Install Crowdsec OpenResty Directly into docker container. Removed all environment variables due to future integration with NPM.

LePresidente · LePresidente · commit a638e499b2ad · 2022-02-22T07:57:17.000+02:00
diff --git a/Dockerfile b/Dockerfile
@@ -12,13 +12,17 @@ ARG DOCKER_IMAGE_VERSION=unknown
 
 # Define software versions.
 ARG OPENRESTY_VERSION=1.19.9.1
+ARG CROWDSEC_OPENRESTY_BOUNCER_VERSION=0.1.1
 ARG NGINX_PROXY_MANAGER_VERSION=2.9.15
 ARG NGINX_HTTP_GEOIP2_MODULE_VERSION=3.3
 ARG LIBMAXMINDDB_VERSION=1.5.0
 ARG WATCH_VERSION=0.3.1
 
 # Define software download URLs.
 ARG OPENRESTY_URL=https://openresty.org/download/openresty-${OPENRESTY_VERSION}.tar.gz
+#Offical Crowdsec download location is currently blocked due to two pull requests waiting to be added for full support for Docker installs
+#ARG CROWDSEC_OPENRESTY_BOUNCER_URL=https://github.com/crowdsecurity/cs-openresty-bouncer/releases/download/v${CROWDSEC_OPENRESTY_BOUNCER_VERSION}/crowdsec-openresty-bouncer.tgz
+ARG CROWDSEC_OPENRESTY_BOUNCER_URL=https://github.com/LePresidente/cs-openresty-bouncer/releases/download/v${CROWDSEC_OPENRESTY_BOUNCER_VERSION}/crowdsec-openresty-bouncer.tgz
 ARG NGINX_PROXY_MANAGER_URL=https://github.com/jc21/nginx-proxy-manager/archive/v${NGINX_PROXY_MANAGER_VERSION}.tar.gz
 ARG NGINX_HTTP_GEOIP2_MODULE_URL=https://github.com/leev/ngx_http_geoip2_module/archive/${NGINX_HTTP_GEOIP2_MODULE_VERSION}.tar.gz
 ARG LIBMAXMINDDB_URL=https://github.com/maxmind/libmaxminddb/releases/download/${LIBMAXMINDDB_VERSION}/libmaxminddb-${LIBMAXMINDDB_VERSION}.tar.gz
@@ -372,6 +376,20 @@ RUN \
     del-pkg build-dependencies && \
     rm -rf /tmp/* /tmp/.[!.]*
 
+# Install Crowdsec OpenResty Bouncer.
+RUN \
+    # Download the Crowdsec OpenResty Bouncer package.
+    echo "Downloading Crowdsec Openresty Bouncer package..." && \
+    mkdir crowdsec-openresty-bouncer && \
+    curl -# -L ${CROWDSEC_OPENRESTY_BOUNCER_URL} | tar xz --strip 1 -C crowdsec-openresty-bouncer && \
+    # Deploy Crowdsec Openresty Bouncer.
+    echo "Deploy Crowdsec Openresty Bouncer.." && \
+    cd /tmp/crowdsec-openresty-bouncer && \
+    bash ./install.sh --NGINX_CONF_DIR=/etc/nginx/conf.d --LIB_PATH=/var/lib/nginx/lualib --CONFIG_PATH=/defaults/crowdsec/ --DATA_PATH=/defaults/crowdsec/ --docker && \
+    sed-patch 's|ENABLED=.*|ENABLED=false|' /defaults/crowdsec/crowdsec-openresty-bouncer.conf && \
+    # Cleanup.
+    rm -rf /tmp/* /tmp/.[!.]*
+
 # Add files.
 COPY rootfs/ /
 
diff --git a/rootfs/etc/cont-init.d/99_crowdsec-openresty-bouncer.sh b/rootfs/etc/cont-init.d/99_crowdsec-openresty-bouncer.sh
@@ -6,57 +6,21 @@ log() {
     echo "[cont-init.d] $(basename $0): $*"
 }
 
