Makussu/bunkerweb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

crowdsec - fix bugs and update example

Browse Source
This commit is contained in:
bunkerity 2021-05-18 14:03:16 +02:00
parent 7c6a13c549
commit 600484b16e
No known key found for this signature in database
GPG Key ID: 3D80806F12602A7C
8 changed files with 62 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
confs/global/crowdsec.conf
View File

@ -1,9 +0,0 @@
init_by_lua_block {
local cs = require "crowdsec.CrowdSec"
local ok, err = cs.init("/usr/local/lib/lua/crowdsec/crowdsec.conf")
if ok == nil then
ngx.log(ngx.ERR, "[Crowdsec] " .. err)
error()
end
ngx.log(ngx.NOTICE, "[Crowdsec] Initialisation done")
}

11
confs/global/init-lua.conf
View File

@ -7,6 +7,7 @@ local use_abusers = %USE_ABUSERS%
local use_tor_exit_nodes = %USE_TOR_EXIT_NODES% local use_tor_exit_nodes = %USE_TOR_EXIT_NODES%
local use_user_agents = %USE_USER_AGENTS% local use_user_agents = %USE_USER_AGENTS%
local use_referrers = %USE_REFERRERS% local use_referrers = %USE_REFERRERS%
local use_crowdsec = %USE_CROWDSEC%
if use_proxies then if use_proxies then
dataloader.load_ip("/etc/nginx/proxies.list", ngx.shared.proxies_data) dataloader.load_ip("/etc/nginx/proxies.list", ngx.shared.proxies_data)
@ -28,4 +29,14 @@ if use_referrers then
dataloader.load_raw("/etc/nginx/referrers.list", ngx.shared.referrers_data) dataloader.load_raw("/etc/nginx/referrers.list", ngx.shared.referrers_data)
end end
if use_crowdsec then
local cs = require "crowdsec.CrowdSec"
local ok, err = cs.init("/usr/local/lib/lua/crowdsec/crowdsec.conf")
if ok == nil then
ngx.log(ngx.ERR, "[CROWDSEC] " .. err)
error()
end
ngx.log(ngx.ERR, "[CROWDSEC] *NOT AN ERROR* initialisation done")
end
} }

3
confs/global/nginx.conf
View File

@ -91,9 +91,6 @@ http {
%BLOCK_REFERRERS% %BLOCK_REFERRERS%
%BAD_BEHAVIOR% %BAD_BEHAVIOR%
# crowdsec init
%USE_CROWDSEC%
# shared memory zone for limit_req # shared memory zone for limit_req
%LIMIT_REQ_ZONE% %LIMIT_REQ_ZONE%

4
entrypoint/global-config.sh
View File

@ -229,9 +229,9 @@ fi
# CrowdSec setup # CrowdSec setup
if [ "$(has_value USE_CROWDSEC yes)" != "" ] ; then if [ "$(has_value USE_CROWDSEC yes)" != "" ] ; then
replace_in_file "/etc/nginx/nginx.conf" "%USE_CROWDSEC%" "include /etc/nginx/crowdsec.conf;" replace_in_file "/etc/nginx/init-lua.conf" "%USE_CROWDSEC%" "true"
else else
replace_in_file "/etc/nginx/nginx.conf" "%USE_CROWDSEC%" "" replace_in_file "/etc/nginx/init-lua.conf" "%USE_CROWDSEC%" "false"
fi fi
# API # API

3
examples/crowdsec/acquis.yaml
View File

@ -1,6 +1,5 @@
filenames: filenames:
- /var/log/access.log - /var/log/nginx.log
- /var/log/error.log
labels: labels:
type: nginx type: nginx
--- ---

2
examples/crowdsec/bouncer_key.sh Normal file → Executable file
View File

@ -11,7 +11,7 @@ sleep 10
docker-compose exec mycrowdsec cscli bouncers add MyBouncer docker-compose exec mycrowdsec cscli bouncers add MyBouncer
# enter the key into the CROWDSEC_KEY environment variable # enter the key into the CROWDSEC_KEY environment variable
read -p -s "edit CROWDSEC_KEY env var in docker-compose.yml file and press enter" read -p "edit CROWDSEC_KEY env var in docker-compose.yml file and press enter" edited
# start all services # start all services
docker-compose up -d docker-compose up -d

35
examples/crowdsec/docker-compose.yml
View File

@ -3,8 +3,18 @@ version: '3'
services: services:
mywww: mywww:
image: bunkerity/bunkerized-nginx image: debug
restart: always restart: always
# mandatory for crowdsec :
# you need to redirect Docker logs to the syslog server
logging:
driver: syslog
options:
syslog-address: "udp://10.10.10.254:514"
depends_on:
- mysyslog
- myapp1
- myapp2
ports: ports:
- 80:8080 - 80:8080
- 443:8443 - 443:8443
@ -13,7 +23,6 @@ services:
volumes: volumes:
- ./web-files:/www:ro - ./web-files:/www:ro
- ./letsencrypt:/etc/letsencrypt - ./letsencrypt:/etc/letsencrypt
- nginx_logs:/var/log
environment: environment:
- SERVER_NAME=app1.website.com app2.website.com # replace with your domains - SERVER_NAME=app1.website.com app2.website.com # replace with your domains
- MULTISITE=yes - MULTISITE=yes
@ -24,15 +33,15 @@ services:
- USE_GZIP=yes - USE_GZIP=yes
- USE_CROWDSEC=yes - USE_CROWDSEC=yes
- CROWDSEC_HOST=http://mycrowdsec:8080 - CROWDSEC_HOST=http://mycrowdsec:8080
- CROWDSEC_KEY= # you need to generate it (see bouncer_key.sh) - CROWDSEC_KEY= # you need to generate it (see bouncer_key.sh)
- app1.website.com_REMOTE_PHP=myapp1 - app1.website.com_REMOTE_PHP=myapp1
- app1.website.com_REMOTE_PHP_PATH=/app - app1.website.com_REMOTE_PHP_PATH=/app
- app2.website.com_REMOTE_PHP=myapp2 - app2.website.com_REMOTE_PHP=myapp2
- app2.website.com_REMOTE_PHP_PATH=/app - app2.website.com_REMOTE_PHP_PATH=/app
networks: networks:
- net0 net0:
- net1 net1:
- net2 net2:
mycrowdsec: mycrowdsec:
image: crowdsecurity/crowdsec:v1.0.13 image: crowdsecurity/crowdsec:v1.0.13
@ -46,6 +55,16 @@ services:
networks: networks:
- net0 - net0
mysyslog:
image: balabit/syslog-ng
restart: always
volumes:
- ./syslog-ng.conf:/etc/syslog-ng/syslog-ng.conf
- nginx_logs:/var/log
networks:
net0:
ipv4_address: 10.10.10.254
myapp1: myapp1:
image: php:fpm image: php:fpm
restart: always restart: always
@ -64,6 +83,10 @@ services:
networks: networks:
net0: net0:
ipam:
driver: default
config:
- subnet: 10.10.10.0/24
net1: net1:
net2: net2:

18
examples/crowdsec/syslog-ng.conf Normal file
View File

@ -0,0 +1,18 @@
@version: 3.31
source s_net {
udp(
ip("0.0.0.0")
);
};
template t_imp {
template("$MSG\n");
template_escape(no);
};
destination d_file {
file("/var/log/nginx.log" template(t_imp));
};
log { source(s_net); destination(d_file); };