From 4f31195b3abb9c66f2d1fd1265ebd07a33261cc9 Mon Sep 17 00:00:00 2001 From: TheSpad Date: Tue, 6 Feb 2024 21:43:59 +0000 Subject: [PATCH 1/3] Add support for APPSEC_URL --- root/etc/s6-overlay/s6-rc.d/init-mod-swag-crowdsec/run | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/root/etc/s6-overlay/s6-rc.d/init-mod-swag-crowdsec/run b/root/etc/s6-overlay/s6-rc.d/init-mod-swag-crowdsec/run index 91fec89..42a5f3a 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-mod-swag-crowdsec/run +++ b/root/etc/s6-overlay/s6-rc.d/init-mod-swag-crowdsec/run @@ -70,6 +70,12 @@ sed -i -r "s|CAPTCHA_PROVIDER=.*$|CAPTCHA_PROVIDER=${CROWDSEC_CAPTCHA_PROVIDER}| sed -i -r "s|MODE=.*$|MODE=${CROWDSEC_MODE:-live}|" "${CONFIG_PATH}crowdsec-nginx-bouncer.conf" sed -i -r "s|UPDATE_FREQUENCY=.*$|UPDATE_FREQUENCY=${CROWDSEC_UPDATE_FREQUENCY:-10}|" "${CONFIG_PATH}crowdsec-nginx-bouncer.conf" +if grep -q "^APPSEC_URL=" "${CONFIG_PATH}crowdsec-nginx-bouncer.conf"; then + sed -i -r "s|APPSEC_URL=.*$|APPSEC_URL=${APPSEC_URL}|" "${CONFIG_PATH}crowdsec-nginx-bouncer.conf" +else + echo "APPSEC_URL=${APPSEC_URL}" >> "${CONFIG_PATH}crowdsec-nginx-bouncer.conf" +fi + # Change config path sed -i "s|/etc/crowdsec/bouncers/|${CONFIG_PATH}|" /tmp/crowdsec/nginx/crowdsec_nginx.conf From 9378882c5a98e2f958bde3d998afd3f8353713f7 Mon Sep 17 00:00:00 2001 From: TheSpad Date: Tue, 6 Feb 2024 21:54:12 +0000 Subject: [PATCH 2/3] Update readme and env name --- README.md | 5 +++-- root/etc/s6-overlay/s6-rc.d/init-mod-swag-crowdsec/run | 4 ++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 3ca7a9a..7baa855 100644 --- a/README.md +++ b/README.md @@ -29,11 +29,12 @@ Set the following environment variables on your SWAG container. | `CROWDSEC_LAPI_URL` | **Required** | Your local CrowdSec API endpoint, for example `http://crowdsec:8080` | | `CROWDSEC_SITE_KEY` | **Optional** | CAPTCHA Site Key | | `CROWDSEC_SECRET_KEY` | **Optional** | CAPTCHA Secret Key | -| `CROWDSEC_CAPTCHA_PROVIDER` | **Optional** | CAPTCHA Provider (currently supported providers are `recaptcha`, `hcaptcha`, `turnstile`), requires v1.0.5 or newer. | -| `CROWDSEC_VERSION` | **Optional** | Specify a version of the bouncer to install instead of using the latest release, for example `v1.0.0`. Must be a valid [release tag](https://github.com/crowdsecurity/cs-nginx-bouncer/tags). **Does not support versions older than v1.0.0**. +| `CROWDSEC_CAPTCHA_PROVIDER` | **Optional** | CAPTCHA Provider (currently supported providers are `recaptcha`, `hcaptcha`, `turnstile`), requires bouncer v1.0.5 or newer. | +| `CROWDSEC_VERSION` | **Optional** | Specify a version of the bouncer to install instead of using the latest release, for example `v1.0.0`. Must be a valid [release tag](https://github.com/crowdsecurity/cs-nginx-bouncer/tags). **Does not support versions older than v1.0.0**. | | `CROWDSEC_F2B_DISABLE` | **Optional** | Set to `true` to disable swag's built-in fail2ban service if you don't need it | | `CROWDSEC_MODE` | **Optional** | Set to `live` (immediate update) or `stream` to update requests every CROWDSEC_UPDATE_FREQUENCY seconds. Defaults to `live` | | `CROWDSEC_UPDATE_FREQUENCY` | **Optional** | Set update frequency for use with `stream` mode. Defaults to `10`. | +| `CROWDSEC_APPSEC_URL` | **Optional** | Set URL for AppSec component, requires bouncer v1.0.6 or newer and Crowdsec v1.6.0 or newer. | | | | | The variables need to remain in place while you are using the mod. If you remove **required** variables the bouncer will be disabled the next time you recreate the container, if you remove **optional** variables the associated features will be disabled the next time you recreate the container. diff --git a/root/etc/s6-overlay/s6-rc.d/init-mod-swag-crowdsec/run b/root/etc/s6-overlay/s6-rc.d/init-mod-swag-crowdsec/run index 42a5f3a..39ceafc 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-mod-swag-crowdsec/run +++ b/root/etc/s6-overlay/s6-rc.d/init-mod-swag-crowdsec/run @@ -71,9 +71,9 @@ sed -i -r "s|MODE=.*$|MODE=${CROWDSEC_MODE:-live}|" "${CONFIG_PATH}crowdsec-ngin sed -i -r "s|UPDATE_FREQUENCY=.*$|UPDATE_FREQUENCY=${CROWDSEC_UPDATE_FREQUENCY:-10}|" "${CONFIG_PATH}crowdsec-nginx-bouncer.conf" if grep -q "^APPSEC_URL=" "${CONFIG_PATH}crowdsec-nginx-bouncer.conf"; then - sed -i -r "s|APPSEC_URL=.*$|APPSEC_URL=${APPSEC_URL}|" "${CONFIG_PATH}crowdsec-nginx-bouncer.conf" + sed -i -r "s|APPSEC_URL=.*$|APPSEC_URL=${CROWDSEC_APPSEC_URL}|" "${CONFIG_PATH}crowdsec-nginx-bouncer.conf" else - echo "APPSEC_URL=${APPSEC_URL}" >> "${CONFIG_PATH}crowdsec-nginx-bouncer.conf" + echo "APPSEC_URL=${CROWDSEC_APPSEC_URL}" >> "${CONFIG_PATH}crowdsec-nginx-bouncer.conf" fi # Change config path From 34b208f2c97d2b2b4868f28ffcf5e83e1a6692e1 Mon Sep 17 00:00:00 2001 From: TheSpad Date: Tue, 6 Feb 2024 22:03:08 +0000 Subject: [PATCH 3/3] Match upstream debug env --- root/etc/s6-overlay/s6-rc.d/init-mod-swag-crowdsec/run | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/root/etc/s6-overlay/s6-rc.d/init-mod-swag-crowdsec/run b/root/etc/s6-overlay/s6-rc.d/init-mod-swag-crowdsec/run index 39ceafc..ee6f48e 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-mod-swag-crowdsec/run +++ b/root/etc/s6-overlay/s6-rc.d/init-mod-swag-crowdsec/run @@ -5,7 +5,7 @@ CONFIG_PATH="/config/crowdsec/" LIB_PATH="/usr/local/lua/crowdsec/" DATA_PATH="/var/lib/crowdsec/lua/" -if [[ ${DOCKER_MODS_DEBUG,,} = "true" ]]; then +if [[ ${DOCKER_MODS_DEBUG_CURL,,} = "true" ]]; then CURL_NOISE_LEVEL="-v" else CURL_NOISE_LEVEL="--silent"