1+ #! /usr/bin/with-contenv bash
2+ # shellcheck shell=bash
3+
4+ set -e # Exit immediately if a command exits with a non-zero status.
5+
6+ log () {
7+ echo " [cont-init.d] $( basename $0 ) $* "
8+ }
9+
10+ CROWDSEC_OPENRESTY_BOUNCER_VERSION=${CROWDSEC_BOUNCER_VERSION}
11+ CROWDSEC_OPENRESTY_BOUNCER_URL=https://github.com/crowdsecurity/cs-openresty-bouncer/releases/download/v${CROWDSEC_OPENRESTY_BOUNCER_VERSION:= 0.1.1} /crowdsec-openresty-bouncer.tgz
12+
13+ if [ " ${CROWDSEC_BOUNCER} " == " 1" ; then
14+ # Create required folders if they don't exist
15+ mkdir -p /tmp/crowdsec/ /data/crowdsec/templates /data/crowdsec/static_package
16+ # Download the Crowdsec Openresty Bouncer if a static package is not found, this is useful for testing new versions or if we don't want to update
17+ if [ -f /data/crowdsec/static_package/crowdsec-openresty-bouncer.tgz ]; then
18+ tar -xf /data/crowdsec/static_package/crowdsec-openresty-bouncer.tgz --strip=1 -C /tmp/crowdsec/
19+ else
20+ wget ${CROWDSEC_OPENRESTY_BOUNCER_URL} -O /tmp/crowdsec-openresty-bouncer.tgz
21+ tar -xf /tmp/crowdsec-openresty-bouncer.tgz --strip=1 -C /tmp/crowdsec/
22+ rm /tmp/crowdsec-openresty-bouncer.tgz
23+ fi
24+
25+ # Manually Deploy Crowdsec Openresty Bouncer, this will be done by the install.sh script in crowdsec-openresty-bouncer in future.
26+ # https://github.com/crowdsecurity/cs-openresty-bouncer/pull/18
27+ if grep ' docker' ; then
28+ cd /tmp/crowdsec && bash ./install.sh --NGINX_CONF_DIR=/etc/nginx/conf.d --LIB_PATH=/etc/nginx/lualib --CONFIG_PATH=/data/crowdsec --DATA_PATH=/data/crowdsec --docker
29+ else
30+ echo " Deploy Crowdsec Openresty Bouncer manually.."
31+ echo " Patching crowdsec_openresty.conf.."
32+ # this will be handled by the installer but due to the current manual process this has to happen.
33+ sed -i ' s|/etc/crowdsec/bouncers/crowdsec-openresty-bouncer.conf|/data/crowdsec/crowdsec-openresty-bouncer.conf|'
34+ sed -i ' s|/usr/local/openresty/lualib/plugins/crowdsec|/etc/nginx/lualib/plugins/crowdsec|'
35+ sed -i ' s|${SSL_CERTS_PATH}|/etc/ssl/certs/ca-certificates.crt|'
36+ sed -i ' s|resolver local=on ipv6=off;||'
37+ echo " Deploy crowdsec_openresty.conf.."
38+ cp /tmp/crowdsec/openresty/crowdsec_openresty.conf /etc/nginx/conf.d/
39+ echo " Deploy lau files.."
40+ cp -r /tmp/crowdsec/lua/lib/* /etc/nginx/lualib/
41+ if [ -f /data/crowdsec/crowdsec-openresty-bouncer.conf ]; then
42+ echo " Patch crowdsec-openresty-bouncer.conf .."
43+ sed " s/=.*//g" > /tmp/crowdsec.conf.raw
44+ sed " s/=.*//g" > /tmp/config_example.conf.raw
45+ if grep -vf /tmp/crowdsec.conf.raw /tmp/config_example.conf.raw ; then
46+ grep -vf /tmp/crowdsec.conf.raw /tmp/config_example.conf.raw > /tmp/config_example.newvals
47+ cp /data/crowdsec/crowdsec-openresty-bouncer.conf /data/crowdsec/crowdsec-openresty-bouncer.conf.bak
48+ grep -f /tmp/config_example.newvals /tmp/crowdsec/config/config_example.conf >> /data/crowdsec/crowdsec-openresty-bouncer.conf
49+ fi
50+ else
51+ echo " Deploy new crowdsec-openresty-bouncer.conf .."
52+ cp /tmp/crowdsec/config/config_example.conf /data/crowdsec/crowdsec-openresty-bouncer.conf
53+
54+ fi
55+ echo " Deploy Templates .."
56+ sed -i ' s|/var/lib/crowdsec/lua/templates|/data/crowdsec/templates|'
57+ cp -r /tmp/crowdsec/templates/* /data/crowdsec/templates/
58+ fi
59+
60+ [ -n " ${CROWDSEC_APIKEY} " && sed -i ' s|API_KEY=.*|API_KEY=' ${CROWDSEC_APIKEY} ' |'
61+ [ -n " ${CROWDSEC_HOSTNAME} " && sed -i ' s|API_URL=.*|API_URL=' ${CROWDSEC_HOSTNAME} ' |'
62+ fi
63+ exit 0
0 commit comments