docker-mods-uptime-kuma-timeout-fix/README.md

# CrowdSec - Docker mod for SWAG

## nginx.conf change

Make sure that the line below, under virtual hosts, is in your nginx.conf, otherwise crowdsec-bouncer will not work. More information here https://info.linuxserver.io/issues/2022-08-20-nginx-base/

```nginx
# Includes virtual hosts configs.
include /etc/nginx/http.d/*.conf;
```

This mod adds the [CrowdSec](https://crowdsec.net) [nginx bouncer](https://github.com/crowdsecurity/cs-nginx-bouncer/) to SWAG, to be installed/updated during container start.

In SWAG docker arguments, set an environment variable `DOCKER_MODS=linuxserver/mods:swag-crowdsec`

If adding multiple mods, enter them in an array separated by `|`, such as `DOCKER_MODS=linuxserver/mods:swag-crowdsec|linuxserver/mods:swag-dbip`

## Mod usage instructions

If running CrowdSec in a container it must be on a common docker network with SWAG.

Generate an API key for the bouncer with `cscli bouncers add bouncer-swag` or `docker exec -t crowdsec cscli bouncers add bouncer-swag`, if you're running CrowdSec in a container.

Make a note of the API key as you can't retrieve it later without removing and re-adding the bouncer.

Set the following environment variables on your SWAG container.

| | | |
| --- | --- | --- |
| `CROWDSEC_API_KEY` | **Required** | Your bouncer API key |
| `CROWDSEC_LAPI_URL` | **Required** | Your local CrowdSec API endpoint, for example `http://crowdsec:8080` |
| `CROWDSEC_SITE_KEY` | **Optional** | CAPTCHA Site Key |
| `CROWDSEC_SECRET_KEY` | **Optional** | CAPTCHA Secret Key |
| `CROWDSEC_CAPTCHA_PROVIDER` | **Optional** | CAPTCHA Provider (currently supported providers are `recaptcha`, `hcaptcha`, `turnstile`), requires bouncer v1.0.5 or newer. |
| `CROWDSEC_F2B_DISABLE` | **Optional** | Set to `true` to disable swag's built-in fail2ban service if you don't need it |
| `CROWDSEC_MODE` | **Optional** | Set to `live` (immediate update) or `stream` to update requests every CROWDSEC_UPDATE_FREQUENCY seconds. Defaults to `live` |
| `CROWDSEC_UPDATE_FREQUENCY` | **Optional** | Set update frequency for use with `stream` mode. Defaults to `10`. |
| `CROWDSEC_APPSEC_URL` | **Optional** | Set URL for AppSec component, requires bouncer v1.0.6 or newer and Crowdsec v1.6.0 or newer. |
| | | |

The variables need to remain in place while you are using the mod. If you remove **required** variables the bouncer will be disabled the next time you recreate the container, if you remove **optional** variables the associated features will be disabled the next time you recreate the container.

### Captcha & AppSec Limitations

Due to limitations in the nginx Lua module, if you enable Captcha or AppSec support in the bouncer you cannot safely use http/2 for any of your services. By default Swag ships with http/2 enabled, and so this will need to be changed in the `/config/nginx/nginx.conf` file. Simply change `http2 on;` to `http2 off;` and restart the container.

If you still have old versions of active proxy confs or the `default.conf`, you will need to remove the http2 definitions from them. For example, in the old [subdomain template conf](https://github.com/linuxserver/reverse-proxy-confs/blob/0528b56e12655748834a9314e7b8cd413e6bf7da/_template.subdomain.conf.sample) you would replace:

```nginx
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
```

with

```nginx
server {
    listen 443 ssl;
    listen [::]:443 ssl;
```

You can automate this using something like `find /path/to/swag/config/nginx -name "*.conf" -type f -exec sed -i -E 's/^(\s+listen.*)http2(.*)/\1\2/g' {} \;`

If you are not using Captcha or AppSec components make sure to omit or leave blank the related environment variables to avoid causing unnecessary issues.

### reCAPTCHA Support Notes

If you're using the reCAPTCHA capability and you're running in an IPv4-only environment then you need to edit your `/config/nginx/resolver.conf` and add `ipv6=off` to the end of the `resolver` statement otherwise the bouncer will attempt to contact the reCAPTCHA endpoint over IPv6 and fail.

e.g. `resolver  127.0.0.11 valid=30s ipv6=off;`

## Versions

* **11.09.24:** - Move versioning to mod tags. Bundle tarball at build time.
* **05.06.24:** - Add lua-resty-string.
* **06.02.24:** - Add AppSec support.
* **29.03.23:** - Support multiple captcha providers from upstream.
* **28.01.23:** - Support mode selection, handle s6v3 init.
* **25.08.22:** - Make hybrid mod.
* **14.03.22:** - Initial Release.