From d4d9fad9b3a9e184f99b0fa0f75477d93de7e36b Mon Sep 17 00:00:00 2001 From: Zoey Date: Sun, 11 Feb 2024 12:12:35 +0100 Subject: [PATCH] disable appsec by default because of https://github.com/crowdsecurity/lua-cs-bouncer/issues/63 --- Dockerfile | 7 ++++--- README.md | 5 +++-- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index ae8e388f..2eff8305 100644 --- a/Dockerfile +++ b/Dockerfile @@ -48,10 +48,11 @@ RUN apk add --no-cache ca-certificates git build-base && \ sed -i "s|API_URL=.*|API_URL=http://127.0.0.1:8080|g" /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf && \ sed -i "s|BAN_TEMPLATE_PATH=.*|BAN_TEMPLATE_PATH=/data/etc/crowdsec/ban.html|g" /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf && \ sed -i "s|CAPTCHA_TEMPLATE_PATH=.*|CAPTCHA_TEMPLATE_PATH=/data/etc/crowdsec/captcha.html|g" /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf && \ - echo "APPSEC_URL=http://127.0.0.1:7422" | tee -a /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf && \ - echo "APPSEC_FAILURE_ACTION=deny" | tee -a /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf + echo "#APPSEC_URL=http://127.0.0.1:7422 # see https://github.com/crowdsecurity/lua-cs-bouncer/issues/63" | tee -a /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf && \ + echo "#APPSEC_FAILURE_ACTION=deny # see https://github.com/crowdsecurity/lua-cs-bouncer/issues/63" | tee -a /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf && \ + sed -i "s|BOUNCING_ON_TYPE=all|BOUNCING_ON_TYPE=ban|g" /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf -FROM zoeyvid/nginx-quic:256 +FROM zoeyvid/nginx-quic:257 SHELL ["/bin/ash", "-eo", "pipefail", "-c"] ARG CRS_VER=v4.0/dev diff --git a/README.md b/README.md index 4c380019..9cd84d93 100644 --- a/README.md +++ b/README.md @@ -106,7 +106,7 @@ so that the barrier for entry here is low. 1. Install crowdsec using this compose file: https://github.com/ZoeyVid/NPMplus/blob/develop/compose.crowdsec.yaml 2. open `/opt/crowdsec/conf/acquis.d/appsec.yaml` and fill it with: ```yaml -listen_addr: 127.0.0.1:7422 +listen_addr: 0.0.0.0:7422 appsec_config: crowdsecurity/virtual-patching name: myAppSecComponent source: appsec @@ -138,7 +138,8 @@ labels: 7. set `ENABLED` to `true` 8. use the output of step 5 as `API_KEY` 9. save the file -10. restart the npm +10. set LOGROTATE to `true` in your `compose.yaml +11. redeploy the `compose.yaml` # Use as webserver