Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Kris997

Pages1
#1
Tutorials and FAQs / Re: How-To crowdsec protecting haproxy
February 07, 2025, 11:03:05 AM
If captcha fails to verify (you can see it in the log file / Services -> Haproxy -> Log file), you need to add this code inside Haproxy -> Settings -> Global parameters (Advanced Mode) :

Code Select
httpclient.ssl.verify none
#2
Tutorials and FAQs / Re: How-To crowdsec protecting haproxy
February 07, 2025, 10:29:24 AM
If you need the Crowdsec Haproxy Bouncer install script for Opnsense, here is the updated script :

Install.sh (change the location of the files as you wish)
Code Select
#!/bin/sh

LUA_MOD_DIR="./lua-mod"
LIB_PATH="/usr/lib/crowdsec/lua/haproxy/"
CONFIG_PATH="/etc/crowdsec/bouncers/"
DATA_PATH="/var/lib/crowdsec/lua/haproxy/"
SILENT="false"

usage() {
    echo "Usage:"
    echo "    ./install.sh -h                 Display this help message."
    echo "    ./install.sh                    Install the bouncer in interactive mode"
    echo "    ./install.sh -y                 Install the bouncer and accept everything"
    exit 0 
}

# Accept cmdline arguments to overwrite options.
while [ "$#" -gt 0 ]
do
    case "$1" in
        -y|--yes)
            SILENT="true"
            shift
        ;;
        -h|--help)
            usage
        ;;
    esac
    shift
done

gen_apikey() {
    if command -v cscli >/dev/null 2>&1; then
        SUFFIX=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 8)
        API_KEY=$(sudo cscli bouncers add crowdsec-haproxy-bouncer-"${SUFFIX}" -o raw)
        echo "Bouncer registered to the CrowdSec Local API."
    else
        echo "cscli is not present, unable to register the bouncer to the CrowdSec Local API."
    fi
    mkdir -p "${CONFIG_PATH}"
    API_KEY=${API_KEY} envsubst < "${LUA_MOD_DIR}/crowdsec-haproxy-bouncer.conf" | sudo tee -a "${CONFIG_PATH}crowdsec-haproxy-bouncer.conf" >/dev/null
}

install() {
    sudo mkdir -p "${LIB_PATH}/plugins/crowdsec/"
    sudo mkdir -p "${DATA_PATH}/templates/"

    sudo cp -r "${LUA_MOD_DIR}/lib/"* "${LIB_PATH}/"
    sudo cp -r "${LUA_MOD_DIR}/templates/"* "${DATA_PATH}/templates/"
    sudo cp "${LUA_MOD_DIR}/community_blocklist.map" "${DATA_PATH}"
}

gen_apikey
install

echo "crowdsec-haproxy-bouncer installed successfully"

Uninstall.sh
Code Select
#!/bin/sh

LIB_PATH="/usr/local/lua/crowdsec/haproxy/"
DATA_PATH="/var/lib/crowdsec/lua/haproxy/"
SILENT="false"

usage() {
    echo "Usage:"
    echo "    ./uninstall.sh -h                 Display this help message."
    echo "    ./uninstall.sh                    Uninstall the bouncer in interactive mode"
    echo "    ./uninstall.sh -y                 Uninstall the bouncer and accept everything"
    exit 0 
}

# Accept cmdline arguments to overwrite options.
while [ "$#" -gt 0 ]
do
    case "$1" in
        -y|--yes)
            SILENT="true"
            shift
        ;;
        -h|--help)
            usage
        ;;
    esac
    shift
done

uninstall() {
    echo "Removing files..."
    rm -rf "${DATA_PATH}"
    rm -rf "${LIB_PATH}"
    echo "crowdsec-haproxy-bouncer uninstalled successfully."
}

# Ensure the script is run as root
if [ "$(id -u)" -ne 0 ]; then
    echo "Error: Please run the uninstall script as root or with sudo."
    exit 1
fi

uninstall
Pages1