Skip to content

Commit d5368ef

Browse files
stevusprimusstevusprimus
committed
reverted changes on BOUNCER_CONFIG and added all remaining missing variables
1 parent 2ae8d4f commit d5368ef

File tree

2 files changed

+22
-25
lines changed

2 files changed

+22
-25
lines changed

docker/README.md

Lines changed: 0 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -57,29 +57,6 @@ docker run -d -p 8080:80 \
5757
--name openresty crowdsecurity/crowdsec-openresty
5858
```
5959

60-
Or you can pass the whole bouncer config through the docker compose enviroment
61-
62-
```code
63-
... in docker-compose.yml
64-
...
65-
environment:
66-
BOUNCER_CONFIG: |
67-
API_KEY=${CROWDSEC_BOUNCER_OPENRESTY_APIKEY}
68-
API_URL=http://crowdsec:8080
69-
CAPTCHA_PROVIDER=${CROWDSEC_BOUNCER_OPENRESTY_CAPTCHA_PROVIDER}
70-
SECRET_KEY=${CROWDSEC_BOUNCER_OPENRESTY_SECRET_KEY}
71-
SITE_KEY=${CROWDSEC_BOUNCER_OPENRESTY_SITE_KEY}
72-
FALLBACK_REMEDIATION=ban
73-
MODE=stream
74-
BOUNCING_ON_TYPE=all
75-
CAPTCHA_TEMPLATE_PATH=/var/lib/crowdsec/lua/templates/captcha.html
76-
BAN_TEMPLATE_PATH=/var/lib/crowdsec/lua/templates/ban.html
77-
ALWAYS_SEND_TO_APPSEC=true
78-
SSL_VERIFY=false
79-
APPSEC_URL=http://crowdsec:7422
80-
...
81-
```
82-
8360
### Configuration
8461

8562
The bouncer uses [lua_shared_dict](https://github.com/openresty/lua-nginx-module#lua_shared_dict) to share cache between all workers.

docker/docker_start.sh

Lines changed: 22 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
CROWDSEC_BOUNCER_CONFIG="/etc/crowdsec/bouncers/crowdsec-openresty-bouncer.conf"
55

66
if [ "$BOUNCER_CONFIG" != "" ]; then
7-
echo "$BOUNCER_CONFIG" > $CROWDSEC_BOUNCER_CONFIG
7+
CROWDSEC_BOUNCER_CONFIG="$BOUNCER_CONFIG"
88
fi
99
if [ "$API_URL" != "" ]; then
1010
sed -i "s,API_URL.*,API_URL=$API_URL," "$CROWDSEC_BOUNCER_CONFIG"
@@ -54,10 +54,30 @@ fi
5454
if [ "$CAPTCHA_EXPIRATION" != "" ]; then
5555
sed -i "s,CAPTCHA_EXPIRATION.*,CAPTCHA_EXPIRATION=$CAPTCHA_EXPIRATION," "$CROWDSEC_BOUNCER_CONFIG"
5656
fi
57-
5857
if [ "$CAPTCHA_PROVIDER" != "" ]; then
5958
sed -i "s,CAPTCHA_PROVIDER.*,CAPTCHA_PROVIDER=$CAPTCHA_PROVIDER," "$CROWDSEC_BOUNCER_CONFIG"
6059
fi
60+
if [ "$APPSEC_URL" != "" ]; then
61+
sed -i "s,APPSEC_URL.*,APPSEC_URL=$APPSEC_URL," "$CROWDSEC_BOUNCER_CONFIG"
62+
fi
63+
if [ "$APPSEC_FAILURE_ACTION" != "" ]; then
64+
sed -i "s,APPSEC_FAILURE_ACTION.*,APPSEC_FAILURE_ACTION=$APPSEC_FAILURE_ACTION," "$CROWDSEC_BOUNCER_CONFIG"
65+
fi
66+
if [ "$APPSEC_CONNECT_TIMEOUT" != "" ]; then
67+
sed -i "s,APPSEC_CONNECT_TIMEOUT.*,APPSEC_CONNECT_TIMEOUT=$APPSEC_CONNECT_TIMEOUT," "$CROWDSEC_BOUNCER_CONFIG"
68+
fi
69+
if [ "$APPSEC_SEND_TIMEOUT" != "" ]; then
70+
sed -i "s,APPSEC_SEND_TIMEOUT.*,APPSEC_SEND_TIMEOUT=$APPSEC_SEND_TIMEOUT," "$CROWDSEC_BOUNCER_CONFIG"
71+
fi
72+
if [ "$APPSEC_PROCESS_TIMEOUT" != "" ]; then
73+
sed -i "s,APPSEC_PROCESS_TIMEOUT.*,APPSEC_PROCESS_TIMEOUT=$APPSEC_PROCESS_TIMEOUT," "$CROWDSEC_BOUNCER_CONFIG"
74+
fi
75+
if [ "$ALWAYS_SEND_TO_APPSEC" != "" ]; then
76+
sed -i "s,ALWAYS_SEND_TO_APPSEC.*,ALWAYS_SEND_TO_APPSEC=$ALWAYS_SEND_TO_APPSEC," "$CROWDSEC_BOUNCER_CONFIG"
77+
fi
78+
if [ "$SSL_VERIFY" != "" ]; then
79+
sed -i "s,SSL_VERIFY.*,SSL_VERIFY=$SSL_VERIFY," "$CROWDSEC_BOUNCER_CONFIG"
80+
fi
6181

6282
if [ "${IS_LUALIB_IMAGE,,}" != "true" ]; then
6383
exec /usr/local/openresty/bin/openresty -g "daemon off;"

0 commit comments

Comments
 (0)