crowdsecurity
diff --git a/‎.env.example‎
Lines changed: 9 additions & 0 deletions b/‎.env.example‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎.gitignore‎
Lines changed: 2 additions & 1 deletion b/‎.gitignore‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎docker-compose.yml‎
Lines changed: 39 additions & 5 deletions b/‎docker-compose.yml‎
Lines changed: 39 additions & 5 deletions
diff --git a/‎docs/contribute.md‎
Lines changed: 31 additions & 16 deletions b/‎docs/contribute.md‎
Lines changed: 31 additions & 16 deletions
diff --git a/‎docs/full-guide.md‎
Lines changed: 14 additions & 5 deletions b/‎docs/full-guide.md‎
Lines changed: 14 additions & 5 deletions
diff --git a/‎docs/install-with-docker-compose.md‎
Lines changed: 22 additions & 8 deletions b/‎docs/install-with-docker-compose.md‎
Lines changed: 22 additions & 8 deletions
@@ -0,0 +1,9 @@
+CS_WORDPRESS_BOUNCER_PHP_VERSION=7.2
+WORDPRESS_VERSION=5.6
+WATCHER_LOGIN=watcherLogin
+WATCHER_PASSWORD=watcherPassword
+NETWORK_SUBNET=172.16.238.0/24
+DOCKER_HOST_IP=172.16.238.1
+BOUNCER_KEY=
+WORDPRESS_URL=
+DEBUG=1
@@ -14,4 +14,5 @@ tests/e2e/screenshots
 .bouncer-key
 .cache/
 *.log
-.vagrant
+.vagrant
+.env
@@ -4,6 +4,8 @@ services:
         build:
             context: .
             dockerfile: ./docker/php-${CS_WORDPRESS_BOUNCER_PHP_VERSION}.Dockerfile
+        networks: 
+            - wordpress_bouncer_network
         depends_on:
             - crowdsec
             - mysql
@@ -24,6 +26,8 @@ services:
         build:
             context: .
             dockerfile: ./docker/wp5.5/php-${CS_WORDPRESS_BOUNCER_PHP_VERSION}.Dockerfile
+        networks: 
+            - wordpress_bouncer_network
         depends_on:
             - crowdsec
             - mysql
@@ -44,6 +48,8 @@ services:
         build:
             context: .
             dockerfile: ./docker/wp5.4/php-${CS_WORDPRESS_BOUNCER_PHP_VERSION}.Dockerfile
+        networks: 
+            - wordpress_bouncer_network
         depends_on:
             - crowdsec
             - mysql
@@ -64,6 +70,8 @@ services:
         build:
             context: .
             dockerfile: ./docker/wp5.3/php-${CS_WORDPRESS_BOUNCER_PHP_VERSION}.Dockerfile
+        networks: 
+            - wordpress_bouncer_network
         depends_on:
             - crowdsec
             - mysql
@@ -84,6 +92,8 @@ services:
         build:
             context: .
             dockerfile: ./docker/wp5.2/php-${CS_WORDPRESS_BOUNCER_PHP_VERSION}.Dockerfile
+        networks: 
+            - wordpress_bouncer_network
         depends_on:
             - crowdsec
             - mysql
@@ -104,6 +114,8 @@ services:
         build:
             context: .
             dockerfile: ./docker/wp5.1/php-${CS_WORDPRESS_BOUNCER_PHP_VERSION}.Dockerfile
+        networks: 
+            - wordpress_bouncer_network
         depends_on:
             - crowdsec
             - mysql
@@ -124,6 +136,8 @@ services:
         build:
             context: .
             dockerfile: ./docker/wp5.0/php-${CS_WORDPRESS_BOUNCER_PHP_VERSION}.Dockerfile
+        networks: 
+            - wordpress_bouncer_network
         depends_on:
             - crowdsec
             - mysql
@@ -144,6 +158,8 @@ services:
         build:
             context: .
             dockerfile: ./docker/wp4.9/php-${CS_WORDPRESS_BOUNCER_PHP_VERSION}.Dockerfile
+        networks: 
+            - wordpress_bouncer_network
         depends_on:
             - crowdsec
             - mysql
@@ -162,34 +178,44 @@ services:
 
