From 354d837c25c971e884d7c9f8a45e913885e91407 Mon Sep 17 00:00:00 2001 From: minoplhy Date: Sun, 24 Mar 2024 14:07:30 +0700 Subject: [PATCH] crowdsec-nginx-bouncer : init --- crowdsec-nginx-bouncer/install.sh | 120 ++++++++++++++++++++++++++++++ crowdsec-nginx-bouncer/upgrade.sh | 45 +++++++++++ nginx_build_script/README.md | 2 +- nginx_build_script/build.sh | 6 +- 4 files changed, 170 insertions(+), 3 deletions(-) create mode 100644 crowdsec-nginx-bouncer/install.sh create mode 100644 crowdsec-nginx-bouncer/upgrade.sh diff --git a/crowdsec-nginx-bouncer/install.sh b/crowdsec-nginx-bouncer/install.sh new file mode 100644 index 0000000..7e94b9a --- /dev/null +++ b/crowdsec-nginx-bouncer/install.sh @@ -0,0 +1,120 @@ +#!/bin/bash + +LUA_MOD_DIR="./lua-mod" +NGINX_CONF="crowdsec_nginx.conf" +NGINX_CONF_DIR="/etc/nginx/conf.d/" +ACCESS_FILE="access.lua" +LIB_PATH="/usr/local/lua/" +CONFIG_PATH="/etc/crowdsec/bouncers/" +DATA_PATH="/var/lib/crowdsec/lua/" +LAPI_DEFAULT_PORT="8080" +SILENT="false" +MAKEDIR=~/crowdsec-nginx-bouncer + +usage() { + echo "Usage:" + echo " ./install.sh -h Display this help message." + echo " ./install.sh Install the bouncer in interactive mode" + echo " ./install.sh -y Install the bouncer and accept everything" + exit 0 +} + + +#Accept cmdline arguments to overwrite options. +while [[ $# -gt 0 ]] +do + case $1 in + -y|--yes) + SILENT="true" + shift + ;; + -h|--help) + usage + ;; + esac + shift +done + + +gen_apikey() { + cd $MAKEDIR/crowdsec-nginx + type cscli > /dev/null + + if [ "$?" -eq "0" ] ; then + SUFFIX=`tr -dc A-Za-z0-9 /dev/null +} + +check_nginx_dependency() { + DEPENDENCY=( + "gettext-base" + ) + for dep in ${DEPENDENCY[@]}; + do + dpkg -l | grep ${dep} > /dev/null + if [[ $? != 0 ]]; then + if [[ ${SILENT} == "true" ]]; then + sudo apt-get install -y -qq ${dep} > /dev/null && echo "${dep} successfully installed" + else + echo "${dep} not found, do you want to install it (Y/n)? " + read answer + if [[ ${answer} == "" ]]; then + answer="y" + fi + if [ "$answer" != "${answer#[Yy]}" ] ;then + sudo apt-get install -y -qq ${dep} > /dev/null && echo "${dep} successfully installed" + else + echo "unable to continue without ${dep}. Exiting" && exit 1 + fi + fi + fi + done +} + +download_crowdsec_nginx_bouncer() { + wget -O $MAKEDIR/crowdsec-nginx-bouncer.tgz https://github.com/crowdsecurity/cs-nginx-bouncer/releases/download/v1.0.8/crowdsec-nginx-bouncer.tgz + mkdir -p $MAKEDIR/crowdsec-nginx && tar -xzf $MAKEDIR/crowdsec-nginx-bouncer.tgz -C $MAKEDIR/crowdsec-nginx --strip-components=1 +} + +build_luarocks() { + git clone --depth=1 https://github.com/luarocks/luarocks $MAKEDIR/luarocks + cd $MAKEDIR/luarocks && ./configure --with-lua-include=/opt/nginx-lua-module/luajit2/include/luajit-2.1 --with-lua=/opt/nginx-lua-module/luajit2 + make && make install + /usr/local/bin/luarocks config variables.LUA_INCDIR /opt/nginx-lua-module/luajit2/include/luajit-2.1 +} + +install() { + cd $MAKEDIR/crowdsec-nginx + sed -i '1s/^/#/' nginx/${NGINX_CONF} + sudo mkdir -p ${LIB_PATH}/plugins/crowdsec/ + sudo mkdir -p ${DATA_PATH}/templates/ + + sudo cp nginx/${NGINX_CONF} ${NGINX_CONF_DIR}/${NGINX_CONF} + sudo cp -r ${LUA_MOD_DIR}/lib/* ${LIB_PATH}/ + sudo cp -r ${LUA_MOD_DIR}/templates/* ${DATA_PATH}/templates/ + + sudo /usr/local/bin/luarocks install lua-resty-http + sudo /usr/local/bin/luarocks install lua-cjson +} + +mkdir -p $MAKEDIR +build_luarocks +download_crowdsec_nginx_bouncer +#gen_apikey +check_nginx_dependency +build_luarocks +install + + +echo "crowdsec-nginx-bouncer installed successfully" \ No newline at end of file diff --git a/crowdsec-nginx-bouncer/upgrade.sh b/crowdsec-nginx-bouncer/upgrade.sh new file mode 100644 index 0000000..5966da4 --- /dev/null +++ b/crowdsec-nginx-bouncer/upgrade.sh @@ -0,0 +1,45 @@ +#!