From 9fc041d2a3680c54a7124e96df157378ae8f988c Mon Sep 17 00:00:00 2001 From: Brian Munro Date: Fri, 18 Feb 2022 15:26:54 +0200 Subject: [PATCH 01/14] Update Readme with instructions how to use openresty crowdsec bouncer. --- README.md | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/README.md b/README.md index 23f653c5..c83b1c30 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,38 @@ +## Note + +This fork includes the [OpenResty Crowdsec Bouncer](https://github.com/crowdsecurity/cs-openresty-bouncer) V0.1.0 (Built in) + +Please see the [crowdsec_support](https://github.com/LePresidente/docker-nginx-proxy-manager/tree/crowdsec_support) branch for the changes as + +Docker images hosted on dockerhub. +www.dockerhub.com/r/lepresidente/nginx-proxy-manager:latest = V0.1.0 (Built in) +www.dockerhub.com/r/lepresidente/nginx-proxy-manager:dev = V0.1.1 (PreRelease) (Built in) + +Instructions to use +To enable it you will need to configure Nginx Proxy Manager as Below then do the following + +Enable the following environment Variable by setting it to 1. +| Variable | Description | Default | +|----------------|----------------------------------------------|---------| +|`CROWDSEC_BOUNCER`| When set to `1`, Crowdsec bouncer will be enabled. This is needed when you want to block hosts using crowdsec. | `0` | + +Starting the container at this point will start Nginx-Proxy-Manager as before but will create a new file in /config/ called crowdsec-openresty-bouncer.conf + +You will need to edit this file with at least the following changes + +``` +API_URL=http://:8080 +API_KEY= +``` + +the crowdsec api key can be generated on the crowdsec instance using the following command + +``` +cscli bouncers add npm-proxy +``` + +Currently this is a side project and I will try keep this up to date + # Docker container for Nginx Proxy Manager [![Docker Image Size](https://img.shields.io/docker/image-size/jlesage/nginx-proxy-manager/latest)](https://hub.docker.com/r/jlesage/nginx-proxy-manager/tags) [![Build Status](https://drone.le-sage.com/api/badges/jlesage/docker-nginx-proxy-manager/status.svg)](https://drone.le-sage.com/jlesage/docker-nginx-proxy-manager) [![GitHub Release](https://img.shields.io/github/release/jlesage/docker-nginx-proxy-manager.svg)](https://github.com/jlesage/docker-nginx-proxy-manager/releases/latest) [![Donate](https://img.shields.io/badge/Donate-PayPal-green.svg)](https://paypal.me/JocelynLeSage/0usd) From f27f0de13aa2280c7b1fba5127ab475853c084bc Mon Sep 17 00:00:00 2001 From: Brian Munro Date: Fri, 18 Feb 2022 15:31:35 +0200 Subject: [PATCH 02/14] use table for tags. --- README.md | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index c83b1c30..751e0d5a 100644 --- a/README.md +++ b/README.md @@ -5,10 +5,15 @@ This fork includes the [OpenResty Crowdsec Bouncer](https://github.com/crowdsecu Please see the [crowdsec_support](https://github.com/LePresidente/docker-nginx-proxy-manager/tree/crowdsec_support) branch for the changes as Docker images hosted on dockerhub. -www.dockerhub.com/r/lepresidente/nginx-proxy-manager:latest = V0.1.0 (Built in) -www.dockerhub.com/r/lepresidente/nginx-proxy-manager:dev = V0.1.1 (PreRelease) (Built