librewolf
/
bunkerized-nginx
mirror of https://github.com/bunkerity/bunkerized-nginx
4
0
Fork 1
Code Issues Projects Releases Wiki Activity

crowdsec v1 integrated

This commit is contained in:
bunkerity 2020-12-28 21:41:30 +01:00
parent 09a984c86b
commit 825e6a747e
No known key found for this signature in database
GPG Key ID: 654FFF51CEF7CC47
4 changed files with 10 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
compile.sh
View File

@ -118,26 +118,20 @@ cd /tmp
git_secure_clone https://github.com/diegonehab/luasocket.git 5b18e475f38fcf28429b1cc4b17baee3b9793a62
cd luasocket
make -j $NTASK
mkdir /usr/local/lib/lua/socket
cp src/*.lua /usr/local/lib/lua/socket
cp src/*.so /usr/local/lib/lua/5.1/
mv /usr/local/lib/lua/5.1/socket*.so /usr/local/lib/5.1/socket.so
mv /usr/local/lib/lua/5.1/mime*.so /usr/local/lib/5.1/mime.so
make CDIR_linux=lib/lua/5.1 LDIR_linux=lib/lua install
cd /tmp
git_secure_clone https://github.com/brunoos/luasec.git c6704919bdc85f3324340bdb35c2795a02f7d625
cd luasec
make linux -j $NTASK
cp src/ssl.so /usr/local/lib/lua/5.1
mkdir /usr/local/lib/lua/ssl
cp src/*.lua /usr/local/lib/lua
make LUACPATH=/usr/local/lib/lua/5.1 LUAPATH=/usr/local/lib/lua install
cd /tmp
git_secure_clone https://github.com/crowdsecurity/lua-cs-bouncer.git 71c4247d6b66234e3f3426b2ea721ad50c741579
cd lua-cs-bouncer
mkdir /usr/local/lib/lua/crowdsec
cp lib/*.lua /usr/local/lib/lua/crowdsec
cp template.conf /usr/local/lib/lua/crowdsec/crowdsec.conf
sed -i 's/^API_URL=.*/API_URL=%CROWDSEC_HOST%/:' /usr/local/lib/lua/crowdsec/crowdsec.conf
sed -i 's/^API_KEY=.*/API_KEY=%CROWDSEC_KEY%/:' /usr/local/lib/lua/crowdsec/crowdsec.conf
sed -i 's/^API_URL=.*/API_URL=%CROWDSEC_HOST%/' /usr/local/lib/lua/crowdsec/crowdsec.conf
sed -i 's/^API_KEY=.*/API_KEY=%CROWDSEC_KEY%/' /usr/local/lib/lua/crowdsec/crowdsec.conf
sed -i 's/require "lrucache"/require "resty.lrucache"/' /usr/local/lib/lua/crowdsec/CrowdSec.lua
sed -i 's/require "config"/require "crowdsec.config"/' /usr/local/lib/lua/crowdsec/CrowdSec.lua
cd /tmp

4
entrypoint/global-config.sh
View File

@ -291,8 +291,8 @@ fi
# CrowdSec setup
if [ "$(has_value USE_CROWDSEC yes)" != "" ] ; then
replace_in_file "/etc/nginx/nginx.conf" "%USE_CROWDSEC%" "include /etc/nginx/crowdsec.conf;"
replace_in_file "/usr/local/lib/lua/crowdsec/crowdsec.conf" "%CROWDSEC_HOST" "$CROWDSEC_HOST"
replace_in_file "/usr/local/lib/lua/crowdsec/crowdsec.conf" "%CROWDSEC_KEY" "$CROWDSEC_KEY"
replace_in_file "/usr/local/lib/lua/crowdsec/crowdsec.conf" "%CROWDSEC_HOST%" "$CROWDSEC_HOST"
replace_in_file "/usr/local/lib/lua/crowdsec/crowdsec.conf" "%CROWDSEC_KEY%" "$CROWDSEC_KEY"
else
replace_in_file "/etc/nginx/nginx.conf" "%USE_CROWDSEC%" ""
fi

3
examples/crowdsec/bouncer_key.sh Normal file
View File

@ -0,0 +1,3 @@
#!/bin/sh
docker-compose exec mycrowdsec cscli bouncers add MyBouncer

2
examples/crowdsec/docker-compose.yml
View File

@ -22,7 +22,7 @@ services:
- USE_GZIP=yes
- USE_BROTLI=yes
- USE_CROWDSEC=yes
- CROWDSEC_HOST=mycrowdsec
- CROWDSEC_HOST=http://mycrowdsec:8080
- CROWDSEC_KEY= # you need to generate it (see bouncer_key.sh)
- app1.website.com_REMOTE_PHP=myapp1
- app1.website.com_REMOTE_PHP_PATH=/app