/bin/bash + +LUA_MOD_DIR="./lua-mod" +NGINX_CONF="crowdsec_nginx.conf" +NGINX_CONF_DIR="/etc/nginx/conf.d/" +ACCESS_FILE="access.lua" +LIB_PATH="/usr/local/lua/" +CONFIG_PATH="/etc/crowdsec/bouncers/" +CONFIG_FILE="${CONFIG_PATH}crowdsec-nginx-bouncer.conf" +OLD_CONFIG_FILE="/etc/crowdsec/crowdsec-nginx-bouncer.conf" +DATA_PATH="/var/lib/crowdsec/lua/" + +install() { + mkdir -p ${LIB_PATH}/plugins/crowdsec/ + mkdir -p ${DATA_PATH}/templates/ + + cp nginx/${NGINX_CONF} ${NGINX_CONF_DIR}/${NGINX_CONF} + cp -r ${LUA_MOD_DIR}/lib/* ${LIB_PATH}/ + cp -r ${LUA_MOD_DIR}/templates/* ${DATA_PATH}/templates/ +} + +migrate_conf() { + if [ -f "$CONFIG_FILE" ]; then + return + fi + if [ ! -f "$OLD_CONFIG_FILE" ]; then + return + fi + echo "Found $OLD_CONFIG_FILE, but no $CONFIG_FILE. Migrating it." + mv "$OLD_CONFIG_FILE" "$CONFIG_FILE" +} + +if ! [ $(id -u) = 0 ]; then + log_err "Please run the upgrade script as root or with sudo" + exit 1 +fi + +if [ ! -d "${CONFIG_PATH}" ]; then + echo "crowdsec-nginx-bouncer is not installed, please run the ./install.sh script" + exit 1 +fi + +install +migrate_conf +echo "crowdsec-nginx-bouncer upgraded successfully" \ No newline at end of file diff --git a/nginx_build_script/README.md b/nginx_build_script/README.md index e6c67c7..474f1c2 100644 --- a/nginx_build_script/README.md +++ b/nginx_build_script/README.md @@ -10,7 +10,7 @@ bash ~/nginx_scriptbox.sh #### Note : don't forgot to add necessary `lua_package_path` directive to `nginx.conf`, in the http context. else Nginx won't run. ```lua -lua_package_path "/opt/nginx-lua-module/lib/lua/?.lua;;"; +lua_package_path "/usr/local/lua/?.lua;;'; ``` systemd Template: diff --git a/nginx_build_script/build.sh b/nginx_build_script/build.sh index 99f42cb..0cad944 100644 --- a/nginx_build_script/build.sh +++ b/nginx_build_script/build.sh @@ -59,10 +59,12 @@ mkdir -p /opt/nginx-lua-module/ git clone https://github.com/openresty/lua-resty-core $HOMEDIRECTORY/nginx-lua/lua-resty-core git clone https://github.com/openresty/lua-resty-lrucache $HOMEDIRECTORY/nginx-lua/lua-resty-lrucache git clone https://github.com/openresty/luajit2 $HOMEDIRECTORY/nginx-lua/luajit2 +git clone https://github.com/openresty/lua-resty-string $HOMEDIRECTORY/nginx-lua/lua-resty-string cd $HOMEDIRECTORY/nginx-lua/luajit2 && make && make install PREFIX=/opt/nginx-lua-module/luajit2 -cd $HOMEDIRECTORY/nginx-lua/lua-resty-core && make install PREFIX=/opt/nginx-lua-module/ -cd $HOMEDIRECTORY/nginx-lua/lua-resty-lrucache && make install PREFIX=/opt/nginx-lua-module/ +cd $HOMEDIRECTORY/nginx-lua/lua-resty-core && make install PREFIX=/usr/local/lua LUA_LIB_DIR=/usr/local/lua +cd $HOMEDIRECTORY/nginx-lua/lua-resty-lrucache && make install PREFIX=/usr/local/lua LUA_LIB_DIR=/usr/local/lua +cd $HOMEDIRECTORY/nginx-lua/lua-resty-string && make install PREFIX=/usr/local/lua LUA_LIB_DIR=/usr/local/lua export LUAJIT_LIB=/opt/nginx-lua-module/luajit2/lib export LUAJIT_INC=/opt/nginx-lua-module/luajit2/include/luajit-2.1