Skip to content

Commit 7705728

Browse files
LePresidenteLePresidente
committed
Added crowdsec to Nginx-Proxy-Manager
1 parent 67208e4 commit 7705728

File tree

6 files changed

+85
-0
lines changed

6 files changed

+85
-0
lines changed

docker/rootfs/etc/s6-overlay/s6-rc.d/cs-crowdsec-bouncer/dependencies.d/prepare

Whitespace-only changes.

docker/rootfs/etc/s6-overlay/s6-rc.d/cs-crowdsec-bouncer/script.sh

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
#!/command/with-contenv bash
2+
3+
set -e # Exit immediately if a command exits with a non-zero status.
4+
5+
mkdir -p /data/crowdsec/templates
6+
echo "Deploy Crowdsec Openresty Bouncer.."
7+
sed -i 's|/defaults/crowdsec|/data/crowdsec|' /etc/nginx/conf.d/crowdsec_openresty.conf
8+
9+
if [ -f /data/crowdsec/crowdsec-openresty-bouncer.conf ]; then
10+
echo "Patch crowdsec-openresty-bouncer.conf .."
11+
sed "s/=.*//g" /data/crowdsec/crowdsec-openresty-bouncer.conf > /tmp/crowdsec.conf.raw
12+
sed "s/=.*//g" /defaults/crowdsec/crowdsec-openresty-bouncer.conf > /tmp/crowdsec-openresty-bouncer.conf.raw
13+
if grep -vf /tmp/crowdsec.conf.raw /tmp/crowdsec-openresty-bouncer.conf.raw ; then
14+
grep -vf /tmp/crowdsec.conf.raw /tmp/crowdsec-openresty-bouncer.conf.raw > /tmp/config.newvals
15+
cp /data/crowdsec/crowdsec-openresty-bouncer.conf /data/crowdsec/crowdsec-openresty-bouncer.conf.bak
16+
grep -f /tmp/config.newvals /defaults/crowdsec/crowdsec-openresty-bouncer.conf >> /data/crowdsec/crowdsec-openresty-bouncer.conf
17+
fi
18+
else
19+
echo "Deploy new crowdsec-openresty-bouncer.conf .."
20+
cp /defaults/crowdsec/crowdsec-openresty-bouncer.conf /data/crowdsec/crowdsec-openresty-bouncer.conf
21+
fi
22+
#Make sure the config location is where we get the config from instead of /default/
23+
sed -i 's|/defaults/crowdsec|/data/crowdsec|' /data/crowdsec/crowdsec-openresty-bouncer.conf
24+
echo "Deploy Crowdsec Templates .."
25+
#Make sure we only copy files that don't exist in /data/crowdsec.
26+
cd /defaults/crowdsec/templates/
27+
for file in *.html
28+
do
29+
if [ ! -e "/data/crowdsec/templates/${file}" ]
30+
then
31+
cp -r "/defaults/crowdsec/templates/${file}" "/data/crowdsec/templates/"
32+
fi
33+
done

docker/rootfs/etc/s6-overlay/s6-rc.d/cs-crowdsec-bouncer/type

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
oneshot

docker/rootfs/etc/s6-overlay/s6-rc.d/cs-crowdsec-bouncer/up

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
# shellcheck shell=bash
2+
/etc/s6-overlay/s6-rc.d/cs-crowdsec-bouncer/script.sh

docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/dependencies.d/cs-crowdsec-bouncer

Whitespace-only changes.

docker/rootfs/etc/services.d/nginx/run

Lines changed: 49 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,49 @@
1+
#!/usr/bin/with-contenv bash
2+
3+
# Create required folders
4+
mkdir -p /tmp/nginx/body \
5+
/run/nginx \
6+
/var/log/nginx \
7+
/data/nginx \
8+
/data/custom_ssl \
9+
/data/logs \
10+
/data/access \
11+
/data/nginx/default_host \
12+
/data/nginx/default_www \
13+
/data/nginx/proxy_host \
14+
/data/nginx/redirection_host \
15+
/data/nginx/stream \
16+
/data/nginx/dead_host \
17+
/data/nginx/temp \
18+
/var/lib/nginx/cache/public \
19+
/var/lib/nginx/cache/private \
20+
/var/cache/nginx/proxy_temp
21+
22+
touch /var/log/nginx/error.log && chmod 777 /var/log/nginx/error.log && chmod -R 777 /var/cache/nginx
23+
chown root /tmp/nginx
24+
25+
# Dynamically generate resolvers file, if resolver is IPv6, enclose in `[]`
26+
# thanks @tfmm
27+
echo resolver "$(awk 'BEGIN{ORS=" "} $1=="nameserver" { sub(/%.*$/,"",$2); print ($2 ~ ":")? "["$2"]": $2}' /etc/resolv.conf) ipv6=off valid=10s;" > /etc/nginx/conf.d/include/resolvers.conf
28+
29+
# Generate dummy self-signed certificate.
30+
if [ ! -f /data/nginx/dummycert.pem ] || [ ! -f /data/nginx/dummykey.pem ]
31+
then
32+
echo "Generating dummy SSL certificate..."
33+
openssl req \
34+
-new \
35+
-newkey rsa:2048 \
36+
-days 3650 \
37+
-nodes \
38+
-x509 \
39+
-subj '/O=localhost/OU=localhost/CN=localhost' \
40+
-keyout /data/nginx/dummykey.pem \
41+
-out /data/nginx/dummycert.pem
42+
echo "Complete"
43+
fi
44+
45+
# Handle IPV6 settings
46+
/bin/handle-ipv6-setting /etc/nginx/conf.d
47+
/bin/handle-ipv6-setting /data/nginx
48+
49+
exec nginx

0 commit comments

Comments
 (0)