     crowdsec:
         image: crowdsecurity/crowdsec:latest
+        networks: 
+            - wordpress_bouncer_network
         environment:
             - DISABLE_AGENT=true
         ports:
             - "8051:8080"
     mysql:
         image: mysql:5.7
+        networks: 
+            - wordpress_bouncer_network
         environment:
             - MYSQL_ROOT_PASSWORD=super_secret_password
             - MYSQL_DATABASE=wordpress
     redis:
         image: redis:6-alpine
-        ports:
-            - "6379:6379"
+        networks: 
+            - wordpress_bouncer_network
     memcached:
         image: memcached:1-alpine
+        networks: 
+            - wordpress_bouncer_network
     wpscan:
         image: wpscanteam/wpscan
+        networks: 
+            - wordpress_bouncer_network
     e2e:
         image: mcr.microsoft.com/playwright:focal
+        networks: 
+            - wordpress_bouncer_network
         environment:
+            LAPI_URL_FROM_WP: http://crowdsec:8080
+            LAPI_URL_FROM_E2E: http://crowdsec:8080
+            NETWORK_IFACE: eth0
             WORDPRESS_VERSION: ${WORDPRESS_VERSION}
             WATCHER_LOGIN: ${WATCHER_LOGIN}
             WATCHER_PASSWORD: ${WATCHER_PASSWORD}
             BOUNCER_KEY: ${BOUNCER_KEY}
-            LAPI_URL_FROM_WP: http://crowdsec:8080
-            LAPI_URL_FROM_E2E: http://crowdsec:8080
             WORDPRESS_URL: ${WORDPRESS_URL}
-            NETWORK_IFACE: eth0
         depends_on:
             - crowdsec
             - mysql
@@ -198,3 +224,11 @@ services:
         volumes:
             - ./tests/e2e:/var/run/tests:rw
         command: tail -F anything
+
+networks:
+  wordpress_bouncer_network:
+    name: wordpress_bouncer_network
+    enable_ipv6: false
+    ipam:
+      config:
+        - subnet: ${NETWORK_SUBNET}
@@ -1,18 +1,15 @@
 # Contribute to this plugin
 
-* Before all, be sure to [get the stack installed using the docker-compose guide](install-with-docker-compose.md).
+> Before all, be sure to [get the stack installed using the docker-compose guide](install-with-docker-compose.md).
 # Play with crowdsec state
 
 ```bash
-# Get the Docker host IP from inside the crowdsec container
-export CS_WP_HOST=`docker-compose exec crowdsec /sbin/ip route|awk '/default/ { printf $3 }'`
 
 # Add captcha your own IP for 15m:
-docker-compose exec crowdsec cscli decisions add --ip ${CS_WP_HOST} --duration 15m --type captcha
+docker-compose exec crowdsec cscli decisions add --ip ${DOCKER_HOST_IP} --duration 15m --type captcha
 
 # Ban your own IP for 15 sec:
-docker-compose exec crowdsec cscli decisions add --ip ${CS_WP_HOST} --duration 15s --type ban
-
+docker-compose exec crowdsec cscli decisions add --ip ${DOCKER_HOST_IP} --duration 15s --type ban
 
 # Remove all decisions:
 docker-compose exec crowdsec cscli decisions delete --all
@@ -21,6 +18,8 @@ docker-compose exec crowdsec cscli decisions delete --all
 docker-compose logs crowdsec
 ```
 
