SSL_CERTS_PATH needs a default - small fixes

docker/Dockerfile

@@ -10,6 +10,7 @@ ARG BUILD_VERSION
 ARG BUILD_COMMIT
 ARG BUILD_DATE
 ARG BASE_TAG
+ARG SSL_CERTS_PATH
 
 ENV SUPPRESS_NO_CONFIG_WARNING=1 \
         S6_FIX_ATTRS_HIDDEN=1 \
@@ -21,7 +22,12 @@ ENV SUPPRESS_NO_CONFIG_WARNING=1 \
         OPENRESTY_DEBUG="0" \
         MODSEC_CREATE="0" \
         MODSEC_ENABLE="0" \
-        MODSEC_ADMIN_PANEL="0"
+        MODSEC_ADMIN_PANEL="0" \
+        CROWDSEC_UPDATE_DIR='/cs-update' \
+        GEOLITE_DB_GRAB="0" \
+        GEOLITE2_DB_GRAB="0" \
+        GEOIP_DIR="/geoip_db" \
+        SSL_CERTS_PATH="${SSL_CERTS_PATH:-'/etc/ssl/certs/GTS_Root_R1.pem'}"
 
 RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
         && apt-get update \

docker/rootfs/etc/cont-init.d/90_mmdb.sh

@@ -8,13 +8,15 @@ log() {
 if [[ -n "${GEOLITE2_DB_GRAB}" ]]; then
   if [[ "${GEOLITE2_DB_GRAB}" == "1" ]] || [[ "${GEOLITE2_DB_GRAB}" -eq 1 ]]; then
     log "GeoLite2 DB Grab configured, installing/updating GeoLite2 Database's"
-    geo2="${GEOIP_DIR:-/geoip}/2"
+    geo2="${GEOIP_DIR:/geoip_db}/2"
     mkdir -p "$geo2/tmp"
-    GEOIP2_DB_URLS=(
-      "https://github.com/P3TERX/GeoLite.mmdb/raw/download/GeoLite2-City.mmdb"
-      "https://github.com/P3TERX/GeoLite.mmdb/raw/download/GeoLite2-Country.mmdb"
-      "https://github.com/P3TERX/GeoLite.mmdb/raw/download/GeoLite2-ASN.mmdb"
-    )
+    if [ -z "$GEOIP2_DB_URLS" ]; then
+      GEOIP2_DB_URLS=(
+        "https://github.com/P3TERX/GeoLite.mmdb/raw/download/GeoLite2-City.mmdb"
+        "https://github.com/P3TERX/GeoLite.mmdb/raw/download/GeoLite2-Country.mmdb"
+        "https://github.com/P3TERX/GeoLite.mmdb/raw/download/GeoLite2-ASN.mmdb"
+      )
+    fi
     # download new dbs and diff them, update if different
     for db in "${GEOIP2_DB_URLS[@]}"; do
       log "Downloading ${db##*/} from ${db%/*}..."
@@ -46,7 +48,7 @@ if [[ -n "${GEOLITE_DB_GRAB}" ]]; then
   if [ "${GEOLITE_DB_GRAB}" == "1" ] || [ "${GEOLITE2_DB_GRAB}" -eq 1 ]; then
     log "GeoLite LEGACY DB Grab configured, downloading GeoLite LEGACY Database's"
 
-    geo1="${GEOIP_DIR:-/geoip}/1"
+    geo1="${GEOIP_DIR:/geoip_db}/1"
     mkdir -p "$geo1"
 
 

docker/rootfs/etc/cont-init.d/99_crowdsec-openresty-bouncer.sh

@@ -17,10 +17,13 @@ if [ "${CROWDSEC_BOUNCER}" == "1" ] || [ "${CROWDSEC_BOUNCER}" -eq 1 ]; then
     log "Crowdsec OpenResty Bouncer Config copied to /data/crowdsec/crowdsec-openresty-bouncer.conf"
   fi
   # Create lualib plugin directory for crowdsec and move crowdsec lua libs into it
+  log "Creating CrowdSec lualib directories in /etc/nginx"
   mkdir -p /etc/nginx/lualib/plugins/crowdsec/
+  log "Copying CrowdSec Lua libraries to /etc/nginx/lualib/plugins/crowdsec/"
   cp -r /crowdsec/lua/lib/* /etc/nginx/lualib/
   # This initilizes crowdsec as /etc/nginx/conf.d/* is included in nginx.conf
   # Fixes -> SSL_CTX_load_verify_locations("/etc/nginx/${SSL_CERTS_PATH}") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/${SSL_CERTS_PATH}','r') error:2006D080:BIO routines:BIO_new_file:no such file error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib)
+  log "envsubst \${SSL_CERTS_PATH} (${SSL_CERTS_PATH}) in crowdsec_openresty.conf"
   SSL_CERTS_PATH=${SSL_CERTS_PATH} envsubst < /crowdsec/crowdsec_openresty.conf > /etc/nginx/conf.d/crowdsec_openresty.conf
 #  cp /crowdsec/crowdsec_openresty.conf /etc/nginx/conf.d/
   else