in) -Instructions to use +https://hub.docker.com/r/lepresidente/nginx-proxy-manager + +| TAG | cs-openresty-bouncer version| +|-----------|-----------------------------| +| latest | 0.1.0 | +| dev | 0.1.1 (PreRelease) | + +Instructions to use: To enable it you will need to configure Nginx Proxy Manager as Below then do the following Enable the following environment Variable by setting it to 1. From a1755cc5f06df7ed3de730b79093ed0c8676b61d Mon Sep 17 00:00:00 2001 From: Brian Munro Date: Fri, 18 Feb 2022 15:54:21 +0200 Subject: [PATCH 03/14] remove version from first line. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 751e0d5a..225a5242 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ ## Note -This fork includes the [OpenResty Crowdsec Bouncer](https://github.com/crowdsecurity/cs-openresty-bouncer) V0.1.0 (Built in) +This fork includes the [OpenResty Crowdsec Bouncer](https://github.com/crowdsecurity/cs-openresty-bouncer) Please see the [crowdsec_support](https://github.com/LePresidente/docker-nginx-proxy-manager/tree/crowdsec_support) branch for the changes as From 6fc43c51e2a77ce7823ca5d74d2db4c0d845b793 Mon Sep 17 00:00:00 2001 From: Brian Munro Date: Fri, 18 Feb 2022 16:07:20 +0200 Subject: [PATCH 04/14] Added known issues. --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 225a5242..4563921d 100644 --- a/README.md +++ b/README.md @@ -8,11 +8,15 @@ Docker images hosted on dockerhub. https://hub.docker.com/r/lepresidente/nginx-proxy-manager -| TAG | cs-openresty-bouncer version| +| TAG | cs-openresty-bouncer version| |-----------|-----------------------------| | latest | 0.1.0 | | dev | 0.1.1 (PreRelease) | +###Known Issues: +0.1.0: +[logs spammed with errors regarding the use of variable ('err')](https://github.com/crowdsecurity/cs-openresty-bouncer/issues/15) + Instructions to use: To enable it you will need to configure Nginx Proxy Manager as Below then do the following From 331ffc95005d29b332582e4a75e1889a00134113 Mon Sep 17 00:00:00 2001 From: Brian Munro Date: Fri, 18 Feb 2022 17:25:32 +0200 Subject: [PATCH 05/14] Fixed formatting issue. --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 4563921d..b0a6fc3f 100644 --- a/README.md +++ b/README.md @@ -14,6 +14,7 @@ https://hub.docker.com/r/lepresidente/nginx-proxy-manager | dev | 0.1.1 (PreRelease) | ###Known Issues: + 0.1.0: [logs spammed with errors regarding the use of variable ('err')](https://github.com/crowdsecurity/cs-openresty-bouncer/issues/15) From a928ee6533a63aaa14a43c9d3787f8486186a1c3 Mon Sep 17 00:00:00 2001 From: Brian Munro Date: Sat, 19 Feb 2022 07:58:41 +0200 Subject: [PATCH 06/14] Be clear which docker image this is a drop in replacement for. --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index b0a6fc3f..93728f9d 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ ## Note +This is a drop in replacement for [jlesage/nginx-proxy-manager](https://hub.docker.com/r/jlesage/nginx-proxy-manager) + This fork includes the [OpenResty Crowdsec Bouncer](https://github.com/crowdsecurity/cs-openresty-bouncer) Please see the [crowdsec_support](https://github.com/LePresidente/docker-nginx-proxy-manager/tree/crowdsec_support) branch for the changes as From 