add ipv6 docker-compose support

Author: mobula9

docker-compose.yml

@@ -5,7 +5,8 @@ services:
             context: .
             dockerfile: ./docker/php-${CS_WORDPRESS_BOUNCER_PHP_VERSION}.Dockerfile
         networks: 
-            - wordpress_bouncer_network
+            - wordpress_bouncer_network_ipv4
+            - wordpress_bouncer_network_ipv6
         depends_on:
             - crowdsec
             - mysql
@@ -18,7 +19,7 @@ services:
                 define('WP_CRON_LOCK_TIMEOUT', 1);
         # more here https://hub.docker.com/_/wordpress
         ports:
-            - "8050:80"
+            - "80:80"
         volumes:
             - .:/var/www/html/wp-content/plugins/cs-wordpress-bouncer:rw
 
@@ -27,7 +28,8 @@ services:
             context: .
             dockerfile: ./docker/wp5.5/php-${CS_WORDPRESS_BOUNCER_PHP_VERSION}.Dockerfile
         networks: 
-            - wordpress_bouncer_network
+            - wordpress_bouncer_network_ipv4
+            - wordpress_bouncer_network_ipv6
         depends_on:
             - crowdsec
             - mysql
@@ -40,7 +42,7 @@ services:
                 define('WP_CRON_LOCK_TIMEOUT', 1);
         # more here https://hub.docker.com/_/wordpress
         ports:
-            - "8050:80"
+            - "80:80"
         volumes:
             - .:/var/www/html/wp-content/plugins/cs-wordpress-bouncer:rw
 
@@ -49,7 +51,8 @@ services:
             context: .
             dockerfile: ./docker/wp5.4/php-${CS_WORDPRESS_BOUNCER_PHP_VERSION}.Dockerfile
         networks: 
-            - wordpress_bouncer_network
+            - wordpress_bouncer_network_ipv4
+            - wordpress_bouncer_network_ipv6
         depends_on:
             - crowdsec
             - mysql
@@ -62,7 +65,7 @@ services:
                 define('WP_CRON_LOCK_TIMEOUT', 1);
         # more here https://hub.docker.com/_/wordpress
         ports:
-            - "8050:80"
+            - "80:80"
         volumes:
             - .:/var/www/html/wp-content/plugins/cs-wordpress-bouncer:rw
 
@@ -71,7 +74,8 @@ services:
             context: .
             dockerfile: ./docker/wp5.3/php-${CS_WORDPRESS_BOUNCER_PHP_VERSION}.Dockerfile
         networks: 
-            - wordpress_bouncer_network
+            - wordpress_bouncer_network_ipv4
+            - wordpress_bouncer_network_ipv6
         depends_on:
             - crowdsec
             - mysql
@@ -84,7 +88,7 @@ services:
                 define('WP_CRON_LOCK_TIMEOUT', 1);
         # more here https://hub.docker.com/_/wordpress
         ports:
-            - "8050:80"
+            - "80:80"
         volumes:
             - .:/var/www/html/wp-content/plugins/cs-wordpress-bouncer:rw
 
@@ -93,7 +97,8 @@ services:
             context: .
             dockerfile: ./docker/wp5.2/php-${CS_WORDPRESS_BOUNCER_PHP_VERSION}.Dockerfile
         networks: 
-            - wordpress_bouncer_network
+            - wordpress_bouncer_network_ipv4
+            - wordpress_bouncer_network_ipv6
         depends_on:
             - crowdsec
             - mysql
@@ -106,7 +111,7 @@ services:
                 define('WP_CRON_LOCK_TIMEOUT', 1);
         # more here https://hub.docker.com/_/wordpress
         ports:
-            - "8050:80"
+            - "80:80"
         volumes:
             - .:/var/www/html/wp-content/plugins/cs-wordpress-bouncer:rw
 
@@ -115,7 +120,8 @@ services:
             context: .
             dockerfile: ./docker/wp5.1/php-${CS_WORDPRESS_BOUNCER_PHP_VERSION}.Dockerfile
         networks: 
-            - wordpress_bouncer_network
+            - wordpress_bouncer_network_ipv4
+            - wordpress_bouncer_network_ipv6
         depends_on:
             - crowdsec
             - mysql
@@ -128,7 +134,7 @@ services:
                 define('WP_CRON_LOCK_TIMEOUT', 1);
         # more here https://hub.docker.com/_/wordpress
         ports:
-            - "8050:80"
+            - "80:80"
         volumes:
             - .:/var/www/html/wp-content/plugins/cs-wordpress-bouncer:rw
 
