Dysfunctional `owasp/modsecurity-crs:3.3-nginx` and missing images

[arnegroskurth]

The current image variant owasp/modsecurity-crs:3.3-nginx is no longer functional:

$ docker run --rm owasp/modsecurity-crs:3.3-nginx nginx -t
2022/03/08 14:57:58 [emerg] 1#1: invalid parameter "${METRICS_ALLOW_FROM}" in /etc/nginx/includes/location_common.conf:10
nginx: [emerg] invalid parameter "${METRICS_ALLOW_FROM}" in /etc/nginx/includes/location_common.conf:10
nginx: configuration file /etc/nginx/nginx.conf test failed

Unfortunately, all images on docker-hub (see: https://hub.docker.com/r/owasp/modsecurity-crs/tags) have just been overridden and it is not possible to pull an older variant. This should definitely be fixed to allow (automatic) rollbacks in case a newer image is broken.

[SNoble6]

Same for 3.3.2-nginx

[fzipi]

Hi @arnegroskurth . Sorry to hear that. This was fixed by e9b88f1 some days ago. Is this still happening for you?

[fzipi]

@arnegroskurth Did you pull the new one?:

❯ docker run --rm owasp/modsecurity-crs:3.3-nginx nginx -t
2022/03/11 11:04:13 [emerg] 1#1: invalid parameter "${METRICS_ALLOW_FROM}" in /etc/nginx/includes/location_common.conf:10
nginx: [emerg] invalid parameter "${METRICS_ALLOW_FROM}" in /etc/nginx/includes/location_common.conf:10
nginx: configuration file /etc/nginx/nginx.conf test failed
❯ docker pull owasp/modsecurity-crs:3.3-nginx
3.3-nginx: Pulling from owasp/modsecurity-crs
f7a1c6dad281: Already exists
99c0f2cfb592: Already exists
3ef773a0d0f0: Already exists
99f6b81644c2: Already exists
e256d79b6a5f: Already exists
608323d56b87: Already exists
3e048a98a7ef: Already exists
2585e89fff6d: Already exists
a3ef957117d1: Already exists
4257ebc3dde0: Already exists
3d9c8cfbb4ec: Already exists
6907ae566182: Already exists
c4f6fd22b90b: Already exists
50710637b491: Already exists
d5a2261a7ed2: Already exists
920c559dbf71: Already exists
6937958bd83d: Already exists
a3865f758224: Already exists
ccfc6c0fa604: Already exists
13a81de17982: Already exists
97b573a884b5: Already exists
07b16b499ffc: Already exists
df02adefb124: Already exists
78928c1b0116: Pull complete
72107cbe3c30: Pull complete
b0e38e19f849: Pull complete
a6b02e143143: Pull complete
f29f11890b8c: Pull complete
Digest: sha256:b9b9506235821c7acb2fb2c4c2c1b732b8aae1403c6b49eed3cda10ae7602133
Status: Downloaded newer image for owasp/modsecurity-crs:3.3-nginx
docker.io/owasp/modsecurity-crs:3.3-nginx
❯ docker run --rm owasp/modsecurity-crs:3.3-nginx nginx -t
2022/03/11 11:04:35 [notice] 1#1: ModSecurity-nginx v1.0.2 (rules loaded inline/local/remote: 0/911/0)
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

[arnegroskurth]

Its now working again - thanks!

But the issue about the replaced images on docker-hub remains - not being able to roll back in case of a future breaking change is a major issue imo.

[fzipi]

Let's create a new ticket to follow missing images.