crowdsec - fix bugs and update example

confs/global/crowdsec.conf

@@ -1,9 +0,0 @@
-init_by_lua_block {
-	local cs = require "crowdsec.CrowdSec"
-	local ok, err = cs.init("/usr/local/lib/lua/crowdsec/crowdsec.conf")
-	if ok == nil then
-		ngx.log(ngx.ERR, "[Crowdsec] " .. err)
-		error()
-	end
-	ngx.log(ngx.NOTICE, "[Crowdsec] Initialisation done")
-}

confs/global/init-lua.conf

@@ -7,6 +7,7 @@ local use_abusers		= %USE_ABUSERS%
 local use_tor_exit_nodes	= %USE_TOR_EXIT_NODES%
 local use_user_agents		= %USE_USER_AGENTS%
 local use_referrers		= %USE_REFERRERS%
+local use_crowdsec		= %USE_CROWDSEC%
 
 if use_proxies then
 	dataloader.load_ip("/etc/nginx/proxies.list", ngx.shared.proxies_data)
@@ -28,4 +29,14 @@ if use_referrers then
 	dataloader.load_raw("/etc/nginx/referrers.list", ngx.shared.referrers_data)
 end
 
+if use_crowdsec then
+	local cs = require "crowdsec.CrowdSec"
+	local ok, err = cs.init("/usr/local/lib/lua/crowdsec/crowdsec.conf")
+	if ok == nil then
+		ngx.log(ngx.ERR, "[CROWDSEC] " .. err)
+		error()
+	end
+	ngx.log(ngx.ERR, "[CROWDSEC] *NOT AN ERROR* initialisation done")
+end
+
 }

confs/global/nginx.conf

@@ -91,9 +91,6 @@ http {
 	%BLOCK_REFERRERS%
 	%BAD_BEHAVIOR%
 
-	# crowdsec init
-	%USE_CROWDSEC%
-	
 	# shared memory zone for limit_req
 	%LIMIT_REQ_ZONE%
 

entrypoint/global-config.sh

@@ -229,9 +229,9 @@ fi
 
 # CrowdSec setup
 if [ "$(has_value USE_CROWDSEC yes)" != "" ] ; then
-	replace_in_file "/etc/nginx/nginx.conf" "%USE_CROWDSEC%" "include /etc/nginx/crowdsec.conf;"
+	replace_in_file "/etc/nginx/init-lua.conf" "%USE_CROWDSEC%" "true"
 else
-	replace_in_file "/etc/nginx/nginx.conf" "%USE_CROWDSEC%" ""
+	replace_in_file "/etc/nginx/init-lua.conf" "%USE_CROWDSEC%" "false"
 fi
 
 # API

examples/crowdsec/acquis.yaml

@@ -1,6 +1,5 @@
 filenames:
-  - /var/log/access.log
-  - /var/log/error.log
+  - /var/log/nginx.log
 labels:
   type: nginx
 ---

examples/crowdsec/bouncer_key.sh

@@ -11,7 +11,7 @@ sleep 10
 docker-compose exec mycrowdsec cscli bouncers add MyBouncer
 
 # enter the key into the CROWDSEC_KEY environment variable
-read -p -s "edit CROWDSEC_KEY env var in docker-compose.yml file and press enter"
+read -p "edit CROWDSEC_KEY env var in docker-compose.yml file and press enter" edited
 
 # start all services
 docker-compose up -d

examples/crowdsec/docker-compose.yml

@@ -3,8 +3,18 @@ version: '3'
 services:
 
   mywww:
-    image: bunkerity/bunkerized-nginx
+    image: debug
     restart: always
+    # mandatory for crowdsec :
+    # you need to redirect Docker logs to the syslog server
+    logging:
+      driver: syslog
+      options:
+        syslog-address: "udp://10.10.10.254:514"
+    depends_on:
+      - mysyslog
+      - myapp1
+      - myapp2
     ports:
       - 80:8080
       - 443:8443
@@ -13,7 +23,6 @@ services:
     volumes:
       - ./web-files:/www:ro
       - ./letsencrypt:/etc/letsencrypt
-      - nginx_logs:/var/log
     environment:
       - SERVER_NAME=app1.website.com app2.website.com # replace with your domains
       - MULTISITE=yes
@@ -24,15 +33,15 @@ services:
       - USE_GZIP=yes
       - USE_CROWDSEC=yes
       - CROWDSEC_HOST=http://mycrowdsec:8080
-      - CROWDSEC_KEY=                                 # you need to generate it (see bouncer_key.sh)
+      - CROWDSEC_KEY=                                # you need to generate it (see bouncer_key.sh)
       - app1.website.com_REMOTE_PHP=myapp1
       - app1.website.com_REMOTE_PHP_PATH=/app
       - app2.website.com_REMOTE_PHP=myapp2
       - app2.website.com_REMOTE_PHP_PATH=/app
     networks:
-      - net0
-      - net1
-      - net2
+      net0:
+      net1:
+      net2:
 
   mycrowdsec:
     image: crowdsecurity/crowdsec:v1.0.13
@@ -46,6 +55,16 @@ services:
     networks:
       - net0
 
+  mysyslog:
+    image: balabit/syslog-ng
+    restart: always
+    volumes:
+     - ./syslog-ng.conf:/etc/syslog-ng/syslog-ng.conf 
+     - nginx_logs:/var/log
+    networks:
+      net0:
+        ipv4_address: 10.10.10.254
+
   myapp1:
     image: php:fpm
     restart: always
@@ -64,6 +83,10 @@ services:
 
 networks:
   net0:
+    ipam:
+      driver: default
+      config:
+        - subnet: 10.10.10.0/24
   net1:
   net2:
 

examples/crowdsec/syslog-ng.conf

@@ -0,0 +1,18 @@
+@version: 3.31
+
+source s_net {
+  udp(
+    ip("0.0.0.0")
+  );
+};
+
+template t_imp {
+  template("$MSG\n");
+  template_escape(no);
+};
+
+destination d_file {
+  file("/var/log/nginx.log" template(t_imp));
+};
+
+log { source(s_net); destination(d_file); };