@@ -137,7 +143,8 @@ services:
             context: .
             dockerfile: ./docker/wp5.0/php-${CS_WORDPRESS_BOUNCER_PHP_VERSION}.Dockerfile
         networks: 
-            - wordpress_bouncer_network
+            - wordpress_bouncer_network_ipv4
+            - wordpress_bouncer_network_ipv6
         depends_on:
             - crowdsec
             - mysql
@@ -150,7 +157,7 @@ services:
                 define('WP_CRON_LOCK_TIMEOUT', 1);
         # more here https://hub.docker.com/_/wordpress
         ports:
-            - "8050:80"
+            - "80:80"
         volumes:
             - .:/var/www/html/wp-content/plugins/cs-wordpress-bouncer:rw
 
@@ -159,7 +166,8 @@ services:
             context: .
             dockerfile: ./docker/wp4.9/php-${CS_WORDPRESS_BOUNCER_PHP_VERSION}.Dockerfile
         networks: 
-            - wordpress_bouncer_network
+            - wordpress_bouncer_network_ipv4
+            - wordpress_bouncer_network_ipv6
         depends_on:
             - crowdsec
             - mysql
@@ -172,41 +180,47 @@ services:
                 define('WP_CRON_LOCK_TIMEOUT', 1);
         # more here https://hub.docker.com/_/wordpress
         ports:
-            - "8050:80"
+            - "80:80"
         volumes:
             - .:/var/www/html/wp-content/plugins/cs-wordpress-bouncer:rw
 
     crowdsec:
         image: crowdsecurity/crowdsec:latest
         networks: 
-            - wordpress_bouncer_network
+            - wordpress_bouncer_network_ipv4
+            - wordpress_bouncer_network_ipv6
         environment:
             - DISABLE_AGENT=true
         ports:
             - "8051:8080"
     mysql:
         image: mysql:5.7
         networks: 
-            - wordpress_bouncer_network
+            - wordpress_bouncer_network_ipv4
+            - wordpress_bouncer_network_ipv6
         environment:
             - MYSQL_ROOT_PASSWORD=super_secret_password
             - MYSQL_DATABASE=wordpress
     redis:
         image: redis:6-alpine
         networks: 
-            - wordpress_bouncer_network
+            - wordpress_bouncer_network_ipv4
+            - wordpress_bouncer_network_ipv6
     memcached:
         image: memcached:1-alpine
         networks: 
-            - wordpress_bouncer_network
+            - wordpress_bouncer_network_ipv4
+            - wordpress_bouncer_network_ipv6
     wpscan:
         image: wpscanteam/wpscan
         networks: 
-            - wordpress_bouncer_network
+            - wordpress_bouncer_network_ipv4
+            - wordpress_bouncer_network_ipv6
     e2e:
         image: mcr.microsoft.com/playwright:focal
         networks: 
-            - wordpress_bouncer_network
+            - wordpress_bouncer_network_ipv4
+            - wordpress_bouncer_network_ipv6
         environment:
             LAPI_URL_FROM_WP: http://crowdsec:8080
             LAPI_URL_FROM_E2E: http://crowdsec:8080
@@ -226,9 +240,16 @@ services:
         command: tail -F anything
 
 networks:
-  wordpress_bouncer_network:
-    name: wordpress_bouncer_network
-    enable_ipv6: false
-    ipam:
-      config:
-        - subnet: ${NETWORK_SUBNET}
+    wordpress_bouncer_network_ipv4:
+        name: wordpress_bouncer_network_ipv4
+        enable_ipv6: false
+        ipam:
+            config:
+                -   subnet: ${NETWORK_SUBNET}
+    wordpress_bouncer_network_ipv6:
+        name: wordpress_bouncer_network
+        enable_ipv6: true
+        ipam:
+            config:
+                -   subnet: 2001:3200:3200::/64
+                    gateway: 2001:3200:3200::1