3c26b2e9d114adcd933d5ccf6cfef489935020d1 Mon Sep 17 00:00:00 2001 From: Brian Munro Date: Tue, 8 Mar 2022 07:32:25 +0200 Subject: [PATCH 07/14] Updated instructions. --- README.md | 19 ++++--------------- 1 file changed, 4 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 93728f9d..3b1bbea0 100644 --- a/README.md +++ b/README.md @@ -12,27 +12,16 @@ https://hub.docker.com/r/lepresidente/nginx-proxy-manager | TAG | cs-openresty-bouncer version| |-----------|-----------------------------| -| latest | 0.1.0 | -| dev | 0.1.1 (PreRelease) | +| latest | 0.1.1 (PreRelease) | -###Known Issues: - -0.1.0: -[logs spammed with errors regarding the use of variable ('err')](https://github.com/crowdsecurity/cs-openresty-bouncer/issues/15) Instructions to use: -To enable it you will need to configure Nginx Proxy Manager as Below then do the following - -Enable the following environment Variable by setting it to 1. -| Variable | Description | Default | -|----------------|----------------------------------------------|---------| -|`CROWDSEC_BOUNCER`| When set to `1`, Crowdsec bouncer will be enabled. This is needed when you want to block hosts using crowdsec. | `0` | - -Starting the container at this point will start Nginx-Proxy-Manager as before but will create a new file in /config/ called crowdsec-openresty-bouncer.conf +Starting the container at this point will start Nginx-Proxy-Manager as before but will create a new file in /config/crowdsec/ called crowdsec-openresty-bouncer.conf -You will need to edit this file with at least the following changes +You will need to edit this file with at least the following changes then restart the container. ``` +ENABLED=true API_URL=http://:8080 API_KEY= ``` From 3a31d956e5b764bfd624aaa21075b137a29eaa3b Mon Sep 17 00:00:00 2001 From: Brian Munro Date: Thu, 31 Mar 2022 19:04:41 +0200 Subject: [PATCH 08/14] Version bump in ReadMe file. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3b1bbea0..bc4ba9d2 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ https://hub.docker.com/r/lepresidente/nginx-proxy-manager | TAG | cs-openresty-bouncer version| |-----------|-----------------------------| -| latest | 0.1.1 (PreRelease) | +| latest | 0.1.10 (PreRelease) | Instructions to use: From 13b660d6068607219088b431cce119f6454a9803 Mon Sep 17 00:00:00 2001 From: Brian Munro Date: Thu, 25 Jan 2024 12:23:49 +0200 Subject: [PATCH 09/14] Added Crowdsec Bouncer 1.0.1. --- Dockerfile | 11 +++++ .../99_crowdsec-openresty-bouncer.sh | 33 +++++++++++++++ src/cs-openresty-bouncer/build.sh | 40 +++++++++++++++++++ src/openresty/build.sh | 4 +- 4 files changed, 87 insertions(+), 1 deletion(-) create mode 100755 rootfs/etc/cont-init.d/99_crowdsec-openresty-bouncer.sh create mode 100755 src/cs-openresty-bouncer/build.sh diff --git a/Dockerfile b/Dockerfile index f177e36e..ddbf5bc1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,6 +9,7 @@ ARG DOCKER_IMAGE_VERSION= # Define software versions. ARG OPENRESTY_VERSION=1.19.9.1 +ARG CROWDSEC_OPENRESTY_BOUNCER_VERSION=1.0.1 ARG NGINX_PROXY_MANAGER_VERSION=2.10.4 ARG NGINX_HTTP_GEOIP2_MODULE_VERSION=3.3 ARG LIBMAXMINDDB_VERSION=1.5.0 @@ -16,6 +17,7 @@ ARG BCRYPT_TOOL_VERSION=1.1.2 # Define software