centos7 install, replaced redis with hiredis for compatibility reasons

centos7-install.sh

@@ -2,14 +2,25 @@
 
 set -ex
 
-yum -y install epel-release
+cd /etc/yum.repos.d && curl https://repo.codeit.guru/codeit.el`rpm -q --qf "%{VERSION}" $(rpm -q --whatprovides redhat-release)`.repo > codeit.el7.repo
+yum -y install epel-release gcc
 yum -y update
 
-yum -y install httpd lua lua-devel luarocks lua-socket pcre-devel
+yum -y --enablerepo CodeIT install httpd
+yum -y install lua lua-devel luarocks lua-socket pcre-devel openssl-devel
 
 luarocks install redis-lua
 luarocks install lua-cjson
 luarocks install lrexlib-pcre
 luarocks install openssl --server=https://rocks.moonscript.org/dev
 
+cat > /etc/yum.repos.d/scraperwall.repo <<EOF
+[scraperwall]
+name=ScraperWall RPM repository
+baseurl=https://rpm.scraperwall.com/centos7/
+gpgcheck=1
+gpgkey=https://rpm.scraperwall.com/centos7/rpm-gpg-key-scraperwall
+enabled=1
+EOF
 
+yum -y install scw-captcha scw-apache-lua

centos7/Dockerfile

@@ -0,0 +1,13 @@
+FROM centos:7
+MAINTAINER Tobias von Dewitz <tobias@scraperwall.com>
+LABEL Vendor="ScraperWall"
+
+ADD centos7-install.sh /
+ADD run-httpd.sh /
+
+
+RUN /centos7-install.sh
+
+EXPOSE 80
+
+CMD ["/run-httpd.sh"]

centos7/build.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+docker build -t scw-centos-apache-lua:latest --rm .

centos7/centos7-install.sh

@@ -0,0 +1,31 @@
+#!/bin/sh
+
+set -ex
+
+#echo "148.251.84.120 repo.codeit.guru" >> /etc/hosts
+#cat /etc/hosts
+#ping -c 1 repo.codeit.guru
+
+cd /etc/yum.repos.d && curl https://repo.codeit.guru/codeit.el`rpm -q --qf "%{VERSION}" $(rpm -q --whatprovides redhat-release)`.repo > codeit.el7.repo
+yum -y install epel-release gcc
+yum -y update
+
+yum -y --enablerepo CodeIT install httpd
+yum -y install lua lua-devel luarocks lua-socket pcre-devel openssl-devel
+
+luarocks install redis-lua
+luarocks install lua-hiredis
+luarocks install lua-cjson
+luarocks install lrexlib-pcre
+luarocks install openssl --server=https://rocks.moonscript.org/dev
+
+cat > /etc/yum.repos.d/scraperwall.repo <<EOF
+[scraperwall]
+name=ScraperWall RPM repository
+baseurl=https://rpm.scraperwall.com/centos7/
+gpgcheck=1
+gpgkey=https://rpm.scraperwall.com/centos7/rpm-gpg-key-scraperwall
+enabled=1
+EOF
+
+yum -y install scw-captcha scw-apache-lua

centos7/docker-compose.yml

@@ -0,0 +1,43 @@
+version: '3' 
+services:
+  redis:
+    image: redis:latest
+    volumes:
+     - /docker-filesystem/httpd/redis:/data
+    restart: always
+    ports:
+      - 8002:6379
+  captcha:
+    image: registry.scw.systems/captcha:1.2.7
+    restart: always
+    environment:
+      - COOKIE_NAME=hicludes
+      - COOKIE_KEY=DydmRdMMZWcRF91mNj/CWLPzzQQi5Rew0cBP0qiBUZI=
+      - BIND=0.0.0.0
+      - REDIS_HOST=redis
+      - REDIS_PORT=6379
+      - HUMAN_TTL=10m
+      - URL_PREFIX=/captcha
+    ports:
+      - 8003:8080
+  apache:
+    image: scw-centos-apache-lua:latest
+    # entrypoint: httpd -f /etc/httpd/conf/httpd.conf -D FOREGROUND
+    depends_on:
+      - redis
+    environment:
+      - SCW_IGNORE=(^/(captcha|assets).*|\.(png|jpe?g|svg|gif|js|css)$$)
+      - SCW_KEY=DydmRdMMZWcRF91mNj/CWLPzzQQi5Rew0cBP0qiBUZI=
+      - SCW_COOKIE=hicludes
+      - SCW_CAPTCHA_URL_ORIG=http://docker.scw.systems:8003/?src=%s&r=%s
+      - SCW_CAPTCHA_URL=http://docker.scw.systems:8001/captcha?src=%s&r=%s
+      - SCW_REDIS_HOST=redis
+      - SCW_REDIS_PORT=6379
+      - SCW_TEST=yes
+    volumes:
+      - ../lua/scw.lua:/usr/local/httpd/lua/scw.lua
+      - ../centos7-httpd-lua.conf:/etc/httpd/conf.d/scw-apache-lua.conf
+      - ./httpd.conf:/etc/httpd/conf/httpd.conf
+    ports:
+      - 8001:80
+    restart: always

