crowdsec - fix bugs and update example
This commit is contained in:
parent
7c6a13c549
commit
600484b16e
|
@ -1,9 +0,0 @@
|
|||
init_by_lua_block {
|
||||
local cs = require "crowdsec.CrowdSec"
|
||||
local ok, err = cs.init("/usr/local/lib/lua/crowdsec/crowdsec.conf")
|
||||
if ok == nil then
|
||||
ngx.log(ngx.ERR, "[Crowdsec] " .. err)
|
||||
error()
|
||||
end
|
||||
ngx.log(ngx.NOTICE, "[Crowdsec] Initialisation done")
|
||||
}
|
|
@ -7,6 +7,7 @@ local use_abusers = %USE_ABUSERS%
|
|||
local use_tor_exit_nodes = %USE_TOR_EXIT_NODES%
|
||||
local use_user_agents = %USE_USER_AGENTS%
|
||||
local use_referrers = %USE_REFERRERS%
|
||||
local use_crowdsec = %USE_CROWDSEC%
|
||||
|
||||
if use_proxies then
|
||||
dataloader.load_ip("/etc/nginx/proxies.list", ngx.shared.proxies_data)
|
||||
|
@ -28,4 +29,14 @@ if use_referrers then
|
|||
dataloader.load_raw("/etc/nginx/referrers.list", ngx.shared.referrers_data)
|
||||
end
|
||||
|
||||
if use_crowdsec then
|
||||
local cs = require "crowdsec.CrowdSec"
|
||||
local ok, err = cs.init("/usr/local/lib/lua/crowdsec/crowdsec.conf")
|
||||
if ok == nil then
|
||||
ngx.log(ngx.ERR, "[CROWDSEC] " .. err)
|
||||
error()
|
||||
end
|
||||
ngx.log(ngx.ERR, "[CROWDSEC] *NOT AN ERROR* initialisation done")
|
||||
end
|
||||
|
||||
}
|
||||
|
|
|
@ -91,9 +91,6 @@ http {
|
|||
%BLOCK_REFERRERS%
|
||||
%BAD_BEHAVIOR%
|
||||
|
||||
# crowdsec init
|
||||
%USE_CROWDSEC%
|
||||
|
||||
# shared memory zone for limit_req
|
||||
%LIMIT_REQ_ZONE%
|
||||
|
||||
|
|
|
@ -229,9 +229,9 @@ fi
|
|||
|
||||
# CrowdSec setup
|
||||
if [ "$(has_value USE_CROWDSEC yes)" != "" ] ; then
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%USE_CROWDSEC%" "include /etc/nginx/crowdsec.conf;"
|
||||
replace_in_file "/etc/nginx/init-lua.conf" "%USE_CROWDSEC%" "true"
|
||||
else
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%USE_CROWDSEC%" ""
|
||||
replace_in_file "/etc/nginx/init-lua.conf" "%USE_CROWDSEC%" "false"
|
||||
fi
|
||||
|
||||
# API
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
filenames:
|
||||
- /var/log/access.log
|
||||
- /var/log/error.log
|
||||
- /var/log/nginx.log
|
||||
labels:
|
||||
type: nginx
|
||||
---
|
||||
|
|
|
@ -11,7 +11,7 @@ sleep 10
|
|||
docker-compose exec mycrowdsec cscli bouncers add MyBouncer
|
||||
|
||||
# enter the key into the CROWDSEC_KEY environment variable
|
||||
read -p -s "edit CROWDSEC_KEY env var in docker-compose.yml file and press enter"
|
||||
read -p "edit CROWDSEC_KEY env var in docker-compose.yml file and press enter" edited
|
||||
|
||||
# start all services
|
||||
docker-compose up -d
|
||||
|
|
|
@ -3,8 +3,18 @@ version: '3'
|
|||
services:
|
||||
|
||||
mywww:
|
||||
image: bunkerity/bunkerized-nginx
|
||||
image: debug
|
||||
restart: always
|
||||
# mandatory for crowdsec :
|
||||
# you need to redirect Docker logs to the syslog server
|
||||
logging:
|
||||
driver: syslog
|
||||
options:
|
||||
syslog-address: "udp://10.10.10.254:514"
|
||||
depends_on:
|
||||
- mysyslog
|
||||
- myapp1
|
||||
- myapp2
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
@ -13,7 +23,6 @@ services:
|
|||
volumes:
|
||||
- ./web-files:/www:ro
|
||||
- ./letsencrypt:/etc/letsencrypt
|
||||
- nginx_logs:/var/log
|
||||
environment:
|
||||
- SERVER_NAME=app1.website.com app2.website.com # replace with your domains
|
||||
- MULTISITE=yes
|
||||
|
@ -24,15 +33,15 @@ services:
|
|||
- USE_GZIP=yes
|
||||
- USE_CROWDSEC=yes
|
||||
- CROWDSEC_HOST=http://mycrowdsec:8080
|
||||
- CROWDSEC_KEY= # you need to generate it (see bouncer_key.sh)
|
||||
- CROWDSEC_KEY= # you need to generate it (see bouncer_key.sh)
|
||||
- app1.website.com_REMOTE_PHP=myapp1
|
||||
- app1.website.com_REMOTE_PHP_PATH=/app
|
||||
- app2.website.com_REMOTE_PHP=myapp2
|
||||
- app2.website.com_REMOTE_PHP_PATH=/app
|
||||
networks:
|
||||
- net0
|
||||
- net1
|
||||
- net2
|
||||
net0:
|
||||
net1:
|
||||
net2:
|
||||
|
||||
mycrowdsec:
|
||||
image: crowdsecurity/crowdsec:v1.0.13
|
||||
|
@ -46,6 +55,16 @@ services:
|
|||
networks:
|
||||
- net0
|
||||
|
||||
mysyslog:
|
||||
image: balabit/syslog-ng
|
||||
restart: always
|
||||
volumes:
|
||||
- ./syslog-ng.conf:/etc/syslog-ng/syslog-ng.conf
|
||||
- nginx_logs:/var/log
|
||||
networks:
|
||||
net0:
|
||||
ipv4_address: 10.10.10.254
|
||||
|
||||
myapp1:
|
||||
image: php:fpm
|
||||
restart: always
|
||||
|
@ -64,6 +83,10 @@ services:
|
|||
|
||||
networks:
|
||||
net0:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 10.10.10.0/24
|
||||
net1:
|
||||
net2:
|
||||
|
||||
|
|
|
@ -0,0 +1,18 @@
|
|||
@version: 3.31
|
||||
|
||||
source s_net {
|
||||
udp(
|
||||
ip("0.0.0.0")
|
||||
);
|
||||
};
|
||||
|
||||
template t_imp {
|
||||
template("$MSG\n");
|
||||
template_escape(no);
|
||||
};
|
||||
|
||||
destination d_file {
|
||||
file("/var/log/nginx.log" template(t_imp));
|
||||
};
|
||||
|
||||
log { source(s_net); destination(d_file); };
|
Loading…
Reference in New Issue