download URLs. ARG OPENRESTY_URL=https://openresty.org/download/openresty-${OPENRESTY_VERSION}.tar.gz +ARG CROWDSEC_OPENRESTY_BOUNCER_URL=https://github.com/crowdsecurity/cs-openresty-bouncer/releases/download/v${CROWDSEC_OPENRESTY_BOUNCER_VERSION}/crowdsec-openresty-bouncer.tgz ARG NGINX_PROXY_MANAGER_URL=https://github.com/jc21/nginx-proxy-manager/archive/v${NGINX_PROXY_MANAGER_VERSION}.tar.gz ARG NGINX_HTTP_GEOIP2_MODULE_URL=https://github.com/leev/ngx_http_geoip2_module/archive/${NGINX_HTTP_GEOIP2_MODULE_VERSION}.tar.gz ARG LIBMAXMINDDB_URL=https://github.com/maxmind/libmaxminddb/releases/download/${LIBMAXMINDDB_VERSION}/libmaxminddb-${LIBMAXMINDDB_VERSION}.tar.gz @@ -78,6 +80,14 @@ RUN \ find /tmp/certbot-install/usr/lib/python3.10/site-packages -type f -name "*.exe" -delete && \ find /tmp/certbot-install/usr/lib/python3.10/site-packages -type d -name tests -print0 | xargs -0 rm -r +# Build cs-openresty-boucner. +FROM alpine:3.16 AS cs-openresty-bouncer +ARG TARGETPLATFORM +ARG CROWDSEC_OPENRESTY_BOUNCER_URL +COPY --from=xx / / +COPY src/cs-openresty-bouncer /build +RUN /build/build.sh "$CROWDSEC_OPENRESTY_BOUNCER_URL" + # Pull base image. FROM jlesage/baseimage:alpine-3.16-v3.5.2 @@ -117,6 +127,7 @@ COPY --from=nginx /tmp/openresty-install/ / COPY --from=npm /tmp/nginx-proxy-manager-install/ / COPY --from=bcrypt-tool /tmp/go/bin/bcrypt-tool /usr/bin/ COPY --from=certbot /tmp/certbot-install/ / +COPY --from=cs-openresty-bouncer /tmp/crowdsec-openresty-bouncer-install/ / # Set internal environment variables. RUN \ diff --git a/rootfs/etc/cont-init.d/99_crowdsec-openresty-bouncer.sh b/rootfs/etc/cont-init.d/99_crowdsec-openresty-bouncer.sh new file mode 100755 index 00000000..a43a661c --- /dev/null +++ b/rootfs/etc/cont-init.d/99_crowdsec-openresty-bouncer.sh @@ -0,0 +1,33 @@ +#!/bin/sh + +set -e # Exit immediately if a command exits with a non-zero status. + +mkdir -p /config/crowdsec/templates +echo "Deploy Crowdsec Openresty Bouncer.." +sed -i 's|/defaults/crowdsec|/config/crowdsec|' /etc/nginx/conf.d/crowdsec_openresty.conf + +if [ -f /data/crowdsec/crowdsec-openresty-bouncer.conf ]; then + echo "Patch crowdsec-openresty-bouncer.conf .." + sed "s/=.*//g" /config/crowdsec/crowdsec-openresty-bouncer.conf > /tmp/crowdsec.conf.raw + sed "s/=.*//g" /defaults/crowdsec/crowdsec-openresty-bouncer.conf > /tmp/crowdsec-openresty-bouncer.conf.raw + if grep -vf /tmp/crowdsec.conf.raw /tmp/crowdsec-openresty-bouncer.conf.raw ; then + grep -vf /tmp/crowdsec.conf.raw /tmp/crowdsec-openresty-bouncer.conf.raw > /tmp/config.newvals + cp /config/crowdsec/crowdsec-openresty-bouncer.conf /config/crowdsec/crowdsec-openresty-bouncer.conf.bak + grep -f /tmp/config.newvals /defaults/crowdsec/crowdsec-openresty-bouncer.conf >> /config/crowdsec/crowdsec-openresty-bouncer.conf + fi +else + echo "Deploy new crowdsec-openresty-bouncer.conf .." + cp /defaults/crowdsec/crowdsec-openresty-bouncer.conf /config/crowdsec/crowdsec-openresty-bouncer.conf +fi +#Make sure the config location is where we get the config from instead of /default/ +sed -i 's|/defaults/crowdsec|/config/crowdsec|' /config/crowdsec/crowdsec-openresty-bouncer.conf +echo "Deploy Crowdsec Templates .." +#Make sure we only copy files that don't exist in /data/crowdsec. +cd /defaults/crowdsec/templates/ +for file in *.html +do + if [ ! -e "/config/crowdsec/templates/${file}" ] + then + cp -r "/defaults/crowdsec/templates/${file}" "/config/crowdsec/templates/" + fi +done diff --git a/src/cs-openresty-bouncer/build.sh b/src/cs-openresty-bouncer/build.sh new file mode 100755 index 00000000..d4a7d95a --- /dev/null +++ b/src/cs-openresty-bouncer/build.sh @@ -0,0 +1,40 @@ +#!