From 2ae8d4f444539d4d02cc133a4cfb0b5d6e390b5e Mon Sep 17 00:00:00 2001
From: Stefan Schorn <kreabit@gmail.com>
Date: Wed, 4 Sep 2024 12:07:16 +0200
Subject: [PATCH 1/2] fix for rendering

---
 docker/README.md       | 23 +++++++++++++++++++++++
 docker/docker_start.sh |  3 ++-
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/docker/README.md b/docker/README.md
index 1fd00a8..3d97498 100644
--- a/docker/README.md
+++ b/docker/README.md
@@ -57,6 +57,29 @@ docker run -d -p 8080:80 \
     --name openresty crowdsecurity/crowdsec-openresty
 ```
 
+Or you can pass the whole bouncer config through the docker compose enviroment
+
+```code
+... in docker-compose.yml
+    ...
+    environment:
+        BOUNCER_CONFIG: |
+            API_KEY=${CROWDSEC_BOUNCER_OPENRESTY_APIKEY}
+            API_URL=http://crowdsec:8080
+            CAPTCHA_PROVIDER=${CROWDSEC_BOUNCER_OPENRESTY_CAPTCHA_PROVIDER}
+            SECRET_KEY=${CROWDSEC_BOUNCER_OPENRESTY_SECRET_KEY}
+            SITE_KEY=${CROWDSEC_BOUNCER_OPENRESTY_SITE_KEY}
+            FALLBACK_REMEDIATION=ban
+            MODE=stream
+            BOUNCING_ON_TYPE=all
+            CAPTCHA_TEMPLATE_PATH=/var/lib/crowdsec/lua/templates/captcha.html
+            BAN_TEMPLATE_PATH=/var/lib/crowdsec/lua/templates/ban.html
+            ALWAYS_SEND_TO_APPSEC=true
+            SSL_VERIFY=false
+            APPSEC_URL=http://crowdsec:7422
+    ...
+```
+
 ### Configuration
 
 The bouncer uses [lua_shared_dict](https://github.com/openresty/lua-nginx-module#lua_shared_dict) to share cache between all workers.
diff --git a/docker/docker_start.sh b/docker/docker_start.sh
index 097c758..ec632bc 100644
--- a/docker/docker_start.sh
+++ b/docker/docker_start.sh
@@ -1,9 +1,10 @@
 #!/bin/bash
+
 #set -x
 CROWDSEC_BOUNCER_CONFIG="/etc/crowdsec/bouncers/crowdsec-openresty-bouncer.conf"
 
 if [ "$BOUNCER_CONFIG" != "" ]; then
-    CROWDSEC_BOUNCER_CONFIG="$BOUNCER_CONFIG"
+    echo "$BOUNCER_CONFIG" > $CROWDSEC_BOUNCER_CONFIG
 fi
 if [ "$API_URL" != "" ]; then
     sed -i "s,API_URL.*,API_URL=$API_URL," "$CROWDSEC_BOUNCER_CONFIG"

From d5368efce290b5e26a57274f43e2f3d41f9c7818 Mon Sep 17 00:00:00 2001
From: Stefan Schorn <kreabit@gmail.com>
Date: Thu, 5 Sep 2024 10:41:06 +0200
Subject: [PATCH 2/2] reverted changes on BOUNCER_CONFIG and added all
 remaining missing variables

---
 docker/README.md       | 23 -----------------------
 docker/docker_start.sh | 24 ++++++++++++++++++++++--
 2 files changed, 22 insertions(+), 25 deletions(-)

diff --git a/docker/README.md b/docker/README.md
index 3d97498..1fd00a8 100644
--- a/docker/README.md
+++ b/docker/README.md
@@ -57,29 +57,6 @@ docker run -d -p 8080:80 \
     --name openresty crowdsecurity/crowdsec-openresty
 ```
 
-Or you can pass the whole bouncer config through the docker compose enviroment
-
-```code
-... in docker-compose.yml
-    ...
-    environment:
-        BOUNCER_CONFIG: |
-            API_KEY=${CROWDSEC_BOUNCER_OPENRESTY_APIKEY}
-            API_URL=http://crowdsec:8080
-            CAPTCHA_PROVIDER=${CROWDSEC_BOUNCER_OPENRESTY_CAPTCHA_PROVIDER}
-            SECRET_KEY=${CROWDSEC_BOUNCER_OPENRESTY_SECRET_KEY}
-            SITE_KEY=${CROWDSEC_BOUNCER_OPENRESTY_SITE_KEY}
-            FALLBACK_REMEDIATION=ban
-            MODE=stream
-            BOUNCING_ON_TYPE=all
-            CAPTCHA_TEMPLATE_PATH=/var/lib/crowdsec/lua/templates/captcha.html
-            BAN_TEMPLATE_PATH=/var/lib/crowdsec/lua/templates/ban.html
-            ALWAYS_SEND_TO_APPSEC=true
-            SSL_VERIFY=false
-            APPSEC_URL=http://crowdsec:7422
-    ...
-```
-
 ### Configuration
 