centos7/httpd.conf

@@ -0,0 +1,43 @@
+ServerRoot "/etc/httpd"
+Listen 80
+Include conf.modules.d/*.conf
+User apache
+Group apache
+ServerAdmin root@localhost
+ErrorLog /dev/stderr
+TransferLog /dev/stdout
+<Directory />
+    AllowOverride none
+    Require all denied
+</Directory>
+DocumentRoot "/var/www/html"
+<Directory "/var/www">
+    AllowOverride None
+    Require all granted
+</Directory>
+<Directory "/var/www/html">
+    Options Indexes FollowSymLinks
+    AllowOverride None
+    Require all granted
+</Directory>
+<IfModule dir_module>
+    DirectoryIndex index.html
+</IfModule>
+<Files ".ht*">
+    Require all denied
+</Files>
+LogLevel info
+<IfModule mime_module>
+    TypesConfig /etc/mime.types
+    AddType application/x-compress .Z
+    AddType application/x-gzip .gz .tgz
+    AddType text/html .shtml
+    AddOutputFilter INCLUDES .shtml
+</IfModule>
+AddDefaultCharset UTF-8
+<IfModule mime_magic_module>
+    MIMEMagicFile conf/magic
+</IfModule>
+EnableSendfile on
+IncludeOptional conf.d/*.conf
+

centos7/run-httpd.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+rm -rf /run/httpd/* /tmp/httpd*
+exec /usr/sbin/apachectl -DFOREGROUND

lua/scw.lua

@@ -1,8 +1,10 @@
 require "apache2"
-local redis = require "redis"
+-- local redis = require "redis"
+local hiredis = require "hiredis"
 local regex = require "rex_pcre"
 local mime = require "mime"
 local cipher = require "openssl".cipher
+local pretty = require 'pl.pretty'
 
 
 -- --------------------------------------------------------------------------
@@ -38,8 +40,7 @@ function scw(r)
     r:err("SCW_IGNORE is not set!")
   end
 
-
-	uri = string.match(r.the_request, "^%w+%s+(.+)%s+HTTP")
+	local uri = string.match(r.the_request, "^%w+%s+(.+)%s+HTTP")
   if ignore ~= nil and regex.match(uri, ignore) then
     return apache2.DECLINED
   end
@@ -52,6 +53,7 @@ function scw(r)
     r:err("SCW_COOKIE is not set!")
   end
 
+
   local cookie_key = r:base64_decode(os.getenv("SCW_KEY"))
   if cookie_key == nil or cookie_key == "" then
     r:err("SCW_KEY is not set!")
@@ -60,12 +62,12 @@ function scw(r)
   local xff = tostring(r.headers_in["X-Forwarded-For"])
   local rip = tostring(r.headers_in["X-Real-IP"])
 
-
   if human_cookie then
     human_cookie = r:base64_decode(r:unescape(human_cookie))
   end
   local is_human = false
 
+
   if human_cookie ~= nil and cookie_key:len() == 32 then
     local cookie_data = _decrypt(human_cookie, cookie_key)
 
@@ -84,7 +86,20 @@ function scw(r)
   -- --------------------------------------------------------------------------
   -- check for blacklist status
   --
-  if pcall(function() redis_conn:ping() end) then
+  
+	
+  local sucess = false
+	local err = ""
+  
+  if redis_conn ~= nil then
+    success, err = pcall(function() redis_conn:command("PING") end)
+    if redis_conn == nil then
+      r:info("redis_conn turned nil after ping")
+    end
+  end
+
+  if success then
+    r:info("redis ping was successful")
     has_redis = true
   else
     -- io.stderr:write("reconnecting to redis\n")
@@ -96,7 +111,10 @@ function scw(r)
     if redis_port == nil or redis_port == "" then
       r:err("SCW_REDIS_PORT is not set!")
     end
-    if pcall(function() redis_conn = redis.connect(redis_host, redis_port) end) then
+    r:info(string.format("connecting to redis %s:%s", redis_host, redis_port))
+    success, err = pcall(function() redis_conn = hiredis.connect(redis_host, redis_port) end)
+    if success then
+      r:info("created redis connection to " .. redis_host .. ":" .. redis_port)
       has_redis = true
     end
   end
@@ -108,19 +126,25 @@ function scw(r)
 
   if has_redis and captcha_url ~= "" then
     -- the client ip
-    local v = redis_conn:get("bl:" .. r.useragent_ip)
+    if redis_conn == nil then
+      r:info("redis is suddenly nil!")
+    end
+    local v = redis_conn:command("GET", "bl:" .. r.useragent_ip)
 
+    -- if v == nil then
+    --   r:info("v is nil!")
+    -- end
     -- the X-Forwarded-For IP
-    if v == nil then
-      v = redis_conn:get("bl:" .. xff)
+    if v == nil and xff ~= "" then
+      v = redis_conn:command("GET", "bl:" .. xff)
     end
 
     -- the X-Real-IP IP
-    if v == nil then
-      v = redis_conn:get("bl:" .. rip)
+    if v == nil and rip ~= "" then
+      v = redis_conn:command("GET", "bl:" .. rip)
     end
 
-    if v ~= nil then -- and h == nil then
+    if tostring(v) ~= "" and tostring(v) ~= "NIL" then -- and h == nil then
       local rprotocol = "http"
       if r.is_https then
         rprotocol = "https"