docs/full-guide.md

@@ -14,19 +14,19 @@ We will start using "live" mode. You'll understand what it is after try the stre
 docker-compose logs -f crowdsec
 ```
 
-* In wp-admin, [ensure the bouncer is configured with **live** mode](http://localhost:8050/wp-admin/admin.php?page=crowdsec_plugin) (stream mode disabled).
+* In wp-admin, [ensure the bouncer is configured with **live** mode](http://localhost/wp-admin/admin.php?page=crowdsec_plugin) (stream mode disabled).
 
 ### Discover the cache system
 
-* In a tab, visit the [public home](http://localhost:8050/). You're allowed because LAPI said your IP is clean.
+* In a tab, visit the [public home](http://localhost/). You're allowed because LAPI said your IP is clean.
 
-> To avoid latencies when the clean IP browse the website, the bouncer will keep this information in cache for 30 seconds (you can change this value in the [avdanced settings page](http://localhost:8050/wp-admin/admin.php?page=crowdsec_advanced_settings)). In other words, LAPI will not be requested to check this IP for the next 30 seconds.
+> To avoid latencies when the clean IP browse the website, the bouncer will keep this information in cache for 30 seconds (you can change this value in the [avdanced settings page](http://localhost/wp-admin/admin.php?page=crowdsec_advanced_settings)). In other words, LAPI will not be requested to check this IP for the next 30 seconds.
 
- * You can call the website as many times as you want, the cache system will take relay during the ban period and so LAPI will not be disturbed. The ban decision will stay in cache for the full ban duration. Then the [public home](http://localhost:8050/) should be available again.
+ * You can call the website as many times as you want, the cache system will take relay during the ban period and so LAPI will not be disturbed. The ban decision will stay in cache for the full ban duration. Then the [public home](http://localhost/) should be available again.
 
  ### Try ban remediation
 
-* If you want to skip this delay, feel free to [clear the cache in the wp-admin](http://localhost:8050/wp-admin/admin.php?page=crowdsec_plugin).
+* If you want to skip this delay, feel free to [clear the cache in the wp-admin](http://localhost/wp-admin/admin.php?page=crowdsec_plugin).
 
 The `DOCKER_HOST_IP` environnement variable is initialized via a call to:
 
@@ -42,7 +42,7 @@ source ./load-env-vars.sh
 docker-compose exec crowdsec cscli decisions add --ip ${DOCKER_HOST_IP} --duration 4h --type ban
 ```
 
-* Immediately, the [public home](http://localhost:8050/) is now locked with a short message to explain you that you are banned.
+* Immediately, the [public home](http://localhost/) is now locked with a short message to explain you that you are banned.
 
 ### Try "captcha" remediation
 
@@ -58,7 +58,7 @@ docker-compose exec crowdsec cscli decisions delete --all
 docker-compose exec crowdsec cscli decisions add --ip ${DOCKER_HOST_IP} --duration 15m --type captcha
 ```
 
-* The [public home](http://localhost:8050/) now request you to fill a captcha.
+* The [public home](http://localhost/) now request you to fill a captcha.
 
 * Unless you manage to solve the captcha, you'll not be able to access the website.
 
@@ -71,7 +71,7 @@ With live mode, as you tried it just before, each time a user arrives to the web
 
 To avoid this, LAPI offers a "stream" mode. The decisions list is updated at a predefined frequency and kept in cache. Let's try it!
 
-> This bouncer uses the WordPress cron system. For demo purposes, we encourage you to [install the WP-Control plugin](http://localhost:8050/wp-admin/plugin-install.php?s=wp-control&tab=search&type=term), a plugin to view and control each Wordpress Cron task jobs.
+> This bouncer uses the WordPress cron system. For demo purposes, we encourage you to [install the WP-Control plugin](http://localhost/wp-admin/plugin-install.php?s=wp-control&tab=search&type=term), a plugin to view and control each Wordpress Cron task jobs.
 
 First, clear the previous decisions:
 
@@ -80,17 +80,17 @@ First, clear the previous decisions:
 docker-compose exec crowdsec cscli decisions delete --all
 ```
 
-* Then enable "stream" mode [right here](http://localhost:8050/wp-admin/admin.php?page=crowdsec_advanced_settings) and set the resync frequency to 30 seconds. If you installed WP-Control plugin, you can see that a new cron tak has just been added here http://localhost:8050/wp-admin/tools.php?page=crontrol_admin_manage_page.
+* Then enable "stream" mode [right here](http://localhost/wp-admin/admin.php?page=crowdsec_advanced_settings) and set the resync frequency to 30 seconds. If you installed WP-Control plugin, you can see that a new cron tak has just been added here http://localhost/wp-admin/tools.php?page=crontrol_admin_manage_page.
 
