Skip to content

Commit

Permalink
Merge pull request #18 from LePresidente/main
Browse files Browse the repository at this point in the history
Supports overriding the default paths required for custom installs
  • Loading branch information
he2ss authored Mar 8, 2022
2 parents a284555 + cd2d569 commit 1307a7c
Showing 1 changed file with 76 additions and 31 deletions.
107 changes: 76 additions & 31 deletions install.sh
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#!/bin/bash

echo "Starting Crowdsec Openresty Bouncer install"
NGINX_CONF="crowdsec_openresty.conf"
NGINX_CONF_DIR="/usr/local/openresty/nginx/conf/conf.d/"
LIB_PATH="/usr/local/openresty/lualib/"
Expand All @@ -9,12 +9,35 @@ PKG="apt"
PACKAGE_LIST="dpkg -l"
SSL_CERTS_PATH="/etc/ssl/certs/ca-certificates.crt"

#Accept cmdline arguments to overwrite options.
while [[ $# -gt 0 ]]
do
case $1 in
--NGINX_CONF_DIR=*)
NGINX_CONF_DIR="${1#*=}"
;;
--LIB_PATH=*)
LIB_PATH="${1#*=}"
;;
--CONFIG_PATH=*)
CONFIG_PATH="${1#*=}"
;;
--DATA_PATH=*)
DATA_PATH="${1#*=}"
;;
--docker)
DOCKER="1"
;;
esac
shift
done

check_pkg_manager(){
if [ -f /etc/redhat-release ]; then
PKG="yum"
PACKAGE_LIST="yum list installed"
SSL_CERTS_PATH="/etc/ssl/certs/ca-bundle.crt"
elif cat /etc/system-release | grep -q "Amazon Linux release 2 (Karoo)"; then
elif grep -q "Amazon Linux release 2 (Karoo)" < /etc/system-release ; then
PKG="yum"
PACKAGE_LIST="yum list installed"
SSL_CERTS_PATH="/etc/ssl/certs/ca-bundle.crt"
Expand All @@ -35,27 +58,45 @@ requirement() {
}

gen_config_file() {
SUFFIX=`tr -dc A-Za-z0-9 </dev/urandom | head -c 8`
API_KEY=`cscli bouncers add crowdsec-openresty-bouncer-${SUFFIX} -o raw`
API_KEY=${API_KEY} CROWDSEC_LAPI_URL="http://127.0.0.1:8080" envsubst < ./config/config_example.conf > "${CONFIG_PATH}crowdsec-openresty-bouncer.conf"
echo "New API key generated in config '${CONFIG_PATH}crowdsec-openresty-bouncer.conf'"
#Don't overwrite the existing file
if [ ! -f "${CONFIG_PATH}/crowdsec-openresty-bouncer.conf" ]; then
#check if cscli is available, this can be installed on systems without crowdsec installed
if cscli version 2>&1 /dev/null; then
SUFFIX=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 8)
API_KEY=$(cscli bouncers add "crowdsec-openresty-bouncer-${SUFFIX}" -o raw)
fi
API_KEY=${API_KEY} CROWDSEC_LAPI_URL="http://127.0.0.1:8080" envsubst < ./config/config_example.conf > "${CONFIG_PATH}/crowdsec-openresty-bouncer.conf"
[ -n "${API_KEY}" ] && echo "New API key generated to be used in '${CONFIG_PATH}/crowdsec-openresty-bouncer.conf'"
else
#Patch the existing file with new parameters if the need to be added
echo "Patch crowdsec-openresty-bouncer.conf .."
sed "s/=.*//g" "${CONFIG_PATH}/crowdsec-openresty-bouncer.conf" > /tmp/crowdsec.conf.raw
sed "s/=.*//g" ./config/config_example.conf > /tmp/config_example.conf.raw
if grep -vf /tmp/crowdsec.conf.raw /tmp/config_example.conf.raw ; then
grep -vf /tmp/crowdsec.conf.raw /tmp/config_example.conf.raw > /tmp/config_example.newvals
cp "${CONFIG_PATH}/crowdsec-openresty-bouncer.conf" "${CONFIG_PATH}/crowdsec-openresty-bouncer.conf.bak"
#Make sure we start on a new line.
echo "" >>"${CONFIG_PATH}/crowdsec-openresty-bouncer.conf"
grep -f /tmp/config_example.newvals /tmp/crowdsec/config/config_example.conf >> "${CONFIG_PATH}/crowdsec-openresty-bouncer.conf"
fi
fi
sed -i 's|/var/lib/crowdsec/lua|'"${DATA_PATH}"'|' "${CONFIG_PATH}/crowdsec-openresty-bouncer.conf"
}