/bin/sh + +set -e # Exit immediately if a command exits with a non-zero status. +set -u # Treat unset variables as an error. + +log() { + echo ">>> $*" +} + +CROWDSEC_OPENRESTY_BOUNCER_URL="${1:-}" + +ROOTFS=/tmp/crowdsec-openresty-bouncer-install + +if [ -z "$CROWDSEC_OPENRESTY_BOUNCER_URL" ]; then + log "ERROR: bcrypt tool version missing." + exit 1 +fi + +# +# Install required packages. +# + +apk --no-cache add \ + build-base \ + gettext \ + curl \ + bash \ + +# +# Build. +# + +log "Downloading Crowdsec Openresty Bouncer package..." +mkdir /tmp/crowdsec-openresty-bouncer +curl -# -L "${CROWDSEC_OPENRESTY_BOUNCER_URL}" | tar xz --strip 1 -C /tmp/crowdsec-openresty-bouncer +log "Deploy Crowdsec Openresty Bouncer..." +cd /tmp/crowdsec-openresty-bouncer +bash ./install.sh --NGINX_CONF_DIR=${ROOTFS}/etc/nginx/conf.d --LIB_PATH=${ROOTFS}/var/lib/nginx/lualib --CONFIG_PATH=${ROOTFS}/defaults/crowdsec/ --DATA_PATH=${ROOTFS}/defaults/crowdsec/ --SSL_CERTS_PATH=/etc/ssl/certs/ca-cert-GTS_Root_R1.pem --docker +sed -i 's|/tmp/crowdsec-openresty-bouncer-install||g' ${ROOTFS}/etc/nginx/conf.d/crowdsec_openresty.conf +sed -i 's|ENABLED=.*|ENABLED=false|' ${ROOTFS}/defaults/crowdsec/crowdsec-openresty-bouncer.conf diff --git a/src/openresty/build.sh b/src/openresty/build.sh index 155806f0..4fa54638 100755 --- a/src/openresty/build.sh +++ b/src/openresty/build.sh @@ -180,6 +180,9 @@ make -C /tmp/openresty -j$(nproc) log "Installing OpenResty..." make DESTDIR=/tmp/openresty-install -C /tmp/openresty install +#Install lua-resty-http required for Crowdsec OpenResty Bouncer +/tmp/openresty-install/var/lib/nginx/bin/opm --install-dir="/tmp/openresty-install/var/lib/nginx/site/" get pintsized/lua-resty-http + rm -r \ /tmp/openresty-install/etc/nginx/*.default \ /tmp/openresty-install/var/lib/nginx/bin/opm \ @@ -189,5 +192,4 @@ rm -r \ /tmp/openresty-install/var/lib/nginx/bin/md2pod.pl \ /tmp/openresty-install/var/lib/nginx/pod \ /tmp/openresty-install/var/lib/nginx/resty.index \ - /tmp/openresty-install/var/lib/nginx/site \ /tmp/openresty-install/var/run \ From 8a06521f5869bc7ee2939c4700aa4a178f0f69ad Mon Sep 17 00:00:00 2001 From: LePresidente Date: Sat, 10 Feb 2024 09:34:02 +0200 Subject: [PATCH 10/14] Updated Crowdsec Bouncer to 1.0.2 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index ddbf5bc1..a571c25a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,7 +9,7 @@ ARG DOCKER_IMAGE_VERSION= # Define software versions. ARG OPENRESTY_VERSION=1.19.9.1 -ARG CROWDSEC_OPENRESTY_BOUNCER_VERSION=1.0.1 +ARG CROWDSEC_OPENRESTY_BOUNCER_VERSION=1.0.2 ARG NGINX_PROXY_MANAGER_VERSION=2.10.4 ARG NGINX_HTTP_GEOIP2_MODULE_VERSION=3.3 ARG LIBMAXMINDDB_VERSION=1.5.0 From 79d50af9057f56da8c9765ca669cdc73d8e9d53d