search

crowdsecurity / cs-nginx-bouncer

CrowdSec bouncer for Nginx
MIT License
50 stars 9 forks source link

Debian 11 (bullseye) - crowdsec-nginx-bouncer (0.0.7) - missing envsubst #16

Closed erdoukki closed 3 years ago

erdoukki commented 3 years ago

sudo apt install crowdsec-nginx-bouncer

...
Setting up crowdsec-nginx-bouncer (0.0.7) ...
cscli is /usr/bin/cscli
cscli/crowdsec is present, generating API key
API Key : f8f59946a13b3a6f0f69f41e9a5289ef
/var/lib/dpkg/info/crowdsec-nginx-bouncer.postinst: 26: envsubst: not found
Restart nginx to enable the crowdsec bouncer : systemctl restart nginx
...

Some verifications:

admin@myREVERSE:~$ cat /etc/crowdsec/bouncers/crowdsec-nginx-bouncer.conf

envsubst is missing from Debian !

Some possible workarounds and/or resolutions:

  1. gettext-base dependencie 
    admin@myREVERSE:~$ sudo apt install gettext-base
admin@myREVERSE:~$ envsubst --version
envsubst (GNU gettext-runtime) 0.21
Copyright (C) 2003-2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Written by Bruno Haible.

  1. envsubst in go https://github.com/a8m/envsubst It is the planned solution for OpenWrt... PR porposed https://github.com/openwrt/packages/pull/16664

  2. replace envsubst with sed patterns It is the actual workaround used in Crowdsec PR for OpenWrt

    ## Gen&ConfigApiKey
SUFFIX=`tr -dc A-Za-z0-9 </dev/urandom | head -c 8`
API_KEY=`/usr/bin/cscli bouncers add cs-firewall-bouncer-${SUFFIX} -o raw`
sed -i "s,^\(\s*api_key\s*:\s*\).*\$,\1$API_KEY," $CONFIG

    and

    sed -i "s,^\(\s*mode\s*:\s*\).*\$,\1$BACKEND," $VARCONFIG

    from : https://github.com/openwrt/packages/pull/16244/files

erdoukki commented 3 years ago

For (more) information: sudo dpkg-reconfigure crowdsec-nginx-bouncer do not help to fix sudo apt install crowdsec-nginx-bouncer --reinstall do not help to fix

sudo apt purge crowdsec-nginx-bouncer
sudo apt install crowdsec-nginx-bouncer

fixed the installation (with envsubst added manually by sudo apt install gettext-base)

admin@myREVERSE:~$ cat /etc/crowdsec/bouncers/crowdsec-nginx-bouncer.conf 
API_URL=http://127.0.0.1:8080
API_KEY= 2aa9ca638b5eeec97cff173c42a9cb8b
LOG_FILE=/var/log/crowdsec_lua_bouncer.log
LOG_LEVEL=INFO
CACHE_EXPIRATION=1
CACHE_SIZE=1000
buixor commented 3 years ago

Hello @erdoukki !

Seen the issue, nice spotting. Adding it to the deps right now :+1: