plugins - started basic plugin system

Dockerfile

@@ -29,7 +29,7 @@ RUN chmod +x /tmp/prepare.sh && \
 # Fix CVE-2021-22901, CVE-2021-22898 and CVE-2021-22897
 RUN apk add "curl>=7.77.0-r0"
 
-VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache /pre-server-confs /acme-challenge
+VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache /pre-server-confs /acme-challenge /plugins
 
 EXPOSE 8080/tcp 8443/tcp
 

Dockerfile-amd64

@@ -29,7 +29,7 @@ RUN chmod +x /tmp/prepare.sh && \
 # Fix CVE-2021-22901, CVE-2021-22898 and CVE-2021-22897
 RUN apk add "curl>=7.77.0-r0"
 
-VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache /pre-server-confs /acme-challenge
+VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache /pre-server-confs /acme-challenge /plugins
 
 EXPOSE 8080/tcp 8443/tcp
 

Dockerfile-arm32v7

@@ -36,7 +36,7 @@ RUN chmod +x /tmp/prepare.sh && \
 # Fix CVE-2021-22901, CVE-2021-22898 and CVE-2021-22897
 RUN apk add "curl>=7.77.0-r0"
 
-VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache /pre-server-confs /acme-challenge
+VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache /pre-server-confs /acme-challenge /plugins
 
 EXPOSE 8080/tcp 8443/tcp
 

Dockerfile-arm64v8

@@ -36,7 +36,7 @@ RUN chmod +x /tmp/prepare.sh && \
 # Fix CVE-2021-22901, CVE-2021-22898 and CVE-2021-22897
 RUN apk add "curl>=7.77.0-r0"
 
-VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache /pre-server-confs /acme-challenge
+VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache /pre-server-confs /acme-challenge /plugins
 
 EXPOSE 8080/tcp 8443/tcp
 

Dockerfile-i386

@@ -29,7 +29,7 @@ RUN chmod +x /tmp/prepare.sh && \
 # Fix CVE-2021-22901, CVE-2021-22898 and CVE-2021-22897
 RUN apk add "curl>=7.77.0-r0"
 
-VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache /pre-server-confs /acme-challenge
+VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache /pre-server-confs /acme-challenge /plugins
 
 EXPOSE 8080/tcp 8443/tcp
 

confs/global/init-lua.conf

@@ -1,14 +1,15 @@
 init_by_lua_block {
 
-local dataloader		= require "dataloader"
-local logger			= require "logger"
+local dataloader			= require "dataloader"
+local logger				= require "logger"
+local cjson					= require "cjson"
 
-local use_proxies		= {% if has_value("BLOCK_PROXIES", "yes") %}true{% else %}false{% endif %}
-local use_abusers		= {% if has_value("BLOCK_ABUSERS", "yes") %}true{% else %}false{% endif %}
+local use_proxies			= {% if has_value("BLOCK_PROXIES", "yes") %}true{% else %}false{% endif %}
+local use_abusers			= {% if has_value("BLOCK_ABUSERS", "yes") %}true{% else %}false{% endif %}
 local use_tor_exit_nodes	= {% if has_value("BLOCK_TOR_EXIT_NODE", "yes") %}true{% else %}false{% endif %}
 local use_user_agents		= {% if has_value("BLOCK_USER_AGENT", "yes") %}true{% else %}false{% endif %}
-local use_referrers		= {% if has_value("BLOCK_REFERRER", "yes") %}true{% else %}false{% endif %}
-local use_crowdsec		= {% if has_value("USE_CROWDSEC", "yes") %}true{% else %}false{% endif %}
+local use_referrers			= {% if has_value("BLOCK_REFERRER", "yes") %}true{% else %}false{% endif %}
+local use_crowdsec			= {% if has_value("USE_CROWDSEC", "yes") %}true{% else %}false{% endif %}
 
 if use_proxies then
 	dataloader.load_ip("/etc/nginx/proxies.list", ngx.shared.proxies_data)
@@ -40,4 +41,32 @@ if use_crowdsec then
 	logger.log(ngx.ERR, "CROWDSEC", "*NOT AN ERROR* initialisation done")
 end
 
+-- Load plugins
+ngx.shared.plugins_data:safe_set("plugins", nil, 0)
+local p = io.popen("find /plugins -maxdepth 1 -type d ! -path /plugins")
+for dir in p:lines() do
+	-- read JSON
+	local file = io.open(dir .. "/plugin.json")
+	if file then
+		-- store settings
+		local data = cjson.decode(file:read("*a"))
+		for k, v in pairs(data.settings) do
+			ngx.shared.plugins_data:safe_set(data.id .. "_" .. k, v, 0)
+		end
+		file:close()
+		-- store plugin
+		local plugins, flags = ngx.shared.plugins_data:get("plugins")
+		if plugins == nil then
+			ngx.shared.plugins_data:safe_set("plugins", data.id, 0)
+		else
+			ngx.shared.plugins_data:safe_set("plugins", plugins .. " " .. data.id, 0)
+		end
+		logger.log(ngx.ERR, "PLUGINS", "*NOT AN ERROR* plugin " .. data.name .. "/" .. data.version .. " has been loaded")
+	else
+		logger.log(ngx.ERR, "PLUGINS", "Can't load " .. dir .. "/plugin.json")
+	end
+
+end
+p:close()
+
 }

confs/global/nginx.conf

@@ -78,7 +78,7 @@ http {
 	port_in_redirect off;
 
 	# lua path and dicts
-	lua_package_path "/usr/local/lib/lua/?.lua;;";
+	lua_package_path "/usr/local/lib/lua/?.lua;/plugins/?.lua;;";
 	{% if has_value("USE_WHITELIST_IP", "yes") %}lua_shared_dict whitelist_ip_cache 10m;{% endif %}
 	{% if has_value("USE_WHITELIST_REVERSE", "yes") %}lua_shared_dict whitelist_reverse_cache 10m;{% endif %}
 	{% if has_value("USE_BLACKLIST_IP", "yes") %}lua_shared_dict blacklist_ip_cache 10m;{% endif %}
@@ -93,6 +93,7 @@ http {
 	{% if has_value("BLOCK_REFERRER", "yes") %}lua_shared_dict referrers_cache 10m;{% endif %}
 	{% if has_value("USE_BAD_BEHAVIOR", "yes") %}lua_shared_dict behavior_ban 10m;{% endif %}
 	{% if has_value("USE_BAD_BEHAVIOR", "yes") %}lua_shared_dict behavior_count 10m;{% endif %}
+	lua_shared_dict plugins_data 10m;
 
 	# shared memory zone for limit_req
 	{% if has_value("USE_LIMIT_REQ", "yes") %}limit_req_zone $binary_remote_addr$uri zone=limit:{{ LIMIT_REQ_CACHE }} rate={{ LIMIT_REQ_RATE }};{% endif %}

confs/site/main-lua.conf

@@ -291,6 +291,15 @@ if use_antibot_recaptcha and ngx.var.uri ~= "/favicon.ico" then
 	end
 end
 
+-- plugins check
+local plugins, flags = ngx.shared.plugins_data:get("plugins")
+if plugins ~= nil then
+	for plugin_id in string.gmatch(plugins, "%w+") do
+		local plugin = require(plugin_id .. "/" .. plugin_id)
+		plugin.check()
+	end
+end
+
 ngx.exit(ngx.OK)
 
 }

prepare.sh

@@ -65,3 +65,8 @@ chmod 770 /cache
 # prepare /etc/crontabs/nginx
 chown root:nginx /etc/crontabs/nginx
 chmod 440 /etc/crontabs/nginx
+
+# prepare /plugins
+mkdir /plugins
+chown root:nginx /plugins
+chmod 770 /plugins