diff --git a/README.md b/README.md index 5be88c2..5f34592 100644 --- a/README.md +++ b/README.md @@ -22,6 +22,7 @@ The following images are built: **latest** - OpenResty - Lua +- [Crowdsec Openresty Bouncer](https://github.com/crowdsecurity/cs-openresty-bouncer) **certbot** - Certbot diff --git a/docker/Dockerfile b/docker/Dockerfile index 0514655..2c6a3f4 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -73,8 +73,10 @@ COPY --from=nginxbuilder /tmp/openresty /tmp/openresty COPY ./scripts/install-openresty /tmp/install-openresty ARG OPENRESTY_VERSION +ARG CROWDSEC_OPENRESTY_BOUNCER_VERSION ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt \ - OPENRESTY_VERSION=${OPENRESTY_VERSION} + OPENRESTY_VERSION=${OPENRESTY_VERSION} \ + CROWDSEC_OPENRESTY_BOUNCER_VERSION=${CROWDSEC_OPENRESTY_BOUNCER_VERSION} # Install openresty, lua, then clean up file system RUN apt-get update \ diff --git a/local-build.sh b/local-build.sh index 943a361..0f692e9 100755 --- a/local-build.sh +++ b/local-build.sh @@ -9,6 +9,7 @@ RESET='\E[0m' DOCKER_IMAGE=nginxproxymanager/nginx-full export OPENRESTY_VERSION=1.19.9.1 +export CROWDSEC_OPENRESTY_BOUNCER_VERSION=0.1.1 export LUA_VERSION=5.1.5 export LUAROCKS_VERSION=3.3.1 @@ -18,6 +19,7 @@ echo -e "${BLUE}❯ ${CYAN}Building ${YELLOW}latest ${CYAN}...${RESET}" docker build \ --pull \ --build-arg OPENRESTY_VERSION \ + --build-arg CROWDSEC_OPENRESTY_BOUNCER_VERSION \ --build-arg LUA_VERSION \ --build-arg LUAROCKS_VERSION \ -t ${DOCKER_IMAGE}:latest \ diff --git a/scripts/install-crowdsec_openresty_bouncer b/scripts/install-crowdsec_openresty_bouncer new file mode 100644 index 0000000..0c1b5e1 --- /dev/null +++ b/scripts/install-crowdsec_openresty_bouncer @@ -0,0 +1,22 @@ +#!/bin/bash -e + +BLUE='\E[1;34m' +CYAN='\E[1;36m' +YELLOW='\E[1;33m' +GREEN='\E[1;32m' +RESET='\E[0m' + +echo -e "${BLUE}❯ ${CYAN}Installing Crowdsec OpenResty Bouncer ${YELLOW}${CROWDSEC_OPENRESTY_BOUNCER_VERSION}...${RESET}" + +cd /tmp +#Offical Crowdsec download location is currently blocked due to two pull requests waiting to be added for full support for Docker installs +#weg "https://github.com/crowdsecurity/cs-openresty-bouncer/releases/download/v${CROWDSEC_OPENRESTY_BOUNCER_VERSION}/crowdsec-openresty-bouncer.tgz" +wget "https://github.com/LePresidente/cs-openresty-bouncer/releases/download/v${CROWDSEC_OPENRESTY_BOUNCER_VERSION}/crowdsec-openresty-bouncer.tgz" +mkdir -p /tmp/crowdsec +tar -xzf --strip 1 crowdsec-openresty-bouncer.tgz -C /tmp/crowdsec +cd /tmp/crowdsec + +bash ./install.sh --NGINX_CONF_DIR=/etc/nginx/conf.d --LIB_PATH=/etc/nginx/lualib --CONFIG_PATH=/defaults/crowdsec --DATA_PATH=/defaults/crowdsec --docker +sed-patch 's|ENABLED=.*|ENABLED=false|' /defaults/crowdsec/crowdsec-openresty-bouncer.conf + +echo -e "${BLUE}❯ ${GREEN}OpenResty plugins install completed${RESET}"