#nginx bouncer: attempt to concatenate local 'ip_type' (a nil value)

1 messages · Page 1 of 1 (latest)

torpid notch
#

I just noticed that my NGINX Bouncer has stopped contacting my LAPI for decisions and has stopped bouncing, I re-created the API token for the bouncer just in case it was a weird bug but that didn't fix it. I haven't changed my config in a while so that shouldn't be the issue.

I can see in NGINX's logs the Bouncer quits on startup and then never runs again.

2025/10/02 20:47:47 [info] 68873#68873: *1 [lua] crowdsec_nginx.conf:28):5: Initializing stream mode for worker 0, context: init_worker_by_lua*
2025/10/02 20:47:47 [info] 68873#68873: *1 [lua] crowdsec_nginx.conf:28):10: Initializing metrics for worker 0, context: init_worker_by_lua*
2025/10/02 20:47:47 [info] 68876#68876: *2 [lua] crowdsec_nginx.conf:28):5: Initializing stream mode for worker 3, context: init_worker_by_lua*
2025/10/02 20:47:47 [info] 68874#68874: *3 [lua] crowdsec_nginx.conf:28):5: Initializing stream mode for worker 1, context: init_worker_by_lua*
2025/10/02 20:47:47 [info] 68875#68875: *4 [lua] crowdsec_nginx.conf:28):5: Initializing stream mode for worker 2, context: init_worker_by_lua*
2025/10/02 20:47:53 [error] 68873#68873: *20 lua entry thread aborted: runtime error: /usr/lib/crowdsec/lua/plugins/crowdsec/stream.lua:221: attempt to concatenate local 'ip_type' (a nil value)
stack traceback:
coroutine 0:
        /usr/lib/crowdsec/lua/plugins/crowdsec/stream.lua: in function 'stream_query'
        /usr/lib/crowdsec/lua/crowdsec.lua:332: in function </usr/lib/crowdsec/lua/crowdsec.lua:314>, context: ngx.timer

** Server Setup**
Ubuntu 24.04
NGINX: 1.24.0
Bouncer Version: v1.1.3

raven zodiacBOT
#
Important Information

Thank you for getting in touch with your support request. To expedite a swift resolution, could you kindly provide the following information? Rest assured, we will respond promptly, and we greatly appreciate your patience. While you wait, please check the links below to see if this issue has been previously addressed. If you have managed to resolve it, please use run the command /resolve or press the green resolve button below.

Log Files

If you possess any log files that you believe could be beneficial, please include them at this time. By default, CrowdSec logs to /var/log/, where you will discover a corresponding log file for each component.

Guide Followed (CrowdSec Official)

If you have diligently followed one of our guides and hit a roadblock, please share the guide with us. This will help us assess if any adjustments are necessary to assist you further.

Screenshots

Please forward any screenshots depicting errors you encounter. Your visuals will provide us with a clear view of the issues you are facing.

© Created By WhyAydan for CrowdSec ❤️ ·
steep cedar
#

Do you have any remeditions that dont follow types like "ip" or "range"

#

Okay I see more now, it happens when the value is not an IP or maybe the ip function is somehow not handling it correctly

torpid notch
steep cedar
#

I mean the scope of the decisions we have ip and range that are "first class" supported, but it can technically be any type

torpid notch
#

also I've been noticing a trend where the lua bouncers are very brittle

torpid notch
acoustic sorrel
#

Only way this can happen that I can think of is a decision with the scope ip or range which does not contain a valid IP or range
but this should be prevented by crowdsec during import

#

would you mind dumping the full output of cscli decisions list --all ?

torpid notch
steep cedar
#

The lua is JIT but its never perfect cause there edge cases where in this case nil is returned but is not handled because lua doesnt have any typing system. We are improving the lua by using returned types but this case was missed.

#

Like with golang will warn us in the code editor that a nil type may be returned when lua doesnt care and wont inform us.

torpid notch
#

dm'd both of you

torpid notch
acoustic sorrel
#

weird
I extracted the decisions and ran them through the lua parsing code, no errors

steep cedar
#

we merged well a "fix" as we couldnt replicate, but it at least will log some information and not crash

#

we are going to be testing, and then merge upstream into nginx / openresty bumps

torpid notch
#

I applied this PR, but now I'm getting a different issue:

2025/10/03 00:02:20 [error] 72819#72819: *50 lua entry thread aborted: runtime error: /usr/lib/crowdsec/lua/crowdsec.lua:332: attempt to call method 'stream_query' (a nil value)
stack traceback:
coroutine 0:
        /usr/lib/crowdsec/lua/crowdsec.lua: in function </usr/lib/crowdsec/lua/crowdsec.lua:314>, context: ngx.timer
steep cedar
torpid notch
#

should've checked the creation date lol

torpid notch
steep cedar
#

wait

#

let me go check the upper repos

torpid notch
# 
/usr/lib/crowdsec/lua/plugins/crowdsec$ grep 'stream_query' *
stream.lua:function stream:stream_query_api(api_url, timeout, api_key_header, api_key, user_agent, ssl_verify, bouncing_on_type)
stream.lua:  return self:stream_query_process(res, bouncing_on_type)
stream.lua:function stream:stream_query_tls(api_url, timeout, user_agent, ssl_verify, ssl_client_cert, ssl_client_priv_key, bouncing_on_type)
stream.lua:  return self:stream_query_process(res, bouncing_on_type)
stream.lua:function stream:stream_query_process(res, bouncing_on_type)
stream.lua:  ngx.log(ngx.DEBUG, "end of stream_query_process")

looks like there is

steep cedar
#

yeah but the method isnt called just "stream_query"

torpid notch
#

maybe it's from this:

grep 'stream_query' crowdsec.lua
      local err = stream:stream_query(
steep cedar
#

ahhh

#

we merged a mTLS pr

#

so you need to update your crowdsec.lua

#

but... your on latest remediation

#

ohh

torpid notch
steep cedar
#

perfect!

#

so thats the issue its a range with scope Ip, so lets find why

torpid notch
steep cedar
#

I thought 1.1.4 was what you was on

#

didnt realize it wasnt out

torpid notch
steep cedar
#

but this address is scope Ip in your decisions

| 365185313 | cscli-import | Ip:2602:80d:1000::/48                      | manual                                 | ban     |         |                                                   | 42466  | 6h17m51s    | 133402   |
#

so crowdsec should really say "nope not correct scope"

torpid notch