[BUG] cs-nginx-bouncer v1.0.8 : http2 requests are not supported yet

[shad-lp]

Is there an existing issue for this?

• I have searched the existing issues

Name of mod

swag-crowdsec

Name of base container

swag

Current Behavior

Since the v1.0.8 of the cs nginx bouncer, I can't log in any service anymore, it works well without using the reverse proxy.

Expected Behavior

I should be able to login normally.

Steps To Reproduce

1. Use v1.0.8 cs nginx bouncers through environment variable CROWDSEC_VERSION=v1.0.8 (or latest atm)
2. Try to log in an application through SWAG
3. Get an error 500

Getting back to v1.0.7 solves the problem.

Maybe related topic I opened few weeks ago concerning recaptcha errors : crowdsecurity/lua-cs-bouncer#44 (comment)

Environment

- OS: Debian
- How docker service was installed: apt repository

CPU architecture

x86-64

Docker creation

version: "2.1"
services:

   swag:
      image: linuxserver/swag
      container_name: swag
      networks:
         - net-proxy
      cap_add:
         - NET_ADMIN
      environment:
         - PUID=1000
         - PGID=1000
         - URL=REDACTED
         - SUBDOMAINS=wildcard
         - VALIDATION=dns
         - DNSPLUGIN=ovh
         - DHLEVEL=4096
         - EMAIL=REDACTED
         - STAGING=false
         - TZ=Europe/Brussels
         - CERTPROVIDER=zerossl
         - PROPAGATION=20
         # Mods
         - DOCKER_MODS=linuxserver/mods:swag-dashboard|ghcr.io/gilbn/theme.park:swag|linuxserver/mods:swag-auto-reload|linuxserver/mods:swag-maxmind|ghcr.io/linuxserver/mods:swag-crowdsec
         #- DOCKER_MODS=ghcr.io/linuxserver/mods:swag-crowdsec
         # Geoblocking
         - MAXMINDDB_LICENSE_KEY=REDACTED
         # Discord notifications
         - DISC_HOOK=REDACTED
         - DISC_ME=REDACTED
         - DISC_API=REDACTED
         # Crowdsec
         - CROWDSEC_API_KEY=REDACTED
         - CROWDSEC_LAPI_URL=http://crowdsec:8080
         - CROWDSEC_F2B_DISABLE=true
         - CROWDSEC_SITE_KEY=REDACTED
         - CROWDSEC_SECRET_KEY=REDACTED
         - CROWDSEC_CAPTCHA_PROVIDER=recaptcha
      ports:
         - 443:443
         # for http to https redirect
         - 80:80
      volumes:
         # config
         - /opt/swag/config:/config
      labels:
         # watchtower label only monitoring
         - "com.centurylinklabs.watchtower.enable=true"
      restart: unless-stopped
      
networks:

   net-proxy:
      external: true

Container logs

2024/03/09 12:02:19 [error] 703#703: *616 lua entry thread aborted: runtime error: /usr/local/lua/crowdsec/crowdsec.lua:436: http2 requests are not supported yet
stack traceback:
coroutine 0:
        [C]: in function 'read_body'
        /usr/local/lua/crowdsec/crowdsec.lua:436: in function 'get_body'
        /usr/local/lua/crowdsec/crowdsec.lua:680: in function 'Allow'
        access_by_lua(http.d/crowdsec_nginx.conf:19):6: in main chunk, client: 192.168.100.60, server: portainer.*, request: "POST /api/auth HTTP/2.0", host: "portainer.xxx.ovh", referrer: "https://portainer.xxx.ovh/"

[Be-Mann]

We have the same problem, while searching I came across the article on Crowdsec

[audioscavenger]

[> Just adding a note for anyone who comes here: You MUST be using nginx-http-mod-lua version 0.10.26 anything less you will still get issues with http2/3

If you are on this version and still encounter issues please open a new issue with information need to replicate

](crowdsecurity/lua-cs-bouncer#44 (comment))

Well, I upgraded swag yesterday to latest, image: ghcr.io/linuxserver/swag
nginx -V shows lua 0.10.25 not 0.10.26:
--add-dynamic-module=/home/buildozer/aports/main/nginx/src/lua-nginx-module-0.10.25/

[LinuxServer-CI]

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

[github-actions]

This issue is locked due to inactivity