check_openresty_dependency() {
DEPENDENCY=(
"openresty-opm"
)
for dep in ${DEPENDENCY[@]};
DEPENDENCY=( \
"openresty-opm" \
)
for dep in "${DEPENDENCY[@]}";
do
$PACKAGE_LIST | grep ${dep} > /dev/null
if [[ $? != 0 ]]; then
if ! $PACKAGE_LIST | grep "${dep}" > /dev/null; then
echo "${dep} not found, do you want to install it (Y/n)? "
read answer
read -r answer
if [[ ${answer} == "" ]]; then
answer="y"
fi
if [ "$answer" != "${answer#[Yy]}" ] ;then
"$PKG" install -y -qq ${dep} > /dev/null && echo "${dep} successfully installed"
"$PKG" install -y -qq "${dep}" > /dev/null && echo "${dep} successfully installed"
else
echo "unable to continue without ${dep}. Exiting" && exit 1
fi
Expand All @@ -64,20 +105,20 @@ check_openresty_dependency() {
}

check_lua_dependency() {
DEPENDENCY=(
"pintsized/lua-resty-http"
DEPENDENCY=( \
"pintsized/lua-resty-http" \
)
for dep in ${DEPENDENCY[@]};
for dep in "${DEPENDENCY[@]}";
do
opm list | grep ${dep} > /dev/null
if [[ $? != 0 ]]; then

if ! opm list | grep "${dep}" > /dev/null; then
echo "${dep} not found, do you want to install it (Y/n)? "
read answer
read -r answer
if [[ ${answer} == "" ]]; then
answer="y"
fi
if [ "$answer" != "${answer#[Yy]}" ] ;then
opm get ${dep} > /dev/null && echo "${dep} successfully installed"
opm get "${dep}" > /dev/null && echo "${dep} successfully installed"
else
echo "unable to continue without ${dep}. Exiting" && exit 1
fi
Expand All @@ -87,25 +128,29 @@ check_lua_dependency() {


install() {
mkdir -p ${DATA_PATH}templates/

cp -r lua/lib/* ${LIB_PATH}
cp templates/* ${DATA_PATH}templates/
mkdir -p "${DATA_PATH}/templates/"

cp -r lua/lib/* "${LIB_PATH}/"
cp templates/* "${DATA_PATH}/templates/"
#Patch the nginx config file
SSL_CERTS_PATH=${SSL_CERTS_PATH} envsubst < openresty/${NGINX_CONF} > "${NGINX_CONF_DIR}/${NGINX_CONF}"
sed -i 's|/etc/crowdsec/bouncers|'"${CONFIG_PATH}"'|' "${NGINX_CONF_DIR}/${NGINX_CONF}"
#Some docker images like Nginx Proxy Manager has this defined already.
[ -z ${DOCKER} ] || sed -i 's|resolver local=on ipv6=off;||' "${NGINX_CONF_DIR}/${NGINX_CONF}"
}


if ! [ $(id -u) = 0 ]; then
log_err "Please run the install script as root or with sudo"
if ! [ "$(id -u)" = 0 ] && [ -z ${DOCKER} ]; then
echo "Please run the install script as root or with sudo"
exit 1
fi

check_pkg_manager
[ -z ${DOCKER} ] && check_pkg_manager
requirement
check_openresty_dependency
check_lua_dependency
[ -z ${DOCKER} ] && check_openresty_dependency
[ -z ${DOCKER} ] && check_lua_dependency
gen_config_file
install
echo "crowdsec-openresty-bouncer installed successfully"
echo "Run 'sudo systemctl restart openresty.service' to start openresty-bouncer"
[ -z ${DOCKER} ] && echo "Run 'sudo systemctl restart openresty.service' to start openresty-bouncer"
exit 0

0 comments on commit 1307a7c

Please sign in to comment.