|
1 | 1 |
|
2 | 2 | systemctl daemon-reload |
3 | 3 |
|
4 | | - |
5 | | -START=0 |
6 | | - |
7 | 4 | luarocks install lua-resty-http |
8 | 5 | luarocks install lua-cjson |
9 | 6 |
|
| 7 | +API_KEY_REQUIRED=true |
| 8 | +BOUNCER_CONFIG_PATH="/etc/crowdsec/bouncers/crowdsec-nginx-bouncer.conf" |
| 9 | +API_KEY="<API_KEY>" |
| 10 | +CROWDSEC_LAPI_URL="<LAPI_URL>" |
10 | 11 | LAPI_DEFAULT_PORT="8080" |
11 | 12 |
|
12 | 13 | if [ "$1" = "configure" ]; then |
13 | 14 |
|
14 | | - type cscli > /dev/null |
| 15 | + type cscli |
15 | 16 |
|
16 | 17 | if [ "$?" -eq "0" ] ; then |
17 | | - START=1 |
18 | | - echo "cscli/crowdsec is present, generating API key" |
19 | | - unique=`date +%s` |
20 | | - API_KEY=`cscli -oraw bouncers add nginx-${unique}` |
21 | | - PORT=$(cscli config show --key "Config.API.Server.ListenURI"|cut -d ":" -f2) |
22 | | - if [ ! -z "$PORT" ]; then |
23 | | - LAPI_DEFAULT_PORT=${PORT} |
| 18 | + # Check if it's an upgrade |
| 19 | + if [ "$2" != "" ] ; then |
| 20 | + echo "Upgrading, check if there is bouncer configuration" |
| 21 | + if [ -f "${BOUNCER_CONFIG_PATH}" ] ; then |
| 22 | + API_KEY_REQUIRED=false |
| 23 | + fi |
24 | 24 | fi |
25 | | - CROWDSEC_LAPI_URL="http://127.0.0.1:${LAPI_DEFAULT_PORT}" |
26 | | - if [ $? -eq 1 ] ; then |
27 | | - echo "failed to create API token, service won't be started." |
28 | | - START=0 |
29 | | - API_KEY="<API_KEY>" |
30 | | - else |
31 | | - echo "API Key : ${API_KEY}" |
| 25 | + API=$(cscli config show --key "Config.API.Server") |
| 26 | + if [ "$API" = "nil" ] || [ "$API" = "<nil>" ] ; then |
| 27 | + API_KEY_REQUIRED=false |
| 28 | + fi |
| 29 | + if [ ${API_KEY_REQUIRED} = true ] ; then |
| 30 | + echo "cscli/crowdsec is present, generating API key" |
| 31 | + unique=$(date +%s) |
| 32 | + API_KEY=$(cscli -oraw bouncers add crowdsec-nginx-bouncer-"${unique}") |
| 33 | + PORT=$(cscli config show --key "Config.API.Server.ListenURI"|cut -d ":" -f2) |
| 34 | + if [ ! -z "$PORT" ]; then |
| 35 | + LAPI_DEFAULT_PORT=${PORT} |
| 36 | + fi |
| 37 | + CROWDSEC_LAPI_URL="http://127.0.0.1:${LAPI_DEFAULT_PORT}" |
| 38 | + if [ $? -eq 1 ] ; then |
| 39 | + echo "failed to create API key." |
| 40 | + API_KEY_REQUIRED=true |
| 41 | + API_KEY="<API_KEY>" |
| 42 | + else |
| 43 | + echo "API Key : ${API_KEY}" |
| 44 | + TMP=$(mktemp -p /tmp/) |
| 45 | + cp ${BOUNCER_CONFIG_PATH} "${TMP}" |
| 46 | + API_KEY="${API_KEY}" CROWDSEC_LAPI_URL="${CROWDSEC_LAPI_URL}" envsubst '$API_KEY $CROWDSEC_LAPI_URL' < "${TMP}" > ${BOUNCER_CONFIG_PATH} |
| 47 | + rm "${TMP}" |
| 48 | + fi |
32 | 49 | fi |
33 | | - |
34 | | - TMP=`mktemp -p /tmp/` |
35 | | - cp /etc/crowdsec/bouncers/crowdsec-nginx-bouncer.conf ${TMP} |
36 | | - API_KEY=${API_KEY} CROWDSEC_LAPI_URL=${CROWDSEC_LAPI_URL} envsubst < ${TMP} > /etc/crowdsec/bouncers/crowdsec-nginx-bouncer.conf |
37 | | - rm ${TMP} |
38 | 50 | fi |
39 | 51 |
|
40 | 52 | mkdir -p /etc/nginx/conf.d/ |
41 | 53 | cp /usr/share/crowdsec-nginx-bouncer/crowdsec_nginx.conf /etc/nginx/conf.d/crowdsec_nginx.conf |
42 | 54 |
|
43 | 55 | else |
44 | | - START=1 |
| 56 | + API_KEY_REQUIRED=false |
45 | 57 | fi |
46 | 58 |
|
47 | | - |
48 | | -if [ ${START} -eq 0 ] ; then |
49 | | - echo "no api key was generated" |
| 59 | +if [ ${API_KEY_REQUIRED} = true ] ; then |
| 60 | + echo "Can't generate an API key for the bouncer. Please do it manually" |
50 | 61 | fi |
51 | 62 |
|
52 | 63 | echo "Restart nginx to enable the crowdsec bouncer : sudo systemctl restart nginx" |
|
0 commit comments