Hello,
yunohost -v
yunohost:
repo: stable
version: 11.0.10.2
yunohost-admin:
repo: stable
version: 11.0.11
moulinette:
repo: stable
version: 11.0.9
ssowat:
repo: stable
version: 11.0.9
I recently installed crowsec (crowdsec.net) it offers bouncers and blocker for various applications basically crowd sourced intelligence.
when I installed it necessary modules for nginx I ran into following issue as nginx fails to restart/start stating error:
nginx -t
nginx: [emerg] "init_by_lua_file" directive is duplicate in /etc/nginx/conf.d/ssowat.conf:2
nginx: configuration file /etc/nginx/nginx.conf test failed
if I comment out #2 from /etc/nginx/conf.d/ssowat.conf
then crowsec works but nginx showing error 500.
lua_shared_dict cache 10m;
init_by_lua_file /usr/share/ssowat/init.lua;
server_names_hash_bucket_size 128;
post installing apt install nginx lua5.1 libnginx-mod-http-lua luarocks gettext-base lua-cjson && apt install crowdsec-nginx-bouncer
/etc/nginx/conf.d/crowdsec_nginx.conf
looks like follows
lua_package_path '/usr/lib/crowdsec/lua/?.lua;;';
lua_shared_dict crowdsec_cache 50m;
lua_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
init_by_lua_block {
cs = require "crowdsec"
local ok, err = cs.init("/etc/crowdsec/bouncers/crowdsec-nginx-bouncer.conf", "crowdsec-nginx-bouncer/v1.0.4")
if ok == nil then
ngx.log(ngx.ERR, "[Crowdsec] " .. err)
error()
end
ngx.log(ngx.ALERT, "[Crowdsec] Initialisation done")
}
access_by_lua_block {
local cs = require "crowdsec"
cs.Allow(ngx.var.remote_addr)
}
This bouncer leverages nginx lua’s API, namely access_by_lua_block to check e IP address against the local API.
more info on nginx bouncer: Nginx Bouncer | CrowdSec
is there way to make both modules co-exists and load without causing issue? or I drop idea of using crowdsec as it clearly conflicts with existing Yunohost setup? seeking guidance…
Thank you!