+> Note: The `DOCKER_HOST_IP` environnment variable is initialized via `source ./load-env-vars.sh`.
+
 # WP Scan pass
 
 ```bash
@@ -50,15 +49,28 @@ docker-compose rm # destroy
 ```bash
 docker-compose down
 docker images | grep wordpress-bouncer_wordpress # to get the container id
-docker rmi 145c1ed0e4df
-CS_WORDPRESS_BOUNCER_PHP_VERSION=7.2 docker-compose up -d --build --force-recreate
+docker rmi <container-id>
+```
+
+Then, in the `.env` file, replace:
+
+```bash
+CS_WORDPRESS_BOUNCER_PHP_VERSION=7.2
 ```
 
+with :
+
+```bash
+CS_WORDPRESS_BOUNCER_PHP_VERSION=<the-new-php-version>
+```
+
+Then re-run the stack.
+
 ### Try the plugin with another WordPress version
 
-In end 2020, [more than 90% of the wordpress websites](https://wordpress.org/about/stats/) was using WordPress versions:
+In start of 2021, [more than 90% of the wordpress websites](https://wordpress.org/about/stats/) was using WordPress versions:
 
-The plugin is tested under each of these versions: `5.6`, `5.5`, `5.4`, `5.3`, `5.2`, `5.1`, `5.0`, `4.9`.
+The plugin is tested under each of these WordPress versions: `5.6`, `5.5`, `5.4`, `5.3`, `5.2`, `5.1`, `5.0`, `4.9`.
 
 ### Plugin debug mode VS production mode
 
@@ -79,9 +91,10 @@ You can test the Linux behaviour of this project using **Vagrant**.
 vagrant up
 vagrant ssh
 cd /vagrant
-sudo su
-export CS_WORDPRESS_BOUNCER_PHP_VERSION=7.2
-./tests-local.sh
+sudo usermod -aG docker $USER
+sudo systemctl restart docker
+cp .env.example .env
+./run-tests.sh
 ```
 
 To destroy the vagrant instance:
@@ -101,7 +114,7 @@ docker-compose up -d wordpress<X.X> crowdsec mysql redis memcached && docker-com
 
 # To display the captcha wall
 
-export CS_WP_HOST=`docker-compose exec crowdsec /sbin/ip route|awk '/default/ { printf $3 }'` && docker-compose exec crowdsec cscli decisions add --ip ${CS_WP_HOST} --duration 15m --type captcha
+docker-compose exec crowdsec cscli decisions add --ip ${DOCKER_HOST_IP} --duration 15m --type captcha
 
 # To delete the image in order to rebuild it
 
@@ -112,13 +125,15 @@ docker-compose down && docker rmi wordpress-bouncer_wordpress<X.X>
 docker-compose run wordpress<X.X> bash
 ```
 
+> Note: The `DOCKER_HOST_IP` environnment variable is initialized via `source ./load-env-vars.sh`.
+
 ### Display the plugin logs
 
 ```bash
 tail -f logs/debug-*
 ```
 
-#### New feature workflow
+### New feature workflow
 
 ```bash
 git checkout -b <branch-name>
@@ -134,7 +149,7 @@ gh pr create --fill
 
 > Note: after the merge, don't forget to delete to branch.
 
-#### New release workflow
+### New release workflow
 
 ```bash
 git checkout main && git pull && git co -
 
@@ -28,34 +28,43 @@ docker-compose logs -f crowdsec
 
 * As we don't want this delay, to take in account immediately the last unban, feel free to [clear the cache in the wp-admin](http://localhost:8050/wp-admin/admin.php?page=crowdsec_plugin).
 
+The `DOCKER_HOST_IP` environnment variable is initialized via a call to:
+
+```bash
+source ./load-env-vars.sh
+```
+
 * In a term, ban your own IP for 4 hours:
 
 ```bash
-# Get the Docker host IP from inside the crowdsec container
-export CS_WP_HOST=`docker-compose exec crowdsec /sbin/ip route|awk '/default/ { printf $3 }'`
 
 # Ban your own IP for 4 hours:
-docker-compose exec crowdsec cscli decisions add --ip ${CS_WP_HOST} --duration 4h --type ban
+docker-compose exec crowdsec cscli decisions add --ip ${DOCKER_HOST_IP} --duration 4h --type ban
 ```
 
 * Immediately, the [public home](http://localhost:8050/) is now locked with a short message to explain you that you were ban.
 
 ### Try "captcha" remediation
 
+
 * Now, request captcha for your own IP for 15m:
 
