mirror of
https://github.com/TrezOne/docker-mods-uptime-kuma-timeout-fix.git
synced 2026-07-18 08:48:27 -04:00
Publish swag-crowdsec mod (#315)
This commit is contained in:
@@ -4,8 +4,8 @@ on: [push, pull_request, workflow_dispatch]
|
|||||||
|
|
||||||
env:
|
env:
|
||||||
ENDPOINT: "linuxserver/mods" #don't modify
|
ENDPOINT: "linuxserver/mods" #don't modify
|
||||||
BASEIMAGE: "replace_baseimage" #replace
|
BASEIMAGE: "swag" #replace
|
||||||
MODNAME: "replace_modname" #replace
|
MODNAME: "crowdsec" #replace
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
build:
|
build:
|
||||||
|
|||||||
+1
-1
@@ -1,6 +1,6 @@
|
|||||||
FROM scratch
|
FROM scratch
|
||||||
|
|
||||||
LABEL maintainer="username"
|
LABEL maintainer="thespad"
|
||||||
|
|
||||||
# copy local files
|
# copy local files
|
||||||
COPY root/ /
|
COPY root/ /
|
||||||
|
|||||||
@@ -1,23 +0,0 @@
|
|||||||
## Buildstage ##
|
|
||||||
FROM ghcr.io/linuxserver/baseimage-alpine:3.12 as buildstage
|
|
||||||
|
|
||||||
RUN \
|
|
||||||
echo "**** install packages ****" && \
|
|
||||||
apk add --no-cache \
|
|
||||||
curl && \
|
|
||||||
echo "**** grab rclone ****" && \
|
|
||||||
mkdir -p /root-layer && \
|
|
||||||
curl -o \
|
|
||||||
/root-layer/rclone.deb -L \
|
|
||||||
"https://downloads.rclone.org/v1.47.0/rclone-v1.47.0-linux-amd64.deb"
|
|
||||||
|
|
||||||
# copy local files
|
|
||||||
COPY root/ /root-layer/
|
|
||||||
|
|
||||||
## Single layer deployed image ##
|
|
||||||
FROM scratch
|
|
||||||
|
|
||||||
LABEL maintainer="username"
|
|
||||||
|
|
||||||
# Add files from buildstage
|
|
||||||
COPY --from=buildstage /root-layer/ /
|
|
||||||
@@ -1,25 +1,28 @@
|
|||||||
# Rsync - Docker mod for openssh-server
|
# CrowdSec - Docker mod for SWAG
|
||||||
|
|
||||||
This mod adds rsync to openssh-server, to be installed/updated during container start.
|
This mod adds the [CrowdSec](https://crowdsec.net) [nginx bouncer](https://github.com/crowdsecurity/cs-nginx-bouncer/) to SWAG, to be installed/updated during container start.
|
||||||
|
|
||||||
In openssh-server docker arguments, set an environment variable `DOCKER_MODS=linuxserver/mods:openssh-server-rsync`
|
In SWAG docker arguments, set an environment variable `DOCKER_MODS=linuxserver/mods:swag-crowdsec`
|
||||||
|
|
||||||
If adding multiple mods, enter them in an array separated by `|`, such as `DOCKER_MODS=linuxserver/mods:openssh-server-rsync|linuxserver/mods:openssh-server-mod2`
|
If adding multiple mods, enter them in an array separated by `|`, such as `DOCKER_MODS=linuxserver/mods:swag-crowdsec|linuxserver/mods:swag-dbip`
|
||||||
|
|
||||||
# Mod creation instructions
|
## Mod usage instructions
|
||||||
|
|
||||||
* Fork the repo, create a new branch based on the branch `template`.
|
If running CrowdSec in a container it must be on a common docker network with SWAG.
|
||||||
* Edit the `Dockerfile` for the mod. `Dockerfile.complex` is only an example and included for reference; it should be deleted when done.
|
|
||||||
* Inspect the `root` folder contents. Edit, add and remove as necessary.
|
|
||||||
* Edit this readme with pertinent info, delete these instructions.
|
|
||||||
* Finally edit the `.github/workflows/BuildImage.yml`. Customize the build branch, and the vars for `BASEIMAGE` and `MODNAME`.
