:00” level=warning msg=“storage: ping
PostgreSQL database error, will retry in 2s” error=“dial tcp
[::1]:5432: connectex: No connection could be made because the target
machine actively refused it.”
So what am I missing to get the UI up and running locally?
I'm running a Docker MERN stack on CentOS 7 with WHM, CPanels and Apache, everything works fine until I reboot the server. I get the following error on the webpage:
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request
Reason: Error reading from remote server
Additionally, a 502 Bad Gateway error was encountered while trying to use an ErrorDocument to handle the request.
After searching around stackoverflow I found that if I run this command my problem is solved:
iptables -t filter -F
My question is, whats causing my problem? How do I configure my server so I don't need to run this command everytime my server reboots? Do I make a script to run this command everytime it restarts? Do I configure iptables?
Just to answer my own question, I was dumb and forgor to open proper outbound ports, I only opened inbound ports.
I am running SonarQube on both java and javascript code inside a CentOS VM. I pulled the sonarqube docker image and am running the container. I exposed port 9000 and am able to open up localhost:9000 and interact with the sonarqube gui. When I run the sonar-scanner from the command line on the JavaScript code using this command:
sonar-scanner -Dsonar.projectKey=javascript_code -Dsonar.sources=. -Dsonar.host.url=http://localhost:9000 -Dsonar.login=admin -Dsonar.password=admin
I get a fully analyzed project. As well as the JavaScript code I can run it on the Java code using the maven build. Both work correctly from the command line.
When I add it into a Jenkins Pipeline I do the exact same commands and get the following:
Error: SonarQube server [http://localhost:9000] can not be reached
Caused by: Fail to get bootstrap index from server
Caused by: Failed to connect to localhost:9000
Caused by: Connection refused (Connection refused)
I also tried when starting the container to use --network="host" instead of publishing port 9000, but it still does not connect from the Jenkins Pipeline. Everything works correctly when I am running the commands from the Command Line, just when I try to put it into a Jenkins Pipeline.
Any suggestions on how to fix this? Thanks.
*Edit: Using the sonarqube plugin I was able to get my analysis to run as a Jenkins Job. However, when I try to add the analysis into the pipeline I get the same SonarQube server cannot be reached error. It says it skips my project because the project has been banned form the build due to previous failures and gives me this error message:
[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.5.0.1254:sonar (default-cli) on project sonarqubeproj:
Unable to execute SonarQube: Fail to get bootstrap index from server: unexpected end of stream on Connection{localhost:9000, proxy=DIRECT hostAddress=localhost/127.0.0.1:9000 cipherSuite=none protocol=http/1.1}: \n not found: limit=0 content=… -> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.5.0.1254:sonar (default-cli) on project feedback-tool-ui: Unable to execute SonarQube
The problem you are facing is most likely related to how you run jenkins.
I assume you also run jenkins via docker. this means that in the context of jenkins, localhost is not your host system, but the jenkins container. This means you need to adapt your sonarqube-url to reference the host system.
Therefore you have multiple options:
use the public ip of the host system
use the docker ip of the host system
resolve the ip via dns. docker has an internal DNS and if those container run in the same network, you can normally reach them by containername.
sidenote:
i am not sure if you are using docker-compose or kubernetes, but if you are not using it, you might also want to dive into docker-compose as it is just a simple yaml-config in which you can easily start up servers.
Here is my whole scenario.
I have a RHEL 7.1 vmware image, with the corporate proxy properly configured, accessing stuff over http or https works properly.
Installed docker-engine, and added the HTTP_PROXY setting to /etc/systemd/system/docker.service.d/http-proxy.conf. I can verify the proxy setting is picked up by executing:
sudo systemctl show docker --property Environment
which will print:
Environment=HTTP_PROXY=http://proxy.mycompany.com:myport/ with real values of course.
Pulling and running docker images works correctly this way.
The goal is to work with the binary distribution of openshift-origin. I downloaded the binaries, and started setting up things as per the walkthrough page on github:
https://github.com/openshift/origin/blob/master/examples/sample-app/README.md
Starting openshift seems to work as I can:
* login via the openshift cli
* create a new project
* even access the web console
But when I try to create an app in the project (also via the cli):
oc new-app centos/ruby-22-centos7~https://github.com/openshift/ruby-hello-world.git
It fails:
error: can't look up Docker image "centos/ruby-22-centos7": Internal error occurred: Get https://registry-1.docker.io/v2/: dial tcp 52.71.246.213:443: connection refused
I can access (without authentication though) this endpoint via the browser on the VM or via WGET.
Hence I believe DOCKER fails to pick up the proxy settings. After some searching I also fear if there are IPTABLES settings missing. Referring to:
https://docs.docker.com/v1.7/articles/networking/
But I don't know if I should fiddle with the IPTABLES settings, should not Docker figure that out itself?
Check your HTTPS_PROXY environment property.