SSL_CERTS_PATH needs a default - small fixes

2025-08-21 16:30:24 +00:00 · 2022-10-09 15:31:27 -06:00
parent 0de3769298
commit 5ed6f3d995
6 changed files with 183 additions and 71 deletions
--- a/docker/rootfs/etc/cont-init.d/90_mmdb.sh
+++ b/docker/rootfs/etc/cont-init.d/90_mmdb.sh
@@ -8,13 +8,15 @@ log() {
 if [[ -n "${GEOLITE2_DB_GRAB}" ]]; then
  if [[ "${GEOLITE2_DB_GRAB}" == "1" ]] || [[ "${GEOLITE2_DB_GRAB}" -eq 1 ]]; then
    log "GeoLite2 DB Grab configured, installing/updating GeoLite2 Database's"
-    geo2="${GEOIP_DIR:-/geoip}/2"
+    geo2="${GEOIP_DIR:/geoip_db}/2"
    mkdir -p "$geo2/tmp"
-    GEOIP2_DB_URLS=(
-      "https://github.com/P3TERX/GeoLite.mmdb/raw/download/GeoLite2-City.mmdb"
-      "https://github.com/P3TERX/GeoLite.mmdb/raw/download/GeoLite2-Country.mmdb"
-      "https://github.com/P3TERX/GeoLite.mmdb/raw/download/GeoLite2-ASN.mmdb"
-    )
+    if [ -z "$GEOIP2_DB_URLS" ]; then
+      GEOIP2_DB_URLS=(
+        "https://github.com/P3TERX/GeoLite.mmdb/raw/download/GeoLite2-City.mmdb"
+        "https://github.com/P3TERX/GeoLite.mmdb/raw/download/GeoLite2-Country.mmdb"
+        "https://github.com/P3TERX/GeoLite.mmdb/raw/download/GeoLite2-ASN.mmdb"
+      )
+    fi
    # download new dbs and diff them, update if different
    for db in "${GEOIP2_DB_URLS[@]}"; do
      log "Downloading ${db##*/} from ${db%/*}..."
@@ -46,7 +48,7 @@ if [[ -n "${GEOLITE_DB_GRAB}" ]]; then
  if [ "${GEOLITE_DB_GRAB}" == "1" ] || [ "${GEOLITE2_DB_GRAB}" -eq 1 ]; then
    log "GeoLite LEGACY DB Grab configured, downloading GeoLite LEGACY Database's"

-    geo1="${GEOIP_DIR:-/geoip}/1"
+    geo1="${GEOIP_DIR:/geoip_db}/1"
    mkdir -p "$geo1"


--- a/docker/rootfs/etc/cont-init.d/99_crowdsec-openresty-bouncer.sh
+++ b/docker/rootfs/etc/cont-init.d/99_crowdsec-openresty-bouncer.sh
@@ -17,10 +17,13 @@ if [ "${CROWDSEC_BOUNCER}" == "1" ] || [ "${CROWDSEC_BOUNCER}" -eq 1 ]; then
    log "Crowdsec OpenResty Bouncer Config copied to /data/crowdsec/crowdsec-openresty-bouncer.conf"
  fi
  # Create lualib plugin directory for crowdsec and move crowdsec lua libs into it
+  log "Creating CrowdSec lualib directories in /etc/nginx"
  mkdir -p /etc/nginx/lualib/plugins/crowdsec/
+  log "Copying CrowdSec Lua libraries to /etc/nginx/lualib/plugins/crowdsec/"
  cp -r /crowdsec/lua/lib/* /etc/nginx/lualib/
  # This initilizes crowdsec as /etc/nginx/conf.d/* is included in nginx.conf
  # Fixes -> SSL_CTX_load_verify_locations("/etc/nginx/${SSL_CERTS_PATH}") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/${SSL_CERTS_PATH}','r') error:2006D080:BIO routines:BIO_new_file:no such file error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib)
+  log "envsubst \${SSL_CERTS_PATH} (${SSL_CERTS_PATH}) in crowdsec_openresty.conf"
  SSL_CERTS_PATH=${SSL_CERTS_PATH} envsubst < /crowdsec/crowdsec_openresty.conf > /etc/nginx/conf.d/crowdsec_openresty.conf
 #  cp /crowdsec/crowdsec_openresty.conf /etc/nginx/conf.d/
  else