add ipv6=off to resolver.conf so crowdsec captcha ban works

Author: LePresidente

buildx-build.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
+export DOCKER_ORG='lepresidente'
+export IMAGE='nginxproxymanager'
+export MAJOR_VERSION='2'
+export BUILD_VERSION=$(cat ./.version)
+export BUILD_COMMIT=''
+BUILDX_PUSH_TAGS="-t docker.io/${DOCKER_ORG}/${IMAGE}:latest"
+#Set Versions
+cat frontend/package.json | jq --arg BUILD_VERSION "${BUILD_VERSION}" '.version = $BUILD_VERSION' | sponge frontend/package.json
+cat backend/package.json | jq --arg BUILD_VERSION "${BUILD_VERSION}" '.version = $BUILD_VERSION' | sponge backend/package.json
+./scripts/ci/frontend-build 
+#./scripts/build-backend
+docker run --rm -v "$(pwd)/backend:/app" -v "$(pwd)/global:/app/global" -w /app lepresidente/nginx-full:certbot-node sh -c "yarn install && yarn eslint . && rm -rf node_modules"
+docker build --pull --no-cache --squash --compress -t "${IMAGE}:ci-${BUILD_NUMBER}" -f docker/Dockerfile --build-arg TARGETPLATFORM=linux/amd64 --build-arg BUILDPLATFORM=linux/amd64 --build-arg BUILD_VERSION=${BUILD_VERSION} --build-arg BUILD_COMMIT=${BUILD_COMMIT}  --build-arg BUILD_DATE="$(date '+%Y-%m-%d %T %Z')" .
+./scripts/buildx --push ${BUILDX_PUSH_TAGS}
+

docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/00-all.sh

@@ -16,3 +16,4 @@ fi
 . /etc/s6-overlay/s6-rc.d/prepare/50-ipv6.sh
 . /etc/s6-overlay/s6-rc.d/prepare/60-secrets.sh
 . /etc/s6-overlay/s6-rc.d/prepare/90-banner.sh
+. 99_crowdsec-openresty-bouncer.sh

docker/rootfs/etc/cont-init.d/99_crowdsec-openresty-bouncer.sh renamed to docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/99_crowdsec-openresty-bouncer.sh

@@ -0,0 +1,49 @@
+#!/usr/bin/with-contenv bash
+
+# Create required folders
+mkdir -p /tmp/nginx/body \
+	/run/nginx \
+	/var/log/nginx \
+	/data/nginx \
+	/data/custom_ssl \
+	/data/logs \
+	/data/access \
+	/data/nginx/default_host \
+	/data/nginx/default_www \
+	/data/nginx/proxy_host \
+	/data/nginx/redirection_host \
+	/data/nginx/stream \
+	/data/nginx/dead_host \
+	/data/nginx/temp \
+	/var/lib/nginx/cache/public \
+	/var/lib/nginx/cache/private \
+	/var/cache/nginx/proxy_temp
+
+touch /var/log/nginx/error.log && chmod 777 /var/log/nginx/error.log && chmod -R 777 /var/cache/nginx
+chown root /tmp/nginx
+
+# Dynamically generate resolvers file, if resolver is IPv6, enclose in `[]`
+# thanks @tfmm
+echo resolver "$(awk 'BEGIN{ORS=" "} $1=="nameserver" { sub(/%.*$/,"",$2); print ($2 ~ ":")? "["$2"]": $2}' /etc/resolv.conf) ipv6=off valid=10s;" > /etc/nginx/conf.d/include/resolvers.conf
+
+# Generate dummy self-signed certificate.
+if [ ! -f /data/nginx/dummycert.pem ] || [ ! -f /data/nginx/dummykey.pem ]
+then
+	echo "Generating dummy SSL certificate..."
+	openssl req \
+		-new \
+		-newkey rsa:2048 \
+		-days 3650 \
+		-nodes \
+		-x509 \
+		-subj '/O=localhost/OU=localhost/CN=localhost' \
+		-keyout /data/nginx/dummykey.pem \
+		-out /data/nginx/dummycert.pem
+	echo "Complete"
+fi
+
+# Handle IPV6 settings
+/bin/handle-ipv6-setting /etc/nginx/conf.d
+/bin/handle-ipv6-setting /data/nginx
+
+exec nginx