 The bouncer uses [lua_shared_dict](https://github.com/openresty/lua-nginx-module#lua_shared_dict) to share cache between all workers.
diff --git a/docker/docker_start.sh b/docker/docker_start.sh
index ec632bc..5e29e16 100644
--- a/docker/docker_start.sh
+++ b/docker/docker_start.sh
@@ -4,7 +4,7 @@
 CROWDSEC_BOUNCER_CONFIG="/etc/crowdsec/bouncers/crowdsec-openresty-bouncer.conf"
 
 if [ "$BOUNCER_CONFIG" != "" ]; then
-    echo "$BOUNCER_CONFIG" > $CROWDSEC_BOUNCER_CONFIG
+    CROWDSEC_BOUNCER_CONFIG="$BOUNCER_CONFIG"
 fi
 if [ "$API_URL" != "" ]; then
     sed -i "s,API_URL.*,API_URL=$API_URL," "$CROWDSEC_BOUNCER_CONFIG"
@@ -54,10 +54,30 @@ fi
 if [ "$CAPTCHA_EXPIRATION" != "" ]; then
     sed -i "s,CAPTCHA_EXPIRATION.*,CAPTCHA_EXPIRATION=$CAPTCHA_EXPIRATION," "$CROWDSEC_BOUNCER_CONFIG"
 fi
-
 if [ "$CAPTCHA_PROVIDER" != "" ]; then
     sed -i "s,CAPTCHA_PROVIDER.*,CAPTCHA_PROVIDER=$CAPTCHA_PROVIDER," "$CROWDSEC_BOUNCER_CONFIG"
 fi
+if [ "$APPSEC_URL" != "" ]; then
+    sed -i "s,APPSEC_URL.*,APPSEC_URL=$APPSEC_URL," "$CROWDSEC_BOUNCER_CONFIG"
+fi
+if [ "$APPSEC_FAILURE_ACTION" != "" ]; then
+    sed -i "s,APPSEC_FAILURE_ACTION.*,APPSEC_FAILURE_ACTION=$APPSEC_FAILURE_ACTION," "$CROWDSEC_BOUNCER_CONFIG"
+fi
+if [ "$APPSEC_CONNECT_TIMEOUT" != "" ]; then
+    sed -i "s,APPSEC_CONNECT_TIMEOUT.*,APPSEC_CONNECT_TIMEOUT=$APPSEC_CONNECT_TIMEOUT," "$CROWDSEC_BOUNCER_CONFIG"
+fi
+if [ "$APPSEC_SEND_TIMEOUT" != "" ]; then
+    sed -i "s,APPSEC_SEND_TIMEOUT.*,APPSEC_SEND_TIMEOUT=$APPSEC_SEND_TIMEOUT," "$CROWDSEC_BOUNCER_CONFIG"
+fi
+if [ "$APPSEC_PROCESS_TIMEOUT" != "" ]; then
+    sed -i "s,APPSEC_PROCESS_TIMEOUT.*,APPSEC_PROCESS_TIMEOUT=$APPSEC_PROCESS_TIMEOUT," "$CROWDSEC_BOUNCER_CONFIG"
+fi
+if [ "$ALWAYS_SEND_TO_APPSEC" != "" ]; then
+    sed -i "s,ALWAYS_SEND_TO_APPSEC.*,ALWAYS_SEND_TO_APPSEC=$ALWAYS_SEND_TO_APPSEC," "$CROWDSEC_BOUNCER_CONFIG"
+fi
+if [ "$SSL_VERIFY" != "" ]; then
+    sed -i "s,SSL_VERIFY.*,SSL_VERIFY=$SSL_VERIFY," "$CROWDSEC_BOUNCER_CONFIG"
+fi
 
 if [ "${IS_LUALIB_IMAGE,,}" != "true" ]; then
     exec /usr/local/openresty/bin/openresty -g "daemon off;"