-CROWDSEC_OPENRESTY_BOUNCER_VERSION=${CROWDSEC_BOUNCER_VERSION}
-CROWDSEC_OPENRESTY_BOUNCER_URL=https://github.com/crowdsecurity/cs-openresty-bouncer/releases/download/v${CROWDSEC_OPENRESTY_BOUNCER_VERSION:=0.1.1}/crowdsec-openresty-bouncer.tgz
-
-if [ ${CROWDSEC_BOUNCER} == "1" ]; then
-    #Create required folders if they don't exist
-    mkdir -p /tmp/crowdsec/ /config/crowdsec/templates /config/crowdsec/static_package 
-    #Download the Crowdsec Openresty Bouncer if a static package is not found, this is useful for testing new versions or if we don't want to update
-    if [ -f /config/crowdsec/static_package/crowdsec-openresty-bouncer.tgz ]; then 
-        tar -xf /config/crowdsec/static_package/crowdsec-openresty-bouncer.tgz --strip=1 -C /tmp/crowdsec/ 
-    else
-        wget ${CROWDSEC_OPENRESTY_BOUNCER_URL} -O /tmp/crowdsec-openresty-bouncer.tgz
-        tar -xf /tmp/crowdsec-openresty-bouncer.tgz --strip=1 -C /tmp/crowdsec/
-        rm /tmp/crowdsec-openresty-bouncer.tgz
-    fi
-    
-    # Manually Deploy Crowdsec Openresty Bouncer, this will be done by the install.sh script in crowdsec-openresty-bouncer in future.
-    #https://github.com/crowdsecurity/cs-openresty-bouncer/pull/18
-    if grep 'docker' /tmp/crowdsec/install.sh; then
-        cd /tmp/crowdsec && bash ./install.sh --NGINX_CONF_DIR=/etc/nginx/conf.d --LIB_PATH=/var/lib/nginx/lualib --CONFIG_PATH=/config/crowdsec --DATA_PATH=/config/crowdsec --docker
-    else
-        echo "Deploy Crowdsec Openresty Bouncer manually.." 
-        echo "Patching crowdsec_openresty.conf.." 
-        #this will be handled by the installer but due to the current manual process this has to happen.
-        sed -i 's|/etc/crowdsec/bouncers/crowdsec-openresty-bouncer.conf|/config/crowdsec/crowdsec-openresty-bouncer.conf|' /tmp/crowdsec/openresty/crowdsec_openresty.conf
-        sed -i 's|/usr/local/openresty/lualib/plugins/crowdsec|/var/lib/nginx/lualib/plugins/crowdsec|' /tmp/crowdsec/openresty/crowdsec_openresty.conf 
-        sed -i 's|${SSL_CERTS_PATH}|/etc/ssl/certs/ca-certificates.crt|' /tmp/crowdsec/openresty/crowdsec_openresty.conf
-        sed -i 's|resolver local=on ipv6=off;||' /tmp/crowdsec/openresty/crowdsec_openresty.conf 
-        echo "Deploy crowdsec_openresty.conf.." 
-        cp /tmp/crowdsec/openresty/crowdsec_openresty.conf /etc/nginx/conf.d/
-        echo "Deploy lau files.." 
-        cp -r /tmp/crowdsec/lua/lib/*  /var/lib/nginx/lualib/
-        if [ -f /config/crowdsec/crowdsec-openresty-bouncer.conf ]; then
-            echo "Patch crowdsec-openresty-bouncer.conf .." 
-            sed "s/=.*//g" /config/crowdsec/crowdsec-openresty-bouncer.conf > /tmp/crowdsec.conf.raw
-            sed "s/=.*//g" /tmp/crowdsec/config/config_example.conf > /tmp/config_example.conf.raw
-            if grep -vf /tmp/crowdsec.conf.raw /tmp/config_example.conf.raw ; then
-                grep -vf /tmp/crowdsec.conf.raw /tmp/config_example.conf.raw > /tmp/config_example.newvals
-                cp /config/crowdsec/crowdsec-openresty-bouncer.conf /config/crowdsec/crowdsec-openresty-bouncer.conf.bak
-                grep -f /tmp/config_example.newvals /tmp/crowdsec/config/config_example.conf >> /config/crowdsec/crowdsec-openresty-bouncer.conf
-            fi
-        else
-            echo "Deploy new crowdsec-openresty-bouncer.conf .." 
-            cp /tmp/crowdsec/config/config_example.conf /config/crowdsec/crowdsec-openresty-bouncer.conf
-            
-        fi
-        echo "Deploy Templates .." 
-        sed -i 's|/var/lib/crowdsec/lua/templates|/config/crowdsec/templates|' /config/crowdsec/crowdsec-openresty-bouncer.conf
-        cp -r /tmp/crowdsec/templates/* /config/crowdsec/templates/
+mkdir -p /config/crowdsec
+echo "Deploy Crowdsec Openresty Bouncer manually.." 
+if [ -f /config/crowdsec/crowdsec-openresty-bouncer.conf ]; then
+    echo "Patch crowdsec-openresty-bouncer.conf .." 
+    sed "s/=.*//g" /config/crowdsec/crowdsec-openresty-bouncer.conf > /tmp/crowdsec.conf.raw
+    sed "s/=.*//g" /defaults/crowdsec/config_example.conf > /tmp/config_example.conf.raw
+    if grep -vf /tmp/crowdsec.conf.raw /tmp/config_example.conf.raw ; then
+        grep -vf /tmp/crowdsec.conf.raw /tmp/config_example.conf.raw > /tmp/config_example.newvals
+        cp /config/crowdsec/crowdsec-openresty-bouncer.conf /config/crowdsec/crowdsec-openresty-bouncer.conf.bak
+        grep -f /tmp/config_example.newvals /defaults/crowdsec/config_example.conf >> /config/crowdsec/crowdsec-openresty-bouncer.conf
     fi
-
-    [ -n "${CROWDSEC_APIKEY}" ] && sed -i 's|API_KEY=.*|API_KEY='${CROWDSEC_APIKEY}'|' /config/crowdsec/crowdsec-openresty-bouncer.conf
-    [ -n "${CROWDSEC_HOSTNAME}" ] && sed -i 's|API_URL=.*|API_URL='${CROWDSEC_HOSTNAME}'|' /config/crowdsec/crowdsec-openresty-bouncer.conf
+else
+    echo "Deploy new crowdsec-openresty-bouncer.conf .." 
+    cp /defaults/crowdsec/config_example.conf /config/crowdsec/crowdsec-openresty-bouncer.conf    
 fi
-exit 0
+echo "Deploy Templates .." 
+sed -i 's|/defaults/crowdsec/templates|/config/crowdsec/templates|' /config/crowdsec/crowdsec-openresty-bouncer.conf
+cp -r /defaults/crowdsec/templates/* /config/crowdsec/templates/
