mirror of
https://github.com/TrezOne/docker-mods-uptime-kuma-timeout-fix.git
synced 2026-07-01 04:21:56 -04:00
Publish swag-crowdsec mod (#315)
This commit is contained in:
@@ -0,0 +1,68 @@
|
||||
#!/usr/bin/with-contenv bash
|
||||
|
||||
CONFIG_PATH="/config/crowdsec/"
|
||||
LIB_PATH="/usr/local/lua/crowdsec/"
|
||||
DATA_PATH="/var/lib/crowdsec/lua/"
|
||||
|
||||
echo "**** Configuring CrowdSec nginx Bouncer ****"
|
||||
|
||||
# If API keys are missing, disable mod and exit
|
||||
if [[ -z $CROWDSEC_API_KEY ]] || [[ -z $CROWDSEC_LAPI_URL ]]; then
|
||||
echo "**** Missing API key or CrowdSec LAPI URL, cannot configure bouncer ****"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
apk add -U --upgrade --no-cache \
|
||||
gettext \
|
||||
lua5.1 \
|
||||
lua5.1-cjson \
|
||||
lua-resty-http \
|
||||
lua-sec \
|
||||
nginx-mod-http-lua
|
||||
|
||||
# Download nginx bouncer
|
||||
if [ -z ${CROWDSEC_VERSION+x} ]; then \
|
||||
CROWDSEC_VERSION=$(curl -sX GET "https://api.github.com/repos/crowdsecurity/cs-nginx-bouncer/releases/latest" | awk '/tag_name/{print $4;exit}' FS='[""]');
|
||||
fi
|
||||
|
||||
curl -so \
|
||||
/tmp/crowdsec.tar.gz -L \
|
||||
"https://github.com/crowdsecurity/cs-nginx-bouncer/releases/download/${CROWDSEC_VERSION}/crowdsec-nginx-bouncer.tgz"
|
||||
|
||||
mkdir -p /tmp/crowdsec
|
||||
|
||||
tar xf \
|
||||
/tmp/crowdsec.tar.gz -C \
|
||||
/tmp/crowdsec --strip-components=1
|
||||
|
||||
# Inject API keys into config file
|
||||
mkdir -p "${CONFIG_PATH}"
|
||||
API_KEY=${CROWDSEC_API_KEY} CROWDSEC_LAPI_URL=${CROWDSEC_LAPI_URL} envsubst < /tmp/crowdsec/lua-mod/config_example.conf > "${CONFIG_PATH}crowdsec-nginx-bouncer.conf"
|
||||
|
||||
# Change config path
|
||||
sed -i "s|/etc/crowdsec/bouncers/|${CONFIG_PATH}|" /tmp/crowdsec/nginx/crowdsec_nginx.conf
|
||||
|
||||
# Copy files
|
||||
mkdir -p ${DATA_PATH}/templates/
|
||||
cp -r /tmp/crowdsec/lua-mod/templates/* ${DATA_PATH}/templates/
|
||||
|
||||
mkdir -p ${LIB_PATH}plugins/crowdsec
|
||||
cp -r /tmp/crowdsec/lua-mod/lib/* ${LIB_PATH}
|
||||
|
||||
cp /tmp/crowdsec/nginx/crowdsec_nginx.conf /etc/nginx/http.d
|
||||
|
||||
# Sed in ReCaptcha keys
|
||||
sed -ir "s|SECRET_KEY=.*$|SECRET_KEY=${CROWDSEC_SECRET_KEY}|" "${CONFIG_PATH}crowdsec-nginx-bouncer.conf"
|
||||
sed -ir "s|SITE_KEY=.*$|SITE_KEY=${CROWDSEC_SITE_KEY}|" "${CONFIG_PATH}crowdsec-nginx-bouncer.conf"
|
||||
|
||||
# Sed in crowdsec include
|
||||
if grep -q '#include /etc/nginx/http.d/\*.conf;' '/config/nginx/nginx.conf'; then
|
||||
sed -i 's|#include /etc/nginx/http.d/\*.conf;|include /etc/nginx/http.d/\*.conf;|' /config/nginx/nginx.conf
|
||||
fi
|
||||
|
||||
# Clean up
|
||||
rm -rf \
|
||||
/tmp/crowdsec \
|
||||
/tmp/crowdsec.tar.gz
|
||||
|
||||
echo "**** Successfully configured CrowdSec nginx Bouncer ${CROWDSEC_VERSION} ****"
|
||||
@@ -1,27 +0,0 @@
|
||||
#!/usr/bin/with-contenv bash
|
||||
|
||||
# Determine if setup is needed
|
||||
if [ ! -f /usr/local/lib/python***/dist-packages/sshuttle ] && \
|
||||
[ -f /usr/bin/apt ]; then
|
||||
## Ubuntu
|
||||
apt-get update
|
||||
apt-get install --no-install-recommends -y \
|
||||
iptables \
|
||||
openssh-client \
|
||||
python3 \
|
||||
python3-pip
|
||||
pip3 install sshuttle
|
||||
fi
|
||||
if [ ! -f /usr/lib/python***/site-packages/sshuttle ] && \
|
||||
[ -f /sbin/apk ]; then
|
||||
# Alpine
|
||||
apk add --no-cache \
|
||||
iptables \
|
||||
openssh \
|
||||
py3-pip \
|
||||
python3
|
||||
pip3 install sshuttle
|
||||
fi
|
||||
|
||||
chown -R root:root /root
|
||||
chmod -R 600 /root/.ssh
|
||||
@@ -1,3 +0,0 @@
|
||||
#!/usr/bin/with-contenv bash
|
||||
|
||||
sshuttle --dns --remote root@${HOST}:${PORT} 0/0 -x 172.17.0.0/16
|
||||
Reference in New Issue
Block a user