-* As the whole blocklist has just been loaded in cache (0 decision!), your IP is allowed. The [public home](http://localhost:8050/) is available.
+* As the whole blocklist has just been loaded in cache (0 decision!), your IP is allowed. The [public home](http://localhost/) is available.
 
 * Now, if you ban your IP for 4h:
 
 ```bash
 docker-compose exec crowdsec cscli decisions add --ip ${DOCKER_HOST_IP} --duration 4h --type ban
 ```
 
-* In less than 30 seconds your IP will be banned and the [public home](http://localhost:8050/) will be locked.
+* In less than 30 seconds your IP will be banned and the [public home](http://localhost/) will be locked.
 
 Conclusion: with the stream mode, LAPI decisions are fetched on a regular basis rather than being called when user arrives for the first time.
 
@@ -102,13 +102,13 @@ The docker-compose file started 2 unused containers, redis and memcached.
 
 Let's try **Redis**!
 
-- Just go to the [advanced settings](http://localhost:8050/wp-admin/admin.php?page=crowdsec_advanced_settings) page
+- Just go to the [advanced settings](http://localhost/wp-admin/admin.php?page=crowdsec_advanced_settings) page
 - select the **Caching technology** named "Redis" and
 - type `redis://redis:6379` in the "Redis DSN" field.
 
 Very similar with **Memcached**!
 
-- Just go to the [advanced settings](http://localhost:8050/wp-admin/admin.php?page=crowdsec_advanced_settings) page
+- Just go to the [advanced settings](http://localhost/wp-admin/admin.php?page=crowdsec_advanced_settings) page
 - select the **Caching technology** named "Memcached" and
 - type `memcached://memcached:11211` in the "Memcached DSN" field.
 

docs/install-with-docker-compose.md

@@ -6,6 +6,8 @@ Follow this guide to get the development stack installed locally.
 > - you should have [`docker`](https://docs.docker.com/get-docker/) installed
 > - `docker` should be [`runnable without sudo`](https://docs.docker.com/engine/install/linux-postinstall/).
 > - [`docker-compose`](https://docs.docker.com/compose/install/) installed locally.
+> - IPv6 should be enable in your docker configuration. Enabled it following [this guide](https://docs.docker.com/config/daemon/ipv6/). (Note that you'll may have to create the file `/etc/docker/daemon.json`).
+> - If your develop environnment is MacOS, please refer to the [MacOS host installation guide](macos-host.md).
 
 ## Install the stack for development purpose
 
@@ -37,7 +39,7 @@ Alternatively, you can install wordpress and the plugin manually with:
 docker-compose up -d wordpress crowdsec mysql redis memcached
 ```
 
-Then visit the wordpress instance here: http://localhost:8050 and install the wordpress instance.
+Then visit the wordpress instance here: http://localhost and install the wordpress instance.
 
 Infos to setup the plugin:
 
@@ -55,7 +57,7 @@ http://crowdsec:8080
 
 | Info            | Value                                |
 |-----------------|--------------------------------------|
-| Public blog URL | http://localhost:8050                |
-| Blog admin URL  | http://localhost:8050/wp-admin       |
+| Public blog URL | http://localhost                     |
+| Blog admin URL  | http://localhost/wp-admin            |
 | Admin username  | `admin`                              |
 | Pasword         | `my_very_very_secret_admin_password` |

run-tests.sh

@@ -14,7 +14,7 @@ docker-compose exec $CONTAINER_NAME composer install --working-dir /var/www/html
 export BOUNCER_KEY=`docker-compose exec crowdsec cscli bouncers add e2e-tests -o raw`
 docker-compose exec crowdsec cscli machines add $WATCHER_LOGIN --password $WATCHER_PASSWORD
 echo "Waiting for WordPress container to initialize..."
-until $(curl --output /dev/null --silent --head --fail http://localhost:8050); do
+until $(curl --output /dev/null --silent --head --fail http://localhost); do
     printf '.'
     sleep 0.1
 done
@@ -54,7 +54,7 @@ else
     echo "DEBUG MODE ENABLED"
     cd tests/e2e && yarn && cd -
 
-    WORDPRESS_URL="http://localhost:8050"
+    WORDPRESS_URL="http://localhost"
 
     WORDPRESS_URL=${WORDPRESS_URL} \
     BROWSER_IP=$DOCKER_HOST_IP \