Install Crowdsec OpenResty Bouncer directly into the docker image.

LePresidente · LePresidente · commit b4804e6fafcd · 2022-02-22T08:55:22.000+02:00
Config files and templates are saved in /defaults/crowdsec A script in the main docker image will handle deployment.
diff --git a/README.md b/README.md
@@ -22,6 +22,7 @@ The following images are built:
 **latest**
 - OpenResty
 - Lua
+- [Crowdsec Openresty Bouncer](https://github.com/crowdsecurity/cs-openresty-bouncer)
 
 **certbot**
 - Certbot
diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -73,8 +73,10 @@ COPY --from=nginxbuilder /tmp/openresty /tmp/openresty
 COPY ./scripts/install-openresty /tmp/install-openresty
 
 ARG OPENRESTY_VERSION
+ARG CROWDSEC_OPENRESTY_BOUNCER_VERSION
 ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt \
-	OPENRESTY_VERSION=${OPENRESTY_VERSION}
+	OPENRESTY_VERSION=${OPENRESTY_VERSION} \
+	CROWDSEC_OPENRESTY_BOUNCER_VERSION=${CROWDSEC_OPENRESTY_BOUNCER_VERSION}
 
 # Install openresty, lua, then clean up file system
 RUN apt-get update \
diff --git a/local-build.sh b/local-build.sh
@@ -9,6 +9,7 @@ RESET='\E[0m'
 DOCKER_IMAGE=nginxproxymanager/nginx-full
 
 export OPENRESTY_VERSION=1.19.9.1
+export CROWDSEC_OPENRESTY_BOUNCER_VERSION=0.1.1
 export LUA_VERSION=5.1.5
 export LUAROCKS_VERSION=3.3.1
 
@@ -18,6 +19,7 @@ echo -e "${BLUE}❯ ${CYAN}Building ${YELLOW}latest ${CYAN}...${RESET}"
 docker build \
 	--pull \
 	--build-arg OPENRESTY_VERSION \
+	--build-arg CROWDSEC_OPENRESTY_BOUNCER_VERSION \
 	--build-arg LUA_VERSION \
 	--build-arg LUAROCKS_VERSION \
 	-t ${DOCKER_IMAGE}:latest \
diff --git a/scripts/install-crowdsec_openresty_bouncer b/scripts/install-crowdsec_openresty_bouncer
@@ -0,0 +1,22 @@
+#!/bin/bash -e
+
+BLUE='\E[1;34m'
+CYAN='\E[1;36m'
+YELLOW='\E[1;33m'
+GREEN='\E[1;32m'
+RESET='\E[0m'
+
+echo -e "${BLUE}❯ ${CYAN}Installing Crowdsec OpenResty Bouncer ${YELLOW}${CROWDSEC_OPENRESTY_BOUNCER_VERSION}...${RESET}"
+
+cd /tmp
+#Offical Crowdsec download location is currently blocked due to two pull requests waiting to be added for full support for Docker installs
+#weg "https://github.com/crowdsecurity/cs-openresty-bouncer/releases/download/v${CROWDSEC_OPENRESTY_BOUNCER_VERSION}/crowdsec-openresty-bouncer.tgz"
+wget "https://github.com/LePresidente/cs-openresty-bouncer/releases/download/v${CROWDSEC_OPENRESTY_BOUNCER_VERSION}/crowdsec-openresty-bouncer.tgz"
+mkdir -p /tmp/crowdsec
+tar -xzf --strip 1 crowdsec-openresty-bouncer.tgz -C /tmp/crowdsec
+cd /tmp/crowdsec
+
+bash ./install.sh --NGINX_CONF_DIR=/etc/nginx/conf.d --LIB_PATH=/etc/nginx/lualib --CONFIG_PATH=/defaults/crowdsec --DATA_PATH=/defaults/crowdsec --docker
+sed-patch 's|ENABLED=.*|ENABLED=false|' /defaults/crowdsec/crowdsec-openresty-bouncer.conf
+
+echo -e "${BLUE}❯ ${GREEN}OpenResty plugins install completed${RESET}"