|
|
||||||
* Ask the team to create a new branch named `<baseimagename>-<modname>`. Baseimage should be the name of the image the mod will be applied to. The new branch will be based on the `template` branch.
|
|
||||||
* Submit PR against the branch created by the team.
|
|
||||||
|
|
||||||
|
Generate an API key for the bouncer with `cscli bouncers add bouncer-swag` or `docker exec -t crowdsec cscli bouncers add bouncer-swag`, if you're running CrowdSec in a container.
|
||||||
|
|
||||||
## Tips and tricks
|
Make a note of the API key as you can't retrieve it later without removing and re-adding the bouncer.
|
||||||
|
|
||||||
* To decrease startup times when multiple mods are used, we have consolidated `apt-get update` down to one file. As seen in the [nodejs mod](https://github.com/linuxserver/docker-mods/tree/code-server-nodejs/root/etc/cont-init.d)
|
Set the following environment variables on your SWAG container.
|
||||||
* Some images has helpers built in, these images are currently:
|
|
||||||
* [Openvscode-server](https://github.com/linuxserver/docker-openvscode-server/pull/10/files)
|
| | | |
|
||||||
* [Code-server](https://github.com/linuxserver/docker-code-server/pull/95)
|
| --- | --- | --- |
|
||||||
|
| `CROWDSEC_API_KEY` | **Required** | Your bouncer API key |
|
||||||
|
| `CROWDSEC_LAPI_URL` | **Required** | Your local CrowdSec API endpoint, for example `http://crowdsec:8080` |
|
||||||
|
| `CROWDSEC_SITE_KEY` | **Optional** | reCAPTCHA v2 Site Key |
|
||||||
|
| `CROWDSEC_SECRET_KEY` | **Optional** | reCAPTCHA v2 Secret Key |
|
||||||
|
| `CROWDSEC_VERSION` | **Optional** | Specify a version of the bouncer to install instead of using the latest release, for example `v1.0.0`. Must be a valid [release tag](https://github.com/crowdsecurity/cs-nginx-bouncer/tags). **Does not support versions older than v1.0.0**.
|
||||||
|
| | | |
|
||||||
|
|
||||||
|
The variables need to remain in place while you are using the mod. If you remove **required** variables the bouncer will be disabled the next time you recreate the container, if you remove **optional** variables the associated features will be disabled the next time you recreate the container.
|
||||||
|
|||||||
@@ -0,0 +1,68 @@
|
|||||||
|
#!/usr/bin/with-contenv bash
|
||||||
|
|
||||||
|
CONFIG_PATH="/config/crowdsec/"
|
||||||
|
LIB_PATH="/usr/local/lua/crowdsec/"
|
||||||
|
DATA_PATH="/var/lib/crowdsec/lua/"
|
||||||
|
|
||||||
|
echo "**** Configuring CrowdSec nginx Bouncer ****"
|
||||||
|
|
||||||
|
# If API keys are missing, disable mod and exit
|
||||||
|
if [[ -z $CROWDSEC_API_KEY ]] || [[ -z $CROWDSEC_LAPI_URL ]]; then
|
||||||
|
echo "**** Missing API key or CrowdSec LAPI URL, cannot configure bouncer ****"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
apk add -U --upgrade --no-cache \
|
||||||
|
gettext \
|
||||||
|
lua5.1 \
|
||||||
|
lua5.1-cjson \
|
||||||
|
lua-resty-http \
|
||||||
|
lua-sec \
|
||||||
|
nginx-mod-http-lua
|
||||||
|
|
||||||
|
# Download nginx bouncer
|
||||||
|
if [ -z ${CROWDSEC_VERSION+x} ]; then \
|
||||||
|