 ```bash
+
 # Clear all existing decisions
 docker-compose exec crowdsec cscli decisions delete --all
 
 # Add a captcha
-docker-compose exec crowdsec cscli decisions add --ip ${CS_WP_HOST} --duration 15m --type captcha
+docker-compose exec crowdsec cscli decisions add --ip ${DOCKER_HOST_IP} --duration 15m --type captcha
 ```
 
 * The [public home](http://localhost:8050/) now request you to fill a captcha.
 
 * While you fail resolving the captcha, you'll not be able to access the website.
 
+> Note: when you resolve the captcha in your browser, the associated PHP session is considered as sure.
+> If you remove the captcha decision with `cscli`, then you add a new captcha decision for your IP, you'll not be prompted no more for the current PHP session. To view the captcha page, You can force using a new PHP session opening the front page with incognito mode.
+
 ## Stream mode, for the high traffic websites
 
 With live mode, as you tried it just before, each time a user arrives to the website for the first time, a called is made to LAPI. If the traffic on your website is high, the bouncer will call LAPI very often.
@@ -78,7 +87,7 @@ docker-compose exec crowdsec cscli decisions delete --all
 * Now, if you ban your IP for 4h:
 
 ```bash
-docker-compose exec crowdsec cscli decisions add --ip ${CS_WP_HOST} --duration 4h --type ban
+docker-compose exec crowdsec cscli decisions add --ip ${DOCKER_HOST_IP} --duration 4h --type ban
 ```
 
 * In less than 30 seconds your IP will be banned and the [public home](http://localhost:8050/) will be locked.
 
@@ -2,26 +2,31 @@
 
 Follow this guide to get the development stack installed locally.
 
+> Prerequises:
+> - you should have [`docker`](https://docs.docker.com/get-docker/) installed
+> - `docker` should be [`runnable without sudo`](https://docs.docker.com/engine/install/linux-postinstall/).
+> - [`docker-compose`](https://docs.docker.com/compose/install/) installed locally.
+
 ## Install the stack for development purpose
 
-Select the PHP version you want to use (7.2, 7.3, 7.4, 8.0) :
+Before all, create a `.env` file, using:
 
 ```bash
-export CS_WORDPRESS_BOUNCER_PHP_VERSION=7.2
+cp .env.example .env
 ```
 
-## Configure WordPress and the CrowdSec Plugin
+> Note about PHP 8.0: WordPress official docker image [does not officially supports PHP 8.0](https://hub.docker.com/_/wordpress?tab=tags&page=1&ordering=last_updated) at this time. However, as the CrowdSec PHP Library does support PHP 8.0, there is a good chance that the pluggin will work fine with PHP 8.0, but we can not currently test it.
 
-Now there is two options:
+## Configure WordPress and the CrowdSec Plugin
 
-### A) Automatic comfiguration
+Now there are two options, you can fill the Wordpress installation wizard manually OR use let the e2e tests to do it for you.
 
-Install Wordpress instance and activate plugin through the e2e tests:
+### A) Automatic configuration
 
-You can do this automatically with:
+Install Wordpress instance and activate plugin launching the e2e tests (limited to the installation steps):
 
 ```bash
-SETUP_ONLY=1 DEBUG=1 ./tests-local.sh
+SETUP_ONLY=1 ./run-tests.sh
 ```
 
 ### B) Manual comfiguration
@@ -45,3 +50,12 @@ docker-compose exec crowdsec cscli bouncers add wordpress-bouncer
 The LAPI URL is:
 
 http://crowdsec:8080
+
+## Try the plugin behaviour
+
+| Info            | Value                                |
+|-----------------|--------------------------------------|
+| Public blog URL | http://localhost:8050                |
+| Blog admin URL  | http://localhost:8050/wp-admin       |
+| Admin username  | `admin`                              |
+| Pasword         | `my_very_very_secret_admin_password` |