Mon Sep 17 00:00:00 2001 From: LePresidente Date: Wed, 24 Jul 2024 10:39:30 +0200 Subject: [PATCH 11/14] Add support for environment variables. --- .../99_crowdsec-openresty-bouncer.sh | 71 ++++++++++++------- 1 file changed, 46 insertions(+), 25 deletions(-) diff --git a/rootfs/etc/cont-init.d/99_crowdsec-openresty-bouncer.sh b/rootfs/etc/cont-init.d/99_crowdsec-openresty-bouncer.sh index a43a661c..d802ba11 100755 --- a/rootfs/etc/cont-init.d/99_crowdsec-openresty-bouncer.sh +++ b/rootfs/etc/cont-init.d/99_crowdsec-openresty-bouncer.sh @@ -2,32 +2,53 @@ set -e # Exit immediately if a command exits with a non-zero status. -mkdir -p /config/crowdsec/templates -echo "Deploy Crowdsec Openresty Bouncer.." -sed -i 's|/defaults/crowdsec|/config/crowdsec|' /etc/nginx/conf.d/crowdsec_openresty.conf +function set_properties() { + sed -i "s,^$1=.*,$1=$2,g" "${3}" +} -if [ -f /data/crowdsec/crowdsec-openresty-bouncer.conf ]; then - echo "Patch crowdsec-openresty-bouncer.conf .." - sed "s/=.*//g" /config/crowdsec/crowdsec-openresty-bouncer.conf > /tmp/crowdsec.conf.raw - sed "s/=.*//g" /defaults/crowdsec/crowdsec-openresty-bouncer.conf > /tmp/crowdsec-openresty-bouncer.conf.raw - if grep -vf /tmp/crowdsec.conf.raw /tmp/crowdsec-openresty-bouncer.conf.raw ; then - grep -vf /tmp/crowdsec.conf.raw /tmp/crowdsec-openresty-bouncer.conf.raw > /tmp/config.newvals - cp /config/crowdsec/crowdsec-openresty-bouncer.conf /config/crowdsec/crowdsec-openresty-bouncer.conf.bak - grep -f /tmp/config.newvals /defaults/crowdsec/crowdsec-openresty-bouncer.conf >> /config/crowdsec/crowdsec-openresty-bouncer.conf - fi +echo "Deploy Crowdsec Openresty Bouncer.." +if [ -n "${CROWDSEC_OPENRESTY_BOUNCER}" ]; then + while IFS= read -r line + do + if ! [[ "$line" != "^#" ]] || [[ "$line" != "^\n" ]]; then + name=$(echo "$line" | cut -d "=" -f1) + value=$(echo "$line" | cut -d "=" -f2) + if grep -q "${name}" /defaults/crowdsec/crowdsec-openresty-bouncer.conf ; then + set_properties "${name}" "${value}" "/defaults/crowdsec/crowdsec-openresty-bouncer.conf" + fi + fi + done <<< "${CROWDSEC_OPENRESTY_BOUNCER}" else - echo "Deploy new crowdsec-openresty-bouncer.conf .." - cp /defaults/crowdsec/crowdsec-openresty-bouncer.conf /config/crowdsec/crowdsec-openresty-bouncer.conf + mkdir -p /config/crowdsec/templates + sed -i 's|/defaults/crowdsec|/config/crowdsec|' /etc/nginx/conf.d/crowdsec_openresty.conf + + if [ -f /data/crowdsec/crowdsec-openresty-bouncer.conf ]; then + echo "Patch crowdsec-openresty-bouncer.conf .." + sed "s/=.*//g" /config/crowdsec/crowdsec-openresty-bouncer.conf > /tmp/crowdsec.conf.raw + sed "s/=.*//g" /defaults/crowdsec/crowdsec-openresty-bouncer.conf > /tmp/crowdsec-openresty-bouncer.conf.raw + if grep -vf /tmp/crowdsec.conf.raw /tmp/crowdsec-openresty-bouncer.conf.raw ; then + grep -vf /tmp/crowdsec.conf.raw /tmp/crowdsec-openresty-bouncer.conf.raw > /tmp/config.newvals + cp /config/crowdsec/crowdsec-openresty-bouncer.conf /config/crowdsec/crowdsec-openresty-bouncer.conf.bak + grep -f /tmp/config.newvals /defaults/crowdsec/crowdsec-openresty-bouncer.conf >> /config/crowdsec/crowdsec-openresty-bouncer.conf + fi + else + echo "Deploy new crowdsec-openresty-bouncer.conf .." + cp /defaults/crowdsec/crowdsec-openresty-bouncer.conf /config/crowdsec/crowdsec-openresty-bouncer.conf + fi + #Make sure the config location is where we get the config from instead of /default/ + sed -i 's|/defaults/crowdsec|/data/crowdsec|' /data/crowdsec/crowdsec-openresty-bouncer.conf fi -#Make sure the config location is where we get the config from instead of /default/ -sed -i 's|/defaults/crowdsec|/config/crowdsec|' /config/crowdsec/crowdsec-openresty-bouncer.conf -echo "Deploy Crowdsec Templates .." + + #Make sure we only copy files that don't exist in /data/crowdsec. -cd /defaults/crowdsec/templates/ -for file in *.html -do - if [ ! -e "/config/crowdsec/templates/${file}" ] - then - cp -r "/defaults/crowdsec/templates/${file}" "/config/crowdsec/templates/" - fi -done +if [ -d "/data/crowdsec/templates" ]; then + echo "Deploy Crowdsec Templates .." + cd /defaults/crowdsec/templates/ + for file in *.html + do + if [ ! -e "/config/crowdsec/templates/${file}" ] + then + cp -r "/defaults/crowdsec/templates/${file}" "/config/crowdsec/templates/" + fi + done +fi \ No newline at end of file From a16ccf442549cb76d2224bd8eba25fd0db8cf5d6 Mon Sep 17 00:00:00 2001 From: LePresidente Date: Wed, 24 Jul 2024 19:25:20 +0200 Subject: [PATCH 12/14] Use /bin/bash instead of /bin/sh --- rootfs/etc/cont-init.d/99_crowdsec-openresty-bouncer.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rootfs/etc/cont-init.d/99_crowdsec-openresty-bouncer.sh b/rootfs/etc/cont-init.d/99_crowdsec-openresty-bouncer.sh index d802ba11..35005982 100755 --- a/rootfs/etc/cont-init.d/99_crowdsec-openresty-bouncer.sh +++ b/rootfs/etc/cont-init.d/99_crowdsec-openresty-bouncer.sh @@ -1,8 +1,8 @@ -#!/bin/sh +#!/bin/bash set -e # Exit immediately if a command exits with a non-zero status. -function set_properties() { +set_properties() { sed -i "s,^$1=.*,$1=$2,g" "${3}" } From f56abc7cad25d262456423b839df866b29f37209 Mon Sep 17 00:00:00 2001 From: LePresidente Date: Sat, 28 Dec 2024 08:48:01 +0200 Subject: [PATCH 13/14] Updated crowdsec bouncer to 1.0.5 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 9d2fd158..ee7230c9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ ARG NGINX_PROXY_MANAGER_VERSION=2.12.1 ARG NGINX_HTTP_GEOIP2_MODULE_VERSION=3.3 ARG LIBMAXMINDDB_VERSION=1.5.0 ARG BCRYPT_TOOL_VERSION=1.1.2 -ARG CROWDSEC_OPENRESTY_BOUNCER_VERSION=1.0.2 +ARG CROWDSEC_OPENRESTY_BOUNCER_VERSION=1.0.5 # Define software download URLs. ARG OPENRESTY_URL=https://openresty.org/download/openresty-${OPENRESTY_VERSION}.tar.gz From 3faab0f817c1722e5c4384a09a4a3350ef1bc704 Mon Sep 17 00:00:00 2001 From: LePresidente Date: Tue, 15 Jul 2025 12:00:40 +0200 Subject: [PATCH 14/14] Updated Crowdsec Bouncer 1.1.0 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 062e2e23..0dda14f4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ ARG NGINX_PROXY_MANAGER_VERSION=2.12.3 ARG NGINX_HTTP_GEOIP2_MODULE_VERSION=3.3 ARG LIBMAXMINDDB_VERSION=1.5.0 ARG BCRYPT_TOOL_VERSION=1.1.2 -ARG CROWDSEC_OPENRESTY_BOUNCER_VERSION=1.0.5 +ARG CROWDSEC_OPENRESTY_BOUNCER_VERSION=1.1.0 # Define software download URLs. ARG OPENRESTY_URL=https://openresty.org/download/openresty-${OPENRESTY_VERSION}.tar.gz