Bug report: RSA Key Pair Generation when deployed via container to kubernetes #1969
Description
Describe the bug
When attempting to generate RSA key pairs when deployed in kubernetes with an ingress, receive the following error:
Generate RSA Key Pair - Worker constructor: Failed to load worker script at "assets/forge/prime.worker.min.js"
To Reproduce
Deploy cyberchef using kubernetes with the following configuration:
# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: cyberchef-deployment
spec:
replicas: 1
selector:
matchLabels:
app: cyberchef
template:
metadata:
labels:
app: cyberchef
spec:
containers:
- name: cyberchef
image: ghcr.io/gchq/cyberchef:10.19.4
ports:
- containerPort: 80
# ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: cyberchef-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: cyberchef.bearden.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: cyberchef-service
port:
number: 80
# namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
creationTimestamp: null
name: cyberchef
spec: {}
status: {}
# service.yaml
---
apiVersion: v1
kind: Service
metadata:
name: cyberchef-service
spec:
selector:
app: cyberchef
ports:
- protocol: TCP
port: 80
targetPort: 80
# kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: cyberchef
resources:
- namespace.yaml
- deployment.yaml
- ingress.yaml
- service.yamlNavigate to ingress domain (cyberchef.bearden.local in this example) and try to use RSA key-pair generation.
Expected behaviour
Generates an RSA key-pair. The same container run through docker functions.
Screenshots
Desktop (if relevant, please complete the following information):
- OS: Debian 12 with MicroK8s v1.31.4 revision 7514
- Browser: Chrome/Firefox (same browser used when ruling out docker based deployment)
- CyberChef version: 10.19.4
Additional context
This seems to be an issue with the ingress functionality in kubernetes. Ingress logs seem to show a successful 200 response code for the prime.worker.min.js asset:
192.168.11.249 - - [24/Jan/2025:04:56:20 +0000] "GET / HTTP/1.1" 200 77361 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0" 260 0.002 [cyberchef-cyberchef-service-80] [] 10.1.96.238:80 77361 0.002 200 e45f3a0e8c7d0962686ecf52c6a4ad21
192.168.11.249 - - [24/Jan/2025:05:00:22 +0000] "GET /assets HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0" 379 0.002 [cyberchef-cyberchef-service-80] [] 10.1.96.238:80 169 0.002 301 79ea4fc791fb79c30fd6a8f324a7e1d5
192.168.11.249 - - [24/Jan/2025:05:00:22 +0000] "GET /assets/ HTTP/1.1" 403 153 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0" 380 0.001 [cyberchef-cyberchef-service-80] [] 10.1.96.238:80 153 0.001 403 693bd7b0a302929217b306f8292f360a
192.168.11.249 - - [24/Jan/2025:05:00:22 +0000] "GET /favicon.ico HTTP/1.1" 404 153 "http://cyberchef.bearden.local/assets/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0" 406 0.001 [cyberchef-cyberchef-service-80] [] 10.1.96.238:80 153 0.001 404 cfc4a30e71419e2405d50e7e23e4735e
192.168.11.249 - - [24/Jan/2025:05:00:36 +0000] "GET /assets/forge/prime.worker.min.js HTTP/1.1" 200 21005 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0" 405 0.001 [cyberchef-cyberchef-service-80] [] 10.1.96.238:80 21005 0.001 200 0d880b4c3b102444884c21952f01f15b
192.168.11.249 - - [24/Jan/2025:05:08:38 +0000] "GET /assets/main.js HTTP/1.1" 200 12150517 "http://cyberchef.bearden.local/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0" 321 0.188 [cyberchef-cyberchef-service-80] [] 10.1.96.238:80 12150517 0.188 200 f5da87499793e9a1fb9efe0bfec1428aMy guess is it's how it's referenced in a link somewhere, but with the 200 response code I'm stumped still. Going to try to find the root cause on my end because I need to deploy this to kubernetes for this deployment context and had a customer run into this issue while doing some training. Using openssl on the command line as a workaround but this bug may manifest in different functions potentially.