CROWDSEC_VERSION=$(curl -sX GET "https://api.github.com/repos/crowdsecurity/cs-nginx-bouncer/releases/latest" | awk '/tag_name/{print $4;exit}' FS='[""]');
|
||||||
|
fi
|
||||||
|
|
||||||
|
curl -so \
|
||||||
|
/tmp/crowdsec.tar.gz -L \
|
||||||
|
"https://github.com/crowdsecurity/cs-nginx-bouncer/releases/download/${CROWDSEC_VERSION}/crowdsec-nginx-bouncer.tgz"
|
||||||
|
|
||||||
|
mkdir -p /tmp/crowdsec
|
||||||
|
|
||||||
|
tar xf \
|
||||||
|
/tmp/crowdsec.tar.gz -C \
|
||||||
|
/tmp/crowdsec --strip-components=1
|
||||||
|
|
||||||
|
# Inject API keys into config file
|
||||||
|
mkdir -p "${CONFIG_PATH}"
|
||||||
|
API_KEY=${CROWDSEC_API_KEY} CROWDSEC_LAPI_URL=${CROWDSEC_LAPI_URL} envsubst < /tmp/crowdsec/lua-mod/config_example.conf > "${CONFIG_PATH}crowdsec-nginx-bouncer.conf"
|
||||||
|
|
||||||
|
# Change config path
|
||||||
|
sed -i "s|/etc/crowdsec/bouncers/|${CONFIG_PATH}|" /tmp/crowdsec/nginx/crowdsec_nginx.conf
|
||||||
|
|
||||||
|
# Copy files
|
||||||
|
mkdir -p ${DATA_PATH}/templates/
|
||||||
|
cp -r /tmp/crowdsec/lua-mod/templates/* ${DATA_PATH}/templates/
|
||||||
|
|
||||||
|
mkdir -p ${LIB_PATH}plugins/crowdsec
|
||||||
|
cp -r /tmp/crowdsec/lua-mod/lib/* ${LIB_PATH}
|
||||||
|
|
||||||
|
cp /tmp/crowdsec/nginx/crowdsec_nginx.conf /etc/nginx/http.d
|
||||||
|
|
||||||
|
# Sed in ReCaptcha keys
|
||||||
|
sed -ir "s|SECRET_KEY=.*$|SECRET_KEY=${CROWDSEC_SECRET_KEY}|" "${CONFIG_PATH}crowdsec-nginx-bouncer.conf"
|
||||||
|
sed -ir "s|SITE_KEY=.*$|SITE_KEY=${CROWDSEC_SITE_KEY}|" "${CONFIG_PATH}crowdsec-nginx-bouncer.conf"
|
||||||
|
|
||||||
|
# Sed in crowdsec include
|
||||||
|
if grep -q '#include /etc/nginx/http.d/\*.conf;' '/config/nginx/nginx.conf'; then
|
||||||
|
sed -i 's|#include /etc/nginx/http.d/\*.conf;|include /etc/nginx/http.d/\*.conf;|' /config/nginx/nginx.conf
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Clean up
|
||||||
|
rm -rf \
|
||||||
|
/tmp/crowdsec \
|
||||||
|
/tmp/crowdsec.tar.gz
|
||||||
|
|
||||||
|
echo "**** Successfully configured CrowdSec nginx Bouncer ${CROWDSEC_VERSION} ****"
|
||||||
@@ -1,27 +0,0 @@
|
|||||||
#!/usr/bin/with-contenv bash
|
|
||||||
|
|
||||||
# Determine if setup is needed
|
|
||||||
if [ ! -f /usr/local/lib/python***/dist-packages/sshuttle ] && \
|
|
||||||
[ -f /usr/bin/apt ]; then
|
|
||||||
## Ubuntu
|
|
||||||
apt-get update
|
|
||||||
apt-get install --no-install-recommends -y \
|
|
||||||
iptables \
|
|
||||||
openssh-client \
|
|
||||||
python3 \
|
|
||||||
python3-pip
|
|
||||||
pip3 install sshuttle
|
|
||||||
fi
|
|
||||||
if [ ! -f /usr/lib/python***/site-packages/sshuttle ] && \
|
|
||||||
[ -f /sbin/apk ]; then
|
|
||||||
# Alpine
|
|
||||||
apk add --no-cache \
|
|
||||||
iptables \
|
|
||||||
openssh \
|
|
||||||
py3-pip \
|
|
||||||
python3
|
|
||||||
pip3 install sshuttle
|
|
||||||
fi
|
|
||||||
|
|
||||||
chown -R root:root /root
|
|
||||||
chmod -R 600 /root/.ssh
|
|
||||||
@@ -1,3 +0,0 @@
|
|||||||
#!/usr/bin/with-contenv bash
|
|
||||||
|
|
||||||
sshuttle --dns --remote root@${HOST}:${PORT} 0/0 -x 172.17.0.0/16
|
|
||||||
Reference in New Issue
Block a user